rpms/libguestfs
6
0
Fork 0
Code Issues Pull Requests Releases Activity

import OL

Browse Source
This commit is contained in:
eabdullin 2025-03-19 14:41:39 +03:00
parent b04534a005
commit 5abb5cbc03
63 changed files with 5109 additions and 2398 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -1,2 +1,3 @@
SOURCES/libguestfs-1.48.4.tar.gz SOURCES/libguestfs-1.50.2.tar.gz
SOURCES/libguestfs.keyring SOURCES/libguestfs.keyring
SOURCES/libguestfs-common-1.50.2.tar.gz

3
.libguestfs.metadata
View File

@ -1,2 +1,3 @@
a8754a62256ac488eec3e18bed20f570f785d069 SOURCES/libguestfs-1.48.4.tar.gz 9a4fcb78ca452e1cf04f0b541d938ab1b07019a6 SOURCES/libguestfs-1.50.2.tar.gz
1bbc40f501a7fef9eef2a39b701a71aee2fea7c4 SOURCES/libguestfs.keyring 1bbc40f501a7fef9eef2a39b701a71aee2fea7c4 SOURCES/libguestfs.keyring
f801826d11e360a906bae5980495ac5425d709ae SOURCES/libguestfs-common-1.50.2.tar.gz

96
SOURCES/0001-New-API-guestfs_device_name-returning-the-drive-name.patch
View File

@ -1,96 +0,0 @@
From e3ebd50abde3b05db86c8965868c866152cd3287 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 28 Apr 2022 13:16:54 +0100
Subject: [PATCH] New API: guestfs_device_name returning the drive name
For each drive added, return the name. For example calling this with
index 0 will return the string "/dev/sda". I called it
guestfs_device_name (not drive_name) for consistency with the existing
guestfs_device_index function.
You don't really need to call this function. You can follow the
advice here:
https://libguestfs.org/guestfs.3.html#block-device-naming
and assume that drives are added with predictable names like
"/dev/sda", "/dev/sdb", etc.
However it's useful to expose the internal guestfs_int_drive_name
function since especially handling names beyond index 26 is tricky
(https://rwmj.wordpress.com/2011/01/09/how-are-linux-drives-named-beyond-drive-26-devsdz/)
Fixes: https://github.com/libguestfs/libguestfs/issues/80
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit ac00e603f83802634f1d53b1629aee4670eaf31c)
---
generator/actions_core.ml | 24 +++++++++++++++++++++++-
lib/drives.c | 15 +++++++++++++++
2 files changed, 38 insertions(+), 1 deletion(-)
diff --git a/generator/actions_core.ml b/generator/actions_core.ml
index ce9ee39cc..dc12fdc33 100644
--- a/generator/actions_core.ml
+++ b/generator/actions_core.ml
@@ -737,7 +737,29 @@ returns the index of the device in the list of devices.
Index numbers start from 0. The named device must exist,
for example as a string returned from C<guestfs_list_devices>.
-See also C<guestfs_list_devices>, C<guestfs_part_to_dev>." };
+See also C<guestfs_list_devices>, C<guestfs_part_to_dev>,
+C<guestfs_device_name>." };
+
+ { defaults with
+ name = "device_name"; added = (1, 49, 1);
+ style = RString (RPlainString, "name"), [Int "index"], [];
+ tests = [
+ InitEmpty, Always, TestResult (
+ [["device_name"; "0"]], "STREQ (ret, \"/dev/sda\")"), [];
+ InitEmpty, Always, TestResult (
+ [["device_name"; "1"]], "STREQ (ret, \"/dev/sdb\")"), [];
+ InitEmpty, Always, TestLastFail (
+ [["device_name"; "99"]]), []
+ ];
+ shortdesc = "convert device index to name";
+ longdesc = "\
+This function takes a device index and returns the device
+name. For example index C<0> will return the string C</dev/sda>.
+
+The drive index must have been added to the handle.
+
+See also C<guestfs_list_devices>, C<guestfs_part_to_dev>,
+C<guestfs_device_index>." };
{ defaults with
name = "shutdown"; added = (1, 19, 16);
diff --git a/lib/drives.c b/lib/drives.c
index fd95308d2..a6179fc36 100644
--- a/lib/drives.c
+++ b/lib/drives.c
@@ -31,6 +31,7 @@
#include <netdb.h>
#include <arpa/inet.h>
#include <assert.h>
+#include <errno.h>
#include <libintl.h>
#include "c-ctype.h"
@@ -1084,3 +1085,17 @@ guestfs_impl_device_index (guestfs_h *g, const char *device)
error (g, _("%s: device not found"), device);
return r;
}
+
+char *
+guestfs_impl_device_name (guestfs_h *g, int index)
+{
+ char drive_name[64];
+
+ if (index < 0 || index >= g->nr_drives) {
+ guestfs_int_error_errno (g, EINVAL, _("drive index out of range"));
+ return NULL;
+ }
+
+ guestfs_int_drive_name (index, drive_name);
+ return safe_asprintf (g, "/dev/sd%s", drive_name);
+}
--
2.31.1

63
SOURCES/0001-daemon-selinux-relabel-don-t-exclude-selinux-if-it-s.patch Normal file
View File

@ -0,0 +1,63 @@
From d2e6dce96a9f197b688758f90481407e75ae11d2 Mon Sep 17 00:00:00 2001
From: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
Date: Wed, 26 Apr 2023 15:59:44 +0300
Subject: [PATCH] daemon/selinux-relabel: don't exclude "/selinux" if it's
non-existent
Since RHBZ#726528, filesystem.rpm doesn't include /selinux. setfiles
then gives us the warning: "Can't stat exclude path "/sysroot/selinux",
No such file or directory - ignoring."
Though the warning is harmless, let's get rid of it by checking the
existence of /selinux directory.
Signed-off-by: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 9ced5fac8c1f0f8ff7ed2b5671c1c7f5f0bfa875)
---
daemon/selinux-relabel.c | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/daemon/selinux-relabel.c b/daemon/selinux-relabel.c
index 976cffe3..454486c1 100644
--- a/daemon/selinux-relabel.c
+++ b/daemon/selinux-relabel.c
@@ -21,6 +21,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <sys/stat.h>
#include "guestfs_protocol.h"
#include "daemon.h"
@@ -37,6 +38,17 @@ optgroup_selinuxrelabel_available (void)
return prog_exists ("setfiles");
}
+static int
+dir_exists (const char *dir)
+{
+ struct stat statbuf;
+
+ if (stat (dir, &statbuf) == 0 && S_ISDIR (statbuf.st_mode))
+ return 1;
+ else
+ return 0;
+}
+
static int
setfiles_has_option (int *flag, char opt_char)
{
@@ -99,8 +111,10 @@ do_selinux_relabel (const char *specfile, const char *path,
*/
ADD_ARG (argv, i, "-e"); ADD_ARG (argv, i, s_dev);
ADD_ARG (argv, i, "-e"); ADD_ARG (argv, i, s_proc);
- ADD_ARG (argv, i, "-e"); ADD_ARG (argv, i, s_selinux);
ADD_ARG (argv, i, "-e"); ADD_ARG (argv, i, s_sys);
+ if (dir_exists (s_selinux)) {
+ ADD_ARG (argv, i, "-e"); ADD_ARG (argv, i, s_selinux);
+ }
/* You have to use the -m option (where available) otherwise
* setfiles puts all the mountpoints on the excludes list for no

33
SOURCES/0002-daemon-selinux-relabel-search-for-invalid-option-in-.patch Normal file
View File

@ -0,0 +1,33 @@
From 917455b15894c6c82bd657e918ceb09cd825c9c4 Mon Sep 17 00:00:00 2001
From: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
Date: Wed, 26 Apr 2023 15:59:45 +0300
Subject: [PATCH] daemon/selinux-relabel: search for "invalid option" in
setfiles output
'X' in the setiles' stderr doesn't necessarily mean that option 'X'
doesn't exist. For instance, when passing '-T' we get: "setfiles:
option requires an argument -- 'T'".
Signed-off-by: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 152d6e4bdf2dac88856a4ff83cf73451f897d4d4)
---
daemon/selinux-relabel.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/daemon/selinux-relabel.c b/daemon/selinux-relabel.c
index 454486c1..60a6f48a 100644
--- a/daemon/selinux-relabel.c
+++ b/daemon/selinux-relabel.c
@@ -56,8 +56,9 @@ setfiles_has_option (int *flag, char opt_char)
if (*flag == -1) {
char option[] = { '-', opt_char, '\0' }; /* "-X" */
- char err_opt[] = { '\'', opt_char, '\'', '\0'}; /* "'X'" */
+ char err_opt[32]; /* "invalid option -- 'X'" */
+ snprintf(err_opt, sizeof(err_opt), "invalid option -- '%c'", opt_char);
ignore_value (command (NULL, &err, "setfiles", option, NULL));
*flag = err && strstr (err, /* "invalid option -- " */ err_opt) == NULL;
}

565
SOURCES/0002-guestfs_readdir-rewrite-with-FileOut-transfer-to-lif.patch
View File

@ -1,565 +0,0 @@
From b97b90779d5ea261d5e737f073bb4ec5dc546511 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Mon, 2 May 2022 10:56:00 +0200
Subject: [PATCH] guestfs_readdir(): rewrite with FileOut transfer, to lift
protocol limit
Currently the guestfs_readdir() API can not list long directories, due to
it sending back the whole directory listing in a single guestfs protocol
response, which is limited to GUESTFS_MESSAGE_MAX (approx. 4MB) in size.
Introduce the "internal_readdir" action, for transferring the directory
listing from the daemon to the library through a FileOut parameter.
Rewrite guestfs_readdir() on top of this new internal function:
- The new "internal_readdir" action is a daemon action. Do not repurpose
the "readdir" proc_nr (138) for "internal_readdir", as some distros ship
the binary appliance to their users, and reusing the proc_nr could
create a mismatch between library & appliance with obscure symptoms.
Replace the old proc_nr (138) with a new proc_nr (511) instead; a
mismatch would then produce a clear error message. Assume the new action
will first be released in libguestfs-1.48.2.
- Turn "readdir" from a daemon action into a non-daemon one. Call the
daemon action guestfs_internal_readdir() manually, receive the FileOut
parameter into a temp file, then deserialize the dirents array from the
temp file.
This patch sneakily fixes an independent bug, too. In the pre-patch
do_readdir() function [daemon/readdir.c], when readdir() returns NULL, we
don't distinguish "end of directory stream" from "readdir() failed". This
rewrite fixes this problem -- I didn't see much value separating out the
fix for the original do_readdir().
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1674392
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220502085601.15012-2-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 45b7f1736b64e9f0741e21e5a9d83a837bd863bf)
---
TODO | 8 ---
daemon/readdir.c | 132 +++++++++++++++++++-------------------
generator/actions_core.ml | 127 +++++++++++++++++++-----------------
generator/proc_nr.ml | 2 +-
lib/MAX_PROC_NR | 2 +-
lib/Makefile.am | 1 +
lib/readdir.c | 131 +++++++++++++++++++++++++++++++++++++
7 files changed, 267 insertions(+), 136 deletions(-)
create mode 100644 lib/readdir.c
diff --git a/TODO b/TODO
index a50f7d73c..513e55f92 100644
--- a/TODO
+++ b/TODO
@@ -484,14 +484,6 @@ this approach works, it doesn't solve the MBR problem, so likely we'd
have to write a library for that (or perhaps go back to sfdisk but
using a very abstracted interface over sfdisk).
-Reimplement some APIs to avoid protocol limits
-----------------------------------------------
-
-Mostly this item was done (eg. commits a69f44f56f and before). The
-most notable API with a protocol limit remaining is:
-
- - guestfs_readdir
-
hivex
-----
diff --git a/daemon/readdir.c b/daemon/readdir.c
index e488f93e7..9ab0b0aec 100644
--- a/daemon/readdir.c
+++ b/daemon/readdir.c
@@ -16,77 +16,67 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-#include <config.h>
+#include <config.h> /* HAVE_STRUCT_DIRENT_D_TYPE */
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <dirent.h>
+#include <dirent.h> /* readdir() */
+#include <errno.h> /* errno */
+#include <rpc/xdr.h> /* xdrmem_create() */
+#include <stdio.h> /* perror() */
+#include <stdlib.h> /* malloc() */
+#include <sys/types.h> /* opendir() */
-#include "daemon.h"
-#include "actions.h"
+#include "daemon.h" /* reply_with_perror() */
-static void
-free_int_dirent_list (guestfs_int_dirent *p, size_t len)
+/* Has one FileOut parameter. */
+int
+do_internal_readdir (const char *dir)
{
- size_t i;
+ int ret;
+ DIR *dirstream;
+ void *xdr_buf;
+ XDR xdr;
- for (i = 0; i < len; ++i) {
- free (p[i].name);
- }
- free (p);
-}
-
-guestfs_int_dirent_list *
-do_readdir (const char *path)
-{
- guestfs_int_dirent_list *ret;
- guestfs_int_dirent v;
- DIR *dir;
- struct dirent *d;
- size_t i;
-
- ret = malloc (sizeof *ret);
- if (ret == NULL) {
- reply_with_perror ("malloc");
- return NULL;
- }
-
- ret->guestfs_int_dirent_list_len = 0;
- ret->guestfs_int_dirent_list_val = NULL;
+ /* Prepare to fail. */
+ ret = -1;
CHROOT_IN;
- dir = opendir (path);
+ dirstream = opendir (dir);
CHROOT_OUT;
- if (dir == NULL) {
- reply_with_perror ("opendir: %s", path);
- free (ret);
- return NULL;
+ if (dirstream == NULL) {
+ reply_with_perror ("opendir: %s", dir);
+ return ret;
}
- i = 0;
- while ((d = readdir (dir)) != NULL) {
- guestfs_int_dirent *p;
+ xdr_buf = malloc (GUESTFS_MAX_CHUNK_SIZE);
+ if (xdr_buf == NULL) {
+ reply_with_perror ("malloc");
+ goto close_dir;
+ }
+ xdrmem_create (&xdr, xdr_buf, GUESTFS_MAX_CHUNK_SIZE, XDR_ENCODE);
+
+ /* Send an "OK" reply, before starting the file transfer. */
+ reply (NULL, NULL);
+
+ /* From this point on, we can only report errors by canceling the file
+ * transfer.
+ */
+ for (;;) {
+ struct dirent *d;
+ guestfs_int_dirent v;
+
+ errno = 0;
+ d = readdir (dirstream);
+ if (d == NULL) {
+ if (errno == 0)
+ ret = 0;
+ else
+ perror ("readdir");
- p = realloc (ret->guestfs_int_dirent_list_val,
- sizeof (guestfs_int_dirent) * (i+1));
- v.name = strdup (d->d_name);
- if (!p || !v.name) {
- reply_with_perror ("allocate");
- if (p) {
- free_int_dirent_list (p, i);
- } else {
- free_int_dirent_list (ret->guestfs_int_dirent_list_val, i);
- }
- free (v.name);
- free (ret);
- closedir (dir);
- return NULL;
+ break;
}
- ret->guestfs_int_dirent_list_val = p;
+ v.name = d->d_name;
v.ino = d->d_ino;
#ifdef HAVE_STRUCT_DIRENT_D_TYPE
switch (d->d_type) {
@@ -104,19 +94,29 @@ do_readdir (const char *path)
v.ftyp = 'u';
#endif
- ret->guestfs_int_dirent_list_val[i] = v;
+ if (!xdr_guestfs_int_dirent (&xdr, &v)) {
+ fprintf (stderr, "xdr_guestfs_int_dirent failed\n");
+ break;
+ }
- i++;
+ if (send_file_write (xdr_buf, xdr_getpos (&xdr)) != 0)
+ break;
+
+ xdr_setpos (&xdr, 0);
}
- ret->guestfs_int_dirent_list_len = i;
+ /* Finish or cancel the transfer. Note that if (ret == -1) because the library
+ * canceled, we still need to cancel back!
+ */
+ send_file_end (ret == -1);
- if (closedir (dir) == -1) {
- reply_with_perror ("closedir");
- free (ret->guestfs_int_dirent_list_val);
- free (ret);
- return NULL;
- }
+ xdr_destroy (&xdr);
+ free (xdr_buf);
+
+close_dir:
+ if (closedir (dirstream) == -1)
+ /* Best we can do here is log an error. */
+ perror ("closedir");
return ret;
}
diff --git a/generator/actions_core.ml b/generator/actions_core.ml
index dc12fdc33..807150615 100644
--- a/generator/actions_core.ml
+++ b/generator/actions_core.ml
@@ -141,6 +141,66 @@ only useful for printing debug and internal error messages.
For more information on states, see L<guestfs(3)>." };
+ { defaults with
+ name = "readdir"; added = (1, 0, 55);
+ style = RStructList ("entries", "dirent"), [String (Pathname, "dir")], [];
+ progress = true; cancellable = true;
+ shortdesc = "read directories entries";
+ longdesc = "\
+This returns the list of directory entries in directory C<dir>.
+
+All entries in the directory are returned, including C<.> and
+C<..>. The entries are I<not> sorted, but returned in the same
+order as the underlying filesystem.
+
+Also this call returns basic file type information about each
+file. The C<ftyp> field will contain one of the following characters:
+
+=over 4
+
+=item 'b'
+
+Block special
+
+=item 'c'
+
+Char special
+
+=item 'd'
+
+Directory
+
+=item 'f'
+
+FIFO (named pipe)
+
+=item 'l'
+
+Symbolic link
+
+=item 'r'
+
+Regular file
+
+=item 's'
+
+Socket
+
+=item 'u'
+
+Unknown file type
+
+=item '?'
+
+The L<readdir(3)> call returned a C<d_type> field with an
+unexpected value
+
+=back
+
+This function is primarily intended for use by programs. To
+get a simple list of names, use C<guestfs_ls>. To get a printable
+directory for human consumption, use C<guestfs_ll>." };
+
{ defaults with
name = "version"; added = (1, 0, 58);
style = RStruct ("version", "version"), [], [];
@@ -3939,66 +3999,6 @@ L<umask(2)>, C<guestfs_mknod>, C<guestfs_mkdir>.
This call returns the previous umask." };
- { defaults with
- name = "readdir"; added = (1, 0, 55);
- style = RStructList ("entries", "dirent"), [String (Pathname, "dir")], [];
- protocol_limit_warning = true;
- shortdesc = "read directories entries";
- longdesc = "\
-This returns the list of directory entries in directory C<dir>.
-
-All entries in the directory are returned, including C<.> and
-C<..>. The entries are I<not> sorted, but returned in the same
-order as the underlying filesystem.
-
-Also this call returns basic file type information about each
-file. The C<ftyp> field will contain one of the following characters:
-
-=over 4
-
-=item 'b'
-
-Block special
-
-=item 'c'
-
-Char special
-
-=item 'd'
-
-Directory
-
-=item 'f'
-
-FIFO (named pipe)
-
-=item 'l'
-
-Symbolic link
-
-=item 'r'
-
-Regular file
-
-=item 's'
-
-Socket
-
-=item 'u'
-
-Unknown file type
-
-=item '?'
-
-The L<readdir(3)> call returned a C<d_type> field with an
-unexpected value
-
-=back
-
-This function is primarily intended for use by programs. To
-get a simple list of names, use C<guestfs_ls>. To get a printable
-directory for human consumption, use C<guestfs_ll>." };
-
{ defaults with
name = "getxattrs"; added = (1, 0, 59);
style = RStructList ("xattrs", "xattr"), [String (Pathname, "path")], [];
@@ -9713,4 +9713,11 @@ C<guestfs_cryptsetup_open>. The C<device> parameter must be
the name of the mapping device (ie. F</dev/mapper/mapname>)
and I<not> the name of the underlying block device." };
+ { defaults with
+ name = "internal_readdir"; added = (1, 48, 2);
+ style = RErr, [String (Pathname, "dir"); String (FileOut, "filename")], [];
+ visibility = VInternal;
+ shortdesc = "read directories entries";
+ longdesc = "Internal function for readdir." };
+
]
diff --git a/generator/proc_nr.ml b/generator/proc_nr.ml
index b20672ff0..bdced51c9 100644
--- a/generator/proc_nr.ml
+++ b/generator/proc_nr.ml
@@ -152,7 +152,6 @@ let proc_nr = [
135, "mknod_b";
136, "mknod_c";
137, "umask";
-138, "readdir";
139, "sfdiskM";
140, "zfile";
141, "getxattrs";
@@ -514,6 +513,7 @@ let proc_nr = [
508, "cryptsetup_open";
509, "cryptsetup_close";
510, "internal_list_rpm_applications";
+511, "internal_readdir";
]
(* End of list. If adding a new entry, add it at the end of the list
diff --git a/lib/MAX_PROC_NR b/lib/MAX_PROC_NR
index 2bc4cd64b..c0556fb20 100644
--- a/lib/MAX_PROC_NR
+++ b/lib/MAX_PROC_NR
@@ -1 +1 @@
-510
+511
diff --git a/lib/Makefile.am b/lib/Makefile.am
index 144c45588..212bcb94a 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -105,6 +105,7 @@ libguestfs_la_SOURCES = \
private-data.c \
proto.c \
qemu.c \
+ readdir.c \
rescue.c \
stringsbuf.c \
structs-compare.c \
diff --git a/lib/readdir.c b/lib/readdir.c
new file mode 100644
index 000000000..9cb0d7cf6
--- /dev/null
+++ b/lib/readdir.c
@@ -0,0 +1,131 @@
+/* libguestfs
+ * Copyright (C) 2016-2022 Red Hat Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <config.h> /* UNIX_PATH_MAX, needed by "guestfs-internal.h" */
+
+#include <rpc/xdr.h> /* xdrstdio_create() */
+#include <stdint.h> /* UINT32_MAX */
+#include <stdio.h> /* fopen() */
+#include <string.h> /* memset() */
+
+#include "guestfs.h" /* guestfs_internal_readdir() */
+#include "guestfs_protocol.h" /* guestfs_int_dirent */
+#include "guestfs-internal.h" /* guestfs_int_make_temp_path() */
+#include "guestfs-internal-actions.h" /* guestfs_impl_readdir */
+
+struct guestfs_dirent_list *
+guestfs_impl_readdir (guestfs_h *g, const char *dir)
+{
+ struct guestfs_dirent_list *ret;
+ char *tmpfn;
+ FILE *f;
+ off_t fsize;
+ XDR xdr;
+ struct guestfs_dirent_list *dirents;
+ uint32_t alloc_entries;
+ size_t alloc_bytes;
+
+ /* Prepare to fail. */
+ ret = NULL;
+
+ tmpfn = guestfs_int_make_temp_path (g, "readdir", NULL);
+ if (tmpfn == NULL)
+ return ret;
+
+ if (guestfs_internal_readdir (g, dir, tmpfn) == -1)
+ goto drop_tmpfile;
+
+ f = fopen (tmpfn, "r");
+ if (f == NULL) {
+ perrorf (g, "fopen: %s", tmpfn);
+ goto drop_tmpfile;
+ }
+
+ if (fseeko (f, 0, SEEK_END) == -1) {
+ perrorf (g, "fseeko");
+ goto close_tmpfile;
+ }
+ fsize = ftello (f);
+ if (fsize == -1) {
+ perrorf (g, "ftello");
+ goto close_tmpfile;
+ }
+ if (fseeko (f, 0, SEEK_SET) == -1) {
+ perrorf (g, "fseeko");
+ goto close_tmpfile;
+ }
+
+ xdrstdio_create (&xdr, f, XDR_DECODE);
+
+ dirents = safe_malloc (g, sizeof *dirents);
+ dirents->len = 0;
+ alloc_entries = 8;
+ alloc_bytes = alloc_entries * sizeof *dirents->val;
+ dirents->val = safe_malloc (g, alloc_bytes);
+
+ while (xdr_getpos (&xdr) < fsize) {
+ guestfs_int_dirent v;
+ struct guestfs_dirent *d;
+
+ if (dirents->len == alloc_entries) {
+ if (alloc_entries > UINT32_MAX / 2 || alloc_bytes > (size_t)-1 / 2) {
+ error (g, "integer overflow");
+ goto free_dirents;
+ }
+ alloc_entries *= 2u;
+ alloc_bytes *= 2u;
+ dirents->val = safe_realloc (g, dirents->val, alloc_bytes);
+ }
+
+ /* Decoding does not work unless the target buffer is zero-initialized. */
+ memset (&v, 0, sizeof v);
+ if (!xdr_guestfs_int_dirent (&xdr, &v)) {
+ error (g, "xdr_guestfs_int_dirent failed");
+ goto free_dirents;
+ }
+
+ d = &dirents->val[dirents->len];
+ d->ino = v.ino;
+ d->ftyp = v.ftyp;
+ d->name = v.name; /* transfer malloc'd string to "d" */
+
+ dirents->len++;
+ }
+
+ /* Success; transfer "dirents" to "ret". */
+ ret = dirents;
+ dirents = NULL;
+
+ /* Clean up. */
+ xdr_destroy (&xdr);
+
+free_dirents:
+ guestfs_free_dirent_list (dirents);
+
+close_tmpfile:
+ fclose (f);
+
+drop_tmpfile:
+ /* In case guestfs_internal_readdir() failed, it may or may not have created
+ * the temporary file.
+ */
+ unlink (tmpfn);
+ free (tmpfn);
+
+ return ret;
+}
--
2.31.1

78
SOURCES/0003-daemon-selinux-relabel-run-setfiles-with-T-0-if-supp.patch Normal file
View File

@ -0,0 +1,78 @@
From d2f8308813da27f422607e5aa21fc95d113a17f0 Mon Sep 17 00:00:00 2001
From: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
Date: Wed, 26 Apr 2023 15:59:46 +0300
Subject: [PATCH] daemon/selinux-relabel: run setfiles with "-T 0", if
supported
Since SELinux userspace v3.4 [1], setfiles command supports "-T nthreads"
option, which allows parallel execution. "-T 0" allows using as many
threads as there're available CPU cores. This might speed up the process
of filesystem relabeling in case the appliance is being run with multiple
vCPUs. The latter is true for at least v2v starting from d2b64ecc67
("v2v: Set the number of vCPUs to same as host number of pCPUs.").
For instance, when running virt-v2v-in-place on my 12-core Xeon host
with SSD, with appliance being run with 8 vCPUs (the upper limit specified
in d2b64ecc67), and on the ~150GiB disk VM (physical size on the host),
I get the following results:
./in-place/virt-v2v-in-place -i libvirt fedora37-vm -v -x
Without this patch:
...
commandrvf: setfiles -F -e /sysroot/dev -e /sysroot/proc -e /sysroot/sys -m -C -r /sysroot -v /sysroot/etc/selinux/targeted/contexts/files/file_contexts /sysroot/^M
libguestfs: trace: v2v: selinux_relabel = 0
libguestfs: trace: v2v: rm_f "/.autorelabel"
guestfsd: => selinux_relabel (0x1d3) took 17.94 secs
...
With this patch:
...
commandrvf: setfiles -F -e /sysroot/dev -e /sysroot/proc -e /sysroot/sys -m -C -T 0 -r /sysroot -v /sysroot/etc/selinux/targeted/contexts/files/file_contexts /sysroot/^M
libguestfs: trace: v2v: selinux_relabel = 0
libguestfs: trace: v2v: rm_f "/.autorelabel"
guestfsd: => selinux_relabel (0x1d3) took 5.88 secs
...
So in my scenario it's getting 3 times faster.
[1] https://github.com/SELinuxProject/selinux/releases/tag/3.4
Signed-off-by: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit d0d8e6738477148a7b752348f9364a3b8faed67f)
---
daemon/selinux-relabel.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/daemon/selinux-relabel.c b/daemon/selinux-relabel.c
index 60a6f48a..cfc5a31d 100644
--- a/daemon/selinux-relabel.c
+++ b/daemon/selinux-relabel.c
@@ -73,6 +73,7 @@ do_selinux_relabel (const char *specfile, const char *path,
{
static int flag_m = -1;
static int flag_C = -1;
+ static int flag_T = -1;
const char *argv[MAX_ARGS];
CLEANUP_FREE char *s_dev = NULL, *s_proc = NULL, *s_selinux = NULL,
*s_sys = NULL, *s_specfile = NULL, *s_path = NULL;
@@ -131,6 +132,17 @@ do_selinux_relabel (const char *specfile, const char *path,
if (setfiles_has_option (&flag_C, 'C'))
ADD_ARG (argv, i, "-C");
+ /* If the appliance is being run with multiple vCPUs, running setfiles
+ * in multithreading mode might speeds up the process. Option "-T" was
+ * introduced in SELinux userspace v3.4, and we need to check whether it's
+ * supported. Passing "-T 0" creates as many threads as there're available
+ * vCPU cores.
+ * https://github.com/SELinuxProject/selinux/releases/tag/3.4
+ */
+ if (setfiles_has_option (&flag_T, 'T')) {
+ ADD_ARG (argv, i, "-T"); ADD_ARG (argv, i, "0");
+ }
+
/* Relabelling in a chroot. */
if (STRNEQ (sysroot, "/")) {
ADD_ARG (argv, i, "-r");

108
SOURCES/0003-guestfs_readdir-minimize-the-number-of-send_file_wri.patch
View File

@ -1,108 +0,0 @@
From 62cd6c9d2dd62dd24cc04b16437bfb816a6f4357 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Mon, 2 May 2022 10:56:01 +0200
Subject: [PATCH] guestfs_readdir(): minimize the number of send_file_write()
calls
In guestfs_readdir(), the daemon currently sends each XDR-encoded
"guestfs_int_dirent" to the library with a separate send_file_write()
call.
Determine the largest encoded size (from the longest filename that a
"guestfs_int_dirent" could carry, from readdir()'s "struct dirent"), and
batch up the XDR encodings until the next encoding might not fit in
GUESTFS_MAX_CHUNK_SIZE. Call send_file_write() only then.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1674392
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220502085601.15012-3-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 4864d21cb8eb991f0fc98d03a068173837cba50e)
---
daemon/readdir.c | 38 ++++++++++++++++++++++++++++++++------
1 file changed, 32 insertions(+), 6 deletions(-)
diff --git a/daemon/readdir.c b/daemon/readdir.c
index 9ab0b0aec..3084ba939 100644
--- a/daemon/readdir.c
+++ b/daemon/readdir.c
@@ -35,6 +35,9 @@ do_internal_readdir (const char *dir)
DIR *dirstream;
void *xdr_buf;
XDR xdr;
+ struct dirent fill;
+ guestfs_int_dirent v;
+ unsigned max_encoded;
/* Prepare to fail. */
ret = -1;
@@ -55,6 +58,20 @@ do_internal_readdir (const char *dir)
}
xdrmem_create (&xdr, xdr_buf, GUESTFS_MAX_CHUNK_SIZE, XDR_ENCODE);
+ /* Calculate the max number of bytes a "guestfs_int_dirent" can be encoded to.
+ */
+ memset (fill.d_name, 'a', sizeof fill.d_name - 1);
+ fill.d_name[sizeof fill.d_name - 1] = '\0';
+ v.ino = INT64_MAX;
+ v.ftyp = '?';
+ v.name = fill.d_name;
+ if (!xdr_guestfs_int_dirent (&xdr, &v)) {
+ fprintf (stderr, "xdr_guestfs_int_dirent failed\n");
+ goto release_xdr;
+ }
+ max_encoded = xdr_getpos (&xdr);
+ xdr_setpos (&xdr, 0);
+
/* Send an "OK" reply, before starting the file transfer. */
reply (NULL, NULL);
@@ -63,7 +80,6 @@ do_internal_readdir (const char *dir)
*/
for (;;) {
struct dirent *d;
- guestfs_int_dirent v;
errno = 0;
d = readdir (dirstream);
@@ -94,22 +110,32 @@ do_internal_readdir (const char *dir)
v.ftyp = 'u';
#endif
+ /* Flush "xdr_buf" if we may not have enough room for encoding "v". */
+ if (GUESTFS_MAX_CHUNK_SIZE - xdr_getpos (&xdr) < max_encoded) {
+ if (send_file_write (xdr_buf, xdr_getpos (&xdr)) != 0)
+ break;
+
+ xdr_setpos (&xdr, 0);
+ }
+
if (!xdr_guestfs_int_dirent (&xdr, &v)) {
fprintf (stderr, "xdr_guestfs_int_dirent failed\n");
break;
}
-
- if (send_file_write (xdr_buf, xdr_getpos (&xdr)) != 0)
- break;
-
- xdr_setpos (&xdr, 0);
}
+ /* Flush "xdr_buf" if the loop completed successfully and "xdr_buf" is not
+ * empty. */
+ if (ret == 0 && xdr_getpos (&xdr) > 0 &&
+ send_file_write (xdr_buf, xdr_getpos (&xdr)) != 0)
+ ret = -1;
+
/* Finish or cancel the transfer. Note that if (ret == -1) because the library
* canceled, we still need to cancel back!
*/
send_file_end (ret == -1);
+release_xdr:
xdr_destroy (&xdr);
free (xdr_buf);
--
2.31.1

25
SOURCES/0010-RHEL-Disable-unsupported-remote-drive-protocols-RHBZ.patch → SOURCES/0004-RHEL-Disable-unsupported-remote-drive-protocols-RHBZ.patch
View File

@ -1,4 +1,4 @@
From 010cd5ff441166c01125fc588398a1fb8367a852 Mon Sep 17 00:00:00 2001 From 66b9338e3d786db28fbd853d397741c3ceb19352 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com> From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Mon, 29 Jul 2013 14:47:56 +0100 Date: Mon, 29 Jul 2013 14:47:56 +0100
Subject: [PATCH] RHEL: Disable unsupported remote drive protocols Subject: [PATCH] RHEL: Disable unsupported remote drive protocols
@ -31,7 +31,7 @@ We hope to gradually add some of these back over the lifetime of RHEL.
8 files changed, 16 insertions(+), 348 deletions(-) 8 files changed, 16 insertions(+), 348 deletions(-)
diff --git a/docs/guestfs-testing.pod b/docs/guestfs-testing.pod diff --git a/docs/guestfs-testing.pod b/docs/guestfs-testing.pod
index f558964bf..8f264ed17 100644 index 47f381a7..c7b44928 100644
--- a/docs/guestfs-testing.pod --- a/docs/guestfs-testing.pod
+++ b/docs/guestfs-testing.pod +++ b/docs/guestfs-testing.pod
@@ -109,26 +109,6 @@ image. To exit, type C<exit>. @@ -109,26 +109,6 @@ image. To exit, type C<exit>.
@ -62,7 +62,7 @@ index f558964bf..8f264ed17 100644
Run L<virt-alignment-scan(1)> on guests or disk images: Run L<virt-alignment-scan(1)> on guests or disk images:
diff --git a/fish/guestfish.pod b/fish/guestfish.pod diff --git a/fish/guestfish.pod b/fish/guestfish.pod
index ae2445571..46cba64ff 100644 index ccc0825b..d36cac9d 100644
--- a/fish/guestfish.pod --- a/fish/guestfish.pod
+++ b/fish/guestfish.pod +++ b/fish/guestfish.pod
@@ -131,9 +131,9 @@ To list what is available do: @@ -131,9 +131,9 @@ To list what is available do:
@ -171,7 +171,7 @@ index ae2445571..46cba64ff 100644
In this case, the password is C<pass@word>. In this case, the password is C<pass@word>.
diff --git a/fish/test-add-uri.sh b/fish/test-add-uri.sh diff --git a/fish/test-add-uri.sh b/fish/test-add-uri.sh
index 21d424984..ddabeb639 100755 index 21d42498..ddabeb63 100755
--- a/fish/test-add-uri.sh --- a/fish/test-add-uri.sh
+++ b/fish/test-add-uri.sh +++ b/fish/test-add-uri.sh
@@ -40,14 +40,6 @@ function fail () @@ -40,14 +40,6 @@ function fail ()
@ -220,7 +220,7 @@ index 21d424984..ddabeb639 100755
rm test-add-uri.out rm test-add-uri.out
rm test-add-uri.img rm test-add-uri.img
diff --git a/generator/actions_core.ml b/generator/actions_core.ml diff --git a/generator/actions_core.ml b/generator/actions_core.ml
index 807150615..6cd42a290 100644 index bfb43a19..314bb0ae 100644
--- a/generator/actions_core.ml --- a/generator/actions_core.ml
+++ b/generator/actions_core.ml +++ b/generator/actions_core.ml
@@ -350,29 +350,6 @@ F<filename> is interpreted as a local file or device. @@ -350,29 +350,6 @@ F<filename> is interpreted as a local file or device.
@ -305,7 +305,7 @@ index 807150615..6cd42a290 100644
example if using the libvirt backend and if the libvirt backend is configured to example if using the libvirt backend and if the libvirt backend is configured to
start the qemu appliance as a special user such as C<qemu.qemu>. If in doubt, start the qemu appliance as a special user such as C<qemu.qemu>. If in doubt,
diff --git a/lib/drives.c b/lib/drives.c diff --git a/lib/drives.c b/lib/drives.c
index c5a208468..efb289254 100644 index c5a20846..efb28925 100644
--- a/lib/drives.c --- a/lib/drives.c
+++ b/lib/drives.c +++ b/lib/drives.c
@@ -166,6 +166,7 @@ create_drive_non_file (guestfs_h *g, @@ -166,6 +166,7 @@ create_drive_non_file (guestfs_h *g,
@ -373,10 +373,10 @@ index c5a208468..efb289254 100644
error (g, _("unknown protocol %s"), protocol); error (g, _("unknown protocol %s"), protocol);
drv = NULL; /*FALLTHROUGH*/ drv = NULL; /*FALLTHROUGH*/
diff --git a/lib/guestfs.pod b/lib/guestfs.pod diff --git a/lib/guestfs.pod b/lib/guestfs.pod
index 1ad44e7c2..946ce2d36 100644 index c6c8cb16..866a4638 100644
--- a/lib/guestfs.pod --- a/lib/guestfs.pod
+++ b/lib/guestfs.pod +++ b/lib/guestfs.pod
@@ -712,70 +712,6 @@ a qcow2 backing file specification, libvirt does not construct an @@ -723,70 +723,6 @@ a qcow2 backing file specification, libvirt does not construct an
ephemeral secret object from those, for Ceph authentication. Refer to ephemeral secret object from those, for Ceph authentication. Refer to
L<https://bugzilla.redhat.com/2033247>. L<https://bugzilla.redhat.com/2033247>.
@ -447,7 +447,7 @@ index 1ad44e7c2..946ce2d36 100644
=head3 NETWORK BLOCK DEVICE =head3 NETWORK BLOCK DEVICE
Libguestfs can access Network Block Device (NBD) disks remotely. Libguestfs can access Network Block Device (NBD) disks remotely.
@@ -838,42 +774,6 @@ L<https://bugs.launchpad.net/qemu/+bug/1155677> @@ -849,42 +785,6 @@ L<https://bugs.launchpad.net/qemu/+bug/1155677>
=back =back
@ -491,7 +491,7 @@ index 1ad44e7c2..946ce2d36 100644
Libguestfs has APIs for inspecting an unknown disk image to find out Libguestfs has APIs for inspecting an unknown disk image to find out
diff --git a/tests/disks/test-qemu-drive-libvirt.sh b/tests/disks/test-qemu-drive-libvirt.sh diff --git a/tests/disks/test-qemu-drive-libvirt.sh b/tests/disks/test-qemu-drive-libvirt.sh
index 595a95a5e..b49534c94 100755 index d86a1ecd..cf7d2a0c 100755
--- a/tests/disks/test-qemu-drive-libvirt.sh --- a/tests/disks/test-qemu-drive-libvirt.sh
+++ b/tests/disks/test-qemu-drive-libvirt.sh +++ b/tests/disks/test-qemu-drive-libvirt.sh
@@ -65,34 +65,6 @@ check_output @@ -65,34 +65,6 @@ check_output
@ -530,7 +530,7 @@ index 595a95a5e..b49534c94 100755
$guestfish -d pool1 run ||: $guestfish -d pool1 run ||:
diff --git a/tests/disks/test-qemu-drive.sh b/tests/disks/test-qemu-drive.sh diff --git a/tests/disks/test-qemu-drive.sh b/tests/disks/test-qemu-drive.sh
index 12937fb30..b3e4f9903 100755 index 12937fb3..b3e4f990 100755
--- a/tests/disks/test-qemu-drive.sh --- a/tests/disks/test-qemu-drive.sh
+++ b/tests/disks/test-qemu-drive.sh +++ b/tests/disks/test-qemu-drive.sh
@@ -62,45 +62,6 @@ check_output @@ -62,45 +62,6 @@ check_output
@ -604,6 +604,3 @@ index 12937fb30..b3e4f9903 100755
-check_output -check_output
-grep -sq -- '-drive file=ssh://rich@example.com/disk.img,' "$DEBUG_QEMU_FILE" || fail -grep -sq -- '-drive file=ssh://rich@example.com/disk.img,' "$DEBUG_QEMU_FILE" || fail
-rm "$DEBUG_QEMU_FILE" -rm "$DEBUG_QEMU_FILE"
--
2.31.1

123
SOURCES/0004-lib-launch-direct-ignore-drive-iface-parameter.patch
View File

@ -1,123 +0,0 @@
From e4901a4e83f0ab59a525095d2fe1c7f1a38c0aac Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 4 May 2022 15:41:52 +0200
Subject: [PATCH] lib: launch-direct: ignore drive "iface" parameter
Rich said in <https://bugzilla.redhat.com/show_bug.cgi?id=1844341#c1>:
> The libvirt backend has never allowed the iface parameter. We should
> probably ignore it in the direct backend since it's never been possible
> to use this parameter correctly.
Remove the handling of "iface" in the direct (QEMU) backend. Refresh the
documentation regarding both backends.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1844341
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220504134155.11832-2-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 3eb830dbaee12c8dc4566cab226ed2af0e0f2d8c)
---
generator/actions_core_deprecated.ml | 8 +++-
lib/launch-direct.c | 59 ++++++----------------------
2 files changed, 19 insertions(+), 48 deletions(-)
diff --git a/generator/actions_core_deprecated.ml b/generator/actions_core_deprecated.ml
index 00dde3d2a..f1040a0e9 100644
--- a/generator/actions_core_deprecated.ml
+++ b/generator/actions_core_deprecated.ml
@@ -73,7 +73,9 @@ of C<guestfs_add_drive_ro>." };
shortdesc = "add a drive specifying the QEMU block emulation to use";
longdesc = "\
This is the same as C<guestfs_add_drive> but it allows you
-to specify the QEMU interface emulation to use at run time." };
+to specify the QEMU interface emulation to use at run time.
+The libvirt backend rejects a non-empty C<iface> argument.
+The direct backend ignores C<iface>." };
{ defaults with
name = "add_drive_ro_with_if"; added = (1, 0, 84);
@@ -83,7 +85,9 @@ to specify the QEMU interface emulation to use at run time." };
shortdesc = "add a drive read-only specifying the QEMU block emulation to use";
longdesc = "\
This is the same as C<guestfs_add_drive_ro> but it allows you
-to specify the QEMU interface emulation to use at run time." };
+to specify the QEMU interface emulation to use at run time.
+The libvirt backend rejects a non-empty C<iface> argument.
+The direct backend ignores C<iface>." };
{ defaults with
name = "lstatlist"; added = (1, 0, 77);
diff --git a/lib/launch-direct.c b/lib/launch-direct.c
index b292b9c26..ff0eaeb62 100644
--- a/lib/launch-direct.c
+++ b/lib/launch-direct.c
@@ -296,52 +296,19 @@ static int
add_drive (guestfs_h *g, struct backend_direct_data *data,
struct qemuopts *qopts, size_t i, struct drive *drv)
{
- /* If there's an explicit 'iface', use it. Otherwise default to
- * virtio-scsi.
- */
- if (drv->iface && STREQ (drv->iface, "virtio")) { /* virtio-blk */
- start_list ("-drive") {
- if (add_drive_standard_params (g, data, qopts, i, drv) == -1)
- return -1;
- append_list ("if=none");
- } end_list ();
- start_list ("-device") {
- append_list (VIRTIO_DEVICE_NAME ("virtio-blk"));
- append_list_format ("drive=hd%zu", i);
- if (drv->disk_label)
- append_list_format ("serial=%s", drv->disk_label);
- if (add_device_blocksize_params (g, qopts, drv) == -1)
- return -1;
- } end_list ();
- }
-#if defined(__arm__) || defined(__aarch64__) || defined(__powerpc__)
- else if (drv->iface && STREQ (drv->iface, "ide")) {
- error (g, "'ide' interface does not work on ARM or PowerPC");
- return -1;
- }
-#endif
- else if (drv->iface) {
- start_list ("-drive") {
- if (add_drive_standard_params (g, data, qopts, i, drv) == -1)
- return -1;
- append_list_format ("if=%s", drv->iface);
- } end_list ();
- }
- else /* default case: virtio-scsi */ {
- start_list ("-drive") {
- if (add_drive_standard_params (g, data, qopts, i, drv) == -1)
- return -1;
- append_list ("if=none");
- } end_list ();
- start_list ("-device") {
- append_list ("scsi-hd");
- append_list_format ("drive=hd%zu", i);
- if (drv->disk_label)
- append_list_format ("serial=%s", drv->disk_label);
- if (add_device_blocksize_params (g, qopts, drv) == -1)
- return -1;
- } end_list ();
- }
+ start_list ("-drive") {
+ if (add_drive_standard_params (g, data, qopts, i, drv) == -1)
+ return -1;
+ append_list ("if=none");
+ } end_list ();
+ start_list ("-device") {
+ append_list ("scsi-hd");
+ append_list_format ("drive=hd%zu", i);
+ if (drv->disk_label)
+ append_list_format ("serial=%s", drv->disk_label);
+ if (add_device_blocksize_params (g, qopts, drv) == -1)
+ return -1;
+ } end_list ();
return 0;
--
2.31.1

11
SOURCES/0011-RHEL-Reject-use-of-libguestfs-winsupport-features-ex.patch → SOURCES/0005-RHEL-Reject-use-of-libguestfs-winsupport-features-ex.patch
View File

@ -1,4 +1,4 @@
From d59942a7a3d1ca2248a94099d28f7555378d7993 Mon Sep 17 00:00:00 2001 From b875668bfa9f596aba2e84999c7c9921f8dcb55e Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com> From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 7 Jul 2015 09:28:03 -0400 Date: Tue, 7 Jul 2015 09:28:03 -0400
Subject: [PATCH] RHEL: Reject use of libguestfs-winsupport features except for Subject: [PATCH] RHEL: Reject use of libguestfs-winsupport features except for
@ -13,7 +13,7 @@ edits.
3 files changed, 19 insertions(+) 3 files changed, 19 insertions(+)
diff --git a/generator/c.ml b/generator/c.ml diff --git a/generator/c.ml b/generator/c.ml
index ea69abf76..56ee38aa4 100644 index 447059b8..0391dd3d 100644
--- a/generator/c.ml --- a/generator/c.ml
+++ b/generator/c.ml +++ b/generator/c.ml
@@ -1846,6 +1846,22 @@ and generate_client_actions actions () = @@ -1846,6 +1846,22 @@ and generate_client_actions actions () =
@ -40,7 +40,7 @@ index ea69abf76..56ee38aa4 100644
* as a progress bar hint. * as a progress bar hint.
*) *)
diff --git a/test-data/phony-guests/make-windows-img.sh b/test-data/phony-guests/make-windows-img.sh diff --git a/test-data/phony-guests/make-windows-img.sh b/test-data/phony-guests/make-windows-img.sh
index 30908a918..73cf5144e 100755 index 16debd12..1c13ddac 100755
--- a/test-data/phony-guests/make-windows-img.sh --- a/test-data/phony-guests/make-windows-img.sh
+++ b/test-data/phony-guests/make-windows-img.sh +++ b/test-data/phony-guests/make-windows-img.sh
@@ -37,6 +37,7 @@ fi @@ -37,6 +37,7 @@ fi
@ -52,7 +52,7 @@ index 30908a918..73cf5144e 100755
run run
diff --git a/tests/charsets/test-charset-fidelity.c b/tests/charsets/test-charset-fidelity.c diff --git a/tests/charsets/test-charset-fidelity.c b/tests/charsets/test-charset-fidelity.c
index 105291dc3..5ca4f3b6d 100644 index 105291dc..5ca4f3b6 100644
--- a/tests/charsets/test-charset-fidelity.c --- a/tests/charsets/test-charset-fidelity.c
+++ b/tests/charsets/test-charset-fidelity.c +++ b/tests/charsets/test-charset-fidelity.c
@@ -96,6 +96,8 @@ main (int argc, char *argv[]) @@ -96,6 +96,8 @@ main (int argc, char *argv[])
@ -64,6 +64,3 @@ index 105291dc3..5ca4f3b6d 100644
if (guestfs_add_drive_scratch (g, 1024*1024*1024, -1) == -1) if (guestfs_add_drive_scratch (g, 1024*1024*1024, -1) == -1)
exit (EXIT_FAILURE); exit (EXIT_FAILURE);
--
2.31.1

245
SOURCES/0005-lib-drive_create_data-drive-remove-field-iface.patch
View File

@ -1,245 +0,0 @@
From f13297315495144775f6249e9e24dc5f18f6f902 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 4 May 2022 15:41:53 +0200
Subject: [PATCH] lib: drive_create_data, drive: remove field "iface"
Representing "iface" in the "drive_create_data" and "drive" structures is
now useless; the direct backend ignores "iface", while the libvirt one
rejects it unless it is empty. Unify both backends -- make them both
ignore "iface". (Which only relaxes the libvirt backend, so it cannot
cause compatibility problems.) This lets us remove the fields. Update the
documentation as well.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1844341
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220504134155.11832-3-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit f68eaee1d6c41f91e7dfd2aa9e7d238cca7b8a4c)
---
generator/actions_core_deprecated.ml | 6 ++----
lib/drives.c | 31 +++++-----------------------
lib/guestfs-internal.h | 1 -
lib/launch-libvirt.c | 6 ------
lib/libvirt-domain.c | 15 --------------
5 files changed, 7 insertions(+), 52 deletions(-)
diff --git a/generator/actions_core_deprecated.ml b/generator/actions_core_deprecated.ml
index f1040a0e9..c23f4a330 100644
--- a/generator/actions_core_deprecated.ml
+++ b/generator/actions_core_deprecated.ml
@@ -74,8 +74,7 @@ of C<guestfs_add_drive_ro>." };
longdesc = "\
This is the same as C<guestfs_add_drive> but it allows you
to specify the QEMU interface emulation to use at run time.
-The libvirt backend rejects a non-empty C<iface> argument.
-The direct backend ignores C<iface>." };
+Both the direct and the libvirt backends ignore C<iface>." };
{ defaults with
name = "add_drive_ro_with_if"; added = (1, 0, 84);
@@ -86,8 +85,7 @@ The direct backend ignores C<iface>." };
longdesc = "\
This is the same as C<guestfs_add_drive_ro> but it allows you
to specify the QEMU interface emulation to use at run time.
-The libvirt backend rejects a non-empty C<iface> argument.
-The direct backend ignores C<iface>." };
+Both the direct and the libvirt backends ignore C<iface>." };
{ defaults with
name = "lstatlist"; added = (1, 0, 77);
diff --git a/lib/drives.c b/lib/drives.c
index a6179fc36..8fe46a41c 100644
--- a/lib/drives.c
+++ b/lib/drives.c
@@ -53,7 +53,6 @@ struct drive_create_data {
const char *secret;
bool readonly;
const char *format;
- const char *iface;
const char *name;
const char *disk_label;
const char *cachemode;
@@ -110,7 +109,6 @@ create_drive_file (guestfs_h *g,
drv->src.format = data->format ? safe_strdup (g, data->format) : NULL;
drv->readonly = data->readonly;
- drv->iface = data->iface ? safe_strdup (g, data->iface) : NULL;
drv->name = data->name ? safe_strdup (g, data->name) : NULL;
drv->disk_label = data->disk_label ? safe_strdup (g, data->disk_label) : NULL;
drv->cachemode = data->cachemode ? safe_strdup (g, data->cachemode) : NULL;
@@ -147,7 +145,6 @@ create_drive_non_file (guestfs_h *g,
drv->src.format = data->format ? safe_strdup (g, data->format) : NULL;
drv->readonly = data->readonly;
- drv->iface = data->iface ? safe_strdup (g, data->iface) : NULL;
drv->name = data->name ? safe_strdup (g, data->name) : NULL;
drv->disk_label = data->disk_label ? safe_strdup (g, data->disk_label) : NULL;
drv->cachemode = data->cachemode ? safe_strdup (g, data->cachemode) : NULL;
@@ -470,7 +467,6 @@ free_drive_struct (struct drive *drv)
{
free_drive_source (&drv->src);
free (drv->overlay);
- free (drv->iface);
free (drv->name);
free (drv->disk_label);
free (drv->cachemode);
@@ -511,14 +507,12 @@ drive_to_string (guestfs_h *g, const struct drive *drv)
s_blocksize = safe_asprintf (g, "%d", drv->blocksize);
return safe_asprintf
- (g, "%s%s%s%s protocol=%s%s%s%s%s%s%s%s%s%s%s%s%s",
+ (g, "%s%s%s%s protocol=%s%s%s%s%s%s%s%s%s%s%s",
drv->src.u.path,
drv->readonly ? " readonly" : "",
drv->src.format ? " format=" : "",
drv->src.format ? : "",
guestfs_int_drive_protocol_to_string (drv->src.protocol),
- drv->iface ? " iface=" : "",
- drv->iface ? : "",
drv->name ? " name=" : "",
drv->name ? : "",
drv->disk_label ? " label=" : "",
@@ -747,8 +741,6 @@ guestfs_impl_add_drive_opts (guestfs_h *g, const char *filename,
? optargs->readonly : false;
data.format = optargs->bitmask & GUESTFS_ADD_DRIVE_OPTS_FORMAT_BITMASK
? optargs->format : NULL;
- data.iface = optargs->bitmask & GUESTFS_ADD_DRIVE_OPTS_IFACE_BITMASK
- ? optargs->iface : NULL;
data.name = optargs->bitmask & GUESTFS_ADD_DRIVE_OPTS_NAME_BITMASK
? optargs->name : NULL;
data.disk_label = optargs->bitmask & GUESTFS_ADD_DRIVE_OPTS_LABEL_BITMASK
@@ -804,12 +796,6 @@ guestfs_impl_add_drive_opts (guestfs_h *g, const char *filename,
free_drive_servers (data.servers, data.nr_servers);
return -1;
}
- if (data.iface && !VALID_FORMAT_IFACE (data.iface)) {
- error (g, _("%s parameter is empty or contains disallowed characters"),
- "iface");
- free_drive_servers (data.servers, data.nr_servers);
- return -1;
- }
if (data.disk_label && !VALID_DISK_LABEL (data.disk_label)) {
error (g, _("label parameter is empty, too long, or contains disallowed characters"));
free_drive_servers (data.servers, data.nr_servers);
@@ -935,24 +921,17 @@ guestfs_impl_add_drive_ro (guestfs_h *g, const char *filename)
int
guestfs_impl_add_drive_with_if (guestfs_h *g, const char *filename,
- const char *iface)
+ const char *iface ATTRIBUTE_UNUSED)
{
- const struct guestfs_add_drive_opts_argv optargs = {
- .bitmask = GUESTFS_ADD_DRIVE_OPTS_IFACE_BITMASK,
- .iface = iface,
- };
-
- return guestfs_add_drive_opts_argv (g, filename, &optargs);
+ return guestfs_add_drive_opts_argv (g, filename, NULL);
}
int
guestfs_impl_add_drive_ro_with_if (guestfs_h *g, const char *filename,
- const char *iface)
+ const char *iface ATTRIBUTE_UNUSED)
{
const struct guestfs_add_drive_opts_argv optargs = {
- .bitmask = GUESTFS_ADD_DRIVE_OPTS_IFACE_BITMASK
- | GUESTFS_ADD_DRIVE_OPTS_READONLY_BITMASK,
- .iface = iface,
+ .bitmask = GUESTFS_ADD_DRIVE_OPTS_READONLY_BITMASK,
.readonly = true,
};
diff --git a/lib/guestfs-internal.h b/lib/guestfs-internal.h
index 5bb00bc10..16755cfb3 100644
--- a/lib/guestfs-internal.h
+++ b/lib/guestfs-internal.h
@@ -298,7 +298,6 @@ struct drive {
/* Various per-drive flags. */
bool readonly;
- char *iface;
char *name;
char *disk_label;
char *cachemode;
diff --git a/lib/launch-libvirt.c b/lib/launch-libvirt.c
index de342b425..03d69e027 100644
--- a/lib/launch-libvirt.c
+++ b/lib/launch-libvirt.c
@@ -1472,12 +1472,6 @@ construct_libvirt_xml_disk (guestfs_h *g,
const char *type, *uuid;
int r;
- /* XXX We probably could support this if we thought about it some more. */
- if (drv->iface) {
- error (g, _("iface parameter is not supported by the libvirt backend"));
- return -1;
- }
-
start_element ("disk") {
attribute ("device", "disk");
diff --git a/lib/libvirt-domain.c b/lib/libvirt-domain.c
index 3050680fa..fafbf50ea 100644
--- a/lib/libvirt-domain.c
+++ b/lib/libvirt-domain.c
@@ -68,7 +68,6 @@ guestfs_impl_add_domain (guestfs_h *g, const char *domain_name,
int live;
int allowuuid;
const char *readonlydisk;
- const char *iface;
const char *cachemode;
const char *discard;
bool copyonread;
@@ -78,8 +77,6 @@ guestfs_impl_add_domain (guestfs_h *g, const char *domain_name,
? optargs->libvirturi : NULL;
readonly = optargs->bitmask & GUESTFS_ADD_DOMAIN_READONLY_BITMASK
? optargs->readonly : 0;
- iface = optargs->bitmask & GUESTFS_ADD_DOMAIN_IFACE_BITMASK
- ? optargs->iface : NULL;
live = optargs->bitmask & GUESTFS_ADD_DOMAIN_LIVE_BITMASK
? optargs->live : 0;
allowuuid = optargs->bitmask & GUESTFS_ADD_DOMAIN_ALLOWUUID_BITMASK
@@ -136,10 +133,6 @@ guestfs_impl_add_domain (guestfs_h *g, const char *domain_name,
optargs2.bitmask |= GUESTFS_ADD_LIBVIRT_DOM_READONLY_BITMASK;
optargs2.readonly = readonly;
}
- if (iface) {
- optargs2.bitmask |= GUESTFS_ADD_LIBVIRT_DOM_IFACE_BITMASK;
- optargs2.iface = iface;
- }
if (live) {
error (g, _("libguestfs live support was removed in libguestfs 1.48"));
goto cleanup;
@@ -193,7 +186,6 @@ guestfs_impl_add_libvirt_dom (guestfs_h *g, void *domvp,
virDomainPtr dom = domvp;
ssize_t r;
int readonly;
- const char *iface;
const char *cachemode;
const char *discard;
bool copyonread;
@@ -208,9 +200,6 @@ guestfs_impl_add_libvirt_dom (guestfs_h *g, void *domvp,
readonly =
optargs->bitmask & GUESTFS_ADD_LIBVIRT_DOM_READONLY_BITMASK
? optargs->readonly : 0;
- iface =
- optargs->bitmask & GUESTFS_ADD_LIBVIRT_DOM_IFACE_BITMASK
- ? optargs->iface : NULL;
live =
optargs->bitmask & GUESTFS_ADD_LIBVIRT_DOM_LIVE_BITMASK
? optargs->live : 0;
@@ -289,10 +278,6 @@ guestfs_impl_add_libvirt_dom (guestfs_h *g, void *domvp,
data.optargs.bitmask = 0;
data.readonly = readonly;
data.readonlydisk = readonlydisk;
- if (iface) {
- data.optargs.bitmask |= GUESTFS_ADD_DRIVE_OPTS_IFACE_BITMASK;
- data.optargs.iface = iface;
- }
if (cachemode) {
data.optargs.bitmask |= GUESTFS_ADD_DRIVE_OPTS_CACHEMODE_BITMASK;
data.optargs.cachemode = cachemode;
--
2.31.1

63
SOURCES/0006-Remove-virt-dib.patch Normal file
View File

@ -0,0 +1,63 @@
From d4be44928a40e7ca1ef6255fb04d28f2fa7fc6b6 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 7 Feb 2023 13:20:36 +0000
Subject: [PATCH] Remove virt-dib
The tool only supports an older version of the diskimage-builder
metadata, and we do not have the time or inclination to update it to a
newer version.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1910039
(cherry picked from commit 7503eeebede688409b2adf616d71a94e04b7f0d2)
---
appliance/packagelist.in | 30 ------------------------------
1 file changed, 30 deletions(-)
diff --git a/appliance/packagelist.in b/appliance/packagelist.in
index 585d52ad..20b08c47 100644
--- a/appliance/packagelist.in
+++ b/appliance/packagelist.in
@@ -110,7 +110,6 @@ ifelse(ARCHLINUX,1,
dnl syslinux has mtools as optional dependency, but in reality it's
dnl a hard one:
mtools
- multipath-tools dnl for kpartx
nilfs-utils
ntfs-3g
ntfs-3g-system-compression
@@ -266,35 +265,6 @@ util-linux-ng
xfsprogs
zerofree
-dnl tools needed by virt-dib
-ifelse(REDHAT,1,
- qemu-img
- which
-)
-ifelse(DEBIAN,1,
- qemu-utils
-)
-ifelse(ARCHLINUX,1,
- qemu
- which
-)
-ifelse(SUSE,1,
- qemu-tools
- which
-)
-ifelse(FRUGALWARE,1,
- qemu
- which
-)
-ifelse(MAGEIA,1,
- qemu-img
- which
-)
-curl
-kpartx
-dnl (virt-dib) tools optionally used for elements
-debootstrap
-
dnl exFAT is not usually available in free software repos
exfat-fuse
exfat-utils

82
SOURCES/0006-lib-rename-VALID_FORMAT_IFACE-to-VALID_FORMAT.patch
View File

@ -1,82 +0,0 @@
From f408b24d8d8f5b5f4e1a25c1046c3a18107c8d80 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 4 May 2022 15:41:54 +0200
Subject: [PATCH] lib: rename VALID_FORMAT_IFACE to VALID_FORMAT
We no longer use VALID_FORMAT_IFACE for validating "iface"; rename the
macro to reflect that we only check "format" with it.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1844341
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220504134155.11832-4-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit c8e3caf9e6000ea2f5cfbe30ffe1240317bb4578)
---
lib/drives.c | 4 ++--
lib/unit-tests.c | 16 ++++++++--------
2 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/lib/drives.c b/lib/drives.c
index 8fe46a41c..c5a208468 100644
--- a/lib/drives.c
+++ b/lib/drives.c
@@ -593,7 +593,7 @@ guestfs_int_free_drives (guestfs_h *g)
* Check string parameter matches regular expression
* C<^[-_[:alnum:]]+$> (in C locale).
*/
-#define VALID_FORMAT_IFACE(str) \
+#define VALID_FORMAT(str) \
guestfs_int_string_is_valid ((str), 1, 0, \
VALID_FLAG_ALPHA|VALID_FLAG_DIGIT, "-_")
@@ -790,7 +790,7 @@ guestfs_impl_add_drive_opts (guestfs_h *g, const char *filename,
return -1;
}
- if (data.format && !VALID_FORMAT_IFACE (data.format)) {
+ if (data.format && !VALID_FORMAT (data.format)) {
error (g, _("%s parameter is empty or contains disallowed characters"),
"format");
free_drive_servers (data.servers, data.nr_servers);
diff --git a/lib/unit-tests.c b/lib/unit-tests.c
index 62457ccba..0e550cb98 100644
--- a/lib/unit-tests.c
+++ b/lib/unit-tests.c
@@ -434,7 +434,7 @@ test_stringsbuf (void)
}
/* Use the same macros as in lib/drives.c */
-#define VALID_FORMAT_IFACE(str) \
+#define VALID_FORMAT(str) \
guestfs_int_string_is_valid ((str), 1, 0, \
VALID_FLAG_ALPHA|VALID_FLAG_DIGIT, "-_")
#define VALID_DISK_LABEL(str) \
@@ -446,18 +446,18 @@ test_stringsbuf (void)
static void
test_valid (void)
{
- assert (!VALID_FORMAT_IFACE (""));
+ assert (!VALID_FORMAT (""));
assert (!VALID_DISK_LABEL (""));
assert (!VALID_HOSTNAME (""));
assert (!VALID_DISK_LABEL ("012345678901234567890"));
- assert (VALID_FORMAT_IFACE ("abc"));
- assert (VALID_FORMAT_IFACE ("ABC"));
- assert (VALID_FORMAT_IFACE ("abc123"));
- assert (VALID_FORMAT_IFACE ("abc123-"));
- assert (VALID_FORMAT_IFACE ("abc123_"));
- assert (!VALID_FORMAT_IFACE ("abc123."));
+ assert (VALID_FORMAT ("abc"));
+ assert (VALID_FORMAT ("ABC"));
+ assert (VALID_FORMAT ("abc123"));
+ assert (VALID_FORMAT ("abc123-"));
+ assert (VALID_FORMAT ("abc123_"));
+ assert (!VALID_FORMAT ("abc123."));
assert (VALID_DISK_LABEL ("abc"));
assert (VALID_DISK_LABEL ("ABC"));
--
2.31.1

32
SOURCES/0007-lib-Choose-q35-machine-type-for-x86-64.patch Normal file
View File

@ -0,0 +1,32 @@
From d9ba056079f797483ea99394b265c9bf39769687 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 9 Feb 2023 13:38:50 +0000
Subject: [PATCH] lib: Choose q35 machine type for x86-64
This machine type is more modern than the older 'pc' type and as most
qemu development is now focused there we expect it will perform and
behave better. In almost all respects this change should make no
difference.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2168578
Acked-by: Laszlo Ersek <lersek@redhat.com>
See-also: https://listman.redhat.com/archives/libguestfs/2023-February/030645.html
(cherry picked from commit f0f8e6c5fe0c3f6d5d90534d263bded3a4dc7e8d)
---
lib/guestfs-internal.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lib/guestfs-internal.h b/lib/guestfs-internal.h
index 306f2a2e..fb55e026 100644
--- a/lib/guestfs-internal.h
+++ b/lib/guestfs-internal.h
@@ -113,6 +113,9 @@ cleanup_mutex_unlock (pthread_mutex_t **ptr)
#define MAX_WINDOWS_EXPLORER_SIZE (4 * 1000 * 1000)
/* Machine types. */
+#if defined(__x86_64__)
+#define MACHINE_TYPE "q35"
+#endif
#ifdef __arm__
#define MACHINE_TYPE "virt"
#endif

74
SOURCES/0007-tests-regressions-remove-iface-based-restrictions.patch
View File

@ -1,74 +0,0 @@
From 431ca828e9f7d7a6c7e315b410f381304986ba44 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 4 May 2022 15:41:55 +0200
Subject: [PATCH] tests/regressions: remove "iface"-based restrictions
Now that "iface" is ignored by both backends, the regression tests for
RHBZ 690819 and 975797 can be enabled on all arches (regardless of
backend).
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1844341
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220504134155.11832-5-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit ddf276884c04418a32902689cf8fc3506be3ca4b)
---
tests/regressions/rhbz690819.sh | 10 +++-------
tests/regressions/rhbz975797.sh | 10 +++-------
2 files changed, 6 insertions(+), 14 deletions(-)
diff --git a/tests/regressions/rhbz690819.sh b/tests/regressions/rhbz690819.sh
index e6f61d00d..9e1bcda84 100755
--- a/tests/regressions/rhbz690819.sh
+++ b/tests/regressions/rhbz690819.sh
@@ -19,18 +19,14 @@
# https://bugzilla.redhat.com/show_bug.cgi?id=690819
# mkfs fails creating a filesytem on a disk device when using a disk
# with 'ide' interface
+#
+# The 'iface' parameter is now ignored:
+# https://bugzilla.redhat.com/show_bug.cgi?id=1844341
set -e
$TEST_FUNCTIONS
skip_if_skipped
-# These architectures don't support the 'ide' interface.
-skip_if_arch arm
-skip_if_arch aarch64
-skip_if_arch ppc64
-skip_if_arch ppc64le
-skip_if_arch s390x
-skip_if_backend libvirt
rm -f rhbz690819.img
diff --git a/tests/regressions/rhbz975797.sh b/tests/regressions/rhbz975797.sh
index c676abfa3..feecf1f2b 100755
--- a/tests/regressions/rhbz975797.sh
+++ b/tests/regressions/rhbz975797.sh
@@ -19,18 +19,14 @@
# Regression test for:
# https://bugzilla.redhat.com/show_bug.cgi?id=975797
# Ensure the appliance doesn't hang when using the 'iface' parameter.
+#
+# The 'iface' parameter is now ignored:
+# https://bugzilla.redhat.com/show_bug.cgi?id=1844341
set -e
$TEST_FUNCTIONS
skip_if_skipped
-# These architectures don't support the 'ide' interface.
-skip_if_arch arm
-skip_if_arch aarch64
-skip_if_arch ppc64
-skip_if_arch ppc64le
-skip_if_arch s390x
-skip_if_backend libvirt
rm -f rhbz975797-*.img
--
2.31.1

97
SOURCES/0008-LUKS-on-LVM-inspection-test-rename-VGs-and-LVs.patch Normal file
View File

@ -0,0 +1,97 @@
From 826cf6d68e4369de3d160e91b7dad6a894469797 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Fri, 19 May 2023 16:08:48 +0200
Subject: [PATCH] LUKS-on-LVM inspection test: rename VGs and LVs
In preparation for a subsequent patch, rename "VG" to "Volume-Group", and
"LV<n>" to "Logical-Volume-<n>", in the LUKS-on-LVM inspection test.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2168506
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20230519140849.310774-3-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 58e26402334a4696fa08730eecc9098fc270ed1c)
---
test-data/phony-guests/make-fedora-img.pl | 30 +++++++++++--------
.../test-key-option-inspect-luks-on-lvm.sh | 16 +++++-----
2 files changed, 25 insertions(+), 21 deletions(-)
diff --git a/test-data/phony-guests/make-fedora-img.pl b/test-data/phony-guests/make-fedora-img.pl
index 4c8e1499..b7dc902e 100755
--- a/test-data/phony-guests/make-fedora-img.pl
+++ b/test-data/phony-guests/make-fedora-img.pl
@@ -224,23 +224,27 @@ EOF
# Create the Volume Group on /dev/sda2.
$g->pvcreate ('/dev/sda2');
- $g->vgcreate ('VG', ['/dev/sda2']);
- $g->lvcreate ('Root', 'VG', 32);
- $g->lvcreate ('LV1', 'VG', 32);
- $g->lvcreate ('LV2', 'VG', 32);
- $g->lvcreate ('LV3', 'VG', 64);
+ $g->vgcreate ('Volume-Group', ['/dev/sda2']);
+ $g->lvcreate ('Root', 'Volume-Group', 32);
+ $g->lvcreate ('Logical-Volume-1', 'Volume-Group', 32);
+ $g->lvcreate ('Logical-Volume-2', 'Volume-Group', 32);
+ $g->lvcreate ('Logical-Volume-3', 'Volume-Group', 64);
# Format each Logical Group as a LUKS device, with a different password.
- $g->luks_format ('/dev/VG/Root', 'FEDORA-Root', 0);
- $g->luks_format ('/dev/VG/LV1', 'FEDORA-LV1', 0);
- $g->luks_format ('/dev/VG/LV2', 'FEDORA-LV2', 0);
- $g->luks_format ('/dev/VG/LV3', 'FEDORA-LV3', 0);
+ $g->luks_format ('/dev/Volume-Group/Root', 'FEDORA-Root', 0);
+ $g->luks_format ('/dev/Volume-Group/Logical-Volume-1', 'FEDORA-LV1', 0);
+ $g->luks_format ('/dev/Volume-Group/Logical-Volume-2', 'FEDORA-LV2', 0);
+ $g->luks_format ('/dev/Volume-Group/Logical-Volume-3', 'FEDORA-LV3', 0);
# Open the LUKS devices. This creates nodes like /dev/mapper/*-luks.
- $g->cryptsetup_open ('/dev/VG/Root', 'FEDORA-Root', 'Root-luks');
- $g->cryptsetup_open ('/dev/VG/LV1', 'FEDORA-LV1', 'LV1-luks');
- $g->cryptsetup_open ('/dev/VG/LV2', 'FEDORA-LV2', 'LV2-luks');
- $g->cryptsetup_open ('/dev/VG/LV3', 'FEDORA-LV3', 'LV3-luks');
+ $g->cryptsetup_open ('/dev/Volume-Group/Root',
+ 'FEDORA-Root', 'Root-luks');
+ $g->cryptsetup_open ('/dev/Volume-Group/Logical-Volume-1',
+ 'FEDORA-LV1', 'LV1-luks');
+ $g->cryptsetup_open ('/dev/Volume-Group/Logical-Volume-2',
+ 'FEDORA-LV2', 'LV2-luks');
+ $g->cryptsetup_open ('/dev/Volume-Group/Logical-Volume-3',
+ 'FEDORA-LV3', 'LV3-luks');
# Phony root filesystem.
$g->mkfs ('ext2', '/dev/mapper/Root-luks', blocksize => 4096, label => 'ROOT');
diff --git a/tests/luks/test-key-option-inspect-luks-on-lvm.sh b/tests/luks/test-key-option-inspect-luks-on-lvm.sh
index 52cd7e98..a8d72b9f 100755
--- a/tests/luks/test-key-option-inspect-luks-on-lvm.sh
+++ b/tests/luks/test-key-option-inspect-luks-on-lvm.sh
@@ -30,10 +30,10 @@ skip_unless_phony_guest fedora-luks-on-lvm.img
# Volume names.
guestfish=(guestfish --listen --ro --inspector
--add ../test-data/phony-guests/fedora-luks-on-lvm.img)
-keys_by_lvname=(--key /dev/VG/Root:key:FEDORA-Root
- --key /dev/VG/LV1:key:FEDORA-LV1
- --key /dev/VG/LV2:key:FEDORA-LV2
- --key /dev/VG/LV3:key:FEDORA-LV3)
+keys_by_lvname=(--key /dev/Volume-Group/Root:key:FEDORA-Root
+ --key /dev/Volume-Group/Logical-Volume-1:key:FEDORA-LV1
+ --key /dev/Volume-Group/Logical-Volume-2:key:FEDORA-LV2
+ --key /dev/Volume-Group/Logical-Volume-3:key:FEDORA-LV3)
# The variable assignment below will fail, and abort the script, if guestfish
# refuses to start up.
@@ -56,10 +56,10 @@ function cleanup_guestfish
trap cleanup_guestfish EXIT
# Get the UUIDs of the LUKS devices.
-uuid_root=$(guestfish --remote -- luks-uuid /dev/VG/Root)
-uuid_lv1=$( guestfish --remote -- luks-uuid /dev/VG/LV1)
-uuid_lv2=$( guestfish --remote -- luks-uuid /dev/VG/LV2)
-uuid_lv3=$( guestfish --remote -- luks-uuid /dev/VG/LV3)
+uuid_root=$(guestfish --remote -- luks-uuid /dev/Volume-Group/Root)
+uuid_lv1=$( guestfish --remote -- luks-uuid /dev/Volume-Group/Logical-Volume-1)
+uuid_lv2=$( guestfish --remote -- luks-uuid /dev/Volume-Group/Logical-Volume-2)
+uuid_lv3=$( guestfish --remote -- luks-uuid /dev/Volume-Group/Logical-Volume-3)
# The actual test.
function check_filesystems

56
SOURCES/0008-generator-customize-invert-SELinux-relabeling-defaul.patch
View File

@ -1,56 +0,0 @@
From 8f800b369ada05ea690cebb0bb5e0fed0ba1c548 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 10 May 2022 12:27:57 +0200
Subject: [PATCH] generator/customize: invert SELinux relabeling default
Replace the "--selinux-relabel" option with "--no-selinux-relabel",
inverting the default behavior (for guests with SELinux support, that is
-- relabeling is always skipped for guests that don't support SELinux.)
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1554735
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2075718
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220510102757.14466-3-lersek@redhat.com>
Acked-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 2f6a27f1077d32d1ab526427052fc88e188356f7)
---
generator/customize.ml | 19 +++++++++++--------
1 file changed, 11 insertions(+), 8 deletions(-)
diff --git a/generator/customize.ml b/generator/customize.ml
index 3b3eec6d2..9634dad85 100644
--- a/generator/customize.ml
+++ b/generator/customize.ml
@@ -564,18 +564,21 @@ to modify C</etc/sysconfig/authconfig> (Fedora, RHEL) or
C</etc/pam.d/common-password> (Debian, Ubuntu).";
};
- { flag_name = "selinux-relabel";
+ { flag_name = "no-selinux-relabel";
flag_type = FlagBool false (* XXX - the default in virt-builder *);
- flag_ml_var = "selinux_relabel";
- flag_shortdesc = "Relabel files with correct SELinux labels";
+ flag_ml_var = "no_selinux_relabel";
+ flag_shortdesc = "Do not relabel files with correct SELinux labels";
flag_pod_longdesc = "\
-Relabel files in the guest so that they have the correct SELinux label.
+Do not attempt to correct the SELinux labels of files in the guest.
-This will attempt to relabel files immediately, but if the operation fails
-this will instead touch F</.autorelabel> on the image to schedule a
-relabel operation for the next time the image boots.
+In such guests that support SELinux, customization automatically
+relabels files so that they have the correct SELinux label. (The
+relabeling is performed immediately, but if the operation fails,
+customization will instead touch F</.autorelabel> on the image to
+schedule a relabel operation for the next time the image boots.) This
+option disables the automatic relabeling.
-This option is a no-op for guests that do not support SELinux.";
+The option is a no-op for guests that do not support SELinux.";
};
{ flag_name = "sm-credentials";
--
2.31.1

46
SOURCES/0009-LUKS-on-LVM-inspection-test-test-dev-mapper-VG-LV-tr.patch Normal file
View File

@ -0,0 +1,46 @@
From 56d7564eaa308ef7de44c8b2b5dfc7997140142e Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Fri, 19 May 2023 16:08:49 +0200
Subject: [PATCH] LUKS-on-LVM inspection test: test /dev/mapper/VG-LV
translation
In the LUKS-on-LVM inspection test, call the "check_filesystems" function
yet another time, now with such "--key" options that exercise the recent
"/dev/mapper/VG-LV" -> "/dev/VG/LV" translation (unescaping) from
libguestfs-common.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2168506
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20230519140849.310774-4-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 32408a9c36165af376f9f42e7d3e158d3da2c76e)
---
.../test-key-option-inspect-luks-on-lvm.sh | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/tests/luks/test-key-option-inspect-luks-on-lvm.sh b/tests/luks/test-key-option-inspect-luks-on-lvm.sh
index a8d72b9f..932862b1 100755
--- a/tests/luks/test-key-option-inspect-luks-on-lvm.sh
+++ b/tests/luks/test-key-option-inspect-luks-on-lvm.sh
@@ -101,3 +101,21 @@ eval "$fish_ref"
# Repeat the test.
check_filesystems
+
+# Exit the current guestfish background process.
+guestfish --remote -- exit
+GUESTFISH_PID=
+
+# Start up another guestfish background process, and specify the keys in
+# /dev/mapper/VG-LV format this time.
+keys_by_mapper_lvname=(
+ --key /dev/mapper/Volume--Group-Root:key:FEDORA-Root
+ --key /dev/mapper/Volume--Group-Logical--Volume--1:key:FEDORA-LV1
+ --key /dev/mapper/Volume--Group-Logical--Volume--2:key:FEDORA-LV2
+ --key /dev/mapper/Volume--Group-Logical--Volume--3:key:FEDORA-LV3
+)
+fish_ref=$("${guestfish[@]}" "${keys_by_mapper_lvname[@]}")
+eval "$fish_ref"
+
+# Repeat the test.
+check_filesystems

42
SOURCES/0009-generator-customize-reintroduce-selinux-relabel-as-a.patch
View File

@ -1,42 +0,0 @@
From 4cfba19fa2b087c4b2c5a1b67aa70eb16e9d5a59 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 25 May 2022 09:19:58 +0200
Subject: [PATCH] generator/customize: reintroduce "--selinux-relabel" as a
compat option
Removing "--selinux-relabel" in commit 2f6a27f1077d ("generator/customize:
invert SELinux relabeling default", 2022-05-11) breaks existing scripts
that invoke virt-customize and/or virt-sysprep with that option. Restore
the option, with no functionality tied to it.
Fixes: 2f6a27f1077d32d1ab526427052fc88e188356f7
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2089748
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220525071958.9612-1-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 4b9ee1052a4396621485fdd56d6826714e7481b1)
---
generator/customize.ml | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/generator/customize.ml b/generator/customize.ml
index 9634dad85..5abaf206f 100644
--- a/generator/customize.ml
+++ b/generator/customize.ml
@@ -581,6 +581,13 @@ option disables the automatic relabeling.
The option is a no-op for guests that do not support SELinux.";
};
+ { flag_name = "selinux-relabel";
+ flag_type = FlagBool false;
+ flag_ml_var = "selinux_relabel_ignored";
+ flag_shortdesc = "Compatibility option doing nothing";
+ flag_pod_longdesc = "This is a compatibility option that does nothing.";
+ };
+
{ flag_name = "sm-credentials";
flag_type = FlagSMCredentials "SELECTOR";
flag_ml_var = "sm_credentials";
--
2.31.1

62
SOURCES/0010-fuse-Don-t-call-fclose-NULL-on-error-paths.patch Normal file
View File

@ -0,0 +1,62 @@
From 744a257083ccc30e6b7bae40acc04eb45a59a971 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Mon, 22 May 2023 17:15:39 +0100
Subject: [PATCH] fuse: Don't call fclose(NULL) on error paths
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Various errors like this:
In function test_fuse,
inlined from main at test-fuse.c:133:11:
test-fuse.c:274:5: error: argument 1 null where non-null expected [-Werror=nonnull]
274 | fclose (fp);
| ^~~~~~~~~~~
In file included from test-fuse.c:26:
/usr/include/stdio.h: In function main:
/usr/include/stdio.h:183:12: note: in a call to function fclose declared nonnull
183 | extern int fclose (FILE *__stream) __nonnull ((1));
| ^~~~~~
(cherry picked from commit ca20f27cb0898c347e49b543a8acdfb0a8a8fa7e)
---
fuse/test-fuse.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/fuse/test-fuse.c b/fuse/test-fuse.c
index 9c0db594..90a78dc7 100644
--- a/fuse/test-fuse.c
+++ b/fuse/test-fuse.c
@@ -271,7 +271,6 @@ test_fuse (void)
fp = fopen ("hello.txt", "r");
if (fp == NULL) {
perror ("open: hello.txt");
- fclose (fp);
return -1;
}
if (getline (&line, &len, fp) == -1) {
@@ -289,7 +288,6 @@ test_fuse (void)
fp = fopen ("world.txt", "r");
if (fp == NULL) {
perror ("open: world.txt");
- fclose (fp);
return -1;
}
if (getline (&line, &len, fp) == -1) {
@@ -352,7 +350,6 @@ test_fuse (void)
fp = fopen ("new", "w");
if (fp == NULL) {
perror ("open: new");
- fclose (fp);
return -1;
}
fclose (fp);
@@ -615,7 +612,6 @@ test_fuse (void)
fp = fopen ("new.txt", "w");
if (fp == NULL) {
perror ("open: new.txt");
- fclose (fp);
return -1;
}
for (u = 0; u < 1000; ++u) {

38
SOURCES/0011-ocaml-implicit_close-test-collect-all-currently-unre.patch Normal file
View File

@ -0,0 +1,38 @@
From 8aafa0631b55ec92ba1fae34d94500dd1e027083 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=BCrgen=20H=C3=B6tzel?= <juergen@archlinux.org>
Date: Sat, 27 May 2023 15:32:36 +0200
Subject: [PATCH] ocaml/implicit_close test: collect all currently unreachable
blocks
Fixes failing implice_close test on OCaml 5.
RWMJ:
I adjusted this patch so that we continue to call Gc.compact on
exiting the test, to move all of the heap (hopefully revealing flaws
in the bindings). This only works on OCaml <= 4, but Gc.compact may
be fixed/reimplemented later in the 5.x series.
Please see also the lengthy discussion of this patch upstream:
https://listman.redhat.com/archives/libguestfs/2023-May/thread.html#31639
https://listman.redhat.com/archives/libguestfs/2023-June/thread.html#31709
https://discuss.ocaml.org/t/ocaml-heap-fsck-and-forcing-collection-of-unreachable-objects/12281/1
(cherry picked from commit 1274452d225da71f115e0cb8ad435e02670dc4fb)
---
ocaml/t/guestfs_065_implicit_close.ml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ocaml/t/guestfs_065_implicit_close.ml b/ocaml/t/guestfs_065_implicit_close.ml
index 567e550b..f2dfecbd 100644
--- a/ocaml/t/guestfs_065_implicit_close.ml
+++ b/ocaml/t/guestfs_065_implicit_close.ml
@@ -30,7 +30,7 @@ let () =
*)
(* This should cause the GC to close the handle. *)
-let () = Gc.compact ()
+let () = Gc.full_major ()
let () = assert (!close_invoked = 1)

32
SOURCES/0012-RHEL-Create-etc-crypto-policies-back-ends-opensslcnf.patch
View File

@ -1,32 +0,0 @@
From c1ff450bcee1465f0eaca00a4d6c8c731f175488 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 29 Jun 2021 15:29:11 +0100
Subject: [PATCH] RHEL: Create /etc/crypto-policies/back-ends/opensslcnf.config
https://bugzilla.redhat.com/show_bug.cgi?id=1977214#c13
---
appliance/init | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/appliance/init b/appliance/init
index 19aa151b7..e67d88280 100755
--- a/appliance/init
+++ b/appliance/init
@@ -76,6 +76,14 @@ if ! test -e /etc/mtab; then
ln -s /proc/mounts /etc/mtab
fi
+# openssl 3 requires /etc/crypto-policies/back-ends/opensslcnf.config
+# to exist, but it is created in a %post script in crypto-policies
+# https://bugzilla.redhat.com/show_bug.cgi?id=1977214#c13
+if ! test -r /etc/crypto-policies/back-ends/opensslcnf.config &&
+ test -f /usr/share/crypto-policies/DEFAULT/opensslcnf.txt; then
+ ln -s /usr/share/crypto-policies/DEFAULT/opensslcnf.txt /etc/crypto-policies/back-ends/opensslcnf.config
+fi
+
# Static nodes must happen before udev is started.
# Set up kmod static-nodes (RHBZ#1011907).
--
2.31.1

70
SOURCES/0012-ocaml-Replace-old-enter-leave_blocking_section-calls.patch Normal file
View File

@ -0,0 +1,70 @@
From 25108090a1566bc49caab833fe1591a0c6f941be Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 27 Jun 2023 10:17:58 +0100
Subject: [PATCH] ocaml: Replace old enter/leave_blocking_section calls
Since OCaml 4 the old and confusing caml_enter_blocking_section and
caml_leave_blocking_section calls have been replaced with
caml_release_runtime_system and caml_acquire_runtime_system (in that
order). Use the new names.
(cherry picked from commit 7e1d7c1330185a1f3da2ce2100f59637518c3302)
---
generator/OCaml.ml | 5 +++--
ocaml/guestfs-c.c | 5 +++--
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/generator/OCaml.ml b/generator/OCaml.ml
index 02d9ee2e..07ccd269 100644
--- a/generator/OCaml.ml
+++ b/generator/OCaml.ml
@@ -429,6 +429,7 @@ and generate_ocaml_c () =
#include <caml/memory.h>
#include <caml/mlvalues.h>
#include <caml/signals.h>
+#include <caml/threads.h>
#include <guestfs.h>
#include \"guestfs-utils.h\"
@@ -689,12 +690,12 @@ copy_table (char * const * argv)
pr "\n";
if blocking then
- pr " caml_enter_blocking_section ();\n";
+ pr " caml_release_runtime_system ();\n";
pr " r = %s " c_function;
generate_c_call_args ~handle:"g" style;
pr ";\n";
if blocking then
- pr " caml_leave_blocking_section ();\n";
+ pr " caml_acquire_runtime_system ();\n";
(* Free strings if we copied them above. *)
List.iter (
diff --git a/ocaml/guestfs-c.c b/ocaml/guestfs-c.c
index 3888c945..8c8aa460 100644
--- a/ocaml/guestfs-c.c
+++ b/ocaml/guestfs-c.c
@@ -34,6 +34,7 @@
#include <caml/mlvalues.h>
#include <caml/printexc.h>
#include <caml/signals.h>
+#include <caml/threads.h>
#include <caml/unixsupport.h>
#include "guestfs-c.h"
@@ -395,12 +396,12 @@ event_callback_wrapper (guestfs_h *g,
/* Ensure we are holding the GC lock before any GC operations are
* possible. (RHBZ#725824)
*/
- caml_leave_blocking_section ();
+ caml_acquire_runtime_system ();
event_callback_wrapper_locked (g, data, event, event_handle, flags,
buf, buf_len, array, array_len);
- caml_enter_blocking_section ();
+ caml_release_runtime_system ();
}
value

28
SOURCES/0013-ocaml-Release-runtime-lock-around-guestfs_close.patch Normal file
View File

@ -0,0 +1,28 @@
From 166e4e90eef0d4c81a92940e5d61450d70f00662 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 27 Jun 2023 11:36:55 +0100
Subject: [PATCH] ocaml: Release runtime lock around guestfs_close
When finalizing the handle we call guestfs_close. This function could
be long-running (eg. it may have to shut down the qemu subprocess), so
release the runtime lock.
(cherry picked from commit 4a79c023e57e07844c2ac3259aaf9b885e402fdf)
---
ocaml/guestfs-c.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/ocaml/guestfs-c.c b/ocaml/guestfs-c.c
index 8c8aa460..a1865a72 100644
--- a/ocaml/guestfs-c.c
+++ b/ocaml/guestfs-c.c
@@ -77,7 +77,9 @@ guestfs_finalize (value gv)
* above, which is why we don't want to delete them before
* closing the handle.
*/
+ caml_release_runtime_system ();
guestfs_close (g);
+ caml_acquire_runtime_system ();
/* Now unregister the global roots. */
if (roots && len > 0) {

90
SOURCES/0013-php-add-arginfo-to-php-bindings.patch
View File

@ -1,90 +0,0 @@
From d451e0e42c75429279426e9eb5a7701cd4681d07 Mon Sep 17 00:00:00 2001
From: Geoff Amey <gamey@datto.com>
Date: Wed, 15 Jun 2022 17:06:56 -0400
Subject: [PATCH] php: add arginfo to php bindings
Starting with PHP8, arginfo is mandatory for PHP extensions. This patch
updates the generator for the PHP bindings to generate the arginfo
structures, using the Zend API macros. Only basic arginfo is added,
without full documentation of argument and return types, in order to
ensure compatibility with as many versions of PHP as possible.
(cherry picked from commit ec27979398b0871c1a3e0e244849f8435c9c9a8d)
---
.gitignore | 1 +
generator/php.ml | 37 ++++++++++++++++++++++++++++++++++---
2 files changed, 35 insertions(+), 3 deletions(-)
diff --git a/.gitignore b/.gitignore
index a36ccc86a..356c01fbd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -325,6 +325,7 @@ Makefile.in
/php/extension/configure.in
/php/extension/env
/php/extension/guestfs_php.c
+/php/extension/guestfs_php.dep
/php/extension/install-sh
/php/extension/libtool
/php/extension/ltmain.sh
diff --git a/generator/php.ml b/generator/php.ml
index 5c7ef48e8..acdc7b877 100644
--- a/generator/php.ml
+++ b/generator/php.ml
@@ -130,6 +130,37 @@ typedef size_t guestfs_string_length;
typedef int guestfs_string_length;
#endif
+/* Declare argument info structures */
+ZEND_BEGIN_ARG_INFO_EX(arginfo_create, 0, 0, 0)
+ZEND_END_ARG_INFO()
+
+ZEND_BEGIN_ARG_INFO_EX(arginfo_last_error, 0, 0, 1)
+ ZEND_ARG_INFO(0, g)
+ZEND_END_ARG_INFO()
+
+";
+ List.iter (
+ fun { name = shortname; style = ret, args, optargs; } ->
+ let len = List.length args in
+ pr "ZEND_BEGIN_ARG_INFO_EX(arginfo_%s, 0, 0, %d)\n" shortname (len + 1);
+ pr " ZEND_ARG_INFO(0, g)\n";
+ List.iter (
+ function
+ | BufferIn n | Bool n | Int n | Int64 n | OptString n
+ | Pointer(_, n) | String (_, n) | StringList (_, n) ->
+ pr " ZEND_ARG_INFO(0, %s)\n" n
+ ) args;
+
+ List.iter (
+ function
+ | OBool n | OInt n | OInt64 n | OString n | OStringList n ->
+ pr " ZEND_ARG_INFO(0, %s)\n" n
+ ) optargs;
+ pr "ZEND_END_ARG_INFO()\n\n";
+ ) (actions |> external_functions |> sort);
+
+ pr "
+
/* Convert array to list of strings.
* http://marc.info/?l=pecl-dev&m=112205192100631&w=2
*/
@@ -204,12 +235,12 @@ PHP_MINIT_FUNCTION (guestfs_php)
}
static zend_function_entry guestfs_php_functions[] = {
- PHP_FE (guestfs_create, NULL)
- PHP_FE (guestfs_last_error, NULL)
+ PHP_FE (guestfs_create, arginfo_create)
+ PHP_FE (guestfs_last_error, arginfo_last_error)
";
List.iter (
- fun { name } -> pr " PHP_FE (guestfs_%s, NULL)\n" name
+ fun { name } -> pr " PHP_FE (guestfs_%s, arginfo_%s)\n" name name
) (actions |> external_functions |> sort);
pr " { NULL, NULL, NULL }
--
2.31.1

252
SOURCES/0014-introduce-the-clevis_luks_unlock-API.patch
View File

@ -1,252 +0,0 @@
From 51ea2e3af9caa434e847ca74a86f5de5ade6058f Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 30 Jun 2022 14:20:47 +0200
Subject: [PATCH] introduce the "clevis_luks_unlock" API
Introduce a new guestfs API called "clevis_luks_unlock". At the libguestfs
level, it is quite simple; it wraps the "clevis luks unlock" guest command
(implemented by the "clevis-luks-unlock" executable, which is in fact a
shell script).
The complexity is instead in the network-based disk encryption
(Clevis/Tang) scheme. Useful documentation:
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html-single/security_hardening/index#configuring-automated-unlocking-of-encrypted-volumes-using-policy-based-decryption_security-hardening
- https://github.com/latchset/clevis#clevis
- https://github.com/latchset/tang#tang
The package providing "clevis-luks-unlock" is usually called
"clevis-luks", occasionally "clevis". Some distros don't package clevis at
all. Add the new API under a new option group (which may not be available)
called "clevisluks".
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220630122048.19335-3-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 9a3e9a6c03eaffe60196bc4c7ae4699beae01dc3)
---
appliance/packagelist.in | 4 +++
daemon/Makefile.am | 1 +
daemon/clevis-luks.c | 58 +++++++++++++++++++++++++++++++++++++++
generator/actions_core.ml | 40 +++++++++++++++++++++++++++
generator/proc_nr.ml | 1 +
lib/MAX_PROC_NR | 2 +-
lib/guestfs.pod | 19 ++++++++++---
7 files changed, 120 insertions(+), 5 deletions(-)
create mode 100644 daemon/clevis-luks.c
diff --git a/appliance/packagelist.in b/appliance/packagelist.in
index 77a07acc6..0b79edcdd 100644
--- a/appliance/packagelist.in
+++ b/appliance/packagelist.in
@@ -23,6 +23,7 @@ dnl Basically the same with a few minor tweaks.
ifelse(UBUNTU,1,`define(`DEBIAN',1)')
ifelse(REDHAT,1,
+ clevis-luks
cryptsetup
cryptsetup-luks dnl old name used before Fedora 17
dhclient
@@ -53,6 +54,7 @@ ifelse(DEBIAN,1,
bsdmainutils
dnl old name used in Jessie and earlier
btrfs-tools
+ clevis-luks
cryptsetup
dash
extlinux
@@ -92,6 +94,7 @@ dnl iproute has been renamed to iproute2
ifelse(ARCHLINUX,1,
cdrkit
cdrtools
+ clevis
cryptsetup
dhclient
dhcpcd
@@ -119,6 +122,7 @@ ifelse(SUSE,1,
augeas-lenses
btrfsprogs
cdrkit-cdrtools-compat
+ clevis
cryptsetup
dhcpcd
dhcp-client
diff --git a/daemon/Makefile.am b/daemon/Makefile.am
index bbd49f9ea..f50faecd6 100644
--- a/daemon/Makefile.am
+++ b/daemon/Makefile.am
@@ -98,6 +98,7 @@ guestfsd_SOURCES = \
cap.c \
checksum.c \
cleanups.c \
+ clevis-luks.c \
cmp.c \
command.c \
command.h \
diff --git a/daemon/clevis-luks.c b/daemon/clevis-luks.c
new file mode 100644
index 000000000..d3d970d78
--- /dev/null
+++ b/daemon/clevis-luks.c
@@ -0,0 +1,58 @@
+/* libguestfs - the guestfsd daemon
+ * Copyright (C) 2009-2022 Red Hat Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <config.h>
+
+#include "daemon.h"
+#include "actions.h"
+#include "optgroups.h"
+
+#define MAX_ARGS 8
+
+int
+optgroup_clevisluks_available (void)
+{
+ return prog_exists ("clevis-luks-unlock");
+}
+
+int
+do_clevis_luks_unlock (const char *device, const char *mapname)
+{
+ const char *argv[MAX_ARGS];
+ size_t i = 0;
+ int r;
+ CLEANUP_FREE char *err = NULL;
+
+ ADD_ARG (argv, i, "clevis");
+ ADD_ARG (argv, i, "luks");
+ ADD_ARG (argv, i, "unlock");
+ ADD_ARG (argv, i, "-d");
+ ADD_ARG (argv, i, device);
+ ADD_ARG (argv, i, "-n");
+ ADD_ARG (argv, i, mapname);
+ ADD_ARG (argv, i, NULL);
+
+ r = commandv (NULL, &err, argv);
+ if (r == -1) {
+ reply_with_error ("%s: %s: %s", device, mapname, err);
+ return -1;
+ }
+
+ udev_settle ();
+ return 0;
+}
diff --git a/generator/actions_core.ml b/generator/actions_core.ml
index 6cd42a290..3c9b0a9b2 100644
--- a/generator/actions_core.ml
+++ b/generator/actions_core.ml
@@ -9676,4 +9676,44 @@ and I<not> the name of the underlying block device." };
shortdesc = "read directories entries";
longdesc = "Internal function for readdir." };
+ { defaults with
+ name = "clevis_luks_unlock"; added = (1, 49, 3);
+ style = RErr,
+ [String (Device, "device"); String (PlainString, "mapname")],
+ [];
+ optional = Some "clevisluks";
+ test_excuse = "needs networking and a configured Tang server";
+ shortdesc = "open an encrypted LUKS block device with Clevis and Tang";
+ longdesc = "\
+This command opens a block device that has been encrypted according to
+the Linux Unified Key Setup (LUKS) standard, using network-bound disk
+encryption (NBDE).
+
+C<device> is the encrypted block device.
+
+The appliance will connect to the Tang servers noted in the tree of
+Clevis pins that is bound to a keyslot of the LUKS header. The Clevis
+pin tree may comprise C<sss> (redudancy) pins as internal nodes
+(optionally), and C<tang> pins as leaves. C<tpm2> pins are not
+supported. The appliance unlocks the encrypted block device by
+combining responses from the Tang servers with metadata from the LUKS
+header; there is no C<key> parameter.
+
+This command will fail if networking has not been enabled for the
+appliance. Refer to C<guestfs_set_network>.
+
+The command creates a new block device called F</dev/mapper/mapname>.
+Reads and writes to this block device are decrypted from and encrypted
+to the underlying C<device> respectively. Close the decrypted block
+device with C<guestfs_cryptsetup_close>.
+
+C<mapname> cannot be C<\"control\"> because that name is reserved by
+device-mapper.
+
+If this block device contains LVM volume groups, then calling
+C<guestfs_lvm_scan> with the C<activate> parameter C<true> will make
+them visible.
+
+Use C<guestfs_list_dm_devices> to list all device mapper devices." };
+
]
diff --git a/generator/proc_nr.ml b/generator/proc_nr.ml
index bdced51c9..edd9bd99d 100644
--- a/generator/proc_nr.ml
+++ b/generator/proc_nr.ml
@@ -514,6 +514,7 @@ let proc_nr = [
509, "cryptsetup_close";
510, "internal_list_rpm_applications";
511, "internal_readdir";
+512, "clevis_luks_unlock"
]
(* End of list. If adding a new entry, add it at the end of the list
diff --git a/lib/MAX_PROC_NR b/lib/MAX_PROC_NR
index c0556fb20..4d0e90cbc 100644
--- a/lib/MAX_PROC_NR
+++ b/lib/MAX_PROC_NR
@@ -1 +1 @@
-511
+512
diff --git a/lib/guestfs.pod b/lib/guestfs.pod
index 946ce2d36..0fbe114a5 100644
--- a/lib/guestfs.pod
+++ b/lib/guestfs.pod
@@ -591,11 +591,22 @@ For Windows BitLocker it returns C<BitLocker>.
Then open these devices by calling L</guestfs_cryptsetup_open>.
Obviously you will require the passphrase!
+Passphrase-less unlocking is supported for LUKS (not BitLocker)
+block devices that have been encrypted with network-bound disk
+encryption (NBDE), using Clevis on the Linux guest side, and
+Tang on a separate Linux server. Open such devices with
+L</guestfs_clevis_luks_unlock>. The appliance will need
+networking enabled (refer to L</guestfs_set_network>) and actual
+connectivity to the Tang servers noted in the C<tang> Clevis
+pins that are bound to the LUKS header. (This includes the
+ability to resolve the names of the Tang servers.)
+
Opening an encrypted device creates a new device mapper device
-called F</dev/mapper/mapname> (where C<mapname> is the
-string you supply to L</guestfs_cryptsetup_open>).
-Reads and writes to this mapper device are decrypted from and
-encrypted to the underlying block device respectively.
+called F</dev/mapper/mapname> (where C<mapname> is the string
+you supply to L</guestfs_cryptsetup_open> or
+L</guestfs_clevis_luks_unlock>). Reads and writes to this mapper
+device are decrypted from and encrypted to the underlying block
+device respectively.
LVM volume groups on the device can be made visible by calling
L</guestfs_vgscan> followed by L</guestfs_vg_activate_all>.
--
2.31.1

73
SOURCES/0014-ocaml-Conditionally-acquire-the-lock-in-callbacks.patch Normal file
View File

@ -0,0 +1,73 @@
From c13dd5b6d4ca94eebe32bc32993f5be0b5b373ad Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 27 Jun 2023 12:09:12 +0100
Subject: [PATCH] ocaml: Conditionally acquire the lock in callbacks
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This fix was originally suggested by Jürgen Hötzel (link below) which
I have lightly modified so it works with OCaml <= 4 too.
Link: https://listman.redhat.com/archives/libguestfs/2023-May/031640.html
Link: https://discuss.ocaml.org/t/test-caml-state-and-conditionally-caml-acquire-runtime-system-good-or-bad/12489
(cherry picked from commit 16464878cf980ffab1c1aeada2e438b0281ad1bc)
---
ocaml/guestfs-c.c | 25 +++++++++++++++++++++++--
1 file changed, 23 insertions(+), 2 deletions(-)
diff --git a/ocaml/guestfs-c.c b/ocaml/guestfs-c.c
index a1865a72..67dc3547 100644
--- a/ocaml/guestfs-c.c
+++ b/ocaml/guestfs-c.c
@@ -19,6 +19,7 @@
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
+#include <stdbool.h>
#include <string.h>
#include <errno.h>
@@ -36,6 +37,7 @@
#include <caml/signals.h>
#include <caml/threads.h>
#include <caml/unixsupport.h>
+#include <caml/version.h>
#include "guestfs-c.h"
@@ -397,13 +399,32 @@ event_callback_wrapper (guestfs_h *g,
{
/* Ensure we are holding the GC lock before any GC operations are
* possible. (RHBZ#725824)
+ *
+ * There are many paths where we already hold the OCaml lock before
+ * this function, for example "non-blocking" calls, and the
+ * libguestfs global atexit path (which calls guestfs_close). To
+ * avoid double acquisition we need to check if we already hold the
+ * lock. OCaml 5 is strict about this. In earlier OCaml versions
+ * there is no way to check, but they did not implement the lock as
+ * a mutex and so it didn't cause problems.
+ *
+ * See also:
+ * https://discuss.ocaml.org/t/test-caml-state-and-conditionally-caml-acquire-runtime-system-good-or-bad/12489
*/
- caml_acquire_runtime_system ();
+#if OCAML_VERSION_MAJOR >= 5
+ bool acquired = caml_state != NULL;
+#else
+ const bool acquired = false;
+#endif
+
+ if (!acquired)
+ caml_acquire_runtime_system ();
event_callback_wrapper_locked (g, data, event, event_handle, flags,
buf, buf_len, array, array_len);
- caml_release_runtime_system ();
+ if (!acquired)
+ caml_release_runtime_system ();
}
value

69
SOURCES/0015-guestfish-guestmount-enable-networking-for-key-ID-cl.patch
View File

@ -1,69 +0,0 @@
From 5ae97d7d83d8cdb6e8428774282167dd774aaf70 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 30 Jun 2022 14:20:48 +0200
Subject: [PATCH] guestfish, guestmount: enable networking for "--key
ID:clevis"
Call the C-language helper key_store_requires_network() in guestfish and
guestmount.
(Short log for the "common" submodule, commit range
35467027f657..af6cb55bc58a:
Laszlo Ersek (12):
options: fix UUID comparison logic bug in get_keys()
mltools/tools_utils: remove unused function "key_store_to_cli"
mltools/tools_utils: allow multiple "--key" options for OCaml tools too
options: replace NULL-termination with number-of-elements in get_keys()
options: wrap each passphrase from get_keys() into a struct
options: add back-end for LUKS decryption with Clevis+Tang
options: introduce selector type "key_clevis"
options: generalize "--key" selector parsing for C-language utilities
mltools/tools_utils-c: handle internal type error with abort()
mltools/tools_utils: generalize "--key" selector parsing for OCaml utils
options, mltools/tools_utils: parse "--key ID:clevis" options
options, mltools/tools_utils: add helper for network dependency
).
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
Message-Id: <20220630122048.19335-4-lersek@redhat.com>
(cherry picked from commit 6a5b44f538065a9f661510234a4235bf38348213)
---
fish/fish.c | 3 +++
fuse/guestmount.c | 4 ++++
2 files changed, 7 insertions(+)
diff --git a/fish/fish.c b/fish/fish.c
index 23d9bb94f..19e3d2799 100644
--- a/fish/fish.c
+++ b/fish/fish.c
@@ -476,6 +476,9 @@ main (int argc, char *argv[])
/* If we've got drives to add, add them now. */
add_drives (drvs);
+ if (key_store_requires_network (ks) && guestfs_set_network (g, 1) == -1)
+ exit (EXIT_FAILURE);
+
/* If we've got mountpoints or prepared drives or -i option, we must
* launch the guest and mount them.
*/
diff --git a/fuse/guestmount.c b/fuse/guestmount.c
index 77c534828..3c6d57bde 100644
--- a/fuse/guestmount.c
+++ b/fuse/guestmount.c
@@ -348,6 +348,10 @@ main (int argc, char *argv[])
/* Do the guest drives and mountpoints. */
add_drives (drvs);
+
+ if (key_store_requires_network (ks) && guestfs_set_network (g, 1) == -1)
+ exit (EXIT_FAILURE);
+
if (guestfs_launch (g) == -1)
exit (EXIT_FAILURE);
if (inspector)
--
2.31.1

59
SOURCES/0015-ocaml-Fix-guestfs_065_implicit_close.ml-for-OCaml-5.patch Normal file
View File

@ -0,0 +1,59 @@
From b6c9d4624899f4d81cc8d64d47ecef60aad8dd94 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 27 Jun 2023 16:20:49 +0100
Subject: [PATCH] ocaml: Fix guestfs_065_implicit_close.ml for OCaml 5
Link: https://discuss.ocaml.org/t/ocaml-5-forcing-objects-to-be-collected-and-finalized/12492/3
Thanks: Josh Berdine
Thanks: Vincent Laviron
(cherry picked from commit 7d4e9c927e8478662ece204b98ee3b5b147ab4b9)
---
ocaml/t/guestfs_065_implicit_close.ml | 33 +++++++++++++++------------
1 file changed, 19 insertions(+), 14 deletions(-)
diff --git a/ocaml/t/guestfs_065_implicit_close.ml b/ocaml/t/guestfs_065_implicit_close.ml
index f2dfecbd..9e68bc4c 100644
--- a/ocaml/t/guestfs_065_implicit_close.ml
+++ b/ocaml/t/guestfs_065_implicit_close.ml
@@ -16,22 +16,27 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*)
-let close_invoked = ref 0
+let [@inline never][@local never] run () =
+ let close_invoked = ref 0 in
-let close _ _ _ _ =
- incr close_invoked
+ let close _ _ _ _ =
+ incr close_invoked
+ in
-let () =
- let g = new Guestfs.guestfs () in
- ignore (g#set_event_callback close [Guestfs.EVENT_CLOSE]);
- assert (!close_invoked = 0)
-(* Allow the 'g' handle to go out of scope here, to ensure there is no
- * reference held on the stack.
- *)
+ let () =
+ let g = new Guestfs.guestfs () in
+ ignore (g#set_event_callback close [Guestfs.EVENT_CLOSE]);
+ assert (!close_invoked = 0)
+ (* Allow the 'g' handle to go out of scope here, to ensure there is no
+ * reference held on the stack.
+ *)
+ in
-(* This should cause the GC to close the handle. *)
-let () = Gc.full_major ()
+ (* This should cause the GC to close the handle. *)
+ Gc.full_major ();
-let () = assert (!close_invoked = 1)
+ assert (!close_invoked = 1);
-let () = Gc.compact ()
+ Gc.compact ()
+
+let () = run ()

182
SOURCES/0016-daemon-Add-zstd-support-to-guestfs_file_architecture.patch
View File

@ -1,182 +0,0 @@
From 4807dacb577167b89cb5ffb1fa1a68ddf30b9319 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 9 Aug 2022 18:39:30 +0100
Subject: [PATCH] daemon: Add zstd support to guestfs_file_architecture
This is required so we can determine the file architecture of
zstd-compressed Linux kernel modules as used by OpenSUSE and maybe
other distros in future.
Note that zstd becomes a required package, but it is widely available
in current Linux distros.
The package names come from https://pkgs.org/download/zstd and my own
research.
(cherry picked from commit 0e784824e82a88e522873fec5db1a11943d637ed)
---
.gitignore | 1 +
appliance/packagelist.in | 6 ++++++
daemon/filearch.ml | 1 +
docs/guestfs-building.pod | 4 ++++
generator/actions_core.ml | 2 ++
m4/guestfs-progs.m4 | 4 ++++
test-data/Makefile.am | 1 +
test-data/files/Makefile.am | 6 ++++++
8 files changed, 25 insertions(+)
diff --git a/.gitignore b/.gitignore
index 356c01fbd..ee5ea74dd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -448,6 +448,7 @@ Makefile.in
/test-data/files/initrd-x86_64.img
/test-data/files/initrd-x86_64.img.gz
/test-data/files/lib-i586.so.xz
+/test-data/files/lib-i586.so.zst
/test-data/files/test-grep.txt.gz
/test-data/phony-guests/archlinux.img
/test-data/phony-guests/blank-*.img
diff --git a/appliance/packagelist.in b/appliance/packagelist.in
index 0b79edcdd..0fc11f6ae 100644
--- a/appliance/packagelist.in
+++ b/appliance/packagelist.in
@@ -48,6 +48,7 @@ ifelse(REDHAT,1,
vim-minimal
xz
zfs-fuse
+ zstd
)
ifelse(DEBIAN,1,
@@ -88,6 +89,7 @@ dnl iproute has been renamed to iproute2
vim-tiny
xz-utils
zfs-fuse
+ zstd
uuid-runtime
)
@@ -115,6 +117,7 @@ ifelse(ARCHLINUX,1,
systemd
vim
xz
+ zstd
)
ifelse(SUSE,1,
@@ -140,6 +143,7 @@ ifelse(SUSE,1,
systemd-sysvinit
vim
xz
+ zstd
)
ifelse(FRUGALWARE,1,
@@ -185,6 +189,7 @@ ifelse(MAGEIA,1,
systemd /* for /sbin/reboot and udevd */
vim-minimal
xz
+ zstd
)
ifelse(OPENMANDRIVA,1,
@@ -203,6 +208,7 @@ ifelse(OPENMANDRIVA,1,
systemd /* for /sbin/reboot and udevd */
vim-minimal
xz
+ zstd
)
include(guestfsd.deps)
diff --git a/daemon/filearch.ml b/daemon/filearch.ml
index 67a7339e0..4d7e912c0 100644
--- a/daemon/filearch.ml
+++ b/daemon/filearch.ml
@@ -106,6 +106,7 @@ and cpio_arch magic orig_path path =
if String.find magic "gzip" >= 0 then "zcat"
else if String.find magic "bzip2" >= 0 then "bzcat"
else if String.find magic "XZ compressed" >= 0 then "xzcat"
+ else if String.find magic "Zstandard compressed" >= 0 then "zstdcat"
else "cat" in
let tmpdir = Mkdtemp.temp_dir "filearch" in
diff --git a/docs/guestfs-building.pod b/docs/guestfs-building.pod
index b93a611a6..7a7240f78 100644
--- a/docs/guestfs-building.pod
+++ b/docs/guestfs-building.pod
@@ -172,6 +172,10 @@ I<Required>.
I<Required>.
+=item zstd
+
+I<Required>.
+
=item Jansson E<ge> 2.7
I<Required>.
diff --git a/generator/actions_core.ml b/generator/actions_core.ml
index 3c9b0a9b2..553e4ec3b 100644
--- a/generator/actions_core.ml
+++ b/generator/actions_core.ml
@@ -9373,6 +9373,8 @@ with large files, such as the resulting squashfs will be over 3GB big." };
[["file_architecture"; "/bin-x86_64-dynamic.gz"]], "x86_64"), [];
InitISOFS, Always, TestResultString (
[["file_architecture"; "/lib-i586.so.xz"]], "i386"), [];
+ InitISOFS, Always, TestResultString (
+ [["file_architecture"; "/lib-i586.so.zst"]], "i386"), [];
];
shortdesc = "detect the architecture of a binary file";
longdesc = "\
diff --git a/m4/guestfs-progs.m4 b/m4/guestfs-progs.m4
index cd8662e86..22fc61367 100644
--- a/m4/guestfs-progs.m4
+++ b/m4/guestfs-progs.m4
@@ -95,6 +95,10 @@ AC_PATH_PROGS([XZCAT],[xzcat],[no])
test "x$XZCAT" = "xno" && AC_MSG_ERROR([xzcat must be installed])
AC_DEFINE_UNQUOTED([XZCAT],["$XZCAT"],[Name of xzcat program.])
+dnl Check for zstdcat (required).
+AC_PATH_PROGS([ZSTDCAT],[zstdcat],[no])
+test "x$ZSTDCAT" = "xno" && AC_MSG_ERROR([zstdcat must be installed])
+
dnl (f)lex and bison for virt-builder (required).
dnl XXX Could be optional with some work.
AC_PROG_LEX
diff --git a/test-data/Makefile.am b/test-data/Makefile.am
index b603311a1..dbecd74b9 100644
--- a/test-data/Makefile.am
+++ b/test-data/Makefile.am
@@ -85,6 +85,7 @@ image_files = \
files/initrd-x86_64.img \
files/initrd-x86_64.img.gz \
files/lib-i586.so.xz \
+ files/lib-i586.so.zst \
files/test-grep.txt.gz
noinst_DATA = test.iso
diff --git a/test-data/files/Makefile.am b/test-data/files/Makefile.am
index a3d7288f9..06b0c6585 100644
--- a/test-data/files/Makefile.am
+++ b/test-data/files/Makefile.am
@@ -40,6 +40,7 @@ noinst_DATA = \
initrd-x86_64.img \
initrd-x86_64.img.gz \
lib-i586.so.xz \
+ lib-i586.so.zst \
test-grep.txt.gz
CLEANFILES += $(noinst_DATA)
@@ -116,3 +117,8 @@ lib-i586.so.xz: $(top_srcdir)/test-data/binaries/lib-i586.so
rm -f $@ $@-t
xz -c $< > $@-t
mv $@-t $@
+
+lib-i586.so.zst: $(top_srcdir)/test-data/binaries/lib-i586.so
+ rm -f $@ $@-t
+ zstd -c $< > $@-t
+ mv $@-t $@
--
2.31.1

25
SOURCES/0016-ocaml-Use-Caml_state_opt-in-preference-to-caml_state.patch Normal file
View File

@ -0,0 +1,25 @@
From ff62b8f758e16aab82960474c79a7fc10a0af3ed Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 27 Jun 2023 16:31:55 +0100
Subject: [PATCH] ocaml: Use Caml_state_opt in preference to caml_state
Link: https://discuss.ocaml.org/t/test-caml-state-and-conditionally-caml-acquire-runtime-system-good-or-bad/12489/7
Thanks: Guillaume Munch-Maccagnoni
(cherry picked from commit cade0b1aeb828d294a7c4e323f8131322d30fb73)
---
ocaml/guestfs-c.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ocaml/guestfs-c.c b/ocaml/guestfs-c.c
index 67dc3547..8a8761e8 100644
--- a/ocaml/guestfs-c.c
+++ b/ocaml/guestfs-c.c
@@ -412,7 +412,7 @@ event_callback_wrapper (guestfs_h *g,
* https://discuss.ocaml.org/t/test-caml-state-and-conditionally-caml-acquire-runtime-system-good-or-bad/12489
*/
#if OCAML_VERSION_MAJOR >= 5
- bool acquired = caml_state != NULL;
+ bool acquired = Caml_state_opt != NULL;
#else
const bool acquired = false;
#endif

184
SOURCES/0017-New-API-inspect_get_build_id.patch
View File

@ -1,184 +0,0 @@
From 7dbcddd5bd5939493db74843593316f7101f8fde Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 1 Dec 2022 10:00:46 +0000
Subject: [PATCH] New API: inspect_get_build_id
Add an API to return the build ID of the guest. This to allow a
future change to be able to distinguish between Windows 10 and Windows 11
which can only be done using the build ID.
For Windows we can read the CurrentBuildNumber key from the registry.
For Linux there happens to be a BUILD_ID field in /etc/os-release.
I've never seen a Linux distro that actually uses this.
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit f3dd67affe3c657af64ee9f6d70a16e965309556)
---
daemon/inspect.ml | 6 ++++++
daemon/inspect_fs_unix.ml | 2 ++
daemon/inspect_fs_windows.ml | 14 ++++++++++++++
daemon/inspect_types.ml | 5 +++++
daemon/inspect_types.mli | 1 +
generator/actions_inspection.ml | 19 +++++++++++++++++++
generator/proc_nr.ml | 3 ++-
lib/MAX_PROC_NR | 2 +-
8 files changed, 50 insertions(+), 2 deletions(-)
diff --git a/daemon/inspect.ml b/daemon/inspect.ml
index fb75b4a6c..20217c025 100644
--- a/daemon/inspect.ml
+++ b/daemon/inspect.ml
@@ -335,6 +335,12 @@ and inspect_get_hostname root =
| Some v -> v
| None -> "unknown"
+and inspect_get_build_id root =
+ let root = search_for_root root in
+ match root.inspection_data.build_id with
+ | Some v -> v
+ | None -> "unknown"
+
and inspect_get_windows_systemroot root =
let root = search_for_root root in
match root.inspection_data.windows_systemroot with
diff --git a/daemon/inspect_fs_unix.ml b/daemon/inspect_fs_unix.ml
index 63cb279d0..009195f80 100644
--- a/daemon/inspect_fs_unix.ml
+++ b/daemon/inspect_fs_unix.ml
@@ -96,6 +96,8 @@ let rec parse_os_release release_file data =
data.product_name <- Some value
else if key = "VERSION_ID" then
parse_os_release_version_id value data
+ else if key = "BUILD_ID" then
+ data.build_id <- Some value
) values;
(* If we haven't got all the fields, exit right away. *)
diff --git a/daemon/inspect_fs_windows.ml b/daemon/inspect_fs_windows.ml
index c4a05bc38..7bc5de7f7 100644
--- a/daemon/inspect_fs_windows.ml
+++ b/daemon/inspect_fs_windows.ml
@@ -263,6 +263,20 @@ and check_windows_software_registry software_hive data =
with
Not_found -> ()
);
+
+ (* CurrentBuildNumber (build_id).
+ *
+ * In modern Windows, the "CurrentBuild" and "CurrentBuildNumber"
+ * keys are the same. But in Windows XP, "CurrentBuild"
+ * contained something quite different. So always use
+ * "CurrentBuildNumber".
+ *)
+ (try
+ let v = List.assoc "CurrentBuildNumber" values in
+ data.build_id <- Some (Hivex.value_string h v)
+ with
+ Not_found -> ()
+ );
with
| Not_found ->
if verbose () then
diff --git a/daemon/inspect_types.ml b/daemon/inspect_types.ml
index 9395c51f9..328a2146b 100644
--- a/daemon/inspect_types.ml
+++ b/daemon/inspect_types.ml
@@ -48,6 +48,7 @@ and inspection_data = {
mutable version : version option;
mutable arch : string option;
mutable hostname : string option;
+ mutable build_id : string option;
mutable fstab : fstab_entry list;
mutable windows_systemroot : string option;
mutable windows_software_hive : string option;
@@ -167,6 +168,8 @@ and string_of_inspection_data data =
data.arch;
Option.may (fun v -> bpf " hostname: %s\n" v)
data.hostname;
+ Option.may (fun v -> bpf " build ID: %s\n" v)
+ data.build_id;
if data.fstab <> [] then (
let v = List.map (
fun (a, b) -> sprintf "(%s, %s)" (Mountable.to_string a) b
@@ -272,6 +275,7 @@ let null_inspection_data = {
version = None;
arch = None;
hostname = None;
+ build_id = None;
fstab = [];
windows_systemroot = None;
windows_software_hive = None;
@@ -294,6 +298,7 @@ let merge_inspection_data child parent =
parent.version <- merge child.version parent.version;
parent.arch <- merge child.arch parent.arch;
parent.hostname <- merge child.hostname parent.hostname;
+ parent.build_id <- merge child.build_id parent.build_id;
parent.fstab <- child.fstab @ parent.fstab;
parent.windows_systemroot <-
merge child.windows_systemroot parent.windows_systemroot;
diff --git a/daemon/inspect_types.mli b/daemon/inspect_types.mli
index 29c76e8ab..05a3ffd4e 100644
--- a/daemon/inspect_types.mli
+++ b/daemon/inspect_types.mli
@@ -51,6 +51,7 @@ and inspection_data = {
mutable version : version option;
mutable arch : string option;
mutable hostname : string option;
+ mutable build_id : string option;
mutable fstab : fstab_entry list;
mutable windows_systemroot : string option;
mutable windows_software_hive : string option;
diff --git a/generator/actions_inspection.ml b/generator/actions_inspection.ml
index f8b744993..70de22ec0 100644
--- a/generator/actions_inspection.ml
+++ b/generator/actions_inspection.ml
@@ -529,6 +529,25 @@ hive is a valid Windows Registry hive.
You can use C<guestfs_hivex_open> to read or write to the hive.
+Please read L<guestfs(3)/INSPECTION> for more details." };
+
+ { defaults with
+ name = "inspect_get_build_id"; added = (1, 49, 8);
+ style = RString (RPlainString, "buildid"), [String (Mountable, "root")], [];
+ impl = OCaml "Inspect.inspect_get_build_id";
+ shortdesc = "get the system build ID";
+ longdesc = "\
+This returns the build ID of the system, or the string
+C<\"unknown\"> if the system does not have a build ID.
+
+For Windows, this gets the build number. Although it is
+returned as a string, it is (so far) always a number. See
+L<https://en.wikipedia.org/wiki/List_of_Microsoft_Windows_versions>
+for some possible values.
+
+For Linux, this returns the C<BUILD_ID> string from
+F</etc/os-release>, although this is not often used.
+
Please read L<guestfs(3)/INSPECTION> for more details." };
{ defaults with
diff --git a/generator/proc_nr.ml b/generator/proc_nr.ml
index edd9bd99d..0f17b1c06 100644
--- a/generator/proc_nr.ml
+++ b/generator/proc_nr.ml
@@ -514,7 +514,8 @@ let proc_nr = [
509, "cryptsetup_close";
510, "internal_list_rpm_applications";
511, "internal_readdir";
-512, "clevis_luks_unlock"
+512, "clevis_luks_unlock";
+513, "inspect_get_build_id";
]
(* End of list. If adding a new entry, add it at the end of the list
diff --git a/lib/MAX_PROC_NR b/lib/MAX_PROC_NR
index 4d0e90cbc..31cf34b8d 100644
--- a/lib/MAX_PROC_NR
+++ b/lib/MAX_PROC_NR
@@ -1 +1 @@
-512
+513
--
2.31.1

398
SOURCES/0017-generator-Add-chown-option-for-virt-customize.patch Normal file
View File

@ -0,0 +1,398 @@
From 0be1035c710d95aeca68a10fe9a7b4b740ae7aff Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 29 Jun 2023 13:33:04 +0100
Subject: [PATCH] generator: Add --chown option for virt-customize
Also this updates the common submodule to include the changes.
Fixes: https://github.com/rwmjones/guestfs-tools/issues/12
Acked-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit d8e48bff212f9b0558480ffedf8158157360d0d5)
---
common | 2 +-
generator/customize.ml | 28 ++++++++++++++++++++++++++++
2 files changed, 29 insertions(+), 1 deletion(-)
Submodule common d61cd820..bbb54714:
diff --git a/common/mlcustomize/customize-options.pod b/common/mlcustomize/customize-options.pod
index 22a96e04..22724600 100644
--- a/common/mlcustomize/customize-options.pod
+++ b/common/mlcustomize/customize-options.pod
@@ -63,6 +63,30 @@ Change the permissions of C<FILE> to C<PERMISSIONS>.
I<Note>: C<PERMISSIONS> by default would be decimal, unless you prefix
it with C<0> to get octal, ie. use C<0700> not C<700>.
+=item B<--chown> UID.GID:PATH
+
+Change the owner user and group ID of a file or directory in the guest.
+Note:
+
+=over 4
+
+=item *
+
+Only numeric UIDs and GIDs will work, and these may not be the same
+inside the guest as on the host.
+
+=item *
+
+This will not work with Windows guests.
+
+=back
+
+For example:
+
+ virt-customize --chown '0.0:/var/log/audit.log'
+
+See also: I<--upload>.
+
=item B<--commands-from-file> FILENAME
Read the customize commands from a file, one (and its arguments)
diff --git a/common/mlcustomize/customize-synopsis.pod b/common/mlcustomize/customize-synopsis.pod
index d04f421e..e20b12d4 100644
--- a/common/mlcustomize/customize-synopsis.pod
+++ b/common/mlcustomize/customize-synopsis.pod
@@ -1,15 +1,15 @@
[--append-line FILE:LINE] [--chmod PERMISSIONS:FILE]
- [--commands-from-file FILENAME] [--copy SOURCE:DEST]
- [--copy-in LOCALPATH:REMOTEDIR] [--delete PATH] [--edit FILE:EXPR]
- [--firstboot SCRIPT] [--firstboot-command 'CMD+ARGS']
- [--firstboot-install PKG,PKG..] [--hostname HOSTNAME]
- [--inject-qemu-ga METHOD] [--inject-virtio-win METHOD]
- [--install PKG,PKG..] [--link TARGET:LINK[:LINK..]] [--mkdir DIR]
- [--move SOURCE:DEST] [--password USER:SELECTOR]
- [--root-password SELECTOR] [--run SCRIPT]
- [--run-command 'CMD+ARGS'] [--scrub FILE] [--sm-attach SELECTOR]
- [--sm-register] [--sm-remove] [--sm-unregister]
- [--ssh-inject USER[:SELECTOR]] [--truncate FILE]
+ [--chown UID.GID:PATH] [--commands-from-file FILENAME]
+ [--copy SOURCE:DEST] [--copy-in LOCALPATH:REMOTEDIR]
+ [--delete PATH] [--edit FILE:EXPR] [--firstboot SCRIPT]
+ [--firstboot-command 'CMD+ARGS'] [--firstboot-install PKG,PKG..]
+ [--hostname HOSTNAME] [--inject-qemu-ga METHOD]
+ [--inject-virtio-win METHOD] [--install PKG,PKG..]
+ [--link TARGET:LINK[:LINK..]] [--mkdir DIR] [--move SOURCE:DEST]
+ [--password USER:SELECTOR] [--root-password SELECTOR]
+ [--run SCRIPT] [--run-command 'CMD+ARGS'] [--scrub FILE]
+ [--sm-attach SELECTOR] [--sm-register] [--sm-remove]
+ [--sm-unregister] [--ssh-inject USER[:SELECTOR]] [--truncate FILE]
[--truncate-recursive PATH] [--timezone TIMEZONE] [--touch FILE]
[--uninstall PKG,PKG..] [--update] [--upload FILE:DEST]
[--write FILE:CONTENT] [--no-logfile]
diff --git a/common/mlcustomize/customize_cmdline.ml b/common/mlcustomize/customize_cmdline.ml
index 3c24315d..fd3074ad 100644
--- a/common/mlcustomize/customize_cmdline.ml
+++ b/common/mlcustomize/customize_cmdline.ml
@@ -41,6 +41,8 @@ and op = [
(* --append-line FILE:LINE *)
| `Chmod of string * string
(* --chmod PERMISSIONS:FILE *)
+ | `Chown of string * string
+ (* --chown UID.GID:PATH *)
| `CommandsFromFile of string
(* --commands-from-file FILENAME *)
| `Copy of string * string
@@ -187,6 +189,17 @@ let rec argspec () =
s_"Change the permissions of a file"
),
Some "PERMISSIONS:FILE", "Change the permissions of C<FILE> to C<PERMISSIONS>.\n\nI<Note>: C<PERMISSIONS> by default would be decimal, unless you prefix\nit with C<0> to get octal, ie. use C<0700> not C<700>.";
+ (
+ [ L"chown" ],
+ Getopt.String (
+ s_"UID.GID:PATH",
+ fun s ->
+ let p = split_string_pair "chown" s in
+ List.push_front (`Chown p) ops
+ ),
+ s_"Change the owner user and group ID of a file or directory"
+ ),
+ Some "UID.GID:PATH", "Change the owner user and group ID of a file or directory in the guest.\nNote:\n\n=over 4\n\n=item *\n\nOnly numeric UIDs and GIDs will work, and these may not be the same\ninside the guest as on the host.\n\n=item *\n\nThis will not work with Windows guests.\n\n=back\n\nFor example:\n\n virt-customize --chown '0.0:/var/log/audit.log'\n\nSee also: I<--upload>.";
(
[ L"commands-from-file" ],
Getopt.String (
diff --git a/common/mlcustomize/customize_cmdline.mli b/common/mlcustomize/customize_cmdline.mli
index 0cc166e6..5883bbe0 100644
--- a/common/mlcustomize/customize_cmdline.mli
+++ b/common/mlcustomize/customize_cmdline.mli
@@ -33,6 +33,8 @@ and op = [
(* --append-line FILE:LINE *)
| `Chmod of string * string
(* --chmod PERMISSIONS:FILE *)
+ | `Chown of string * string
+ (* --chown UID.GID:PATH *)
| `CommandsFromFile of string
(* --commands-from-file FILENAME *)
| `Copy of string * string
diff --git a/common/mltools/curl.ml b/common/mltools/curl.ml
index 6dba9753..73eed903 100644
--- a/common/mltools/curl.ml
+++ b/common/mltools/curl.ml
@@ -20,11 +20,13 @@ open Printf
open Std_utils
open Tools_utils
+open Common_gettext.Gettext
type t = {
curl : string;
args : args;
tmpdir : string option;
+ url : string;
}
and args = (string * string option) list
@@ -40,11 +42,17 @@ let args_of_proxy = function
| SystemProxy -> []
| ForcedProxy url -> [ "proxy", Some url; "noproxy", Some "" ]
-let create ?(curl = "curl") ?(proxy = SystemProxy) ?tmpdir args =
+let create ?(curl = "curl") ?(proxy = SystemProxy) ?tmpdir args url =
+ (* The ["url"] key must not appear in [args]. This was how the
+ * previous version of this module worked, so lets check there
+ * are no callers still doing this.
+ *)
+ List.iter (function "url", _ -> assert false | _ -> ()) args;
+
let args = safe_args @ args_of_proxy proxy @ args in
- { curl = curl; args = args; tmpdir = tmpdir }
+ { curl; args; tmpdir; url }
-let run { curl; args; tmpdir } =
+let run { curl; args; tmpdir; url } =
let config_file, chan = Filename.open_temp_file ?temp_dir:tmpdir
"guestfscurl" ".conf" in
List.iter (
@@ -67,15 +75,16 @@ let run { curl; args; tmpdir } =
| c -> output_char chan c
done;
fprintf chan "\"\n"
- ) args;
+ ) (("url", Some url) :: args);
close_out chan;
let cmd = sprintf "%s -q --config %s" (quote curl) (quote config_file) in
- let lines = external_command ~echo_cmd:false cmd in
+ let help = sprintf (f_"downloading %s") url in
+ let lines = external_command ~echo_cmd:false ~help cmd in
Unix.unlink config_file;
lines
-let to_string { curl; args } =
+let to_string { curl; args; url } =
let b = Buffer.create 128 in
bprintf b "%s -q" (quote curl);
List.iter (
@@ -85,7 +94,7 @@ let to_string { curl; args } =
| "user", Some _ -> bprintf b " --user <hidden>"
| name, Some value -> bprintf b " --%s %s" name (quote value)
) args;
- bprintf b "\n";
+ bprintf b " %s\n" (quote url);
Buffer.contents b
let print chan t = output_string chan (to_string t)
diff --git a/common/mltools/curl.mli b/common/mltools/curl.mli
index a3e98dc6..1606a79a 100644
--- a/common/mltools/curl.mli
+++ b/common/mltools/curl.mli
@@ -27,13 +27,16 @@ type proxy =
| SystemProxy (** Use the system settings. *)
| ForcedProxy of string (** The proxy is forced to the specified URL. *)
-val create : ?curl:string -> ?proxy:proxy -> ?tmpdir:string -> args -> t
+val create : ?curl:string -> ?proxy:proxy -> ?tmpdir:string -> args -> string
+ -> t
(** Create a curl command handle.
The curl arguments are a list of key, value pairs corresponding
to curl command line parameters, without leading dashes,
eg. [("user", Some "user:password")].
+ The string parameter is the URL (which is required).
+
The optional [?curl] parameter controls the name of the curl
binary (default ["curl"]).
diff --git a/common/mltools/tools_utils.ml b/common/mltools/tools_utils.ml
index 8b611e77..23f16c51 100644
--- a/common/mltools/tools_utils.ml
+++ b/common/mltools/tools_utils.ml
@@ -435,8 +435,12 @@ let create_standard_options argspec ?anon_fun ?(key_opts = false)
let getopt = Getopt.create argspec ?anon_fun usage_msg in
{ getopt; ks; debug_gc }
+let external_command_failed help cmd reason =
+ let help_prefix = match help with None -> "" | Some str -> str ^ ": " in
+ error "%s%s %s: %s" help_prefix (s_"external command") cmd reason
+
(* Run an external command, slurp up the output as a list of lines. *)
-let external_command ?(echo_cmd = true) cmd =
+let external_command ?(echo_cmd = true) ?help cmd =
if echo_cmd then
debug "%s" cmd;
let chan = Unix.open_process_in cmd in
@@ -448,15 +452,18 @@ let external_command ?(echo_cmd = true) cmd =
(match stat with
| Unix.WEXITED 0 -> ()
| Unix.WEXITED i ->
- error (f_"external command %s exited with error %d") cmd i
+ let reason = sprintf (f_"exited with error %d") i in
+ external_command_failed help cmd reason
| Unix.WSIGNALED i ->
- error (f_"external command %s killed by signal %d") cmd i
+ let reason = sprintf (f_"killed by signal %d") i in
+ external_command_failed help cmd reason
| Unix.WSTOPPED i ->
- error (f_"external command %s stopped by signal %d") cmd i
+ let reason = sprintf (f_"stopped by signal %d") i in
+ external_command_failed help cmd reason
);
lines
-let rec run_commands ?(echo_cmd = true) cmds =
+let rec run_commands ?(echo_cmd = true) ?help cmds =
let res = Array.make (List.length cmds) 0 in
let pids =
List.mapi (
@@ -482,21 +489,21 @@ let rec run_commands ?(echo_cmd = true) cmds =
let matching_pair = List.hd matching_pair in
let idx, _, app, outfd, errfd = matching_pair in
pids := new_pids;
- res.(idx) <- do_teardown app outfd errfd stat
+ res.(idx) <- do_teardown help app outfd errfd stat
);
done;
Array.to_list res
-and run_command ?(echo_cmd = true) ?stdout_fd ?stderr_fd args =
+and run_command ?(echo_cmd = true) ?help ?stdout_fd ?stderr_fd args =
let run_res = do_run args ~echo_cmd ?stdout_fd ?stderr_fd in
match run_res with
| Either (pid, app, outfd, errfd) ->
let _, stat = Unix.waitpid [] pid in
- do_teardown app outfd errfd stat
+ do_teardown help app outfd errfd stat
| Or code ->
code
-and do_run ?(echo_cmd = true) ?stdout_fd ?stderr_fd args =
+and do_run ?(echo_cmd = true) ?help ?stdout_fd ?stderr_fd args =
let app = List.hd args in
let get_fd default = function
| None ->
@@ -522,16 +529,18 @@ and do_run ?(echo_cmd = true) ?stdout_fd ?stderr_fd args =
debug "%s: %s: executable not found" app fn;
Or 127
-and do_teardown app outfd errfd exitstat =
+and do_teardown help app outfd errfd exitstat =
Option.iter Unix.close outfd;
Option.iter Unix.close errfd;
match exitstat with
| Unix.WEXITED i ->
- i
+ i
| Unix.WSIGNALED i ->
- error (f_"external command %s killed by signal %d") app i
+ let reason = sprintf (f_"killed by signal %d") i in
+ external_command_failed help app reason
| Unix.WSTOPPED i ->
- error (f_"external command %s stopped by signal %d") app i
+ let reason = sprintf (f_"stopped by signal %d") i in
+ external_command_failed help app reason
let shell_command ?(echo_cmd = true) cmd =
if echo_cmd then
diff --git a/common/mltools/tools_utils.mli b/common/mltools/tools_utils.mli
index ec900e63..193ba7b6 100644
--- a/common/mltools/tools_utils.mli
+++ b/common/mltools/tools_utils.mli
@@ -103,13 +103,17 @@ val create_standard_options : Getopt.speclist -> ?anon_fun:Getopt.anon_fun -> ?k
Returns a new {!cmdline_options} structure. *)
-val external_command : ?echo_cmd:bool -> string -> string list
+val external_command : ?echo_cmd:bool -> ?help:string -> string -> string list
(** Run an external command, slurp up the output as a list of lines.
[echo_cmd] specifies whether to output the full command on verbose
- mode, and it's on by default. *)
+ mode, and it's on by default.
-val run_commands : ?echo_cmd:bool -> (string list * Unix.file_descr option * Unix.file_descr option) list -> int list
+ [help] is an optional string which is printed as a prefix in
+ case the external command fails, eg as a hint to the user about
+ what we were trying to do. *)
+
+val run_commands : ?echo_cmd:bool -> ?help:string -> (string list * Unix.file_descr option * Unix.file_descr option) list -> int list
(** Run external commands in parallel without using a shell,
and return a list with their exit codes.
@@ -126,16 +130,24 @@ val run_commands : ?echo_cmd:bool -> (string list * Unix.file_descr option * Uni
end of the execution of the command for which it was specified.
[echo_cmd] specifies whether output the full command on verbose
- mode, and it's on by default. *)
+ mode, and it's on by default.
-val run_command : ?echo_cmd:bool -> ?stdout_fd:Unix.file_descr -> ?stderr_fd:Unix.file_descr -> string list -> int
+ [help] is an optional string which is printed as a prefix in
+ case the external command fails, eg as a hint to the user about
+ what we were trying to do. *)
+
+val run_command : ?echo_cmd:bool -> ?help:string -> ?stdout_fd:Unix.file_descr -> ?stderr_fd:Unix.file_descr -> string list -> int
(** Run an external command without using a shell, and return its exit code.
If [stdout_fd] or [stderr_fd] is specified, the file descriptor
is automatically closed after executing the command.
[echo_cmd] specifies whether output the full command on verbose
- mode, and it's on by default. *)
+ mode, and it's on by default.
+
+ [help] is an optional string which is printed as a prefix in
+ case the external command fails, eg as a hint to the user about
+ what we were trying to do. *)
val shell_command : ?echo_cmd:bool -> string -> int
(** Run an external shell command, and return its exit code.
diff --git a/generator/customize.ml b/generator/customize.ml
index aa7ac8e8..8d3dec3e 100644
--- a/generator/customize.ml
+++ b/generator/customize.ml
@@ -95,6 +95,34 @@ I<Note>: C<PERMISSIONS> by default would be decimal, unless you prefix
it with C<0> to get octal, ie. use C<0700> not C<700>.";
};
+ { op_name = "chown";
+ op_type = StringPair "UID.GID:PATH";
+ op_discrim = "`Chown";
+ op_shortdesc = "Change the owner user and group ID of a file or directory";
+ op_pod_longdesc = "\
+Change the owner user and group ID of a file or directory in the guest.
+Note:
+
+=over 4
+
+=item *
+
+Only numeric UIDs and GIDs will work, and these may not be the same
+inside the guest as on the host.
+
+=item *
+
+This will not work with Windows guests.
+
+=back
+
+For example:
+
+ virt-customize --chown '0.0:/var/log/audit.log'
+
+See also: I<--upload>.";
+ };
+
{ op_name = "commands-from-file";
op_type = StringFn ("FILENAME", "customize_read_from_file");
op_discrim = "`CommandsFromFile";

82
SOURCES/0018-lib-Return-correct-osinfo-field-for-Windows-11.patch
View File

@ -1,82 +0,0 @@
From 363bbb7e9bd39fc1683fb600c76266f67ad2063c Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 1 Dec 2022 10:14:43 +0000
Subject: [PATCH] lib: Return correct osinfo field for Windows 11
For Windows Client, we can only distinguish between Windows 10 and
Windows 11 using the build ID. The product name in both cases is
"Windows 10 <something>", apparently intentionally.
References:
https://learn.microsoft.com/en-us/answers/questions/586619/windows-11-build-ver-is-still-10022000194.html
https://github.com/cygwin/cygwin/blob/a263fe0b268580273c1adc4b1bad256147990222/winsup/cygwin/wincap.cc#L429
https://en.wikipedia.org/wiki/List_of_Microsoft_Windows_versions
After this fix, the output of virt-inspector changes to this, which is
a bit odd, but correct:
<name>windows</name>
<arch>x86_64</arch>
<distro>windows</distro>
<product_name>Windows 10 Pro</product_name>
<product_variant>Client</product_variant>
<major_version>10</major_version>
<minor_version>0</minor_version>
<windows_systemroot>/Windows</windows_systemroot>
<windows_current_control_set>ControlSet001</windows_current_control_set>
<osinfo>win11</osinfo>
Thanks: Yaakov Selkowitz
Reported-by: Yongkui Guo
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2012658
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 824c7457489366494f0f10fd3369dc30f3a3c360)
---
lib/inspect-osinfo.c | 24 ++++++++++++++++++++++--
1 file changed, 22 insertions(+), 2 deletions(-)
diff --git a/lib/inspect-osinfo.c b/lib/inspect-osinfo.c
index 90e57e6df..1c10ff469 100644
--- a/lib/inspect-osinfo.c
+++ b/lib/inspect-osinfo.c
@@ -86,6 +86,8 @@ guestfs_impl_inspect_get_osinfo (guestfs_h *g, const char *root)
else if (STREQ (type, "windows")) {
CLEANUP_FREE char *product_name = NULL;
CLEANUP_FREE char *product_variant = NULL;
+ CLEANUP_FREE char *build_id_str = NULL;
+ int build_id;
product_name = guestfs_inspect_get_product_name (g, root);
if (!product_name)
@@ -142,8 +144,26 @@ guestfs_impl_inspect_get_osinfo (guestfs_h *g, const char *root)
return safe_strdup (g, "win2k19");
else
return safe_strdup (g, "win2k16");
- } else
- return safe_strdup (g, "win10");
+ }
+ else {
+ /* For Windows >= 10 Client we can only distinguish between
+ * versions by looking at the build ID. See:
+ * https://learn.microsoft.com/en-us/answers/questions/586619/windows-11-build-ver-is-still-10022000194.html
+ * https://github.com/cygwin/cygwin/blob/a263fe0b268580273c1adc4b1bad256147990222/winsup/cygwin/wincap.cc#L429
+ */
+ build_id_str = guestfs_inspect_get_build_id (g, root);
+ if (!build_id_str)
+ return NULL;
+
+ build_id = guestfs_int_parse_unsigned_int (g, build_id_str);
+ if (build_id == -1)
+ return NULL;
+
+ if (build_id >= 22000)
+ return safe_strdup (g, "win11");
+ else
+ return safe_strdup (g, "win10");
+ }
}
break;
}
--
2.31.1

101
SOURCES/0018-lib-remove-guestfs_int_cmd_clear_close_files.patch Normal file
View File

@ -0,0 +1,101 @@
From cda24a0207fda8659790376a79fdac3d1775da83 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 11 Jul 2023 13:39:06 +0200
Subject: [PATCH] lib: remove guestfs_int_cmd_clear_close_files()
The last (only?) caller of guestfs_int_cmd_clear_close_files() disappeared
in commit e4c396888056 ("lib/info: Remove /dev/fd hacking and pass a true
filename to qemu-img info.", 2018-01-23), part of v1.37.36.
Simplify the code by removing guestfs_int_cmd_clear_close_files().
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20230711113906.107340-1-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 13c7052ff96d5ee99ec1b1252f1a3b4d7aed44d2)
---
lib/command.c | 37 ++++++++++---------------------------
lib/guestfs-internal.h | 1 -
2 files changed, 10 insertions(+), 28 deletions(-)
diff --git a/lib/command.c b/lib/command.c
index 515ef624..82a47baf 100644
--- a/lib/command.c
+++ b/lib/command.c
@@ -152,9 +152,6 @@ struct command
/* When using the pipe_* APIs, stderr is pointed to a temporary file. */
char *error_file;
- /* Close file descriptors (defaults to true). */
- bool close_files;
-
/* Supply a callback to receive stdout. */
cmd_stdout_callback stdout_callback;
void *stdout_data;
@@ -186,7 +183,6 @@ guestfs_int_new_command (guestfs_h *g)
cmd = safe_calloc (g, 1, sizeof *cmd);
cmd->g = g;
cmd->capture_errors = true;
- cmd->close_files = true;
cmd->errorfd = -1;
cmd->outfd = -1;
return cmd;
@@ -358,17 +354,6 @@ guestfs_int_cmd_clear_capture_errors (struct command *cmd)
cmd->capture_errors = false;
}
-/**
- * Don't close file descriptors after the fork.
- *
- * XXX Should allow single fds to be sent to child process.
- */
-void
-guestfs_int_cmd_clear_close_files (struct command *cmd)
-{
- cmd->close_files = false;
-}
-
/**
* Set a function to be executed in the child, right before the
* execution. Can be used to setup the child, for example changing
@@ -564,18 +549,16 @@ run_child (struct command *cmd, char **env)
for (i = 1; i < NSIG; ++i)
sigaction (i, &sa, NULL);
- if (cmd->close_files) {
- /* Close all other file descriptors. This ensures that we don't
- * hold open (eg) pipes from the parent process.
- */
- max_fd = sysconf (_SC_OPEN_MAX);
- if (max_fd == -1)
- max_fd = 1024;
- if (max_fd > 65536)
- max_fd = 65536; /* bound the amount of work we do here */
- for (fd = 3; fd < max_fd; ++fd)
- close (fd);
- }
+ /* Close all other file descriptors. This ensures that we don't
+ * hold open (eg) pipes from the parent process.
+ */
+ max_fd = sysconf (_SC_OPEN_MAX);
+ if (max_fd == -1)
+ max_fd = 1024;
+ if (max_fd > 65536)
+ max_fd = 65536; /* bound the amount of work we do here */
+ for (fd = 3; fd < max_fd; ++fd)
+ close (fd);
/* Set the umask for all subcommands to something sensible (RHBZ#610880). */
umask (022);
diff --git a/lib/guestfs-internal.h b/lib/guestfs-internal.h
index fb55e026..c7ef3227 100644
--- a/lib/guestfs-internal.h
+++ b/lib/guestfs-internal.h
@@ -751,7 +751,6 @@ extern void guestfs_int_cmd_set_stdout_callback (struct command *, cmd_stdout_ca
extern void guestfs_int_cmd_set_stderr_to_stdout (struct command *);
extern void guestfs_int_cmd_set_child_rlimit (struct command *, int resource, long limit);
extern void guestfs_int_cmd_clear_capture_errors (struct command *);
-extern void guestfs_int_cmd_clear_close_files (struct command *);
extern void guestfs_int_cmd_set_child_callback (struct command *, cmd_child_callback child_callback, void *data);
extern int guestfs_int_cmd_run (struct command *);
extern void guestfs_int_cmd_close (struct command *);

34
SOURCES/0019-docs-fix-broken-link-in-the-guestfs-manual.patch Normal file
View File

@ -0,0 +1,34 @@
From 1eaf876ff2a3bfeaa8756b92e5fa74a91b74f45c Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Fri, 14 Jul 2023 15:22:09 +0200
Subject: [PATCH] docs: fix broken link in the guestfs manual
Commit 55202a4d49a1 ("New API: get-sockdir", 2016-02-03) added identical
language to "fish/guestfish.pod" and "src/guestfs.pod", including an
internal link L</get-sockdir>. That's appropriate for
"fish/guestfish.pod", but the same API description is generated with a
different anchor for "src/guestfs.pod". Adapt the reference.
Fixes: 55202a4d49a101392148d79cb2e1591428db2681
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2184967
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
Message-Id: <20230714132213.96616-4-lersek@redhat.com>
(cherry picked from commit b4a4b754c6161b95ddee05e398e0200e6b73b840)
---
lib/guestfs.pod | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/guestfs.pod b/lib/guestfs.pod
index 866a4638..5db6dd91 100644
--- a/lib/guestfs.pod
+++ b/lib/guestfs.pod
@@ -3123,7 +3123,7 @@ non-essential runtime files.
If it is set, then is used to store temporary sockets. Otherwise,
F</tmp> is used.
-See also L</get-sockdir>,
+See also L</guestfs_get_sockdir>,
L<http://www.freedesktop.org/wiki/Specifications/basedir-spec/>.
=back

75
SOURCES/0020-docs-clarify-sockdir-s-separation.patch Normal file
View File

@ -0,0 +1,75 @@
From bb3b9ac1ec7021ac04bca03748f15761c6c97487 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Fri, 14 Jul 2023 15:22:10 +0200
Subject: [PATCH] docs: clarify sockdir's separation
There's another reason for separating sockdir from tmpdir, beyond "shorter
pathnames needed": permissions. For example, passt drops privileges such
that it cannot access "/tmp", and that restricts both the unix domain
socket and the PID file of passt.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2184967
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
Message-Id: <20230714132213.96616-5-lersek@redhat.com>
(cherry picked from commit 21ccddecf7dd51b24bb2b71dbc8beb1a8dd01923)
---
fish/guestfish.pod | 4 ++--
generator/actions_properties.ml | 8 ++++++--
lib/guestfs.pod | 4 ++--
3 files changed, 10 insertions(+), 6 deletions(-)
diff --git a/fish/guestfish.pod b/fish/guestfish.pod
index d36cac9d..33fc8b2c 100644
--- a/fish/guestfish.pod
+++ b/fish/guestfish.pod
@@ -1492,8 +1492,8 @@ See L</LIBGUESTFS_CACHEDIR>, L</LIBGUESTFS_TMPDIR>.
This directory represents a user-specific directory for storing
non-essential runtime files.
-If it is set, then is used to store temporary sockets. Otherwise,
-F</tmp> is used.
+If it is set, then is used to store temporary sockets and PID files.
+Otherwise, F</tmp> is used.
See also L</get-sockdir>,
L<http://www.freedesktop.org/wiki/Specifications/basedir-spec/>.
diff --git a/generator/actions_properties.ml b/generator/actions_properties.ml
index f84afb10..42eaaa4d 100644
--- a/generator/actions_properties.ml
+++ b/generator/actions_properties.ml
@@ -595,13 +595,17 @@ Get the handle identifier. See C<guestfs_set_identifier>." };
name = "get_sockdir"; added = (1, 33, 8);
style = RString (RPlainString, "sockdir"), [], [];
blocking = false;
- shortdesc = "get the temporary directory for sockets";
+ shortdesc = "get the temporary directory for sockets and PID files";
longdesc = "\
-Get the directory used by the handle to store temporary socket files.
+Get the directory used by the handle to store temporary socket and PID
+files.
This is different from C<guestfs_get_tmpdir>, as we need shorter
paths for sockets (due to the limited buffers of filenames for UNIX
sockets), and C<guestfs_get_tmpdir> may be too long for them.
+Furthermore, sockets and PID files must be accessible to such background
+services started by libguestfs that may not have permission to access
+the temporary directory returned by C<guestfs_get_tmpdir>.
The environment variable C<XDG_RUNTIME_DIR> controls the default
value: If C<XDG_RUNTIME_DIR> is set, then that is the default.
diff --git a/lib/guestfs.pod b/lib/guestfs.pod
index 5db6dd91..dff32cc9 100644
--- a/lib/guestfs.pod
+++ b/lib/guestfs.pod
@@ -3120,8 +3120,8 @@ See L</LIBGUESTFS_CACHEDIR>, L</LIBGUESTFS_TMPDIR>.
This directory represents a user-specific directory for storing
non-essential runtime files.
-If it is set, then is used to store temporary sockets. Otherwise,
-F</tmp> is used.
+If it is set, then is used to store temporary sockets and PID files.
+Otherwise, F</tmp> is used.
See also L</guestfs_get_sockdir>,
L<http://www.freedesktop.org/wiki/Specifications/basedir-spec/>.

144
SOURCES/0021-lib-move-guestfs_int_create_socketname-from-launch.c.patch Normal file
View File

@ -0,0 +1,144 @@
From 8ba3628594c354dafcc715a842199c75a5676b57 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Fri, 14 Jul 2023 15:22:11 +0200
Subject: [PATCH] lib: move guestfs_int_create_socketname() from "launch.c" to
"tmpdirs.c"
Consider the following inverted call tree (effectively a dependency tree
-- callees are at the top and near the left margin):
lazy_make_tmpdir() [lib/tmpdirs.c]
guestfs_int_lazy_make_tmpdir() [lib/tmpdirs.c]
guestfs_int_make_temp_path() [lib/tmpdirs.c]
guestfs_int_lazy_make_sockdir() [lib/tmpdirs.c]
guestfs_int_create_socketname() [lib/launch.c]
lazy_make_tmpdir() is our common workhorse / helper function that
centralizes the mkdtemp() function call.
guestfs_int_lazy_make_tmpdir() and guestfs_int_lazy_make_sockdir() are the
next level functions, both calling lazy_make_tmpdir(), just feeding it
different dirname generator functions, and different "is_runtime_dir"
qualifications. These functions create temp dirs for various, more
specific, purposes (see the manual and "lib/guestfs-internal.h" for more
details).
On a yet higher level are guestfs_int_make_temp_path() and
guestfs_int_create_socketname() -- they serve for creating *entries* in
those specific temp directories.
The discrepancy here is that, although all the other functions live in
"lib/tmpdirs.c", guestfs_int_create_socketname() is defined in
"lib/launch.c". That makes for a confusing code reading; move the function
to "lib/tmpdirs.c", just below its sibling function
guestfs_int_make_temp_path().
While at it, correct the leading comment on
guestfs_int_create_socketname() -- the socket pathname is created in the
socket directory, not in the temporary directory.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2184967
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
Message-Id: <20230714132213.96616-6-lersek@redhat.com>
(cherry picked from commit 0b2ad40a098cbaf91d0d0a2df6e31bf8e3e08ace)
---
lib/guestfs-internal.h | 2 +-
lib/launch.c | 26 --------------------------
lib/tmpdirs.c | 26 ++++++++++++++++++++++++++
3 files changed, 27 insertions(+), 27 deletions(-)
diff --git a/lib/guestfs-internal.h b/lib/guestfs-internal.h
index c7ef3227..ebd68380 100644
--- a/lib/guestfs-internal.h
+++ b/lib/guestfs-internal.h
@@ -668,6 +668,7 @@ extern int guestfs_int_set_env_runtimedir (guestfs_h *g, const char *envname, co
extern int guestfs_int_lazy_make_tmpdir (guestfs_h *g);
extern int guestfs_int_lazy_make_sockdir (guestfs_h *g);
extern char *guestfs_int_make_temp_path (guestfs_h *g, const char *name, const char *extension);
+extern int guestfs_int_create_socketname (guestfs_h *g, const char *filename, char (*sockname)[UNIX_PATH_MAX]);
extern char *guestfs_int_lazy_make_supermin_appliance_dir (guestfs_h *g);
extern void guestfs_int_remove_tmpdir (guestfs_h *g);
extern void guestfs_int_remove_sockdir (guestfs_h *g);
@@ -700,7 +701,6 @@ extern int guestfs_int_get_uefi (guestfs_h *g, char *const *firmwares, const cha
extern int64_t guestfs_int_timeval_diff (const struct timeval *x, const struct timeval *y);
extern void guestfs_int_launch_send_progress (guestfs_h *g, int perdozen);
extern void guestfs_int_unblock_sigterm (void);
-extern int guestfs_int_create_socketname (guestfs_h *g, const char *filename, char (*sockname)[UNIX_PATH_MAX]);
extern void guestfs_int_register_backend (const char *name, const struct backend_ops *);
extern int guestfs_int_set_backend (guestfs_h *g, const char *method);
diff --git a/lib/launch.c b/lib/launch.c
index 6e08b120..bd0526c9 100644
--- a/lib/launch.c
+++ b/lib/launch.c
@@ -309,32 +309,6 @@ guestfs_impl_config (guestfs_h *g,
return 0;
}
-/**
- * Create the path for a socket with the selected filename in the
- * tmpdir.
- */
-int
-guestfs_int_create_socketname (guestfs_h *g, const char *filename,
- char (*sockpath)[UNIX_PATH_MAX])
-{
- int r;
-
- if (guestfs_int_lazy_make_sockdir (g) == -1)
- return -1;
-
- r = snprintf (*sockpath, UNIX_PATH_MAX, "%s/%s", g->sockdir, filename);
- if (r >= UNIX_PATH_MAX) {
- error (g, _("socket path too long: %s/%s"), g->sockdir, filename);
- return -1;
- }
- if (r < 0) {
- perrorf (g, _("%s"), g->sockdir);
- return -1;
- }
-
- return 0;
-}
-
/**
* When the library is loaded, each backend calls this function to
* register itself in a global list.
diff --git a/lib/tmpdirs.c b/lib/tmpdirs.c
index b8e19de2..24adf98d 100644
--- a/lib/tmpdirs.c
+++ b/lib/tmpdirs.c
@@ -253,6 +253,32 @@ guestfs_int_make_temp_path (guestfs_h *g,
extension ? extension : "");
}
+/**
+ * Create the path for a socket with the selected filename in the
+ * sockdir.
+ */
+int
+guestfs_int_create_socketname (guestfs_h *g, const char *filename,
+ char (*sockpath)[UNIX_PATH_MAX])
+{
+ int r;
+
+ if (guestfs_int_lazy_make_sockdir (g) == -1)
+ return -1;
+
+ r = snprintf (*sockpath, UNIX_PATH_MAX, "%s/%s", g->sockdir, filename);
+ if (r >= UNIX_PATH_MAX) {
+ error (g, _("socket path too long: %s/%s"), g->sockdir, filename);
+ return -1;
+ }
+ if (r < 0) {
+ perrorf (g, _("%s"), g->sockdir);
+ return -1;
+ }
+
+ return 0;
+}
+
/**
* Create the supermin appliance directory under cachedir, if it does
* not exist.

241
SOURCES/0022-generator-customize-Add-new-StringTriplet-for-use-by.patch Normal file
View File

@ -0,0 +1,241 @@
From e7501a32cb096c1957aae0de934c0b563ff18a5f Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Sat, 15 Jul 2023 16:33:18 +0100
Subject: [PATCH] generator: customize: Add new StringTriplet for use by
--chown
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The just added --chown option previously used StringPair, splitting
the argument as UID.GID:FILENAME. However this will not work if we
ever extend this with the ability to use user or group names, since
they may contain dot (but not colon). Add a new StringTriplet type
and split the argument string three ways. The new option becomes:
virt-customize ... --chown UID:GID:FILENAME
Include the following commit from the common submodule:
commit e70d89a58dae068be2e19c7c21558707261af96a
Author: Richard W.M. Jones <rjones@redhat.com>
Date: Sat Jul 15 16:42:06 2023 +0100
customize: Update generated files for --chown with StringTriplet
Updates: commit d8e48bff212f9b0558480ffedf8158157360d0d5
(cherry picked from commit c08032ebe2763f5e9ce5b14e003721475219d390)
---
common | 2 +-
generator/customize.ml | 44 ++++++++++++++++++++++++++++++++----------
2 files changed, 35 insertions(+), 11 deletions(-)
Submodule common bbb54714..e70d89a5:
diff --git a/common/mlcustomize/customize-options.pod b/common/mlcustomize/customize-options.pod
index 22724600..e658a447 100644
--- a/common/mlcustomize/customize-options.pod
+++ b/common/mlcustomize/customize-options.pod
@@ -63,7 +63,7 @@ Change the permissions of C<FILE> to C<PERMISSIONS>.
I<Note>: C<PERMISSIONS> by default would be decimal, unless you prefix
it with C<0> to get octal, ie. use C<0700> not C<700>.
-=item B<--chown> UID.GID:PATH
+=item B<--chown> UID:GID:PATH
Change the owner user and group ID of a file or directory in the guest.
Note:
@@ -83,7 +83,7 @@ This will not work with Windows guests.
For example:
- virt-customize --chown '0.0:/var/log/audit.log'
+ virt-customize --chown '0:0:/var/log/audit.log'
See also: I<--upload>.
diff --git a/common/mlcustomize/customize-synopsis.pod b/common/mlcustomize/customize-synopsis.pod
index e20b12d4..5031b015 100644
--- a/common/mlcustomize/customize-synopsis.pod
+++ b/common/mlcustomize/customize-synopsis.pod
@@ -1,5 +1,5 @@
[--append-line FILE:LINE] [--chmod PERMISSIONS:FILE]
- [--chown UID.GID:PATH] [--commands-from-file FILENAME]
+ [--chown UID:GID:PATH] [--commands-from-file FILENAME]
[--copy SOURCE:DEST] [--copy-in LOCALPATH:REMOTEDIR]
[--delete PATH] [--edit FILE:EXPR] [--firstboot SCRIPT]
[--firstboot-command 'CMD+ARGS'] [--firstboot-install PKG,PKG..]
diff --git a/common/mlcustomize/customize_cmdline.ml b/common/mlcustomize/customize_cmdline.ml
index fd3074ad..3ce901db 100644
--- a/common/mlcustomize/customize_cmdline.ml
+++ b/common/mlcustomize/customize_cmdline.ml
@@ -41,8 +41,8 @@ and op = [
(* --append-line FILE:LINE *)
| `Chmod of string * string
(* --chmod PERMISSIONS:FILE *)
- | `Chown of string * string
- (* --chown UID.GID:PATH *)
+ | `Chown of string * string * string
+ (* --chown UID:GID:PATH *)
| `CommandsFromFile of string
(* --commands-from-file FILENAME *)
| `Copy of string * string
@@ -154,8 +154,13 @@ let rec argspec () =
option_name in
let len = String.length arg in
String.sub arg 0 i, String.sub arg (i+1) (len-(i+1))
- in
- let split_string_list arg =
+ and split_string_triplet option_name arg =
+ match String.nsplit ~max:3 "," arg with
+ | [a; b; c] -> a, b, c
+ | _ ->
+ error (f_"invalid format for '--%s' parameter, see the man page")
+ option_name
+ and split_string_list arg =
String.nsplit "," arg
in
let split_links_list option_name arg =
@@ -192,14 +197,14 @@ let rec argspec () =
(
[ L"chown" ],
Getopt.String (
- s_"UID.GID:PATH",
+ s_"UID:GID:PATH",
fun s ->
- let p = split_string_pair "chown" s in
+ let p = split_string_triplet "chown" s in
List.push_front (`Chown p) ops
),
s_"Change the owner user and group ID of a file or directory"
),
- Some "UID.GID:PATH", "Change the owner user and group ID of a file or directory in the guest.\nNote:\n\n=over 4\n\n=item *\n\nOnly numeric UIDs and GIDs will work, and these may not be the same\ninside the guest as on the host.\n\n=item *\n\nThis will not work with Windows guests.\n\n=back\n\nFor example:\n\n virt-customize --chown '0.0:/var/log/audit.log'\n\nSee also: I<--upload>.";
+ Some "UID:GID:PATH", "Change the owner user and group ID of a file or directory in the guest.\nNote:\n\n=over 4\n\n=item *\n\nOnly numeric UIDs and GIDs will work, and these may not be the same\ninside the guest as on the host.\n\n=item *\n\nThis will not work with Windows guests.\n\n=back\n\nFor example:\n\n virt-customize --chown '0:0:/var/log/audit.log'\n\nSee also: I<--upload>.";
(
[ L"commands-from-file" ],
Getopt.String (
diff --git a/common/mlcustomize/customize_cmdline.mli b/common/mlcustomize/customize_cmdline.mli
index 5883bbe0..112b74dc 100644
--- a/common/mlcustomize/customize_cmdline.mli
+++ b/common/mlcustomize/customize_cmdline.mli
@@ -33,8 +33,8 @@ and op = [
(* --append-line FILE:LINE *)
| `Chmod of string * string
(* --chmod PERMISSIONS:FILE *)
- | `Chown of string * string
- (* --chown UID.GID:PATH *)
+ | `Chown of string * string * string
+ (* --chown UID:GID:PATH *)
| `CommandsFromFile of string
(* --commands-from-file FILENAME *)
| `Copy of string * string
diff --git a/generator/customize.ml b/generator/customize.ml
index 8d3dec3e..fe87ef5e 100644
--- a/generator/customize.ml
+++ b/generator/customize.ml
@@ -41,6 +41,7 @@ and op_type =
| Unit (* no argument *)
| String of string (* string *)
| StringPair of string (* string:string *)
+| StringTriplet of string (* string:string:string *)
| StringList of string (* string,string,... *)
| TargetLinks of string (* target:link[:link...] *)
| PasswordSelector of string (* password selector *)
@@ -96,7 +97,7 @@ it with C<0> to get octal, ie. use C<0700> not C<700>.";
};
{ op_name = "chown";
- op_type = StringPair "UID.GID:PATH";
+ op_type = StringTriplet "UID:GID:PATH";
op_discrim = "`Chown";
op_shortdesc = "Change the owner user and group ID of a file or directory";
op_pod_longdesc = "\
@@ -118,7 +119,7 @@ This will not work with Windows guests.
For example:
- virt-customize --chown '0.0:/var/log/audit.log'
+ virt-customize --chown '0:0:/var/log/audit.log'
See also: I<--upload>.";
};
@@ -761,8 +762,13 @@ let rec argspec () =
option_name in
let len = String.length arg in
String.sub arg 0 i, String.sub arg (i+1) (len-(i+1))
- in
- let split_string_list arg =
+ and split_string_triplet option_name arg =
+ match String.nsplit ~max:3 \",\" arg with
+ | [a; b; c] -> a, b, c
+ | _ ->
+ error (f_\"invalid format for '--%%s' parameter, see the man page\")
+ option_name
+ and split_string_list arg =
String.nsplit \",\" arg
in
let split_links_list option_name arg =
@@ -807,6 +813,19 @@ let rec argspec () =
pr " s_\"%s\"\n" shortdesc;
pr " ),\n";
pr " Some %S, %S;\n" v longdesc
+ | { op_type = StringTriplet v; op_name = name; op_discrim = discrim;
+ op_shortdesc = shortdesc; op_pod_longdesc = longdesc } ->
+ pr " (\n";
+ pr " [ L\"%s\" ],\n" name;
+ pr " Getopt.String (\n";
+ pr " s_\"%s\",\n" v;
+ pr " fun s ->\n";
+ pr " let p = split_string_triplet \"%s\" s in\n" name;
+ pr " List.push_front (%s p) ops\n" discrim;
+ pr " ),\n";
+ pr " s_\"%s\"\n" shortdesc;
+ pr " ),\n";
+ pr " Some %S, %S;\n" v longdesc
| { op_type = StringList v; op_name = name; op_discrim = discrim;
op_shortdesc = shortdesc; op_pod_longdesc = longdesc } ->
pr " (\n";
@@ -956,6 +975,7 @@ let rec argspec () =
| { op_type = Unit; }
| { op_type = String _; }
| { op_type = StringPair _; }
+ | { op_type = StringTriplet _; }
| { op_type = StringList _; }
| { op_type = TargetLinks _; }
| { op_type = PasswordSelector _; }
@@ -1021,6 +1041,10 @@ type ops = {
| { op_type = StringPair v; op_discrim = discrim;
op_name = name } ->
pr " | %s of string * string\n (* --%s %s *)\n" discrim name v
+ | { op_type = StringTriplet v; op_discrim = discrim;
+ op_name = name } ->
+ pr " | %s of string * string * string\n (* --%s %s *)\n"
+ discrim name v
| { op_type = StringList v; op_discrim = discrim;
op_name = name } ->
pr " | %s of string list\n (* --%s %s *)\n" discrim name v
@@ -1073,9 +1097,9 @@ let generate_customize_synopsis_pod () =
function
| { op_type = Unit; op_name = n } ->
n, sprintf "[--%s]" n
- | { op_type = String v | StringPair v | StringList v | TargetLinks v
- | PasswordSelector v | UserPasswordSelector v | SSHKeySelector v
- | StringFn (v, _) | SMPoolSelector v;
+ | { op_type = String v | StringPair v | StringTriplet v | StringList v
+ | TargetLinks v | PasswordSelector v | UserPasswordSelector v
+ | SSHKeySelector v | StringFn (v, _) | SMPoolSelector v;
op_name = n } ->
n, sprintf "[--%s %s]" n v
) ops @
@@ -1116,9 +1140,9 @@ let generate_customize_options_pod () =
function
| { op_type = Unit; op_name = n; op_pod_longdesc = ld } ->
n, sprintf "B<--%s>" n, ld
- | { op_type = String v | StringPair v | StringList v | TargetLinks v
- | PasswordSelector v | UserPasswordSelector v | SSHKeySelector v
- | StringFn (v, _) | SMPoolSelector v;
+ | { op_type = String v | StringPair v | StringTriplet v | StringList v
+ | TargetLinks v | PasswordSelector v | UserPasswordSelector v
+ | SSHKeySelector v | StringFn (v, _) | SMPoolSelector v;
op_name = n; op_pod_longdesc = ld } ->
n, sprintf "B<--%s> %s" n v, ld
) ops @

57
SOURCES/0023-daemon-lvm-Do-reverse-device-name-translation-on-pvs.patch Normal file
View File

@ -0,0 +1,57 @@
From 981b48085a2d0e422578bc12d6c3b68e312bad44 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 20 Jul 2023 11:15:26 +0100
Subject: [PATCH] daemon: lvm: Do reverse device name translation on pvs_full
device fields
Intermittent test failures in virt-filesystems showed that when using
the pvs_full API, the pv_name field in the returned list of structures
was not being reverse translated. As a result internal partition
names could appear in the output of virt-filesystems.
See: https://listman.redhat.com/archives/libguestfs/2023-July/032058.html
(cherry picked from commit 32cb5b45cfbe5edbc7643fc533da70db2d3c6cda)
---
daemon/lvm.c | 29 ++++++++++++++++++++++++++++-
1 file changed, 28 insertions(+), 1 deletion(-)
diff --git a/daemon/lvm.c b/daemon/lvm.c
index 7e76e17c..b8c01f71 100644
--- a/daemon/lvm.c
+++ b/daemon/lvm.c
@@ -146,7 +146,34 @@ do_vgs (void)
guestfs_int_lvm_pv_list *
do_pvs_full (void)
{
- return parse_command_line_pvs ();
+ guestfs_int_lvm_pv_list *r;
+ size_t i;
+ char *din, *dout;
+
+ r = parse_command_line_pvs ();
+ if (r == NULL)
+ /* parse_command_line_pvs has already called reply_with_error */
+ return NULL;
+
+ /* The pv_name fields contain device names which must be reverse
+ * translated. The problem here is that the generator does not have
+ * a "FMountable" field type in types.mli.
+ */
+ for (i = 0; i < r->guestfs_int_lvm_pv_list_len; ++i) {
+ din = r->guestfs_int_lvm_pv_list_val[i].pv_name;
+ if (din) {
+ dout = reverse_device_name_translation (din);
+ if (!dout) {
+ /* reverse_device_name_translation has already called reply_with_error*/
+ /* XXX memory leak here */
+ return NULL;
+ }
+ r->guestfs_int_lvm_pv_list_val[i].pv_name = dout;
+ free (din);
+ }
+ }
+
+ return r;
}
guestfs_int_lvm_vg_list *

208
SOURCES/0024-ruby-Replace-MiniTest-with-Minitest.patch Normal file
View File

@ -0,0 +1,208 @@
From 12873e21070ba3d0aca45b626f4df00adb14aad5 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 21 Sep 2023 15:16:51 +0100
Subject: [PATCH] ruby: Replace MiniTest with Minitest
See this commit in hivex:
https://github.com/libguestfs/hivex/commit/fbcff7fbd8f96214c7f13f36bd7669a9142824ab
(cherry picked from commit d25a48e2dd2c2a2063b8d03a33b5e3cbe773c47d)
---
ruby/t/tc_010_load.rb | 2 +-
ruby/t/tc_020_create.rb | 2 +-
ruby/t/tc_030_create_flags.rb | 2 +-
ruby/t/tc_040_create_multiple.rb | 2 +-
ruby/t/tc_050_handle_properties.rb | 2 +-
ruby/t/tc_060_explicit_close.rb | 2 +-
ruby/t/tc_070_optargs.rb | 2 +-
ruby/t/tc_090_retvalues.rb | 2 +-
ruby/t/tc_100_launch.rb | 2 +-
ruby/t/tc_410_close_event.rb | 2 +-
ruby/t/tc_420_log_messages.rb | 2 +-
ruby/t/tc_800_rhbz507346.rb | 2 +-
ruby/t/tc_810_rhbz664558c6.rb | 2 +-
ruby/t/tc_820_rhbz1046509.rb | 2 +-
14 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/ruby/t/tc_010_load.rb b/ruby/t/tc_010_load.rb
index 9dc2db67..40ddccd8 100644
--- a/ruby/t/tc_010_load.rb
+++ b/ruby/t/tc_010_load.rb
@@ -17,7 +17,7 @@
require File::join(File::dirname(__FILE__), 'test_helper')
-class Test010Load < MiniTest::Unit::TestCase
+class Test010Load < Minitest::Test
def test_010_load
end
end
diff --git a/ruby/t/tc_020_create.rb b/ruby/t/tc_020_create.rb
index 840dd858..c3f5307e 100644
--- a/ruby/t/tc_020_create.rb
+++ b/ruby/t/tc_020_create.rb
@@ -17,7 +17,7 @@
require File::join(File::dirname(__FILE__), 'test_helper')
-class Test020Create < MiniTest::Unit::TestCase
+class Test020Create < Minitest::Test
def test_020_create
g = Guestfs::Guestfs.new()
refute_nil (g)
diff --git a/ruby/t/tc_030_create_flags.rb b/ruby/t/tc_030_create_flags.rb
index ac6d1f46..4949d2a8 100644
--- a/ruby/t/tc_030_create_flags.rb
+++ b/ruby/t/tc_030_create_flags.rb
@@ -17,7 +17,7 @@
require File::join(File::dirname(__FILE__), 'test_helper')
-class Test030CreateFlags < MiniTest::Unit::TestCase
+class Test030CreateFlags < Minitest::Test
def test_030_create_flags
g = Guestfs::Guestfs.new(:environment => false, :close_on_exit => true)
refute_nil (g)
diff --git a/ruby/t/tc_040_create_multiple.rb b/ruby/t/tc_040_create_multiple.rb
index 36e8edc7..623ccc6e 100644
--- a/ruby/t/tc_040_create_multiple.rb
+++ b/ruby/t/tc_040_create_multiple.rb
@@ -17,7 +17,7 @@
require File::join(File::dirname(__FILE__), 'test_helper')
-class Test040CreateMultiple < MiniTest::Unit::TestCase
+class Test040CreateMultiple < Minitest::Test
def test_040_create_multiple
g1 = Guestfs::Guestfs.new()
g2 = Guestfs::Guestfs.new()
diff --git a/ruby/t/tc_050_handle_properties.rb b/ruby/t/tc_050_handle_properties.rb
index 5928532e..b22c51fd 100644
--- a/ruby/t/tc_050_handle_properties.rb
+++ b/ruby/t/tc_050_handle_properties.rb
@@ -17,7 +17,7 @@
require File::join(File::dirname(__FILE__), 'test_helper')
-class Test050HandleProperties < MiniTest::Unit::TestCase
+class Test050HandleProperties < Minitest::Test
def test_050_handle_properties
g = Guestfs::Guestfs.new()
refute_nil (g)
diff --git a/ruby/t/tc_060_explicit_close.rb b/ruby/t/tc_060_explicit_close.rb
index 0c9118aa..20afd0de 100644
--- a/ruby/t/tc_060_explicit_close.rb
+++ b/ruby/t/tc_060_explicit_close.rb
@@ -17,7 +17,7 @@
require File::join(File::dirname(__FILE__), 'test_helper')
-class Test060ExplicitClose < MiniTest::Unit::TestCase
+class Test060ExplicitClose < Minitest::Test
def test_060_explicit_close
g = Guestfs::Guestfs.new()
refute_nil (g)
diff --git a/ruby/t/tc_070_optargs.rb b/ruby/t/tc_070_optargs.rb
index fff5fbf7..a2360b2f 100644
--- a/ruby/t/tc_070_optargs.rb
+++ b/ruby/t/tc_070_optargs.rb
@@ -17,7 +17,7 @@
require File::join(File::dirname(__FILE__), 'test_helper')
-class Test070Optargs < MiniTest::Unit::TestCase
+class Test070Optargs < Minitest::Test
def test_070_optargs
g = Guestfs::Guestfs.new()
diff --git a/ruby/t/tc_090_retvalues.rb b/ruby/t/tc_090_retvalues.rb
index 4bcc8b54..c9a84276 100644
--- a/ruby/t/tc_090_retvalues.rb
+++ b/ruby/t/tc_090_retvalues.rb
@@ -17,7 +17,7 @@
require File::join(File::dirname(__FILE__), 'test_helper')
-class Test090RetValues < MiniTest::Unit::TestCase
+class Test090RetValues < Minitest::Test
def test_090_retvalues
g = Guestfs::Guestfs.new()
diff --git a/ruby/t/tc_100_launch.rb b/ruby/t/tc_100_launch.rb
index 43db4b67..096cbd62 100644
--- a/ruby/t/tc_100_launch.rb
+++ b/ruby/t/tc_100_launch.rb
@@ -17,7 +17,7 @@
require File::join(File::dirname(__FILE__), 'test_helper')
-class Test100Launch < MiniTest::Unit::TestCase
+class Test100Launch < Minitest::Test
def test_100_launch
g = Guestfs::Guestfs.new()
diff --git a/ruby/t/tc_410_close_event.rb b/ruby/t/tc_410_close_event.rb
index 1b98957e..9a4e0558 100644
--- a/ruby/t/tc_410_close_event.rb
+++ b/ruby/t/tc_410_close_event.rb
@@ -17,7 +17,7 @@
require File::join(File::dirname(__FILE__), 'test_helper')
-class Test410CloseEvent < MiniTest::Unit::TestCase
+class Test410CloseEvent < Minitest::Test
def test_410_close_event
g = Guestfs::Guestfs.new()
diff --git a/ruby/t/tc_420_log_messages.rb b/ruby/t/tc_420_log_messages.rb
index 936e0fd4..a113c62e 100644
--- a/ruby/t/tc_420_log_messages.rb
+++ b/ruby/t/tc_420_log_messages.rb
@@ -17,7 +17,7 @@
require File::join(File::dirname(__FILE__), 'test_helper')
-class Test420LogMessages < MiniTest::Unit::TestCase
+class Test420LogMessages < Minitest::Test
def test_420_log_messages
g = Guestfs::Guestfs.new()
diff --git a/ruby/t/tc_800_rhbz507346.rb b/ruby/t/tc_800_rhbz507346.rb
index 4b7cc010..06767352 100644
--- a/ruby/t/tc_800_rhbz507346.rb
+++ b/ruby/t/tc_800_rhbz507346.rb
@@ -17,7 +17,7 @@
require File::join(File::dirname(__FILE__), 'test_helper')
-class Test800RHBZ507346 < MiniTest::Unit::TestCase
+class Test800RHBZ507346 < Minitest::Test
def test_800_rhbz507346
g = Guestfs::Guestfs.new()
exception = assert_raises TypeError do
diff --git a/ruby/t/tc_810_rhbz664558c6.rb b/ruby/t/tc_810_rhbz664558c6.rb
index f5e9adee..1504c070 100644
--- a/ruby/t/tc_810_rhbz664558c6.rb
+++ b/ruby/t/tc_810_rhbz664558c6.rb
@@ -21,7 +21,7 @@
require File::join(File::dirname(__FILE__), 'test_helper')
-class Test810RHBZ664558C6 < MiniTest::Unit::TestCase
+class Test810RHBZ664558C6 < Minitest::Test
def test_810_rhbz_664558c6
g = Guestfs::Guestfs.new()
diff --git a/ruby/t/tc_820_rhbz1046509.rb b/ruby/t/tc_820_rhbz1046509.rb
index 882ddb55..0595293d 100644
--- a/ruby/t/tc_820_rhbz1046509.rb
+++ b/ruby/t/tc_820_rhbz1046509.rb
@@ -20,7 +20,7 @@
require File::join(File::dirname(__FILE__), 'test_helper')
-class Test820RHBZ1046509 < MiniTest::Unit::TestCase
+class Test820RHBZ1046509 < Minitest::Test
def _handleok(g)
g.add_drive("/dev/null")
g.close()

278
SOURCES/0025-ruby-Get-rid-of-old-Test-Unit-compatibility.patch Normal file
View File

@ -0,0 +1,278 @@
From fbe7e96cee460e26a0ff6a9c293c155a78bfdfde Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 21 Sep 2023 15:20:55 +0100
Subject: [PATCH] ruby: Get rid of old Test::Unit compatibility
See this commit in hivex:
https://github.com/libguestfs/hivex/commit/6dbbc474d3df5cdfd21ed5e692b3a58136fffc42
(cherry picked from commit ecf361d7237d38b2418ddecb1b70e3b722509c12)
---
ruby/Makefile.am | 3 +--
ruby/t/tc_010_load.rb | 3 ++-
ruby/t/tc_020_create.rb | 3 ++-
ruby/t/tc_030_create_flags.rb | 3 ++-
ruby/t/tc_040_create_multiple.rb | 3 ++-
ruby/t/tc_050_handle_properties.rb | 3 ++-
ruby/t/tc_060_explicit_close.rb | 3 ++-
ruby/t/tc_070_optargs.rb | 3 ++-
ruby/t/tc_090_retvalues.rb | 3 ++-
ruby/t/tc_100_launch.rb | 3 ++-
ruby/t/tc_410_close_event.rb | 3 ++-
ruby/t/tc_420_log_messages.rb | 3 ++-
ruby/t/tc_800_rhbz507346.rb | 3 ++-
ruby/t/tc_810_rhbz664558c6.rb | 3 ++-
ruby/t/tc_820_rhbz1046509.rb | 3 ++-
ruby/t/test_helper.rb | 33 ------------------------------
16 files changed, 29 insertions(+), 49 deletions(-)
delete mode 100644 ruby/t/test_helper.rb
diff --git a/ruby/Makefile.am b/ruby/Makefile.am
index c26513a7..867b05b1 100644
--- a/ruby/Makefile.am
+++ b/ruby/Makefile.am
@@ -40,8 +40,7 @@ EXTRA_DIST = \
lib/guestfs.rb \
run-bindtests \
run-ruby-tests \
- t/tc_*.rb \
- t/test_helper.rb
+ t/tc_*.rb
CLEANFILES += \
lib/*~ \
diff --git a/ruby/t/tc_010_load.rb b/ruby/t/tc_010_load.rb
index 40ddccd8..e7ec482e 100644
--- a/ruby/t/tc_010_load.rb
+++ b/ruby/t/tc_010_load.rb
@@ -15,7 +15,8 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-require File::join(File::dirname(__FILE__), 'test_helper')
+require 'minitest/autorun'
+require 'guestfs'
class Test010Load < Minitest::Test
def test_010_load
diff --git a/ruby/t/tc_020_create.rb b/ruby/t/tc_020_create.rb
index c3f5307e..26bb2ecf 100644
--- a/ruby/t/tc_020_create.rb
+++ b/ruby/t/tc_020_create.rb
@@ -15,7 +15,8 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-require File::join(File::dirname(__FILE__), 'test_helper')
+require 'minitest/autorun'
+require 'guestfs'
class Test020Create < Minitest::Test
def test_020_create
diff --git a/ruby/t/tc_030_create_flags.rb b/ruby/t/tc_030_create_flags.rb
index 4949d2a8..8006d962 100644
--- a/ruby/t/tc_030_create_flags.rb
+++ b/ruby/t/tc_030_create_flags.rb
@@ -15,7 +15,8 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-require File::join(File::dirname(__FILE__), 'test_helper')
+require 'minitest/autorun'
+require 'guestfs'
class Test030CreateFlags < Minitest::Test
def test_030_create_flags
diff --git a/ruby/t/tc_040_create_multiple.rb b/ruby/t/tc_040_create_multiple.rb
index 623ccc6e..32b2b094 100644
--- a/ruby/t/tc_040_create_multiple.rb
+++ b/ruby/t/tc_040_create_multiple.rb
@@ -15,7 +15,8 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-require File::join(File::dirname(__FILE__), 'test_helper')
+require 'minitest/autorun'
+require 'guestfs'
class Test040CreateMultiple < Minitest::Test
def test_040_create_multiple
diff --git a/ruby/t/tc_050_handle_properties.rb b/ruby/t/tc_050_handle_properties.rb
index b22c51fd..d37b1d03 100644
--- a/ruby/t/tc_050_handle_properties.rb
+++ b/ruby/t/tc_050_handle_properties.rb
@@ -15,7 +15,8 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-require File::join(File::dirname(__FILE__), 'test_helper')
+require 'minitest/autorun'
+require 'guestfs'
class Test050HandleProperties < Minitest::Test
def test_050_handle_properties
diff --git a/ruby/t/tc_060_explicit_close.rb b/ruby/t/tc_060_explicit_close.rb
index 20afd0de..8d103616 100644
--- a/ruby/t/tc_060_explicit_close.rb
+++ b/ruby/t/tc_060_explicit_close.rb
@@ -15,7 +15,8 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-require File::join(File::dirname(__FILE__), 'test_helper')
+require 'minitest/autorun'
+require 'guestfs'
class Test060ExplicitClose < Minitest::Test
def test_060_explicit_close
diff --git a/ruby/t/tc_070_optargs.rb b/ruby/t/tc_070_optargs.rb
index a2360b2f..c2298131 100644
--- a/ruby/t/tc_070_optargs.rb
+++ b/ruby/t/tc_070_optargs.rb
@@ -15,7 +15,8 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-require File::join(File::dirname(__FILE__), 'test_helper')
+require 'minitest/autorun'
+require 'guestfs'
class Test070Optargs < Minitest::Test
def test_070_optargs
diff --git a/ruby/t/tc_090_retvalues.rb b/ruby/t/tc_090_retvalues.rb
index c9a84276..d7927465 100644
--- a/ruby/t/tc_090_retvalues.rb
+++ b/ruby/t/tc_090_retvalues.rb
@@ -15,7 +15,8 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-require File::join(File::dirname(__FILE__), 'test_helper')
+require 'minitest/autorun'
+require 'guestfs'
class Test090RetValues < Minitest::Test
def test_090_retvalues
diff --git a/ruby/t/tc_100_launch.rb b/ruby/t/tc_100_launch.rb
index 096cbd62..c4da234e 100644
--- a/ruby/t/tc_100_launch.rb
+++ b/ruby/t/tc_100_launch.rb
@@ -15,7 +15,8 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-require File::join(File::dirname(__FILE__), 'test_helper')
+require 'minitest/autorun'
+require 'guestfs'
class Test100Launch < Minitest::Test
def test_100_launch
diff --git a/ruby/t/tc_410_close_event.rb b/ruby/t/tc_410_close_event.rb
index 9a4e0558..84cc11ab 100644
--- a/ruby/t/tc_410_close_event.rb
+++ b/ruby/t/tc_410_close_event.rb
@@ -15,7 +15,8 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-require File::join(File::dirname(__FILE__), 'test_helper')
+require 'minitest/autorun'
+require 'guestfs'
class Test410CloseEvent < Minitest::Test
def test_410_close_event
diff --git a/ruby/t/tc_420_log_messages.rb b/ruby/t/tc_420_log_messages.rb
index a113c62e..fd3049a0 100644
--- a/ruby/t/tc_420_log_messages.rb
+++ b/ruby/t/tc_420_log_messages.rb
@@ -15,7 +15,8 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-require File::join(File::dirname(__FILE__), 'test_helper')
+require 'minitest/autorun'
+require 'guestfs'
class Test420LogMessages < Minitest::Test
def test_420_log_messages
diff --git a/ruby/t/tc_800_rhbz507346.rb b/ruby/t/tc_800_rhbz507346.rb
index 06767352..54f7734f 100644
--- a/ruby/t/tc_800_rhbz507346.rb
+++ b/ruby/t/tc_800_rhbz507346.rb
@@ -15,7 +15,8 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-require File::join(File::dirname(__FILE__), 'test_helper')
+require 'minitest/autorun'
+require 'guestfs'
class Test800RHBZ507346 < Minitest::Test
def test_800_rhbz507346
diff --git a/ruby/t/tc_810_rhbz664558c6.rb b/ruby/t/tc_810_rhbz664558c6.rb
index 1504c070..5ffa2265 100644
--- a/ruby/t/tc_810_rhbz664558c6.rb
+++ b/ruby/t/tc_810_rhbz664558c6.rb
@@ -19,7 +19,8 @@
# the interpreter to segfault. See:
# https://bugzilla.redhat.com/show_bug.cgi?id=664558#c6
-require File::join(File::dirname(__FILE__), 'test_helper')
+require 'minitest/autorun'
+require 'guestfs'
class Test810RHBZ664558C6 < Minitest::Test
def test_810_rhbz_664558c6
diff --git a/ruby/t/tc_820_rhbz1046509.rb b/ruby/t/tc_820_rhbz1046509.rb
index 0595293d..b2a6d80b 100644
--- a/ruby/t/tc_820_rhbz1046509.rb
+++ b/ruby/t/tc_820_rhbz1046509.rb
@@ -18,7 +18,8 @@
# Test that we don't break the old ::create module function while
# fixing https://bugzilla.redhat.com/show_bug.cgi?id=1046509
-require File::join(File::dirname(__FILE__), 'test_helper')
+require 'minitest/autorun'
+require 'guestfs'
class Test820RHBZ1046509 < Minitest::Test
def _handleok(g)
diff --git a/ruby/t/test_helper.rb b/ruby/t/test_helper.rb
deleted file mode 100644
index 54f857ce..00000000
--- a/ruby/t/test_helper.rb
+++ /dev/null
@@ -1,33 +0,0 @@
-# libguestfs Ruby bindings -*- ruby -*-
-# Copyright (C) 2009-2023 Red Hat Inc.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-
-begin
- require 'minitest/autorun'
-rescue LoadError
- require 'test/unit'
- MiniTest = Test
- module Test
- Assertions = Unit::Assertions
- module Assertions
- alias refute_nil assert_not_nil
- end
- end
-end
-
-$:.unshift(File::join(File::dirname(__FILE__), "..", "lib"))
-$:.unshift(File::join(File::dirname(__FILE__), "..", "ext", "guestfs"))
-require 'guestfs'

63
SOURCES/0026-generator-Sort-virt-customize-options-into-alphabeti.patch Normal file
View File

@ -0,0 +1,63 @@
From 7408a59c6b43253cc7323269258851fb6be287c4 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 26 Oct 2023 21:06:21 +0100
Subject: [PATCH] generator: Sort virt-customize options into alphabetical
order
(cherry picked from commit 297db5cccc1eb6e838f35d38e60fac894b372676)
---
generator/customize.ml | 34 +++++++++++++++++-----------------
1 file changed, 17 insertions(+), 17 deletions(-)
diff --git a/generator/customize.ml b/generator/customize.ml
index fe87ef5e..c3dd259e 100644
--- a/generator/customize.ml
+++ b/generator/customize.ml
@@ -510,23 +510,6 @@ You can have multiple I<--ssh-inject> options, for different users
and also for more keys for each user."
};
- { op_name = "truncate";
- op_type = String "FILE";
- op_discrim = "`Truncate";
- op_shortdesc = "Truncate a file to zero size";
- op_pod_longdesc = "\
-This command truncates C<FILE> to a zero-length file. The file must exist
-already.";
- };
-
- { op_name = "truncate-recursive";
- op_type = String "PATH";
- op_discrim = "`TruncateRecursive";
- op_shortdesc = "Recursively truncate all files in directory";
- op_pod_longdesc = "\
-This command recursively truncates all files under C<PATH> to zero-length.";
- };
-
{ op_name = "timezone";
op_type = String "TIMEZONE";
op_discrim = "`Timezone";
@@ -544,6 +527,23 @@ string like C<Europe/London>";
This command performs a L<touch(1)>-like operation on C<FILE>.";
};
+ { op_name = "truncate";
+ op_type = String "FILE";
+ op_discrim = "`Truncate";
+ op_shortdesc = "Truncate a file to zero size";
+ op_pod_longdesc = "\
+This command truncates C<FILE> to a zero-length file. The file must exist
+already.";
+ };
+
+ { op_name = "truncate-recursive";
+ op_type = String "PATH";
+ op_discrim = "`TruncateRecursive";
+ op_shortdesc = "Recursively truncate all files in directory";
+ op_pod_longdesc = "\
+This command recursively truncates all files under C<PATH> to zero-length.";
+ };
+
{ op_name = "uninstall";
op_type = StringList "PKG,PKG..";
op_discrim = "`UninstallPackages";

173
SOURCES/0027-generator-Add-new-virt-customize-tar-in-operation.patch Normal file
View File

@ -0,0 +1,173 @@
From 3cf513cab7bc93a80c8d9f1dea221cba471cafb9 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 26 Oct 2023 19:44:03 +0100
Subject: [PATCH] generator: Add new virt-customize --tar-in operation
Using 'virt-customize --tar-in some.tar:/dir -a disk.img' will unpack
'some.tar' into '/dir' in the guest. Note that this will not work for
compressed tar files as written since the underlying guestfs_tar_in
function requires the compression type to be set explicitly and
defaults to no compression (it does not auto-detect or default to
compression).
(cherry picked from commit b5f7b0ec18e30d25342bc322e571edf17a72974f)
---
common | 2 +-
generator/customize.ml | 12 ++++++++++++
2 files changed, 13 insertions(+), 1 deletion(-)
Submodule common e70d89a5..9a8ba593:
diff --git a/common/mlcustomize/customize-options.pod b/common/mlcustomize/customize-options.pod
index e658a447..ff93630d 100644
--- a/common/mlcustomize/customize-options.pod
+++ b/common/mlcustomize/customize-options.pod
@@ -427,6 +427,14 @@ the C<SELECTOR> field.
You can have multiple I<--ssh-inject> options, for different users
and also for more keys for each user.
+=item B<--tar-in> TARFILE:REMOTEDIR
+
+Copy local files or directories from a local tar file
+called C<TARFILE> into the disk image, placing them in the
+directory C<REMOTEDIR> (which must exist). Note that
+the tar file must be uncompressed (F<.tar.gz> files will not work
+here)
+
=item B<--timezone> TIMEZONE
Set the default timezone of the guest to C<TIMEZONE>. Use a location
diff --git a/common/mlcustomize/customize-synopsis.pod b/common/mlcustomize/customize-synopsis.pod
index 5031b015..bb0ce125 100644
--- a/common/mlcustomize/customize-synopsis.pod
+++ b/common/mlcustomize/customize-synopsis.pod
@@ -9,8 +9,9 @@
[--password USER:SELECTOR] [--root-password SELECTOR]
[--run SCRIPT] [--run-command 'CMD+ARGS'] [--scrub FILE]
[--sm-attach SELECTOR] [--sm-register] [--sm-remove]
- [--sm-unregister] [--ssh-inject USER[:SELECTOR]] [--truncate FILE]
- [--truncate-recursive PATH] [--timezone TIMEZONE] [--touch FILE]
+ [--sm-unregister] [--ssh-inject USER[:SELECTOR]]
+ [--tar-in TARFILE:REMOTEDIR] [--timezone TIMEZONE] [--touch FILE]
+ [--truncate FILE] [--truncate-recursive PATH]
[--uninstall PKG,PKG..] [--update] [--upload FILE:DEST]
[--write FILE:CONTENT] [--no-logfile]
[--password-crypto md5|sha256|sha512] [--no-selinux-relabel]
diff --git a/common/mlcustomize/customize_cmdline.ml b/common/mlcustomize/customize_cmdline.ml
index 3ce901db..245d9960 100644
--- a/common/mlcustomize/customize_cmdline.ml
+++ b/common/mlcustomize/customize_cmdline.ml
@@ -93,14 +93,16 @@ and op = [
(* --sm-unregister *)
| `SSHInject of string * Ssh_key.ssh_key_selector
(* --ssh-inject USER[:SELECTOR] *)
- | `Truncate of string
- (* --truncate FILE *)
- | `TruncateRecursive of string
- (* --truncate-recursive PATH *)
+ | `TarIn of string * string
+ (* --tar-in TARFILE:REMOTEDIR *)
| `Timezone of string
(* --timezone TIMEZONE *)
| `Touch of string
(* --touch FILE *)
+ | `Truncate of string
+ (* --truncate FILE *)
+ | `TruncateRecursive of string
+ (* --truncate-recursive PATH *)
| `UninstallPackages of string list
(* --uninstall PKG,PKG.. *)
| `Update
@@ -418,17 +420,16 @@ let rec argspec () =
),
Some "USER[:SELECTOR]", "Inject an ssh key so the given C<USER> will be able to log in over\nssh without supplying a password. The C<USER> must exist already\nin the guest.\n\nSee L<virt-builder(1)/SSH KEYS> for the format of\nthe C<SELECTOR> field.\n\nYou can have multiple I<--ssh-inject> options, for different users\nand also for more keys for each user.";
(
- [ L"truncate" ],
- Getopt.String (s_"FILE", fun s -> List.push_front (`Truncate s) ops),
- s_"Truncate a file to zero size"
+ [ L"tar-in" ],
+ Getopt.String (
+ s_"TARFILE:REMOTEDIR",
+ fun s ->
+ let p = split_string_pair "tar-in" s in
+ List.push_front (`TarIn p) ops
+ ),
+ s_"Copy local files or directories from a tarball into image"
),
- Some "FILE", "This command truncates C<FILE> to a zero-length file. The file must exist\nalready.";
- (
- [ L"truncate-recursive" ],
- Getopt.String (s_"PATH", fun s -> List.push_front (`TruncateRecursive s) ops),
- s_"Recursively truncate all files in directory"
- ),
- Some "PATH", "This command recursively truncates all files under C<PATH> to zero-length.";
+ Some "TARFILE:REMOTEDIR", "Copy local files or directories from a local tar file\ncalled C<TARFILE> into the disk image, placing them in the\ndirectory C<REMOTEDIR> (which must exist). Note that\nthe tar file must be uncompressed (F<.tar.gz> files will not work\nhere)";
(
[ L"timezone" ],
Getopt.String (s_"TIMEZONE", fun s -> List.push_front (`Timezone s) ops),
@@ -441,6 +442,18 @@ let rec argspec () =
s_"Run touch on a file"
),
Some "FILE", "This command performs a L<touch(1)>-like operation on C<FILE>.";
+ (
+ [ L"truncate" ],
+ Getopt.String (s_"FILE", fun s -> List.push_front (`Truncate s) ops),
+ s_"Truncate a file to zero size"
+ ),
+ Some "FILE", "This command truncates C<FILE> to a zero-length file. The file must exist\nalready.";
+ (
+ [ L"truncate-recursive" ],
+ Getopt.String (s_"PATH", fun s -> List.push_front (`TruncateRecursive s) ops),
+ s_"Recursively truncate all files in directory"
+ ),
+ Some "PATH", "This command recursively truncates all files under C<PATH> to zero-length.";
(
[ L"uninstall" ],
Getopt.String (
diff --git a/common/mlcustomize/customize_cmdline.mli b/common/mlcustomize/customize_cmdline.mli
index 112b74dc..51a156ea 100644
--- a/common/mlcustomize/customize_cmdline.mli
+++ b/common/mlcustomize/customize_cmdline.mli
@@ -85,14 +85,16 @@ and op = [
(* --sm-unregister *)
| `SSHInject of string * Ssh_key.ssh_key_selector
(* --ssh-inject USER[:SELECTOR] *)
- | `Truncate of string
- (* --truncate FILE *)
- | `TruncateRecursive of string
- (* --truncate-recursive PATH *)
+ | `TarIn of string * string
+ (* --tar-in TARFILE:REMOTEDIR *)
| `Timezone of string
(* --timezone TIMEZONE *)
| `Touch of string
(* --touch FILE *)
+ | `Truncate of string
+ (* --truncate FILE *)
+ | `TruncateRecursive of string
+ (* --truncate-recursive PATH *)
| `UninstallPackages of string list
(* --uninstall PKG,PKG.. *)
| `Update
diff --git a/generator/customize.ml b/generator/customize.ml
index c3dd259e..e64b45c0 100644
--- a/generator/customize.ml
+++ b/generator/customize.ml
@@ -510,6 +510,18 @@ You can have multiple I<--ssh-inject> options, for different users
and also for more keys for each user."
};
+ { op_name = "tar-in";
+ op_type = StringPair "TARFILE:REMOTEDIR";
+ op_discrim = "`TarIn";
+ op_shortdesc = "Copy local files or directories from a tarball into image";
+ op_pod_longdesc = "\
+Copy local files or directories from a local tar file
+called C<TARFILE> into the disk image, placing them in the
+directory C<REMOTEDIR> (which must exist). Note that
+the tar file must be uncompressed (F<.tar.gz> files will not work
+here)";
+ };
+
{ op_name = "timezone";
op_type = String "TIMEZONE";
op_discrim = "`Timezone";

271
SOURCES/0028-New-mailing-list-email-address.patch Normal file
View File

@ -0,0 +1,271 @@
From 8dc3b9fb23e4af1b6a5271a7d40d6c2706cf1f78 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 16 Nov 2023 10:38:59 +0000
Subject: [PATCH] New mailing list email address
(cherry picked from commit 0b8b1e4b2d70cf4ed59775c3c2d1aa42d3c29ca2)
---
.gitpublish | 2 +-
appliance/Makefile.am | 2 +-
po-docs/Makefile.am | 2 +-
po-docs/cs.po | 2 +-
po-docs/de.po | 2 +-
po-docs/en_GB.po | 2 +-
po-docs/es.po | 2 +-
po-docs/eu.po | 2 +-
po-docs/fi.po | 2 +-
po-docs/fr.po | 2 +-
po-docs/ja.po | 2 +-
po-docs/libguestfs-docs.pot | 2 +-
po-docs/nl.po | 2 +-
po-docs/pt_BR.po | 2 +-
po-docs/si.po | 2 +-
po-docs/tg.po | 2 +-
po-docs/uk.po | 2 +-
po-docs/zh_CN.po | 2 +-
python/setup.py.in | 2 +-
19 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/.gitpublish b/.gitpublish
index 9775dd23..2aae0c09 100644
--- a/.gitpublish
+++ b/.gitpublish
@@ -1,3 +1,3 @@
[gitpublishprofile "default"]
base = master
-to = libguestfs@redhat.com
+to = guestfs@lists.libguestfs.org
diff --git a/appliance/Makefile.am b/appliance/Makefile.am
index 063c19f6..8cb9bd1f 100644
--- a/appliance/Makefile.am
+++ b/appliance/Makefile.am
@@ -88,7 +88,7 @@ else
if HAVE_PACMAN
QUERY_FILES_CMD := xargs pacman -Qo | sed -r 's/.* is owned by ([^ ]+) .*/\1/'
else
-$(error Error: Unknown Linux distribution "$(DISTRO)". Please add support to m4/guestfs-appliance.m4 and appliance/Makefile.am and send a patch upstream to libguestfs@redhat.com)
+$(error Error: Unknown Linux distribution "$(DISTRO)". Please add support to m4/guestfs-appliance.m4 and appliance/Makefile.am and send a patch upstream to guestfs@lists.libguestfs.org)
endif !HAVE_PACMAN
endif !HAVE_DPKG
endif !HAVE_RPM
diff --git a/po-docs/Makefile.am b/po-docs/Makefile.am
index 61c1b1c9..330b673f 100644
--- a/po-docs/Makefile.am
+++ b/po-docs/Makefile.am
@@ -46,7 +46,7 @@ libguestfs-docs.pot:
-M utf-8 -L utf-8 \
--package-name $(PACKAGE_NAME) \
--package-version $(PACKAGE_VERSION) \
- --msgid-bugs-address libguestfs@redhat.com \
+ --msgid-bugs-address guestfs@lists.libguestfs.org \
--copyright-holder "Red Hat Inc." \
-p $(abs_srcdir)/$@ \
$(patsubst %,-m %,$(shell cat $(srcdir)/podfiles))
diff --git a/po-docs/cs.po b/po-docs/cs.po
index 5618cb0f..d50e53bf 100644
--- a/po-docs/cs.po
+++ b/po-docs/cs.po
@@ -3,7 +3,7 @@
msgid ""
msgstr ""
"Project-Id-Version: libguestfs 1.39.12\n"
-"Report-Msgid-Bugs-To: libguestfs@redhat.com\n"
+"Report-Msgid-Bugs-To: guestfs@lists.libguestfs.org\n"
"POT-Creation-Date: 2020-07-06 15:46+0100\n"
"PO-Revision-Date: 2017-09-11 04:54+0000\n"
"Last-Translator: Zdenek <chmelarz@gmail.com>\n"
diff --git a/po-docs/de.po b/po-docs/de.po
index da449e9f..76abc8d3 100644
--- a/po-docs/de.po
+++ b/po-docs/de.po
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: libguestfs 1.39.12\n"
-"Report-Msgid-Bugs-To: libguestfs@redhat.com\n"
+"Report-Msgid-Bugs-To: guestfs@lists.libguestfs.org\n"
"POT-Creation-Date: 2020-07-06 15:46+0100\n"
"PO-Revision-Date: 2021-11-18 23:16+0000\n"
"Last-Translator: Ettore Atalan <atalanttore@googlemail.com>\n"
diff --git a/po-docs/en_GB.po b/po-docs/en_GB.po
index 283402a6..75610b9e 100644
--- a/po-docs/en_GB.po
+++ b/po-docs/en_GB.po
@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: libguestfs 1.39.12\n"
-"Report-Msgid-Bugs-To: libguestfs@redhat.com\n"
+"Report-Msgid-Bugs-To: guestfs@lists.libguestfs.org\n"
"POT-Creation-Date: 2020-07-06 15:46+0100\n"
"PO-Revision-Date: 2015-02-21 10:15+0000\n"
"Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
diff --git a/po-docs/es.po b/po-docs/es.po
index a163e26d..defbd61d 100644
--- a/po-docs/es.po
+++ b/po-docs/es.po
@@ -9,7 +9,7 @@
msgid ""
msgstr ""
"Project-Id-Version: libguestfs 1.39.12\n"
-"Report-Msgid-Bugs-To: libguestfs@redhat.com\n"
+"Report-Msgid-Bugs-To: guestfs@lists.libguestfs.org\n"
"POT-Creation-Date: 2020-07-06 15:46+0100\n"
"PO-Revision-Date: 2023-02-05 15:20+0000\n"
"Last-Translator: Emilio Herrera <ehespinosa57@gmail.com>\n"
diff --git a/po-docs/eu.po b/po-docs/eu.po
index 7f1f634b..63653271 100644
--- a/po-docs/eu.po
+++ b/po-docs/eu.po
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: libguestfs 1.39.12\n"
-"Report-Msgid-Bugs-To: libguestfs@redhat.com\n"
+"Report-Msgid-Bugs-To: guestfs@lists.libguestfs.org\n"
"POT-Creation-Date: 2020-07-06 15:46+0100\n"
"PO-Revision-Date: 2015-02-21 10:17+0000\n"
"Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
diff --git a/po-docs/fi.po b/po-docs/fi.po
index d96bfd38..361de115 100644
--- a/po-docs/fi.po
+++ b/po-docs/fi.po
@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: libguestfs 1.43.1\n"
-"Report-Msgid-Bugs-To: libguestfs@redhat.com\n"
+"Report-Msgid-Bugs-To: guestfs@lists.libguestfs.org\n"
"POT-Creation-Date: 2020-08-12 15:34+0200\n"
"PO-Revision-Date: 2022-12-23 18:20+0000\n"
"Last-Translator: Jan Kuparinen <copper_fin@hotmail.com>\n"
diff --git a/po-docs/fr.po b/po-docs/fr.po
index f411d189..cd903c0e 100644
--- a/po-docs/fr.po
+++ b/po-docs/fr.po
@@ -8,7 +8,7 @@
msgid ""
msgstr ""
"Project-Id-Version: libguestfs 1.39.12\n"
-"Report-Msgid-Bugs-To: libguestfs@redhat.com\n"
+"Report-Msgid-Bugs-To: guestfs@lists.libguestfs.org\n"
"POT-Creation-Date: 2020-07-06 15:46+0100\n"
"PO-Revision-Date: 2015-02-21 10:19+0000\n"
"Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
diff --git a/po-docs/ja.po b/po-docs/ja.po
index 4120b2de..d90437dc 100644
--- a/po-docs/ja.po
+++ b/po-docs/ja.po
@@ -12,7 +12,7 @@
msgid ""
msgstr ""
"Project-Id-Version: libguestfs 1.39.12\n"
-"Report-Msgid-Bugs-To: libguestfs@redhat.com\n"
+"Report-Msgid-Bugs-To: guestfs@lists.libguestfs.org\n"
"POT-Creation-Date: 2020-07-06 15:46+0100\n"
"PO-Revision-Date: 2017-02-24 07:33+0000\n"
"Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
diff --git a/po-docs/libguestfs-docs.pot b/po-docs/libguestfs-docs.pot
index 8e33712f..3954a51e 100644
--- a/po-docs/libguestfs-docs.pot
+++ b/po-docs/libguestfs-docs.pot
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: libguestfs 1.43.1\n"
-"Report-Msgid-Bugs-To: libguestfs@redhat.com\n"
+"Report-Msgid-Bugs-To: guestfs@lists.libguestfs.org\n"
"POT-Creation-Date: 2020-08-12 15:34+0200\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
diff --git a/po-docs/nl.po b/po-docs/nl.po
index 571f3523..0cf147ee 100644
--- a/po-docs/nl.po
+++ b/po-docs/nl.po
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: libguestfs 1.39.12\n"
-"Report-Msgid-Bugs-To: libguestfs@redhat.com\n"
+"Report-Msgid-Bugs-To: guestfs@lists.libguestfs.org\n"
"POT-Creation-Date: 2020-07-06 15:46+0100\n"
"PO-Revision-Date: 2015-02-21 10:33+0000\n"
"Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
diff --git a/po-docs/pt_BR.po b/po-docs/pt_BR.po
index 87c0059f..229f49c3 100644
--- a/po-docs/pt_BR.po
+++ b/po-docs/pt_BR.po
@@ -3,7 +3,7 @@
msgid ""
msgstr ""
"Project-Id-Version: libguestfs 1.39.12\n"
-"Report-Msgid-Bugs-To: libguestfs@redhat.com\n"
+"Report-Msgid-Bugs-To: guestfs@lists.libguestfs.org\n"
"POT-Creation-Date: 2020-07-06 15:46+0100\n"
"PO-Revision-Date: 2017-01-29 09:50+0000\n"
"Last-Translator: Rodrigo de Araujo Sousa Fonseca "
diff --git a/po-docs/si.po b/po-docs/si.po
index e7327945..aa7f5f97 100644
--- a/po-docs/si.po
+++ b/po-docs/si.po
@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: libguestfs 1.43.1\n"
-"Report-Msgid-Bugs-To: libguestfs@redhat.com\n"
+"Report-Msgid-Bugs-To: guestfs@lists.libguestfs.org\n"
"POT-Creation-Date: 2020-08-12 15:34+0200\n"
"PO-Revision-Date: 2021-08-19 07:04+0000\n"
"Last-Translator: Hela Basa <r45xveza@pm.me>\n"
diff --git a/po-docs/tg.po b/po-docs/tg.po
index 446653ab..9e6fa072 100644
--- a/po-docs/tg.po
+++ b/po-docs/tg.po
@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: libguestfs 1.39.12\n"
-"Report-Msgid-Bugs-To: libguestfs@redhat.com\n"
+"Report-Msgid-Bugs-To: guestfs@lists.libguestfs.org\n"
"POT-Creation-Date: 2020-07-06 15:46+0100\n"
"PO-Revision-Date: 2015-02-21 10:34+0000\n"
"Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
diff --git a/po-docs/uk.po b/po-docs/uk.po
index 52b5ce56..960ea8f8 100644
--- a/po-docs/uk.po
+++ b/po-docs/uk.po
@@ -15,7 +15,7 @@
msgid ""
msgstr ""
"Project-Id-Version: libguestfs 1.39.12\n"
-"Report-Msgid-Bugs-To: libguestfs@redhat.com\n"
+"Report-Msgid-Bugs-To: guestfs@lists.libguestfs.org\n"
"POT-Creation-Date: 2020-07-06 15:46+0100\n"
"PO-Revision-Date: 2020-08-16 15:29+0000\n"
"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
diff --git a/po-docs/zh_CN.po b/po-docs/zh_CN.po
index 7c546775..0c15c1c1 100644
--- a/po-docs/zh_CN.po
+++ b/po-docs/zh_CN.po
@@ -8,7 +8,7 @@
msgid ""
msgstr ""
"Project-Id-Version: libguestfs 1.39.12\n"
-"Report-Msgid-Bugs-To: libguestfs@redhat.com\n"
+"Report-Msgid-Bugs-To: guestfs@lists.libguestfs.org\n"
"POT-Creation-Date: 2020-07-06 15:46+0100\n"
"PO-Revision-Date: 2017-07-24 08:04+0000\n"
"Last-Translator: cheng ye <18969068329@163.com>\n"
diff --git a/python/setup.py.in b/python/setup.py.in
index aa9fb7ad..17571944 100644
--- a/python/setup.py.in
+++ b/python/setup.py.in
@@ -30,7 +30,7 @@ This package contains the Python bindings for libguestfs.
""",
author='The @PACKAGE_NAME@ team',
- author_email='libguestfs@redhat.com',
+ author_email='guestfs@lists.libguestfs.org',
url='http://libguestfs.org',
license='LGPLv2+',

590
SOURCES/0029-New-mailing-list-archives.patch Normal file
View File

@ -0,0 +1,590 @@
From 86408417cfe9d742b70104187e52b775e89e497e Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 16 Nov 2023 10:52:11 +0000
Subject: [PATCH] New mailing list archives
(cherry picked from commit b2f3994de26c25d61ed94d2ee3b2ea9600755ee1)
---
README | 2 +-
configure.ac | 2 +-
docs/guestfs-faq.pod | 6 +++---
docs/guestfs-hacking.pod | 2 +-
docs/guestfs-security.pod | 2 +-
docs/guestfs-testing.pod | 2 +-
po-docs/cs.po | 4 ++--
po-docs/de.po | 4 ++--
po-docs/en_GB.po | 8 ++++----
po-docs/es.po | 4 ++--
po-docs/eu.po | 4 ++--
po-docs/fi.po | 12 ++++++------
po-docs/fr.po | 4 ++--
po-docs/ja.po | 6 +++---
po-docs/libguestfs-docs.pot | 12 ++++++------
po-docs/nl.po | 4 ++--
po-docs/pt_BR.po | 4 ++--
po-docs/si.po | 12 ++++++------
po-docs/tg.po | 4 ++--
po-docs/uk.po | 6 +++---
po-docs/zh_CN.po | 4 ++--
website/index.html.in | 2 +-
22 files changed, 55 insertions(+), 55 deletions(-)
diff --git a/README b/README
index 40a7267e..b350edb5 100644
--- a/README
+++ b/README
@@ -6,7 +6,7 @@ disk images. For more information see the home page:
For discussion, development, patches, etc. please use the mailing
list:
- http://www.redhat.com/mailman/listinfo/libguestfs
+ https://lists.libguestfs.org
To find out how to build libguestfs from source, read:
diff --git a/configure.ac b/configure.ac
index b72e99cf..92479e20 100644
--- a/configure.ac
+++ b/configure.ac
@@ -321,7 +321,7 @@ echo "If any optional component is configured 'no' when you expected 'yes'"
echo "then you should check the preceding messages."
echo
echo "Please report bugs back to the mailing list:"
-echo "http://www.redhat.com/mailman/listinfo/libguestfs"
+echo "https://lists.libguestfs.org"
echo
echo "Next you should type 'make' to build the package,"
echo "then 'make check' to run the tests."
diff --git a/docs/guestfs-faq.pod b/docs/guestfs-faq.pod
index 1e83a9c5..3a03282f 100644
--- a/docs/guestfs-faq.pod
+++ b/docs/guestfs-faq.pod
@@ -106,7 +106,7 @@ contact S<Red Hat Support>: L<http://redhat.com/support>
There is a mailing list, mainly for development, but users are also
welcome to ask questions about libguestfs and the virt tools:
-L<https://www.redhat.com/mailman/listinfo/libguestfs>
+L<https://lists.libguestfs.org>
You can also talk to us on IRC channel C<#guestfs> on Libera Chat.
We're not always around, so please stay in the channel after asking
@@ -1289,7 +1289,7 @@ documented stable API.
=head2 Where do I send patches?
Please send patches to the libguestfs mailing list
-L<https://www.redhat.com/mailman/listinfo/libguestfs>. You don't have
+L<https://lists.libguestfs.org>. You don't have
to be subscribed, but there will be a delay until your posting is
manually approved.
@@ -1302,7 +1302,7 @@ prefer to have a linear history.
Large new features that you intend to contribute should be discussed
on the mailing list first
-(L<https://www.redhat.com/mailman/listinfo/libguestfs>). This avoids
+(L<https://lists.libguestfs.org>). This avoids
disappointment and wasted work if we don't think the feature would fit
into the libguestfs project.
diff --git a/docs/guestfs-hacking.pod b/docs/guestfs-hacking.pod
index e1b47ec1..987697b2 100644
--- a/docs/guestfs-hacking.pod
+++ b/docs/guestfs-hacking.pod
@@ -804,7 +804,7 @@ examining the F<tmp/valgrind*> log files carefully.
=head2 SUBMITTING PATCHES
Submit patches to the mailing list:
-L<http://www.redhat.com/mailman/listinfo/libguestfs>
+L<https://lists.libguestfs.org>
and CC to L<rjones@redhat.com>.
You do not need to subscribe to the mailing list if you dont want to.
diff --git a/docs/guestfs-security.pod b/docs/guestfs-security.pod
index afacb091..60d22952 100644
--- a/docs/guestfs-security.pod
+++ b/docs/guestfs-security.pod
@@ -15,7 +15,7 @@ L<https://access.redhat.com/security/team/contact>
If the security problem is not so serious, you can simply file a bug
(see L</BUGS> below), or send an email to our mailing list
-(L<https://www.redhat.com/mailman/listinfo/libguestfs>). You do not
+(L<https://lists.libguestfs.org>). You do not
need to subscribe to the mailing list to send email, but there will be
a delay while the message is moderated.
diff --git a/docs/guestfs-testing.pod b/docs/guestfs-testing.pod
index c7b44928..ee4b26d6 100644
--- a/docs/guestfs-testing.pod
+++ b/docs/guestfs-testing.pod
@@ -21,7 +21,7 @@ or post on the mailing list (registration is B<not> required, but if
you're not registered then you'll have to wait for a moderator to
manually approve your message):
-L<https://www.redhat.com/mailman/listinfo/libguestfs>
+L<https://lists.libguestfs.org>
=head1 TESTS
diff --git a/po-docs/cs.po b/po-docs/cs.po
index d50e53bf..60c29165 100644
--- a/po-docs/cs.po
+++ b/po-docs/cs.po
@@ -16000,7 +16000,7 @@ msgstr ""
#: ../docs/guestfs-faq.pod:1297
msgid ""
"Large new features that you intend to contribute should be discussed on the "
-"mailing list first (L<https://www.redhat.com/mailman/listinfo/libguestfs>). "
+"mailing list first (L<https://lists.libguestfs.org>). "
"This avoids disappointment and wasted work if we don't think the feature "
"would fit into the libguestfs project."
msgstr ""
@@ -38700,7 +38700,7 @@ msgstr ""
#. type: textblock
#: ../docs/guestfs-testing.pod:24
-msgid "L<https://www.redhat.com/mailman/listinfo/libguestfs>"
+msgid "L<https://lists.libguestfs.org>"
msgstr ""
#. type: =head1
diff --git a/po-docs/de.po b/po-docs/de.po
index 76abc8d3..565cd66f 100644
--- a/po-docs/de.po
+++ b/po-docs/de.po
@@ -16118,7 +16118,7 @@ msgstr ""
#: ../docs/guestfs-faq.pod:1297
msgid ""
"Large new features that you intend to contribute should be discussed on the "
-"mailing list first (L<https://www.redhat.com/mailman/listinfo/libguestfs>). "
+"mailing list first (L<https://lists.libguestfs.org>). "
"This avoids disappointment and wasted work if we don't think the feature "
"would fit into the libguestfs project."
msgstr ""
@@ -38822,7 +38822,7 @@ msgstr ""
#. type: textblock
#: ../docs/guestfs-testing.pod:24
-msgid "L<https://www.redhat.com/mailman/listinfo/libguestfs>"
+msgid "L<https://lists.libguestfs.org>"
msgstr ""
#. type: =head1
diff --git a/po-docs/en_GB.po b/po-docs/en_GB.po
index 75610b9e..31edb8bf 100644
--- a/po-docs/en_GB.po
+++ b/po-docs/en_GB.po
@@ -17054,12 +17054,12 @@ msgstr "How do I propose a feature?"
#: ../docs/guestfs-faq.pod:1297
msgid ""
"Large new features that you intend to contribute should be discussed on the "
-"mailing list first (L<https://www.redhat.com/mailman/listinfo/libguestfs>). "
+"mailing list first (L<https://lists.libguestfs.org>). "
"This avoids disappointment and wasted work if we don't think the feature "
"would fit into the libguestfs project."
msgstr ""
"Large new features that you intend to contribute should be discussed on the "
-"mailing list first (L<https://www.redhat.com/mailman/listinfo/libguestfs>). "
+"mailing list first (L<https://lists.libguestfs.org>). "
"This avoids disappointment and wasted work if we don't think the feature "
"would fit into the libguestfs project."
@@ -42254,8 +42254,8 @@ msgstr ""
#. type: textblock
#: ../docs/guestfs-testing.pod:24
-msgid "L<https://www.redhat.com/mailman/listinfo/libguestfs>"
-msgstr "L<https://www.redhat.com/mailman/listinfo/libguestfs>"
+msgid "L<https://lists.libguestfs.org>"
+msgstr "L<https://lists.libguestfs.org>"
#. type: =head1
#: ../docs/guestfs-testing.pod:26
diff --git a/po-docs/es.po b/po-docs/es.po
index defbd61d..c84192f4 100644
--- a/po-docs/es.po
+++ b/po-docs/es.po
@@ -16057,7 +16057,7 @@ msgstr ""
#: ../docs/guestfs-faq.pod:1297
msgid ""
"Large new features that you intend to contribute should be discussed on the "
-"mailing list first (L<https://www.redhat.com/mailman/listinfo/libguestfs>). "
+"mailing list first (L<https://lists.libguestfs.org>). "
"This avoids disappointment and wasted work if we don't think the feature "
"would fit into the libguestfs project."
msgstr ""
@@ -38908,7 +38908,7 @@ msgstr ""
#. type: textblock
#: ../docs/guestfs-testing.pod:24
-msgid "L<https://www.redhat.com/mailman/listinfo/libguestfs>"
+msgid "L<https://lists.libguestfs.org>"
msgstr ""
#. type: =head1
diff --git a/po-docs/eu.po b/po-docs/eu.po
index 63653271..44bc885d 100644
--- a/po-docs/eu.po
+++ b/po-docs/eu.po
@@ -15951,7 +15951,7 @@ msgstr ""
#: ../docs/guestfs-faq.pod:1297
msgid ""
"Large new features that you intend to contribute should be discussed on the "
-"mailing list first (L<https://www.redhat.com/mailman/listinfo/libguestfs>). "
+"mailing list first (L<https://lists.libguestfs.org>). "
"This avoids disappointment and wasted work if we don't think the feature "
"would fit into the libguestfs project."
msgstr ""
@@ -38651,7 +38651,7 @@ msgstr ""
#. type: textblock
#: ../docs/guestfs-testing.pod:24
-msgid "L<https://www.redhat.com/mailman/listinfo/libguestfs>"
+msgid "L<https://lists.libguestfs.org>"
msgstr ""
#. type: =head1
diff --git a/po-docs/fi.po b/po-docs/fi.po
index 361de115..3ff70b33 100644
--- a/po-docs/fi.po
+++ b/po-docs/fi.po
@@ -13507,7 +13507,7 @@ msgstr ""
msgid ""
"There is a mailing list, mainly for development, but users are also welcome "
"to ask questions about libguestfs and the virt tools: "
-"L<https://www.redhat.com/mailman/listinfo/libguestfs>"
+"L<https://lists.libguestfs.org>"
msgstr ""
#. type: textblock
@@ -15849,7 +15849,7 @@ msgstr ""
#: docs/guestfs-faq.pod:1285
msgid ""
"Please send patches to the libguestfs mailing list "
-"L<https://www.redhat.com/mailman/listinfo/libguestfs>. You don't have to be "
+"L<https://lists.libguestfs.org>. You don't have to be "
"subscribed, but there will be a delay until your posting is manually "
"approved."
msgstr ""
@@ -15872,7 +15872,7 @@ msgstr ""
#: docs/guestfs-faq.pod:1297
msgid ""
"Large new features that you intend to contribute should be discussed on the "
-"mailing list first (L<https://www.redhat.com/mailman/listinfo/libguestfs>). "
+"mailing list first (L<https://lists.libguestfs.org>). "
"This avoids disappointment and wasted work if we don't think the feature "
"would fit into the libguestfs project."
msgstr ""
@@ -17816,7 +17816,7 @@ msgstr ""
#: docs/guestfs-hacking.pod:840
msgid ""
"Submit patches to the mailing list: "
-"L<http://www.redhat.com/mailman/listinfo/libguestfs> and CC to "
+"L<https://lists.libguestfs.org> and CC to "
"L<rjones@redhat.com>."
msgstr ""
@@ -37995,7 +37995,7 @@ msgstr ""
msgid ""
"If the security problem is not so serious, you can simply file a bug (see "
"L</BUGS> below), or send an email to our mailing list "
-"(L<https://www.redhat.com/mailman/listinfo/libguestfs>). You do not need to "
+"(L<https://lists.libguestfs.org>). You do not need to "
"subscribe to the mailing list to send email, but there will be a delay while "
"the message is moderated."
msgstr ""
@@ -38598,7 +38598,7 @@ msgstr ""
#. type: textblock
#: docs/guestfs-testing.pod:24
-msgid "L<https://www.redhat.com/mailman/listinfo/libguestfs>"
+msgid "L<https://lists.libguestfs.org>"
msgstr ""
#. type: =head1
diff --git a/po-docs/fr.po b/po-docs/fr.po
index cd903c0e..34b6149e 100644
--- a/po-docs/fr.po
+++ b/po-docs/fr.po
@@ -16363,7 +16363,7 @@ msgstr ""
#: ../docs/guestfs-faq.pod:1297
msgid ""
"Large new features that you intend to contribute should be discussed on the "
-"mailing list first (L<https://www.redhat.com/mailman/listinfo/libguestfs>). "
+"mailing list first (L<https://lists.libguestfs.org>). "
"This avoids disappointment and wasted work if we don't think the feature "
"would fit into the libguestfs project."
msgstr ""
@@ -40728,7 +40728,7 @@ msgstr ""
#. type: textblock
#: ../docs/guestfs-testing.pod:24
-msgid "L<https://www.redhat.com/mailman/listinfo/libguestfs>"
+msgid "L<https://lists.libguestfs.org>"
msgstr ""
#. type: =head1
diff --git a/po-docs/ja.po b/po-docs/ja.po
index d90437dc..d00d73d2 100644
--- a/po-docs/ja.po
+++ b/po-docs/ja.po
@@ -16574,7 +16574,7 @@ msgstr ""
#: ../docs/guestfs-faq.pod:1297
msgid ""
"Large new features that you intend to contribute should be discussed on the "
-"mailing list first (L<https://www.redhat.com/mailman/listinfo/libguestfs>). "
+"mailing list first (L<https://lists.libguestfs.org>). "
"This avoids disappointment and wasted work if we don't think the feature "
"would fit into the libguestfs project."
msgstr ""
@@ -39859,8 +39859,8 @@ msgstr ""
#. type: textblock
#: ../docs/guestfs-testing.pod:24
-msgid "L<https://www.redhat.com/mailman/listinfo/libguestfs>"
-msgstr "L<https://www.redhat.com/mailman/listinfo/libguestfs>"
+msgid "L<https://lists.libguestfs.org>"
+msgstr "L<https://lists.libguestfs.org>"
#. type: =head1
#: ../docs/guestfs-testing.pod:26
diff --git a/po-docs/libguestfs-docs.pot b/po-docs/libguestfs-docs.pot
index 3954a51e..56d0777b 100644
--- a/po-docs/libguestfs-docs.pot
+++ b/po-docs/libguestfs-docs.pot
@@ -13453,7 +13453,7 @@ msgstr ""
msgid ""
"There is a mailing list, mainly for development, but users are also welcome "
"to ask questions about libguestfs and the virt tools: "
-"L<https://www.redhat.com/mailman/listinfo/libguestfs>"
+"L<https://lists.libguestfs.org>"
msgstr ""
#. type: textblock
@@ -15795,7 +15795,7 @@ msgstr ""
#: docs/guestfs-faq.pod:1285
msgid ""
"Please send patches to the libguestfs mailing list "
-"L<https://www.redhat.com/mailman/listinfo/libguestfs>. You don't have to be "
+"L<https://lists.libguestfs.org>. You don't have to be "
"subscribed, but there will be a delay until your posting is manually "
"approved."
msgstr ""
@@ -15818,7 +15818,7 @@ msgstr ""
#: docs/guestfs-faq.pod:1297
msgid ""
"Large new features that you intend to contribute should be discussed on the "
-"mailing list first (L<https://www.redhat.com/mailman/listinfo/libguestfs>). "
+"mailing list first (L<https://lists.libguestfs.org>). "
"This avoids disappointment and wasted work if we don't think the feature "
"would fit into the libguestfs project."
msgstr ""
@@ -17762,7 +17762,7 @@ msgstr ""
#: docs/guestfs-hacking.pod:840
msgid ""
"Submit patches to the mailing list: "
-"L<http://www.redhat.com/mailman/listinfo/libguestfs> and CC to "
+"L<https://lists.libguestfs.org> and CC to "
"L<rjones@redhat.com>."
msgstr ""
@@ -37939,7 +37939,7 @@ msgstr ""
msgid ""
"If the security problem is not so serious, you can simply file a bug (see "
"L</BUGS> below), or send an email to our mailing list "
-"(L<https://www.redhat.com/mailman/listinfo/libguestfs>). You do not need to "
+"(L<https://lists.libguestfs.org>). You do not need to "
"subscribe to the mailing list to send email, but there will be a delay while "
"the message is moderated."
msgstr ""
@@ -38542,7 +38542,7 @@ msgstr ""
#. type: textblock
#: docs/guestfs-testing.pod:24
-msgid "L<https://www.redhat.com/mailman/listinfo/libguestfs>"
+msgid "L<https://lists.libguestfs.org>"
msgstr ""
#. type: =head1
diff --git a/po-docs/nl.po b/po-docs/nl.po
index 0cf147ee..1f8ac7d0 100644
--- a/po-docs/nl.po
+++ b/po-docs/nl.po
@@ -15951,7 +15951,7 @@ msgstr ""
#: ../docs/guestfs-faq.pod:1297
msgid ""
"Large new features that you intend to contribute should be discussed on the "
-"mailing list first (L<https://www.redhat.com/mailman/listinfo/libguestfs>). "
+"mailing list first (L<https://lists.libguestfs.org>). "
"This avoids disappointment and wasted work if we don't think the feature "
"would fit into the libguestfs project."
msgstr ""
@@ -38651,7 +38651,7 @@ msgstr ""
#. type: textblock
#: ../docs/guestfs-testing.pod:24
-msgid "L<https://www.redhat.com/mailman/listinfo/libguestfs>"
+msgid "L<https://lists.libguestfs.org>"
msgstr ""
#. type: =head1
diff --git a/po-docs/pt_BR.po b/po-docs/pt_BR.po
index 229f49c3..d69895cf 100644
--- a/po-docs/pt_BR.po
+++ b/po-docs/pt_BR.po
@@ -15947,7 +15947,7 @@ msgstr ""
#: ../docs/guestfs-faq.pod:1297
msgid ""
"Large new features that you intend to contribute should be discussed on the "
-"mailing list first (L<https://www.redhat.com/mailman/listinfo/libguestfs>). "
+"mailing list first (L<https://lists.libguestfs.org>). "
"This avoids disappointment and wasted work if we don't think the feature "
"would fit into the libguestfs project."
msgstr ""
@@ -38647,7 +38647,7 @@ msgstr ""
#. type: textblock
#: ../docs/guestfs-testing.pod:24
-msgid "L<https://www.redhat.com/mailman/listinfo/libguestfs>"
+msgid "L<https://lists.libguestfs.org>"
msgstr ""
#. type: =head1
diff --git a/po-docs/si.po b/po-docs/si.po
index aa7f5f97..de16c4ac 100644
--- a/po-docs/si.po
+++ b/po-docs/si.po
@@ -13455,7 +13455,7 @@ msgstr ""
msgid ""
"There is a mailing list, mainly for development, but users are also welcome "
"to ask questions about libguestfs and the virt tools: "
-"L<https://www.redhat.com/mailman/listinfo/libguestfs>"
+"L<https://lists.libguestfs.org>"
msgstr ""
#. type: textblock
@@ -15797,7 +15797,7 @@ msgstr ""
#: docs/guestfs-faq.pod:1285
msgid ""
"Please send patches to the libguestfs mailing list "
-"L<https://www.redhat.com/mailman/listinfo/libguestfs>. You don't have to be "
+"L<https://lists.libguestfs.org>. You don't have to be "
"subscribed, but there will be a delay until your posting is manually "
"approved."
msgstr ""
@@ -15820,7 +15820,7 @@ msgstr ""
#: docs/guestfs-faq.pod:1297
msgid ""
"Large new features that you intend to contribute should be discussed on the "
-"mailing list first (L<https://www.redhat.com/mailman/listinfo/libguestfs>). "
+"mailing list first (L<https://lists.libguestfs.org>). "
"This avoids disappointment and wasted work if we don't think the feature "
"would fit into the libguestfs project."
msgstr ""
@@ -17764,7 +17764,7 @@ msgstr ""
#: docs/guestfs-hacking.pod:840
msgid ""
"Submit patches to the mailing list: "
-"L<http://www.redhat.com/mailman/listinfo/libguestfs> and CC to "
+"L<https://lists.libguestfs.org> and CC to "
"L<rjones@redhat.com>."
msgstr ""
@@ -37941,7 +37941,7 @@ msgstr ""
msgid ""
"If the security problem is not so serious, you can simply file a bug (see "
"L</BUGS> below), or send an email to our mailing list "
-"(L<https://www.redhat.com/mailman/listinfo/libguestfs>). You do not need to "
+"(L<https://lists.libguestfs.org>). You do not need to "
"subscribe to the mailing list to send email, but there will be a delay while "
"the message is moderated."
msgstr ""
@@ -38544,7 +38544,7 @@ msgstr ""
#. type: textblock
#: docs/guestfs-testing.pod:24
-msgid "L<https://www.redhat.com/mailman/listinfo/libguestfs>"
+msgid "L<https://lists.libguestfs.org>"
msgstr ""
#. type: =head1
diff --git a/po-docs/tg.po b/po-docs/tg.po
index 9e6fa072..80db7183 100644
--- a/po-docs/tg.po
+++ b/po-docs/tg.po
@@ -15952,7 +15952,7 @@ msgstr ""
#: ../docs/guestfs-faq.pod:1297
msgid ""
"Large new features that you intend to contribute should be discussed on the "
-"mailing list first (L<https://www.redhat.com/mailman/listinfo/libguestfs>). "
+"mailing list first (L<https://lists.libguestfs.org>). "
"This avoids disappointment and wasted work if we don't think the feature "
"would fit into the libguestfs project."
msgstr ""
@@ -38652,7 +38652,7 @@ msgstr ""
#. type: textblock
#: ../docs/guestfs-testing.pod:24
-msgid "L<https://www.redhat.com/mailman/listinfo/libguestfs>"
+msgid "L<https://lists.libguestfs.org>"
msgstr ""
#. type: =head1
diff --git a/po-docs/uk.po b/po-docs/uk.po
index 960ea8f8..40c96852 100644
--- a/po-docs/uk.po
+++ b/po-docs/uk.po
@@ -19726,7 +19726,7 @@ msgstr "Як запропонувати нову можливість?"
#: ../docs/guestfs-faq.pod:1297
msgid ""
"Large new features that you intend to contribute should be discussed on the "
-"mailing list first (L<https://www.redhat.com/mailman/listinfo/libguestfs>). "
+"mailing list first (L<https://lists.libguestfs.org>). "
"This avoids disappointment and wasted work if we don't think the feature "
"would fit into the libguestfs project."
msgstr ""
@@ -47713,8 +47713,8 @@ msgstr ""
#. type: textblock
#: ../docs/guestfs-testing.pod:24
-msgid "L<https://www.redhat.com/mailman/listinfo/libguestfs>"
-msgstr "L<https://www.redhat.com/mailman/listinfo/libguestfs>"
+msgid "L<https://lists.libguestfs.org>"
+msgstr "L<https://lists.libguestfs.org>"
#. type: =head1
#: ../docs/guestfs-testing.pod:26
diff --git a/po-docs/zh_CN.po b/po-docs/zh_CN.po
index 0c15c1c1..1ad0e1cd 100644
--- a/po-docs/zh_CN.po
+++ b/po-docs/zh_CN.po
@@ -15954,7 +15954,7 @@ msgstr ""
#: ../docs/guestfs-faq.pod:1297
msgid ""
"Large new features that you intend to contribute should be discussed on the "
-"mailing list first (L<https://www.redhat.com/mailman/listinfo/libguestfs>). "
+"mailing list first (L<https://lists.libguestfs.org>). "
"This avoids disappointment and wasted work if we don't think the feature "
"would fit into the libguestfs project."
msgstr ""
@@ -38654,7 +38654,7 @@ msgstr ""
#. type: textblock
#: ../docs/guestfs-testing.pod:24
-msgid "L<https://www.redhat.com/mailman/listinfo/libguestfs>"
+msgid "L<https://lists.libguestfs.org>"
msgstr ""
#. type: =head1
diff --git a/website/index.html.in b/website/index.html.in
index 91088b59..e7a03d6d 100644
--- a/website/index.html.in
+++ b/website/index.html.in
@@ -54,7 +54,7 @@ guestfish --ro -i -a disk.img
<p>
Join us on
-the <a href="http://www.redhat.com/mailman/listinfo/libguestfs">libguestfs
+the <a href="https://lists.libguestfs.org">libguestfs
mailing list</a>, or on IRC channel <code>#guestfs</code>
on <a href="https://libera.chat/">Libera Chat</a>.
</p>

25
SOURCES/0030-lib-Include-libxml-parser.h-for-xmlReadMemory.patch Normal file
View File

@ -0,0 +1,25 @@
From f6f2f56535a54a90a5c02974eba09bb7a8f0709c Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Mon, 27 Nov 2023 14:04:33 +0000
Subject: [PATCH] lib: Include <libxml/parser.h> for xmlReadMemory
Since libxml2 2.12.1 including this header is required to have this
function declared.
(cherry picked from commit 02c39dc5e8109ddb911d90759883a504008ba509)
---
lib/launch-libvirt.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/launch-libvirt.c b/lib/launch-libvirt.c
index d4bf1a8f..79465dd4 100644
--- a/lib/launch-libvirt.c
+++ b/lib/launch-libvirt.c
@@ -38,6 +38,7 @@
#include <libvirt/virterror.h>
#endif
+#include <libxml/parser.h>
#include <libxml/xmlwriter.h>
#include <libxml/xpath.h>

132
SOURCES/0031-ocaml-Use-Gc.finalise-instead-of-a-C-finalizer.patch Normal file
View File

@ -0,0 +1,132 @@
From 836b63ce6d6a47f0d8179ccd3c96ce152396ba77 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Wed, 13 Dec 2023 22:50:56 +0000
Subject: [PATCH] ocaml: Use Gc.finalise instead of a C finalizer
Since OCaml 5.1.1, changes to custom blocks caused C finalizers that
call caml_enter_blocking_section to stop working (if they ever did
before). They are relatively inflexible compared to registering an
OCaml finalizer (Gc.finalise) to call Guestfs.close, so use that
instead.
Suggested-by: Guillaume Munch-Maccagnoni
See: https://github.com/ocaml/ocaml/issues/12820
See: https://gitlab.com/nbdkit/libnbd/-/commit/db48794fa89547a4799b832331e82b4b8b98f03d
(cherry picked from commit 61418535ad63b5a2a91f1caf4703d7134834e4dd)
---
generator/OCaml.ml | 7 ++++-
ocaml/guestfs-c.c | 69 +++++++++++++++++++++-------------------------
2 files changed, 37 insertions(+), 39 deletions(-)
diff --git a/generator/OCaml.ml b/generator/OCaml.ml
index 07ccd269..1e6f603a 100644
--- a/generator/OCaml.ml
+++ b/generator/OCaml.ml
@@ -312,10 +312,15 @@ type t
exception Error of string
exception Handle_closed of string
-external create : ?environment:bool -> ?close_on_exit:bool -> unit -> t =
+external _create : ?environment:bool -> ?close_on_exit:bool -> unit -> t =
\"guestfs_int_ocaml_create\"
external close : t -> unit = \"guestfs_int_ocaml_close\"
+let create ?environment ?close_on_exit () =
+ let g = _create ?environment ?close_on_exit () in
+ Gc.finalise close g;
+ g
+
type event =
";
List.iter (
diff --git a/ocaml/guestfs-c.c b/ocaml/guestfs-c.c
index 8a8761e8..700c33ab 100644
--- a/ocaml/guestfs-c.c
+++ b/ocaml/guestfs-c.c
@@ -61,43 +61,10 @@ value guestfs_int_ocaml_delete_event_callback (value gv, value eh);
value guestfs_int_ocaml_event_to_string (value events);
value guestfs_int_ocaml_last_errno (value gv);
-/* Allocate handles and deal with finalization. */
-static void
-guestfs_finalize (value gv)
-{
- guestfs_h *g = Guestfs_val (gv);
-
- if (g) {
- /* There is a nasty, difficult to solve case here where the
- * user deletes events in one of the callbacks that we are
- * about to invoke, resulting in a double-free. XXX
- */
- size_t len;
- value **roots = get_all_event_callbacks (g, &len);
-
- /* Close the handle: this could invoke callbacks from the list
- * above, which is why we don't want to delete them before
- * closing the handle.
- */
- caml_release_runtime_system ();
- guestfs_close (g);
- caml_acquire_runtime_system ();
-
- /* Now unregister the global roots. */
- if (roots && len > 0) {
- size_t i;
- for (i = 0; i < len; ++i) {
- caml_remove_generational_global_root (roots[i]);
- free (roots[i]);
- }
- free (roots);
- }
- }
-}
-
+/* Allocate handles. */
static struct custom_operations guestfs_custom_operations = {
(char *) "guestfs_custom_operations",
- guestfs_finalize,
+ custom_finalize_default,
custom_compare_default,
custom_hash_default,
custom_serialize_default,
@@ -179,11 +146,37 @@ value
guestfs_int_ocaml_close (value gv)
{
CAMLparam1 (gv);
+ guestfs_h *g = Guestfs_val (gv);
- guestfs_finalize (gv);
+ if (g) {
+ /* There is a nasty, difficult to solve case here where the
+ * user deletes events in one of the callbacks that we are
+ * about to invoke, resulting in a double-free. XXX
+ */
+ size_t len;
+ value **roots = get_all_event_callbacks (g, &len);
- /* So we don't double-free in the finalizer. */
- Guestfs_val (gv) = NULL;
+ /* Close the handle: this could invoke callbacks from the list
+ * above, which is why we don't want to delete them before
+ * closing the handle.
+ */
+ caml_release_runtime_system ();
+ guestfs_close (g);
+ caml_acquire_runtime_system ();
+
+ /* Now unregister the global roots. */
+ if (roots && len > 0) {
+ size_t i;
+ for (i = 0; i < len; ++i) {
+ caml_remove_generational_global_root (roots[i]);
+ free (roots[i]);
+ }
+ free (roots);
+ }
+
+ /* So we don't double-free. */
+ Guestfs_val (gv) = NULL;
+ }
CAMLreturn (Val_unit);
}

39
SOURCES/0032-ocaml-Nullify-custom-block-before-releasing-runtime-.patch Normal file
View File

@ -0,0 +1,39 @@
From a534de4f269ea3c2671b99172063e872204fb978 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 14 Dec 2023 08:33:10 +0000
Subject: [PATCH] ocaml: Nullify custom block before releasing runtime lock
Avoids a potential, though if possible then very rare, double free
path.
Suggested-by: Guillaume Munch-Maccagnoni
See: https://github.com/ocaml/ocaml/issues/12820
(cherry picked from commit e93fd7e8acf34192c0d1b70611e3474dde346941)
---
ocaml/guestfs-c.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/ocaml/guestfs-c.c b/ocaml/guestfs-c.c
index 700c33ab..ea9a0598 100644
--- a/ocaml/guestfs-c.c
+++ b/ocaml/guestfs-c.c
@@ -156,6 +156,9 @@ guestfs_int_ocaml_close (value gv)
size_t len;
value **roots = get_all_event_callbacks (g, &len);
+ /* So we don't double-free. */
+ Guestfs_val (gv) = NULL;
+
/* Close the handle: this could invoke callbacks from the list
* above, which is why we don't want to delete them before
* closing the handle.
@@ -173,9 +176,6 @@ guestfs_int_ocaml_close (value gv)
}
free (roots);
}
-
- /* So we don't double-free. */
- Guestfs_val (gv) = NULL;
}
CAMLreturn (Val_unit);

162
SOURCES/0033-Update-common-submodule.patch Normal file
View File

@ -0,0 +1,162 @@
From 7073e06b2e45ad1544e715d308662a00a6aa20ae Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 14 Dec 2023 09:03:49 +0000
Subject: [PATCH] Update common submodule
The list of patches is below. The one which matters for guestfish is
addition of --key all:... selector.
Andrey Drobyshev (1):
mldrivers: look for bootloader config in /boot/grub/grub.cfg in case of UEFI
Richard W.M. Jones (5):
mlxml: Include <libxml/parser.h> for xmlReadMemory
options/keys.c: Rewrite confusing match statement
options: Rewrite --key documentation fragment
options: Allow --key all:SELECTOR to be used to match any device
mltools/libosinfo-c.c: Fix off-by-one error
Fixes: https://issues.redhat.com/browse/RHEL-19367
(cherry picked from commit 7fd41b5a02b7a9d217150fa49940115a98aae329)
---
common | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Submodule common 9a8ba593..0dba002c:
diff --git a/common/mldrivers/linux_bootloaders.ml b/common/mldrivers/linux_bootloaders.ml
index 6f8857ef..91c5ab9e 100644
--- a/common/mldrivers/linux_bootloaders.ml
+++ b/common/mldrivers/linux_bootloaders.ml
@@ -375,6 +375,18 @@ let detect_bootloader (g : G.guestfs) root i_firmware =
with G.Error msg ->
error (f_"could not find bootloader mount point (%s): %s") mp msg in
+ (*
+ * Workaround for older UEFI-based Debian which may not have
+ * /boot/efi/EFI/debian/grub.cfg.
+ *)
+ let paths =
+ if g#exists "/boot/grub/grub.cfg" then
+ match i_firmware with
+ | Firmware.I_BIOS -> paths
+ | I_UEFI _ -> paths @ ["/boot/grub/grub.cfg"]
+ else paths
+ in
+
(* We can determine if the bootloader config file is grub 1 or
* grub 2 just by looking at the filename.
*)
diff --git a/common/mltools/libosinfo-c.c b/common/mltools/libosinfo-c.c
index 93357fd9..a48c8989 100644
--- a/common/mltools/libosinfo-c.c
+++ b/common/mltools/libosinfo-c.c
@@ -296,7 +296,7 @@ v2v_osinfo_os_get_device_drivers (value osv)
driver = OSINFO_DEVICE_DRIVER(osinfo_list_get_nth (OSINFO_LIST(list), i));
- vi = caml_alloc (6, 0);
+ vi = caml_alloc (7, 0);
str = osinfo_device_driver_get_architecture (driver);
copyv = caml_copy_string (str);
Store_field (vi, 0, copyv);
diff --git a/common/mlxml/xml-c.c b/common/mlxml/xml-c.c
index 715c3bb2..e024bd8a 100644
--- a/common/mlxml/xml-c.c
+++ b/common/mlxml/xml-c.c
@@ -34,6 +34,7 @@
#include <caml/memory.h>
#include <caml/mlvalues.h>
+#include <libxml/parser.h>
#include <libxml/xpath.h>
#include <libxml/xpathInternals.h>
#include <libxml/uri.h>
diff --git a/common/options/key-option.pod b/common/options/key-option.pod
index 6bc04df1..1470d863 100644
--- a/common/options/key-option.pod
+++ b/common/options/key-option.pod
@@ -1,22 +1,37 @@
=item B<--key> SELECTOR
Specify a key for LUKS, to automatically open a LUKS device when using
-the inspection. C<ID> can be either the libguestfs device name, or
-the UUID of the LUKS device.
+the inspection.
=over 4
-=item B<--key> C<ID>:key:KEY_STRING
+=item B<--key> NAMEB<:key:>KEY_STRING
+
+=item B<--key> UUIDB<:key:>KEY_STRING
+
+=item B<--key> B<all:key:>KEY_STRING
+
+C<NAME> is the libguestfs device name (eg. C</dev/sda1>). C<UUID> is
+the device UUID. C<all> means try the key against any encrypted
+device.
Use the specified C<KEY_STRING> as passphrase.
-=item B<--key> C<ID>:file:FILENAME
+=item B<--key> NAMEB<:file:>FILENAME
+
+=item B<--key> UUIDB<:file:>FILENAME
+
+=item B<--key> B<all:file:>FILENAME
Read the passphrase from F<FILENAME>.
-=item B<--key> C<ID>:clevis
+=item B<--key> NAMEB<:clevis>
-Attempt passphrase-less unlocking for C<ID> with Clevis, over the
+=item B<--key> UUIDB<:clevis>
+
+=item B<--key> B<all:clevis>
+
+Attempt passphrase-less unlocking for the device with Clevis, over the
network. Please refer to L<guestfs(3)/ENCRYPTED DISKS> for more
information on network-bound disk encryption (NBDE).
diff --git a/common/options/keys.c b/common/options/keys.c
index 52b27369..87acba51 100644
--- a/common/options/keys.c
+++ b/common/options/keys.c
@@ -20,6 +20,7 @@
#include <stdio.h>
#include <stdlib.h>
+#include <stdbool.h>
#include <unistd.h>
#include <termios.h>
#include <string.h>
@@ -152,9 +153,13 @@ get_keys (struct key_store *ks, const char *device, const char *uuid,
if (ks) {
for (i = 0; i < ks->nr_keys; ++i) {
struct key_store_key *key = &ks->keys[i];
+ bool key_id_matches_this_device;
- if (STRNEQ (key->id, device) && (!uuid || STRNEQ (key->id, uuid)))
- continue;
+ key_id_matches_this_device =
+ STREQ (key->id, "all") || /* special string "all" matches any device */
+ STREQ (key->id, device) ||
+ (uuid && STREQ (key->id, uuid));
+ if (!key_id_matches_this_device) continue;
switch (key->type) {
case key_string:
diff --git a/common/options/options.h b/common/options/options.h
index 94e8b9ee..dcb15c28 100644
--- a/common/options/options.h
+++ b/common/options/options.h
@@ -109,6 +109,8 @@ struct key_store_key {
* device name, or the UUID.
*
* There may be multiple matching devices in the list.
+ *
+ * This may be the special string "all" which matches any device.
*/
char *id;

35
SOURCES/0034-tests-Test-guestfish-key-all-.-selector.patch Normal file
View File

@ -0,0 +1,35 @@
From 5de9915acd31ffe430adc0df497173032560311c Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 14 Dec 2023 09:15:08 +0000
Subject: [PATCH] tests: Test guestfish --key all:... selector
(cherry picked from commit 40f43cc8ea6bd556749ee7ba280971aa8b043d27)
---
.../luks/test-key-option-inspect-luks-on-lvm.sh | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/tests/luks/test-key-option-inspect-luks-on-lvm.sh b/tests/luks/test-key-option-inspect-luks-on-lvm.sh
index 932862b1..2b60c797 100755
--- a/tests/luks/test-key-option-inspect-luks-on-lvm.sh
+++ b/tests/luks/test-key-option-inspect-luks-on-lvm.sh
@@ -119,3 +119,20 @@ eval "$fish_ref"
# Repeat the test.
check_filesystems
+
+# Exit the current guestfish background process.
+guestfish --remote -- exit
+GUESTFISH_PID=
+
+# Test the --key all:... selector.
+keys_by_mapper_lvname=(
+ --key all:key:FEDORA-Root
+ --key all:key:FEDORA-LV1
+ --key all:key:FEDORA-LV2
+ --key all:key:FEDORA-LV3
+)
+fish_ref=$("${guestfish[@]}" "${keys_by_mapper_lvname[@]}")
+eval "$fish_ref"
+
+# Repeat the test.
+check_filesystems

44
SOURCES/0035-generator-customize.ml-Split-chown-parameter-on-char.patch Normal file
View File

@ -0,0 +1,44 @@
From 118b93a189be2d39d2dc20ef059c9b38c60fe8be Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Fri, 19 Jan 2024 13:18:00 +0000
Subject: [PATCH] generator/customize.ml: Split --chown parameter on ':'
character
The previous code split it on ',' which was completely wrong.
(It reveals the lack of testing however).
Fixes: commit c08032ebe2763f5e9ce5b14e003721475219d390
Reported-by: Yongkui Guo
(cherry picked from commit e9a728bb22dfa1de5328fbbe7d6d7acad2dbed64)
---
common | 2 +-
generator/customize.ml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
Submodule common 0dba002c..54869c98:
diff --git a/common/mlcustomize/customize_cmdline.ml b/common/mlcustomize/customize_cmdline.ml
index 245d9960..48ee3344 100644
--- a/common/mlcustomize/customize_cmdline.ml
+++ b/common/mlcustomize/customize_cmdline.ml
@@ -157,7 +157,7 @@ let rec argspec () =
let len = String.length arg in
String.sub arg 0 i, String.sub arg (i+1) (len-(i+1))
and split_string_triplet option_name arg =
- match String.nsplit ~max:3 "," arg with
+ match String.nsplit ~max:3 ":" arg with
| [a; b; c] -> a, b, c
| _ ->
error (f_"invalid format for '--%s' parameter, see the man page")
diff --git a/generator/customize.ml b/generator/customize.ml
index e64b45c0..e2c4b605 100644
--- a/generator/customize.ml
+++ b/generator/customize.ml
@@ -775,7 +775,7 @@ let rec argspec () =
let len = String.length arg in
String.sub arg 0 i, String.sub arg (i+1) (len-(i+1))
and split_string_triplet option_name arg =
- match String.nsplit ~max:3 \",\" arg with
+ match String.nsplit ~max:3 \":\" arg with
| [a; b; c] -> a, b, c
| _ ->
error (f_\"invalid format for '--%%s' parameter, see the man page\")

65
SOURCES/0036-Update-common-submodule.patch Normal file
View File

@ -0,0 +1,65 @@
From f1ced749d4b714e98c82a971ac60148f95312812 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Wed, 24 Apr 2024 12:23:34 +0100
Subject: [PATCH] Update common submodule
In particular pick this:
commit 93a7f3af5c23ece6a8e092827ed5928a8973fd3c
Author: Richard W.M. Jones <rjones@redhat.com>
Date: Wed Apr 24 12:08:01 2024 +0100
options: Allow nbd+unix:// URIs
(cherry picked from commit 7968de46f17eed7f18c200c6528ebdfec5c3f279)
---
common | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Submodule common 54869c98..93a7f3af:
diff --git a/common/options/uri.c b/common/options/uri.c
index 84d393c1..9180d6a2 100644
--- a/common/options/uri.c
+++ b/common/options/uri.c
@@ -99,7 +99,7 @@ is_uri (const char *arg)
return 0;
for (p--; p >= arg; p--) {
- if (!c_islower (*p))
+ if (! (c_islower (*p) || *p == '+'))
return 0;
}
@@ -148,7 +148,10 @@ parse (const char *arg, char **path_ret, char **protocol_ret,
}
*/
- *protocol_ret = strdup (uri->scheme);
+ if (STREQ (uri->scheme, "nbd+unix"))
+ *protocol_ret = strdup ("nbd");
+ else
+ *protocol_ret = strdup (uri->scheme);
if (*protocol_ret == NULL) {
perror ("strdup: protocol");
return -1;
@@ -194,7 +197,7 @@ parse (const char *arg, char **path_ret, char **protocol_ret,
if (path && path[0] == '/' &&
(STREQ (uri->scheme, "gluster") ||
STREQ (uri->scheme, "iscsi") ||
- STREQ (uri->scheme, "nbd") ||
+ STRPREFIX (uri->scheme, "nbd") ||
STREQ (uri->scheme, "rbd") ||
STREQ (uri->scheme, "sheepdog")))
path++;
diff --git a/common/progress/progress.c b/common/progress/progress.c
index e4b30663..5848abd7 100644
--- a/common/progress/progress.c
+++ b/common/progress/progress.c
@@ -123,6 +123,7 @@ progress_bar_init (unsigned flags)
bar->machine_readable = 1;
bar->utf8_mode = 0;
bar->have_terminfo = 0;
+ bar->fp = NULL;
} else {
bar->machine_readable = 0;

86
SOURCES/0037-New-APIs-findfs_partuuid-and-findfs_partlabel.patch Normal file
View File

@ -0,0 +1,86 @@
From 04a45af93d21880e54a386386313100a04b91ca7 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Mon, 8 Jul 2024 14:37:22 +0100
Subject: [PATCH] New APIs: findfs_partuuid and findfs_partlabel
These search for partitions by UUID or label (name). They only work
for GPT.
(cherry picked from commit 1816651f3c138600ad2e5ba0d6437b4753333818)
---
daemon/findfs.ml | 4 ++++
generator/actions_core.ml | 24 ++++++++++++++++++++++++
generator/proc_nr.ml | 2 ++
lib/MAX_PROC_NR | 2 +-
4 files changed, 31 insertions(+), 1 deletion(-)
diff --git a/daemon/findfs.ml b/daemon/findfs.ml
index cf2ba4a8..a94e0ce7 100644
--- a/daemon/findfs.ml
+++ b/daemon/findfs.ml
@@ -27,6 +27,10 @@ let rec findfs_uuid uuid =
findfs "UUID" uuid
and findfs_label label =
findfs "LABEL" label
+and findfs_partuuid uuid =
+ findfs "PARTUUID" uuid
+and findfs_partlabel label =
+ findfs "PARTLABEL" label
and findfs tag str =
(* Kill the cache file, forcing blkid to reread values from the
diff --git a/generator/actions_core.ml b/generator/actions_core.ml
index 314bb0ae..c3afe810 100644
--- a/generator/actions_core.ml
+++ b/generator/actions_core.ml
@@ -5688,6 +5688,30 @@ filesystem can be found.
To find the label of a filesystem, use C<guestfs_vfs_label>." };
+ { defaults with
+ name = "findfs_partuuid"; added = (1, 5, 3);
+ style = RString (RDevice, "device"), [String (PlainString, "uuid")], [];
+ impl = OCaml "Findfs.findfs_partuuid";
+ shortdesc = "find a partition by UUID";
+ longdesc = "\
+This command searches the partitions and returns the one
+which has the given partition UUID. An error is returned if no such
+partition can be found.
+
+To find the UUID of a partition, use C<guestfs_blkid> (C<PART_ENTRY_UUID>)." };
+
+ { defaults with
+ name = "findfs_partlabel"; added = (1, 5, 3);
+ style = RString (RDevice, "device"), [String (PlainString, "label")], [];
+ impl = OCaml "Findfs.findfs_partlabel";
+ shortdesc = "find a partition by label";
+ longdesc = "\
+This command searches the partitions and returns the one
+which has the given label. An error is returned if no such
+partition can be found.
+
+To find the label of a partition, use C<guestfs_blkid> (C<PART_ENTRY_NAME>)." };
+
{ defaults with
name = "is_chardev"; added = (1, 5, 10);
style = RBool "flag", [String (Pathname, "path")], [OBool "followsymlinks"];
diff --git a/generator/proc_nr.ml b/generator/proc_nr.ml
index f71a849c..56cd97a9 100644
--- a/generator/proc_nr.ml
+++ b/generator/proc_nr.ml
@@ -516,6 +516,8 @@ let proc_nr = [
511, "internal_readdir";
512, "clevis_luks_unlock";
513, "inspect_get_build_id";
+514, "findfs_partuuid";
+515, "findfs_partlabel";
]
(* End of list. If adding a new entry, add it at the end of the list
diff --git a/lib/MAX_PROC_NR b/lib/MAX_PROC_NR
index 31cf34b8..3cda32fc 100644
--- a/lib/MAX_PROC_NR
+++ b/lib/MAX_PROC_NR
@@ -1 +1 @@
-513
+515

41
SOURCES/0038-inspection-Resolve-PARTUUID-and-PARTLABEL-in-etc-fst.patch Normal file
View File

@ -0,0 +1,41 @@
From ebce03824a3ce75823037003ca2311d7b8d61565 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Mon, 8 Jul 2024 14:39:16 +0100
Subject: [PATCH] inspection: Resolve PARTUUID= and PARTLABEL= in /etc/fstab
Fixes: https://issues.redhat.com/browse/RHEL-46596
(cherry picked from commit e616c8f286ddacf401d7c356724ae874ed883262)
---
daemon/inspect_fs_unix_fstab.ml | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/daemon/inspect_fs_unix_fstab.ml b/daemon/inspect_fs_unix_fstab.ml
index 837c8c62..f5817a31 100644
--- a/daemon/inspect_fs_unix_fstab.ml
+++ b/daemon/inspect_fs_unix_fstab.ml
@@ -131,6 +131,25 @@ and check_fstab_entry md_map root_mountable os_type aug entry =
with
Failure _ -> return None
)
+ (* EFI partition UUIDs and labels. *)
+ else if String.is_prefix spec "PARTUUID=" then (
+ let uuid = String.sub spec 9 (String.length spec - 9) in
+ let uuid = shell_unquote uuid in
+ (* Just ignore the device if the UUID cannot be resolved. *)
+ try
+ Mountable.of_device (Findfs.findfs_partuuid uuid)
+ with
+ Failure _ -> return None
+ )
+ else if String.is_prefix spec "PARTLABEL=" then (
+ let label = String.sub spec 10 (String.length spec - 10) in
+ let label = shell_unquote label in
+ (* Just ignore the device if the label cannot be resolved. *)
+ try
+ Mountable.of_device (Findfs.findfs_partlabel label)
+ with
+ Failure _ -> return None
+ )
(* Resolve /dev/root to the current device.
* Do the same for the / partition of the *BSD
* systems, since the BSD -> Linux device

309
SOURCES/0039-daemon-New-command_out-and-sh_out-APIs.patch Normal file
View File

@ -0,0 +1,309 @@
From d8142f0dc4c422b7ea372d1291807bf7492c1662 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Wed, 19 Feb 2025 11:11:24 +0000
Subject: [PATCH] daemon: New command_out and sh_out APIs
These APIs allow you to capture output from guest commands that
generate more output than the protocol limit allows.
Thanks: Nijin Ashok
Fixes: https://issues.redhat.com/browse/RHEL-80159
(cherry picked from commit 47ac4871b2c1dcde317d116c52b13916ab368ea4)
(cherry picked from commit 42ae34115f1e6bff2b501d8ff3ab9ac26c892a22)
---
.gitignore | 1 +
daemon/sh.c | 42 +++++++++++++
generator/actions_core.ml | 25 ++++++++
generator/proc_nr.ml | 2 +
lib/MAX_PROC_NR | 2 +-
tests/Makefile.am | 10 ++++
tests/large-command/test-large-command.c | 46 ++++++++++++++
tests/large-command/test-large-command.sh | 73 +++++++++++++++++++++++
8 files changed, 200 insertions(+), 1 deletion(-)
create mode 100644 tests/large-command/test-large-command.c
create mode 100755 tests/large-command/test-large-command.sh
diff --git a/.gitignore b/.gitignore
index 00e59fb3..73a561c2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -422,6 +422,7 @@ Makefile.in
/tests/disks/test-add-disks
/tests/disks/test-qemu-drive-libvirt.xml
/tests/events/test-libvirt-auth-callbacks
+/tests/large-command/test-large-command
/tests/mount-local/test-parallel-mount-local
/tests/mountable/test-internal-parse-mountable
/tests/parallel/test-parallel
diff --git a/daemon/sh.c b/daemon/sh.c
index 92ce08be..c8fdf0bf 100644
--- a/daemon/sh.c
+++ b/daemon/sh.c
@@ -299,6 +299,40 @@ do_command_lines (char *const *argv)
return lines; /* Caller frees. */
}
+/* Has one FileOut parameter. */
+int
+do_command_out (char *const *argv)
+{
+ /* We could in theory spool the command to output as it is running,
+ * but error handling mid-command, and progress bars would not work
+ * if we did that. If we encounter a case where this is a problem,
+ * another approach would be to save the output in a temporary file.
+ */
+ CLEANUP_FREE char *out = NULL;
+ size_t i, n;
+
+ out = do_command (argv);
+ if (out == NULL)
+ return -1;
+
+ /* Send the reply message. We know that we're not going to fail now
+ * (except for client cancellation).
+ */
+ reply (NULL, NULL);
+
+ n = strlen (out);
+ for (i = 0; i < n; i += GUESTFS_MAX_CHUNK_SIZE) {
+ if (send_file_write (out+i, MIN (GUESTFS_MAX_CHUNK_SIZE, n-i)) < 0)
+ return -1;
+ notify_progress (i, n);
+ }
+
+ if (send_file_end (0))
+ return -1;
+
+ return 0;
+}
+
char *
do_sh (const char *cmd)
{
@@ -314,3 +348,11 @@ do_sh_lines (const char *cmd)
return do_command_lines ((char **) argv);
}
+
+int
+do_sh_out (const char *cmd)
+{
+ const char *argv[] = { "/bin/sh", "-c", cmd, NULL };
+
+ return do_command_out ((char **) argv);
+}
diff --git a/generator/actions_core.ml b/generator/actions_core.ml
index c3afe810..60c4b577 100644
--- a/generator/actions_core.ml
+++ b/generator/actions_core.ml
@@ -2352,6 +2352,19 @@ result into a list of lines.
See also: C<guestfs_sh_lines>" };
+ { defaults with
+ name = "command_out"; added = (1, 55, 6);
+ style = RErr, [StringList (PlainString, "arguments"); String (FileOut, "output")], [];
+ progress = true; cancellable = true;
+ test_excuse = "there is a separate test in the tests directory";
+ shortdesc = "run a command from the guest filesystem";
+ longdesc = "\
+This is the same as C<guestfs_command>, but streams the output
+back, handling the case where the output from the command is
+larger than the protocol limit.
+
+See also: C<guestfs_sh_out>" };
+
{ defaults with
name = "statvfs"; added = (1, 9, 2);
style = RStruct ("statbuf", "statvfs"), [String (Pathname, "path")], [];
@@ -3454,6 +3467,18 @@ into a list of lines.
See also: C<guestfs_command_lines>" };
+ { defaults with
+ name = "sh_out"; added = (1, 55, 6);
+ style = RErr, [String (PlainString, "command"); String (FileOut, "output")], [];
+ test_excuse = "there is a separate test in the tests directory";
+ shortdesc = "run a command via the shell";
+ longdesc = "\
+This is the same as C<guestfs_sh>, but streams the output
+back, handling the case where the output from the command is
+larger than the protocol limit.
+
+See also: C<guestfs_command_out>" };
+
{ defaults with
name = "glob_expand"; added = (1, 0, 50);
(* Use Pathname here, and hence ABS_PATH (pattern,...) in
diff --git a/generator/proc_nr.ml b/generator/proc_nr.ml
index 56cd97a9..0ce12e66 100644
--- a/generator/proc_nr.ml
+++ b/generator/proc_nr.ml
@@ -518,6 +518,8 @@ let proc_nr = [
513, "inspect_get_build_id";
514, "findfs_partuuid";
515, "findfs_partlabel";
+516, "command_out";
+517, "sh_out";
]
(* End of list. If adding a new entry, add it at the end of the list
diff --git a/lib/MAX_PROC_NR b/lib/MAX_PROC_NR
index 3cda32fc..ac953cd0 100644
--- a/lib/MAX_PROC_NR
+++ b/lib/MAX_PROC_NR
@@ -1 +1 @@
-515
+517
diff --git a/tests/Makefile.am b/tests/Makefile.am
index b87d4ce2..9ad3cd1d 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -440,6 +440,16 @@ EXTRA_DIST += http/test-http.py
TESTS += journal/test-journal.pl
EXTRA_DIST += journal/test-journal.pl
+# This binary must be statically linked. It is used for testing
+# the "guestfs_command_out" function.
+
+large_command_test_large_command_SOURCES = large-command/test-large-command.c
+large_command_test_large_command_LDFLAGS = -all-static
+
+check_PROGRAMS += large-command/test-large-command
+TESTS += large-command/test-large-command.sh
+EXTRA_DIST += large-command/test-large-command.sh
+
TESTS += \
luks/test-luks.sh \
luks/test-luks-list.sh \
diff --git a/tests/large-command/test-large-command.c b/tests/large-command/test-large-command.c
new file mode 100644
index 00000000..0abf435e
--- /dev/null
+++ b/tests/large-command/test-large-command.c
@@ -0,0 +1,46 @@
+/* libguestfs
+ * Copyright (C) 2009-2025 Red Hat Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+/* This program, which must be statically linked, is used to test the
+ * guestfs_command_out and guestfs_sh_out functions.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <error.h>
+
+#define STREQ(a,b) (strcmp((a),(b)) == 0)
+
+int
+main (int argc, char *argv[])
+{
+ size_t n, i;
+
+ if (argc > 1) {
+ if (sscanf (argv[1], "%zu", &n) != 1)
+ error (EXIT_FAILURE, 0, "could not parse parameter: %s", argv[1]);
+ for (i = 0; i < n; ++i)
+ putchar ('x');
+ } else
+ error (EXIT_FAILURE, 0, "missing parameter");
+
+ exit (EXIT_SUCCESS);
+}
diff --git a/tests/large-command/test-large-command.sh b/tests/large-command/test-large-command.sh
new file mode 100755
index 00000000..abcfa868
--- /dev/null
+++ b/tests/large-command/test-large-command.sh
@@ -0,0 +1,73 @@
+#!/bin/bash -
+# libguestfs
+# Copyright (C) 2025 Red Hat Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+# Test command-out. We can't easily test sh-out without having a
+# shell (which requires a full guest), however the code path for both
+# is essentially identical.
+
+set -e
+
+$TEST_FUNCTIONS
+
+skip_if_skipped
+
+skip_unless stat --version
+
+# Binary must exist and must be linked statically.
+bin=large-command/test-large-command
+skip_unless test -x $bin
+skip_unless bash -c " ldd $bin |& grep -sq 'not a dynamic executable' "
+
+disk=large-command/test.img
+rm -f $disk
+
+out1=large-command/test.out1
+out2=large-command/test.out2
+out3=large-command/test.out3
+out4=large-command/test.out4
+
+# Must be larger than protocol size, currently 4MB.
+size=$((10 * 1024 * 1024))
+
+guestfish -x -N $disk=fs -m /dev/sda1 <<EOF
+upload $bin /test-large-command
+chmod 0755 /test-large-command
+command-out "/test-large-command $size" $out1
+# Check smaller sizes work as well.
+command-out "/test-large-command 0" $out2
+command-out "/test-large-command 1" $out3
+command-out "/test-large-command 80" $out4
+EOF
+
+ls -l $out1 $out2 $out3 $out4
+
+cat $out2
+cat $out3
+cat $out4
+
+# Check the sizes are correct.
+test "$( stat -c '%s' $out1 )" -eq $size
+test "$( stat -c '%s' $out2 )" -eq 0
+test "$( stat -c '%s' $out3 )" -eq 1
+test "$( stat -c '%s' $out4 )" -eq 80
+
+# Check the content is correct, for the smaller files.
+test `cat $out3` = "x"
+test `cat $out4` = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+
+rm $disk $out1 $out2 $out3 $out4

39
SOURCES/1000-Add-Oracle-Linux-identifier.patch Normal file
View File

@ -0,0 +1,39 @@
From 39e25217dccb4b49f2ab481f0b026f1498973647 Mon Sep 17 00:00:00 2001
From: Darren Archibald <darren.archibald@oracle.com>
Date: Mon, 3 Oct 2022 09:55:14 -0700
Subject: [PATCH] Add Oracle Linux identifier
Signed-off-by: Darren Archibald <darren.archibald@oracle.com>
---
daemon/inspect_fs_unix.ml | 1 +
m4/guestfs-appliance.m4 | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/daemon/inspect_fs_unix.ml b/daemon/inspect_fs_unix.ml
index d8dce60..ee89ff0 100644
--- a/daemon/inspect_fs_unix.ml
+++ b/daemon/inspect_fs_unix.ml
@@ -159,6 +159,7 @@ and distro_of_os_release_id = function
| "pardus" -> Some DISTRO_PARDUS
| "pld" -> Some DISTRO_PLD_LINUX
| "rhel" -> Some DISTRO_RHEL
+ | "ol" -> Some DISTRO_ORACLE_LINUX
| "rocky" -> Some DISTRO_ROCKY
| "sles" | "sled" -> Some DISTRO_SLES
| "ubuntu" -> Some DISTRO_UBUNTU
diff --git a/m4/guestfs-appliance.m4 b/m4/guestfs-appliance.m4
index 4e671d2..dc06d1a 100644
--- a/m4/guestfs-appliance.m4
+++ b/m4/guestfs-appliance.m4
@@ -114,7 +114,7 @@ if test "x$ENABLE_APPLIANCE" = "xyes"; then
fi ) | tr '@<:@:lower:@:>@' '@<:@:upper:@:>@'
)"
AS_CASE([$DISTRO],
- [FEDORA | RHEL | CENTOS | ALMALINUX | CLOUDLINUX \
+ [FEDORA | RHEL | OL | CENTOS | ALMALINUX | CLOUDLINUX \
| ROCKY | VIRTUOZZO],
[DISTRO=REDHAT],
[OPENSUSE* | SLED | SLES],[DISTRO=SUSE],
--
2.39.3

12
SOURCES/copy-patches.sh Executable file → Normal file
View File

@ -3,12 +3,11 @@
set -e set -e
# Maintainer script to copy patches from the git repo to the current # Maintainer script to copy patches from the git repo to the current
# directory. It's normally only used downstream (ie. in RHEL). Use # directory. Use it like this:
# it like this:
# ./copy-patches.sh # ./copy-patches.sh
project=libguestfs project=libguestfs
rhel_version=9.2 rhel_version=9.5
# Check we're in the right directory. # Check we're in the right directory.
if [ ! -f $project.spec ]; then if [ ! -f $project.spec ]; then
@ -37,7 +36,12 @@ git rm -f [0-9]*.patch ||:
rm -f [0-9]*.patch rm -f [0-9]*.patch
# Get the patches. # Get the patches.
(cd $git_checkout; rm -f [0-9]*.patch; git -c core.abbrev=9 format-patch -O/dev/null -N --submodule=diff $tag) (
cd $git_checkout
rm -f [0-9]*.patch
git -c core.abbrev=8 format-patch -O/dev/null --subject-prefix=PATCH -N \
--submodule=diff --no-signature --patience $tag
)
mv $git_checkout/[0-9]*.patch . mv $git_checkout/[0-9]*.patch .
# Remove any not to be applied. # Remove any not to be applied.

17
SOURCES/libguestfs-1.48.4.tar.gz.sig
View File

@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAmLFql8RHHJpY2hAYW5u
ZXhpYS5vcmcACgkQkXOPc+G3aKAV2hAAzOcZseFTUFFoj4M5riqXqtBN3W+fr/O7
v0wzJ9sY31Ftk8KFKKgpwOn4UFXYMPXY7Hm94GRAYjYBAtx9Viyyt7B6PbV7mVZ0
WHLlZcg3ZsliF23s3EoHfgTGFfKLkjDwfPlmChC260Ffhq4KKvnwu/DobY/CDLHG
0cvrjb0OOYibBGbq58AHYR6QlVH/ScAuLSA1aRAd06bbpixufRR1oh1MtFA1iSvC
yjNH0joLFiu0uuD7KFH66YX2nFNrO24r0LxJkwT5G7GHlZJStJUpvs/QHa8Tw5Zt
Z1JMk9yB9EMPYimdVDm7m6eDBxTx8YbF7u6G8JdHRXgAPBt4O09XX7WGxxmh9Dc4
M+QkpiubEOG6qwBythJJ6sTSRLKIAPeVfHEOauXg8n45Tbk5jYwthMKbnD9ETb3t
QKdMr5g+DZUO0LfbOvP0GtD+b1jK4iu4BcWDquQBXpDTbx7LUfSuTDrWItehEnBp
/K6FRbakNZEroLR5VA9WAa6sE+2B3gg1OG+KHypHuw4hfpmutvVA8wnPgyw3j+WK
xdcRp65NUMUkKRE/FTwp1MkY1Y2S9M9iAPX+CopdHPVoq9O2YE+K6Rv1EdJjmKZK
EwLzX08Xcj9T/U9GEfV+QdIzitCuxf7x9ULEDcFozFnuHXww+JLdR0EmIDkUwl7C
Z0KKsy18Eq8=
=WB1H
-----END PGP SIGNATURE-----

17
SOURCES/libguestfs-1.50.2.tar.gz.sig Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAmaNN5wRHHJpY2hAYW5u
ZXhpYS5vcmcACgkQkXOPc+G3aKDZwQ/9ExtAdQIYiR1HtRiHlNDoQw5ADVeHaucD
Gy8KLJHyzCZaPVsim50/Rx9Thipn/jvVCNRoww02D8l5xm7elcqO7//N5OWNeyzO
/SUq/DEspWdfpDJVEQvID3Rtg8ZPJ/7VW9dtMe2nuUNpEyBSeqqQvXoJXzDkhcao
IT604JY7zZqeFzXaZGYyXeZUtnxpv7M/yIDGVjQ2m0WxAkpk3OYIW57bjRRTAI3d
zSnCW1qIITpMb3VtTRKw9FIhr/eZsyeLqA1QlKGKh0HEyrVDwYD+ENH4McKyOUH1
M3pPMxOL5/WpBMpVhQsmospK25+AQRWuzm0w/h6YgP6gPbQLCe7BTkNeWz3n3f8r
W1P+eS0bj1NVs3vZYM0WC8pMx6UaqP6u5T1vH9v+VQ3/ZEqBnU60Jhso5wdQRSgG
GsarBFf2BETZkuMFiUaaKAbDgYYMVW3nsxgurW0pk5kIfeXX1+6xcqoULG/cV879
xhUD11XBrJdCvWnpZ+xTZD3SPP4hlfAlCkHPhFw0+WdTHUEASVRnX+dZzYcAE49d
2S7XsrAphY+l2BCISdJB4OdGSnpWO8M76Y0FbPFO6bx9YJRmIAQPLWbq4RrjtAZ4
CUObvLe54y4OHY7f22qZVg+hWusaTexphfOAMi/rInLgWbzERFlQ0iL8mVd3dQqA
oCoiARM5lzI=
=UhhX
-----END PGP SIGNATURE-----

203
SPECS/libguestfs.spec
View File

@ -14,10 +14,7 @@
%if !0%{?rhel} %if !0%{?rhel}
%global test_arches aarch64 %{power64} s390x x86_64 %global test_arches aarch64 %{power64} s390x x86_64
%else %else
# RHEL 9 only: %global test_arches x86_64
# x86-64: "/lib64/libc.so.6: CPU ISA level is lower than required"
# (RHBZ#1919389)
%global test_arches NONE
%endif %endif
# Trim older changelog entries. # Trim older changelog entries.
@ -36,7 +33,7 @@
%endif %endif
# The source directory. # The source directory.
%global source_directory 1.48-stable %global source_directory 1.50-stable
# Filter perl provides. # Filter perl provides.
%{?perl_default_filter} %{?perl_default_filter}
@ -47,8 +44,8 @@
Summary: Access and modify virtual machine disk images Summary: Access and modify virtual machine disk images
Name: libguestfs Name: libguestfs
Epoch: 1 Epoch: 1
Version: 1.48.4 Version: 1.50.2
Release: 4%{?dist} Release: 2.0.1%{?dist}
License: LGPLv2+ License: LGPLv2+
# Build only for architectures that have a kernel # Build only for architectures that have a kernel
@ -82,28 +79,59 @@ Source7: libguestfs.keyring
# Maintainer script which helps with handling patches. # Maintainer script which helps with handling patches.
Source8: copy-patches.sh Source8: copy-patches.sh
# This is a copy of the common/ submodule from libguestfs @v1.50.2.
# We need it because the libguestfs tarball does not include common/
# directories that are not used by libguestfs (eg. common/mlcustomize).
# However the patches (below) patch files in those directories and so
# do not apply properly to the libguestfs tarball. Therefore before
# applying the patches we unpack this in the common/ subdirectory.
Source9: libguestfs-common-1.50.2.tar.gz
# Patches are maintained in the following repository: # Patches are maintained in the following repository:
# https://github.com/libguestfs/libguestfs/commits/rhel-9.2 # https://github.com/libguestfs/libguestfs/commits/rhel-9.5
# Patches. # Patches.
Patch0001: 0001-New-API-guestfs_device_name-returning-the-drive-name.patch Patch0001: 0001-daemon-selinux-relabel-don-t-exclude-selinux-if-it-s.patch
Patch0002: 0002-guestfs_readdir-rewrite-with-FileOut-transfer-to-lif.patch Patch0002: 0002-daemon-selinux-relabel-search-for-invalid-option-in-.patch
Patch0003: 0003-guestfs_readdir-minimize-the-number-of-send_file_wri.patch Patch0003: 0003-daemon-selinux-relabel-run-setfiles-with-T-0-if-supp.patch
Patch0004: 0004-lib-launch-direct-ignore-drive-iface-parameter.patch Patch0004: 0004-RHEL-Disable-unsupported-remote-drive-protocols-RHBZ.patch
Patch0005: 0005-lib-drive_create_data-drive-remove-field-iface.patch Patch0005: 0005-RHEL-Reject-use-of-libguestfs-winsupport-features-ex.patch
Patch0006: 0006-lib-rename-VALID_FORMAT_IFACE-to-VALID_FORMAT.patch Patch0006: 0006-Remove-virt-dib.patch
Patch0007: 0007-tests-regressions-remove-iface-based-restrictions.patch Patch0007: 0007-lib-Choose-q35-machine-type-for-x86-64.patch
Patch0008: 0008-generator-customize-invert-SELinux-relabeling-defaul.patch Patch0008: 0008-LUKS-on-LVM-inspection-test-rename-VGs-and-LVs.patch
Patch0009: 0009-generator-customize-reintroduce-selinux-relabel-as-a.patch Patch0009: 0009-LUKS-on-LVM-inspection-test-test-dev-mapper-VG-LV-tr.patch
Patch0010: 0010-RHEL-Disable-unsupported-remote-drive-protocols-RHBZ.patch Patch0010: 0010-fuse-Don-t-call-fclose-NULL-on-error-paths.patch
Patch0011: 0011-RHEL-Reject-use-of-libguestfs-winsupport-features-ex.patch Patch0011: 0011-ocaml-implicit_close-test-collect-all-currently-unre.patch
Patch0012: 0012-RHEL-Create-etc-crypto-policies-back-ends-opensslcnf.patch Patch0012: 0012-ocaml-Replace-old-enter-leave_blocking_section-calls.patch
Patch0013: 0013-php-add-arginfo-to-php-bindings.patch Patch0013: 0013-ocaml-Release-runtime-lock-around-guestfs_close.patch
Patch0014: 0014-introduce-the-clevis_luks_unlock-API.patch Patch0014: 0014-ocaml-Conditionally-acquire-the-lock-in-callbacks.patch
Patch0015: 0015-guestfish-guestmount-enable-networking-for-key-ID-cl.patch Patch0015: 0015-ocaml-Fix-guestfs_065_implicit_close.ml-for-OCaml-5.patch
Patch0016: 0016-daemon-Add-zstd-support-to-guestfs_file_architecture.patch Patch0016: 0016-ocaml-Use-Caml_state_opt-in-preference-to-caml_state.patch
Patch0017: 0017-New-API-inspect_get_build_id.patch Patch0017: 0017-generator-Add-chown-option-for-virt-customize.patch
Patch0018: 0018-lib-Return-correct-osinfo-field-for-Windows-11.patch Patch0018: 0018-lib-remove-guestfs_int_cmd_clear_close_files.patch
Patch0019: 0019-docs-fix-broken-link-in-the-guestfs-manual.patch
Patch0020: 0020-docs-clarify-sockdir-s-separation.patch
Patch0021: 0021-lib-move-guestfs_int_create_socketname-from-launch.c.patch
Patch0022: 0022-generator-customize-Add-new-StringTriplet-for-use-by.patch
Patch0023: 0023-daemon-lvm-Do-reverse-device-name-translation-on-pvs.patch
Patch0024: 0024-ruby-Replace-MiniTest-with-Minitest.patch
Patch0025: 0025-ruby-Get-rid-of-old-Test-Unit-compatibility.patch
Patch0026: 0026-generator-Sort-virt-customize-options-into-alphabeti.patch
Patch0027: 0027-generator-Add-new-virt-customize-tar-in-operation.patch
Patch0028: 0028-New-mailing-list-email-address.patch
Patch0029: 0029-New-mailing-list-archives.patch
Patch0030: 0030-lib-Include-libxml-parser.h-for-xmlReadMemory.patch
Patch0031: 0031-ocaml-Use-Gc.finalise-instead-of-a-C-finalizer.patch
Patch0032: 0032-ocaml-Nullify-custom-block-before-releasing-runtime-.patch
Patch0033: 0033-Update-common-submodule.patch
Patch0034: 0034-tests-Test-guestfish-key-all-.-selector.patch
Patch0035: 0035-generator-customize.ml-Split-chown-parameter-on-char.patch
Patch0036: 0036-Update-common-submodule.patch
Patch0037: 0037-New-APIs-findfs_partuuid-and-findfs_partlabel.patch
Patch0038: 0038-inspection-Resolve-PARTUUID-and-PARTLABEL-in-etc-fst.patch
Patch0039: 0039-daemon-New-command_out-and-sh_out-APIs.patch
Patch1000: 1000-Add-Oracle-Linux-identifier.patch
%if 0%{patches_touch_autotools} %if 0%{patches_touch_autotools}
BuildRequires: autoconf, automake, libtool, gettext-devel BuildRequires: autoconf, automake, libtool, gettext-devel
@ -122,6 +150,7 @@ BuildRequires: perl(Pod::Man)
BuildRequires: /usr/bin/pod2text BuildRequires: /usr/bin/pod2text
BuildRequires: po4a BuildRequires: po4a
BuildRequires: augeas-devel >= 1.7.0 BuildRequires: augeas-devel >= 1.7.0
BuildRequires: ocaml-augeas-devel >= 0.6
BuildRequires: readline-devel BuildRequires: readline-devel
BuildRequires: xorriso BuildRequires: xorriso
BuildRequires: libxml2-devel BuildRequires: libxml2-devel
@ -173,7 +202,6 @@ BuildRequires: gnupg2
BuildRequires: ocaml BuildRequires: ocaml
BuildRequires: ocaml-ocamldoc BuildRequires: ocaml-ocamldoc
BuildRequires: ocaml-findlib-devel BuildRequires: ocaml-findlib-devel
BuildRequires: ocaml-gettext-devel
%if !0%{?rhel} %if !0%{?rhel}
BuildRequires: ocaml-ounit-devel BuildRequires: ocaml-ounit-devel
%endif %endif
@ -219,18 +247,12 @@ BuildRequires: attr
BuildRequires: augeas-libs BuildRequires: augeas-libs
BuildRequires: bash BuildRequires: bash
BuildRequires: binutils BuildRequires: binutils
%if !0%{?rhel}
BuildRequires: btrfs-progs BuildRequires: btrfs-progs
%endif
BuildRequires: bzip2 BuildRequires: bzip2
BuildRequires: clevis-luks BuildRequires: clevis-luks
BuildRequires: coreutils BuildRequires: coreutils
BuildRequires: cpio BuildRequires: cpio
BuildRequires: cryptsetup BuildRequires: cryptsetup
%if !0%{?rhel}
BuildRequires: curl
BuildRequires: debootstrap
%endif
BuildRequires: dhclient BuildRequires: dhclient
BuildRequires: diffutils BuildRequires: diffutils
BuildRequires: dosfstools BuildRequires: dosfstools
@ -254,9 +276,6 @@ BuildRequires: iproute
BuildRequires: iputils BuildRequires: iputils
BuildRequires: kernel BuildRequires: kernel
BuildRequires: kmod BuildRequires: kmod
%if !0%{?rhel}
BuildRequires: kpartx
%endif
BuildRequires: less BuildRequires: less
BuildRequires: libcap BuildRequires: libcap
%if !0%{?rhel} %if !0%{?rhel}
@ -279,7 +298,6 @@ BuildRequires: pcre2
BuildRequires: policycoreutils BuildRequires: policycoreutils
BuildRequires: procps BuildRequires: procps
BuildRequires: psmisc BuildRequires: psmisc
BuildRequires: qemu-img
BuildRequires: rpm-libs BuildRequires: rpm-libs
BuildRequires: rsync BuildRequires: rsync
BuildRequires: scrub BuildRequires: scrub
@ -297,9 +315,6 @@ BuildRequires: tar
BuildRequires: udev BuildRequires: udev
BuildRequires: util-linux BuildRequires: util-linux
BuildRequires: vim-minimal BuildRequires: vim-minimal
%if !0%{?rhel}
BuildRequires: which
%endif
BuildRequires: xfsprogs BuildRequires: xfsprogs
BuildRequires: xz BuildRequires: xz
BuildRequires: yajl BuildRequires: yajl
@ -451,17 +466,6 @@ Requires: pkgconfig
for %{name}. for %{name}.
%if !0%{?rhel}
%package dib
Summary: Additional tools for virt-dib
License: LGPLv2+
%description dib
This adds extra packages needed by virt-dib to %{name}. You should
normally install the virt-dib package which depends on this one.
%endif
%if !0%{?rhel} %if !0%{?rhel}
%package forensics %package forensics
Summary: Filesystem forensics support for %{name} Summary: Filesystem forensics support for %{name}
@ -574,7 +578,7 @@ guests. Install this package if you want libguestfs to be able to
inspect non-Linux guests and display icons from them. inspect non-Linux guests and display icons from them.
The only reason this is a separate package is to avoid core libguestfs The only reason this is a separate package is to avoid core libguestfs
having to depend on Perl. See https://bugzilla.redhat.com/1194158 having to depend on Perl.
%package bash-completion %package bash-completion
@ -733,6 +737,9 @@ for %{name}.
%{gpgverify} --keyring='%{SOURCE7}' --signature='%{SOURCE1}' --data='%{SOURCE0}' %{gpgverify} --keyring='%{SOURCE7}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%endif %endif
%setup -q %setup -q
%if 0%{?rhel}
tar zxf %{SOURCE9}
%endif
%autopatch -p1 %autopatch -p1
%if 0%{patches_touch_autotools} %if 0%{patches_touch_autotools}
@ -790,16 +797,27 @@ fi
%endif %endif
--without-java \ --without-java \
--disable-erlang \ --disable-erlang \
--with-extra-packages="btrfs-progs" \
$extra $extra
# 'INSTALLDIRS' ensures that Perl and Ruby libs are installed in the # 'INSTALLDIRS' ensures that Perl and Ruby libs are installed in the
# vendor dir not the site dir. # vendor dir not the site dir.
make V=1 INSTALLDIRS=vendor %{?_smp_mflags} #
# In RHEL 9.5-z, %%{?_smp_mflags} causes a race condition in the
# build. I believe this file is generated in parallel:
# podwrapper.pl: blocksize-option.pod: cannot find input file on path at /builddir/build/BUILD/libguestfs-1.50.2/podwrapper.pl line 672.
make V=1 INSTALLDIRS=vendor
%check %check
%ifarch %{test_arches} %ifarch %{test_arches}
# Only run the tests with non-debug (ie. non-Rawhide) kernels.
# XXX This tests for any debug kernel installed.
if grep CONFIG_DEBUG_MUTEXES=y /lib/modules/*/config ; then
echo "Skipping tests because debug kernel is installed"
exit 0
fi
export LIBGUESTFS_DEBUG=1 export LIBGUESTFS_DEBUG=1
export LIBGUESTFS_TRACE=1 export LIBGUESTFS_TRACE=1
export LIBVIRT_DEBUG=1 export LIBVIRT_DEBUG=1
@ -828,6 +846,13 @@ find $RPM_BUILD_ROOT -name .packlist -delete
find $RPM_BUILD_ROOT -name '*.bs' -delete find $RPM_BUILD_ROOT -name '*.bs' -delete
find $RPM_BUILD_ROOT -name 'bindtests.pl' -delete find $RPM_BUILD_ROOT -name 'bindtests.pl' -delete
# Perl's ExtUtils::Install installs "Guestfs.so" read-only; that
# prevents objcopy from adding the ".gdb_index" section for the sake of
# the debuginfo file. See
# <https://rt.cpan.org/Public/Bug/Display.html?id=40976>. Restore write
# permission for the file owner.
find $RPM_BUILD_ROOT -name Guestfs.so -exec chmod u+w '{}' +
# golang: Ignore what libguestfs upstream installs, and just copy the # golang: Ignore what libguestfs upstream installs, and just copy the
# source files to %%{_datadir}/gocode/src. # source files to %%{_datadir}/gocode/src.
%ifarch %{golang_arches} %ifarch %{golang_arches}
@ -856,19 +881,6 @@ function move_to
echo "$1" >> "$2" echo "$1" >> "$2"
} }
%if !0%{?rhel}
move_to curl zz-packages-dib
move_to debootstrap zz-packages-dib
move_to kpartx zz-packages-dib
move_to qemu-img zz-packages-dib
move_to which zz-packages-dib
%else
remove curl
remove debootstrap
remove kpartx
remove qemu-img
remove which
%endif
%if !0%{?rhel} %if !0%{?rhel}
move_to sleuthkit zz-packages-forensics move_to sleuthkit zz-packages-forensics
move_to gfs2-utils zz-packages-gfs2 move_to gfs2-utils zz-packages-gfs2
@ -977,11 +989,6 @@ rm ocaml/html/.gitignore
%{_libdir}/pkgconfig/libguestfs.pc %{_libdir}/pkgconfig/libguestfs.pc
%if !0%{?rhel}
%files dib
%{_libdir}/guestfs/supermin.d/zz-packages-dib
%endif
%if !0%{?rhel} %if !0%{?rhel}
%files forensics %files forensics
%{_libdir}/guestfs/supermin.d/zz-packages-forensics %{_libdir}/guestfs/supermin.d/zz-packages-forensics
@ -1140,6 +1147,58 @@ rm ocaml/html/.gitignore
%changelog %changelog
* Mon Mar 17 2025 EL Errata <el-errata_ww@oracle.com> - 1.50.2-2.0.1
- Add btrfs-progs to the packages installed in the appliance [Orabug: 34137448]
- Replace upstream references from a description tag
- Fix build on Oracle Linux [Orabug: 29319324]
- Set DISTRO_ORACLE_LINUX correspeonding to ol
* Thu Feb 27 2025 Richard W.M. Jones <rjones@redhat.com> - 1:1.50.2-2
- Add new APIs to allow command output > 4MB
resolves: RHEL-81095
* Tue Jul 09 2024 Richard W.M. Jones <rjones@redhat.com> - 1:1.50.2-1
- Update to libguestfs 1.50.2
resolves: RHEL-46775
* Mon Jul 08 2024 Richard W.M. Jones <rjones@redhat.com> - 1:1.50.1-12
- inspection: Resolve PARTUUID= and PARTLABEL= in /etc/fstab
resolves: RHEL-40142, RHEL-46596
* Fri Jun 28 2024 Richard W.M. Jones <rjones@redhat.com> - 1:1.50.1-11
- Fix (rare) undetected truncation of 64 bit int results to 32 bits
resolves: RHEL-45466
* Thu Jun 20 2024 Richard W.M. Jones <rjones@redhat.com> - 1:1.50.1-10
- Remove bundled ocaml-augeas
resolves: RHEL-32142
* Wed Apr 24 2024 Richard W.M. Jones <rjones@redhat.com> - 1:1.50.1-9
- Add support for nbd+unix:// URIs
resolves: RHEL-33851
* Thu Dec 14 2023 Richard W.M. Jones <rjones@redhat.com> - 1:1.50.1-7
- Add --key all:... selector
resolves: RHEL-19367
- Add miscellaneous other upstream fixes since 1.50.1
* Wed Jun 07 2023 Laszlo Ersek <lersek@redhat.com> - 1:1.50.1-6
- enable the ".gdb_index" section in the Perl bindings debug info
resolves: rhbz#2209279
* Tue May 23 2023 Laszlo Ersek <lersek@redhat.com> - 1:1.50.1-5
- let "guestfish -i" recognize "--key /dev/mapper/VG-LV:key:password"
- reenable quickcheck; we now use "-cpu max" (upstream 30f74f38bd6e)
resolves: rhbz#2209279
* Thu May 04 2023 Richard W.M. Jones <rjones@redhat.com> - 1:1.50.1-4
- Rebase libguestfs to 1.50.1
resolves: rhbz#2168625
- Use q35 machine type for libguestfs appliance
resolves: rhbz#2168578
- Run SELinux relabelling in parallel [for virt-v2v]
resolves: rhbz#2190276
* Fri Dec 02 2022 Richard W.M. Jones <rjones@redhat.com> - 1:1.48.4-4 * Fri Dec 02 2022 Richard W.M. Jones <rjones@redhat.com> - 1:1.48.4-4
- New API: guestfs_inspect_get_build_id - New API: guestfs_inspect_get_build_id
- Add support for detecting Windows >= 10, returned through osinfo - Add support for detecting Windows >= 10, returned through osinfo

557
SPECS/libreswan.spec Normal file
View File

@ -0,0 +1,557 @@
%global _hardened_build 1
# These are rpm macros and are 0 or 1
%global with_efence 0
%global with_development 0
%global with_cavstests 1
%global nss_version 3.52
%global unbound_version 1.6.6
# Libreswan config options
%global libreswan_config \\\
FINALLIBEXECDIR=%{_libexecdir}/ipsec \\\
FINALMANDIR=%{_mandir} \\\
PREFIX=%{_prefix} \\\
INITSYSTEM=systemd \\\
PYTHON_BINARY=%{__python3} \\\
SHELL_BINARY=%{_bindir}/sh \\\
USE_DNSSEC=true \\\
USE_LABELED_IPSEC=true \\\
USE_LDAP=true \\\
USE_LIBCAP_NG=true \\\
USE_LIBCURL=true \\\
USE_LINUX_AUDIT=true \\\
USE_NM=true \\\
USE_NSS_IPSEC_PROFILE=true \\\
USE_SECCOMP=true \\\
USE_AUTHPAM=true \\\
%{nil}
#global prever dr1
Name: libreswan
Summary: Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec
# version is generated in the release script
Version: 4.15
Release: %{?prever:0.}3%{?prever:.%{prever}}.0.1%{?dist}.3
License: GPLv2
Url: https://libreswan.org/
Source0: https://download.libreswan.org/%{?prever:development/}%{name}-%{version}%{?prever}.tar.gz
%if 0%{with_cavstests}
Source1: https://download.libreswan.org/cavs/ikev1_dsa.fax.bz2
Source2: https://download.libreswan.org/cavs/ikev1_psk.fax.bz2
Source3: https://download.libreswan.org/cavs/ikev2.fax.bz2
%endif
Patch: libreswan-4.6-ikev1-policy-defaults-to-drop.patch
Patch: libreswan-4.15-ondemand-tcp.patch
Patch: libreswan-4.15-netlink-extack.patch
Patch: libreswan-4.15-create-child-sa-race-condition.patch
Patch: libreswan-4.15-rereadsecrets.patch
Patch100: libreswan-oracle.patch
BuildRequires: audit-libs-devel
BuildRequires: bison
BuildRequires: curl-devel
BuildRequires: flex
BuildRequires: gcc make
BuildRequires: hostname
BuildRequires: ldns-devel
BuildRequires: libcap-ng-devel
BuildRequires: libevent-devel
BuildRequires: libseccomp-devel
BuildRequires: libselinux-devel
BuildRequires: nspr-devel
BuildRequires: nss-devel >= %{nss_version}
BuildRequires: nss-tools >= %{nss_version}
BuildRequires: openldap-devel
BuildRequires: pam-devel
BuildRequires: pkgconfig
BuildRequires: systemd-devel
BuildRequires: unbound-devel >= %{unbound_version}
BuildRequires: xmlto
%if 0%{with_efence}
BuildRequires: ElectricFence
%endif
Requires: iproute >= 2.6.8
Requires: nss >= %{nss_version}
Requires: nss-softokn
Requires: nss-tools
Requires: unbound-libs >= %{unbound_version}
Requires(post): bash
Requires(post): coreutils
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
%description
Libreswan is a free implementation of IPsec & IKE for Linux. IPsec is
the Internet Protocol Security and uses strong cryptography to provide
both authentication and encryption services. These services allow you
to build secure tunnels through untrusted networks. Everything passing
through the untrusted net is encrypted by the ipsec gateway machine and
decrypted by the gateway at the other end of the tunnel. The resulting
tunnel is a virtual private network or VPN.
This package contains the daemons and userland tools for setting up
Libreswan.
Libreswan also supports IKEv2 (RFC7296) and Secure Labeling
Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04
%prep
%setup -q -n libreswan-%{version}%{?prever}
# enable crypto-policies support
sed -i "s:#[ ]*include \(.*\)\(/crypto-policies/back-ends/libreswan.config\)$:include \1\2:" configs/ipsec.conf.in
%autopatch -p1
%build
make %{?_smp_mflags} \
%if 0%{with_development}
OPTIMIZE_CFLAGS="%{?_hardened_cflags}" \
%else
OPTIMIZE_CFLAGS="%{optflags}" \
%endif
WERROR_CFLAGS="-Werror -Wno-missing-field-initializers -Wno-lto-type-mismatch -Wno-maybe-uninitialized" \
%if 0%{with_efence}
USE_EFENCE=true \
%endif
USERLINK="%{?__global_ldflags} -Wl,-z,relro -Wl,--as-needed -Wl,-z,now -flto --no-lto" \
%{libreswan_config} \
programs
FS=$(pwd)
%install
make \
DESTDIR=%{buildroot} \
%{libreswan_config} \
install
FS=$(pwd)
rm -rf %{buildroot}/usr/share/doc/libreswan
rm -rf %{buildroot}%{_libexecdir}/ipsec/*check
install -d -m 0755 %{buildroot}%{_rundir}/pluto
install -d %{buildroot}%{_sbindir}
install -d %{buildroot}%{_sysconfdir}/sysctl.d
install -m 0644 packaging/fedora/libreswan-sysctl.conf \
%{buildroot}%{_sysconfdir}/sysctl.d/50-libreswan.conf
echo "include %{_sysconfdir}/ipsec.d/*.secrets" \
> %{buildroot}%{_sysconfdir}/ipsec.secrets
rm -fr %{buildroot}%{_sysconfdir}/rc.d/rc*
%if 0%{with_cavstests}
%check
# There is an elaborate upstream testing infrastructure which we do not
# run here - it takes hours and uses kvm
# We only run the CAVS tests.
cp %{SOURCE1} %{SOURCE2} %{SOURCE3} .
bunzip2 *.fax.bz2
: starting CAVS test for IKEv2
%{buildroot}%{_libexecdir}/ipsec/cavp -v2 ikev2.fax | \
diff -u ikev2.fax - > /dev/null
: starting CAVS test for IKEv1 RSASIG
%{buildroot}%{_libexecdir}/ipsec/cavp -v1dsa ikev1_dsa.fax | \
diff -u ikev1_dsa.fax - > /dev/null
: starting CAVS test for IKEv1 PSK
%{buildroot}%{_libexecdir}/ipsec/cavp -v1psk ikev1_psk.fax | \
diff -u ikev1_psk.fax - > /dev/null
: CAVS tests passed
%endif
# Some of these tests will show ERROR for negative testing - it will exit on real errors
%{buildroot}%{_libexecdir}/ipsec/algparse -tp || { echo prooposal test failed; exit 1; }
%{buildroot}%{_libexecdir}/ipsec/algparse -ta || { echo algorithm test failed; exit 1; }
: Algorithm parser tests passed
# self test for pluto daemon - this also shows which algorithms it allows in FIPS mode
tmpdir=$(mktemp -d /tmp/libreswan-XXXXX)
certutil -N -d sql:$tmpdir --empty-password
%{buildroot}%{_libexecdir}/ipsec/pluto --selftest --nssdir $tmpdir --rundir $tmpdir
: pluto self-test passed - verify FIPS algorithms allowed is still compliant with NIST
%post
%systemd_post ipsec.service
%preun
%systemd_preun ipsec.service
%postun
%systemd_postun_with_restart ipsec.service
%files
%doc CHANGES COPYING CREDITS README* LICENSE
%doc docs/*.* docs/examples
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.conf
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ipsec.secrets
%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d
%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/policies
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.d/policies/*
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysctl.d/50-libreswan.conf
%attr(0755,root,root) %dir %{_rundir}/pluto
%attr(0700,root,root) %dir %{_sharedstatedir}/ipsec
%attr(0700,root,root) %dir %{_sharedstatedir}/ipsec/nss
%attr(0644,root,root) %{_tmpfilesdir}/libreswan.conf
%attr(0644,root,root) %{_unitdir}/ipsec.service
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/pluto
%config(noreplace) %{_sysconfdir}/logrotate.d/libreswan
%{_sbindir}/ipsec
%{_libexecdir}/ipsec
%doc %{_mandir}/*/*
%changelog
* Tue Mar 18 2025 Craig Guiller <craig.guiller@oracle.com> - 4.15-3.0.1.3
- Add libreswan-oracle.patch to detect Oracle Linux distro
* Fri Jan 24 2025 Daiki Ueno <dueno@redhat.com> - 4.15-3.3
- showhostkey: fix regression after RHEL-68755 (RHEL-75967)
* Fri Nov 22 2024 Daiki Ueno <dueno@redhat.com> - 4.15-3.2
- crypto: refcnt struct secret_pubkey_stuff when passing to helper thread (RHEL-68755)
* Tue Nov 12 2024 Daiki Ueno <dueno@redhat.com> - 4.15-3.1
- pluto: ignore CREATE_CHILD_SA request if crypto is in progress (RHEL-71496)
* Tue Aug 6 2024 Daiki Ueno <dueno@redhat.com> - 4.15-3
- Fix release number
* Tue Aug 6 2024 Daiki Ueno <dueno@redhat.com> - 4.15-2
- Fix auto=ondemand connection initialization with TCP (RHEL-51879)
- Make use of Netlink extack for additional error reporting (RHEL-51881)
* Tue Jul 30 2024 Daiki Ueno <dueno@redhat.com> - 4.15-1
- Update to 4.15 (RHEL-50006)
* Thu Jul 11 2024 Daiki Ueno <dueno@redhat.com> - 4.12-4
- Bump release to synchronize with el9_5 package
* Wed Jun 5 2024 Daiki Ueno <dueno@redhat.com> - 4.12-3
- Fix CVE-2024-3652 (RHEL-32483)
* Thu Apr 11 2024 Daiki Ueno <dueno@redhat.com> - 4.12-2
- Fix CVE-2024-2357 (RHEL-28743)
- x509: unpack IPv6 general names based on length (RHEL-32720)
* Wed Aug 9 2023 Daiki Ueno <dueno@redhat.com> - 4.12-1
- Update to 4.12 to fix CVE-2023-38710, CVE-2023-38711, CVE-2023-38712
- Resolves: rhbz#2215956
* Fri May 05 2023 Sahana Prasad <sahana@redhat.com> - 4.9-5
- Just bumping up the version to include bugs for CVE-2023-2295. There is no
code fix for it. Fix for it is including the code fix for CVE-2023-30570.
- Fix CVE-2023-2295 Regression of CVE-2023-30570 fixes in the
Red Hat Enterprise Linux
- Resolves: rhbz#2189777, rhbz#2190148
* Thu May 04 2023 Sahana Prasad <sahana@redhat.com> - 4.9-4
- Just bumping up the version as an incorrect 9.3 build was created.
- Related: rhbz#2187171
* Thu May 04 2023 Sahana Prasad <sahana@redhat.com> - 4.9-3
- Fix CVE-2023-30570:Malicious IKEv1 Aggressive Mode packets can crash
libreswan
- Resolves: rhbz#2187171
* Tue Apr 4 2023 Daiki Ueno <dueno@redhat.com> - 4.9-2
- Fix CVE-2023-23009: remote DoS via crafted TS payload with an
incorrect selector length (rhbz#2173674)
* Wed Jan 4 2023 Daiki Ueno <dueno@redhat.com> - 4.9-1
- Update to 4.9. Resolves: rhbz#2128669
- Switch to using %%autopatch as in Fedora
* Wed Feb 2 2022 Daiki Ueno <dueno@redhat.com> - 4.6-3
- Drop IKEv1 packets by default, based on the Debian patch
by Daniel Kahn Gillmor (rhbz#2039877)
* Mon Jan 17 2022 Daiki Ueno <dueno@redhat.com> - 4.6-2
- Related: rhbz#2017355 rebuild to reflect gating.yaml change
* Mon Jan 17 2022 Daiki Ueno <dueno@redhat.com> - 4.6-1
- Update to 4.6. Resolves: rhbz#2017355
* Mon Jan 10 2022 Daiki Ueno <dueno@redhat.com> - 4.5-1
- Update to 4.5. Resolves: rhbz#2017355
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 4.4-3.1
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Wed Jul 21 2021 Daiki Ueno <dueno@redhat.com> - 4.4-3
- Backport removal gethostbyname2 uses from the upstream
- Fix issues spotted by covscan (rhbz#1938784)
* Tue Jul 13 2021 Daiki Ueno <dueno@redhat.com> - 4.4-2
- Rebuild with newer GCC to fix annocheck failures
* Thu Jul 1 2021 Daiki Ueno <dueno@redhat.com> - 4.4-1
- Update to 4.4. Resolves: rhbz#1975812
- Port compiler warning suppression by Paul Wouters:
https://src.fedoraproject.org/rpms/libreswan/c/8d7f98d41444ac77c562f735b4b93038f5346ce2?branch=rawhide
* Thu Jun 24 2021 Daiki Ueno <dueno@redhat.com> - 4.2-1.3
- Fix FTBFS with OpenSSL 3.0 (rhbz#1975439)
* Tue Jun 22 2021 Mohan Boddu <mboddu@redhat.com> - 4.2-1.2
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 4.2-1.1
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Wed Feb 03 2021 Paul Wouters <pwouters@redhat.com> - 4.2-1
- Update to 4.2
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.2-0.1.rc1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Sat Dec 19 19:59:55 EST 2020 Paul Wouters <pwouters@redhat.com> - 4.2-0.1.rc1
- Resolves: rhbz#1867580 pluto process frequently dumps core
(disable USE_NSS_KDF until nss fixes have propagated)
* Sat Dec 19 2020 Adam Williamson <awilliam@redhat.com> - 4.1-4
- Rebuild for ldns soname bump
* Mon Nov 23 11:50:41 EST 2020 Paul Wouters <pwouters@redhat.com> - 4.1-3
- Resolves: rhbz#1894381 Libreswan 4.1-2 breaks l2tp connection to Windows VPN server
* Mon Oct 26 10:21:57 EDT 2020 Paul Wouters <pwouters@redhat.com> - 4.1-2
- Resolves: rhbz#1889538 libreswan's /var/lib/ipsec/nss missing
* Sun Oct 18 21:49:39 EDT 2020 Paul Wouters <pwouters@redhat.com> - 4.1-1
- Updated to 4.1 - interop fix for Cisco
* Thu Oct 15 10:27:14 EDT 2020 Paul Wouters <pwouters@redhat.com> - 4.0-1
- Resolves: rhbz#1888448 libreswan-4.0 is available
* Wed Sep 30 14:05:58 EDT 2020 Paul Wouters <pwouters@redhat.com> - 4.0-0.2.rc1
- Rebuild for libevent 2.1.12 with a soname bump
* Sun Sep 27 22:49:40 EDT 2020 Paul Wouters <pwouters@redhat.com> - 4.0-0.1.rc1
- Updated to 4.0rc1
* Thu Aug 27 2020 Paul Wouters <pwouters@redhat.com> - 3.32-4
- Resolves: rhbz#1864043 libreswan: FTBFS in Fedora rawhide/f33
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.32-3.2
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.32-3.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jun 30 2020 Jeff Law <law@redhat.com> - 3.32-3
- Initialize ppk_id_p in ikev2_parent_inR1outI2_tail to avoid uninitialized
object
* Tue May 26 2020 Paul Wouters <pwouters@redhat.com> - 3.32-2
- Backport NSS guarding fix for unannounced changed api in NSS causing segfault
* Mon May 11 2020 Paul Wouters <pwouters@redhat.com> - 3.32-1
- Resolves: rhbz#1809770 libreswan-3.32 is available
* Tue Apr 14 2020 Paul Wouters <pwouters@redhat.com> - 3.31-2
- Resolves: rhbz#1823823 Please drop the dependency on fipscheck
* Tue Mar 03 2020 Paul Wouters <pwouters@redhat.com> - 3.31-1
- Resolves: rhbz#1809770 libreswan-3.31 is available (fixes rekey regression)
* Fri Feb 14 2020 Paul Wouters <pwouters@redhat.com> - 3.30-1
- Resolves: rhbz#1802896 libreswan-3.30 is available
- Resolves: rhbz#1799598 libreswan: FTBFS in Fedora rawhide/f32
- Resolves: rhbz#1760571 [abrt] libreswan: configsetupcheck(): verify:366:configsetupcheck:TypeError:
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.29-2.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Jan 09 2020 Paul Wouters <pwouters@redhat.com> - 3.29-2
- _updown.netkey: fix syntax error in checking routes
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.29-1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Mon Jun 10 2019 Paul Wouters <pwouters@redhat.com> - 3.29-1
- Resolves: rhbz#1718986 Updated to 3.29 for CVE-2019-10155
* Tue May 21 2019 Paul Wouters <pwouters@redhat.com> - 3.28-1
- Updated to 3.28 (many imported bugfixes, including CVE-2019-12312)
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.27-1.2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 3.27-1.1
- Rebuilt for libcrypt.so.2 (#1666033)
* Mon Oct 08 2018 Paul Wouters <pwouters@redhat.com> - 3.27-1
- Updated to 3.27 (various bugfixes)
* Thu Sep 27 2018 Paul Wouters <pwouters@redhat.com> - 3.26-3
- Add fedora python fixup for _unbound-hook
* Mon Sep 17 2018 Paul Wouters <pwouters@redhat.com> - 3.26-2
- linking against freebl is no longer needed (and wasn't done in 3.25)
* Mon Sep 17 2018 Paul Wouters <pwouters@redhat.com> - 3.26-1
- Updated to 3.26 (CHACHA20POLY1305, ECDSA and RSA-PSS support)
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.25-3.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Mon Jul 09 2018 Paul Wouters <pwouters@redhat.com> - 3.25-3
- Fix Opportunistic IPsec _unbound-hook argument parsing
- Make rundir readable for all (so we can hand out permissions later)
* Mon Jul 02 2018 Paul Wouters <pwouters@redhat.com> - 3.25-2
- Relax deleting IKE SA's and IPsec SA's to avoid interop issues with third party VPN vendors
* Wed Jun 27 2018 Paul Wouters <pwouters@redhat.com> - 3.25-1
- Updated to 3.25
* Mon Feb 19 2018 Paul Wouters <pwouters@redhat.com> - 3.23-2
- Support crypto-policies package
- Pull in some patches from upstream and IANA registry updates
- gcc7 format-truncate fixes and workarounds
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.23-1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Jan 25 2018 Paul Wouters <pwouters@redhat.com> - 3.23-1
- Updated to 3.23 - support for MOBIKE, PPK, CMAC, nic offload and performance improvements
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 3.22-1.1
- Rebuilt for switch to libxcrypt
* Mon Oct 23 2017 Paul Wouters <pwouters@redhat.com> - 3.22-1
- Updated to 3.22 - many bugfixes, and unbound ipsecmod support
* Wed Aug 9 2017 Paul Wouters <pwouters@redhat.com> - 3.21-1
- Updated to 3.21
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.20-1.2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.20-1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Tue Mar 14 2017 Paul Wouters <pwouters@redhat.com> - 3.20-1
- Updated to 3.20
* Fri Mar 03 2017 Paul Wouters <pwouters@redhat.com> - 3.20-0.1.dr4
- Update to 3.20dr4 to test mozbz#1336487 export CERT_CompareAVA
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.19-1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Fri Feb 03 2017 Paul Wouters <pwouters@redhat.com> - 3.19-2
- Resolves: rhbz#1392191 libreswan: crash when OSX client connects
- Improved uniqueid and session replacing support
- Test Buffer warning fix on size_t
- Re-introduce --configdir for backwards compatibility
* Sun Jan 15 2017 Paul Wouters <pwouters@redhat.com> - 3.19-1
- Updated to 3.19 (see download.libreswan.org/CHANGES)
* Mon Dec 19 2016 Miro Hrončok <mhroncok@redhat.com> - 3.18-1.1
- Rebuild for Python 3.6
* Fri Jul 29 2016 Paul Wouters <pwouters@redhat.com> - 3.18-1
- Updated to 3.18 for CVE-2016-5391 rhbz#1361164 and VTI support
- Remove support for /etc/sysconfig/pluto (use native systemd instead)
* Thu May 05 2016 Paul Wouters <pwouters@redhat.com> - 3.17-2
- Resolves: rhbz#1324956 prelink is gone, /etc/prelink.conf.d/* is no longer used
* Thu Apr 07 2016 Paul Wouters <pwouters@redhat.com> - 3.17-1
- Updated to 3.17 for CVE-2016-3071
- Disable LIBCAP_NG as it prevents unbound-control from working properly
- Temporarilly disable WERROR due to a few minor known issues
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 3.16-1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Fri Dec 18 2015 Paul Wouters <pwouters@redhat.com> - 3.16-1
- Updated to 3.16 (see https://download.libreswan.org/CHANGES)
* Tue Aug 11 2015 Paul Wouters <pwouters@redhat.com> - 3.15-1
- Updated to 3.15 (see http://download.libreswan.org/CHANGES)
- Resolves: rhbz#CVE-2015-3240 IKE daemon restart when receiving a bad DH gx
- NSS database creation moved from spec file to service file
- Run CAVS tests on package build
- Added BuildRequire systemd-units and xmlto
- Bumped minimum required nss to 3.16.1
- Install tmpfiles
- Install sysctl file
- Update doc files to include
* Mon Jul 13 2015 Paul Wouters <pwouters@redhat.com> - 3.13-2
- Resolves: rhbz#1238967 Switch libreswan to use python3
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.13-1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Mon Jun 01 2015 Paul Wouters <pwouters@redhat.com> - 3.13-1
- Updated to 3.13 for CVE-2015-3204
* Fri Nov 07 2014 Paul Wouters <pwouters@redhat.com> - 3.12-1
- Updated to 3.12 Various IKEv2 fixes
* Wed Oct 22 2014 Paul Wouters <pwouters@redhat.com> - 3.11-1
- Updated to 3.11 (many fixes, including startup fixes)
- Resolves: rhbz#1144941 libreswan 3.10 upgrade breaks old ipsec.secrets configs
- Resolves: rhbz#1147072 ikev1 aggr mode connection fails after libreswan upgrade
- Resolves: rhbz#1144831 Libreswan appears to start with systemd before all the NICs are up and running
* Tue Sep 09 2014 Paul Wouters <pwouters@redhat.com> - 3.10-3
- Fix some coverity issues, auto=route on bootup and snprintf on 32bit machines
* Mon Sep 01 2014 Paul Wouters <pwouters@redhat.com> - 3.10-1
- Updated to 3.10, major bugfix release, new xauth status options
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.9-1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Thu Jul 10 2014 Paul Wouters <pwouters@redhat.com> - 3.9-1
- Updated to 3.9. IKEv2 enhancements, ESP/IKE algo enhancements
- Mark libreswan-fips.conf as config file
- attr modifier for man pages no longer needed
- BUGS file no longer exists upstream
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.8-1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat Jan 18 2014 Paul Wouters <pwouters@redhat.com> - 3.8-1
- Updated to 3.8, fixes rhbz#CVE-2013-6467 (rhbz#1054102)
* Wed Dec 11 2013 Paul Wouters <pwouters@redhat.com> - 3.7-1
- Updated to 3.7, fixes CVE-2013-4564
- Fixes creating a bogus NSS db on startup (rhbz#1005410)
* Thu Oct 31 2013 Paul Wouters <pwouters@redhat.com> - 3.6-1
- Updated to 3.6 (IKEv2, MODECFG, Cisco interop fixes)
- Generate empty NSS db if none exists
* Mon Aug 19 2013 Paul Wouters <pwouters@redhat.com> - 3.5-3
- Add a Provides: for openswan-doc
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.5-1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Mon Jul 15 2013 Paul Wouters <pwouters@redhat.com> - 3.5-2
- Added interop patch for (some?) Cisco VPN clients sending 16 zero
bytes of extraneous IKE data
- Removed fipscheck_version
* Sat Jul 13 2013 Paul Wouters <pwouters@redhat.com> - 3.5-1
- Updated to 3.5
* Thu Jun 06 2013 Paul Wouters <pwouters@redhat.com> - 3.4-1
- Updated to 3.4, which only contains style changes to kernel coding style
- IN MEMORIAM: June 3rd, 2013 Hugh Daniel
* Mon May 13 2013 Paul Wouters <pwouters@redhat.com> - 3.3-1
- Updated to 3.3, which resolves CVE-2013-2052
* Sat Apr 13 2013 Paul Wouters <pwouters@redhat.com> - 3.2-1
- Initial package for Fedora