Merge branch 'c9-beta' into a9-beta

This commit is contained in:
eabdullin 2022-09-28 15:28:47 +00:00 committed by Stepan Oksanichenko
commit 67e05c4f57
32 changed files with 2094 additions and 1164 deletions

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/libguestfs-1.46.1.tar.gz
SOURCES/libguestfs-1.48.4.tar.gz
SOURCES/libguestfs.keyring

View File

@ -1,2 +1,2 @@
156b8a427d03ddfa956fedb69ec00221e891e4c2 SOURCES/libguestfs-1.46.1.tar.gz
a8754a62256ac488eec3e18bed20f570f785d069 SOURCES/libguestfs-1.48.4.tar.gz
1bbc40f501a7fef9eef2a39b701a71aee2fea7c4 SOURCES/libguestfs.keyring

View File

@ -0,0 +1,96 @@
From e3ebd50abde3b05db86c8965868c866152cd3287 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 28 Apr 2022 13:16:54 +0100
Subject: [PATCH] New API: guestfs_device_name returning the drive name
For each drive added, return the name. For example calling this with
index 0 will return the string "/dev/sda". I called it
guestfs_device_name (not drive_name) for consistency with the existing
guestfs_device_index function.
You don't really need to call this function. You can follow the
advice here:
https://libguestfs.org/guestfs.3.html#block-device-naming
and assume that drives are added with predictable names like
"/dev/sda", "/dev/sdb", etc.
However it's useful to expose the internal guestfs_int_drive_name
function since especially handling names beyond index 26 is tricky
(https://rwmj.wordpress.com/2011/01/09/how-are-linux-drives-named-beyond-drive-26-devsdz/)
Fixes: https://github.com/libguestfs/libguestfs/issues/80
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit ac00e603f83802634f1d53b1629aee4670eaf31c)
---
generator/actions_core.ml | 24 +++++++++++++++++++++++-
lib/drives.c | 15 +++++++++++++++
2 files changed, 38 insertions(+), 1 deletion(-)
diff --git a/generator/actions_core.ml b/generator/actions_core.ml
index ce9ee39cc..dc12fdc33 100644
--- a/generator/actions_core.ml
+++ b/generator/actions_core.ml
@@ -737,7 +737,29 @@ returns the index of the device in the list of devices.
Index numbers start from 0. The named device must exist,
for example as a string returned from C<guestfs_list_devices>.
-See also C<guestfs_list_devices>, C<guestfs_part_to_dev>." };
+See also C<guestfs_list_devices>, C<guestfs_part_to_dev>,
+C<guestfs_device_name>." };
+
+ { defaults with
+ name = "device_name"; added = (1, 49, 1);
+ style = RString (RPlainString, "name"), [Int "index"], [];
+ tests = [
+ InitEmpty, Always, TestResult (
+ [["device_name"; "0"]], "STREQ (ret, \"/dev/sda\")"), [];
+ InitEmpty, Always, TestResult (
+ [["device_name"; "1"]], "STREQ (ret, \"/dev/sdb\")"), [];
+ InitEmpty, Always, TestLastFail (
+ [["device_name"; "99"]]), []
+ ];
+ shortdesc = "convert device index to name";
+ longdesc = "\
+This function takes a device index and returns the device
+name. For example index C<0> will return the string C</dev/sda>.
+
+The drive index must have been added to the handle.
+
+See also C<guestfs_list_devices>, C<guestfs_part_to_dev>,
+C<guestfs_device_index>." };
{ defaults with
name = "shutdown"; added = (1, 19, 16);
diff --git a/lib/drives.c b/lib/drives.c
index fd95308d2..a6179fc36 100644
--- a/lib/drives.c
+++ b/lib/drives.c
@@ -31,6 +31,7 @@
#include <netdb.h>
#include <arpa/inet.h>
#include <assert.h>
+#include <errno.h>
#include <libintl.h>
#include "c-ctype.h"
@@ -1084,3 +1085,17 @@ guestfs_impl_device_index (guestfs_h *g, const char *device)
error (g, _("%s: device not found"), device);
return r;
}
+
+char *
+guestfs_impl_device_name (guestfs_h *g, int index)
+{
+ char drive_name[64];
+
+ if (index < 0 || index >= g->nr_drives) {
+ guestfs_int_error_errno (g, EINVAL, _("drive index out of range"));
+ return NULL;
+ }
+
+ guestfs_int_drive_name (index, drive_name);
+ return safe_asprintf (g, "/dev/sd%s", drive_name);
+}
--
2.31.1

View File

@ -1,39 +0,0 @@
From 336ecfab3bb1e14deea9ade891fb772e0698f8d8 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Fri, 1 Oct 2021 14:53:38 +0200
Subject: [PATCH] daemon/inspect_fs_unix: recognize modern Pardus GNU/Linux
releases
Recent Pardus releases seem to have abandoned the original
"/etc/pardus-release" file, which the current Pardus detection, from
commit 233530d3541d ("inspect: Add detection of Pardus.", 2010-10-29), is
based upon.
Instead, Pardus apparently adopted the "/etc/os-release" specification
<https://www.freedesktop.org/software/systemd/man/os-release.html>, with
"ID=pardus". Extend the "distro_of_os_release_id" function accordingly.
Keep the original method for recognizing earlier releases.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1993842
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20211001125338.8956-1-lersek@redhat.com>
Acked-by: Richard W.M. Jones <rjones@redhat.com>
---
daemon/inspect_fs_unix.ml | 1 +
1 file changed, 1 insertion(+)
diff --git a/daemon/inspect_fs_unix.ml b/daemon/inspect_fs_unix.ml
index 557f32833..652bacc0f 100644
--- a/daemon/inspect_fs_unix.ml
+++ b/daemon/inspect_fs_unix.ml
@@ -151,6 +151,7 @@ and distro_of_os_release_id = function
| "openmandriva" -> Some DISTRO_OPENMANDRIVA
| "opensuse" -> Some DISTRO_OPENSUSE
| s when String.is_prefix s "opensuse-" -> Some DISTRO_OPENSUSE
+ | "pardus" -> Some DISTRO_PARDUS
| "pld" -> Some DISTRO_PLD_LINUX
| "rhel" -> Some DISTRO_RHEL
| "sles" | "sled" -> Some DISTRO_SLES
--
2.31.1

View File

@ -1,100 +0,0 @@
From 3db4dd1804b72575789a67f22a86d6085a141310 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 13 Oct 2021 18:30:23 +0200
Subject: [PATCH] daemon: inspection: Add support for Kylin (RHBZ#1995391).
Similar-to: cd08039d2427b584237265237c713d8cf46536a0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20211013163023.21786-1-lersek@redhat.com>
Acked-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 305b02e7e74afc3777b2291783cd7634fb76ecaf)
---
daemon/inspect_fs.ml | 2 ++
daemon/inspect_fs_unix.ml | 1 +
daemon/inspect_types.ml | 2 ++
daemon/inspect_types.mli | 1 +
generator/actions_inspection.ml | 4 ++++
5 files changed, 10 insertions(+)
diff --git a/daemon/inspect_fs.ml b/daemon/inspect_fs.ml
index 02b5a0470..77f0f6aea 100644
--- a/daemon/inspect_fs.ml
+++ b/daemon/inspect_fs.ml
@@ -275,6 +275,7 @@ and check_package_format { distro } =
Some PACKAGE_FORMAT_RPM
| Some DISTRO_DEBIAN
| Some DISTRO_KALI_LINUX
+ | Some DISTRO_KYLIN (* supposedly another Ubuntu derivative *)
| Some DISTRO_LINUX_MINT
| Some DISTRO_UBUNTU ->
Some PACKAGE_FORMAT_DEB
@@ -345,6 +346,7 @@ and check_package_management { distro; version } =
| Some DISTRO_ALTLINUX
| Some DISTRO_DEBIAN
| Some DISTRO_KALI_LINUX
+ | Some DISTRO_KYLIN (* supposedly another Ubuntu derivative *)
| Some DISTRO_LINUX_MINT
| Some DISTRO_UBUNTU ->
Some PACKAGE_MANAGEMENT_APT
diff --git a/daemon/inspect_fs_unix.ml b/daemon/inspect_fs_unix.ml
index 652bacc0f..7f6eb92e9 100644
--- a/daemon/inspect_fs_unix.ml
+++ b/daemon/inspect_fs_unix.ml
@@ -146,6 +146,7 @@ and distro_of_os_release_id = function
| "frugalware" -> Some DISTRO_FRUGALWARE
| "gentoo" -> Some DISTRO_GENTOO
| "kali" -> Some DISTRO_KALI_LINUX
+ | "kylin" -> Some DISTRO_KYLIN
| "mageia" -> Some DISTRO_MAGEIA
| "neokylin" -> Some DISTRO_NEOKYLIN
| "openmandriva" -> Some DISTRO_OPENMANDRIVA
diff --git a/daemon/inspect_types.ml b/daemon/inspect_types.ml
index 18e410ce0..e2bc7165c 100644
--- a/daemon/inspect_types.ml
+++ b/daemon/inspect_types.ml
@@ -79,6 +79,7 @@ and distro =
| DISTRO_FRUGALWARE
| DISTRO_GENTOO
| DISTRO_KALI_LINUX
+ | DISTRO_KYLIN
| DISTRO_LINUX_MINT
| DISTRO_MAGEIA
| DISTRO_MANDRIVA
@@ -211,6 +212,7 @@ and string_of_distro = function
| DISTRO_FRUGALWARE -> "frugalware"
| DISTRO_GENTOO -> "gentoo"
| DISTRO_KALI_LINUX -> "kalilinux"
+ | DISTRO_KYLIN -> "kylin"
| DISTRO_LINUX_MINT -> "linuxmint"
| DISTRO_MAGEIA -> "mageia"
| DISTRO_MANDRIVA -> "mandriva"
diff --git a/daemon/inspect_types.mli b/daemon/inspect_types.mli
index d12f7a61a..43c79818f 100644
--- a/daemon/inspect_types.mli
+++ b/daemon/inspect_types.mli
@@ -86,6 +86,7 @@ and distro =
| DISTRO_FRUGALWARE
| DISTRO_GENTOO
| DISTRO_KALI_LINUX
+ | DISTRO_KYLIN
| DISTRO_LINUX_MINT
| DISTRO_MAGEIA
| DISTRO_MANDRIVA
diff --git a/generator/actions_inspection.ml b/generator/actions_inspection.ml
index 690afd460..0c6d39b43 100644
--- a/generator/actions_inspection.ml
+++ b/generator/actions_inspection.ml
@@ -214,6 +214,10 @@ Gentoo.
Kali Linux.
+=item \"kylin\"
+
+Kylin.
+
=item \"linuxmint\"
Linux Mint.
--
2.31.1

View File

@ -0,0 +1,565 @@
From b97b90779d5ea261d5e737f073bb4ec5dc546511 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Mon, 2 May 2022 10:56:00 +0200
Subject: [PATCH] guestfs_readdir(): rewrite with FileOut transfer, to lift
protocol limit
Currently the guestfs_readdir() API can not list long directories, due to
it sending back the whole directory listing in a single guestfs protocol
response, which is limited to GUESTFS_MESSAGE_MAX (approx. 4MB) in size.
Introduce the "internal_readdir" action, for transferring the directory
listing from the daemon to the library through a FileOut parameter.
Rewrite guestfs_readdir() on top of this new internal function:
- The new "internal_readdir" action is a daemon action. Do not repurpose
the "readdir" proc_nr (138) for "internal_readdir", as some distros ship
the binary appliance to their users, and reusing the proc_nr could
create a mismatch between library & appliance with obscure symptoms.
Replace the old proc_nr (138) with a new proc_nr (511) instead; a
mismatch would then produce a clear error message. Assume the new action
will first be released in libguestfs-1.48.2.
- Turn "readdir" from a daemon action into a non-daemon one. Call the
daemon action guestfs_internal_readdir() manually, receive the FileOut
parameter into a temp file, then deserialize the dirents array from the
temp file.
This patch sneakily fixes an independent bug, too. In the pre-patch
do_readdir() function [daemon/readdir.c], when readdir() returns NULL, we
don't distinguish "end of directory stream" from "readdir() failed". This
rewrite fixes this problem -- I didn't see much value separating out the
fix for the original do_readdir().
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1674392
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220502085601.15012-2-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 45b7f1736b64e9f0741e21e5a9d83a837bd863bf)
---
TODO | 8 ---
daemon/readdir.c | 132 +++++++++++++++++++-------------------
generator/actions_core.ml | 127 +++++++++++++++++++-----------------
generator/proc_nr.ml | 2 +-
lib/MAX_PROC_NR | 2 +-
lib/Makefile.am | 1 +
lib/readdir.c | 131 +++++++++++++++++++++++++++++++++++++
7 files changed, 267 insertions(+), 136 deletions(-)
create mode 100644 lib/readdir.c
diff --git a/TODO b/TODO
index a50f7d73c..513e55f92 100644
--- a/TODO
+++ b/TODO
@@ -484,14 +484,6 @@ this approach works, it doesn't solve the MBR problem, so likely we'd
have to write a library for that (or perhaps go back to sfdisk but
using a very abstracted interface over sfdisk).
-Reimplement some APIs to avoid protocol limits
-----------------------------------------------
-
-Mostly this item was done (eg. commits a69f44f56f and before). The
-most notable API with a protocol limit remaining is:
-
- - guestfs_readdir
-
hivex
-----
diff --git a/daemon/readdir.c b/daemon/readdir.c
index e488f93e7..9ab0b0aec 100644
--- a/daemon/readdir.c
+++ b/daemon/readdir.c
@@ -16,77 +16,67 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-#include <config.h>
+#include <config.h> /* HAVE_STRUCT_DIRENT_D_TYPE */
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <dirent.h>
+#include <dirent.h> /* readdir() */
+#include <errno.h> /* errno */
+#include <rpc/xdr.h> /* xdrmem_create() */
+#include <stdio.h> /* perror() */
+#include <stdlib.h> /* malloc() */
+#include <sys/types.h> /* opendir() */
-#include "daemon.h"
-#include "actions.h"
+#include "daemon.h" /* reply_with_perror() */
-static void
-free_int_dirent_list (guestfs_int_dirent *p, size_t len)
+/* Has one FileOut parameter. */
+int
+do_internal_readdir (const char *dir)
{
- size_t i;
+ int ret;
+ DIR *dirstream;
+ void *xdr_buf;
+ XDR xdr;
- for (i = 0; i < len; ++i) {
- free (p[i].name);
- }
- free (p);
-}
-
-guestfs_int_dirent_list *
-do_readdir (const char *path)
-{
- guestfs_int_dirent_list *ret;
- guestfs_int_dirent v;
- DIR *dir;
- struct dirent *d;
- size_t i;
-
- ret = malloc (sizeof *ret);
- if (ret == NULL) {
- reply_with_perror ("malloc");
- return NULL;
- }
-
- ret->guestfs_int_dirent_list_len = 0;
- ret->guestfs_int_dirent_list_val = NULL;
+ /* Prepare to fail. */
+ ret = -1;
CHROOT_IN;
- dir = opendir (path);
+ dirstream = opendir (dir);
CHROOT_OUT;
- if (dir == NULL) {
- reply_with_perror ("opendir: %s", path);
- free (ret);
- return NULL;
+ if (dirstream == NULL) {
+ reply_with_perror ("opendir: %s", dir);
+ return ret;
}
- i = 0;
- while ((d = readdir (dir)) != NULL) {
- guestfs_int_dirent *p;
+ xdr_buf = malloc (GUESTFS_MAX_CHUNK_SIZE);
+ if (xdr_buf == NULL) {
+ reply_with_perror ("malloc");
+ goto close_dir;
+ }
+ xdrmem_create (&xdr, xdr_buf, GUESTFS_MAX_CHUNK_SIZE, XDR_ENCODE);
+
+ /* Send an "OK" reply, before starting the file transfer. */
+ reply (NULL, NULL);
+
+ /* From this point on, we can only report errors by canceling the file
+ * transfer.
+ */
+ for (;;) {
+ struct dirent *d;
+ guestfs_int_dirent v;
+
+ errno = 0;
+ d = readdir (dirstream);
+ if (d == NULL) {
+ if (errno == 0)
+ ret = 0;
+ else
+ perror ("readdir");
- p = realloc (ret->guestfs_int_dirent_list_val,
- sizeof (guestfs_int_dirent) * (i+1));
- v.name = strdup (d->d_name);
- if (!p || !v.name) {
- reply_with_perror ("allocate");
- if (p) {
- free_int_dirent_list (p, i);
- } else {
- free_int_dirent_list (ret->guestfs_int_dirent_list_val, i);
- }
- free (v.name);
- free (ret);
- closedir (dir);
- return NULL;
+ break;
}
- ret->guestfs_int_dirent_list_val = p;
+ v.name = d->d_name;
v.ino = d->d_ino;
#ifdef HAVE_STRUCT_DIRENT_D_TYPE
switch (d->d_type) {
@@ -104,19 +94,29 @@ do_readdir (const char *path)
v.ftyp = 'u';
#endif
- ret->guestfs_int_dirent_list_val[i] = v;
+ if (!xdr_guestfs_int_dirent (&xdr, &v)) {
+ fprintf (stderr, "xdr_guestfs_int_dirent failed\n");
+ break;
+ }
- i++;
+ if (send_file_write (xdr_buf, xdr_getpos (&xdr)) != 0)
+ break;
+
+ xdr_setpos (&xdr, 0);
}
- ret->guestfs_int_dirent_list_len = i;
+ /* Finish or cancel the transfer. Note that if (ret == -1) because the library
+ * canceled, we still need to cancel back!
+ */
+ send_file_end (ret == -1);
- if (closedir (dir) == -1) {
- reply_with_perror ("closedir");
- free (ret->guestfs_int_dirent_list_val);
- free (ret);
- return NULL;
- }
+ xdr_destroy (&xdr);
+ free (xdr_buf);
+
+close_dir:
+ if (closedir (dirstream) == -1)
+ /* Best we can do here is log an error. */
+ perror ("closedir");
return ret;
}
diff --git a/generator/actions_core.ml b/generator/actions_core.ml
index dc12fdc33..807150615 100644
--- a/generator/actions_core.ml
+++ b/generator/actions_core.ml
@@ -141,6 +141,66 @@ only useful for printing debug and internal error messages.
For more information on states, see L<guestfs(3)>." };
+ { defaults with
+ name = "readdir"; added = (1, 0, 55);
+ style = RStructList ("entries", "dirent"), [String (Pathname, "dir")], [];
+ progress = true; cancellable = true;
+ shortdesc = "read directories entries";
+ longdesc = "\
+This returns the list of directory entries in directory C<dir>.
+
+All entries in the directory are returned, including C<.> and
+C<..>. The entries are I<not> sorted, but returned in the same
+order as the underlying filesystem.
+
+Also this call returns basic file type information about each
+file. The C<ftyp> field will contain one of the following characters:
+
+=over 4
+
+=item 'b'
+
+Block special
+
+=item 'c'
+
+Char special
+
+=item 'd'
+
+Directory
+
+=item 'f'
+
+FIFO (named pipe)
+
+=item 'l'
+
+Symbolic link
+
+=item 'r'
+
+Regular file
+
+=item 's'
+
+Socket
+
+=item 'u'
+
+Unknown file type
+
+=item '?'
+
+The L<readdir(3)> call returned a C<d_type> field with an
+unexpected value
+
+=back
+
+This function is primarily intended for use by programs. To
+get a simple list of names, use C<guestfs_ls>. To get a printable
+directory for human consumption, use C<guestfs_ll>." };
+
{ defaults with
name = "version"; added = (1, 0, 58);
style = RStruct ("version", "version"), [], [];
@@ -3939,66 +3999,6 @@ L<umask(2)>, C<guestfs_mknod>, C<guestfs_mkdir>.
This call returns the previous umask." };
- { defaults with
- name = "readdir"; added = (1, 0, 55);
- style = RStructList ("entries", "dirent"), [String (Pathname, "dir")], [];
- protocol_limit_warning = true;
- shortdesc = "read directories entries";
- longdesc = "\
-This returns the list of directory entries in directory C<dir>.
-
-All entries in the directory are returned, including C<.> and
-C<..>. The entries are I<not> sorted, but returned in the same
-order as the underlying filesystem.
-
-Also this call returns basic file type information about each
-file. The C<ftyp> field will contain one of the following characters:
-
-=over 4
-
-=item 'b'
-
-Block special
-
-=item 'c'
-
-Char special
-
-=item 'd'
-
-Directory
-
-=item 'f'
-
-FIFO (named pipe)
-
-=item 'l'
-
-Symbolic link
-
-=item 'r'
-
-Regular file
-
-=item 's'
-
-Socket
-
-=item 'u'
-
-Unknown file type
-
-=item '?'
-
-The L<readdir(3)> call returned a C<d_type> field with an
-unexpected value
-
-=back
-
-This function is primarily intended for use by programs. To
-get a simple list of names, use C<guestfs_ls>. To get a printable
-directory for human consumption, use C<guestfs_ll>." };
-
{ defaults with
name = "getxattrs"; added = (1, 0, 59);
style = RStructList ("xattrs", "xattr"), [String (Pathname, "path")], [];
@@ -9713,4 +9713,11 @@ C<guestfs_cryptsetup_open>. The C<device> parameter must be
the name of the mapping device (ie. F</dev/mapper/mapname>)
and I<not> the name of the underlying block device." };
+ { defaults with
+ name = "internal_readdir"; added = (1, 48, 2);
+ style = RErr, [String (Pathname, "dir"); String (FileOut, "filename")], [];
+ visibility = VInternal;
+ shortdesc = "read directories entries";
+ longdesc = "Internal function for readdir." };
+
]
diff --git a/generator/proc_nr.ml b/generator/proc_nr.ml
index b20672ff0..bdced51c9 100644
--- a/generator/proc_nr.ml
+++ b/generator/proc_nr.ml
@@ -152,7 +152,6 @@ let proc_nr = [
135, "mknod_b";
136, "mknod_c";
137, "umask";
-138, "readdir";
139, "sfdiskM";
140, "zfile";
141, "getxattrs";
@@ -514,6 +513,7 @@ let proc_nr = [
508, "cryptsetup_open";
509, "cryptsetup_close";
510, "internal_list_rpm_applications";
+511, "internal_readdir";
]
(* End of list. If adding a new entry, add it at the end of the list
diff --git a/lib/MAX_PROC_NR b/lib/MAX_PROC_NR
index 2bc4cd64b..c0556fb20 100644
--- a/lib/MAX_PROC_NR
+++ b/lib/MAX_PROC_NR
@@ -1 +1 @@
-510
+511
diff --git a/lib/Makefile.am b/lib/Makefile.am
index 144c45588..212bcb94a 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -105,6 +105,7 @@ libguestfs_la_SOURCES = \
private-data.c \
proto.c \
qemu.c \
+ readdir.c \
rescue.c \
stringsbuf.c \
structs-compare.c \
diff --git a/lib/readdir.c b/lib/readdir.c
new file mode 100644
index 000000000..9cb0d7cf6
--- /dev/null
+++ b/lib/readdir.c
@@ -0,0 +1,131 @@
+/* libguestfs
+ * Copyright (C) 2016-2022 Red Hat Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <config.h> /* UNIX_PATH_MAX, needed by "guestfs-internal.h" */
+
+#include <rpc/xdr.h> /* xdrstdio_create() */
+#include <stdint.h> /* UINT32_MAX */
+#include <stdio.h> /* fopen() */
+#include <string.h> /* memset() */
+
+#include "guestfs.h" /* guestfs_internal_readdir() */
+#include "guestfs_protocol.h" /* guestfs_int_dirent */
+#include "guestfs-internal.h" /* guestfs_int_make_temp_path() */
+#include "guestfs-internal-actions.h" /* guestfs_impl_readdir */
+
+struct guestfs_dirent_list *
+guestfs_impl_readdir (guestfs_h *g, const char *dir)
+{
+ struct guestfs_dirent_list *ret;
+ char *tmpfn;
+ FILE *f;
+ off_t fsize;
+ XDR xdr;
+ struct guestfs_dirent_list *dirents;
+ uint32_t alloc_entries;
+ size_t alloc_bytes;
+
+ /* Prepare to fail. */
+ ret = NULL;
+
+ tmpfn = guestfs_int_make_temp_path (g, "readdir", NULL);
+ if (tmpfn == NULL)
+ return ret;
+
+ if (guestfs_internal_readdir (g, dir, tmpfn) == -1)
+ goto drop_tmpfile;
+
+ f = fopen (tmpfn, "r");
+ if (f == NULL) {
+ perrorf (g, "fopen: %s", tmpfn);
+ goto drop_tmpfile;
+ }
+
+ if (fseeko (f, 0, SEEK_END) == -1) {
+ perrorf (g, "fseeko");
+ goto close_tmpfile;
+ }
+ fsize = ftello (f);
+ if (fsize == -1) {
+ perrorf (g, "ftello");
+ goto close_tmpfile;
+ }
+ if (fseeko (f, 0, SEEK_SET) == -1) {
+ perrorf (g, "fseeko");
+ goto close_tmpfile;
+ }
+
+ xdrstdio_create (&xdr, f, XDR_DECODE);
+
+ dirents = safe_malloc (g, sizeof *dirents);
+ dirents->len = 0;
+ alloc_entries = 8;
+ alloc_bytes = alloc_entries * sizeof *dirents->val;
+ dirents->val = safe_malloc (g, alloc_bytes);
+
+ while (xdr_getpos (&xdr) < fsize) {
+ guestfs_int_dirent v;
+ struct guestfs_dirent *d;
+
+ if (dirents->len == alloc_entries) {
+ if (alloc_entries > UINT32_MAX / 2 || alloc_bytes > (size_t)-1 / 2) {
+ error (g, "integer overflow");
+ goto free_dirents;
+ }
+ alloc_entries *= 2u;
+ alloc_bytes *= 2u;
+ dirents->val = safe_realloc (g, dirents->val, alloc_bytes);
+ }
+
+ /* Decoding does not work unless the target buffer is zero-initialized. */
+ memset (&v, 0, sizeof v);
+ if (!xdr_guestfs_int_dirent (&xdr, &v)) {
+ error (g, "xdr_guestfs_int_dirent failed");
+ goto free_dirents;
+ }
+
+ d = &dirents->val[dirents->len];
+ d->ino = v.ino;
+ d->ftyp = v.ftyp;
+ d->name = v.name; /* transfer malloc'd string to "d" */
+
+ dirents->len++;
+ }
+
+ /* Success; transfer "dirents" to "ret". */
+ ret = dirents;
+ dirents = NULL;
+
+ /* Clean up. */
+ xdr_destroy (&xdr);
+
+free_dirents:
+ guestfs_free_dirent_list (dirents);
+
+close_tmpfile:
+ fclose (f);
+
+drop_tmpfile:
+ /* In case guestfs_internal_readdir() failed, it may or may not have created
+ * the temporary file.
+ */
+ unlink (tmpfn);
+ free (tmpfn);
+
+ return ret;
+}
--
2.31.1

View File

@ -1,209 +0,0 @@
From a98532ac7d6c79889703603d9f4ab008f0febd53 Mon Sep 17 00:00:00 2001
From: Neil Hanlon <neil@resf.org>
Date: Fri, 10 Dec 2021 08:50:48 +0000
Subject: [PATCH] Add detection support for Rocky Linux (CentOS/RHEL-like)
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2030709
Thanks: label@rockylinux.org
---
RWMJ notes: I fixed the original patch so it compiled. This patch
sets osinfo to "rocky8", which doesn't exist in the osinfo db yet.
Arguably we might want to set this to "centos8", but we can see what
libosinfo decides to do. Here is partial virt-inspector output on a
Rocky Linux disk image:
$ ./run virt-inspector -a disk.img
<?xml version="1.0"?>
<operatingsystems>
<operatingsystem>
<root>/dev/rl/root</root>
<name>linux</name>
<arch>x86_64</arch>
<distro>rocky</distro>
<product_name>Rocky Linux 8.5 (Green Obsidian)</product_name>
<major_version>8</major_version>
<minor_version>5</minor_version>
<package_format>rpm</package_format>
<package_management>dnf</package_management>
<hostname>localhost.localdomain</hostname>
<osinfo>rocky8</osinfo>
<mountpoints>
<mountpoint dev="/dev/rl/root">/</mountpoint>
<mountpoint dev="/dev/sda1">/boot</mountpoint>
</mountpoints>
<filesystems>
<filesystem dev="/dev/rl/root">
<type>xfs</type>
<uuid>fed8331f-9f25-40cd-883e-090cd640559d</uuid>
</filesystem>
<filesystem dev="/dev/rl/swap">
<type>swap</type>
<uuid>6da2c121-ea7d-49ce-98a3-14a37fceaadd</uuid>
</filesystem>
<filesystem dev="/dev/sda1">
<type>xfs</type>
<uuid>4efafe61-2d20-4d93-8055-537e09bfd033</uuid>
</filesystem>
</filesystems>
(cherry picked from commit 631962c0e88a321646846be91d0fbea1ba14e263)
---
daemon/inspect_fs.ml | 2 ++
daemon/inspect_fs_unix.ml | 13 ++++++++++++-
daemon/inspect_types.ml | 2 ++
daemon/inspect_types.mli | 1 +
generator/actions_inspection.ml | 4 ++++
lib/inspect-icon.c | 1 +
lib/inspect-osinfo.c | 4 ++++
7 files changed, 26 insertions(+), 1 deletion(-)
diff --git a/daemon/inspect_fs.ml b/daemon/inspect_fs.ml
index 77f0f6aea..9c73d97ef 100644
--- a/daemon/inspect_fs.ml
+++ b/daemon/inspect_fs.ml
@@ -259,6 +259,7 @@ and check_package_format { distro } =
| None -> None
| Some DISTRO_ALTLINUX
| Some DISTRO_CENTOS
+ | Some DISTRO_ROCKY
| Some DISTRO_FEDORA
| Some DISTRO_MAGEIA
| Some DISTRO_MANDRIVA
@@ -329,6 +330,7 @@ and check_package_management { distro; version } =
Some PACKAGE_MANAGEMENT_DNF
| Some DISTRO_CENTOS
+ | Some DISTRO_ROCKY
| Some DISTRO_ORACLE_LINUX
| Some DISTRO_REDHAT_BASED
| Some DISTRO_RHEL
diff --git a/daemon/inspect_fs_unix.ml b/daemon/inspect_fs_unix.ml
index 7f6eb92e9..63cb279d0 100644
--- a/daemon/inspect_fs_unix.ml
+++ b/daemon/inspect_fs_unix.ml
@@ -32,6 +32,8 @@ let re_rhel_no_minor = PCRE.compile "Red Hat.*release (\\d+)"
let re_centos_old = PCRE.compile "CentOS.*release (\\d+).*Update (\\d+)"
let re_centos = PCRE.compile "CentOS.*release (\\d+)\\.(\\d+)"
let re_centos_no_minor = PCRE.compile "CentOS.*release (\\d+)"
+let re_rocky = PCRE.compile "Rocky Linux.*release (\\d+)\\.(\\d+)"
+let re_rocky_no_minor = PCRE.compile "Rocky Linux.*release (\\d+)"
let re_scientific_linux_old =
PCRE.compile "Scientific Linux.*release (\\d+).*Update (\\d+)"
let re_scientific_linux =
@@ -106,7 +108,7 @@ let rec parse_os_release release_file data =
* we detect that situation then bail out and use the release
* files instead.
*)
- | { distro = Some (DISTRO_DEBIAN|DISTRO_CENTOS);
+ | { distro = Some (DISTRO_DEBIAN|DISTRO_CENTOS|DISTRO_ROCKY);
version = Some (_, 0) } ->
false
@@ -155,6 +157,7 @@ and distro_of_os_release_id = function
| "pardus" -> Some DISTRO_PARDUS
| "pld" -> Some DISTRO_PLD_LINUX
| "rhel" -> Some DISTRO_RHEL
+ | "rocky" -> Some DISTRO_ROCKY
| "sles" | "sled" -> Some DISTRO_SLES
| "ubuntu" -> Some DISTRO_UBUNTU
| "void" -> Some DISTRO_VOID_LINUX
@@ -405,6 +408,10 @@ let linux_root_tests : tests = [
DISTRO_CENTOS;
"/etc/centos-release", parse_generic ~rex:re_centos_no_minor
DISTRO_CENTOS;
+ "/etc/rocky-release", parse_generic ~rex:re_rocky
+ DISTRO_ROCKY;
+ "/etc/rocky-release", parse_generic ~rex:re_rocky_no_minor
+ DISTRO_ROCKY;
"/etc/altlinux-release", parse_generic DISTRO_ALTLINUX;
"/etc/redhat-release", parse_generic ~rex:re_fedora
DISTRO_FEDORA;
@@ -420,6 +427,10 @@ let linux_root_tests : tests = [
DISTRO_CENTOS;
"/etc/redhat-release", parse_generic ~rex:re_centos_no_minor
DISTRO_CENTOS;
+ "/etc/redhat-release", parse_generic ~rex:re_rocky
+ DISTRO_ROCKY;
+ "/etc/redhat-release", parse_generic ~rex:re_rocky_no_minor
+ DISTRO_ROCKY;
"/etc/redhat-release", parse_generic ~rex:re_scientific_linux_old
DISTRO_SCIENTIFIC_LINUX;
"/etc/redhat-release", parse_generic ~rex:re_scientific_linux
diff --git a/daemon/inspect_types.ml b/daemon/inspect_types.ml
index e2bc7165c..9395c51f9 100644
--- a/daemon/inspect_types.ml
+++ b/daemon/inspect_types.ml
@@ -95,6 +95,7 @@ and distro =
| DISTRO_PLD_LINUX
| DISTRO_REDHAT_BASED
| DISTRO_RHEL
+ | DISTRO_ROCKY
| DISTRO_SCIENTIFIC_LINUX
| DISTRO_SLACKWARE
| DISTRO_SLES
@@ -228,6 +229,7 @@ and string_of_distro = function
| DISTRO_PLD_LINUX -> "pldlinux"
| DISTRO_REDHAT_BASED -> "redhat-based"
| DISTRO_RHEL -> "rhel"
+ | DISTRO_ROCKY -> "rocky"
| DISTRO_SCIENTIFIC_LINUX -> "scientificlinux"
| DISTRO_SLACKWARE -> "slackware"
| DISTRO_SLES -> "sles"
diff --git a/daemon/inspect_types.mli b/daemon/inspect_types.mli
index 43c79818f..29c76e8ab 100644
--- a/daemon/inspect_types.mli
+++ b/daemon/inspect_types.mli
@@ -102,6 +102,7 @@ and distro =
| DISTRO_PLD_LINUX
| DISTRO_REDHAT_BASED
| DISTRO_RHEL
+ | DISTRO_ROCKY
| DISTRO_SCIENTIFIC_LINUX
| DISTRO_SLACKWARE
| DISTRO_SLES
diff --git a/generator/actions_inspection.ml b/generator/actions_inspection.ml
index 0c6d39b43..f8b744993 100644
--- a/generator/actions_inspection.ml
+++ b/generator/actions_inspection.ml
@@ -278,6 +278,10 @@ Some Red Hat-derived distro.
Red Hat Enterprise Linux.
+=item \"rocky\"
+
+Rocky Linux.
+
=item \"scientificlinux\"
Scientific Linux.
diff --git a/lib/inspect-icon.c b/lib/inspect-icon.c
index 725af574b..3bffa4f80 100644
--- a/lib/inspect-icon.c
+++ b/lib/inspect-icon.c
@@ -138,6 +138,7 @@ guestfs_impl_inspect_get_icon (guestfs_h *g, const char *root, size_t *size_r,
else if (STREQ (distro, "rhel") ||
STREQ (distro, "redhat-based") ||
STREQ (distro, "centos") ||
+ STREQ (distro, "rocky") ||
STREQ (distro, "scientificlinux") ||
STREQ (distro, "oraclelinux")) {
r = icon_rhel (g, guestfs_inspect_get_major_version (g, root), &size);
diff --git a/lib/inspect-osinfo.c b/lib/inspect-osinfo.c
index db38d87f7..90e57e6df 100644
--- a/lib/inspect-osinfo.c
+++ b/lib/inspect-osinfo.c
@@ -47,6 +47,10 @@ guestfs_impl_inspect_get_osinfo (guestfs_h *g, const char *root)
else if (major == 6)
return safe_asprintf (g, "%s%d.%d", distro, major, minor);
}
+ else if (STREQ (distro, "rocky")) {
+ if (major >= 8)
+ return safe_asprintf (g, "%s%d", distro, major);
+ }
else if (STREQ (distro, "debian")) {
if (major >= 4)
return safe_asprintf (g, "%s%d", distro, major);
--
2.31.1

View File

@ -0,0 +1,108 @@
From 62cd6c9d2dd62dd24cc04b16437bfb816a6f4357 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Mon, 2 May 2022 10:56:01 +0200
Subject: [PATCH] guestfs_readdir(): minimize the number of send_file_write()
calls
In guestfs_readdir(), the daemon currently sends each XDR-encoded
"guestfs_int_dirent" to the library with a separate send_file_write()
call.
Determine the largest encoded size (from the longest filename that a
"guestfs_int_dirent" could carry, from readdir()'s "struct dirent"), and
batch up the XDR encodings until the next encoding might not fit in
GUESTFS_MAX_CHUNK_SIZE. Call send_file_write() only then.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1674392
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220502085601.15012-3-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 4864d21cb8eb991f0fc98d03a068173837cba50e)
---
daemon/readdir.c | 38 ++++++++++++++++++++++++++++++++------
1 file changed, 32 insertions(+), 6 deletions(-)
diff --git a/daemon/readdir.c b/daemon/readdir.c
index 9ab0b0aec..3084ba939 100644
--- a/daemon/readdir.c
+++ b/daemon/readdir.c
@@ -35,6 +35,9 @@ do_internal_readdir (const char *dir)
DIR *dirstream;
void *xdr_buf;
XDR xdr;
+ struct dirent fill;
+ guestfs_int_dirent v;
+ unsigned max_encoded;
/* Prepare to fail. */
ret = -1;
@@ -55,6 +58,20 @@ do_internal_readdir (const char *dir)
}
xdrmem_create (&xdr, xdr_buf, GUESTFS_MAX_CHUNK_SIZE, XDR_ENCODE);
+ /* Calculate the max number of bytes a "guestfs_int_dirent" can be encoded to.
+ */
+ memset (fill.d_name, 'a', sizeof fill.d_name - 1);
+ fill.d_name[sizeof fill.d_name - 1] = '\0';
+ v.ino = INT64_MAX;
+ v.ftyp = '?';
+ v.name = fill.d_name;
+ if (!xdr_guestfs_int_dirent (&xdr, &v)) {
+ fprintf (stderr, "xdr_guestfs_int_dirent failed\n");
+ goto release_xdr;
+ }
+ max_encoded = xdr_getpos (&xdr);
+ xdr_setpos (&xdr, 0);
+
/* Send an "OK" reply, before starting the file transfer. */
reply (NULL, NULL);
@@ -63,7 +80,6 @@ do_internal_readdir (const char *dir)
*/
for (;;) {
struct dirent *d;
- guestfs_int_dirent v;
errno = 0;
d = readdir (dirstream);
@@ -94,22 +110,32 @@ do_internal_readdir (const char *dir)
v.ftyp = 'u';
#endif
+ /* Flush "xdr_buf" if we may not have enough room for encoding "v". */
+ if (GUESTFS_MAX_CHUNK_SIZE - xdr_getpos (&xdr) < max_encoded) {
+ if (send_file_write (xdr_buf, xdr_getpos (&xdr)) != 0)
+ break;
+
+ xdr_setpos (&xdr, 0);
+ }
+
if (!xdr_guestfs_int_dirent (&xdr, &v)) {
fprintf (stderr, "xdr_guestfs_int_dirent failed\n");
break;
}
-
- if (send_file_write (xdr_buf, xdr_getpos (&xdr)) != 0)
- break;
-
- xdr_setpos (&xdr, 0);
}
+ /* Flush "xdr_buf" if the loop completed successfully and "xdr_buf" is not
+ * empty. */
+ if (ret == 0 && xdr_getpos (&xdr) > 0 &&
+ send_file_write (xdr_buf, xdr_getpos (&xdr)) != 0)
+ ret = -1;
+
/* Finish or cancel the transfer. Note that if (ret == -1) because the library
* canceled, we still need to cancel back!
*/
send_file_end (ret == -1);
+release_xdr:
xdr_destroy (&xdr);
free (xdr_buf);
--
2.31.1

View File

@ -1,65 +0,0 @@
From 43e0fdd6cb94370e74b1214c7550aa98b8307409 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 23 Dec 2021 11:36:59 +0100
Subject: [PATCH] launch-libvirt: place our virtio-net-pci device in slot 0x1e
The <qemu:commandline> trick we use for adding our virtio-net-pci device
in the libvirt backend can conflict with libvirtd's and QEMU's PCI address
assignment. Try to mitigate that by placing our device in slot 0x1e on the
root bus. In practice this could only conflict with a "dmi-to-pci-bridge"
device model, which libvirtd itself places in slot 0x1e. However, given
the XMLs we generate, and modern QEMU versions, libvirtd has no reason to
auto-add "dmi-to-pci-bridge". Refer to
<https://libvirt.org/formatdomain.html#controllers>.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2034160
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20211223103701.12702-2-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
Tested-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 5ce5ef6a97a58c5e906083ad4e944545712b3f3f)
---
lib/guestfs-internal.h | 11 +++++++++++
lib/launch-libvirt.c | 4 +++-
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/lib/guestfs-internal.h b/lib/guestfs-internal.h
index 4097b33fd..8eb2dd3ad 100644
--- a/lib/guestfs-internal.h
+++ b/lib/guestfs-internal.h
@@ -172,6 +172,17 @@ cleanup_mutex_unlock (pthread_mutex_t **ptr)
#define VIRTIO_DEVICE_NAME(type) type "-pci"
#endif
+/* Place the virtio-net controller in slot 0x1e on the root bus, on normal
+ * hardware with PCI. Refer to RHBZ#2034160.
+ */
+#ifdef HAVE_LIBVIRT_BACKEND
+#if defined(__arm__) || defined(__s390x__)
+#define VIRTIO_NET_PCI_ADDR ""
+#else
+#define VIRTIO_NET_PCI_ADDR ",addr=1e.0"
+#endif
+#endif
+
/* Guestfs handle and associated structures. */
/* State. */
diff --git a/lib/launch-libvirt.c b/lib/launch-libvirt.c
index 194530c49..9e8336938 100644
--- a/lib/launch-libvirt.c
+++ b/lib/launch-libvirt.c
@@ -1851,7 +1851,9 @@ construct_libvirt_xml_qemu_cmdline (guestfs_h *g,
} end_element ();
start_element ("qemu:arg") {
- attribute ("value", VIRTIO_DEVICE_NAME ("virtio-net") ",netdev=usernet");
+ attribute ("value", (VIRTIO_DEVICE_NAME ("virtio-net")
+ ",netdev=usernet"
+ VIRTIO_NET_PCI_ADDR));
} end_element ();
}
--
2.31.1

View File

@ -0,0 +1,123 @@
From e4901a4e83f0ab59a525095d2fe1c7f1a38c0aac Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 4 May 2022 15:41:52 +0200
Subject: [PATCH] lib: launch-direct: ignore drive "iface" parameter
Rich said in <https://bugzilla.redhat.com/show_bug.cgi?id=1844341#c1>:
> The libvirt backend has never allowed the iface parameter. We should
> probably ignore it in the direct backend since it's never been possible
> to use this parameter correctly.
Remove the handling of "iface" in the direct (QEMU) backend. Refresh the
documentation regarding both backends.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1844341
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220504134155.11832-2-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 3eb830dbaee12c8dc4566cab226ed2af0e0f2d8c)
---
generator/actions_core_deprecated.ml | 8 +++-
lib/launch-direct.c | 59 ++++++----------------------
2 files changed, 19 insertions(+), 48 deletions(-)
diff --git a/generator/actions_core_deprecated.ml b/generator/actions_core_deprecated.ml
index 00dde3d2a..f1040a0e9 100644
--- a/generator/actions_core_deprecated.ml
+++ b/generator/actions_core_deprecated.ml
@@ -73,7 +73,9 @@ of C<guestfs_add_drive_ro>." };
shortdesc = "add a drive specifying the QEMU block emulation to use";
longdesc = "\
This is the same as C<guestfs_add_drive> but it allows you
-to specify the QEMU interface emulation to use at run time." };
+to specify the QEMU interface emulation to use at run time.
+The libvirt backend rejects a non-empty C<iface> argument.
+The direct backend ignores C<iface>." };
{ defaults with
name = "add_drive_ro_with_if"; added = (1, 0, 84);
@@ -83,7 +85,9 @@ to specify the QEMU interface emulation to use at run time." };
shortdesc = "add a drive read-only specifying the QEMU block emulation to use";
longdesc = "\
This is the same as C<guestfs_add_drive_ro> but it allows you
-to specify the QEMU interface emulation to use at run time." };
+to specify the QEMU interface emulation to use at run time.
+The libvirt backend rejects a non-empty C<iface> argument.
+The direct backend ignores C<iface>." };
{ defaults with
name = "lstatlist"; added = (1, 0, 77);
diff --git a/lib/launch-direct.c b/lib/launch-direct.c
index b292b9c26..ff0eaeb62 100644
--- a/lib/launch-direct.c
+++ b/lib/launch-direct.c
@@ -296,52 +296,19 @@ static int
add_drive (guestfs_h *g, struct backend_direct_data *data,
struct qemuopts *qopts, size_t i, struct drive *drv)
{
- /* If there's an explicit 'iface', use it. Otherwise default to
- * virtio-scsi.
- */
- if (drv->iface && STREQ (drv->iface, "virtio")) { /* virtio-blk */
- start_list ("-drive") {
- if (add_drive_standard_params (g, data, qopts, i, drv) == -1)
- return -1;
- append_list ("if=none");
- } end_list ();
- start_list ("-device") {
- append_list (VIRTIO_DEVICE_NAME ("virtio-blk"));
- append_list_format ("drive=hd%zu", i);
- if (drv->disk_label)
- append_list_format ("serial=%s", drv->disk_label);
- if (add_device_blocksize_params (g, qopts, drv) == -1)
- return -1;
- } end_list ();
- }
-#if defined(__arm__) || defined(__aarch64__) || defined(__powerpc__)
- else if (drv->iface && STREQ (drv->iface, "ide")) {
- error (g, "'ide' interface does not work on ARM or PowerPC");
- return -1;
- }
-#endif
- else if (drv->iface) {
- start_list ("-drive") {
- if (add_drive_standard_params (g, data, qopts, i, drv) == -1)
- return -1;
- append_list_format ("if=%s", drv->iface);
- } end_list ();
- }
- else /* default case: virtio-scsi */ {
- start_list ("-drive") {
- if (add_drive_standard_params (g, data, qopts, i, drv) == -1)
- return -1;
- append_list ("if=none");
- } end_list ();
- start_list ("-device") {
- append_list ("scsi-hd");
- append_list_format ("drive=hd%zu", i);
- if (drv->disk_label)
- append_list_format ("serial=%s", drv->disk_label);
- if (add_device_blocksize_params (g, qopts, drv) == -1)
- return -1;
- } end_list ();
- }
+ start_list ("-drive") {
+ if (add_drive_standard_params (g, data, qopts, i, drv) == -1)
+ return -1;
+ append_list ("if=none");
+ } end_list ();
+ start_list ("-device") {
+ append_list ("scsi-hd");
+ append_list_format ("drive=hd%zu", i);
+ if (drv->disk_label)
+ append_list_format ("serial=%s", drv->disk_label);
+ if (add_device_blocksize_params (g, qopts, drv) == -1)
+ return -1;
+ } end_list ();
return 0;
--
2.31.1

View File

@ -0,0 +1,245 @@
From f13297315495144775f6249e9e24dc5f18f6f902 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 4 May 2022 15:41:53 +0200
Subject: [PATCH] lib: drive_create_data, drive: remove field "iface"
Representing "iface" in the "drive_create_data" and "drive" structures is
now useless; the direct backend ignores "iface", while the libvirt one
rejects it unless it is empty. Unify both backends -- make them both
ignore "iface". (Which only relaxes the libvirt backend, so it cannot
cause compatibility problems.) This lets us remove the fields. Update the
documentation as well.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1844341
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220504134155.11832-3-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit f68eaee1d6c41f91e7dfd2aa9e7d238cca7b8a4c)
---
generator/actions_core_deprecated.ml | 6 ++----
lib/drives.c | 31 +++++-----------------------
lib/guestfs-internal.h | 1 -
lib/launch-libvirt.c | 6 ------
lib/libvirt-domain.c | 15 --------------
5 files changed, 7 insertions(+), 52 deletions(-)
diff --git a/generator/actions_core_deprecated.ml b/generator/actions_core_deprecated.ml
index f1040a0e9..c23f4a330 100644
--- a/generator/actions_core_deprecated.ml
+++ b/generator/actions_core_deprecated.ml
@@ -74,8 +74,7 @@ of C<guestfs_add_drive_ro>." };
longdesc = "\
This is the same as C<guestfs_add_drive> but it allows you
to specify the QEMU interface emulation to use at run time.
-The libvirt backend rejects a non-empty C<iface> argument.
-The direct backend ignores C<iface>." };
+Both the direct and the libvirt backends ignore C<iface>." };
{ defaults with
name = "add_drive_ro_with_if"; added = (1, 0, 84);
@@ -86,8 +85,7 @@ The direct backend ignores C<iface>." };
longdesc = "\
This is the same as C<guestfs_add_drive_ro> but it allows you
to specify the QEMU interface emulation to use at run time.
-The libvirt backend rejects a non-empty C<iface> argument.
-The direct backend ignores C<iface>." };
+Both the direct and the libvirt backends ignore C<iface>." };
{ defaults with
name = "lstatlist"; added = (1, 0, 77);
diff --git a/lib/drives.c b/lib/drives.c
index a6179fc36..8fe46a41c 100644
--- a/lib/drives.c
+++ b/lib/drives.c
@@ -53,7 +53,6 @@ struct drive_create_data {
const char *secret;
bool readonly;
const char *format;
- const char *iface;
const char *name;
const char *disk_label;
const char *cachemode;
@@ -110,7 +109,6 @@ create_drive_file (guestfs_h *g,
drv->src.format = data->format ? safe_strdup (g, data->format) : NULL;
drv->readonly = data->readonly;
- drv->iface = data->iface ? safe_strdup (g, data->iface) : NULL;
drv->name = data->name ? safe_strdup (g, data->name) : NULL;
drv->disk_label = data->disk_label ? safe_strdup (g, data->disk_label) : NULL;
drv->cachemode = data->cachemode ? safe_strdup (g, data->cachemode) : NULL;
@@ -147,7 +145,6 @@ create_drive_non_file (guestfs_h *g,
drv->src.format = data->format ? safe_strdup (g, data->format) : NULL;
drv->readonly = data->readonly;
- drv->iface = data->iface ? safe_strdup (g, data->iface) : NULL;
drv->name = data->name ? safe_strdup (g, data->name) : NULL;
drv->disk_label = data->disk_label ? safe_strdup (g, data->disk_label) : NULL;
drv->cachemode = data->cachemode ? safe_strdup (g, data->cachemode) : NULL;
@@ -470,7 +467,6 @@ free_drive_struct (struct drive *drv)
{
free_drive_source (&drv->src);
free (drv->overlay);
- free (drv->iface);
free (drv->name);
free (drv->disk_label);
free (drv->cachemode);
@@ -511,14 +507,12 @@ drive_to_string (guestfs_h *g, const struct drive *drv)
s_blocksize = safe_asprintf (g, "%d", drv->blocksize);
return safe_asprintf
- (g, "%s%s%s%s protocol=%s%s%s%s%s%s%s%s%s%s%s%s%s",
+ (g, "%s%s%s%s protocol=%s%s%s%s%s%s%s%s%s%s%s",
drv->src.u.path,
drv->readonly ? " readonly" : "",
drv->src.format ? " format=" : "",
drv->src.format ? : "",
guestfs_int_drive_protocol_to_string (drv->src.protocol),
- drv->iface ? " iface=" : "",
- drv->iface ? : "",
drv->name ? " name=" : "",
drv->name ? : "",
drv->disk_label ? " label=" : "",
@@ -747,8 +741,6 @@ guestfs_impl_add_drive_opts (guestfs_h *g, const char *filename,
? optargs->readonly : false;
data.format = optargs->bitmask & GUESTFS_ADD_DRIVE_OPTS_FORMAT_BITMASK
? optargs->format : NULL;
- data.iface = optargs->bitmask & GUESTFS_ADD_DRIVE_OPTS_IFACE_BITMASK
- ? optargs->iface : NULL;
data.name = optargs->bitmask & GUESTFS_ADD_DRIVE_OPTS_NAME_BITMASK
? optargs->name : NULL;
data.disk_label = optargs->bitmask & GUESTFS_ADD_DRIVE_OPTS_LABEL_BITMASK
@@ -804,12 +796,6 @@ guestfs_impl_add_drive_opts (guestfs_h *g, const char *filename,
free_drive_servers (data.servers, data.nr_servers);
return -1;
}
- if (data.iface && !VALID_FORMAT_IFACE (data.iface)) {
- error (g, _("%s parameter is empty or contains disallowed characters"),
- "iface");
- free_drive_servers (data.servers, data.nr_servers);
- return -1;
- }
if (data.disk_label && !VALID_DISK_LABEL (data.disk_label)) {
error (g, _("label parameter is empty, too long, or contains disallowed characters"));
free_drive_servers (data.servers, data.nr_servers);
@@ -935,24 +921,17 @@ guestfs_impl_add_drive_ro (guestfs_h *g, const char *filename)
int
guestfs_impl_add_drive_with_if (guestfs_h *g, const char *filename,
- const char *iface)
+ const char *iface ATTRIBUTE_UNUSED)
{
- const struct guestfs_add_drive_opts_argv optargs = {
- .bitmask = GUESTFS_ADD_DRIVE_OPTS_IFACE_BITMASK,
- .iface = iface,
- };
-
- return guestfs_add_drive_opts_argv (g, filename, &optargs);
+ return guestfs_add_drive_opts_argv (g, filename, NULL);
}
int
guestfs_impl_add_drive_ro_with_if (guestfs_h *g, const char *filename,
- const char *iface)
+ const char *iface ATTRIBUTE_UNUSED)
{
const struct guestfs_add_drive_opts_argv optargs = {
- .bitmask = GUESTFS_ADD_DRIVE_OPTS_IFACE_BITMASK
- | GUESTFS_ADD_DRIVE_OPTS_READONLY_BITMASK,
- .iface = iface,
+ .bitmask = GUESTFS_ADD_DRIVE_OPTS_READONLY_BITMASK,
.readonly = true,
};
diff --git a/lib/guestfs-internal.h b/lib/guestfs-internal.h
index 5bb00bc10..16755cfb3 100644
--- a/lib/guestfs-internal.h
+++ b/lib/guestfs-internal.h
@@ -298,7 +298,6 @@ struct drive {
/* Various per-drive flags. */
bool readonly;
- char *iface;
char *name;
char *disk_label;
char *cachemode;
diff --git a/lib/launch-libvirt.c b/lib/launch-libvirt.c
index de342b425..03d69e027 100644
--- a/lib/launch-libvirt.c
+++ b/lib/launch-libvirt.c
@@ -1472,12 +1472,6 @@ construct_libvirt_xml_disk (guestfs_h *g,
const char *type, *uuid;
int r;
- /* XXX We probably could support this if we thought about it some more. */
- if (drv->iface) {
- error (g, _("iface parameter is not supported by the libvirt backend"));
- return -1;
- }
-
start_element ("disk") {
attribute ("device", "disk");
diff --git a/lib/libvirt-domain.c b/lib/libvirt-domain.c
index 3050680fa..fafbf50ea 100644
--- a/lib/libvirt-domain.c
+++ b/lib/libvirt-domain.c
@@ -68,7 +68,6 @@ guestfs_impl_add_domain (guestfs_h *g, const char *domain_name,
int live;
int allowuuid;
const char *readonlydisk;
- const char *iface;
const char *cachemode;
const char *discard;
bool copyonread;
@@ -78,8 +77,6 @@ guestfs_impl_add_domain (guestfs_h *g, const char *domain_name,
? optargs->libvirturi : NULL;
readonly = optargs->bitmask & GUESTFS_ADD_DOMAIN_READONLY_BITMASK
? optargs->readonly : 0;
- iface = optargs->bitmask & GUESTFS_ADD_DOMAIN_IFACE_BITMASK
- ? optargs->iface : NULL;
live = optargs->bitmask & GUESTFS_ADD_DOMAIN_LIVE_BITMASK
? optargs->live : 0;
allowuuid = optargs->bitmask & GUESTFS_ADD_DOMAIN_ALLOWUUID_BITMASK
@@ -136,10 +133,6 @@ guestfs_impl_add_domain (guestfs_h *g, const char *domain_name,
optargs2.bitmask |= GUESTFS_ADD_LIBVIRT_DOM_READONLY_BITMASK;
optargs2.readonly = readonly;
}
- if (iface) {
- optargs2.bitmask |= GUESTFS_ADD_LIBVIRT_DOM_IFACE_BITMASK;
- optargs2.iface = iface;
- }
if (live) {
error (g, _("libguestfs live support was removed in libguestfs 1.48"));
goto cleanup;
@@ -193,7 +186,6 @@ guestfs_impl_add_libvirt_dom (guestfs_h *g, void *domvp,
virDomainPtr dom = domvp;
ssize_t r;
int readonly;
- const char *iface;
const char *cachemode;
const char *discard;
bool copyonread;
@@ -208,9 +200,6 @@ guestfs_impl_add_libvirt_dom (guestfs_h *g, void *domvp,
readonly =
optargs->bitmask & GUESTFS_ADD_LIBVIRT_DOM_READONLY_BITMASK
? optargs->readonly : 0;
- iface =
- optargs->bitmask & GUESTFS_ADD_LIBVIRT_DOM_IFACE_BITMASK
- ? optargs->iface : NULL;
live =
optargs->bitmask & GUESTFS_ADD_LIBVIRT_DOM_LIVE_BITMASK
? optargs->live : 0;
@@ -289,10 +278,6 @@ guestfs_impl_add_libvirt_dom (guestfs_h *g, void *domvp,
data.optargs.bitmask = 0;
data.readonly = readonly;
data.readonlydisk = readonlydisk;
- if (iface) {
- data.optargs.bitmask |= GUESTFS_ADD_DRIVE_OPTS_IFACE_BITMASK;
- data.optargs.iface = iface;
- }
if (cachemode) {
data.optargs.bitmask |= GUESTFS_ADD_DRIVE_OPTS_CACHEMODE_BITMASK;
data.optargs.cachemode = cachemode;
--
2.31.1

View File

@ -1,70 +0,0 @@
From 80899629519139a7eb86842942a9471d05eb4112 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 23 Dec 2021 11:37:00 +0100
Subject: [PATCH] lib: extract NETWORK_ADDRESS and NETWORK_PREFIX as macros
The 169.254.0.0/16 network specification (for the appliance) is currently
duplicated between the direct backend and the libvirt backend. In a
subsequent patch, we're going to need the network specification in yet
another spot; extract it now to the NETWORK_ADDRESS and NETWORK_PREFIX
macros (simply as strings).
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2034160
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20211223103701.12702-3-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
Tested-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 216de164e091a5c36403f24901698044a43ae0d9)
---
lib/guestfs-internal.h | 6 ++++++
lib/launch-direct.c | 2 +-
lib/launch-libvirt.c | 3 ++-
3 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/lib/guestfs-internal.h b/lib/guestfs-internal.h
index 8eb2dd3ad..e24d570f5 100644
--- a/lib/guestfs-internal.h
+++ b/lib/guestfs-internal.h
@@ -183,6 +183,12 @@ cleanup_mutex_unlock (pthread_mutex_t **ptr)
#endif
#endif
+/* Network address and network mask (expressed as address prefix) that the
+ * appliance will see (if networking is enabled).
+ */
+#define NETWORK_ADDRESS "169.254.0.0"
+#define NETWORK_PREFIX "16"
+
/* Guestfs handle and associated structures. */
/* State. */
diff --git a/lib/launch-direct.c b/lib/launch-direct.c
index e5b9a5611..4f038f4f0 100644
--- a/lib/launch-direct.c
+++ b/lib/launch-direct.c
@@ -689,7 +689,7 @@ launch_direct (guestfs_h *g, void *datav, const char *arg)
start_list ("-netdev") {
append_list ("user");
append_list ("id=usernet");
- append_list ("net=169.254.0.0/16");
+ append_list ("net=" NETWORK_ADDRESS "/" NETWORK_PREFIX);
} end_list ();
start_list ("-device") {
append_list (VIRTIO_DEVICE_NAME ("virtio-net"));
diff --git a/lib/launch-libvirt.c b/lib/launch-libvirt.c
index 9e8336938..266d88824 100644
--- a/lib/launch-libvirt.c
+++ b/lib/launch-libvirt.c
@@ -1843,7 +1843,8 @@ construct_libvirt_xml_qemu_cmdline (guestfs_h *g,
} end_element ();
start_element ("qemu:arg") {
- attribute ("value", "user,id=usernet,net=169.254.0.0/16");
+ attribute ("value",
+ "user,id=usernet,net=" NETWORK_ADDRESS "/" NETWORK_PREFIX);
} end_element ();
start_element ("qemu:arg") {
--
2.31.1

View File

@ -1,91 +0,0 @@
From a18bc12081bcebf2d78883d1c6981c454149bb39 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 23 Dec 2021 11:37:01 +0100
Subject: [PATCH] launch-libvirt: add virtio-net via the standard <interface>
element
Starting with version 3.8.0, libvirt allows us to specify the network
address and network mask (as prefix) for SLIRP directly via the
<interface> element in the domain XML:
<https://libvirt.org/formatdomain.html#userspace-slirp-stack>. This means
we don't need the <qemu:commandline> hack for virtio-net on such versions.
Restrict the hack in construct_libvirt_xml_qemu_cmdline() to
libvirt<3.8.0, and generate the proper <interface> element in
construct_libvirt_xml_devices() on libvirt>=3.8.0.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2034160
Suggested-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20211223103701.12702-4-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
Tested-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 5858c2cf6c24b3776e3867eafd9d86a1f4912d9c)
---
lib/guestfs-internal.h | 3 ++-
lib/launch-libvirt.c | 27 +++++++++++++++++++++++++--
2 files changed, 27 insertions(+), 3 deletions(-)
diff --git a/lib/guestfs-internal.h b/lib/guestfs-internal.h
index e24d570f5..4a19e5c6b 100644
--- a/lib/guestfs-internal.h
+++ b/lib/guestfs-internal.h
@@ -173,7 +173,8 @@ cleanup_mutex_unlock (pthread_mutex_t **ptr)
#endif
/* Place the virtio-net controller in slot 0x1e on the root bus, on normal
- * hardware with PCI. Refer to RHBZ#2034160.
+ * hardware with PCI. Necessary only before libvirt 3.8.0. Refer to
+ * RHBZ#2034160.
*/
#ifdef HAVE_LIBVIRT_BACKEND
#if defined(__arm__) || defined(__s390x__)
diff --git a/lib/launch-libvirt.c b/lib/launch-libvirt.c
index 266d88824..cc714c02e 100644
--- a/lib/launch-libvirt.c
+++ b/lib/launch-libvirt.c
@@ -1413,6 +1413,28 @@ construct_libvirt_xml_devices (guestfs_h *g,
} end_element ();
} end_element ();
+ /* Virtio-net NIC with SLIRP (= userspace) back-end, if networking is
+ * enabled. Starting with libvirt 3.8.0, we can specify the network address
+ * and prefix for SLIRP in the domain XML. Therefore, we can add the NIC
+ * via the standard <interface> element rather than <qemu:commandline>, and
+ * so libvirt can manage the PCI address of the virtio-net NIC like the PCI
+ * addresses of all other devices. Refer to RHBZ#2034160.
+ */
+ if (g->enable_network &&
+ guestfs_int_version_ge (&params->data->libvirt_version, 3, 8, 0)) {
+ start_element ("interface") {
+ attribute ("type", "user");
+ start_element ("model") {
+ attribute ("type", "virtio");
+ } end_element ();
+ start_element ("ip") {
+ attribute ("family", "ipv4");
+ attribute ("address", NETWORK_ADDRESS);
+ attribute ("prefix", NETWORK_PREFIX);
+ } end_element ();
+ } end_element ();
+ }
+
/* Libvirt adds some devices by default. Indicate to libvirt
* that we don't want them.
*/
@@ -1835,9 +1857,10 @@ construct_libvirt_xml_qemu_cmdline (guestfs_h *g,
} end_element ();
/* Workaround because libvirt user networking cannot specify "net="
- * parameter.
+ * parameter. Necessary only before libvirt 3.8.0; refer to RHBZ#2034160.
*/
- if (g->enable_network) {
+ if (g->enable_network &&
+ !guestfs_int_version_ge (&params->data->libvirt_version, 3, 8, 0)) {
start_element ("qemu:arg") {
attribute ("value", "-netdev");
} end_element ();
--
2.31.1

View File

@ -0,0 +1,82 @@
From f408b24d8d8f5b5f4e1a25c1046c3a18107c8d80 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 4 May 2022 15:41:54 +0200
Subject: [PATCH] lib: rename VALID_FORMAT_IFACE to VALID_FORMAT
We no longer use VALID_FORMAT_IFACE for validating "iface"; rename the
macro to reflect that we only check "format" with it.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1844341
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220504134155.11832-4-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit c8e3caf9e6000ea2f5cfbe30ffe1240317bb4578)
---
lib/drives.c | 4 ++--
lib/unit-tests.c | 16 ++++++++--------
2 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/lib/drives.c b/lib/drives.c
index 8fe46a41c..c5a208468 100644
--- a/lib/drives.c
+++ b/lib/drives.c
@@ -593,7 +593,7 @@ guestfs_int_free_drives (guestfs_h *g)
* Check string parameter matches regular expression
* C<^[-_[:alnum:]]+$> (in C locale).
*/
-#define VALID_FORMAT_IFACE(str) \
+#define VALID_FORMAT(str) \
guestfs_int_string_is_valid ((str), 1, 0, \
VALID_FLAG_ALPHA|VALID_FLAG_DIGIT, "-_")
@@ -790,7 +790,7 @@ guestfs_impl_add_drive_opts (guestfs_h *g, const char *filename,
return -1;
}
- if (data.format && !VALID_FORMAT_IFACE (data.format)) {
+ if (data.format && !VALID_FORMAT (data.format)) {
error (g, _("%s parameter is empty or contains disallowed characters"),
"format");
free_drive_servers (data.servers, data.nr_servers);
diff --git a/lib/unit-tests.c b/lib/unit-tests.c
index 62457ccba..0e550cb98 100644
--- a/lib/unit-tests.c
+++ b/lib/unit-tests.c
@@ -434,7 +434,7 @@ test_stringsbuf (void)
}
/* Use the same macros as in lib/drives.c */
-#define VALID_FORMAT_IFACE(str) \
+#define VALID_FORMAT(str) \
guestfs_int_string_is_valid ((str), 1, 0, \
VALID_FLAG_ALPHA|VALID_FLAG_DIGIT, "-_")
#define VALID_DISK_LABEL(str) \
@@ -446,18 +446,18 @@ test_stringsbuf (void)
static void
test_valid (void)
{
- assert (!VALID_FORMAT_IFACE (""));
+ assert (!VALID_FORMAT (""));
assert (!VALID_DISK_LABEL (""));
assert (!VALID_HOSTNAME (""));
assert (!VALID_DISK_LABEL ("012345678901234567890"));
- assert (VALID_FORMAT_IFACE ("abc"));
- assert (VALID_FORMAT_IFACE ("ABC"));
- assert (VALID_FORMAT_IFACE ("abc123"));
- assert (VALID_FORMAT_IFACE ("abc123-"));
- assert (VALID_FORMAT_IFACE ("abc123_"));
- assert (!VALID_FORMAT_IFACE ("abc123."));
+ assert (VALID_FORMAT ("abc"));
+ assert (VALID_FORMAT ("ABC"));
+ assert (VALID_FORMAT ("abc123"));
+ assert (VALID_FORMAT ("abc123-"));
+ assert (VALID_FORMAT ("abc123_"));
+ assert (!VALID_FORMAT ("abc123."));
assert (VALID_DISK_LABEL ("abc"));
assert (VALID_DISK_LABEL ("ABC"));
--
2.31.1

View File

@ -1,55 +0,0 @@
From dabee87775ee919a8ae930ca5f03c7bb4b7616e6 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Fri, 21 Dec 2012 15:50:11 +0000
Subject: [PATCH] RHEL: Remove libguestfs live (RHBZ#798980).
This isn't supported in RHEL.
Disable daemon tests that require the 'unix' backend.
---
lib/launch-unix.c | 7 +++++++
tests/Makefile.am | 3 ---
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/lib/launch-unix.c b/lib/launch-unix.c
index 0d344f9df..74dd1bb4a 100644
--- a/lib/launch-unix.c
+++ b/lib/launch-unix.c
@@ -37,6 +37,12 @@
static int
launch_unix (guestfs_h *g, void *datav, const char *sockpath)
{
+ error (g,
+ "launch: In RHEL, only the 'libvirt' or 'direct' method is supported.\n"
+ "In particular, \"libguestfs live\" is not supported.");
+ return -1;
+
+#if 0
int r, daemon_sock = -1;
struct sockaddr_un addr;
uint32_t size;
@@ -106,6 +112,7 @@ launch_unix (guestfs_h *g, void *datav, const char *sockpath)
g->conn = NULL;
}
return -1;
+#endif
}
static int
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 690e09b5e..919e2f248 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -328,9 +328,6 @@ EXTRA_DIST += create/test-disk-create.sh
check_DATA = daemon/captive-daemon.pm
-TESTS += \
- daemon/test-daemon-start.pl \
- daemon/test-btrfs.pl
EXTRA_DIST += \
daemon/test-daemon-start.pl \
daemon/test-btrfs.pl
--
2.31.1

View File

@ -0,0 +1,74 @@
From 431ca828e9f7d7a6c7e315b410f381304986ba44 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 4 May 2022 15:41:55 +0200
Subject: [PATCH] tests/regressions: remove "iface"-based restrictions
Now that "iface" is ignored by both backends, the regression tests for
RHBZ 690819 and 975797 can be enabled on all arches (regardless of
backend).
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1844341
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220504134155.11832-5-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit ddf276884c04418a32902689cf8fc3506be3ca4b)
---
tests/regressions/rhbz690819.sh | 10 +++-------
tests/regressions/rhbz975797.sh | 10 +++-------
2 files changed, 6 insertions(+), 14 deletions(-)
diff --git a/tests/regressions/rhbz690819.sh b/tests/regressions/rhbz690819.sh
index e6f61d00d..9e1bcda84 100755
--- a/tests/regressions/rhbz690819.sh
+++ b/tests/regressions/rhbz690819.sh
@@ -19,18 +19,14 @@
# https://bugzilla.redhat.com/show_bug.cgi?id=690819
# mkfs fails creating a filesytem on a disk device when using a disk
# with 'ide' interface
+#
+# The 'iface' parameter is now ignored:
+# https://bugzilla.redhat.com/show_bug.cgi?id=1844341
set -e
$TEST_FUNCTIONS
skip_if_skipped
-# These architectures don't support the 'ide' interface.
-skip_if_arch arm
-skip_if_arch aarch64
-skip_if_arch ppc64
-skip_if_arch ppc64le
-skip_if_arch s390x
-skip_if_backend libvirt
rm -f rhbz690819.img
diff --git a/tests/regressions/rhbz975797.sh b/tests/regressions/rhbz975797.sh
index c676abfa3..feecf1f2b 100755
--- a/tests/regressions/rhbz975797.sh
+++ b/tests/regressions/rhbz975797.sh
@@ -19,18 +19,14 @@
# Regression test for:
# https://bugzilla.redhat.com/show_bug.cgi?id=975797
# Ensure the appliance doesn't hang when using the 'iface' parameter.
+#
+# The 'iface' parameter is now ignored:
+# https://bugzilla.redhat.com/show_bug.cgi?id=1844341
set -e
$TEST_FUNCTIONS
skip_if_skipped
-# These architectures don't support the 'ide' interface.
-skip_if_arch arm
-skip_if_arch aarch64
-skip_if_arch ppc64
-skip_if_arch ppc64le
-skip_if_arch s390x
-skip_if_backend libvirt
rm -f rhbz975797-*.img
--
2.31.1

View File

@ -1,329 +0,0 @@
From 8d426264789f4b2ab5557087a39973e6fbc20983 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 18 Jul 2013 18:31:53 +0100
Subject: [PATCH] RHEL: Remove 9p APIs from RHEL (RHBZ#921710).
---
daemon/9p.c | 182 --------------------------------------
daemon/Makefile.am | 1 -
docs/C_SOURCE_FILES | 1 -
generator/actions_core.ml | 21 -----
generator/proc_nr.ml | 2 -
gobject/Makefile.inc | 2 -
po/POTFILES | 2 -
tests/Makefile.am | 1 -
8 files changed, 212 deletions(-)
delete mode 100644 daemon/9p.c
diff --git a/daemon/9p.c b/daemon/9p.c
deleted file mode 100644
index 9a3a5cfdf..000000000
--- a/daemon/9p.c
+++ /dev/null
@@ -1,182 +0,0 @@
-/* libguestfs - the guestfsd daemon
- * Copyright (C) 2011 Red Hat Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-
-#include <config.h>
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <limits.h>
-#include <errno.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <dirent.h>
-#include <fcntl.h>
-
-#include "ignore-value.h"
-
-#include "daemon.h"
-#include "actions.h"
-
-#define BUS_PATH "/sys/bus/virtio/drivers/9pnet_virtio"
-
-static void
-modprobe_9pnet_virtio (void)
-{
- /* Required with Linux 5.6 and maybe earlier kernels. For unclear
- * reasons the module is not an automatic dependency of the 9p
- * module so doesn't get loaded automatically.
- */
- ignore_value (command (NULL, NULL, "modprobe", "9pnet_virtio", NULL));
-}
-
-/* https://bugzilla.redhat.com/show_bug.cgi?id=714981#c1 */
-char **
-do_list_9p (void)
-{
- CLEANUP_FREE_STRINGSBUF DECLARE_STRINGSBUF (r);
- DIR *dir;
-
- modprobe_9pnet_virtio ();
-
- dir = opendir (BUS_PATH);
- if (!dir) {
- perror ("opendir: " BUS_PATH);
- if (errno != ENOENT) {
- reply_with_perror ("opendir: " BUS_PATH);
- return NULL;
- }
-
- /* If this directory doesn't exist, it probably means that
- * the virtio driver isn't loaded. Don't return an error
- * in this case, but return an empty list.
- */
- if (end_stringsbuf (&r) == -1)
- return NULL;
-
- return take_stringsbuf (&r);
- }
-
- while (1) {
- struct dirent *d;
-
- errno = 0;
- d = readdir (dir);
- if (d == NULL) break;
-
- if (STRPREFIX (d->d_name, "virtio")) {
- CLEANUP_FREE char *mount_tag_path = NULL;
- if (asprintf (&mount_tag_path, BUS_PATH "/%s/mount_tag",
- d->d_name) == -1) {
- reply_with_perror ("asprintf");
- closedir (dir);
- return NULL;
- }
-
- /* A bit unclear, but it looks like the virtio transport allows
- * the mount tag length to be unlimited (or up to 65536 bytes).
- * See: linux/include/linux/virtio_9p.h
- */
- CLEANUP_FREE char *mount_tag = read_whole_file (mount_tag_path, NULL);
- if (mount_tag == 0)
- continue;
-
- if (add_string (&r, mount_tag) == -1) {
- closedir (dir);
- return NULL;
- }
- }
- }
-
- /* Check readdir didn't fail */
- if (errno != 0) {
- reply_with_perror ("readdir: " BUS_PATH);
- closedir (dir);
- return NULL;
- }
-
- /* Close the directory handle */
- if (closedir (dir) == -1) {
- reply_with_perror ("closedir: " BUS_PATH);
- return NULL;
- }
-
- /* Sort the tags. */
- if (r.size > 0)
- sort_strings (r.argv, r.size);
-
- /* NULL terminate the list */
- if (end_stringsbuf (&r) == -1)
- return NULL;
-
- return take_stringsbuf (&r);
-}
-
-/* Takes optional arguments, consult optargs_bitmask. */
-int
-do_mount_9p (const char *mount_tag, const char *mountpoint, const char *options)
-{
- CLEANUP_FREE char *mp = NULL, *opts = NULL, *err = NULL;
- struct stat statbuf;
- int r;
-
- ABS_PATH (mountpoint, 0, return -1);
-
- mp = sysroot_path (mountpoint);
- if (!mp) {
- reply_with_perror ("malloc");
- return -1;
- }
-
- /* Check the mountpoint exists and is a directory. */
- if (stat (mp, &statbuf) == -1) {
- reply_with_perror ("%s", mountpoint);
- return -1;
- }
- if (!S_ISDIR (statbuf.st_mode)) {
- reply_with_perror ("%s: mount point is not a directory", mountpoint);
- return -1;
- }
-
- /* Add trans=virtio to the options. */
- if ((optargs_bitmask & GUESTFS_MOUNT_9P_OPTIONS_BITMASK) &&
- STRNEQ (options, "")) {
- if (asprintf (&opts, "trans=virtio,%s", options) == -1) {
- reply_with_perror ("asprintf");
- return -1;
- }
- }
- else {
- opts = strdup ("trans=virtio");
- if (opts == NULL) {
- reply_with_perror ("strdup");
- return -1;
- }
- }
-
- modprobe_9pnet_virtio ();
- r = command (NULL, &err,
- "mount", "-o", opts, "-t", "9p", mount_tag, mp, NULL);
- if (r == -1) {
- reply_with_error ("%s on %s: %s", mount_tag, mountpoint, err);
- return -1;
- }
-
- return 0;
-}
diff --git a/daemon/Makefile.am b/daemon/Makefile.am
index 7322bfa5d..872eaa8bc 100644
--- a/daemon/Makefile.am
+++ b/daemon/Makefile.am
@@ -84,7 +84,6 @@ guestfsd_SOURCES = \
../common/protocol/guestfs_protocol.h \
../common/utils/cleanups.h \
../common/utils/guestfs-utils.h \
- 9p.c \
acl.c \
actions.h \
available.c \
diff --git a/docs/C_SOURCE_FILES b/docs/C_SOURCE_FILES
index 6a97d8b0e..896314e7e 100644
--- a/docs/C_SOURCE_FILES
+++ b/docs/C_SOURCE_FILES
@@ -43,7 +43,6 @@ common/visit/visit.c
common/visit/visit.h
common/windows/windows.c
common/windows/windows.h
-daemon/9p.c
daemon/acl.c
daemon/actions.h
daemon/augeas.c
diff --git a/generator/actions_core.ml b/generator/actions_core.ml
index 226fb860a..05320fcd3 100644
--- a/generator/actions_core.ml
+++ b/generator/actions_core.ml
@@ -6157,27 +6157,6 @@ This returns true iff the device exists and contains all zero bytes.
Note that for large devices this can take a long time to run." };
- { defaults with
- name = "list_9p"; added = (1, 11, 12);
- style = RStringList (RPlainString, "mounttags"), [], [];
- shortdesc = "list 9p filesystems";
- longdesc = "\
-List all 9p filesystems attached to the guest. A list of
-mount tags is returned." };
-
- { defaults with
- name = "mount_9p"; added = (1, 11, 12);
- style = RErr, [String (PlainString, "mounttag"); String (PlainString, "mountpoint")], [OString "options"];
- camel_name = "Mount9P";
- shortdesc = "mount 9p filesystem";
- longdesc = "\
-Mount the virtio-9p filesystem with the tag C<mounttag> on the
-directory C<mountpoint>.
-
-If required, C<trans=virtio> will be automatically added to the options.
-Any other options required can be passed in the optional C<options>
-parameter." };
-
{ defaults with
name = "list_dm_devices"; added = (1, 11, 15);
style = RStringList (RDevice, "devices"), [], [];
diff --git a/generator/proc_nr.ml b/generator/proc_nr.ml
index 74b95baf7..6b6cb7353 100644
--- a/generator/proc_nr.ml
+++ b/generator/proc_nr.ml
@@ -295,8 +295,6 @@ let proc_nr = [
282, "internal_autosync";
283, "is_zero";
284, "is_zero_device";
-285, "list_9p";
-286, "mount_9p";
287, "list_dm_devices";
288, "ntfsresize";
289, "btrfs_filesystem_resize";
diff --git a/gobject/Makefile.inc b/gobject/Makefile.inc
index 650f8ddac..c4e735967 100644
--- a/gobject/Makefile.inc
+++ b/gobject/Makefile.inc
@@ -94,7 +94,6 @@ guestfs_gobject_headers= \
include/guestfs-gobject/optargs-mksquashfs.h \
include/guestfs-gobject/optargs-mkswap.h \
include/guestfs-gobject/optargs-mktemp.h \
- include/guestfs-gobject/optargs-mount_9p.h \
include/guestfs-gobject/optargs-mount_local.h \
include/guestfs-gobject/optargs-ntfsclone_out.h \
include/guestfs-gobject/optargs-ntfsfix.h \
@@ -188,7 +187,6 @@ guestfs_gobject_sources= \
src/optargs-mksquashfs.c \
src/optargs-mkswap.c \
src/optargs-mktemp.c \
- src/optargs-mount_9p.c \
src/optargs-mount_local.c \
src/optargs-ntfsclone_out.c \
src/optargs-ntfsfix.c \
diff --git a/po/POTFILES b/po/POTFILES
index 29205b6a6..23afe619c 100644
--- a/po/POTFILES
+++ b/po/POTFILES
@@ -26,7 +26,6 @@ common/utils/stringlists-utils.c
common/utils/utils.c
common/visit/visit.c
common/windows/windows.c
-daemon/9p.c
daemon/acl.c
daemon/augeas.c
daemon/available.c
@@ -264,7 +263,6 @@ gobject/src/optargs-mkfs_btrfs.c
gobject/src/optargs-mksquashfs.c
gobject/src/optargs-mkswap.c
gobject/src/optargs-mktemp.c
-gobject/src/optargs-mount_9p.c
gobject/src/optargs-mount_local.c
gobject/src/optargs-ntfsclone_out.c
gobject/src/optargs-ntfsfix.c
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 919e2f248..e3613fec4 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -43,7 +43,6 @@ check-slow:
check-valgrind:
$(MAKE) VG="@VG@" check
-TESTS += 9p/test-9p.sh
EXTRA_DIST += 9p/test-9p.sh
SLOW_TESTS += bigdirs/test-big-dirs.pl
--
2.31.1

View File

@ -0,0 +1,56 @@
From 8f800b369ada05ea690cebb0bb5e0fed0ba1c548 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 10 May 2022 12:27:57 +0200
Subject: [PATCH] generator/customize: invert SELinux relabeling default
Replace the "--selinux-relabel" option with "--no-selinux-relabel",
inverting the default behavior (for guests with SELinux support, that is
-- relabeling is always skipped for guests that don't support SELinux.)
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1554735
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2075718
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220510102757.14466-3-lersek@redhat.com>
Acked-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 2f6a27f1077d32d1ab526427052fc88e188356f7)
---
generator/customize.ml | 19 +++++++++++--------
1 file changed, 11 insertions(+), 8 deletions(-)
diff --git a/generator/customize.ml b/generator/customize.ml
index 3b3eec6d2..9634dad85 100644
--- a/generator/customize.ml
+++ b/generator/customize.ml
@@ -564,18 +564,21 @@ to modify C</etc/sysconfig/authconfig> (Fedora, RHEL) or
C</etc/pam.d/common-password> (Debian, Ubuntu).";
};
- { flag_name = "selinux-relabel";
+ { flag_name = "no-selinux-relabel";
flag_type = FlagBool false (* XXX - the default in virt-builder *);
- flag_ml_var = "selinux_relabel";
- flag_shortdesc = "Relabel files with correct SELinux labels";
+ flag_ml_var = "no_selinux_relabel";
+ flag_shortdesc = "Do not relabel files with correct SELinux labels";
flag_pod_longdesc = "\
-Relabel files in the guest so that they have the correct SELinux label.
+Do not attempt to correct the SELinux labels of files in the guest.
-This will attempt to relabel files immediately, but if the operation fails
-this will instead touch F</.autorelabel> on the image to schedule a
-relabel operation for the next time the image boots.
+In such guests that support SELinux, customization automatically
+relabels files so that they have the correct SELinux label. (The
+relabeling is performed immediately, but if the operation fails,
+customization will instead touch F</.autorelabel> on the image to
+schedule a relabel operation for the next time the image boots.) This
+option disables the automatic relabeling.
-This option is a no-op for guests that do not support SELinux.";
+The option is a no-op for guests that do not support SELinux.";
};
{ flag_name = "sm-credentials";
--
2.31.1

View File

@ -0,0 +1,42 @@
From 4cfba19fa2b087c4b2c5a1b67aa70eb16e9d5a59 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 25 May 2022 09:19:58 +0200
Subject: [PATCH] generator/customize: reintroduce "--selinux-relabel" as a
compat option
Removing "--selinux-relabel" in commit 2f6a27f1077d ("generator/customize:
invert SELinux relabeling default", 2022-05-11) breaks existing scripts
that invoke virt-customize and/or virt-sysprep with that option. Restore
the option, with no functionality tied to it.
Fixes: 2f6a27f1077d32d1ab526427052fc88e188356f7
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2089748
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220525071958.9612-1-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 4b9ee1052a4396621485fdd56d6826714e7481b1)
---
generator/customize.ml | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/generator/customize.ml b/generator/customize.ml
index 9634dad85..5abaf206f 100644
--- a/generator/customize.ml
+++ b/generator/customize.ml
@@ -581,6 +581,13 @@ option disables the automatic relabeling.
The option is a no-op for guests that do not support SELinux.";
};
+ { flag_name = "selinux-relabel";
+ flag_type = FlagBool false;
+ flag_ml_var = "selinux_relabel_ignored";
+ flag_shortdesc = "Compatibility option doing nothing";
+ flag_pod_longdesc = "This is a compatibility option that does nothing.";
+ };
+
{ flag_name = "sm-credentials";
flag_type = FlagSMCredentials "SELECTOR";
flag_ml_var = "sm_credentials";
--
2.31.1

View File

@ -1,4 +1,4 @@
From cb18280888d6ab9e840b79ec93eeecf11127b6e6 Mon Sep 17 00:00:00 2001
From 010cd5ff441166c01125fc588398a1fb8367a852 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Mon, 29 Jul 2013 14:47:56 +0100
Subject: [PATCH] RHEL: Disable unsupported remote drive protocols
@ -62,7 +62,7 @@ index f558964bf..8f264ed17 100644
Run L<virt-alignment-scan(1)> on guests or disk images:
diff --git a/fish/guestfish.pod b/fish/guestfish.pod
index 9f086f110..bb4167b06 100644
index ae2445571..46cba64ff 100644
--- a/fish/guestfish.pod
+++ b/fish/guestfish.pod
@@ -131,9 +131,9 @@ To list what is available do:
@ -77,7 +77,7 @@ index 9f086f110..bb4167b06 100644
=head2 Remote control
@@ -1134,12 +1134,12 @@ L<guestfs(3)/REMOTE STORAGE>>.
@@ -1129,12 +1129,12 @@ L<guestfs(3)/REMOTE STORAGE>>.
On the command line, you can use the I<-a> option to add network
block devices using a URI-style format, for example:
@ -92,7 +92,7 @@ index 9f086f110..bb4167b06 100644
The possible I<-a URI> formats are described below.
@@ -1149,40 +1149,6 @@ The possible I<-a URI> formats are described below.
@@ -1144,40 +1144,6 @@ The possible I<-a URI> formats are described below.
Add the local disk image (or device) called F<disk.img>.
@ -133,7 +133,7 @@ index 9f086f110..bb4167b06 100644
=head2 B<-a nbd://example.com[:port]>
=head2 B<-a nbd://example.com[:port]/exportname>
@@ -1217,35 +1183,13 @@ The equivalent API command would be:
@@ -1212,35 +1178,13 @@ The equivalent API command would be:
><fs> add pool/disk protocol:rbd server:tcp:example.com:port
@ -220,10 +220,10 @@ index 21d424984..ddabeb639 100755
rm test-add-uri.out
rm test-add-uri.img
diff --git a/generator/actions_core.ml b/generator/actions_core.ml
index 05320fcd3..155d739fe 100644
index 807150615..6cd42a290 100644
--- a/generator/actions_core.ml
+++ b/generator/actions_core.ml
@@ -297,29 +297,6 @@ F<filename> is interpreted as a local file or device.
@@ -350,29 +350,6 @@ F<filename> is interpreted as a local file or device.
This is the default if the optional protocol parameter
is omitted.
@ -253,7 +253,7 @@ index 05320fcd3..155d739fe 100644
=item C<protocol = \"nbd\">
Connect to the Network Block Device server.
@@ -336,22 +313,6 @@ The C<secret> parameter may be supplied. See below.
@@ -389,22 +366,6 @@ The C<secret> parameter may be supplied. See below.
See also: L<guestfs(3)/CEPH>.
@ -276,7 +276,7 @@ index 05320fcd3..155d739fe 100644
=back
=item C<server>
@@ -362,13 +323,8 @@ is a list of server(s).
@@ -415,13 +376,8 @@ is a list of server(s).
Protocol Number of servers required
-------- --------------------------
file List must be empty or param not used at all
@ -290,7 +290,7 @@ index 05320fcd3..155d739fe 100644
Each list element is a string specifying a server. The string must be
in one of the following formats:
@@ -384,10 +340,10 @@ for the protocol is used (see F</etc/services>).
@@ -437,10 +393,10 @@ for the protocol is used (see F</etc/services>).
=item C<username>
@ -305,10 +305,10 @@ index 05320fcd3..155d739fe 100644
example if using the libvirt backend and if the libvirt backend is configured to
start the qemu appliance as a special user such as C<qemu.qemu>. If in doubt,
diff --git a/lib/drives.c b/lib/drives.c
index 46af66db4..c81ded5d7 100644
index c5a208468..efb289254 100644
--- a/lib/drives.c
+++ b/lib/drives.c
@@ -168,6 +168,7 @@ create_drive_non_file (guestfs_h *g,
@@ -166,6 +166,7 @@ create_drive_non_file (guestfs_h *g,
return drv;
}
@ -316,7 +316,7 @@ index 46af66db4..c81ded5d7 100644
static struct drive *
create_drive_curl (guestfs_h *g,
const struct drive_create_data *data)
@@ -226,6 +227,7 @@ create_drive_gluster (guestfs_h *g,
@@ -224,6 +225,7 @@ create_drive_gluster (guestfs_h *g,
return create_drive_non_file (g, data);
}
@ -324,7 +324,7 @@ index 46af66db4..c81ded5d7 100644
static int
nbd_port (void)
@@ -294,6 +296,7 @@ create_drive_rbd (guestfs_h *g,
@@ -292,6 +294,7 @@ create_drive_rbd (guestfs_h *g,
return create_drive_non_file (g, data);
}
@ -332,7 +332,7 @@ index 46af66db4..c81ded5d7 100644
static struct drive *
create_drive_sheepdog (guestfs_h *g,
const struct drive_create_data *data)
@@ -394,6 +397,7 @@ create_drive_iscsi (guestfs_h *g,
@@ -392,6 +395,7 @@ create_drive_iscsi (guestfs_h *g,
return create_drive_non_file (g, data);
}
@ -340,7 +340,7 @@ index 46af66db4..c81ded5d7 100644
/**
* Create the special F</dev/null> drive.
@@ -856,6 +860,7 @@ guestfs_impl_add_drive_opts (guestfs_h *g, const char *filename,
@@ -842,6 +846,7 @@ guestfs_impl_add_drive_opts (guestfs_h *g, const char *filename,
drv = create_drive_file (g, &data);
}
}
@ -348,7 +348,7 @@ index 46af66db4..c81ded5d7 100644
else if (STREQ (protocol, "ftp")) {
data.protocol = drive_protocol_ftp;
drv = create_drive_curl (g, &data);
@@ -880,6 +885,7 @@ guestfs_impl_add_drive_opts (guestfs_h *g, const char *filename,
@@ -866,6 +871,7 @@ guestfs_impl_add_drive_opts (guestfs_h *g, const char *filename,
data.protocol = drive_protocol_iscsi;
drv = create_drive_iscsi (g, &data);
}
@ -356,7 +356,7 @@ index 46af66db4..c81ded5d7 100644
else if (STREQ (protocol, "nbd")) {
data.protocol = drive_protocol_nbd;
drv = create_drive_nbd (g, &data);
@@ -888,6 +894,7 @@ guestfs_impl_add_drive_opts (guestfs_h *g, const char *filename,
@@ -874,6 +880,7 @@ guestfs_impl_add_drive_opts (guestfs_h *g, const char *filename,
data.protocol = drive_protocol_rbd;
drv = create_drive_rbd (g, &data);
}
@ -364,7 +364,7 @@ index 46af66db4..c81ded5d7 100644
else if (STREQ (protocol, "sheepdog")) {
data.protocol = drive_protocol_sheepdog;
drv = create_drive_sheepdog (g, &data);
@@ -900,6 +907,7 @@ guestfs_impl_add_drive_opts (guestfs_h *g, const char *filename,
@@ -886,6 +893,7 @@ guestfs_impl_add_drive_opts (guestfs_h *g, const char *filename,
data.protocol = drive_protocol_tftp;
drv = create_drive_curl (g, &data);
}
@ -373,12 +373,12 @@ index 46af66db4..c81ded5d7 100644
error (g, _("unknown protocol %s"), protocol);
drv = NULL; /*FALLTHROUGH*/
diff --git a/lib/guestfs.pod b/lib/guestfs.pod
index ff58aa0bb..1af00f1bb 100644
index 1ad44e7c2..946ce2d36 100644
--- a/lib/guestfs.pod
+++ b/lib/guestfs.pod
@@ -715,70 +715,6 @@ servers. The server string is documented in
L</guestfs_add_drive_opts>. The C<username> and C<secret> parameters are
also optional, and if not given, then no authentication will be used.
@@ -712,70 +712,6 @@ a qcow2 backing file specification, libvirt does not construct an
ephemeral secret object from those, for Ceph authentication. Refer to
L<https://bugzilla.redhat.com/2033247>.
-=head3 FTP, HTTP AND TFTP
-
@ -447,7 +447,7 @@ index ff58aa0bb..1af00f1bb 100644
=head3 NETWORK BLOCK DEVICE
Libguestfs can access Network Block Device (NBD) disks remotely.
@@ -841,42 +777,6 @@ L<https://bugs.launchpad.net/qemu/+bug/1155677>
@@ -838,42 +774,6 @@ L<https://bugs.launchpad.net/qemu/+bug/1155677>
=back

View File

@ -1,72 +0,0 @@
From 1bb653591b25ac31ef773e0020cd0b0e5715d5cf Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Fri, 19 Sep 2014 13:38:20 +0100
Subject: [PATCH] RHEL: Remove User-Mode Linux (RHBZ#1144197).
This isn't supported in RHEL.
---
lib/launch-uml.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/lib/launch-uml.c b/lib/launch-uml.c
index 5aec50a57..8b9fcd770 100644
--- a/lib/launch-uml.c
+++ b/lib/launch-uml.c
@@ -44,7 +44,9 @@ struct backend_uml_data {
char umid[UML_UMID_LEN+1]; /* umid=<...> unique ID. */
};
+#if 0
static void print_vmlinux_command_line (guestfs_h *g, char **argv);
+#endif
/* Run uml_mkcow to create a COW overlay. */
static char *
@@ -81,6 +83,7 @@ create_cow_overlay_uml (guestfs_h *g, void *datav, struct drive *drv)
return make_cow_overlay (g, drv->src.u.path);
}
+#if 0
/* Test for features which are not supported by the UML backend.
* Possibly some of these should just be warnings, not errors.
*/
@@ -133,10 +136,17 @@ uml_supported (guestfs_h *g)
return true;
}
+#endif
static int
launch_uml (guestfs_h *g, void *datav, const char *arg)
{
+ error (g,
+ "launch: In RHEL, only the 'libvirt' or 'direct' method is supported.\n"
+ "In particular, User-Mode Linux (UML) is not supported.");
+ return -1;
+
+#if 0
struct backend_uml_data *data = datav;
CLEANUP_FREE_STRINGSBUF DECLARE_STRINGSBUF (cmdline);
int console_sock = -1, daemon_sock = -1;
@@ -496,8 +506,10 @@ launch_uml (guestfs_h *g, void *datav, const char *arg)
}
g->state = CONFIG;
return -1;
+#endif
}
+#if 0
/* This is called from the forked subprocess just before vmlinux runs,
* so it can just print the message straight to stderr, where it will
* be picked up and funnelled through the usual appliance event API.
@@ -527,6 +539,7 @@ print_vmlinux_command_line (guestfs_h *g, char **argv)
fputc ('\n', stderr);
}
+#endif
static int
shutdown_uml (guestfs_h *g, void *datav, int check_for_errors)
--
2.31.1

View File

@ -1,4 +1,4 @@
From 6372b9cd8bb2d8a183fc6d2ca4688047a0474c2f Mon Sep 17 00:00:00 2001
From d59942a7a3d1ca2248a94099d28f7555378d7993 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 7 Jul 2015 09:28:03 -0400
Subject: [PATCH] RHEL: Reject use of libguestfs-winsupport features except for

View File

@ -1,4 +1,4 @@
From c50bb81e40b36a74c15f9bc515a2f04a1eb00673 Mon Sep 17 00:00:00 2001
From c1ff450bcee1465f0eaca00a4d6c8c731f175488 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 29 Jun 2021 15:29:11 +0100
Subject: [PATCH] RHEL: Create /etc/crypto-policies/back-ends/opensslcnf.config
@ -9,7 +9,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1977214#c13
1 file changed, 8 insertions(+)
diff --git a/appliance/init b/appliance/init
index 7076821d2..fe6497b4d 100755
index 19aa151b7..e67d88280 100755
--- a/appliance/init
+++ b/appliance/init
@@ -76,6 +76,14 @@ if ! test -e /etc/mtab; then

View File

@ -1,47 +0,0 @@
From 46c0694ce0b9a2fe357403c998d30ec807e07015 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 15 Mar 2022 10:22:49 +0000
Subject: [PATCH] daemon/rpm-c.c: Disable signature checking in librpm
Older distros (eg CentOS 6) used SHA-1 RPM package signatures which
some newer distros (eg RHEL 9.0) prevent us from verifying.
This resulted in packages with SHA-1 signatures being skipped by
librpm (there is a warning in debug output, but if you're not looking
at that then the package is silently ignored). In some cases
essential packages like the kernel were skipped, which would be
visible as a failure of virt-v2v. In other cases (eg virt-inspector)
you'd just see fewer installed packages in the <applications> list.
Since verifying package signatures is not essential for inspection,
disable this feature in librpm.
Reported-by: Xiaodai Wang
Thanks: Panu Matilainen
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2064182
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit aa6f8038f826bfb37ddbbb575e6962e1e181c5e8)
---
daemon/rpm-c.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/daemon/rpm-c.c b/daemon/rpm-c.c
index be0e81e22..020fc588e 100644
--- a/daemon/rpm-c.c
+++ b/daemon/rpm-c.c
@@ -90,7 +90,12 @@ value
guestfs_int_daemon_rpm_start_iterator (value unitv)
{
CAMLparam1 (unitv);
+
ts = rpmtsCreate ();
+
+ /* Disable signature checking (RHBZ#2064182). */
+ rpmtsSetVSFlags (ts, rpmtsVSFlags (ts) | RPMVSF_MASK_NOSIGNATURES);
+
iter = rpmtsInitIterator (ts, RPMDBI_PACKAGES, NULL, 0);
CAMLreturn (Val_unit);
}
--
2.31.1

View File

@ -0,0 +1,90 @@
From d451e0e42c75429279426e9eb5a7701cd4681d07 Mon Sep 17 00:00:00 2001
From: Geoff Amey <gamey@datto.com>
Date: Wed, 15 Jun 2022 17:06:56 -0400
Subject: [PATCH] php: add arginfo to php bindings
Starting with PHP8, arginfo is mandatory for PHP extensions. This patch
updates the generator for the PHP bindings to generate the arginfo
structures, using the Zend API macros. Only basic arginfo is added,
without full documentation of argument and return types, in order to
ensure compatibility with as many versions of PHP as possible.
(cherry picked from commit ec27979398b0871c1a3e0e244849f8435c9c9a8d)
---
.gitignore | 1 +
generator/php.ml | 37 ++++++++++++++++++++++++++++++++++---
2 files changed, 35 insertions(+), 3 deletions(-)
diff --git a/.gitignore b/.gitignore
index a36ccc86a..356c01fbd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -325,6 +325,7 @@ Makefile.in
/php/extension/configure.in
/php/extension/env
/php/extension/guestfs_php.c
+/php/extension/guestfs_php.dep
/php/extension/install-sh
/php/extension/libtool
/php/extension/ltmain.sh
diff --git a/generator/php.ml b/generator/php.ml
index 5c7ef48e8..acdc7b877 100644
--- a/generator/php.ml
+++ b/generator/php.ml
@@ -130,6 +130,37 @@ typedef size_t guestfs_string_length;
typedef int guestfs_string_length;
#endif
+/* Declare argument info structures */
+ZEND_BEGIN_ARG_INFO_EX(arginfo_create, 0, 0, 0)
+ZEND_END_ARG_INFO()
+
+ZEND_BEGIN_ARG_INFO_EX(arginfo_last_error, 0, 0, 1)
+ ZEND_ARG_INFO(0, g)
+ZEND_END_ARG_INFO()
+
+";
+ List.iter (
+ fun { name = shortname; style = ret, args, optargs; } ->
+ let len = List.length args in
+ pr "ZEND_BEGIN_ARG_INFO_EX(arginfo_%s, 0, 0, %d)\n" shortname (len + 1);
+ pr " ZEND_ARG_INFO(0, g)\n";
+ List.iter (
+ function
+ | BufferIn n | Bool n | Int n | Int64 n | OptString n
+ | Pointer(_, n) | String (_, n) | StringList (_, n) ->
+ pr " ZEND_ARG_INFO(0, %s)\n" n
+ ) args;
+
+ List.iter (
+ function
+ | OBool n | OInt n | OInt64 n | OString n | OStringList n ->
+ pr " ZEND_ARG_INFO(0, %s)\n" n
+ ) optargs;
+ pr "ZEND_END_ARG_INFO()\n\n";
+ ) (actions |> external_functions |> sort);
+
+ pr "
+
/* Convert array to list of strings.
* http://marc.info/?l=pecl-dev&m=112205192100631&w=2
*/
@@ -204,12 +235,12 @@ PHP_MINIT_FUNCTION (guestfs_php)
}
static zend_function_entry guestfs_php_functions[] = {
- PHP_FE (guestfs_create, NULL)
- PHP_FE (guestfs_last_error, NULL)
+ PHP_FE (guestfs_create, arginfo_create)
+ PHP_FE (guestfs_last_error, arginfo_last_error)
";
List.iter (
- fun { name } -> pr " PHP_FE (guestfs_%s, NULL)\n" name
+ fun { name } -> pr " PHP_FE (guestfs_%s, arginfo_%s)\n" name name
) (actions |> external_functions |> sort);
pr " { NULL, NULL, NULL }
--
2.31.1

View File

@ -0,0 +1,252 @@
From 51ea2e3af9caa434e847ca74a86f5de5ade6058f Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 30 Jun 2022 14:20:47 +0200
Subject: [PATCH] introduce the "clevis_luks_unlock" API
Introduce a new guestfs API called "clevis_luks_unlock". At the libguestfs
level, it is quite simple; it wraps the "clevis luks unlock" guest command
(implemented by the "clevis-luks-unlock" executable, which is in fact a
shell script).
The complexity is instead in the network-based disk encryption
(Clevis/Tang) scheme. Useful documentation:
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html-single/security_hardening/index#configuring-automated-unlocking-of-encrypted-volumes-using-policy-based-decryption_security-hardening
- https://github.com/latchset/clevis#clevis
- https://github.com/latchset/tang#tang
The package providing "clevis-luks-unlock" is usually called
"clevis-luks", occasionally "clevis". Some distros don't package clevis at
all. Add the new API under a new option group (which may not be available)
called "clevisluks".
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220630122048.19335-3-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 9a3e9a6c03eaffe60196bc4c7ae4699beae01dc3)
---
appliance/packagelist.in | 4 +++
daemon/Makefile.am | 1 +
daemon/clevis-luks.c | 58 +++++++++++++++++++++++++++++++++++++++
generator/actions_core.ml | 40 +++++++++++++++++++++++++++
generator/proc_nr.ml | 1 +
lib/MAX_PROC_NR | 2 +-
lib/guestfs.pod | 19 ++++++++++---
7 files changed, 120 insertions(+), 5 deletions(-)
create mode 100644 daemon/clevis-luks.c
diff --git a/appliance/packagelist.in b/appliance/packagelist.in
index 77a07acc6..0b79edcdd 100644
--- a/appliance/packagelist.in
+++ b/appliance/packagelist.in
@@ -23,6 +23,7 @@ dnl Basically the same with a few minor tweaks.
ifelse(UBUNTU,1,`define(`DEBIAN',1)')
ifelse(REDHAT,1,
+ clevis-luks
cryptsetup
cryptsetup-luks dnl old name used before Fedora 17
dhclient
@@ -53,6 +54,7 @@ ifelse(DEBIAN,1,
bsdmainutils
dnl old name used in Jessie and earlier
btrfs-tools
+ clevis-luks
cryptsetup
dash
extlinux
@@ -92,6 +94,7 @@ dnl iproute has been renamed to iproute2
ifelse(ARCHLINUX,1,
cdrkit
cdrtools
+ clevis
cryptsetup
dhclient
dhcpcd
@@ -119,6 +122,7 @@ ifelse(SUSE,1,
augeas-lenses
btrfsprogs
cdrkit-cdrtools-compat
+ clevis
cryptsetup
dhcpcd
dhcp-client
diff --git a/daemon/Makefile.am b/daemon/Makefile.am
index bbd49f9ea..f50faecd6 100644
--- a/daemon/Makefile.am
+++ b/daemon/Makefile.am
@@ -98,6 +98,7 @@ guestfsd_SOURCES = \
cap.c \
checksum.c \
cleanups.c \
+ clevis-luks.c \
cmp.c \
command.c \
command.h \
diff --git a/daemon/clevis-luks.c b/daemon/clevis-luks.c
new file mode 100644
index 000000000..d3d970d78
--- /dev/null
+++ b/daemon/clevis-luks.c
@@ -0,0 +1,58 @@
+/* libguestfs - the guestfsd daemon
+ * Copyright (C) 2009-2022 Red Hat Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <config.h>
+
+#include "daemon.h"
+#include "actions.h"
+#include "optgroups.h"
+
+#define MAX_ARGS 8
+
+int
+optgroup_clevisluks_available (void)
+{
+ return prog_exists ("clevis-luks-unlock");
+}
+
+int
+do_clevis_luks_unlock (const char *device, const char *mapname)
+{
+ const char *argv[MAX_ARGS];
+ size_t i = 0;
+ int r;
+ CLEANUP_FREE char *err = NULL;
+
+ ADD_ARG (argv, i, "clevis");
+ ADD_ARG (argv, i, "luks");
+ ADD_ARG (argv, i, "unlock");
+ ADD_ARG (argv, i, "-d");
+ ADD_ARG (argv, i, device);
+ ADD_ARG (argv, i, "-n");
+ ADD_ARG (argv, i, mapname);
+ ADD_ARG (argv, i, NULL);
+
+ r = commandv (NULL, &err, argv);
+ if (r == -1) {
+ reply_with_error ("%s: %s: %s", device, mapname, err);
+ return -1;
+ }
+
+ udev_settle ();
+ return 0;
+}
diff --git a/generator/actions_core.ml b/generator/actions_core.ml
index 6cd42a290..3c9b0a9b2 100644
--- a/generator/actions_core.ml
+++ b/generator/actions_core.ml
@@ -9676,4 +9676,44 @@ and I<not> the name of the underlying block device." };
shortdesc = "read directories entries";
longdesc = "Internal function for readdir." };
+ { defaults with
+ name = "clevis_luks_unlock"; added = (1, 49, 3);
+ style = RErr,
+ [String (Device, "device"); String (PlainString, "mapname")],
+ [];
+ optional = Some "clevisluks";
+ test_excuse = "needs networking and a configured Tang server";
+ shortdesc = "open an encrypted LUKS block device with Clevis and Tang";
+ longdesc = "\
+This command opens a block device that has been encrypted according to
+the Linux Unified Key Setup (LUKS) standard, using network-bound disk
+encryption (NBDE).
+
+C<device> is the encrypted block device.
+
+The appliance will connect to the Tang servers noted in the tree of
+Clevis pins that is bound to a keyslot of the LUKS header. The Clevis
+pin tree may comprise C<sss> (redudancy) pins as internal nodes
+(optionally), and C<tang> pins as leaves. C<tpm2> pins are not
+supported. The appliance unlocks the encrypted block device by
+combining responses from the Tang servers with metadata from the LUKS
+header; there is no C<key> parameter.
+
+This command will fail if networking has not been enabled for the
+appliance. Refer to C<guestfs_set_network>.
+
+The command creates a new block device called F</dev/mapper/mapname>.
+Reads and writes to this block device are decrypted from and encrypted
+to the underlying C<device> respectively. Close the decrypted block
+device with C<guestfs_cryptsetup_close>.
+
+C<mapname> cannot be C<\"control\"> because that name is reserved by
+device-mapper.
+
+If this block device contains LVM volume groups, then calling
+C<guestfs_lvm_scan> with the C<activate> parameter C<true> will make
+them visible.
+
+Use C<guestfs_list_dm_devices> to list all device mapper devices." };
+
]
diff --git a/generator/proc_nr.ml b/generator/proc_nr.ml
index bdced51c9..edd9bd99d 100644
--- a/generator/proc_nr.ml
+++ b/generator/proc_nr.ml
@@ -514,6 +514,7 @@ let proc_nr = [
509, "cryptsetup_close";
510, "internal_list_rpm_applications";
511, "internal_readdir";
+512, "clevis_luks_unlock"
]
(* End of list. If adding a new entry, add it at the end of the list
diff --git a/lib/MAX_PROC_NR b/lib/MAX_PROC_NR
index c0556fb20..4d0e90cbc 100644
--- a/lib/MAX_PROC_NR
+++ b/lib/MAX_PROC_NR
@@ -1 +1 @@
-511
+512
diff --git a/lib/guestfs.pod b/lib/guestfs.pod
index 946ce2d36..0fbe114a5 100644
--- a/lib/guestfs.pod
+++ b/lib/guestfs.pod
@@ -591,11 +591,22 @@ For Windows BitLocker it returns C<BitLocker>.
Then open these devices by calling L</guestfs_cryptsetup_open>.
Obviously you will require the passphrase!
+Passphrase-less unlocking is supported for LUKS (not BitLocker)
+block devices that have been encrypted with network-bound disk
+encryption (NBDE), using Clevis on the Linux guest side, and
+Tang on a separate Linux server. Open such devices with
+L</guestfs_clevis_luks_unlock>. The appliance will need
+networking enabled (refer to L</guestfs_set_network>) and actual
+connectivity to the Tang servers noted in the C<tang> Clevis
+pins that are bound to the LUKS header. (This includes the
+ability to resolve the names of the Tang servers.)
+
Opening an encrypted device creates a new device mapper device
-called F</dev/mapper/mapname> (where C<mapname> is the
-string you supply to L</guestfs_cryptsetup_open>).
-Reads and writes to this mapper device are decrypted from and
-encrypted to the underlying block device respectively.
+called F</dev/mapper/mapname> (where C<mapname> is the string
+you supply to L</guestfs_cryptsetup_open> or
+L</guestfs_clevis_luks_unlock>). Reads and writes to this mapper
+device are decrypted from and encrypted to the underlying block
+device respectively.
LVM volume groups on the device can be made visible by calling
L</guestfs_vgscan> followed by L</guestfs_vg_activate_all>.
--
2.31.1

View File

@ -0,0 +1,69 @@
From 5ae97d7d83d8cdb6e8428774282167dd774aaf70 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 30 Jun 2022 14:20:48 +0200
Subject: [PATCH] guestfish, guestmount: enable networking for "--key
ID:clevis"
Call the C-language helper key_store_requires_network() in guestfish and
guestmount.
(Short log for the "common" submodule, commit range
35467027f657..af6cb55bc58a:
Laszlo Ersek (12):
options: fix UUID comparison logic bug in get_keys()
mltools/tools_utils: remove unused function "key_store_to_cli"
mltools/tools_utils: allow multiple "--key" options for OCaml tools too
options: replace NULL-termination with number-of-elements in get_keys()
options: wrap each passphrase from get_keys() into a struct
options: add back-end for LUKS decryption with Clevis+Tang
options: introduce selector type "key_clevis"
options: generalize "--key" selector parsing for C-language utilities
mltools/tools_utils-c: handle internal type error with abort()
mltools/tools_utils: generalize "--key" selector parsing for OCaml utils
options, mltools/tools_utils: parse "--key ID:clevis" options
options, mltools/tools_utils: add helper for network dependency
).
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
Message-Id: <20220630122048.19335-4-lersek@redhat.com>
(cherry picked from commit 6a5b44f538065a9f661510234a4235bf38348213)
---
fish/fish.c | 3 +++
fuse/guestmount.c | 4 ++++
2 files changed, 7 insertions(+)
diff --git a/fish/fish.c b/fish/fish.c
index 23d9bb94f..19e3d2799 100644
--- a/fish/fish.c
+++ b/fish/fish.c
@@ -476,6 +476,9 @@ main (int argc, char *argv[])
/* If we've got drives to add, add them now. */
add_drives (drvs);
+ if (key_store_requires_network (ks) && guestfs_set_network (g, 1) == -1)
+ exit (EXIT_FAILURE);
+
/* If we've got mountpoints or prepared drives or -i option, we must
* launch the guest and mount them.
*/
diff --git a/fuse/guestmount.c b/fuse/guestmount.c
index 77c534828..3c6d57bde 100644
--- a/fuse/guestmount.c
+++ b/fuse/guestmount.c
@@ -348,6 +348,10 @@ main (int argc, char *argv[])
/* Do the guest drives and mountpoints. */
add_drives (drvs);
+
+ if (key_store_requires_network (ks) && guestfs_set_network (g, 1) == -1)
+ exit (EXIT_FAILURE);
+
if (guestfs_launch (g) == -1)
exit (EXIT_FAILURE);
if (inspector)
--
2.31.1

View File

@ -0,0 +1,182 @@
From 4807dacb577167b89cb5ffb1fa1a68ddf30b9319 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 9 Aug 2022 18:39:30 +0100
Subject: [PATCH] daemon: Add zstd support to guestfs_file_architecture
This is required so we can determine the file architecture of
zstd-compressed Linux kernel modules as used by OpenSUSE and maybe
other distros in future.
Note that zstd becomes a required package, but it is widely available
in current Linux distros.
The package names come from https://pkgs.org/download/zstd and my own
research.
(cherry picked from commit 0e784824e82a88e522873fec5db1a11943d637ed)
---
.gitignore | 1 +
appliance/packagelist.in | 6 ++++++
daemon/filearch.ml | 1 +
docs/guestfs-building.pod | 4 ++++
generator/actions_core.ml | 2 ++
m4/guestfs-progs.m4 | 4 ++++
test-data/Makefile.am | 1 +
test-data/files/Makefile.am | 6 ++++++
8 files changed, 25 insertions(+)
diff --git a/.gitignore b/.gitignore
index 356c01fbd..ee5ea74dd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -448,6 +448,7 @@ Makefile.in
/test-data/files/initrd-x86_64.img
/test-data/files/initrd-x86_64.img.gz
/test-data/files/lib-i586.so.xz
+/test-data/files/lib-i586.so.zst
/test-data/files/test-grep.txt.gz
/test-data/phony-guests/archlinux.img
/test-data/phony-guests/blank-*.img
diff --git a/appliance/packagelist.in b/appliance/packagelist.in
index 0b79edcdd..0fc11f6ae 100644
--- a/appliance/packagelist.in
+++ b/appliance/packagelist.in
@@ -48,6 +48,7 @@ ifelse(REDHAT,1,
vim-minimal
xz
zfs-fuse
+ zstd
)
ifelse(DEBIAN,1,
@@ -88,6 +89,7 @@ dnl iproute has been renamed to iproute2
vim-tiny
xz-utils
zfs-fuse
+ zstd
uuid-runtime
)
@@ -115,6 +117,7 @@ ifelse(ARCHLINUX,1,
systemd
vim
xz
+ zstd
)
ifelse(SUSE,1,
@@ -140,6 +143,7 @@ ifelse(SUSE,1,
systemd-sysvinit
vim
xz
+ zstd
)
ifelse(FRUGALWARE,1,
@@ -185,6 +189,7 @@ ifelse(MAGEIA,1,
systemd /* for /sbin/reboot and udevd */
vim-minimal
xz
+ zstd
)
ifelse(OPENMANDRIVA,1,
@@ -203,6 +208,7 @@ ifelse(OPENMANDRIVA,1,
systemd /* for /sbin/reboot and udevd */
vim-minimal
xz
+ zstd
)
include(guestfsd.deps)
diff --git a/daemon/filearch.ml b/daemon/filearch.ml
index 67a7339e0..4d7e912c0 100644
--- a/daemon/filearch.ml
+++ b/daemon/filearch.ml
@@ -106,6 +106,7 @@ and cpio_arch magic orig_path path =
if String.find magic "gzip" >= 0 then "zcat"
else if String.find magic "bzip2" >= 0 then "bzcat"
else if String.find magic "XZ compressed" >= 0 then "xzcat"
+ else if String.find magic "Zstandard compressed" >= 0 then "zstdcat"
else "cat" in
let tmpdir = Mkdtemp.temp_dir "filearch" in
diff --git a/docs/guestfs-building.pod b/docs/guestfs-building.pod
index b93a611a6..7a7240f78 100644
--- a/docs/guestfs-building.pod
+++ b/docs/guestfs-building.pod
@@ -172,6 +172,10 @@ I<Required>.
I<Required>.
+=item zstd
+
+I<Required>.
+
=item Jansson E<ge> 2.7
I<Required>.
diff --git a/generator/actions_core.ml b/generator/actions_core.ml
index 3c9b0a9b2..553e4ec3b 100644
--- a/generator/actions_core.ml
+++ b/generator/actions_core.ml
@@ -9373,6 +9373,8 @@ with large files, such as the resulting squashfs will be over 3GB big." };
[["file_architecture"; "/bin-x86_64-dynamic.gz"]], "x86_64"), [];
InitISOFS, Always, TestResultString (
[["file_architecture"; "/lib-i586.so.xz"]], "i386"), [];
+ InitISOFS, Always, TestResultString (
+ [["file_architecture"; "/lib-i586.so.zst"]], "i386"), [];
];
shortdesc = "detect the architecture of a binary file";
longdesc = "\
diff --git a/m4/guestfs-progs.m4 b/m4/guestfs-progs.m4
index cd8662e86..22fc61367 100644
--- a/m4/guestfs-progs.m4
+++ b/m4/guestfs-progs.m4
@@ -95,6 +95,10 @@ AC_PATH_PROGS([XZCAT],[xzcat],[no])
test "x$XZCAT" = "xno" && AC_MSG_ERROR([xzcat must be installed])
AC_DEFINE_UNQUOTED([XZCAT],["$XZCAT"],[Name of xzcat program.])
+dnl Check for zstdcat (required).
+AC_PATH_PROGS([ZSTDCAT],[zstdcat],[no])
+test "x$ZSTDCAT" = "xno" && AC_MSG_ERROR([zstdcat must be installed])
+
dnl (f)lex and bison for virt-builder (required).
dnl XXX Could be optional with some work.
AC_PROG_LEX
diff --git a/test-data/Makefile.am b/test-data/Makefile.am
index b603311a1..dbecd74b9 100644
--- a/test-data/Makefile.am
+++ b/test-data/Makefile.am
@@ -85,6 +85,7 @@ image_files = \
files/initrd-x86_64.img \
files/initrd-x86_64.img.gz \
files/lib-i586.so.xz \
+ files/lib-i586.so.zst \
files/test-grep.txt.gz
noinst_DATA = test.iso
diff --git a/test-data/files/Makefile.am b/test-data/files/Makefile.am
index a3d7288f9..06b0c6585 100644
--- a/test-data/files/Makefile.am
+++ b/test-data/files/Makefile.am
@@ -40,6 +40,7 @@ noinst_DATA = \
initrd-x86_64.img \
initrd-x86_64.img.gz \
lib-i586.so.xz \
+ lib-i586.so.zst \
test-grep.txt.gz
CLEANFILES += $(noinst_DATA)
@@ -116,3 +117,8 @@ lib-i586.so.xz: $(top_srcdir)/test-data/binaries/lib-i586.so
rm -f $@ $@-t
xz -c $< > $@-t
mv $@-t $@
+
+lib-i586.so.zst: $(top_srcdir)/test-data/binaries/lib-i586.so
+ rm -f $@ $@-t
+ zstd -c $< > $@-t
+ mv $@-t $@
--
2.31.1

View File

@ -8,7 +8,7 @@ set -e
# ./copy-patches.sh
project=libguestfs
rhel_version=9.0.0
rhel_version=9.1
# Check we're in the right directory.
if [ ! -f $project.spec ]; then

View File

@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAmGyO9wRHHJpY2hAYW5u
ZXhpYS5vcmcACgkQkXOPc+G3aKBl+RAAoxqpUWTEiXxwyWWhW0IotI5xyEdyrkL6
+po1pqtEXzcFeCHX+lB86C9nkolmFEDfz1wnlNVbz1La35Zdkw1gCD96Fx3/s4xl
s7pZ9073FauSo4IjseWAPcFj3SF4aEeK8xvpOQaq+rcA3Zmg5vZJCqW0xnEGqeCO
UTgmKPgmg2NJaUnUq7TRI8AxNDElD+MetV+olywjJG2QETSFP65ZwdppT8fUZvl/
W4s38gvHAGLQgKZL7MudQXTDUkGD7rThr3IKGQP8UJGr+IpR4MxxkkDAndeb37ps
6b+s3popuJRwXaSw7gPPGut5jfdJNBJ5KIYqxxWu+fmRTkXD+qoDR1AuJLZlCO7E
Yp9X9rTZh55wZk8NetG0XNDkyoBqJoBkoL3h5wvHOTOoYX4KfjL5YxHbjuhMJ3O1
O0JiwtrqmkQ3c4HzmMJEBctj3ZuhdL5d+MJH7VtTjKy95FJlmEGPRa1DYoaeW6lv
tVE/zEv6dsy1dpzVgMM/lugTTs2NRwNhLo843OpVCQjZfDk0fEOcWo+0sW0tca05
EdnocDI8bAW98dLAla6RJwMvBaD6Y/RtutMDO9AY7hVFDeIc1bYBHPtvDSYwd9ul
hB849Q3dtdEeVk3+5rsxZllXowltnfe4KxvkII4NHJVHp5uZZruHHF4pNvKmAFD1
B9VPVX4vIgw=
=UAq6
-----END PGP SIGNATURE-----

View File

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAmLFql8RHHJpY2hAYW5u
ZXhpYS5vcmcACgkQkXOPc+G3aKAV2hAAzOcZseFTUFFoj4M5riqXqtBN3W+fr/O7
v0wzJ9sY31Ftk8KFKKgpwOn4UFXYMPXY7Hm94GRAYjYBAtx9Viyyt7B6PbV7mVZ0
WHLlZcg3ZsliF23s3EoHfgTGFfKLkjDwfPlmChC260Ffhq4KKvnwu/DobY/CDLHG
0cvrjb0OOYibBGbq58AHYR6QlVH/ScAuLSA1aRAd06bbpixufRR1oh1MtFA1iSvC
yjNH0joLFiu0uuD7KFH66YX2nFNrO24r0LxJkwT5G7GHlZJStJUpvs/QHa8Tw5Zt
Z1JMk9yB9EMPYimdVDm7m6eDBxTx8YbF7u6G8JdHRXgAPBt4O09XX7WGxxmh9Dc4
M+QkpiubEOG6qwBythJJ6sTSRLKIAPeVfHEOauXg8n45Tbk5jYwthMKbnD9ETb3t
QKdMr5g+DZUO0LfbOvP0GtD+b1jK4iu4BcWDquQBXpDTbx7LUfSuTDrWItehEnBp
/K6FRbakNZEroLR5VA9WAa6sE+2B3gg1OG+KHypHuw4hfpmutvVA8wnPgyw3j+WK
xdcRp65NUMUkKRE/FTwp1MkY1Y2S9M9iAPX+CopdHPVoq9O2YE+K6Rv1EdJjmKZK
EwLzX08Xcj9T/U9GEfV+QdIzitCuxf7x9ULEDcFozFnuHXww+JLdR0EmIDkUwl7C
Z0KKsy18Eq8=
=WB1H
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,4 @@
%undefine _package_note_flags
# Architectures on which golang works.
#% global golang_arches aarch64 % {arm} % {ix86} x86_64
# In theory the above, in practice golang is so often broken that
@ -11,18 +12,8 @@
# we only do a sanity check that kernel/qemu/libvirt/appliance is not
# broken. To perform the full test suite, see instructions here:
# https://www.redhat.com/archives/libguestfs/2015-September/msg00078.html
#
# Currently the basic sanity check is *broken* on:
#
# arm: times out when running the test
# aarch64: "MSI is not supported by interrupt controller" (RHBZ#1414081)
# ppc64: qemu doesn't work with TCG (RHBZ#1614948)
# ppc64le: kernel doesn't boot on qemu (RHBZ#1435873)
# s390x: qemu TCG cannot emulate enough to boot the kernel
# (however KVM would work if it was available in Koji, so this
# is not a bug)
%if !0%{?rhel}
%global test_arches x86_64
%global test_arches aarch64 %{power64} s390x x86_64
%else
# RHEL 9 only:
# x86-64: "/lib64/libc.so.6: CPU ISA level is lower than required"
@ -46,7 +37,7 @@
%endif
# The source directory.
%global source_directory 1.46-stable
%global source_directory 1.48-stable
# Filter perl provides.
%{?perl_default_filter}
@ -57,8 +48,8 @@
Summary: Access and modify virtual machine disk images
Name: libguestfs
Epoch: 1
Version: 1.46.1
Release: 3%{?dist}
Version: 1.48.4
Release: 2%{?dist}
License: LGPLv2+
# Build only for architectures that have a kernel
@ -93,22 +84,25 @@ Source7: libguestfs.keyring
Source8: copy-patches.sh
# Patches are maintained in the following repository:
# https://github.com/libguestfs/libguestfs/commits/rhel-9.0.0
# https://github.com/libguestfs/libguestfs/commits/rhel-9.1
# Patches.
Patch0001: 0001-daemon-inspect_fs_unix-recognize-modern-Pardus-GNU-L.patch
Patch0002: 0002-daemon-inspection-Add-support-for-Kylin-RHBZ-1995391.patch
Patch0003: 0003-Add-detection-support-for-Rocky-Linux-CentOS-RHEL-li.patch
Patch0004: 0004-launch-libvirt-place-our-virtio-net-pci-device-in-sl.patch
Patch0005: 0005-lib-extract-NETWORK_ADDRESS-and-NETWORK_PREFIX-as-ma.patch
Patch0006: 0006-launch-libvirt-add-virtio-net-via-the-standard-inter.patch
Patch0007: 0007-RHEL-Remove-libguestfs-live-RHBZ-798980.patch
Patch0008: 0008-RHEL-Remove-9p-APIs-from-RHEL-RHBZ-921710.patch
Patch0009: 0009-RHEL-Disable-unsupported-remote-drive-protocols-RHBZ.patch
Patch0010: 0010-RHEL-Remove-User-Mode-Linux-RHBZ-1144197.patch
Patch0001: 0001-New-API-guestfs_device_name-returning-the-drive-name.patch
Patch0002: 0002-guestfs_readdir-rewrite-with-FileOut-transfer-to-lif.patch
Patch0003: 0003-guestfs_readdir-minimize-the-number-of-send_file_wri.patch
Patch0004: 0004-lib-launch-direct-ignore-drive-iface-parameter.patch
Patch0005: 0005-lib-drive_create_data-drive-remove-field-iface.patch
Patch0006: 0006-lib-rename-VALID_FORMAT_IFACE-to-VALID_FORMAT.patch
Patch0007: 0007-tests-regressions-remove-iface-based-restrictions.patch
Patch0008: 0008-generator-customize-invert-SELinux-relabeling-defaul.patch
Patch0009: 0009-generator-customize-reintroduce-selinux-relabel-as-a.patch
Patch0010: 0010-RHEL-Disable-unsupported-remote-drive-protocols-RHBZ.patch
Patch0011: 0011-RHEL-Reject-use-of-libguestfs-winsupport-features-ex.patch
Patch0012: 0012-RHEL-Create-etc-crypto-policies-back-ends-opensslcnf.patch
Patch0013: 0013-daemon-rpm-c.c-Disable-signature-checking-in-librpm.patch
Patch0013: 0013-php-add-arginfo-to-php-bindings.patch
Patch0014: 0014-introduce-the-clevis_luks_unlock-API.patch
Patch0015: 0015-guestfish-guestmount-enable-networking-for-key-ID-cl.patch
Patch0016: 0016-daemon-Add-zstd-support-to-guestfs_file_architecture.patch
%if 0%{patches_touch_autotools}
BuildRequires: autoconf, automake, libtool, gettext-devel
@ -167,6 +161,7 @@ BuildRequires: bash-completion
BuildRequires: /usr/bin/ping
BuildRequires: /usr/bin/wget
BuildRequires: xz
BuildRequires: zstd
BuildRequires: /usr/bin/qemu-img
%if 0%{verify_tarball_signature}
@ -201,9 +196,7 @@ BuildRequires: rubygem(json)
BuildRequires: rubygem(rdoc)
BuildRequires: rubygem(test-unit)
BuildRequires: ruby-irb
%if !0%{?rhel}
BuildRequires: php-devel
%endif
BuildRequires: gobject-introspection-devel
BuildRequires: gjs
%if !0%{?rhel}
@ -229,6 +222,7 @@ BuildRequires: binutils
BuildRequires: btrfs-progs
%endif
BuildRequires: bzip2
BuildRequires: clevis-luks
BuildRequires: coreutils
BuildRequires: cpio
BuildRequires: cryptsetup
@ -317,6 +311,7 @@ BuildRequires: zerofree
BuildRequires: zfs-fuse
%endif
%endif
BuildRequires: zstd
# Main package requires the appliance. This allows the appliance to
# be replaced if there exists a package called
@ -341,8 +336,11 @@ Requires: yajl%{?_isa}
# For core mount-local (FUSE) API.
Requires: fuse
# For core disk-create API.
# For core APIs:
Requires: /usr/bin/qemu-img
Requires: coreutils
Requires: grep
Requires: tar
# For qemu direct and libvirt backends.
Requires: qemu-kvm-core
@ -421,9 +419,7 @@ Language bindings:
lua-guestfs Lua bindings
ocaml-libguestfs-devel OCaml bindings
perl-Sys-Guestfs Perl bindings
%if !0%{?rhel}
php-libguestfs PHP bindings
%endif
python3-libguestfs Python 3 bindings
ruby-libguestfs Ruby bindings
%if !0%{?rhel}
@ -507,6 +503,7 @@ disk images containing HFS+ / Mac OS Extended filesystems.
%package rescue
Summary: virt-rescue shell
License: LGPLv2+
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
%description rescue
This adds the virt-rescue shell which is a "rescue disk" for virtual
@ -644,7 +641,6 @@ Provides: ruby(guestfs) = %{version}
ruby-%{name} contains Ruby bindings for %{name}.
%if !0%{?rhel}
%package -n php-%{name}
Summary: PHP bindings for %{name}
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
@ -653,7 +649,6 @@ Requires: php(api) = %{php_core_api}
%description -n php-%{name}
php-%{name} contains PHP bindings for %{name}.
%endif
%package -n lua-guestfs
@ -782,7 +777,6 @@ extra=--with-supermin-packager-config=$(pwd)/yum.conf
%endif
%if 0%{?rhel} && !0%{?eln}
--with-qemu="qemu-kvm qemu-system-%{_build_arch} qemu" \
--disable-php \
%endif
%ifnarch %{golang_arches}
--disable-golang \
@ -940,7 +934,7 @@ rm ocaml/html/.gitignore
%{_mandir}/man1/guestfs-performance.1*
%{_mandir}/man1/guestfs-recipes.1*
%{_mandir}/man1/guestfs-release-notes-1*.1*
%{_mandir}/man1/guestfs-release-notes-historical.1*
%{_mandir}/man1/guestfs-release-notes.1*
%{_mandir}/man1/guestfs-security.1*
%{_mandir}/man1/guestmount.1*
%{_mandir}/man1/guestunmount.1*
@ -1081,13 +1075,11 @@ rm ocaml/html/.gitignore
%{_mandir}/man3/guestfs-ruby.3*
%if !0%{?rhel}
%files -n php-%{name}
%doc php/README-PHP
%dir %{_sysconfdir}/php.d
%{_sysconfdir}/php.d/guestfs_php.ini
%{_libdir}/php/modules/guestfs_php.so
%endif
%files -n lua-guestfs
@ -1141,13 +1133,44 @@ rm ocaml/html/.gitignore
%changelog
* Tue Apr 12 2022 Edaurd Abdullin <eabdullin@almalinux.org> - 1:1.46.1-3.alma
* Wed Sep 28 2022 Edaurd Abdullin <eabdullin@almalinux.org> - 1:1.48.4-2.alma.plus
- Fix build for AlmaLinux
- Avoid permission denied for yum/dnf cache
* Thu Mar 17 2022 Richard W.M. Jones <rjones@redhat.com> - 1:1.46.1-3
* Wed Aug 10 2022 Richard W.M. Jones <rjones@redhat.com> - 1:1.48.4-2
- Rebase to new stable branch version 1.48.4
resolves: rhbz#2059285
- Disable 5-level page tables when using -cpu max
resolves: rhbz#2084568
- SELinux relabelling should not stop on ext4 immutable bits
resolves: rhbz#1794518
- Ignore "iface" in add-drive variants
resolves: rhbz#1844341
- Lift protocol limit on guestfs_readdir()
resolves: rhbz#1674392
- Check return values from librpm calls (2089623)
- Document limitations of encrypted RBD disks
resolves: rhbz#2033247
- Fix lvm-set-filter failed in guestfish with the latest lvm2 package
resolves: rhbz#1965941
- Enable PHP bindings
resolves: rhbz#2097718
- Add support for Clevis & Tang
resolves: rhbz#1809453
- Fix CVE-2022-2211 Denial of Service in --key parameter
resolves: rhbz#2101281
- Add clevis-luks to BRs, required for Clevis & Tang
related: rhbz#1809453
- Add zstd support to guestfs_file_architecture
resolves: rhbz#2117004
* Thu Mar 17 2022 Richard W.M. Jones <rjones@redhat.com> - 1:1.48.0-2
- Disable signature checking in librpm
resolves: rhbz#2064182
resolves: rhbz#2065172
* Mon Mar 14 2022 Richard W.M. Jones <rjones@redhat.com> - 1:1.48.0-1
- Rebase to new stable branch version 1.48.0
resolves: rhbz#2059285
* Thu Dec 23 2021 Laszlo Ersek <lersek@redhat.com> - 1:1.46.1-2
- Add detection support for Rocky Linux