Revert OL modifications

import Oracle_OSS libguestfs-1.56.1-4.0.1.el10_1
2026-04-08 18:19:39 -04:00 · 2026-04-08 18:19:37 -04:00
51 changed files with 4397 additions and 9313 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,2 @@
-SOURCES/libguestfs-1.44.0.tar.gz
-SOURCES/libguestfs.keyring
+libguestfs-1.56.1.tar.gz
+libguestfs.keyring
--- a/.libguestfs.metadata
+++ b/.libguestfs.metadata
@ -1,2 +0,0 @@
-99d241dc4a5ba0dc6111954ed7a872e0b0bb6944 SOURCES/libguestfs-1.44.0.tar.gz
-1bbc40f501a7fef9eef2a39b701a71aee2fea7c4 SOURCES/libguestfs.keyring
--- a/0001-appliance-Ignore-sit0-network-device-in-the-guest.patch
+++ b/0001-appliance-Ignore-sit0-network-device-in-the-guest.patch
@ -0,0 +1,29 @@
+From dc218b25f0bc2704918748e4e8120ec436783e58 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Tue, 24 Jun 2025 14:04:10 +0100
+Subject: [PATCH] appliance: Ignore sit0 network device in the guest
+
+Reported-by: Srikanth Aithal <sraithal@amd.com>
+Fixed-by: Stefano Brivio <sbrivio@redhat.com>
+Tested-by: Srikanth Aithal <sraithal@amd.com>
+See-also: https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/thread/566LAY7RNM7T7EMQQQYIQA2VK5TXETK5/
+---
+ appliance/init | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/appliance/init b/appliance/init
+index 5d35a47dd..47eb97dfc 100755
+--- a/appliance/init
+++ b/appliance/init
+@@ -127,7 +127,7 @@ ip addr add 127.0.0.1/8 brd + dev lo scope host
+ ip link set dev lo up
+ 
+ if test "$guestfs_network" = 1; then
+-    iface=$(ls -I all -I default -I lo /proc/sys/net/ipv4/conf)
+    iface=$(ls -I all -I default -I lo -I sit0 /proc/sys/net/ipv4/conf)
+     # Two workarounds for Ubuntu:
+     touch /etc/fstab
+     rm -f /etc/dhcp/dhclient-enter-hooks.d/resolved
+-- 
+2.47.3
+
--- a/0002-lib-libvirt-Debug-error-from-virDomainDestroyFlags.patch
+++ b/0002-lib-libvirt-Debug-error-from-virDomainDestroyFlags.patch
@ -0,0 +1,29 @@
+From 0a91731356a5bb0ab8eee620fc1fed1656b117f9 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Fri, 25 Jul 2025 09:36:35 +0100
+Subject: [PATCH] lib: libvirt: Debug error from virDomainDestroyFlags
+
+It's useful to see the error returned from virDomainDestroyFlags, so
+make sure this gets written to debug output.
+---
+ lib/launch-libvirt.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/lib/launch-libvirt.c b/lib/launch-libvirt.c
+index 55a4ad41c..8dbde5341 100644
+--- a/lib/launch-libvirt.c
+++ b/lib/launch-libvirt.c
+@@ -2173,6 +2173,10 @@ destroy_domain (guestfs_h *g, virDomainPtr dom, int check_for_errors)
+ 
+   /* Error returned by virDomainDestroyFlags ... */
+   err = virGetLastError ();
+  if (err && err->code != 0) {
+    debug (g, "virDomainDestroy: %s [code=%d int1=%d]",
+           err->message, err->code, err->int1);
+  }
+ 
+   /* Retry (indefinitely) if we're just waiting for qemu to shut down.  See:
+    * https://www.redhat.com/archives/libvir-list/2016-January/msg00767.html
+-- 
+2.47.3
+
--- a/0003-lib-libvirt-Sleep-before-retrying-virDomainDestroyFl.patch
+++ b/0003-lib-libvirt-Sleep-before-retrying-virDomainDestroyFl.patch
@ -0,0 +1,32 @@
+From c7aaa89fba21499fa6ba11e41fdc8de610819a87 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Fri, 25 Jul 2025 09:39:51 +0100
+Subject: [PATCH] lib: libvirt: Sleep before retrying virDomainDestroyFlags
+
+This saves us going into a loop if virDomainDestroyFlags keeps
+returning -EBUSY quickly, which apparenrly can happen in containers.
+
+The equivalent 'direct' backend code sleeps for 2 seconds in this case.
+---
+ lib/launch-libvirt.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/lib/launch-libvirt.c b/lib/launch-libvirt.c
+index 8dbde5341..c690a444a 100644
+--- a/lib/launch-libvirt.c
+++ b/lib/launch-libvirt.c
+@@ -2181,8 +2181,10 @@ destroy_domain (guestfs_h *g, virDomainPtr dom, int check_for_errors)
+   /* Retry (indefinitely) if we're just waiting for qemu to shut down.  See:
+    * https://www.redhat.com/archives/libvir-list/2016-January/msg00767.html
+    */
+-  if (err && err->code == VIR_ERR_SYSTEM_ERROR && err->int1 == EBUSY)
+  if (err && err->code == VIR_ERR_SYSTEM_ERROR && err->int1 == EBUSY) {
+    sleep (1);
+     goto again;
+  }
+ 
+   /* "Domain not found" is not treated as an error. */
+   if (err && err->code == VIR_ERR_NO_DOMAIN)
+-- 
+2.47.3
+
--- a/0004-daemon-Add-contents-of-etc-fstab-to-verbose-log.patch
+++ b/0004-daemon-Add-contents-of-etc-fstab-to-verbose-log.patch
@ -0,0 +1,49 @@
+From f4f84a882468cb7b2dc4c265bdc18a5df79c3d4d Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Wed, 30 Jul 2025 10:53:20 +0100
+Subject: [PATCH] daemon: Add contents of /etc/fstab to verbose log
+
+Also some mdadm configuration files.  This is useful for debugging.
+
+The output looks like this:
+
+  info: /etc/fstab in /dev/VG/Root
+  LABEL=BOOT /boot ext2 default 0 0$
+  LABEL=ROOT / ext2 default 0 0$
+
+Fixes: https://issues.redhat.com/browse/RHEL-106490
+---
+ daemon/inspect_fs_unix_fstab.ml | 17 +++++++++++++++++
+ 1 file changed, 17 insertions(+)
+
+diff --git a/daemon/inspect_fs_unix_fstab.ml b/daemon/inspect_fs_unix_fstab.ml
+index 8e765454a..b4652a39d 100644
+--- a/daemon/inspect_fs_unix_fstab.ml
+++ b/daemon/inspect_fs_unix_fstab.ml
+@@ -43,6 +43,23 @@ let rec check_fstab ?(mdadm_conf = false) (root_mountable : Mountable.t)
+     if mdadm_conf then ["/etc/mdadm.conf"; "/etc/mdadm/mdadm.conf"] else [] in
+   let configfiles = "/etc/fstab" :: mdadmfiles in
+ 
+  (* If verbose, dump the contents of each config file as that can be
+   * useful for debugging.
+   *)
+  if verbose () then (
+    List.iter (
+      fun filename ->
+        let sysroot_filename = Sysroot.sysroot_path filename in
+        if Sys.file_exists sysroot_filename then (
+          eprintf "info: %s in %s\n%!"
+            filename (Mountable.to_string root_mountable);
+          let cmd = sprintf "cat -A %s >&2" (quote sysroot_filename) in
+          ignore (Sys.command cmd);
+          eprintf "\n%!"
+        )
+    ) configfiles
+  );
+
+   with_augeas ~name:"check_fstab_aug"
+               configfiles (check_fstab_aug mdadm_conf root_mountable os_type)
+ 
+-- 
+2.47.3
+
--- a/0005-appliance-init-Add-lsblk-and-blkid-output-to-verbose.patch
+++ b/0005-appliance-init-Add-lsblk-and-blkid-output-to-verbose.patch
@ -0,0 +1,47 @@
+From 217823da95aad095a1c86a90aa4b1db8d46319e4 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Wed, 30 Jul 2025 11:05:17 +0100
+Subject: [PATCH] appliance/init: Add lsblk and blkid output to verbose log
+
+This is useful for debugging.  The output looks like:
+
+  + lsblk
+  NAME        MAJ:MIN RM  SIZE RO TYPE MOUNTPOINTS
+  sda           8:0    0    1G  0 disk
+  |-sda1        8:1    0  512M  0 part
+  `-sda2        8:2    0  512M  0 part
+    |-VG-Root 252:0    0   32M  0 lvm
+    |-VG-LV1  252:1    0   32M  0 lvm
+    |-VG-LV2  252:2    0   32M  0 lvm
+    `-VG-LV3  252:3    0   64M  0 lvm
+  sdb           8:16   0    4G  0 disk /
+  + blkid
+  /dev/mapper/VG-LV1: UUID="cc8a3437-4169-4b1c-b432-ee8adc563f6d" BLOCK_SIZE="4096" TYPE="ext2"
+  /dev/sdb: UUID="30c70ddc-d00b-4620-a408-025890e59aa6" BLOCK_SIZE="4096" TYPE="ext2"
+  /dev/mapper/VG-LV2: UUID="747009aa-e183-46ba-a034-0c437b15cebc" BLOCK_SIZE="1024" TYPE="ext2"
+  /dev/mapper/VG-Root: LABEL="ROOT" UUID="01234567-0123-0123-0123-012345678902" BLOCK_SIZE="4096" TYPE="ext2"
+  /dev/sda2: UUID="DfEjc1-wRU6-vh8U-we7U-ivEl-FRwo-rG0ZuL" TYPE="LVM2_member" PARTUUID="184cbb43-02"
+  /dev/sda1: LABEL="BOOT" UUID="01234567-0123-0123-0123-012345678901" BLOCK_SIZE="4096" TYPE="ext2" PARTUUID="184cbb43-01"
+  /dev/mapper/VG-LV3: UUID="f9e5dc21-9a2a-45a0-85b0-e2889607139a" BLOCK_SIZE="2048" TYPE="ext2"
+
+Fixes: https://issues.redhat.com/browse/RHEL-106490
+---
+ appliance/init | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/appliance/init b/appliance/init
+index 47eb97dfc..62526ac77 100755
+--- a/appliance/init
+++ b/appliance/init
+@@ -184,6 +184,8 @@ if test "$guestfs_verbose" = 1 && test "$guestfs_boot_analysis" != 1; then
+     ls -lR /dev
+     cat /proc/mounts
+     cat /proc/mdstat
+    lsblk
+    blkid
+     lvm config
+     lvm pvs
+     lvm vgs
+-- 
+2.47.3
+
--- a/0006-docs-Fix-dead-ntfs-3g-doc-links.patch
+++ b/0006-docs-Fix-dead-ntfs-3g-doc-links.patch
@ -0,0 +1,50 @@
+From 701667b6f581a824059c4da50eb4df176decbb82 Mon Sep 17 00:00:00 2001
+From: Cole Robinson <crobinso@redhat.com>
+Date: Thu, 31 Jul 2025 15:27:38 -0400
+Subject: [PATCH] docs: Fix dead ntfs-3g doc links
+
+---
+ generator/actions_core.ml | 4 ++--
+ lib/guestfs.pod           | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/generator/actions_core.ml b/generator/actions_core.ml
+index 0f39fd509..108494ece 100644
+--- a/generator/actions_core.ml
+++ b/generator/actions_core.ml
+@@ -4661,8 +4661,8 @@ as F<C:\\windows> may appear as F</WINDOWS> or F</windows>
+ they were created.  In Windows itself this would not be
+ a problem.
+ 
+-Bug or feature?  You decide:
+-L<https://www.tuxera.com/community/ntfs-3g-faq/#posixfilenames1>
+Bug or feature?  You decide. See the relevant entry in the ntfs-3g FAQ:
+L<https://github.com/tuxera/ntfs-3g/wiki/NTFS-3G-FAQ>
+ 
+ C<guestfs_case_sensitive_path> attempts to resolve the true case of
+ each element in the path. It will return a resolved path if either the
+diff --git a/lib/guestfs.pod b/lib/guestfs.pod
+index f69d5a070..505978aa1 100644
+--- a/lib/guestfs.pod
+++ b/lib/guestfs.pod
+@@ -984,7 +984,7 @@ Ntfs-3g tries to rewrite "Junction Points" and NTFS "symbolic links"
+ to provide something which looks like a Linux symlink.  The way it
+ tries to do the rewriting is described here:
+ 
+-L<http://www.tuxera.com/community/ntfs-3g-advanced/junction-points-and-symbolic-links/>
+L<https://github.com/tuxera/ntfs-3g/wiki/Junctions-Points,-Symbolic-Links-and-Reparse-Points>
+ 
+ The essential problem is that ntfs-3g simply does not have enough
+ information to do a correct job.  NTFS links can contain drive letters
+@@ -1003,7 +1003,7 @@ format documented in various places around the web).
+ There are other useful extended attributes that can be read from
+ ntfs-3g filesystems (using L</guestfs_getxattr>).  See:
+ 
+-L<http://www.tuxera.com/community/ntfs-3g-advanced/extended-attributes/>
+L<https://github.com/tuxera/ntfs-3g/wiki/Using-Extended-Attributes>
+ 
+ =head3 WINDOWS HIBERNATION AND WINDOWS 8 FAST STARTUP
+ 
+-- 
+2.47.3
+
--- a/0007-daemon-inspect-check-etc-crypttab-for-dev-mapper.patch
+++ b/0007-daemon-inspect-check-etc-crypttab-for-dev-mapper.patch
@ -0,0 +1,178 @@
+From 06db19c56c0a4e81596b24a7ab74ed545b422e4c Mon Sep 17 00:00:00 2001
+From: Cole Robinson <crobinso@redhat.com>
+Date: Thu, 12 Jun 2025 14:42:33 -0400
+Subject: [PATCH] daemon: inspect: check /etc/crypttab for /dev/mapper/*
+
+Encrypted root fs on SUSE distros will present itself like so:
+
+```
+/dev/mapper/cr_root                         /                   btrfs   defaults                0 0
+UUID=588905f9-bfa4-47b5-9fe8-893cb8ad4a0b   /var                btrfs   subvol=/@/var           0 0
+... more subvols here ...
+UUID=8a278363-3042-4dea-a878-592f5e1b7381   swap                btrfs   defaults                0 0
+/dev/mapper/cr_root                         /.snapshots         btrfs   subvol=/@/.snapshots    0 0
+
+cr_root  UUID=5289379a-a707-41b5-994c-c383f7ed54cc  none  x-initrd.attach
+```
+
+This breaks `-i` inspection, since libguestfs doesn't know what
+/dev/mapper/cr_root is supposed to be, and nothing in the appliance
+will autopopulate that path. This isn't a problem on Fedora, where
+it uses UUID= instead of a /dev/mapper path.
+
+Currently when we see /dev/mapper as a mount prefix, we only attempt
+to do some LVM name mapping. This extends libguestfs to check
+/etc/crypttab first. If we find an entry for the mapper path, and it
+points to the encrypted luks UUID, we use that UUID to build the
+associated /dev/disk/by-id/dm-uuid-CRYPT-* path, which is a symlink
+to the unencrypted /dev/dm-X path
+
+Resolves: https://issues.redhat.com/browse/RHEL-93584
+
+Signed-off-by: Cole Robinson <crobinso@redhat.com>
+---
+ daemon/inspect_fs_unix_fstab.ml | 93 +++++++++++++++++++++++++--------
+ 1 file changed, 70 insertions(+), 23 deletions(-)
+
+diff --git a/daemon/inspect_fs_unix_fstab.ml b/daemon/inspect_fs_unix_fstab.ml
+index b4652a39d..bd1b8e540 100644
+--- a/daemon/inspect_fs_unix_fstab.ml
+++ b/daemon/inspect_fs_unix_fstab.ml
+@@ -41,7 +41,7 @@ let rec check_fstab ?(mdadm_conf = false) (root_mountable : Mountable.t)
+                     os_type =
+   let mdadmfiles =
+     if mdadm_conf then ["/etc/mdadm.conf"; "/etc/mdadm/mdadm.conf"] else [] in
+-  let configfiles = "/etc/fstab" :: mdadmfiles in
+  let configfiles = "/etc/fstab" :: "/etc/crypttab" :: mdadmfiles in
+ 
+   (* If verbose, dump the contents of each config file as that can be
+    * useful for debugging.
+@@ -179,7 +179,7 @@ and check_fstab_entry md_map root_mountable os_type aug entry =
+         root_mountable
+       (* Resolve guest block device names. *)
+       else if String.starts_with "/dev/" spec then
+-        resolve_fstab_device spec md_map os_type
+        resolve_fstab_device spec md_map os_type aug
+       (* In OpenBSD's fstab you can specify partitions
+        * on a disk by appending a period and a partition
+        * letter to a Disklable Unique Identifier. The
+@@ -194,7 +194,7 @@ and check_fstab_entry md_map root_mountable os_type aug entry =
+          * assume that this is the first disk.
+          *)
+         let device = sprintf "/dev/sd0%c" part in
+-        resolve_fstab_device device md_map os_type
+        resolve_fstab_device device md_map os_type aug
+       )
+       (* Ignore "/.swap" (Pardus) and pseudo-devices
+        * like "tmpfs".  If we haven't resolved the device
+@@ -353,7 +353,7 @@ and parse_md_uuid uuid =
+  * the real VM, which is a reasonable assumption to make.  Return
+  * anything we don't recognize unchanged.
+  *)
+-and resolve_fstab_device spec md_map os_type =
+and resolve_fstab_device spec md_map os_type aug =
+   (* In any case where we didn't match a device pattern or there was
+    * another problem, return this default mountable derived from [spec].
+    *)
+@@ -366,7 +366,7 @@ and resolve_fstab_device spec md_map os_type =
+ 
+   if String.starts_with "/dev/mapper" spec then (
+     debug_matching "/dev/mapper";
+-    resolve_dev_mapper spec default
+    resolve_dev_mapper spec default aug
+   )
+ 
+   else if PCRE.matches re_xdev spec then (
+@@ -540,24 +540,71 @@ and resolve_fstab_device spec md_map os_type =
+     default
+   )
+ 
+-and resolve_dev_mapper spec default =
+-  (* LVM2 does some strange munging on /dev/mapper paths for VGs and
+-   * LVs which contain '-' character:
+-   *
+-   * ><fs> lvcreate LV--test VG--test 32
+-   * ><fs> debug ls /dev/mapper
+-   * VG----test-LV----test
+-   *
+-   * This makes it impossible to reverse those paths directly, so
+-   * we have implemented lvm_canonical_lv_name in the daemon.
+-   *)
+-  try
+-    match Lvm_utils.lv_canonical spec with
+-    | None -> default
+-    | Some device -> Mountable.of_device device
+-  with
+-  (* Ignore devices that don't exist. (RHBZ#811872) *)
+-  | Unix.Unix_error (Unix.ENOENT, _, _) -> default
+and resolve_dev_mapper spec default aug =
+  let augpath =
+    sprintf "/files/etc/crypttab/*[target='%s']/device"
+            (Filename.basename spec) in
+  match aug_get_noerrors aug augpath with
+  | Some device ->
+     (* /dev/mapper name is present in /etc/crypttab *)
+     if verbose() then eprintf "mapped to crypttab device=%s\n%!" device;
+     (* device string is one of:
+      *  + UUID=... without any shell quoting
+      *  + An absolute path
+      *)
+     if String.starts_with "UUID=" device then (
+       (* We found the UUID for the encrypted LUKS partition, now we use
+        * that to get the unencrypted /dev/dm-X via
+        * /dev/disk/by-id/dm-uuid-CRYPT-* automagic paths. The format is
+        *
+        * /dev/disk/by-id/dm-uuid-CRYPT-$TYPE-$LUKSUUID-$DMNAME
+        *
+        * The fields are
+        * + $TYPE: `LUKS1` or `LUKS2`
+        * + $LUKSUUID: The UUID we got from crypttab, but with `-` removed
+        * + $DMNAME: this would be `cr_root` for `/dev/mapper/cr_root`, but
+        *            we just ignore that.
+        *)
+       let byid_dir = "/dev/disk/by-id" in
+       let uuid = String.sub device 5 (String.length device - 5) in
+       let short_uuid = String.replace uuid "-" "" in
+       let regstr = sprintf "^dm-uuid-CRYPT-LUKS.-%s-.*$" short_uuid in
+       let re_dmcrypt = PCRE.compile regstr in
+       let entries = Sys.readdir byid_dir |> Array.to_list in
+       try
+         let filename = List.find (fun f -> PCRE.matches re_dmcrypt f) entries in
+         let fullpath = Filename.concat byid_dir filename in
+         let resolved_path = Unix_utils.Realpath.realpath fullpath in
+         eprintf("Found crypttab mapping %s -> %s\n%!") fullpath resolved_path;
+         Mountable.of_device (resolved_path)
+       with
+         Failure _ | Not_found ->
+           eprintf("Failed to find matching regex %s/%s\n%!") byid_dir regstr;
+           Mountable.of_device spec
+     ) else (
+       Mountable.of_device spec
+     )
+  | None ->
+     (* Assume /dev/mapper device is LVM *)
+
+     (* LVM2 does some strange munging on /dev/mapper paths for VGs and
+      * LVs which contain '-' character:
+      *
+      * ><fs> lvcreate LV--test VG--test 32
+      * ><fs> debug ls /dev/mapper
+      * VG----test-LV----test
+      *
+      * This makes it impossible to reverse those paths directly, so
+      * we have implemented lvm_canonical_lv_name in the daemon.
+      *)
+     try
+       match Lvm_utils.lv_canonical spec with
+       | None -> default
+       | Some device -> Mountable.of_device device
+     with
+     (* Ignore devices that don't exist. (RHBZ#811872) *)
+     | Unix.Unix_error (Unix.ENOENT, _, _) -> default
+
+ 
+ (* type: (h|s|v|xv)
+  * disk: [a-z]+
+-- 
+2.47.3
+
--- a/0008-daemon-sysroot-Avoid-double-when-creating-sysroot-pa.patch
+++ b/0008-daemon-sysroot-Avoid-double-when-creating-sysroot-pa.patch
@ -0,0 +1,42 @@
+From 1e0099671a2cd75e3407fc02cd16584fce3ba4ee Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Tue, 12 Aug 2025 13:04:45 +0100
+Subject: [PATCH] daemon: sysroot: Avoid double-/ when creating sysroot paths
+ in OCaml
+
+Previously calling 'sysroot_path "/dev"' for example would return the
+string "/sysroot//dev".  While this is not wrong, it confuses some
+external programs (hello, setfiles), and it's not very "clean".  Be a
+bit more careful to avoid doubling the '/' character in the common case.
+---
+ daemon/sysroot.ml  | 6 +++++-
+ daemon/sysroot.mli | 2 +-
+ 2 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/daemon/sysroot.ml b/daemon/sysroot.ml
+index 286d125b9..57e727066 100644
+--- a/daemon/sysroot.ml
+++ b/daemon/sysroot.ml
+@@ -20,4 +20,8 @@ open Std_utils
+ 
+ external sysroot : unit -> string = "guestfs_int_daemon_sysroot"
+ 
+-let sysroot_path path = sysroot () // path
+let sysroot_path path =
+  let sysroot = sysroot () in
+  if path = "" then sysroot
+  else if path.[0] = '/' then sysroot ^ path
+  else sysroot // path
+diff --git a/daemon/sysroot.mli b/daemon/sysroot.mli
+index 7f8970cd8..1e6e75902 100644
+--- a/daemon/sysroot.mli
+++ b/daemon/sysroot.mli
+@@ -22,4 +22,4 @@ val sysroot : unit -> string
+     in default. *)
+ 
+ val sysroot_path : string -> string
+-(** Equivalent to calling [sysroot () // path] *)
+(** Prepend [path] parameter with the sysroot. *)
+-- 
+2.47.3
+
--- a/0009-daemon-sysroot-Avoid-copying-the-path-every-time-we-.patch
+++ b/0009-daemon-sysroot-Avoid-copying-the-path-every-time-we-.patch
@ -0,0 +1,49 @@
+From c931ab3bc807cff785b1271c575855f0906e27b3 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Tue, 12 Aug 2025 13:09:16 +0100
+Subject: [PATCH] daemon: sysroot: Avoid copying the path every time we call
+ sysroot ()
+
+This path never changes once the daemon has started up, so we don't
+need to call into C code and copy the string every time.
+---
+ daemon/sysroot-c.c | 4 ++--
+ daemon/sysroot.ml  | 5 ++++-
+ 2 files changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/daemon/sysroot-c.c b/daemon/sysroot-c.c
+index ad31d36ee..e664232b0 100644
+--- a/daemon/sysroot-c.c
+++ b/daemon/sysroot-c.c
+@@ -28,10 +28,10 @@
+ 
+ #include "daemon.h"
+ 
+-extern value guestfs_int_daemon_sysroot (value unitv);
+extern value guestfs_int_daemon_get_sysroot (value unitv);
+ 
+ value
+-guestfs_int_daemon_sysroot (value unitv)
+guestfs_int_daemon_get_sysroot (value unitv)
+ {
+   return caml_copy_string (sysroot);
+ }
+diff --git a/daemon/sysroot.ml b/daemon/sysroot.ml
+index 57e727066..35ae11f3f 100644
+--- a/daemon/sysroot.ml
+++ b/daemon/sysroot.ml
+@@ -18,7 +18,10 @@
+ 
+ open Std_utils
+ 
+-external sysroot : unit -> string = "guestfs_int_daemon_sysroot"
+external get_sysroot : unit -> string = "guestfs_int_daemon_get_sysroot"
+
+let sysroot = lazy (get_sysroot ())
+let sysroot () = Lazy.force sysroot
+ 
+ let sysroot_path path =
+   let sysroot = sysroot () in
+-- 
+2.47.3
+
--- a/0010-daemon-Reimplement-guestfs_selinux_relabel-in-OCaml.patch
+++ b/0010-daemon-Reimplement-guestfs_selinux_relabel-in-OCaml.patch
@ -0,0 +1,406 @@
+From ed40333a23ae8f20ac0360df444d10db369fa6d9 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Tue, 12 Aug 2025 12:22:42 +0100
+Subject: [PATCH] daemon: Reimplement guestfs_selinux_relabel in OCaml
+
+No change, just reimplement the existing C implementation in OCaml.
+---
+ .gitignore                |   1 +
+ daemon/Makefile.am        |   4 +-
+ daemon/selinux-relabel.c  | 169 --------------------------------------
+ daemon/selinux.c          |   7 ++
+ daemon/selinux.ml         | 101 +++++++++++++++++++++++
+ docs/C_SOURCE_FILES       |   1 -
+ generator/actions_core.ml |   1 +
+ po/POTFILES               |   1 -
+ 8 files changed, 113 insertions(+), 172 deletions(-)
+ delete mode 100644 daemon/selinux-relabel.c
+ create mode 100644 daemon/selinux.ml
+
+diff --git a/.gitignore b/.gitignore
+index 81cd278cc..02160caff 100644
+--- a/.gitignore
+++ b/.gitignore
+@@ -108,6 +108,7 @@ Makefile.in
+ /daemon/parted.mli
+ /daemon/realpath.mli
+ /daemon/rpm.mli
+/daemon/selinux.mli
+ /daemon/sfdisk.mli
+ /daemon/stamp-guestfsd.pod
+ /daemon/statvfs.mli
+diff --git a/daemon/Makefile.am b/daemon/Makefile.am
+index 6d7492013..c644d9881 100644
+--- a/daemon/Makefile.am
+++ b/daemon/Makefile.am
+@@ -59,6 +59,7 @@ generator_built = \
+ 	parted.mli \
+ 	realpath.mli \
+ 	rpm.mli \
+	selinux.mli \
+ 	sfdisk.mli \
+ 	statvfs.mli \
+ 	structs.ml \
+@@ -173,7 +174,6 @@ guestfsd_SOURCES = \
+ 	rsync.c \
+ 	scrub.c \
+ 	selinux.c \
+-	selinux-relabel.c \
+ 	sfdisk.c \
+ 	sh.c \
+ 	sleep.c \
+@@ -307,6 +307,7 @@ SOURCES_MLI = \
+ 	parted.mli \
+ 	realpath.mli \
+ 	rpm.mli \
+	selinux.mli \
+ 	sfdisk.mli \
+ 	statvfs.mli \
+ 	structs.mli \
+@@ -345,6 +346,7 @@ SOURCES_ML = \
+ 	listfs.ml \
+ 	realpath.ml \
+ 	statvfs.ml \
+	selinux.ml \
+ 	inspect_types.ml \
+ 	inspect_utils.ml \
+ 	inspect_fs_unix_fstab.ml \
+diff --git a/daemon/selinux-relabel.c b/daemon/selinux-relabel.c
+deleted file mode 100644
+index cfc5a31d9..000000000
+--- a/daemon/selinux-relabel.c
+++ /dev/null
+@@ -1,169 +0,0 @@
+-/* libguestfs - the guestfsd daemon
+- * Copyright (C) 2016 Red Hat Inc.
+- *
+- * This program is free software; you can redistribute it and/or modify
+- * it under the terms of the GNU General Public License as published by
+- * the Free Software Foundation; either version 2 of the License, or
+- * (at your option) any later version.
+- *
+- * This program is distributed in the hope that it will be useful,
+- * but WITHOUT ANY WARRANTY; without even the implied warranty of
+- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+- * GNU General Public License for more details.
+- *
+- * You should have received a copy of the GNU General Public License
+- * along with this program; if not, write to the Free Software
+- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+- */
+-
+-#include <config.h>
+-
+-#include <stdio.h>
+-#include <stdlib.h>
+-#include <string.h>
+-#include <sys/stat.h>
+-
+-#include "guestfs_protocol.h"
+-#include "daemon.h"
+-#include "actions.h"
+-#include "optgroups.h"
+-
+-#include "ignore-value.h"
+-
+-#define MAX_ARGS 64
+-
+-int
+-optgroup_selinuxrelabel_available (void)
+-{
+-  return prog_exists ("setfiles");
+-}
+-
+-static int
+-dir_exists (const char *dir)
+-{
+-  struct stat statbuf;
+-
+-  if (stat (dir, &statbuf) == 0 && S_ISDIR (statbuf.st_mode))
+-    return 1;
+-  else
+-    return 0;
+-}
+-
+-static int
+-setfiles_has_option (int *flag, char opt_char)
+-{
+-  CLEANUP_FREE char *err = NULL;
+-
+-  if (*flag == -1) {
+-    char option[] = { '-', opt_char, '\0' };       /* "-X" */
+-    char err_opt[32];     /* "invalid option -- 'X'" */
+-
+-    snprintf(err_opt, sizeof(err_opt), "invalid option -- '%c'", opt_char);
+-    ignore_value (command (NULL, &err, "setfiles", option, NULL));
+-    *flag = err && strstr (err, /* "invalid option -- " */ err_opt) == NULL;
+-  }
+-
+-  return *flag;
+-}
+-
+-/* Takes optional arguments, consult optargs_bitmask. */
+-int
+-do_selinux_relabel (const char *specfile, const char *path,
+-                    int force)
+-{
+-  static int flag_m = -1;
+-  static int flag_C = -1;
+-  static int flag_T = -1;
+-  const char *argv[MAX_ARGS];
+-  CLEANUP_FREE char *s_dev = NULL, *s_proc = NULL, *s_selinux = NULL,
+-    *s_sys = NULL, *s_specfile = NULL, *s_path = NULL;
+-  CLEANUP_FREE char *err = NULL;
+-  size_t i = 0;
+-  int setfiles_status;
+-
+-  s_dev = sysroot_path ("/dev");
+-  if (!s_dev) {
+-  malloc_error:
+-    reply_with_perror ("malloc");
+-    return -1;
+-  }
+-  s_proc = sysroot_path ("/proc");       if (!s_proc) goto malloc_error;
+-  s_selinux = sysroot_path ("/selinux"); if (!s_selinux) goto malloc_error;
+-  s_sys = sysroot_path ("/sys");         if (!s_sys) goto malloc_error;
+-  s_specfile = sysroot_path (specfile);  if (!s_specfile) goto malloc_error;
+-  s_path = sysroot_path (path);          if (!s_path) goto malloc_error;
+-
+-  /* Default settings if not selected. */
+-  if (!(optargs_bitmask & GUESTFS_SELINUX_RELABEL_FORCE_BITMASK))
+-    force = 0;
+-
+-  /* If setfiles takes an excessively long time to run (but still
+-   * completes) then removing .../contexts/files/file_contexts.bin
+-   * appears to help.  If you find any such cases, please add
+-   * observations to the bug report:
+-   * https://bugzilla.redhat.com/show_bug.cgi?id=1396297
+-   */
+-  ADD_ARG (argv, i, "setfiles");
+-  if (force)
+-    ADD_ARG (argv, i, "-F");
+-
+-  /* Exclude some directories that should never be relabelled in
+-   * ordinary Linux guests.  These won't be mounted anyway.  We have
+-   * to prefix all these with the sysroot path.
+-   */
+-  ADD_ARG (argv, i, "-e"); ADD_ARG (argv, i, s_dev);
+-  ADD_ARG (argv, i, "-e"); ADD_ARG (argv, i, s_proc);
+-  ADD_ARG (argv, i, "-e"); ADD_ARG (argv, i, s_sys);
+-  if (dir_exists (s_selinux)) {
+-    ADD_ARG (argv, i, "-e"); ADD_ARG (argv, i, s_selinux);
+-  }
+-
+-  /* You have to use the -m option (where available) otherwise
+-   * setfiles puts all the mountpoints on the excludes list for no
+-   * useful reason (RHBZ#1433577).
+-   */
+-  if (setfiles_has_option (&flag_m, 'm'))
+-    ADD_ARG (argv, i, "-m");
+-
+-  /* Not only do we want setfiles to trudge through individual relabeling
+-   * errors, we also want the setfiles exit status to differentiate a fatal
+-   * error from "relabeling errors only". See RHBZ#1794518.
+-   */
+-  if (setfiles_has_option (&flag_C, 'C'))
+-    ADD_ARG (argv, i, "-C");
+-
+-  /* If the appliance is being run with multiple vCPUs, running setfiles
+-   * in multithreading mode might speeds up the process.  Option "-T" was
+-   * introduced in SELinux userspace v3.4, and we need to check whether it's
+-   * supported.  Passing "-T 0" creates as many threads as there're available
+-   * vCPU cores.
+-   * https://github.com/SELinuxProject/selinux/releases/tag/3.4
+-   */
+-  if (setfiles_has_option (&flag_T, 'T')) {
+-    ADD_ARG (argv, i, "-T"); ADD_ARG (argv, i, "0");
+-  }
+-
+-  /* Relabelling in a chroot. */
+-  if (STRNEQ (sysroot, "/")) {
+-    ADD_ARG (argv, i, "-r");
+-    ADD_ARG (argv, i, sysroot);
+-  }
+-
+-  if (verbose)
+-    ADD_ARG (argv, i, "-v");
+-  else
+-    /* Suppress non-error output. */
+-    ADD_ARG (argv, i, "-q");
+-
+-  /* Add parameters. */
+-  ADD_ARG (argv, i, s_specfile);
+-  ADD_ARG (argv, i, s_path);
+-  ADD_ARG (argv, i, NULL);
+-
+-  setfiles_status = commandrv (NULL, &err, argv);
+-  if ((setfiles_status == 0) || (setfiles_status == 1 && flag_C))
+-    return 0;
+-
+-  reply_with_error ("%s", err);
+-  return -1;
+-}
+diff --git a/daemon/selinux.c b/daemon/selinux.c
+index f4d839c19..4500d0096 100644
+--- a/daemon/selinux.c
+++ b/daemon/selinux.c
+@@ -39,6 +39,13 @@ optgroup_selinux_available (void)
+   return 1;
+ }
+ 
+/* For historical reasons, this is really "is setfiles available" */
+int
+optgroup_selinuxrelabel_available (void)
+{
+  return prog_exists ("setfiles");
+}
+
+ /* setcon is only valid under the following circumstances:
+  * - single threaded
+  * - enforcing=0
+diff --git a/daemon/selinux.ml b/daemon/selinux.ml
+new file mode 100644
+index 000000000..d954fdead
+--- /dev/null
+++ b/daemon/selinux.ml
+@@ -0,0 +1,101 @@
+(* SELinux functions.
+ * Copyright (C) 2009-2025 Red Hat Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *)
+
+open Printf
+
+open Std_utils
+
+open Sysroot
+open Utils
+
+(* Test if setfiles has various options.
+ *
+ * The only way to do this is to run setfiles with the option alone, and
+ * test for the stderr message [invalid option -- 'X'].
+ *)
+let setfiles_has_option_m,
+    setfiles_has_option_C,
+    setfiles_has_option_T =
+  let setfiles_has_option flag =
+    let err_msg = sprintf "invalid option -- '%c'" flag in
+    let opt = sprintf "-%c" flag in
+    let _, _, err = commandr "setfiles" [opt] in
+    String.find err err_msg = -1
+  in
+  let setfiles_has_option_m = lazy (setfiles_has_option 'm')
+  and setfiles_has_option_C = lazy (setfiles_has_option 'C')
+  and setfiles_has_option_T = lazy (setfiles_has_option 'T') in
+  (fun () -> Lazy.force setfiles_has_option_m),
+  (fun () -> Lazy.force setfiles_has_option_C),
+  (fun () -> Lazy.force setfiles_has_option_T)
+
+let selinux_relabel ?(force = false) specfile path =
+  (* Prefix /sysroot on all paths. *)
+  let ignored_paths =
+    [ "/dev"; "/proc"; "/selinux"; "/sys" ] |>
+    List.map sysroot_path in
+  let specfile = sysroot_path specfile in
+  let path = sysroot_path path in
+
+  let args = ref [] in
+  if force then List.push_back args "-F";
+  List.iter (
+    fun ignored_path ->
+      List.push_back_list args [ "-e"; ignored_path ]
+  ) ignored_paths;
+
+  (* You have to use the -m option (where available) otherwise
+   * setfiles puts all the mountpoints on the excludes list for no
+   * useful reason (RHBZ#1433577).
+   *)
+  if setfiles_has_option_m () then List.push_back args "-m";
+
+  (* Not only do we want setfiles to trudge through individual relabeling
+   * errors, we also want the setfiles exit status to differentiate a fatal
+   * error from "relabeling errors only". See RHBZ#1794518.
+   *)
+  if setfiles_has_option_C () then List.push_back args "-C";
+
+  (* If the appliance is being run with multiple vCPUs, running setfiles
+   * in multithreading mode might speeds up the process.  Option "-T" was
+   * introduced in SELinux userspace v3.4, and we need to check whether it's
+   * supported.  Passing "-T 0" creates as many threads as there're available
+   * vCPU cores.
+   * https://github.com/SELinuxProject/selinux/releases/tag/3.4
+   *)
+  if setfiles_has_option_T () then
+    List.push_back_list args [ "-T"; "0" ];
+
+  (* Relabelling in a chroot. *)
+  if sysroot () <> "/" then
+    List.push_back_list args [ "-r"; sysroot () ];
+
+  if verbose () then
+    List.push_back args "-v"
+  else
+    (* Suppress non-error output. *)
+    List.push_back args "-q";
+
+  (* Add parameters. *)
+  List.push_back_list args [ specfile; path ];
+
+  let args = !args in
+  let r, _, err = commandr "setfiles" args in
+
+  let ok = r = 0 || r = 1 && setfiles_has_option_C () in
+  if not ok then failwithf "setfiles: %s" err
+diff --git a/docs/C_SOURCE_FILES b/docs/C_SOURCE_FILES
+index cdfb1d615..5270667bf 100644
+--- a/docs/C_SOURCE_FILES
+++ b/docs/C_SOURCE_FILES
+@@ -132,7 +132,6 @@ daemon/rename.c
+ daemon/rpm-c.c
+ daemon/rsync.c
+ daemon/scrub.c
+-daemon/selinux-relabel.c
+ daemon/selinux.c
+ daemon/sfdisk.c
+ daemon/sh.c
+diff --git a/generator/actions_core.ml b/generator/actions_core.ml
+index 108494ece..128cbe0e9 100644
+--- a/generator/actions_core.ml
+++ b/generator/actions_core.ml
+@@ -9359,6 +9359,7 @@ fails and the C<errno> is set to C<ENODEV>." };
+   { defaults with
+     name = "selinux_relabel"; added = (1, 33, 43);
+     style = RErr, [String (PlainString, "specfile"); String (Pathname, "path")], [OBool "force"];
+    impl = OCaml "Selinux.selinux_relabel";
+     optional = Some "selinuxrelabel";
+     test_excuse = "tests are in the tests/relabel directory";
+     shortdesc = "relabel parts of the filesystem";
+diff --git a/po/POTFILES b/po/POTFILES
+index acf3a68d7..fbe0a7fe2 100644
+--- a/po/POTFILES
+++ b/po/POTFILES
+@@ -110,7 +110,6 @@ daemon/rename.c
+ daemon/rpm-c.c
+ daemon/rsync.c
+ daemon/scrub.c
+-daemon/selinux-relabel.c
+ daemon/selinux.c
+ daemon/sfdisk.c
+ daemon/sh.c
+-- 
+2.47.3
+
--- a/0011-generator-Implement-StringList-for-OCaml-functions.patch
+++ b/0011-generator-Implement-StringList-for-OCaml-functions.patch
@ -0,0 +1,99 @@
+From fd4db60cffd9d0ece25a436932aca5411e13b94e Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Tue, 12 Aug 2025 14:05:44 +0100
+Subject: [PATCH] generator: Implement StringList for OCaml functions
+
+No existing OCaml functions have a StringList parameter, but we would
+like to add one.
+
+The original plan seems to have been to map these to 'string array'
+types, but 'string list' is more natural, albeit marginally less
+efficient.  The implementation here just has to convert the 'char **'
+into the OCaml linked list of values.
+---
+ daemon/daemon-c.c   | 24 ++++++++++++++++++++++++
+ daemon/daemon-c.h   |  1 +
+ generator/daemon.ml |  6 ++++--
+ 3 files changed, 29 insertions(+), 2 deletions(-)
+
+diff --git a/daemon/daemon-c.c b/daemon/daemon-c.c
+index 1754cf0d2..371c2a9e4 100644
+--- a/daemon/daemon-c.c
+++ b/daemon/daemon-c.c
+@@ -114,6 +114,30 @@ guestfs_int_daemon_copy_mountable (const mountable_t *mountable)
+   CAMLreturn (r);
+ }
+ 
+/* Implement StringList(...) parameter. */
+value
+guestfs_int_daemon_copy_string_list (char * const *strs)
+{
+  CAMLparam0 ();
+  CAMLlocal3 (v, tlv, rv);
+  size_t i;
+
+  /* We need to build the list backwards so start at the end. */
+  for (i = 0; strs[i] != NULL; ++i)
+    ;
+
+  while (i > 0) {
+    --i;
+    v = caml_copy_string (strs[i]);
+    rv = caml_alloc (2, 0);
+    Store_field (rv, 0, v);
+    Store_field (rv, 1, tlv);
+    tlv = rv;
+  }
+
+  CAMLreturn (rv);
+}
+
+ /* Implement RStringList. */
+ char **
+ guestfs_int_daemon_return_string_list (value retv)
+diff --git a/daemon/daemon-c.h b/daemon/daemon-c.h
+index 9b7085bce..b06efc0cf 100644
+--- a/daemon/daemon-c.h
+++ b/daemon/daemon-c.h
+@@ -29,6 +29,7 @@
+ 
+ extern void guestfs_int_daemon_exn_to_reply_with_error (const char *func, value exn);
+ extern value guestfs_int_daemon_copy_mountable (const mountable_t *mountable);
+extern value guestfs_int_daemon_copy_string_list (char * const *strs);
+ extern char **guestfs_int_daemon_return_string_list (value retv);
+ extern char *guestfs_int_daemon_return_string_mountable (value retv);
+ extern char **guestfs_int_daemon_return_string_mountable_list (value retv);
+diff --git a/generator/daemon.ml b/generator/daemon.ml
+index 6221531d2..2b74f3059 100644
+--- a/generator/daemon.ml
+++ b/generator/daemon.ml
+@@ -558,7 +558,7 @@ and generate_ocaml_daemon_prototype name (ret, args, optargs) =
+     | OInt n -> pr "?%s:int -> " n
+     | OInt64 n -> pr "?%s:int64 -> " n
+     | OString n -> pr "?%s:string -> " n
+-    | OStringList n -> pr "?%s:string array -> " n
+    | OStringList n -> pr "?%s:string list -> " n
+   ) optargs;
+   if args <> [] then
+     List.iter (
+@@ -566,7 +566,7 @@ and generate_ocaml_daemon_prototype name (ret, args, optargs) =
+       | String (typ, _) -> pr "%s -> " (type_for_stringt typ)
+       | BufferIn _ -> pr "string -> "
+       | OptString _ -> pr "string option -> "
+-      | StringList (typ, _) -> pr "%s array -> " (type_for_stringt typ)
+      | StringList (typ, _) -> pr "%s list -> " (type_for_stringt typ)
+       | Bool _ -> pr "bool -> "
+       | Int _ -> pr "int -> "
+       | Int64 _ | Pointer _ -> pr "int64 -> "
+@@ -820,6 +820,8 @@ let generate_daemon_caml_stubs () =
+               pr "guestfs_int_daemon_copy_mountable (%s)" n
+            | String _ -> assert false
+            | OptString _ -> assert false
+           | StringList ((PlainString|Filename|Pathname), n) ->
+              pr "guestfs_int_daemon_copy_string_list (%s)" n
+            | StringList _ -> assert false
+            | BufferIn _ -> assert false
+            | Pointer _ -> assert false
+-- 
+2.47.3
+
--- a/0012-generator-Allow-StringList-Pathname-parameters.patch
+++ b/0012-generator-Allow-StringList-Pathname-parameters.patch
@ -0,0 +1,83 @@
+From e4d9ee3fbc58c5993db0c75c647fdf904c520918 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Tue, 12 Aug 2025 14:04:42 +0100
+Subject: [PATCH] generator: Allow StringList(Pathname) parameters
+
+This was previously not implemented.  It just requires us to call
+ABS_PATH on each parameter.  ABS_PATH checks the parameter is an
+absolute path.
+---
+ generator/checks.ml |  1 -
+ generator/daemon.ml | 16 ++++++++++++----
+ 2 files changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/generator/checks.ml b/generator/checks.ml
+index d64d49d66..4207c0677 100644
+--- a/generator/checks.ml
+++ b/generator/checks.ml
+@@ -166,7 +166,6 @@ let () =
+         | StringList (FileIn, _)
+         | StringList (FileOut, _)
+         | StringList (Mountable, _)
+-        | StringList (Pathname, _)
+         | StringList (Dev_or_Path, _)
+         | StringList (Mountable_or_Path, _)
+         | StringList (Key, _)
+diff --git a/generator/daemon.ml b/generator/daemon.ml
+index 2b74f3059..6197288df 100644
+--- a/generator/daemon.ml
+++ b/generator/daemon.ml
+@@ -173,7 +173,7 @@ let generate_daemon_stubs actions () =
+           | String ((Mountable|Mountable_or_Path), n) ->
+             pr "  CLEANUP_FREE_MOUNTABLE mountable_t %s\n" n;
+             pr "      = { .device = NULL, .volume = NULL };\n"
+-          | StringList ((PlainString|Filename), n) ->
+          | StringList ((PlainString|Filename|Pathname), n) ->
+             pr "  char **%s;\n" n
+           | StringList (Device, n) ->
+             pr "  CLEANUP_FREE_STRING_LIST char **%s = NULL;\n" n
+@@ -184,7 +184,7 @@ let generate_daemon_stubs actions () =
+               pr "  const char *%s;\n" n;
+               pr "  size_t %s_size;\n" n
+           | String ((FileIn|FileOut|Filename), _)
+-          | StringList ((Mountable|Pathname|FileIn|FileOut|Key|GUID
+          | StringList ((Mountable|FileIn|FileOut|Key|GUID
+                          |Dev_or_Path|Mountable_or_Path), _)
+           | Pointer _ -> assert false
+         ) args_passed_to_daemon
+@@ -260,7 +260,7 @@ let generate_daemon_stubs actions () =
+                 n n is_filein;
+           | String ((PlainString|Key|GUID), n) -> pr_args n
+           | OptString n -> pr "  %s = args.%s ? *args.%s : NULL;\n" n n n
+-          | StringList ((PlainString|Filename) as arg, n) ->
+          | StringList ((PlainString|Filename|Pathname) as arg, n) ->
+             (match arg with
+             | Filename ->
+               pr "  {\n";
+@@ -275,6 +275,14 @@ let generate_daemon_stubs actions () =
+               pr "      }\n";
+               pr "    }\n";
+               pr "  }\n"
+            | Pathname ->
+              pr "  {\n";
+              pr "    size_t i;\n";
+              pr "    for (i = 0; i < args.%s.%s_len; ++i) {\n" n n;
+              pr "      ABS_PATH (args.%s.%s_val[i], %b, return);\n"
+                n n is_filein;
+              pr "    }\n";
+              pr "  }\n"
+             | _ -> ()
+             );
+             pr "  /* Ugly, but safe and avoids copying the strings. */\n";
+@@ -307,7 +315,7 @@ let generate_daemon_stubs actions () =
+               pr "  %s = args.%s.%s_val;\n" n n n;
+               pr "  %s_size = args.%s.%s_len;\n" n n n
+           | String ((FileIn|FileOut|Filename), _)
+-          | StringList ((Mountable|Pathname|FileIn|FileOut|Key|GUID
+          | StringList ((Mountable|FileIn|FileOut|Key|GUID
+                          |Dev_or_Path|Mountable_or_Path), _)
+           | Pointer _ -> assert false
+         ) args_passed_to_daemon;
+-- 
+2.47.3
+
--- a/0013-daemon-Deprecate-guestfs_selinux_relabel-replace-wit.patch
+++ b/0013-daemon-Deprecate-guestfs_selinux_relabel-replace-wit.patch
@ -0,0 +1,311 @@
+From 1c0b56158aa63359d1e53f7a31b483194f235a34 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Tue, 12 Aug 2025 13:27:32 +0100
+Subject: [PATCH] daemon: Deprecate guestfs_selinux_relabel, replace with
+ guestfs_setfiles
+
+The guestfs_selinux_relabel function was very hard to use.  In
+particular it didn't just do an SELinux relabel as you might expect.
+Instead you have to write a whole bunch of code around it (example[1])
+to make it useful.
+
+Another problem is that it doesn't let you pass multiple paths to the
+setfiles command, but the command itself does permit that (and, as it
+turns out, will require it).  There is no backwards compatible way to
+extend the existing definition to allow a list parameter without
+breaking API.
+
+So deprecate guestfs_selinux_relabel.  Reimplement it as
+guestfs_setfiles.  The new function is basically the same as the old
+one, but allows you to pass a list of paths.  The old function calls
+the new function with a single path parameter.
+
+[1] https://github.com/libguestfs/libguestfs-common/blob/master/mlcustomize/SELinux_relabel.ml
+---
+ daemon/selinux.ml                    | 117 ++++++++++++++-------------
+ generator/actions_core.ml            |  49 +++++------
+ generator/actions_core_deprecated.ml |  24 ++++++
+ generator/proc_nr.ml                 |   1 +
+ gobject/Makefile.inc                 |   2 +
+ lib/MAX_PROC_NR                      |   2 +-
+ tests/relabel/test-relabel.pl        |   2 +-
+ 7 files changed, 117 insertions(+), 80 deletions(-)
+
+diff --git a/daemon/selinux.ml b/daemon/selinux.ml
+index d954fdead..db0d71455 100644
+--- a/daemon/selinux.ml
+++ b/daemon/selinux.ml
+@@ -44,58 +44,65 @@ let setfiles_has_option_m,
+   (fun () -> Lazy.force setfiles_has_option_C),
+   (fun () -> Lazy.force setfiles_has_option_T)
+ 
+-let selinux_relabel ?(force = false) specfile path =
+-  (* Prefix /sysroot on all paths. *)
+-  let ignored_paths =
+-    [ "/dev"; "/proc"; "/selinux"; "/sys" ] |>
+-    List.map sysroot_path in
+-  let specfile = sysroot_path specfile in
+-  let path = sysroot_path path in
+-
+-  let args = ref [] in
+-  if force then List.push_back args "-F";
+-  List.iter (
+-    fun ignored_path ->
+-      List.push_back_list args [ "-e"; ignored_path ]
+-  ) ignored_paths;
+-
+-  (* You have to use the -m option (where available) otherwise
+-   * setfiles puts all the mountpoints on the excludes list for no
+-   * useful reason (RHBZ#1433577).
+-   *)
+-  if setfiles_has_option_m () then List.push_back args "-m";
+-
+-  (* Not only do we want setfiles to trudge through individual relabeling
+-   * errors, we also want the setfiles exit status to differentiate a fatal
+-   * error from "relabeling errors only". See RHBZ#1794518.
+-   *)
+-  if setfiles_has_option_C () then List.push_back args "-C";
+-
+-  (* If the appliance is being run with multiple vCPUs, running setfiles
+-   * in multithreading mode might speeds up the process.  Option "-T" was
+-   * introduced in SELinux userspace v3.4, and we need to check whether it's
+-   * supported.  Passing "-T 0" creates as many threads as there're available
+-   * vCPU cores.
+-   * https://github.com/SELinuxProject/selinux/releases/tag/3.4
+-   *)
+-  if setfiles_has_option_T () then
+-    List.push_back_list args [ "-T"; "0" ];
+-
+-  (* Relabelling in a chroot. *)
+-  if sysroot () <> "/" then
+-    List.push_back_list args [ "-r"; sysroot () ];
+-
+-  if verbose () then
+-    List.push_back args "-v"
+-  else
+-    (* Suppress non-error output. *)
+-    List.push_back args "-q";
+-
+-  (* Add parameters. *)
+-  List.push_back_list args [ specfile; path ];
+-
+-  let args = !args in
+-  let r, _, err = commandr "setfiles" args in
+-
+-  let ok = r = 0 || r = 1 && setfiles_has_option_C () in
+-  if not ok then failwithf "setfiles: %s" err
+let setfiles ?(force = false) specfile paths =
+  if paths = [] then ()
+  else (
+    (* Prefix /sysroot on all paths. *)
+    let ignored_paths =
+      [ "/dev"; "/proc"; "/selinux"; "/sys" ] |>
+      List.map sysroot_path in
+    let specfile = sysroot_path specfile in
+    let paths = List.map sysroot_path paths in
+
+    let args = ref [] in
+    if force then List.push_back args "-F";
+    List.iter (
+      fun ignored_path ->
+        List.push_back_list args [ "-e"; ignored_path ]
+    ) ignored_paths;
+
+    (* You have to use the -m option (where available) otherwise
+     * setfiles puts all the mountpoints on the excludes list for no
+     * useful reason (RHBZ#1433577).
+     *)
+    if setfiles_has_option_m () then List.push_back args "-m";
+
+    (* Not only do we want setfiles to trudge through individual relabeling
+     * errors, we also want the setfiles exit status to differentiate a fatal
+     * error from "relabeling errors only". See RHBZ#1794518.
+     *)
+    if setfiles_has_option_C () then List.push_back args "-C";
+
+    (* If the appliance is being run with multiple vCPUs, running setfiles
+     * in multithreading mode might speeds up the process.  Option "-T" was
+     * introduced in SELinux userspace v3.4, and we need to check whether it's
+     * supported.  Passing "-T 0" creates as many threads as there're available
+     * vCPU cores.
+     * https://github.com/SELinuxProject/selinux/releases/tag/3.4
+     *)
+    if setfiles_has_option_T () then
+      List.push_back_list args [ "-T"; "0" ];
+
+    (* Relabelling in a chroot. *)
+    if sysroot () <> "/" then
+      List.push_back_list args [ "-r"; sysroot () ];
+
+    if verbose () then
+      List.push_back args "-v"
+    else
+      (* Suppress non-error output. *)
+      List.push_back args "-q";
+
+    (* Add parameters. *)
+    List.push_back args specfile;
+    List.push_back_list args paths;
+
+    let args = !args in
+    let r, _, err = commandr "setfiles" args in
+
+    let ok = r = 0 || r = 1 && setfiles_has_option_C () in
+    if not ok then failwithf "setfiles: %s" err
+  )
+
+(* This is the deprecated selinux_relabel function from libguestfs <= 1.56. *)
+let selinux_relabel ?force specfile path = setfiles ?force specfile [path]
+diff --git a/generator/actions_core.ml b/generator/actions_core.ml
+index 128cbe0e9..60d3140ed 100644
+--- a/generator/actions_core.ml
+++ b/generator/actions_core.ml
+@@ -9356,29 +9356,6 @@ Show all the devices where the filesystems in C<device> is spanned over.
+ If not all the devices for the filesystems are present, then this function
+ fails and the C<errno> is set to C<ENODEV>." };
+ 
+-  { defaults with
+-    name = "selinux_relabel"; added = (1, 33, 43);
+-    style = RErr, [String (PlainString, "specfile"); String (Pathname, "path")], [OBool "force"];
+-    impl = OCaml "Selinux.selinux_relabel";
+-    optional = Some "selinuxrelabel";
+-    test_excuse = "tests are in the tests/relabel directory";
+-    shortdesc = "relabel parts of the filesystem";
+-    longdesc = "\
+-SELinux relabel parts of the filesystem.
+-
+-The C<specfile> parameter controls the policy spec file used.
+-You have to parse C</etc/selinux/config> to find the correct
+-SELinux policy and then pass the spec file, usually:
+-C</etc/selinux/> + I<selinuxtype> + C</contexts/files/file_contexts>.
+-
+-The required C<path> parameter is the top level directory where
+-relabelling starts.  Normally you should pass C<path> as C</>
+-to relabel the whole guest filesystem.
+-
+-The optional C<force> boolean controls whether the context
+-is reset for customizable files, and also whether the
+-user, role and range parts of the file context is changed." };
+-
+   { defaults with
+     name = "mksquashfs"; added = (1, 35, 25);
+     style = RErr, [String (Pathname, "path"); String (FileOut, "filename")], [OString "compress"; OStringList "excludes"];
+@@ -9820,4 +9797,30 @@ them visible.
+ 
+ Use C<guestfs_list_dm_devices> to list all device mapper devices." };
+ 
+  { defaults with
+    name = "setfiles"; added = (1, 57, 1);
+    style = RErr, [String (PlainString, "specfile"); StringList (Pathname, "paths")], [OBool "force"];
+    impl = OCaml "Selinux.setfiles";
+    optional = Some "selinuxrelabel";
+    test_excuse = "tests are in the tests/relabel directory";
+    shortdesc = "low level relabel parts of the filesystem";
+    longdesc = "\
+This invokes the SELinux C<setfiles> command which is a low
+level tool used to relabel parts of the filesystem.
+
+The C<specfile> parameter controls the policy spec file used.
+You have to parse C</etc/selinux/config> to find the correct
+SELinux policy and then pass the spec file, usually:
+C</etc/selinux/> + I<selinuxtype> + C</contexts/files/file_contexts>.
+
+The required C<paths> parameter is the list of top level directories
+where relabelling starts.  C<setfiles> will only relabel up to
+filesystem boundaries so, for example, passing just C<\"/\"> will
+relabel the whole root filesystem, but no other mounted filesystems.
+If the list is empty, setfiles is not called.
+
+The optional C<force> boolean controls whether the context
+is reset for customizable files, and also whether the
+user, role and range parts of the file context is changed." };
+
+ ]
+diff --git a/generator/actions_core_deprecated.ml b/generator/actions_core_deprecated.ml
+index 9d4b29f9d..2b1f5cdb4 100644
+--- a/generator/actions_core_deprecated.ml
+++ b/generator/actions_core_deprecated.ml
+@@ -942,4 +942,28 @@ This call does nothing and returns an error." };
+ Used to check a btrfs filesystem, C<device> is the device file where the
+ filesystem is stored." };
+ 
+  { defaults with
+    name = "selinux_relabel"; added = (1, 33, 43);
+    style = RErr, [String (PlainString, "specfile"); String (Pathname, "path")], [OBool "force"];
+    impl = OCaml "Selinux.selinux_relabel";
+    optional = Some "selinuxrelabel";
+    deprecated_by = Replaced_by "setfiles";
+    test_excuse = "tests are in the tests/relabel directory";
+    shortdesc = "relabel parts of the filesystem";
+    longdesc = "\
+SELinux relabel parts of the filesystem.
+
+The C<specfile> parameter controls the policy spec file used.
+You have to parse C</etc/selinux/config> to find the correct
+SELinux policy and then pass the spec file, usually:
+C</etc/selinux/> + I<selinuxtype> + C</contexts/files/file_contexts>.
+
+The required C<path> parameter is the top level directory where
+relabelling starts.  Normally you should pass C<path> as C</>
+to relabel the whole guest filesystem.
+
+The optional C<force> boolean controls whether the context
+is reset for customizable files, and also whether the
+user, role and range parts of the file context is changed." };
+
+ ]
+diff --git a/generator/proc_nr.ml b/generator/proc_nr.ml
+index 63cd72a3c..42624afef 100644
+--- a/generator/proc_nr.ml
+++ b/generator/proc_nr.ml
+@@ -521,6 +521,7 @@ let proc_nr = [
+ 516, "command_out";
+ 517, "sh_out";
+ 518, "btrfs_scrub_full";
+519, "setfiles";
+ ]
+ 
+ (* End of list.  If adding a new entry, add it at the end of the list
+diff --git a/gobject/Makefile.inc b/gobject/Makefile.inc
+index b54245977..b828113c6 100644
+--- a/gobject/Makefile.inc
+++ b/gobject/Makefile.inc
+@@ -106,6 +106,7 @@ guestfs_gobject_headers= \
+   include/guestfs-gobject/optargs-rsync_out.h \
+   include/guestfs-gobject/optargs-selinux_relabel.h \
+   include/guestfs-gobject/optargs-set_e2attrs.h \
+  include/guestfs-gobject/optargs-setfiles.h \
+   include/guestfs-gobject/optargs-syslinux.h \
+   include/guestfs-gobject/optargs-tar_in.h \
+   include/guestfs-gobject/optargs-tar_out.h \
+@@ -201,6 +202,7 @@ guestfs_gobject_sources= \
+   src/optargs-rsync_out.c \
+   src/optargs-selinux_relabel.c \
+   src/optargs-set_e2attrs.c \
+  src/optargs-setfiles.c \
+   src/optargs-syslinux.c \
+   src/optargs-tar_in.c \
+   src/optargs-tar_out.c \
+diff --git a/lib/MAX_PROC_NR b/lib/MAX_PROC_NR
+index 9a26b94d0..08f851b6e 100644
+--- a/lib/MAX_PROC_NR
+++ b/lib/MAX_PROC_NR
+@@ -1 +1 @@
+-518
+519
+diff --git a/tests/relabel/test-relabel.pl b/tests/relabel/test-relabel.pl
+index 06fb0840b..4d4f6c7ba 100755
+--- a/tests/relabel/test-relabel.pl
+++ b/tests/relabel/test-relabel.pl
+@@ -87,7 +87,7 @@ $g->write ("/etc/file_contexts", <<'EOF');
+ EOF
+ 
+ # Do the relabel.
+-$g->selinux_relabel ("/etc/file_contexts", "/", force => 1);
+$g->setfiles ("/etc/file_contexts", ["/"], force => 1);
+ 
+ # Check the labels were set correctly.
+ my $errors = 0;
+-- 
+2.47.3
+
--- a/0014-daemon-inspect_fs_windows.ml-Add-debugging-for-MBR-d.patch
+++ b/0014-daemon-inspect_fs_windows.ml-Add-debugging-for-MBR-d.patch
@ -0,0 +1,75 @@
+From b43ca06ea69cebbdd774ed03bc0da63eb3955d66 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Thu, 14 Aug 2025 14:56:47 +0100
+Subject: [PATCH] daemon/inspect_fs_windows.ml: Add debugging for MBR drive
+ mappings
+
+The function 'map_registry_disk_blob_gpt' immediately below this one
+has a debugging statement.  Add the equivalent to the function
+'map_registry_disk_blob_mbr'.
+
+The output looks like:
+
+  map_registry_disk_blob_mbr: searching for MBR disk ID 31 32 33 34
+  map_registry_disk_blob_mbr: searching for MBR partition offset 00 00 00 10 00 00 00 00
+---
+ daemon/inspect_fs_windows.ml | 8 ++++++++
+ daemon/utils.ml              | 4 ++++
+ daemon/utils.mli             | 4 ++++
+ 3 files changed, 16 insertions(+)
+
+diff --git a/daemon/inspect_fs_windows.ml b/daemon/inspect_fs_windows.ml
+index dbaf4c362..5991cdba3 100644
+--- a/daemon/inspect_fs_windows.ml
+++ b/daemon/inspect_fs_windows.ml
+@@ -376,6 +376,10 @@ and map_registry_disk_blob_mbr devices blob =
+      * disk with this disk ID.
+      *)
+     let diskid = String.sub blob 0 4 in
+    if verbose () then
+      eprintf "map_registry_disk_blob_mbr: searching for MBR disk ID %s\n%!"
+        (hex_of_string diskid);
+
+     let device =
+       List.find (
+         fun dev ->
+@@ -388,6 +392,10 @@ and map_registry_disk_blob_mbr devices blob =
+      * partition byte offset from Parted.part_list.
+      *)
+     let offset = String.sub blob 4 8 in
+    if verbose () then
+      eprintf "map_registry_disk_blob_mbr: searching for MBR partition offset \
+               %s\n%!"
+        (hex_of_string offset);
+     let offset = int_of_le64 offset in
+     let partitions = Parted.part_list device in
+     let partition =
+diff --git a/daemon/utils.ml b/daemon/utils.ml
+index 40584c9f1..3aa1d7ed2 100644
+--- a/daemon/utils.ml
+++ b/daemon/utils.ml
+@@ -291,3 +291,7 @@ let parse_key_value_strings ?unquote lines =
+   match unquote with
+   | None -> lines
+   | Some f -> List.map (fun (k, v) -> (k, f v)) lines
+
+let hex_of_string s =
+  let bytes = String.map_chars (fun c -> sprintf "%02x" (Char.code c)) s in
+  String.concat " " bytes
+diff --git a/daemon/utils.mli b/daemon/utils.mli
+index 0f2ae471f..e14735038 100644
+--- a/daemon/utils.mli
+++ b/daemon/utils.mli
+@@ -121,5 +121,9 @@ val parse_key_value_strings : ?unquote:(string -> string) -> string list -> (str
+     it is applied on the values as unquote function.  Empty lines,
+     or that start with a comment character [#], are ignored. *)
+ 
+val hex_of_string : string -> string
+(** Return a string as a list of hex bytes.
+    Use this for debugging msgs only. *)
+
+ (**/**)
+ val get_verbose_flag : unit -> bool
+-- 
+2.47.3
+
--- a/0015-daemon-inspect_fs_windows.ml-Add-debugging-when-we-s.patch
+++ b/0015-daemon-inspect_fs_windows.ml-Add-debugging-when-we-s.patch
@ -0,0 +1,32 @@
+From 7bbadaec5ab9c60bd5ad8e1feee39af9f170b552 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Thu, 14 Aug 2025 14:57:45 +0100
+Subject: [PATCH] daemon/inspect_fs_windows.ml: Add debugging when we start
+ registry analysis
+
+Add some debugging when we begin the process of analyzing the Windows
+registry of a guest.
+---
+ daemon/inspect_fs_windows.ml | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/daemon/inspect_fs_windows.ml b/daemon/inspect_fs_windows.ml
+index 5991cdba3..00acf5196 100644
+--- a/daemon/inspect_fs_windows.ml
+++ b/daemon/inspect_fs_windows.ml
+@@ -207,6 +207,12 @@ and check_windows_registry systemroot data =
+     if Is.is_file system_hive then Some system_hive else None in
+   data.windows_system_hive <- system_hive;
+ 
+  if verbose () then
+    eprintf "check_windows_registry: software hive: %s\n\
+             check_windows_registry: system hive: %s\n%!"
+      (Option.value ~default:"None" software_hive)
+      (Option.value ~default:"None" system_hive);
+
+   match software_hive, system_hive with
+   | None, _ | Some _, None -> ()
+   | Some software_hive, Some system_hive ->
+-- 
+2.47.3
+
--- a/0016-daemon-inspect_fs_windows.ml-Ignore-blank-disks-in-d.patch
+++ b/0016-daemon-inspect_fs_windows.ml-Ignore-blank-disks-in-d.patch
@ -0,0 +1,78 @@
+From 42afed95dc6611dc9585ab23134bdcc39a5b75ec Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Thu, 14 Aug 2025 15:17:59 +0100
+Subject: [PATCH] daemon/inspect_fs_windows.ml: Ignore blank disks in drive
+ mapping
+
+If HKLM\System\MountedDevices references a blank disk, then when we
+try to search for the actual backing device we will get an error from
+parted:
+
+  parted: /dev/sdb: parted exited with status 1: Error: /dev/sdb: unrecognised disk label: Invalid argument
+
+Just ignore these errors instead of failing inspection.
+
+Fixes: https://issues.redhat.com/browse/RHEL-108803
+Reported-by: Ameen Barakat
+Thanks: Ming Xie
+---
+ daemon/inspect_fs_windows.ml | 35 ++++++++++++++++++++++++++---------
+ 1 file changed, 26 insertions(+), 9 deletions(-)
+
+diff --git a/daemon/inspect_fs_windows.ml b/daemon/inspect_fs_windows.ml
+index 00acf5196..ba8ef4ee3 100644
+--- a/daemon/inspect_fs_windows.ml
+++ b/daemon/inspect_fs_windows.ml
+@@ -389,8 +389,18 @@ and map_registry_disk_blob_mbr devices blob =
+     let device =
+       List.find (
+         fun dev ->
+-          Parted.part_get_parttype dev = "msdos" &&
+          try
+            Parted.part_get_parttype dev = "msdos" &&
+             pread dev 4 0x01b8 = diskid
+          with Unix.Unix_error (EINVAL, "parted", msg) ->
+             (* Errors can happen here if the disk is empty.  Just ignore
+              * them.  It means the drive mapping might have missing
+              * entries but that's not important.  (RHEL-108803)
+              *)
+             if verbose () then
+               eprintf "map_registry_disk_blob_mbr: parted returned: \
+                        %s (ignored)\n" msg;
+             false
+       ) devices in
+ 
+     (* Next 8 bytes are the offset of the partition in bytes(!) given as
+@@ -428,14 +438,21 @@ and map_registry_disk_blob_gpt partitions blob =
+     let partition =
+       List.find (
+         fun part ->
+-          let partnum = Devsparts.part_to_partnum part in
+-          let device = Devsparts.part_to_dev part in
+-          let typ = Parted.part_get_parttype device in
+-          if typ <> "gpt" then false
+-          else (
+-            let guid = Sfdisk.part_get_gpt_guid device partnum in
+-            String.lowercase_ascii guid = blob_guid
+-          )
+          try
+            let partnum = Devsparts.part_to_partnum part in
+            let device = Devsparts.part_to_dev part in
+            let typ = Parted.part_get_parttype device in
+            if typ <> "gpt" then false
+            else (
+              let guid = Sfdisk.part_get_gpt_guid device partnum in
+              String.lowercase_ascii guid = blob_guid
+            )
+          with Unix.Unix_error (EINVAL, "parted", msg) ->
+             (* See comment in MBR code above (RHEL-108803) *)
+             if verbose () then
+               eprintf "map_registry_disk_blob_gpt: parted returned: \
+                        %s (ignored)\n" msg;
+             false
+       ) partitions in
+     Some partition
+   with
+-- 
+2.47.3
+
--- a/SOURCES/0003-RHEL-8-Disable-unsupported-remote-drive-protocols-RH.patch
+++ b/SOURCES/0003-RHEL-8-Disable-unsupported-remote-drive-protocols-RH.patch
@ -1,7 +1,7 @@
-From 4dd2f3f56a39411a255ad0a8f38081d46620dbd8 Mon Sep 17 00:00:00 2001
+From d1808ea5eb7ad9c38f5f8c5e90d086886300acd8 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Mon, 29 Jul 2013 14:47:56 +0100
-Subject: [PATCH] RHEL 8: Disable unsupported remote drive protocols
+Subject: [PATCH] RHEL: Disable unsupported remote drive protocols
 (RHBZ#962113).

 This disables support for unsupported remote drive protocols:
@ -10,28 +10,23 @@ This disables support for unsupported remote drive protocols:
 * ftps
 * http
 * https
- * tftp
- * gluster
 * iscsi
- * sheepdog
 * ssh

 Note 'nbd' is not disabled, and of course 'file' works.
-
-We hope to gradually add some of these back over the lifetime of RHEL 8.
 ---
 docs/guestfs-testing.pod               |  20 -----
- fish/guestfish.pod                     |  66 ++--------------
- fish/test-add-uri.sh                   |  32 --------
- generator/actions_core.ml              |  50 +------------
- lib/drives.c                           |   8 ++
- lib/guestfs.pod                        | 100 -------------------------
- tests/disks/test-qemu-drive-libvirt.sh |  28 -------
- tests/disks/test-qemu-drive.sh         |  60 ---------------
- 8 files changed, 16 insertions(+), 348 deletions(-)
+ fish/guestfish.pod                     |  42 ++-------
+ fish/test-add-uri.sh                   |  21 -----
+ generator/actions_core.ml              |  34 +-------
+ lib/drives.c                           | 113 -------------------------
+ lib/guestfs.pod                        |  67 ---------------
+ tests/disks/test-qemu-drive-libvirt.sh |   7 --
+ tests/disks/test-qemu-drive.sh         |  40 ---------
+ 8 files changed, 8 insertions(+), 336 deletions(-)

 diff --git a/docs/guestfs-testing.pod b/docs/guestfs-testing.pod
-index f558964bf..8f264ed17 100644
+index 45ebe2941..a02f766c9 100644
 --- a/docs/guestfs-testing.pod
 +++ b/docs/guestfs-testing.pod
@@ -109,26 +109,6 @@ image.  To exit, type C<exit>.
@ -62,7 +57,7 @@ index f558964bf..8f264ed17 100644
 
 Run L<virt-alignment-scan(1)> on guests or disk images:
 diff --git a/fish/guestfish.pod b/fish/guestfish.pod
-index 9f086f110..bb4167b06 100644
+index ac14ea5a4..8d4d488fc 100644
 --- a/fish/guestfish.pod
 +++ b/fish/guestfish.pod
@@ -131,9 +131,9 @@ To list what is available do:
@ -77,7 +72,7 @@ index 9f086f110..bb4167b06 100644
 
 =head2 Remote control
 
-@@ -1134,12 +1134,12 @@ L<guestfs(3)/REMOTE STORAGE>>.
+@@ -1129,12 +1129,12 @@ L<guestfs(3)/REMOTE STORAGE>>.
 On the command line, you can use the I<-a> option to add network
 block devices using a URI-style format, for example:
 
@ -92,7 +87,7 @@ index 9f086f110..bb4167b06 100644
 
 The possible I<-a URI> formats are described below.
 
-@@ -1149,40 +1149,6 @@ The possible I<-a URI> formats are described below.
+@@ -1144,28 +1144,6 @@ The possible I<-a URI> formats are described below.
 
 Add the local disk image (or device) called F<disk.img>.
 
@ -104,24 +99,12 @@ index 9f086f110..bb4167b06 100644
 -
 -=head2 B<-a https://[user@]example.com[:port]/disk.img>
 -
-=head2 B<-a tftp://[user@]example.com[:port]/disk.img>
-
-Add a disk located on a remote FTP, HTTP or TFTP server.
+-Add a disk located on a remote FTP or HTTP server.
 -
 -The equivalent API command would be:
 -
 - ><fs> add /disk.img protocol:(ftp|...) server:tcp:example.com
 -
-=head2 B<-a gluster://example.com[:port]/volname/image>
-
-Add a disk image located on GlusterFS storage.
-
-The server is the one running C<glusterd>, and may be C<localhost>.
-
-The equivalent API command would be:
-
- ><fs> add volname/image protocol:gluster server:tcp:example.com
-
 -=head2 B<-a iscsi://example.com[:port]/target-iqn-name[/lun]>
 -
 -Add a disk located on an iSCSI server.
@ -133,22 +116,10 @@ index 9f086f110..bb4167b06 100644
 =head2 B<-a nbd://example.com[:port]>
 
 =head2 B<-a nbd://example.com[:port]/exportname>
-@@ -1217,35 +1183,13 @@ The equivalent API command would be:
+@@ -1200,23 +1178,13 @@ The equivalent API command would be:
 
  ><fs> add pool/disk protocol:rbd server:tcp:example.com:port
 
-=head2 B<-a sheepdog://[example.com[:port]]/volume/image>
-
-Add a disk image located on a Sheepdog volume.
-
-The server name is optional.  Although libguestfs and Sheepdog
-supports multiple servers, only at most one server can be specified
-when using this URI syntax.
-
-The equivalent API command would be:
-
- ><fs> add volume protocol:sheepdog [server:tcp:example.com]
-
 -=head2 B<-a ssh://[user@]example.com[:port]/disk.img>
 -
 -Add a disk image located on a remote server, accessed using the Secure
@ -171,35 +142,24 @@ index 9f086f110..bb4167b06 100644
 In this case, the password is C<pass@word>.
 
 diff --git a/fish/test-add-uri.sh b/fish/test-add-uri.sh
-index 21d424984..ddabeb639 100755
+index e4e1021db..8419ce78a 100755
 --- a/fish/test-add-uri.sh
 +++ b/fish/test-add-uri.sh
-@@ -40,14 +40,6 @@ function fail ()
+@@ -40,10 +40,6 @@ function fail ()
 $VG guestfish -x -a file://$abs_builddir/test-add-uri.img </dev/null >test-add-uri.out 2>&1
 grep -sq 'add_drive ".*/test-add-uri.img"' test-add-uri.out || fail
 
 -# curl
 -$VG guestfish -x -a ftp://user@example.com/disk.img </dev/null >test-add-uri.out 2>&1
 -grep -sq 'add_drive "/disk.img" "protocol:ftp" "server:tcp:example.com" "username:user"' test-add-uri.out || fail
-
-# gluster
-$VG guestfish -x -a gluster://example.com/disk </dev/null >test-add-uri.out 2>&1
-grep -sq 'add_drive "disk" "protocol:gluster" "server:tcp:example.com"' test-add-uri.out || fail
 -
 # NBD
 $VG guestfish -x -a nbd://example.com </dev/null >test-add-uri.out 2>&1
 grep -sq 'add_drive "" "protocol:nbd" "server:tcp:example.com"' test-add-uri.out || fail
-@@ -67,29 +59,5 @@ grep -sq 'add_drive "pool/disk" "protocol:rbd" "server:tcp:example.com:6789"' te
+@@ -63,22 +59,5 @@ grep -sq 'add_drive "pool/disk" "protocol:rbd" "server:tcp:example.com:6789"' te
 $VG guestfish -x -a rbd:///pool/disk </dev/null >test-add-uri.out 2>&1
 grep -sq 'add_drive "pool/disk" "protocol:rbd"' test-add-uri.out || fail
 
-# sheepdog
-$VG guestfish -x -a sheepdog:///volume/image </dev/null >test-add-uri.out 2>&1
-grep -sq 'add_drive "volume/image" "protocol:sheepdog"' test-add-uri.out || fail
-
-$VG guestfish -x -a sheepdog://example.com:3000/volume/image </dev/null >test-add-uri.out 2>&1
-grep -sq 'add_drive "volume/image" "protocol:sheepdog" "server:tcp:example.com:3000"' test-add-uri.out || fail
-
 -# ssh
 -$VG guestfish -x -a ssh://example.com/disk.img </dev/null >test-add-uri.out 2>&1
 -grep -sq 'add_drive "/disk.img" "protocol:ssh" "server:tcp:example.com"' test-add-uri.out || fail
@ -220,26 +180,19 @@ index 21d424984..ddabeb639 100755
 rm test-add-uri.out
 rm test-add-uri.img
 diff --git a/generator/actions_core.ml b/generator/actions_core.ml
-index 37476c93e..9f0402510 100644
+index 60d3140ed..d374ffbf8 100644
 --- a/generator/actions_core.ml
 +++ b/generator/actions_core.ml
-@@ -297,29 +297,6 @@ F<filename> is interpreted as a local file or device.
+@@ -350,22 +350,6 @@ F<filename> is interpreted as a local file or device.
 This is the default if the optional protocol parameter
 is omitted.
 
-=item C<protocol = \"ftp\"|\"ftps\"|\"http\"|\"https\"|\"tftp\">
+-=item C<protocol = \"ftp\"|\"ftps\"|\"http\"|\"https\">
 -
-Connect to a remote FTP, HTTP or TFTP server.
+-Connect to a remote FTP or HTTP server.
 -The C<server> parameter must also be supplied - see below.
 -
-See also: L<guestfs(3)/FTP, HTTP AND TFTP>
-
-=item C<protocol = \"gluster\">
-
-Connect to the GlusterFS server.
-The C<server> parameter must also be supplied - see below.
-
-See also: L<guestfs(3)/GLUSTER>
+-See also: L<guestfs(3)/FTP AND HTTP>
 -
 -=item C<protocol = \"iscsi\">
 -
@ -253,17 +206,10 @@ index 37476c93e..9f0402510 100644
 =item C<protocol = \"nbd\">
 
 Connect to the Network Block Device server.
-@@ -336,22 +313,6 @@ The C<secret> parameter may be supplied.  See below.
+@@ -382,15 +366,6 @@ The C<secret> parameter may be supplied.  See below.
 
 See also: L<guestfs(3)/CEPH>.
 
-=item C<protocol = \"sheepdog\">
-
-Connect to the Sheepdog server.
-The C<server> parameter may also be supplied - see below.
-
-See also: L<guestfs(3)/SHEEPDOG>.
-
 -=item C<protocol = \"ssh\">
 -
 -Connect to the Secure Shell (ssh) server.
@ -276,26 +222,24 @@ index 37476c93e..9f0402510 100644
 =back
 
 =item C<server>
-@@ -362,13 +323,8 @@ is a list of server(s).
+@@ -401,11 +376,8 @@ is a list of server(s).
  Protocol       Number of servers required
  --------       --------------------------
  file           List must be empty or param not used at all
- ftp|ftps|http|https|tftp  Exactly one
- gluster        Exactly one
+- ftp|ftps|http|https  Exactly one
 - iscsi          Exactly one
  nbd            Exactly one
  rbd            Zero or more
- sheepdog       Zero or more
 - ssh            Exactly one
 
 Each list element is a string specifying a server.  The string must be
 in one of the following formats:
-@@ -384,10 +340,10 @@ for the protocol is used (see F</etc/services>).
+@@ -421,10 +393,10 @@ for the protocol is used (see F</etc/services>).
 
 =item C<username>
 
-For the C<ftp>, C<ftps>, C<http>, C<https>, C<iscsi>, C<rbd>, C<ssh>
-and C<tftp> protocols, this specifies the remote username.
+-For the C<ftp>, C<ftps>, C<http>, C<https>, C<iscsi>, C<rbd> and C<ssh>
+-protocols, this specifies the remote username.
 +For the C<rbd>
 +protocol, this specifies the remote username.
 
@ -305,85 +249,162 @@ index 37476c93e..9f0402510 100644
 example if using the libvirt backend and if the libvirt backend is configured to
 start the qemu appliance as a special user such as C<qemu.qemu>.  If in doubt,
 diff --git a/lib/drives.c b/lib/drives.c
-index 46af66db4..c81ded5d7 100644
+index c068b8ecb..6e4453ce5 100644
 --- a/lib/drives.c
 +++ b/lib/drives.c
-@@ -168,6 +168,7 @@ create_drive_non_file (guestfs_h *g,
+@@ -166,34 +166,6 @@ create_drive_non_file (guestfs_h *g,
   return drv;
 }
 
-+#if 0 /* DISABLED IN RHEL 8 */
- static struct drive *
- create_drive_curl (guestfs_h *g,
-                    const struct drive_create_data *data)
-@@ -226,6 +227,7 @@ create_drive_gluster (guestfs_h *g,
- 
-   return create_drive_non_file (g, data);
- }
-+#endif /* DISABLED IN RHEL 8 */
- 
+-static struct drive *
+-create_drive_curl (guestfs_h *g,
+-                   const struct drive_create_data *data)
+-{
+-  if (data->nr_servers != 1) {
+-    error (g, _("curl: you must specify exactly one server"));
+-    return NULL;
+-  }
+-
+-  if (data->servers[0].transport != drive_transport_none &&
+-      data->servers[0].transport != drive_transport_tcp) {
+-    error (g, _("curl: only tcp transport is supported"));
+-    return NULL;
+-  }
+-
+-  if (STREQ (data->exportname, "")) {
+-    error (g, _("curl: pathname should not be an empty string"));
+-    return NULL;
+-  }
+-
+-  if (data->exportname[0] != '/') {
+-    error (g, _("curl: pathname must begin with a '/'"));
+-    return NULL;
+-  }
+-
+-  return create_drive_non_file (g, data);
+-}
+-
 static int
 nbd_port (void)
-@@ -294,6 +296,7 @@ create_drive_rbd (guestfs_h *g,
+ {
+@@ -261,67 +233,6 @@ create_drive_rbd (guestfs_h *g,
   return create_drive_non_file (g, data);
 }
 
-+#if 0 /* DISABLED IN RHEL 8 */
- static struct drive *
- create_drive_sheepdog (guestfs_h *g,
-                        const struct drive_create_data *data)
-@@ -394,6 +397,7 @@ create_drive_iscsi (guestfs_h *g,
- 
-   return create_drive_non_file (g, data);
- }
-+#endif /* DISABLED IN RHEL 8 */
- 
+-static struct drive *
+-create_drive_ssh (guestfs_h *g,
+-                  const struct drive_create_data *data)
+-{
+-  if (data->nr_servers != 1) {
+-    error (g, _("ssh: you must specify exactly one server"));
+-    return NULL;
+-  }
+-
+-  if (data->servers[0].transport != drive_transport_none &&
+-      data->servers[0].transport != drive_transport_tcp) {
+-    error (g, _("ssh: only tcp transport is supported"));
+-    return NULL;
+-  }
+-
+-  if (STREQ (data->exportname, "")) {
+-    error (g, _("ssh: pathname should not be an empty string"));
+-    return NULL;
+-  }
+-
+-  if (data->exportname[0] != '/') {
+-    error (g, _("ssh: pathname must begin with a '/'"));
+-    return NULL;
+-  }
+-
+-  if (data->username && STREQ (data->username, "")) {
+-    error (g, _("ssh: username should not be an empty string"));
+-    return NULL;
+-  }
+-
+-  return create_drive_non_file (g, data);
+-}
+-
+-static struct drive *
+-create_drive_iscsi (guestfs_h *g,
+-                    const struct drive_create_data *data)
+-{
+-  if (data->nr_servers != 1) {
+-    error (g, _("iscsi: you must specify exactly one server"));
+-    return NULL;
+-  }
+-
+-  if (data->servers[0].transport != drive_transport_none &&
+-      data->servers[0].transport != drive_transport_tcp) {
+-    error (g, _("iscsi: only tcp transport is supported"));
+-    return NULL;
+-  }
+-
+-  if (STREQ (data->exportname, "")) {
+-    error (g, _("iscsi: target name should not be an empty string"));
+-    return NULL;
+-  }
+-
+-  if (data->exportname[0] == '/') {
+-    error (g, _("iscsi: target string must not begin with a '/'"));
+-    return NULL;
+-  }
+-
+-  return create_drive_non_file (g, data);
+-}
+-
 /**
  * Create the special F</dev/null> drive.
-@@ -856,6 +860,7 @@ guestfs_impl_add_drive_opts (guestfs_h *g, const char *filename,
+  *
+@@ -768,26 +679,6 @@ guestfs_impl_add_drive_opts (guestfs_h *g, const char *filename,
       drv = create_drive_file (g, &data);
     }
   }
-+#if 0 /* DISABLED IN RHEL 8 */
-   else if (STREQ (protocol, "ftp")) {
-     data.protocol = drive_protocol_ftp;
-     drv = create_drive_curl (g, &data);
-@@ -880,6 +885,7 @@ guestfs_impl_add_drive_opts (guestfs_h *g, const char *filename,
-     data.protocol = drive_protocol_iscsi;
-     drv = create_drive_iscsi (g, &data);
-   }
-+#endif /* DISABLED IN RHEL 8 */
+-  else if (STREQ (protocol, "ftp")) {
+-    data.protocol = drive_protocol_ftp;
+-    drv = create_drive_curl (g, &data);
+-  }
+-  else if (STREQ (protocol, "ftps")) {
+-    data.protocol = drive_protocol_ftps;
+-    drv = create_drive_curl (g, &data);
+-  }
+-  else if (STREQ (protocol, "http")) {
+-    data.protocol = drive_protocol_http;
+-    drv = create_drive_curl (g, &data);
+-  }
+-  else if (STREQ (protocol, "https")) {
+-    data.protocol = drive_protocol_https;
+-    drv = create_drive_curl (g, &data);
+-  }
+-  else if (STREQ (protocol, "iscsi")) {
+-    data.protocol = drive_protocol_iscsi;
+-    drv = create_drive_iscsi (g, &data);
+-  }
   else if (STREQ (protocol, "nbd")) {
     data.protocol = drive_protocol_nbd;
     drv = create_drive_nbd (g, &data);
-@@ -888,6 +894,7 @@ guestfs_impl_add_drive_opts (guestfs_h *g, const char *filename,
+@@ -796,10 +687,6 @@ guestfs_impl_add_drive_opts (guestfs_h *g, const char *filename,
     data.protocol = drive_protocol_rbd;
     drv = create_drive_rbd (g, &data);
   }
-+#if 0 /* DISABLED IN RHEL 8 */
-   else if (STREQ (protocol, "sheepdog")) {
-     data.protocol = drive_protocol_sheepdog;
-     drv = create_drive_sheepdog (g, &data);
-@@ -900,6 +907,7 @@ guestfs_impl_add_drive_opts (guestfs_h *g, const char *filename,
-     data.protocol = drive_protocol_tftp;
-     drv = create_drive_curl (g, &data);
-   }
-+#endif /* DISABLED IN RHEL 8 */
+-  else if (STREQ (protocol, "ssh")) {
+-    data.protocol = drive_protocol_ssh;
+-    drv = create_drive_ssh (g, &data);
+-  }
   else {
     error (g, _("unknown protocol ‘%s’"), protocol);
     drv = NULL; /*FALLTHROUGH*/
 diff --git a/lib/guestfs.pod b/lib/guestfs.pod
-index bce9eb79f..2bb13b875 100644
+index 505978aa1..07737c839 100644
 --- a/lib/guestfs.pod
 +++ b/lib/guestfs.pod
-@@ -715,70 +715,6 @@ servers.  The server string is documented in
- L</guestfs_add_drive_opts>. The C<username> and C<secret> parameters are
- also optional, and if not given, then no authentication will be used.
+@@ -723,51 +723,6 @@ a qcow2 backing file specification, libvirt does not construct an
+ ephemeral secret object from those, for Ceph authentication.  Refer to
+ L<https://bugzilla.redhat.com/2033247>.
 
-=head3 FTP, HTTP AND TFTP
+-=head3 FTP AND HTTP
 -
-Libguestfs can access remote disks over FTP, FTPS, HTTP, HTTPS
-or TFTP protocols.
+-Libguestfs can access remote disks over FTP, FTPS, HTTP or HTTPS
+-protocols.
 -
 -To do this, set the optional C<protocol> and C<server> parameters of
 -L</guestfs_add_drive_opts> like this:
@ -396,35 +417,16 @@ index bce9eb79f..2bb13b875 100644
 -                         -1);
 -
 -The C<protocol> can be one of C<"ftp">, C<"ftps">, C<"http">,
-C<"https"> or C<"tftp">.
+-or C<"https">.
 -
 -C<servers> (the C<server> parameter) is a list which must have a
-single element.  The single element is a string defining the web,
-FTP or TFTP server.  The format of this string is documented in
+-single element.  The single element is a string defining the web
+-or FTP server.  The format of this string is documented in
 -L</guestfs_add_drive_opts>.
 -
 -=head3 GLUSTER
 -
-Libguestfs can access Gluster disks.
-
-To do this, set the optional C<protocol> and C<server> parameters of
-L</guestfs_add_drive_opts> like this:
-
- char **servers = { "gluster.example.org:24007", NULL };
- guestfs_add_drive_opts (g, "volname/image",
-                         GUESTFS_ADD_DRIVE_OPTS_FORMAT, "raw",
-                         GUESTFS_ADD_DRIVE_OPTS_PROTOCOL, "gluster",
-                         GUESTFS_ADD_DRIVE_OPTS_SERVER, servers,
-                         -1);
-
-C<servers> (the C<server> parameter) is a list which must have a
-single element.  The single element is a string defining the Gluster
-server.  The format of this string is documented in
-L</guestfs_add_drive_opts>.
-
-Note that gluster usually requires the client process (ie. libguestfs)
-to run as B<root> and will give unfathomable errors if it is not
-(eg. "No data available").
+-Glusterfs support was removed in libguestfs 1.54 (2024).
 -
 -=head3 ISCSI
 -
@ -447,27 +449,13 @@ index bce9eb79f..2bb13b875 100644
 =head3 NETWORK BLOCK DEVICE
 
 Libguestfs can access Network Block Device (NBD) disks remotely.
-@@ -841,42 +777,6 @@ L<https://bugs.launchpad.net/qemu/+bug/1155677>
+@@ -830,28 +785,6 @@ L<https://bugs.launchpad.net/qemu/+bug/1155677>
 
 =back
 
 -=head3 SHEEPDOG
 -
-Libguestfs can access Sheepdog disks.
-
-To do this, set the optional C<protocol> and C<server> parameters of
-L</guestfs_add_drive_opts> like this:
-
- char **servers = { /* optional servers ... */ NULL };
- guestfs_add_drive_opts (g, "volume",
-                         GUESTFS_ADD_DRIVE_OPTS_FORMAT, "raw",
-                         GUESTFS_ADD_DRIVE_OPTS_PROTOCOL, "sheepdog",
-                         GUESTFS_ADD_DRIVE_OPTS_SERVER, servers,
-                         -1);
-
-The optional list of C<servers> may be zero or more server addresses
-(C<"hostname:port">).  The format of the server strings is documented
-in L</guestfs_add_drive_opts>.
+-Sheepdog support was removed in libguestfs 1.54 (2024).
 -
 -=head3 SSH
 -
@ -491,20 +479,13 @@ index bce9eb79f..2bb13b875 100644
 
 Libguestfs has APIs for inspecting an unknown disk image to find out
 diff --git a/tests/disks/test-qemu-drive-libvirt.sh b/tests/disks/test-qemu-drive-libvirt.sh
-index 3c5aa592e..f73827bd6 100755
+index 485d75718..e917cd1a6 100755
 --- a/tests/disks/test-qemu-drive-libvirt.sh
 +++ b/tests/disks/test-qemu-drive-libvirt.sh
-@@ -64,34 +64,6 @@ check_output
+@@ -65,13 +65,6 @@ check_output
 grep -sq -- '-drive file=rbd:abc-def/ghi-jkl:auth_supported=none,' "$DEBUG_QEMU_FILE" || fail ceph2
 rm "$DEBUG_QEMU_FILE"
 
-# Gluster.
-
-$guestfish -d gluster run ||:
-check_output
-grep -sq -- '-drive file=gluster://1.2.3.4:1234/volname/image,' "$DEBUG_QEMU_FILE" || fail gluster
-rm "$DEBUG_QEMU_FILE"
-
 -# iSCSI.
 -
 -$guestfish -d iscsi run ||:
@ -512,28 +493,14 @@ index 3c5aa592e..f73827bd6 100755
 -grep -sq -- '-drive file=iscsi://1.2.3.4:1234/iqn.2003-01.org.linux-iscsi.fedora' "$DEBUG_QEMU_FILE" || fail iscsi
 -rm "$DEBUG_QEMU_FILE"
 -
-# NBD.
-
-$guestfish -d nbd run ||:
-check_output
-grep -sq -- '-drive file=nbd:1.2.3.4:1234,' "$DEBUG_QEMU_FILE" || fail nbd
-rm "$DEBUG_QEMU_FILE"
-
-# Sheepdog.
-
-$guestfish -d sheepdog run ||:
-check_output
-grep -sq -- '-drive file=sheepdog:volume,' "$DEBUG_QEMU_FILE" || fail sheepdog
-rm "$DEBUG_QEMU_FILE"
-
- # Local, stored in a pool.
+ # NBD.
 
- $guestfish -d pool1 run ||:
+ $guestfish -d nbd run ||:
 diff --git a/tests/disks/test-qemu-drive.sh b/tests/disks/test-qemu-drive.sh
-index 19dd60a2f..583e031bd 100755
+index d6ce0f07f..153b9c8cc 100755
 --- a/tests/disks/test-qemu-drive.sh
 +++ b/tests/disks/test-qemu-drive.sh
-@@ -62,45 +62,6 @@ check_output
+@@ -63,35 +63,6 @@ check_output
 grep -sq -- '-drive file=rbd:abc-def/ghi-jkl:auth_supported=none,' "$DEBUG_QEMU_FILE" || fail
 rm "$DEBUG_QEMU_FILE"
 
@ -547,16 +514,6 @@ index 19dd60a2f..583e031bd 100755
 -grep -sq -- '-drive file=http://www.example.com/disk.img,' "$DEBUG_QEMU_FILE" || fail
 -rm "$DEBUG_QEMU_FILE"
 -
-# Gluster.
-
-guestfish <<EOF ||:
-  add "volname/image" "format:raw" "protocol:gluster" "server:www.example.com:24007"
-  run
-EOF
-check_output
-grep -sq -- '-drive file=gluster://www.example.com:24007/volname/image,' "$DEBUG_QEMU_FILE" || fail
-rm "$DEBUG_QEMU_FILE"
-
 -# iSCSI.
 -
 -guestfish <<EOF ||:
@ -579,21 +536,11 @@ index 19dd60a2f..583e031bd 100755
 # NBD.
 
 guestfish <<EOF ||:
-@@ -118,24 +79,3 @@ EOF
+@@ -109,14 +80,3 @@ EOF
 check_output
 grep -sq -- '-drive file=nbd:unix:/socket,' "$DEBUG_QEMU_FILE" || fail
 rm "$DEBUG_QEMU_FILE"
 -
-# Sheepdog.
-
-guestfish <<EOF ||:
-  add "volume" "format:raw" "protocol:sheepdog"
-  run
-EOF
-check_output
-grep -sq -- '-drive file=sheepdog:volume,' "$DEBUG_QEMU_FILE" || fail
-rm "$DEBUG_QEMU_FILE"
-
 -# SSH.
 -
 -guestfish <<EOF ||:
@ -605,5 +552,5 @@ index 19dd60a2f..583e031bd 100755
 -grep -sq -- '-drive file=ssh://rich@example.com/disk.img,' "$DEBUG_QEMU_FILE" || fail
 -rm "$DEBUG_QEMU_FILE"
 -- 
-2.31.1
+2.47.3

--- a/SOURCES/0005-RHEL-8-Reject-use-of-libguestfs-winsupport-features-.patch
+++ b/SOURCES/0005-RHEL-8-Reject-use-of-libguestfs-winsupport-features-.patch
@ -1,8 +1,8 @@
-From cb2ac63562447e2780bd7103ed060fd6013b9054 Mon Sep 17 00:00:00 2001
+From f8e4c310bb580e576d4962c395a99278e039fdf4 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Tue, 7 Jul 2015 09:28:03 -0400
-Subject: [PATCH] RHEL 8: Reject use of libguestfs-winsupport features except
- for virt-* tools (RHBZ#1240276).
+Subject: [PATCH] RHEL: Reject use of libguestfs-winsupport features except for
+ virt-* tools (RHBZ#1240276).

 Fix the tests: it doesn't let us use guestfish for arbitrary Windows
 edits.
@ -13,14 +13,14 @@ edits.
 3 files changed, 19 insertions(+)

 diff --git a/generator/c.ml b/generator/c.ml
-index 86d3b26f8..a625361a9 100644
+index c6e5dd994..b6cc0da20 100644
 --- a/generator/c.ml
 +++ b/generator/c.ml
-@@ -1846,6 +1846,22 @@ and generate_client_actions actions () =
+@@ -1834,6 +1834,22 @@ and generate_client_actions actions () =
     check_args_validity c_name style;
     trace_call name c_name style;
 
-+    (* RHEL 8 *)
+    (* RHEL *)
 +    if name = "mount" || name = "mount_ro" || name = "mount_options" ||
 +       name = "mount_vfs" then (
 +      pr "  if (g->program && !STRPREFIX (g->program, \"virt-\")) {\n";
@ -40,7 +40,7 @@ index 86d3b26f8..a625361a9 100644
      * as a progress bar hint.
      *)
 diff --git a/test-data/phony-guests/make-windows-img.sh b/test-data/phony-guests/make-windows-img.sh
-index 30908a918..73cf5144e 100755
+index 0ec6b4851..9fa29f98b 100755
 --- a/test-data/phony-guests/make-windows-img.sh
 +++ b/test-data/phony-guests/make-windows-img.sh
@@ -37,6 +37,7 @@ fi
@ -52,10 +52,10 @@ index 30908a918..73cf5144e 100755
 run
 
 diff --git a/tests/charsets/test-charset-fidelity.c b/tests/charsets/test-charset-fidelity.c
-index 39ccc2068..2b2e2d8a9 100644
+index 105291dc3..5ca4f3b6d 100644
 --- a/tests/charsets/test-charset-fidelity.c
 +++ b/tests/charsets/test-charset-fidelity.c
-@@ -94,6 +94,8 @@ main (int argc, char *argv[])
+@@ -96,6 +96,8 @@ main (int argc, char *argv[])
   if (g == NULL)
     error (EXIT_FAILURE, 0, "failed to create handle");
 
@ -65,5 +65,5 @@ index 39ccc2068..2b2e2d8a9 100644
     exit (EXIT_FAILURE);
 
 -- 
-2.31.1
+2.47.3

--- a/0019-RHEL-appliance-init-Run-depmod-a-to-rebuild-kernel-m.patch
+++ b/0019-RHEL-appliance-init-Run-depmod-a-to-rebuild-kernel-m.patch
@ -0,0 +1,27 @@
+From 7a16a0b3580b081abc4880644ed0e34b30670cae Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Tue, 13 May 2025 17:28:25 +0100
+Subject: [PATCH] RHEL: appliance/init: Run depmod -a to rebuild kernel module
+ dependencies
+
+---
+ appliance/init | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/appliance/init b/appliance/init
+index 62526ac77..c94f50079 100755
+--- a/appliance/init
+++ b/appliance/init
+@@ -116,6 +116,9 @@ $UDEVD --daemon #--debug
+ udevadm trigger
+ udevadm settle --timeout=600
+ 
+# Recreate module dependencies (RHEL only)
+depmod -a
+
+ # Disk optimizations.
+ # Increase the SCSI timeout so we can read remote images.
+ shopt -s nullglob
+-- 
+2.47.3
+
--- a/0020-daemon-device-name-translation.c-Fix-btrfs-volume-re.patch
+++ b/0020-daemon-device-name-translation.c-Fix-btrfs-volume-re.patch
@ -0,0 +1,78 @@
+From 2613e5301b9e484b5e241afeaff96413597eaf7c Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Wed, 3 Dec 2025 11:15:39 +0000
+Subject: [PATCH] daemon/device-name-translation.c: Fix btrfs volume reverse
+ translation
+
+Devices associated with btrfs volumes are not reverse-translated
+(e.g., btrfsvol:/dev/sdX to sdY).
+
+Forward translation occurs, creating a path mismatch.  This causes
+errors in subsequent btrfs commands.
+
+Thanks: Arye Yurkovsky
+(cherry picked from commit c7b204bce3c860c10663fcb9250dd934eaf3390a)
+---
+ daemon/device-name-translation.c | 36 ++++++++++++++++++++++++++++++++
+ 1 file changed, 36 insertions(+)
+
+diff --git a/daemon/device-name-translation.c b/daemon/device-name-translation.c
+index cfebc6495..74b8b686e 100644
+--- a/daemon/device-name-translation.c
+++ b/daemon/device-name-translation.c
+@@ -248,12 +248,17 @@ device_name_translation (const char *device)
+   return NULL;
+ }
+ 
+static char *reverse_btrfsvol (const char *device);
+
+ char *
+ reverse_device_name_translation (const char *device)
+ {
+   char *ret = NULL;
+   size_t i;
+ 
+  if (STRPREFIX (device, "btrfsvol:"))
+    return reverse_btrfsvol (device);
+
+   /* Look it up in the cache, and if found return the canonical name.
+    * If not found return a copy of the original string.
+    */
+@@ -287,3 +292,34 @@ reverse_device_name_translation (const char *device)
+ 
+   return ret;
+ }
+
+/* btrfsvol:/dev/sdX also needs reversing. */
+static char *
+reverse_btrfsvol (const char *device)
+{
+  const char prefix[] = "btrfsvol:";
+  const char *device_start, *device_end;
+  CLEANUP_FREE char *device_name = NULL;
+  CLEANUP_FREE char *reversed_device = NULL;
+  char *ret;
+
+  device_start = device + strlen (prefix);
+  device_end = strchr (device_start + strlen ("/dev/"), '/');
+  device_name = strndup (device_start, device_end - device_start);
+  if (device_name == NULL) {
+    reply_with_perror ("strndup");
+    return NULL;
+  }
+
+  reversed_device = reverse_device_name_translation (device_name);
+  if (reversed_device == NULL)
+    return NULL;
+
+  /* Construct the final btrfsvol: and return it, caller frees. */
+  if (asprintf (&ret, "%s%s%s", prefix, reversed_device, device_end) == -1) {
+    reply_with_perror ("asprintf");
+    return NULL;
+  }
+
+  return ret;
+}
+-- 
+2.47.3
+
--- a/SOURCES/README-replacement.in
+++ b/SOURCES/README-replacement.in
@ -8,8 +8,7 @@ list:

  http://www.redhat.com/mailman/listinfo/libguestfs

-This Red Hat Enterprise Linux package comes with a lot of help and
-examples to get you started.
+This package comes with a lot of help and examples to get you started.

 The first place to start are the manual pages.  Type:

@ -20,19 +19,19 @@ The first place to start are the manual pages.  Type:
  man virt-cat   # and other virt-* tools

 If you install the libguestfs-devel package, then in the
-/usr/share/doc/libguestfs-devel/ directory you will also
-find:
+/usr/share/doc/libguestfs-devel/ directory you will find other
+documentation including:

 - BUGS: list of open bugs in this version

- - ChangeLog: the detailed list of changes in this version
+ - ChangeLog.gz: the detailed list of changes in this version

- - ROADMAP: the roadmap for future versions
+ - HACKING: how to extend libguestfs

 - TODO: ideas for extending libguestfs

 - *.c: example C programs using the API

- - *.xml: example virt-inspector output
+ - *.xml.gz: example virt-inspector output (compressed)

- - *.rng: virt-inspector RelaxNG schema
+ - virt-inspector.rng: virt-inspector RelaxNG schema
--- a/SOURCES/0001-RHEL-8-Remove-libguestfs-live-RHBZ-798980.patch
+++ b/SOURCES/0001-RHEL-8-Remove-libguestfs-live-RHBZ-798980.patch
@ -1,56 +0,0 @@
-From 5b6d2b05fe0c4035b9791a751e3133d26c7baa2d Mon Sep 17 00:00:00 2001
-From: "Richard W.M. Jones" <rjones@redhat.com>
-Date: Fri, 21 Dec 2012 15:50:11 +0000
-Subject: [PATCH] RHEL 8: Remove libguestfs live (RHBZ#798980).
-
-This isn't supported in RHEL 8.
-
-Disable daemon tests that require the 'unix' backend.
---
- lib/launch-unix.c        | 7 +++++++
- tests/daemon/Makefile.am | 4 +---
- 2 files changed, 8 insertions(+), 3 deletions(-)
-
-diff --git a/lib/launch-unix.c b/lib/launch-unix.c
-index 0d344f9df..74dd1bb4a 100644
--- a/lib/launch-unix.c
-+++ b/lib/launch-unix.c
-@@ -37,6 +37,12 @@
- static int
- launch_unix (guestfs_h *g, void *datav, const char *sockpath)
- {
-+  error (g,
-+	 "launch: In RHEL, only the 'libvirt' or 'direct' method is supported.\n"
-+	 "In particular, \"libguestfs live\" is not supported.");
-+  return -1;
-+
-+#if 0
-   int r, daemon_sock = -1;
-   struct sockaddr_un addr;
-   uint32_t size;
-@@ -106,6 +112,7 @@ launch_unix (guestfs_h *g, void *datav, const char *sockpath)
-     g->conn = NULL;
-   }
-   return -1;
-+#endif
- }
- 
- static int
-diff --git a/tests/daemon/Makefile.am b/tests/daemon/Makefile.am
-index 921e6d1df..8b2887247 100644
--- a/tests/daemon/Makefile.am
-+++ b/tests/daemon/Makefile.am
-@@ -23,9 +23,7 @@ include $(top_srcdir)/subdir-rules.mk
- 
- check_DATA = captive-daemon.pm
- 
-TESTS = \
-	test-daemon-start.pl \
-	test-btrfs.pl
-+TESTS =
- 
- TESTS_ENVIRONMENT = $(top_builddir)/run --test
- 
-- 
-2.31.1
-
--- a/SOURCES/0002-RHEL-8-Remove-9p-APIs-from-RHEL-RHBZ-921710.patch
+++ b/SOURCES/0002-RHEL-8-Remove-9p-APIs-from-RHEL-RHBZ-921710.patch
@ -1,330 +0,0 @@
-From 91b2a6e50211c58ea31a36351ec63c358f708bf9 Mon Sep 17 00:00:00 2001
-From: "Richard W.M. Jones" <rjones@redhat.com>
-Date: Thu, 18 Jul 2013 18:31:53 +0100
-Subject: [PATCH] RHEL 8: Remove 9p APIs from RHEL (RHBZ#921710).
-
---
- Makefile.am               |   2 +-
- daemon/9p.c               | 182 --------------------------------------
- daemon/Makefile.am        |   1 -
- docs/C_SOURCE_FILES       |   1 -
- generator/actions_core.ml |  21 -----
- generator/proc_nr.ml      |   2 -
- gobject/Makefile.inc      |   2 -
- po/POTFILES               |   2 -
- 8 files changed, 1 insertion(+), 212 deletions(-)
- delete mode 100644 daemon/9p.c
-
-diff --git a/Makefile.am b/Makefile.am
-index 3df1b6a7a..36e44dfd5 100644
--- a/Makefile.am
-+++ b/Makefile.am
-@@ -78,7 +78,7 @@ SUBDIRS += tests/xfs
- SUBDIRS += tests/charsets
- SUBDIRS += tests/xml
- SUBDIRS += tests/mount-local
-SUBDIRS += tests/9p
-+#SUBDIRS += tests/9p
- SUBDIRS += tests/rsync
- SUBDIRS += tests/bigdirs
- SUBDIRS += tests/disk-labels
-diff --git a/daemon/9p.c b/daemon/9p.c
-deleted file mode 100644
-index 743a96abd..000000000
--- a/daemon/9p.c
-+++ /dev/null
-@@ -1,182 +0,0 @@
-/* libguestfs - the guestfsd daemon
- * Copyright (C) 2011 Red Hat Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-
-#include <config.h>
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <limits.h>
-#include <errno.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <dirent.h>
-#include <fcntl.h>
-
-#include "ignore-value.h"
-
-#include "daemon.h"
-#include "actions.h"
-
-#define BUS_PATH "/sys/bus/virtio/drivers/9pnet_virtio"
-
-static void
-modprobe_9pnet_virtio (void)
-{
-  /* Required with Linux 5.6 and maybe earlier kernels.  For unclear
-   * reasons the module is not an automatic dependency of the 9p
-   * module so doesn't get loaded automatically.
-   */
-  ignore_value (command (NULL, NULL, "modprobe", "9pnet_virtio", NULL));
-}
-
-/* https://bugzilla.redhat.com/show_bug.cgi?id=714981#c1 */
-char **
-do_list_9p (void)
-{
-  CLEANUP_FREE_STRINGSBUF DECLARE_STRINGSBUF (r);
-  DIR *dir;
-
-  modprobe_9pnet_virtio ();
-
-  dir = opendir (BUS_PATH);
-  if (!dir) {
-    perror ("opendir: " BUS_PATH);
-    if (errno != ENOENT) {
-      reply_with_perror ("opendir: " BUS_PATH);
-      return NULL;
-    }
-
-    /* If this directory doesn't exist, it probably means that
-     * the virtio driver isn't loaded.  Don't return an error
-     * in this case, but return an empty list.
-     */
-    if (end_stringsbuf (&r) == -1)
-      return NULL;
-
-    return take_stringsbuf (&r);
-  }
-
-  while (1) {
-    struct dirent *d;
-
-    errno = 0;
-    d = readdir (dir);
-    if (d == NULL) break;
-
-    if (STRPREFIX (d->d_name, "virtio")) {
-      CLEANUP_FREE char *mount_tag_path = NULL;
-      if (asprintf (&mount_tag_path, BUS_PATH "/%s/mount_tag",
-                    d->d_name) == -1) {
-        reply_with_perror ("asprintf");
-        closedir (dir);
-        return NULL;
-      }
-
-      /* A bit unclear, but it looks like the virtio transport allows
-       * the mount tag length to be unlimited (or up to 65536 bytes).
-       * See: linux/include/linux/virtio_9p.h
-       */
-      CLEANUP_FREE char *mount_tag = read_whole_file (mount_tag_path, NULL);
-      if (mount_tag == 0)
-        continue;
-
-      if (add_string (&r, mount_tag) == -1) {
-        closedir (dir);
-        return NULL;
-      }
-    }
-  }
-
-  /* Check readdir didn't fail */
-  if (errno != 0) {
-    reply_with_perror ("readdir: /sys/block");
-    closedir (dir);
-    return NULL;
-  }
-
-  /* Close the directory handle */
-  if (closedir (dir) == -1) {
-    reply_with_perror ("closedir: /sys/block");
-    return NULL;
-  }
-
-  /* Sort the tags. */
-  if (r.size > 0)
-    sort_strings (r.argv, r.size);
-
-  /* NULL terminate the list */
-  if (end_stringsbuf (&r) == -1)
-    return NULL;
-
-  return take_stringsbuf (&r);
-}
-
-/* Takes optional arguments, consult optargs_bitmask. */
-int
-do_mount_9p (const char *mount_tag, const char *mountpoint, const char *options)
-{
-  CLEANUP_FREE char *mp = NULL, *opts = NULL, *err = NULL;
-  struct stat statbuf;
-  int r;
-
-  ABS_PATH (mountpoint, 0, return -1);
-
-  mp = sysroot_path (mountpoint);
-  if (!mp) {
-    reply_with_perror ("malloc");
-    return -1;
-  }
-
-  /* Check the mountpoint exists and is a directory. */
-  if (stat (mp, &statbuf) == -1) {
-    reply_with_perror ("%s", mountpoint);
-    return -1;
-  }
-  if (!S_ISDIR (statbuf.st_mode)) {
-    reply_with_perror ("%s: mount point is not a directory", mountpoint);
-    return -1;
-  }
-
-  /* Add trans=virtio to the options. */
-  if ((optargs_bitmask & GUESTFS_MOUNT_9P_OPTIONS_BITMASK) &&
-      STRNEQ (options, "")) {
-    if (asprintf (&opts, "trans=virtio,%s", options) == -1) {
-      reply_with_perror ("asprintf");
-      return -1;
-    }
-  }
-  else {
-    opts = strdup ("trans=virtio");
-    if (opts == NULL) {
-      reply_with_perror ("strdup");
-      return -1;
-    }
-  }
-
-  modprobe_9pnet_virtio ();
-  r = command (NULL, &err,
-               "mount", "-o", opts, "-t", "9p", mount_tag, mp, NULL);
-  if (r == -1) {
-    reply_with_error ("%s on %s: %s", mount_tag, mountpoint, err);
-    return -1;
-  }
-
-  return 0;
-}
-diff --git a/daemon/Makefile.am b/daemon/Makefile.am
-index 038be592c..df9dcc4ee 100644
--- a/daemon/Makefile.am
-+++ b/daemon/Makefile.am
-@@ -82,7 +82,6 @@ guestfsd_SOURCES = \
- 	../common/protocol/guestfs_protocol.h \
- 	../common/utils/cleanups.h \
- 	../common/utils/guestfs-utils.h \
-	9p.c \
- 	acl.c \
- 	actions.h \
- 	available.c \
-diff --git a/docs/C_SOURCE_FILES b/docs/C_SOURCE_FILES
-index cd5bd2924..831b7e25a 100644
--- a/docs/C_SOURCE_FILES
-+++ b/docs/C_SOURCE_FILES
-@@ -63,7 +63,6 @@ common/windows/windows.c
- common/windows/windows.h
- customize/crypt-c.c
- customize/perl_edit-c.c
-daemon/9p.c
- daemon/acl.c
- daemon/actions.h
- daemon/augeas.c
-diff --git a/generator/actions_core.ml b/generator/actions_core.ml
-index 806565b19..37476c93e 100644
--- a/generator/actions_core.ml
-+++ b/generator/actions_core.ml
-@@ -6157,27 +6157,6 @@ This returns true iff the device exists and contains all zero bytes.
- 
- Note that for large devices this can take a long time to run." };
- 
-  { defaults with
-    name = "list_9p"; added = (1, 11, 12);
-    style = RStringList (RPlainString, "mounttags"), [], [];
-    shortdesc = "list 9p filesystems";
-    longdesc = "\
-List all 9p filesystems attached to the guest.  A list of
-mount tags is returned." };
-
-  { defaults with
-    name = "mount_9p"; added = (1, 11, 12);
-    style = RErr, [String (PlainString, "mounttag"); String (PlainString, "mountpoint")], [OString "options"];
-    camel_name = "Mount9P";
-    shortdesc = "mount 9p filesystem";
-    longdesc = "\
-Mount the virtio-9p filesystem with the tag C<mounttag> on the
-directory C<mountpoint>.
-
-If required, C<trans=virtio> will be automatically added to the options.
-Any other options required can be passed in the optional C<options>
-parameter." };
-
-   { defaults with
-     name = "list_dm_devices"; added = (1, 11, 15);
-     style = RStringList (RDevice, "devices"), [], [];
-diff --git a/generator/proc_nr.ml b/generator/proc_nr.ml
-index 30e42864f..57976be36 100644
--- a/generator/proc_nr.ml
-+++ b/generator/proc_nr.ml
-@@ -295,8 +295,6 @@ let proc_nr = [
- 282, "internal_autosync";
- 283, "is_zero";
- 284, "is_zero_device";
-285, "list_9p";
-286, "mount_9p";
- 287, "list_dm_devices";
- 288, "ntfsresize";
- 289, "btrfs_filesystem_resize";
-diff --git a/gobject/Makefile.inc b/gobject/Makefile.inc
-index 650f8ddac..c4e735967 100644
--- a/gobject/Makefile.inc
-+++ b/gobject/Makefile.inc
-@@ -94,7 +94,6 @@ guestfs_gobject_headers= \
-   include/guestfs-gobject/optargs-mksquashfs.h \
-   include/guestfs-gobject/optargs-mkswap.h \
-   include/guestfs-gobject/optargs-mktemp.h \
-  include/guestfs-gobject/optargs-mount_9p.h \
-   include/guestfs-gobject/optargs-mount_local.h \
-   include/guestfs-gobject/optargs-ntfsclone_out.h \
-   include/guestfs-gobject/optargs-ntfsfix.h \
-@@ -188,7 +187,6 @@ guestfs_gobject_sources= \
-   src/optargs-mksquashfs.c \
-   src/optargs-mkswap.c \
-   src/optargs-mktemp.c \
-  src/optargs-mount_9p.c \
-   src/optargs-mount_local.c \
-   src/optargs-ntfsclone_out.c \
-   src/optargs-ntfsfix.c \
-diff --git a/po/POTFILES b/po/POTFILES
-index 69ea7134a..0782e8ceb 100644
--- a/po/POTFILES
-+++ b/po/POTFILES
-@@ -47,7 +47,6 @@ common/visit/visit.c
- common/windows/windows.c
- customize/crypt-c.c
- customize/perl_edit-c.c
-daemon/9p.c
- daemon/acl.c
- daemon/augeas.c
- daemon/available.c
-@@ -277,7 +276,6 @@ gobject/src/optargs-mkfs_btrfs.c
- gobject/src/optargs-mksquashfs.c
- gobject/src/optargs-mkswap.c
- gobject/src/optargs-mktemp.c
-gobject/src/optargs-mount_9p.c
- gobject/src/optargs-mount_local.c
- gobject/src/optargs-ntfsclone_out.c
- gobject/src/optargs-ntfsfix.c
-- 
-2.31.1
-
--- a/SOURCES/0004-RHEL-8-Remove-User-Mode-Linux-RHBZ-1144197.patch
+++ b/SOURCES/0004-RHEL-8-Remove-User-Mode-Linux-RHBZ-1144197.patch
@ -1,72 +0,0 @@
-From 34f8c6a5eb0eabfba4ab1831b45e2baa73a4b501 Mon Sep 17 00:00:00 2001
-From: "Richard W.M. Jones" <rjones@redhat.com>
-Date: Fri, 19 Sep 2014 13:38:20 +0100
-Subject: [PATCH] RHEL 8: Remove User-Mode Linux (RHBZ#1144197).
-
-This isn't supported in RHEL 8.
---
- lib/launch-uml.c | 13 +++++++++++++
- 1 file changed, 13 insertions(+)
-
-diff --git a/lib/launch-uml.c b/lib/launch-uml.c
-index 5aec50a57..8b9fcd770 100644
--- a/lib/launch-uml.c
-+++ b/lib/launch-uml.c
-@@ -44,7 +44,9 @@ struct backend_uml_data {
-   char umid[UML_UMID_LEN+1];    /* umid=<...> unique ID. */
- };
- 
-+#if 0
- static void print_vmlinux_command_line (guestfs_h *g, char **argv);
-+#endif
- 
- /* Run uml_mkcow to create a COW overlay. */
- static char *
-@@ -81,6 +83,7 @@ create_cow_overlay_uml (guestfs_h *g, void *datav, struct drive *drv)
-   return make_cow_overlay (g, drv->src.u.path);
- }
- 
-+#if 0
- /* Test for features which are not supported by the UML backend.
-  * Possibly some of these should just be warnings, not errors.
-  */
-@@ -133,10 +136,17 @@ uml_supported (guestfs_h *g)
- 
-   return true;
- }
-+#endif
- 
- static int
- launch_uml (guestfs_h *g, void *datav, const char *arg)
- {
-+  error (g,
-+	 "launch: In RHEL, only the 'libvirt' or 'direct' method is supported.\n"
-+	 "In particular, User-Mode Linux (UML) is not supported.");
-+  return -1;
-+
-+#if 0
-   struct backend_uml_data *data = datav;
-   CLEANUP_FREE_STRINGSBUF DECLARE_STRINGSBUF (cmdline);
-   int console_sock = -1, daemon_sock = -1;
-@@ -496,8 +506,10 @@ launch_uml (guestfs_h *g, void *datav, const char *arg)
-   }
-   g->state = CONFIG;
-   return -1;
-+#endif
- }
- 
-+#if 0
- /* This is called from the forked subprocess just before vmlinux runs,
-  * so it can just print the message straight to stderr, where it will
-  * be picked up and funnelled through the usual appliance event API.
-@@ -527,6 +539,7 @@ print_vmlinux_command_line (guestfs_h *g, char **argv)
- 
-   fputc ('\n', stderr);
- }
-+#endif
- 
- static int
- shutdown_uml (guestfs_h *g, void *datav, int check_for_errors)
-- 
-2.31.1
-
--- a/SOURCES/0006-build-Avoid-warnings-about-unknown-pragmas.patch
+++ b/SOURCES/0006-build-Avoid-warnings-about-unknown-pragmas.patch
@ -1,37 +0,0 @@
-From dbd1eaab6a478cf0c3ea093a56b3d04c29278615 Mon Sep 17 00:00:00 2001
-From: "Richard W.M. Jones" <rjones@redhat.com>
-Date: Tue, 12 Jan 2021 10:23:11 +0000
-Subject: [PATCH] build: Avoid warnings about unknown pragmas.
-
-In commit 4bbbf03b8bc266ed2b63c461cd0945250bb134fe we started to
-ignore bogus GCC 11 warnings.  Unfortunately earlier versions of GCC
-don't know about those pragmas so give warnings [hence errors in
-developer builds] like:
-
-tsk.c:75:32: error: unknown option after '#pragma GCC diagnostic' kind [-Werror=pragmas]
-
-Turn off these warnings.
-
-Updates: commit 4bbbf03b8bc266ed2b63c461cd0945250bb134fe
-(cherry picked from commit 812f837c97f48ce0c26a0e02286fb9180c282923)
---
- m4/guestfs-c.m4 | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/m4/guestfs-c.m4 b/m4/guestfs-c.m4
-index 25ffea0d9..bbb4db464 100644
--- a/m4/guestfs-c.m4
-+++ b/m4/guestfs-c.m4
-@@ -108,6 +108,9 @@ gl_WARN_ADD([-Wformat-truncation=1])
- dnl GCC 9 at level 2 gives apparently bogus errors when %.*s is used.
- gl_WARN_ADD([-Wformat-overflow=1])
- 
-+dnl GCC < 11 gives warnings when disabling GCC 11 warnings.
-+gl_WARN_ADD([-Wno-pragmas])
-+
- AC_SUBST([WARN_CFLAGS])
- 
- NO_SNV_CFLAGS=
-- 
-2.31.1
-
--- a/SOURCES/0007-daemon-lvm-Use-lvcreate-yes-to-avoid-interactive-pro.patch
+++ b/SOURCES/0007-daemon-lvm-Use-lvcreate-yes-to-avoid-interactive-pro.patch
@ -1,94 +0,0 @@
-From 22416a2329ec531b9608c21b11ff3d53275fe7a0 Mon Sep 17 00:00:00 2001
-From: "Richard W.M. Jones" <rjones@redhat.com>
-Date: Mon, 22 Feb 2021 10:18:45 +0000
-Subject: [PATCH] daemon: lvm: Use lvcreate --yes to avoid interactive prompts.
-
-See https://bugzilla.redhat.com/show_bug.cgi?id=1930996#c1
-
-Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1930996
-(cherry picked from commit 21cd97732c4973db835b8b6540c8ad582ebd2bda)
---
- daemon/lvm.c                     |  2 +-
- tests/regressions/Makefile.am    |  2 ++
- tests/regressions/rhbz1930996.sh | 36 ++++++++++++++++++++++++++++++++
- 3 files changed, 39 insertions(+), 1 deletion(-)
- create mode 100755 tests/regressions/rhbz1930996.sh
-
-diff --git a/daemon/lvm.c b/daemon/lvm.c
-index 841dc4b6b..72c59c3a1 100644
--- a/daemon/lvm.c
-+++ b/daemon/lvm.c
-@@ -219,7 +219,7 @@ do_lvcreate (const char *logvol, const char *volgroup, int mbytes)
-   snprintf (size, sizeof size, "%d", mbytes);
- 
-   r = command (NULL, &err,
-               "lvm", "lvcreate",
-+               "lvm", "lvcreate", "--yes",
-                "-L", size, "-n", logvol, volgroup, NULL);
-   if (r == -1) {
-     reply_with_error ("%s", err);
-diff --git a/tests/regressions/Makefile.am b/tests/regressions/Makefile.am
-index ecb0d68a7..c1e0ee8a9 100644
--- a/tests/regressions/Makefile.am
-+++ b/tests/regressions/Makefile.am
-@@ -49,6 +49,7 @@ EXTRA_DIST = \
- 	rhbz1370424.sh \
- 	rhbz1370424.xml \
- 	rhbz1477623.sh \
-+	rhbz1930996.sh \
- 	test-noexec-stack.pl
- 
- TESTS = \
-@@ -79,6 +80,7 @@ TESTS = \
- 	rhbz1285847.sh \
- 	rhbz1370424.sh \
- 	rhbz1477623.sh \
-+	rhbz1930996.sh \
- 	test-big-heap \
- 	test-noexec-stack.pl \
- 	$(SLOW_TESTS)
-diff --git a/tests/regressions/rhbz1930996.sh b/tests/regressions/rhbz1930996.sh
-new file mode 100755
-index 000000000..27089beaa
--- /dev/null
-+++ b/tests/regressions/rhbz1930996.sh
-@@ -0,0 +1,36 @@
-+#!/bin/bash -
-+# libguestfs
-+# Copyright (C) 2017-2021 Red Hat Inc.
-+#
-+# This program is free software; you can redistribute it and/or modify
-+# it under the terms of the GNU General Public License as published by
-+# the Free Software Foundation; either version 2 of the License, or
-+# (at your option) any later version.
-+#
-+# This program is distributed in the hope that it will be useful,
-+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-+# GNU General Public License for more details.
-+#
-+# You should have received a copy of the GNU General Public License
-+# along with this program; if not, write to the Free Software
-+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-+
-+# Regression test for:
-+# https://bugzilla.redhat.com/show_bug.cgi?id=1930996#c1
-+#
-+# Actually a bug/change in LVM, previously we failed to create an LV
-+# if the underlying disk contained a filesystem signature.
-+
-+set -e
-+
-+$TEST_FUNCTIONS
-+skip_if_skipped
-+skip_unless_phony_guest fedora.img
-+
-+f=rhbz1930996.img
-+rm -f $f
-+
-+guestfish -N $f=lvfs vgremove VG : vgcreate VG /dev/sda1 : lvcreate LV2 VG 100
-+
-+rm $f
-- 
-2.31.1
-
--- a/SOURCES/0008-inspection-More-reliable-detection-of-Linux-split-us.patch
+++ b/SOURCES/0008-inspection-More-reliable-detection-of-Linux-split-us.patch
@ -1,113 +0,0 @@
-From e1b339688e5f8f2a14fe0c7e9d02ad68004e4655 Mon Sep 17 00:00:00 2001
-From: "Richard W.M. Jones" <rjones@redhat.com>
-Date: Thu, 15 Apr 2021 09:18:22 +0100
-Subject: [PATCH] inspection: More reliable detection of Linux split /usr
- configurations
-
-In RHEL 8+, /usr/etc no longer exists.  Since we were looking for this
-directory in order to detect a separate /usr partition, those were no
-longer detected, so the merging of /usr data into the root was not
-being done.  The result was incomplete inspection data and failure of
-virt-v2v.
-
-All Linux systems since forever have had /usr/src but not /src, so
-detect this instead.
-
-Furthermore the merging code didn't work, because we expected that the
-root filesystem had a distro assigned, but in this configuration we
-may need to look for that information in /usr/lib/os-release (not on
-the root filesystem).  This change makes the merging work even if we
-have incomplete information about the root filesystem, so long as we
-have an /etc/fstab entry pointing to the /usr mountpoint.
-
-Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1949683
-Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1930133
-Fixes: commit 394d11be49121884295e61964ed47f5a8488c252
-(cherry picked from commit 26427b9ecc64e7e5e53a1d577cef9dc080d08877)
---
- daemon/inspect.ml    | 33 +++++++++++++++------------------
- daemon/inspect_fs.ml |  6 +++---
- 2 files changed, 18 insertions(+), 21 deletions(-)
-
-diff --git a/daemon/inspect.ml b/daemon/inspect.ml
-index 945a476f6..fb75b4a6c 100644
--- a/daemon/inspect.ml
-+++ b/daemon/inspect.ml
-@@ -182,11 +182,9 @@ and check_for_duplicated_bsd_root fses =
- and collect_linux_inspection_info fses =
-   List.map (
-     function
-    | { role = RoleRoot { distro = Some d } } as root ->
-       if d <> DISTRO_COREOS then
-         collect_linux_inspection_info_for fses root
-       else
-         root
-+    | { role = RoleRoot { distro = Some DISTRO_COREOS } } as root -> root
-+    | { role = RoleRoot _ } as root ->
-+       collect_linux_inspection_info_for fses root
-     | fs -> fs
-   ) fses
- 
-@@ -196,29 +194,28 @@ and collect_linux_inspection_info fses =
-  * or other ways to identify the OS).
-  *)
- and collect_linux_inspection_info_for fses root =
-  let root_distro, root_fstab =
-+  let root_fstab =
-     match root with
-    | { role = RoleRoot { distro = Some d; fstab = f } } -> d, f
-+    | { role = RoleRoot { fstab = f } } -> f
-     | _ -> assert false in
- 
-   try
-     let usr =
-       List.find (
-         function
-        | { role = RoleUsr { distro = d } }
-             when d = Some root_distro || d = None -> true
-+        | { role = RoleUsr _; fs_location = usr_mp } ->
-+           (* This checks that this usr is found in the fstab of
-+            * the root filesystem.
-+            *)
-+           List.exists (
-+             fun (mountable, _) ->
-+               usr_mp.mountable = mountable
-+           ) root_fstab
-         | _ -> false
-       ) fses in
- 
-    let usr_mountable = usr.fs_location.mountable in
-
-    (* This checks that [usr] is found in the fstab of the root
-     * filesystem.  If not, [Not_found] is thrown.
-     *)
-    ignore (
-      List.find (fun (mountable, _) -> usr_mountable = mountable) root_fstab
-    );
-
-+    eprintf "collect_linux_inspection_info_for: merging:\n%sinto:\n%s"
-+      (string_of_fs usr) (string_of_fs root);
-     merge usr root;
-     root
-   with
-diff --git a/daemon/inspect_fs.ml b/daemon/inspect_fs.ml
-index 6e00c7083..02b5a0470 100644
--- a/daemon/inspect_fs.ml
-+++ b/daemon/inspect_fs.ml
-@@ -164,10 +164,10 @@ and check_filesystem mountable =
-     ()
-   )
-   (* Linux /usr? *)
-  else if Is.is_dir "/etc" &&
-          Is.is_dir "/bin" &&
-          Is.is_dir "/share" &&
-+  else if Is.is_dir "/bin" &&
-           Is.is_dir "/local" &&
-+          Is.is_dir "/share" &&
-+          Is.is_dir "/src" &&
-           not (Is.is_file "/etc/fstab") then (
-     debug_matching "Linux /usr";
-     role := `Usr;
-- 
-2.31.1
-
--- a/SOURCES/0009-lib-Autodetect-backing-format-for-qemu-img-create-b.patch
+++ b/SOURCES/0009-lib-Autodetect-backing-format-for-qemu-img-create-b.patch
@ -1,49 +0,0 @@
-From 791a16b049ea1ce2c450acd367fce774d9aab5b1 Mon Sep 17 00:00:00 2001
-From: "Richard W.M. Jones" <rjones@redhat.com>
-Date: Tue, 31 Aug 2021 08:27:15 +0100
-Subject: [PATCH] lib: Autodetect backing format for qemu-img create -b
-
-qemu 6.1 has decided to change qemu-img create so that a backing
-format (-F) is required if a backing file (-b) is specified.  Since we
-don't want to change the libguestfs API to force callers to specify
-this because that would be an API break, autodetect it.
-
-This is similar to commit c8c181e8d9 ("launch: libvirt: Autodetect
-backing format for readonly drive overlays").
-
-Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1998820
-(cherry picked from commit 45de287447bb18d59749fbfc1ec5072413090109)
---
- lib/create.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/lib/create.c b/lib/create.c
-index 44a7df25f..75a4d3a28 100644
--- a/lib/create.c
-+++ b/lib/create.c
-@@ -255,6 +255,7 @@ disk_create_qcow2 (guestfs_h *g, const char *filename, int64_t size,
-                    const struct guestfs_disk_create_argv *optargs)
- {
-   const char *backingformat = NULL;
-+  CLEANUP_FREE char *backingformat_free = NULL;
-   const char *preallocation = NULL;
-   const char *compat = NULL;
-   int clustersize = -1;
-@@ -270,6 +271,14 @@ disk_create_qcow2 (guestfs_h *g, const char *filename, int64_t size,
-       return -1;
-     }
-   }
-+  else if (backingfile) {
-+    /* Since qemu 6.1, qemu-img create has requires a backing format (-F)
-+     * parameter if backing file (-b) is used (RHBZ#1998820).
-+     */
-+    backingformat = backingformat_free = guestfs_disk_format (g, backingfile);
-+    if (!backingformat)
-+      return -1;
-+  }
-   if (optargs->bitmask & GUESTFS_DISK_CREATE_PREALLOCATION_BITMASK) {
-     if (STREQ (optargs->preallocation, "off") ||
-         STREQ (optargs->preallocation, "sparse"))
-- 
-2.31.1
-
--- a/SOURCES/0010-daemon-chroot-Fix-long-standing-possible-deadlock.patch
+++ b/SOURCES/0010-daemon-chroot-Fix-long-standing-possible-deadlock.patch
@ -1,44 +0,0 @@
-From 3435938f43ca3737ec1d73da4d8cad756b5c9508 Mon Sep 17 00:00:00 2001
-From: "Richard W.M. Jones" <rjones@redhat.com>
-Date: Fri, 26 Mar 2021 16:04:43 +0000
-Subject: [PATCH] daemon: chroot: Fix long-standing possible deadlock.
-
-The child (chrooted) process wrote its answer on the pipe and then
-exited.  Meanwhile the parent waiting for the child to exit before
-reading from the pipe.  Thus if the output was larger than a Linux
-pipebuffer then the whole thing would deadlock.
-
-(cherry picked from commit 94e64b28bee3b8dc7ed354a366d6a8f7ba5f245c)
---
- daemon/chroot.ml | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/daemon/chroot.ml b/daemon/chroot.ml
-index 5e856c91f..7da8ae29e 100644
--- a/daemon/chroot.ml
-+++ b/daemon/chroot.ml
-@@ -62,6 +62,10 @@ let f t func arg =
-   (* Parent. *)
-   close wfd;
- 
-+  let chan = in_channel_of_descr rfd in
-+  let ret = input_value chan in
-+  close_in chan;
-+
-   let _, status = waitpid [] pid in
-   (match status with
-    | WEXITED 0 -> ()
-@@ -76,10 +80,6 @@ let f t func arg =
-       failwithf "chroot ‘%s’ stopped by signal %d" t.name i
-   );
- 
-  let chan = in_channel_of_descr rfd in
-  let ret = input_value chan in
-  close_in chan;
-
-   match ret with
-   | Either ret -> ret
-   | Or exn -> raise exn
-- 
-2.31.1
-
--- a/SOURCES/0011-inspection-Fix-inspection-of-recent-RPM-guests-using.patch
+++ b/SOURCES/0011-inspection-Fix-inspection-of-recent-RPM-guests-using.patch
--- a/SOURCES/0012-inspection-Return-RPM-epoch.patch
+++ b/SOURCES/0012-inspection-Return-RPM-epoch.patch
@ -1,36 +0,0 @@
-From 3ce392c9870a589cc50d2270fcf07b4d129c3dc3 Mon Sep 17 00:00:00 2001
-From: "Richard W.M. Jones" <rjones@redhat.com>
-Date: Sat, 27 Mar 2021 09:31:00 +0000
-Subject: [PATCH] inspection: Return RPM epoch.
-
-Fixes: commit c9ee831affed55abe0f928134cbbd2ed83b2f510
-(cherry picked from commit fef73bce7eec0ce0753a2e150e4e088020d38643)
---
- daemon/rpm-c.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/daemon/rpm-c.c b/daemon/rpm-c.c
-index 92a3abf58..be0e81e22 100644
--- a/daemon/rpm-c.c
-+++ b/daemon/rpm-c.c
-@@ -108,13 +108,16 @@ guestfs_int_daemon_rpm_next_application (value unitv)
- 
-   h = headerLink (h);
-   app.app2_name = headerFormat (h, "%{NAME}", NULL);
-  // XXXapp.app2_epoch = headerFormat (h, "%{NAME}", NULL);
-   app.app2_version = headerFormat (h, "%{VERSION}", NULL);
-   app.app2_release = headerFormat (h, "%{RELEASE}", NULL);
-   app.app2_arch = headerFormat (h, "%{ARCH}", NULL);
-   app.app2_url = headerFormat (h, "%{URL}", NULL);
-   app.app2_summary = headerFormat (h, "%{SUMMARY}", NULL);
-   app.app2_description = headerFormat (h, "%{DESCRIPTION}", NULL);
-+
-+  /* epoch is special as the only int field. */
-+  app.app2_epoch = headerGetNumber (h, RPMTAG_EPOCH);
-+
-   headerFree (h);
- 
-   /* Convert this to an OCaml struct.  Any NULL fields must be turned
-- 
-2.31.1
-
--- a/SOURCES/0013-test-data-phony-guests-Fix-phony-RPM-database-fix-vi.patch
+++ b/SOURCES/0013-test-data-phony-guests-Fix-phony-RPM-database-fix-vi.patch
--- a/SOURCES/0014-po-POTFILES-Fix-list-of-files-for-translation.patch
+++ b/SOURCES/0014-po-POTFILES-Fix-list-of-files-for-translation.patch
@ -1,34 +0,0 @@
-From 9664527c107d04aab416be87cc4fcd76dcbe5927 Mon Sep 17 00:00:00 2001
-From: "Richard W.M. Jones" <rjones@redhat.com>
-Date: Mon, 29 Mar 2021 18:25:13 +0100
-Subject: [PATCH] po/POTFILES: Fix list of files for translation.
-
-Fixes: commit c9ee831affed55abe0f928134cbbd2ed83b2f510
-(cherry picked from commit df983200d76bac37c811fbd2fb67e7ebe830e759)
---
- po/POTFILES | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/po/POTFILES b/po/POTFILES
-index 0782e8ceb..fdc6e8062 100644
--- a/po/POTFILES
-+++ b/po/POTFILES
-@@ -128,6 +128,7 @@ daemon/pingdaemon.c
- daemon/proto.c
- daemon/readdir.c
- daemon/rename.c
-+daemon/rpm-c.c
- daemon/rsync.c
- daemon/scrub.c
- daemon/selinux-relabel.c
-@@ -353,7 +354,6 @@ lib/command.c
- lib/conn-socket.c
- lib/copy-in-out.c
- lib/create.c
-lib/dbdump.c
- lib/drives.c
- lib/errors.c
- lib/event-string.c
-- 
-2.31.1
-
--- a/SOURCES/0015-m4-guestfs-find-db-tool.m4-Remove-unused-file.patch
+++ b/SOURCES/0015-m4-guestfs-find-db-tool.m4-Remove-unused-file.patch
@ -1,64 +0,0 @@
-From 083856d9f9c8fccc629bf0f3a5237d26434c8940 Mon Sep 17 00:00:00 2001
-From: "Richard W.M. Jones" <rjones@redhat.com>
-Date: Mon, 29 Mar 2021 18:35:48 +0100
-Subject: [PATCH] m4/guestfs-find-db-tool.m4: Remove unused file.
-
-Fixes: commit 42e5e7cfdbca01b2e9bd50c63a9fc65b6da9192f
-(cherry picked from commit 8317279c3539562ebad9de13c7ac515dded74e4d)
---
- m4/guestfs-find-db-tool.m4 | 43 --------------------------------------
- 1 file changed, 43 deletions(-)
- delete mode 100644 m4/guestfs-find-db-tool.m4
-
-diff --git a/m4/guestfs-find-db-tool.m4 b/m4/guestfs-find-db-tool.m4
-deleted file mode 100644
-index b404148c6..000000000
--- a/m4/guestfs-find-db-tool.m4
-+++ /dev/null
-@@ -1,43 +0,0 @@
-# libguestfs
-# Copyright (C) 2014 Red Hat Inc.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-
-AC_DEFUN([GUESTFS_FIND_DB_TOOL],[
-    pushdef([VARIABLE],$1)
-    TOOL=$2
-
-    db_tool_name="db_$TOOL"
-    db_versions="53 5.3 5.2 5.1 4.8 4.7 4.6"
-    db_tool_patterns="dbX_$TOOL dbX.Y_$TOOL"
-    db_tool_patterns="dbX_$TOOL db_$TOOL-X dbX.Y_$TOOL db_$TOOL-X.Y"
-
-    AC_ARG_VAR(VARIABLE, [Absolute path to $db_tool_name executable])
-
-    AS_IF(test -z "$VARIABLE", [
-        exe_list="db_$TOOL"
-        for ver in $db_versions ; do
-            ver_maj=`echo $ver | cut -d. -f1`
-            ver_min=`echo $ver | cut -d. -f2`
-            for pattern in $db_tool_patterns ; do
-                exe=`echo "$pattern" | sed -e "s/X/$ver_maj/g;s/Y/$ver_min/g"`
-                exe_list="$exe_list $exe"
-            done
-        done
-        AC_PATH_PROGS([]VARIABLE[], [$exe_list], [no])
-    ])
-
-    popdef([VARIABLE])
-])
-- 
-2.31.1
-
--- a/SOURCES/0016-test-data-phony-guests-Fix-phony-RPM-database-fix-vi.patch
+++ b/SOURCES/0016-test-data-phony-guests-Fix-phony-RPM-database-fix-vi.patch
@ -1,474 +0,0 @@
-From f8ccce2c7a0c1323e0721f503322df525dd5b139 Mon Sep 17 00:00:00 2001
-From: "Richard W.M. Jones" <rjones@redhat.com>
-Date: Mon, 29 Mar 2021 12:22:12 +0100
-Subject: [PATCH] test-data/phony-guests: Fix phony RPM database, fix
- virt-inspector test.
-
-libguestfs 1.45.3 now reads the RPM database using librpm, which means
-our old phony database created by db_dump can no longer work.  Instead
-provide a real (but very minimal) sqlite database.
-
-This commit also fixes the virt-inspector test since the RPM database
-contents are now different.
-
-(cherry picked from commit 46bf6fb473889ed28bd7220476120edcda47ae07)
---
- inspector/expected-fedora-luks.img.xml | 208 +++++++++++++++++++++++--
- inspector/expected-fedora.img.xml      | 208 +++++++++++++++++++++++--
- 2 files changed, 398 insertions(+), 18 deletions(-)
-
-diff --git a/inspector/expected-fedora-luks.img.xml b/inspector/expected-fedora-luks.img.xml
-index df6060a73..72cddaf88 100644
--- a/inspector/expected-fedora-luks.img.xml
-+++ b/inspector/expected-fedora-luks.img.xml
-@@ -30,22 +30,212 @@
-     </filesystems>
-     <applications>
-       <application>
-        <name>test1</name>
-        <version>1.0</version>
-        <release>1.fc14</release>
-+        <name>basesystem</name>
-+        <version>11</version>
-+        <release>10.fc33</release>
-+        <arch>noarch</arch>
-+        <url>(none)</url>
-+        <summary>The skeleton package which defines a simple Fedora system</summary>
-+        <description>Basesystem defines the components of a basic Fedora system
-+(for example, the package installation order to use during bootstrapping).
-+Basesystem should be in every installation of a system, and it
-+should never be removed.</description>
-+      </application>
-+      <application>
-+        <name>bash</name>
-+        <version>5.0.17</version>
-+        <release>2.fc33</release>
-+        <arch>x86_64</arch>
-+        <url>https://www.gnu.org/software/bash</url>
-+        <summary>The GNU Bourne Again shell</summary>
-+        <description>The GNU Bourne Again shell (Bash) is a shell or command language
-+interpreter that is compatible with the Bourne shell (sh). Bash
-+incorporates useful features from the Korn shell (ksh) and the C shell
-+(csh). Most sh scripts can be run by bash without modification.</description>
-+      </application>
-+      <application>
-+        <name>fedora-gpg-keys</name>
-+        <version>33</version>
-+        <release>3</release>
-+        <arch>noarch</arch>
-+        <url>https://fedoraproject.org/</url>
-+        <summary>Fedora RPM keys</summary>
-+        <description>This package provides the RPM signature keys.</description>
-+      </application>
-+      <application>
-+        <name>fedora-release</name>
-+        <version>33</version>
-+        <release>3</release>
-+        <arch>noarch</arch>
-+        <url>https://fedoraproject.org/</url>
-+        <summary>Fedora release files</summary>
-+        <description>Fedora release files such as various /etc/ files that define the release
-+and systemd preset files that determine which services are enabled by default.</description>
-+      </application>
-+      <application>
-+        <name>fedora-release-common</name>
-+        <version>33</version>
-+        <release>3</release>
-+        <arch>noarch</arch>
-+        <url>https://fedoraproject.org/</url>
-+        <summary>Fedora release files</summary>
-+        <description>Release files common to all Editions and Spins of Fedora</description>
-+      </application>
-+      <application>
-+        <name>fedora-release-identity-basic</name>
-+        <version>33</version>
-+        <release>3</release>
-+        <arch>noarch</arch>
-+        <url>https://fedoraproject.org/</url>
-+        <summary>Package providing the basic Fedora identity</summary>
-+        <description>Provides the necessary files for a Fedora installation that is not identifying
-+itself as a particular Edition or Spin.</description>
-+      </application>
-+      <application>
-+        <name>fedora-repos</name>
-+        <version>33</version>
-+        <release>3</release>
-+        <arch>noarch</arch>
-+        <url>https://fedoraproject.org/</url>
-+        <summary>Fedora package repositories</summary>
-+        <description>Fedora package repository files for yum and dnf along with gpg public keys.</description>
-+      </application>
-+      <application>
-+        <name>filesystem</name>
-+        <version>3.14</version>
-+        <release>3.fc33</release>
-+        <arch>x86_64</arch>
-+        <url>https://pagure.io/filesystem</url>
-+        <summary>The basic directory layout for a Linux system</summary>
-+        <description>The filesystem package is one of the basic packages that is installed
-+on a Linux system. Filesystem contains the basic directory layout
-+for a Linux operating system, including the correct permissions for
-+the directories.</description>
-+      </application>
-+      <application>
-+        <name>glibc</name>
-+        <version>2.32</version>
-+        <release>4.fc33</release>
-+        <arch>x86_64</arch>
-+        <url>http://www.gnu.org/software/glibc/</url>
-+        <summary>The GNU libc libraries</summary>
-+        <description>The glibc package contains standard libraries which are used by
-+multiple programs on the system. In order to save disk space and
-+memory, as well as to make upgrading easier, common system code is
-+kept in one place and shared between programs. This particular package
-+contains the most important sets of shared libraries: the standard C
-+library and the standard math library. Without these two libraries, a
-+Linux system will not function.</description>
-+      </application>
-+      <application>
-+        <name>glibc-all-langpacks</name>
-+        <version>2.32</version>
-+        <release>4.fc33</release>
-+        <arch>x86_64</arch>
-+        <url>http://www.gnu.org/software/glibc/</url>
-+        <summary>All language packs for glibc.</summary>
-+      </application>
-+      <application>
-+        <name>glibc-common</name>
-+        <version>2.32</version>
-+        <release>4.fc33</release>
-         <arch>x86_64</arch>
-+        <url>http://www.gnu.org/software/glibc/</url>
-+        <summary>Common binaries and locale data for glibc</summary>
-+        <description>The glibc-common package includes common binaries for the GNU libc
-+libraries, as well as national language (locale) support.</description>
-       </application>
-       <application>
-        <name>test2</name>
-        <version>2.0</version>
-        <release>2.fc14</release>
-+        <name>gpg-pubkey</name>
-+        <version>9570ff31</version>
-+        <release>5e3006fb</release>
-+        <arch>(none)</arch>
-+        <url>(none)</url>
-+        <summary>Fedora (33) &lt;fedora-33-primary@fedoraproject.org&gt; public key</summary>
-+        <description>-----BEGIN PGP PUBLIC KEY BLOCK-----
-+Version: rpm-4.16.1.2 (NSS-3)
-+
-+mQINBF4wBvsBEADQmcGbVUbDRUoXADReRmOOEMeydHghtKC9uRs9YNpGYZIB+bie
-+bGYZmflQayfh/wEpO2W/IZfGpHPL42V7SbyvqMjwNls/fnXsCtf4LRofNK8Qd9fN
-+kYargc9R7BEz/mwXKMiRQVx+DzkmqGWy2gq4iD0/mCyf5FdJCE40fOWoIGJXaOI1
-+Tz1vWqKwLS5T0dfmi9U4Tp/XsKOZGvN8oi5h0KmqFk7LEZr1MXarhi2Va86sgxsF
-+QcZEKfu5tgD0r00vXzikoSjn3qA5JW5FW07F1pGP4bF5f9J3CZbQyOjTSWMmmfTm
-+2d2BURWzaDiJN9twY2yjzkoOMuPdXXvovg7KxLcQerKT+FbKbq8DySJX2rnOA77k
-+UG4c9BGf/L1uBkAT8dpHLk6Uf5BfmypxUkydSWT1xfTDnw1MqxO0MsLlAHOR3J7c
-+oW9kLcOLuCQn1hBEwfZv7VSWBkGXSmKfp0LLIxAFgRtv+Dh+rcMMRdJgKr1V3FU+
-+rZ1+ZAfYiBpQJFPjv70vx+rGEgS801D3PJxBZUEy4Ic4ZYaKNhK9x9PRQuWcIBuW
-+6eTe/6lKWZeyxCumLLdiS75mF2oTcBaWeoc3QxrPRV15eDKeYJMbhnUai/7lSrhs
-+EWCkKR1RivgF4slYmtNE5ZPGZ/d61zjwn2xi4xNJVs8q9WRPMpHp0vCyMwARAQAB
-+tDFGZWRvcmEgKDMzKSA8ZmVkb3JhLTMzLXByaW1hcnlAZmVkb3JhcHJvamVjdC5v
-+cmc+iQI4BBMBAgAiBQJeMAb7AhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK
-+CRBJ/XdJlXD/MZm2D/9kriL43vd3+0DNMeA82n2v9mSR2PQqKny39xNlYPyy/1yZ
-+P/KXoa4NYSCA971LSd7lv4n/h5bEKgGHxZfttfOzOnWMVSSTfjRyM/df/NNzTUEV
-+7ORA5GW18g8PEtS7uRxVBf3cLvWu5q+8jmqES5HqTAdGVcuIFQeBXFN8Gy1Jinuz
-+AH8rJSdkUeZ0cehWbERq80BWM9dhad5dW+/+Gv0foFBvP15viwhWqajr8V0B8es+
-+2/tHI0k86FAujV5i0rrXl5UOoLilO57QQNDZH/qW9GsHwVI+2yecLstpUNLq+EZC
-+GqTZCYoxYRpl0gAMbDLztSL/8Bc0tJrCRG3tavJotFYlgUK60XnXlQzRkh9rgsfT
-+EXbQifWdQMMogzjCJr0hzJ+V1d0iozdUxB2ZEgTjukOvatkB77DY1FPZRkSFIQs+
-+fdcjazDIBLIxwJu5QwvTNW8lOLnJ46g4sf1WJoUdNTbR0BaC7HHj1inVWi0p7IuN
-+66EPGzJOSjLK+vW+J0ncPDEgLCV74RF/0nR5fVTdrmiopPrzFuguHf9S9gYI3Zun
-+Yl8FJUu4kRO6JPPTicUXWX+8XZmE94aK14RCJL23nOSi8T1eW8JLW43dCBRO8QUE
-+Aso1t2pypm/1zZexJdOV8yGME3g5l2W6PLgpz58DBECgqc/kda+VWgEAp7rO2A==
-+=EPL3
-+-----END PGP PUBLIC KEY BLOCK-----
-+</description>
-+      </application>
-+      <application>
-+        <name>libgcc</name>
-+        <version>10.2.1</version>
-+        <release>9.fc33</release>
-         <arch>x86_64</arch>
-+        <url>http://gcc.gnu.org</url>
-+        <summary>GCC version 10 shared support library</summary>
-+        <description>This package contains GCC shared support library which is needed
-+e.g. for exception handling support.</description>
-+      </application>
-+      <application>
-+        <name>ncurses-base</name>
-+        <version>6.2</version>
-+        <release>3.20200222.fc33</release>
-+        <arch>noarch</arch>
-+        <url>https://invisible-island.net/ncurses/ncurses.html</url>
-+        <summary>Descriptions of common terminals</summary>
-+        <description>This package contains descriptions of common terminals. Other terminal
-+descriptions are included in the ncurses-term package.</description>
-       </application>
-       <application>
-        <name>test3</name>
-        <version>3.0</version>
-        <release>3.fc14</release>
-+        <name>ncurses-libs</name>
-+        <version>6.2</version>
-+        <release>3.20200222.fc33</release>
-         <arch>x86_64</arch>
-+        <url>https://invisible-island.net/ncurses/ncurses.html</url>
-+        <summary>Ncurses libraries</summary>
-+        <description>The curses library routines are a terminal-independent method of
-+updating character screens with reasonable optimization.  The ncurses
-+(new curses) library is a freely distributable replacement for the
-+discontinued 4.4 BSD classic curses library.
-+
-+This package contains the ncurses libraries.</description>
-+      </application>
-+      <application>
-+        <name>setup</name>
-+        <version>2.13.7</version>
-+        <release>2.fc33</release>
-+        <arch>noarch</arch>
-+        <url>https://pagure.io/setup/</url>
-+        <summary>A set of system configuration and setup files</summary>
-+        <description>The setup package contains a set of important system configuration and
-+setup files, such as passwd, group, and profile.</description>
-+      </application>
-+      <application>
-+        <name>tzdata</name>
-+        <version>2021a</version>
-+        <release>1.fc33</release>
-+        <arch>noarch</arch>
-+        <url>https://www.iana.org/time-zones</url>
-+        <summary>Timezone data</summary>
-+        <description>This package contains data files with rules for various timezones around
-+the world.</description>
-       </application>
-     </applications>
-   </operatingsystem>
-diff --git a/inspector/expected-fedora.img.xml b/inspector/expected-fedora.img.xml
-index df6060a73..72cddaf88 100644
--- a/inspector/expected-fedora.img.xml
-+++ b/inspector/expected-fedora.img.xml
-@@ -30,22 +30,212 @@
-     </filesystems>
-     <applications>
-       <application>
-        <name>test1</name>
-        <version>1.0</version>
-        <release>1.fc14</release>
-+        <name>basesystem</name>
-+        <version>11</version>
-+        <release>10.fc33</release>
-+        <arch>noarch</arch>
-+        <url>(none)</url>
-+        <summary>The skeleton package which defines a simple Fedora system</summary>
-+        <description>Basesystem defines the components of a basic Fedora system
-+(for example, the package installation order to use during bootstrapping).
-+Basesystem should be in every installation of a system, and it
-+should never be removed.</description>
-+      </application>
-+      <application>
-+        <name>bash</name>
-+        <version>5.0.17</version>
-+        <release>2.fc33</release>
-+        <arch>x86_64</arch>
-+        <url>https://www.gnu.org/software/bash</url>
-+        <summary>The GNU Bourne Again shell</summary>
-+        <description>The GNU Bourne Again shell (Bash) is a shell or command language
-+interpreter that is compatible with the Bourne shell (sh). Bash
-+incorporates useful features from the Korn shell (ksh) and the C shell
-+(csh). Most sh scripts can be run by bash without modification.</description>
-+      </application>
-+      <application>
-+        <name>fedora-gpg-keys</name>
-+        <version>33</version>
-+        <release>3</release>
-+        <arch>noarch</arch>
-+        <url>https://fedoraproject.org/</url>
-+        <summary>Fedora RPM keys</summary>
-+        <description>This package provides the RPM signature keys.</description>
-+      </application>
-+      <application>
-+        <name>fedora-release</name>
-+        <version>33</version>
-+        <release>3</release>
-+        <arch>noarch</arch>
-+        <url>https://fedoraproject.org/</url>
-+        <summary>Fedora release files</summary>
-+        <description>Fedora release files such as various /etc/ files that define the release
-+and systemd preset files that determine which services are enabled by default.</description>
-+      </application>
-+      <application>
-+        <name>fedora-release-common</name>
-+        <version>33</version>
-+        <release>3</release>
-+        <arch>noarch</arch>
-+        <url>https://fedoraproject.org/</url>
-+        <summary>Fedora release files</summary>
-+        <description>Release files common to all Editions and Spins of Fedora</description>
-+      </application>
-+      <application>
-+        <name>fedora-release-identity-basic</name>
-+        <version>33</version>
-+        <release>3</release>
-+        <arch>noarch</arch>
-+        <url>https://fedoraproject.org/</url>
-+        <summary>Package providing the basic Fedora identity</summary>
-+        <description>Provides the necessary files for a Fedora installation that is not identifying
-+itself as a particular Edition or Spin.</description>
-+      </application>
-+      <application>
-+        <name>fedora-repos</name>
-+        <version>33</version>
-+        <release>3</release>
-+        <arch>noarch</arch>
-+        <url>https://fedoraproject.org/</url>
-+        <summary>Fedora package repositories</summary>
-+        <description>Fedora package repository files for yum and dnf along with gpg public keys.</description>
-+      </application>
-+      <application>
-+        <name>filesystem</name>
-+        <version>3.14</version>
-+        <release>3.fc33</release>
-+        <arch>x86_64</arch>
-+        <url>https://pagure.io/filesystem</url>
-+        <summary>The basic directory layout for a Linux system</summary>
-+        <description>The filesystem package is one of the basic packages that is installed
-+on a Linux system. Filesystem contains the basic directory layout
-+for a Linux operating system, including the correct permissions for
-+the directories.</description>
-+      </application>
-+      <application>
-+        <name>glibc</name>
-+        <version>2.32</version>
-+        <release>4.fc33</release>
-+        <arch>x86_64</arch>
-+        <url>http://www.gnu.org/software/glibc/</url>
-+        <summary>The GNU libc libraries</summary>
-+        <description>The glibc package contains standard libraries which are used by
-+multiple programs on the system. In order to save disk space and
-+memory, as well as to make upgrading easier, common system code is
-+kept in one place and shared between programs. This particular package
-+contains the most important sets of shared libraries: the standard C
-+library and the standard math library. Without these two libraries, a
-+Linux system will not function.</description>
-+      </application>
-+      <application>
-+        <name>glibc-all-langpacks</name>
-+        <version>2.32</version>
-+        <release>4.fc33</release>
-+        <arch>x86_64</arch>
-+        <url>http://www.gnu.org/software/glibc/</url>
-+        <summary>All language packs for glibc.</summary>
-+      </application>
-+      <application>
-+        <name>glibc-common</name>
-+        <version>2.32</version>
-+        <release>4.fc33</release>
-         <arch>x86_64</arch>
-+        <url>http://www.gnu.org/software/glibc/</url>
-+        <summary>Common binaries and locale data for glibc</summary>
-+        <description>The glibc-common package includes common binaries for the GNU libc
-+libraries, as well as national language (locale) support.</description>
-       </application>
-       <application>
-        <name>test2</name>
-        <version>2.0</version>
-        <release>2.fc14</release>
-+        <name>gpg-pubkey</name>
-+        <version>9570ff31</version>
-+        <release>5e3006fb</release>
-+        <arch>(none)</arch>
-+        <url>(none)</url>
-+        <summary>Fedora (33) &lt;fedora-33-primary@fedoraproject.org&gt; public key</summary>
-+        <description>-----BEGIN PGP PUBLIC KEY BLOCK-----
-+Version: rpm-4.16.1.2 (NSS-3)
-+
-+mQINBF4wBvsBEADQmcGbVUbDRUoXADReRmOOEMeydHghtKC9uRs9YNpGYZIB+bie
-+bGYZmflQayfh/wEpO2W/IZfGpHPL42V7SbyvqMjwNls/fnXsCtf4LRofNK8Qd9fN
-+kYargc9R7BEz/mwXKMiRQVx+DzkmqGWy2gq4iD0/mCyf5FdJCE40fOWoIGJXaOI1
-+Tz1vWqKwLS5T0dfmi9U4Tp/XsKOZGvN8oi5h0KmqFk7LEZr1MXarhi2Va86sgxsF
-+QcZEKfu5tgD0r00vXzikoSjn3qA5JW5FW07F1pGP4bF5f9J3CZbQyOjTSWMmmfTm
-+2d2BURWzaDiJN9twY2yjzkoOMuPdXXvovg7KxLcQerKT+FbKbq8DySJX2rnOA77k
-+UG4c9BGf/L1uBkAT8dpHLk6Uf5BfmypxUkydSWT1xfTDnw1MqxO0MsLlAHOR3J7c
-+oW9kLcOLuCQn1hBEwfZv7VSWBkGXSmKfp0LLIxAFgRtv+Dh+rcMMRdJgKr1V3FU+
-+rZ1+ZAfYiBpQJFPjv70vx+rGEgS801D3PJxBZUEy4Ic4ZYaKNhK9x9PRQuWcIBuW
-+6eTe/6lKWZeyxCumLLdiS75mF2oTcBaWeoc3QxrPRV15eDKeYJMbhnUai/7lSrhs
-+EWCkKR1RivgF4slYmtNE5ZPGZ/d61zjwn2xi4xNJVs8q9WRPMpHp0vCyMwARAQAB
-+tDFGZWRvcmEgKDMzKSA8ZmVkb3JhLTMzLXByaW1hcnlAZmVkb3JhcHJvamVjdC5v
-+cmc+iQI4BBMBAgAiBQJeMAb7AhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK
-+CRBJ/XdJlXD/MZm2D/9kriL43vd3+0DNMeA82n2v9mSR2PQqKny39xNlYPyy/1yZ
-+P/KXoa4NYSCA971LSd7lv4n/h5bEKgGHxZfttfOzOnWMVSSTfjRyM/df/NNzTUEV
-+7ORA5GW18g8PEtS7uRxVBf3cLvWu5q+8jmqES5HqTAdGVcuIFQeBXFN8Gy1Jinuz
-+AH8rJSdkUeZ0cehWbERq80BWM9dhad5dW+/+Gv0foFBvP15viwhWqajr8V0B8es+
-+2/tHI0k86FAujV5i0rrXl5UOoLilO57QQNDZH/qW9GsHwVI+2yecLstpUNLq+EZC
-+GqTZCYoxYRpl0gAMbDLztSL/8Bc0tJrCRG3tavJotFYlgUK60XnXlQzRkh9rgsfT
-+EXbQifWdQMMogzjCJr0hzJ+V1d0iozdUxB2ZEgTjukOvatkB77DY1FPZRkSFIQs+
-+fdcjazDIBLIxwJu5QwvTNW8lOLnJ46g4sf1WJoUdNTbR0BaC7HHj1inVWi0p7IuN
-+66EPGzJOSjLK+vW+J0ncPDEgLCV74RF/0nR5fVTdrmiopPrzFuguHf9S9gYI3Zun
-+Yl8FJUu4kRO6JPPTicUXWX+8XZmE94aK14RCJL23nOSi8T1eW8JLW43dCBRO8QUE
-+Aso1t2pypm/1zZexJdOV8yGME3g5l2W6PLgpz58DBECgqc/kda+VWgEAp7rO2A==
-+=EPL3
-+-----END PGP PUBLIC KEY BLOCK-----
-+</description>
-+      </application>
-+      <application>
-+        <name>libgcc</name>
-+        <version>10.2.1</version>
-+        <release>9.fc33</release>
-         <arch>x86_64</arch>
-+        <url>http://gcc.gnu.org</url>
-+        <summary>GCC version 10 shared support library</summary>
-+        <description>This package contains GCC shared support library which is needed
-+e.g. for exception handling support.</description>
-+      </application>
-+      <application>
-+        <name>ncurses-base</name>
-+        <version>6.2</version>
-+        <release>3.20200222.fc33</release>
-+        <arch>noarch</arch>
-+        <url>https://invisible-island.net/ncurses/ncurses.html</url>
-+        <summary>Descriptions of common terminals</summary>
-+        <description>This package contains descriptions of common terminals. Other terminal
-+descriptions are included in the ncurses-term package.</description>
-       </application>
-       <application>
-        <name>test3</name>
-        <version>3.0</version>
-        <release>3.fc14</release>
-+        <name>ncurses-libs</name>
-+        <version>6.2</version>
-+        <release>3.20200222.fc33</release>
-         <arch>x86_64</arch>
-+        <url>https://invisible-island.net/ncurses/ncurses.html</url>
-+        <summary>Ncurses libraries</summary>
-+        <description>The curses library routines are a terminal-independent method of
-+updating character screens with reasonable optimization.  The ncurses
-+(new curses) library is a freely distributable replacement for the
-+discontinued 4.4 BSD classic curses library.
-+
-+This package contains the ncurses libraries.</description>
-+      </application>
-+      <application>
-+        <name>setup</name>
-+        <version>2.13.7</version>
-+        <release>2.fc33</release>
-+        <arch>noarch</arch>
-+        <url>https://pagure.io/setup/</url>
-+        <summary>A set of system configuration and setup files</summary>
-+        <description>The setup package contains a set of important system configuration and
-+setup files, such as passwd, group, and profile.</description>
-+      </application>
-+      <application>
-+        <name>tzdata</name>
-+        <version>2021a</version>
-+        <release>1.fc33</release>
-+        <arch>noarch</arch>
-+        <url>https://www.iana.org/time-zones</url>
-+        <summary>Timezone data</summary>
-+        <description>This package contains data files with rules for various timezones around
-+the world.</description>
-       </application>
-     </applications>
-   </operatingsystem>
-- 
-2.31.1
-
--- a/SOURCES/0017-launch-libvirt-place-our-virtio-net-pci-device-in-sl.patch
+++ b/SOURCES/0017-launch-libvirt-place-our-virtio-net-pci-device-in-sl.patch
@ -1,65 +0,0 @@
-From 6657d0c1018ab44ae680376463ac3f0421548fb4 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Thu, 23 Dec 2021 11:36:59 +0100
-Subject: [PATCH] launch-libvirt: place our virtio-net-pci device in slot 0x1e
-
-The <qemu:commandline> trick we use for adding our virtio-net-pci device
-in the libvirt backend can conflict with libvirtd's and QEMU's PCI address
-assignment. Try to mitigate that by placing our device in slot 0x1e on the
-root bus. In practice this could only conflict with a "dmi-to-pci-bridge"
-device model, which libvirtd itself places in slot 0x1e. However, given
-the XMLs we generate, and modern QEMU versions, libvirtd has no reason to
-auto-add "dmi-to-pci-bridge". Refer to
-<https://libvirt.org/formatdomain.html#controllers>.
-
-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2034160
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-Message-Id: <20211223103701.12702-2-lersek@redhat.com>
-Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
-Tested-by: Richard W.M. Jones <rjones@redhat.com>
-(cherry picked from commit 5ce5ef6a97a58c5e906083ad4e944545712b3f3f)
---
- lib/guestfs-internal.h | 11 +++++++++++
- lib/launch-libvirt.c   |  4 +++-
- 2 files changed, 14 insertions(+), 1 deletion(-)
-
-diff --git a/lib/guestfs-internal.h b/lib/guestfs-internal.h
-index 4799ee0a1..0b46f0070 100644
--- a/lib/guestfs-internal.h
-+++ b/lib/guestfs-internal.h
-@@ -147,6 +147,17 @@
- #define VIRTIO_DEVICE_NAME(type) type "-pci"
- #endif
- 
-+/* Place the virtio-net controller in slot 0x1e on the root bus, on normal
-+ * hardware with PCI. Refer to RHBZ#2034160.
-+ */
-+#ifdef HAVE_LIBVIRT_BACKEND
-+#if defined(__arm__) || defined(__s390x__)
-+#define VIRTIO_NET_PCI_ADDR ""
-+#else
-+#define VIRTIO_NET_PCI_ADDR ",addr=1e.0"
-+#endif
-+#endif
-+
- /* Guestfs handle and associated structures. */
- 
- /* State. */
-diff --git a/lib/launch-libvirt.c b/lib/launch-libvirt.c
-index 026dc6b26..5842319df 100644
--- a/lib/launch-libvirt.c
-+++ b/lib/launch-libvirt.c
-@@ -1834,7 +1834,9 @@ construct_libvirt_xml_qemu_cmdline (guestfs_h *g,
-       } end_element ();
- 
-       start_element ("qemu:arg") {
-        attribute ("value", VIRTIO_DEVICE_NAME ("virtio-net") ",netdev=usernet");
-+        attribute ("value", (VIRTIO_DEVICE_NAME ("virtio-net")
-+                             ",netdev=usernet"
-+                             VIRTIO_NET_PCI_ADDR));
-       } end_element ();
-     }
- 
-- 
-2.31.1
-
--- a/SOURCES/0018-lib-extract-NETWORK_ADDRESS-and-NETWORK_PREFIX-as-ma.patch
+++ b/SOURCES/0018-lib-extract-NETWORK_ADDRESS-and-NETWORK_PREFIX-as-ma.patch
@ -1,70 +0,0 @@
-From 4b9eac11db3e2cc9ace397ed4c804356a7d9adbf Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Thu, 23 Dec 2021 11:37:00 +0100
-Subject: [PATCH] lib: extract NETWORK_ADDRESS and NETWORK_PREFIX as macros
-
-The 169.254.0.0/16 network specification (for the appliance) is currently
-duplicated between the direct backend and the libvirt backend. In a
-subsequent patch, we're going to need the network specification in yet
-another spot; extract it now to the NETWORK_ADDRESS and NETWORK_PREFIX
-macros (simply as strings).
-
-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2034160
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-Message-Id: <20211223103701.12702-3-lersek@redhat.com>
-Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
-Tested-by: Richard W.M. Jones <rjones@redhat.com>
-(cherry picked from commit 216de164e091a5c36403f24901698044a43ae0d9)
---
- lib/guestfs-internal.h | 6 ++++++
- lib/launch-direct.c    | 2 +-
- lib/launch-libvirt.c   | 3 ++-
- 3 files changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/lib/guestfs-internal.h b/lib/guestfs-internal.h
-index 0b46f0070..97a13ff2c 100644
--- a/lib/guestfs-internal.h
-+++ b/lib/guestfs-internal.h
-@@ -158,6 +158,12 @@
- #endif
- #endif
- 
-+/* Network address and network mask (expressed as address prefix) that the
-+ * appliance will see (if networking is enabled).
-+ */
-+#define NETWORK_ADDRESS "169.254.0.0"
-+#define NETWORK_PREFIX  "16"
-+
- /* Guestfs handle and associated structures. */
- 
- /* State. */
-diff --git a/lib/launch-direct.c b/lib/launch-direct.c
-index b6ed9766f..de17d2167 100644
--- a/lib/launch-direct.c
-+++ b/lib/launch-direct.c
-@@ -681,7 +681,7 @@ launch_direct (guestfs_h *g, void *datav, const char *arg)
-     start_list ("-netdev") {
-       append_list ("user");
-       append_list ("id=usernet");
-      append_list ("net=169.254.0.0/16");
-+      append_list ("net=" NETWORK_ADDRESS "/" NETWORK_PREFIX);
-     } end_list ();
-     start_list ("-device") {
-       append_list (VIRTIO_DEVICE_NAME ("virtio-net"));
-diff --git a/lib/launch-libvirt.c b/lib/launch-libvirt.c
-index 5842319df..0f38f0aec 100644
--- a/lib/launch-libvirt.c
-+++ b/lib/launch-libvirt.c
-@@ -1826,7 +1826,8 @@ construct_libvirt_xml_qemu_cmdline (guestfs_h *g,
-       } end_element ();
- 
-       start_element ("qemu:arg") {
-        attribute ("value", "user,id=usernet,net=169.254.0.0/16");
-+        attribute ("value",
-+                   "user,id=usernet,net=" NETWORK_ADDRESS "/" NETWORK_PREFIX);
-       } end_element ();
- 
-       start_element ("qemu:arg") {
-- 
-2.31.1
-
--- a/SOURCES/0019-launch-libvirt-add-virtio-net-via-the-standard-inter.patch
+++ b/SOURCES/0019-launch-libvirt-add-virtio-net-via-the-standard-inter.patch
@ -1,91 +0,0 @@
-From 8570de6e766297e4c9feab1c54ae05037f33edeb Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Thu, 23 Dec 2021 11:37:01 +0100
-Subject: [PATCH] launch-libvirt: add virtio-net via the standard <interface>
- element
-
-Starting with version 3.8.0, libvirt allows us to specify the network
-address and network mask (as prefix) for SLIRP directly via the
-<interface> element in the domain XML:
-<https://libvirt.org/formatdomain.html#userspace-slirp-stack>. This means
-we don't need the <qemu:commandline> hack for virtio-net on such versions.
-
-Restrict the hack in construct_libvirt_xml_qemu_cmdline() to
-libvirt<3.8.0, and generate the proper <interface> element in
-construct_libvirt_xml_devices() on libvirt>=3.8.0.
-
-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2034160
-Suggested-by: Richard W.M. Jones <rjones@redhat.com>
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-Message-Id: <20211223103701.12702-4-lersek@redhat.com>
-Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
-Tested-by: Richard W.M. Jones <rjones@redhat.com>
-(cherry picked from commit 5858c2cf6c24b3776e3867eafd9d86a1f4912d9c)
---
- lib/guestfs-internal.h |  3 ++-
- lib/launch-libvirt.c   | 27 +++++++++++++++++++++++++--
- 2 files changed, 27 insertions(+), 3 deletions(-)
-
-diff --git a/lib/guestfs-internal.h b/lib/guestfs-internal.h
-index 97a13ff2c..b11c945e9 100644
--- a/lib/guestfs-internal.h
-+++ b/lib/guestfs-internal.h
-@@ -148,7 +148,8 @@
- #endif
- 
- /* Place the virtio-net controller in slot 0x1e on the root bus, on normal
- * hardware with PCI. Refer to RHBZ#2034160.
-+ * hardware with PCI. Necessary only before libvirt 3.8.0. Refer to
-+ * RHBZ#2034160.
-  */
- #ifdef HAVE_LIBVIRT_BACKEND
- #if defined(__arm__) || defined(__s390x__)
-diff --git a/lib/launch-libvirt.c b/lib/launch-libvirt.c
-index 0f38f0aec..f6bb39d99 100644
--- a/lib/launch-libvirt.c
-+++ b/lib/launch-libvirt.c
-@@ -1396,6 +1396,28 @@ construct_libvirt_xml_devices (guestfs_h *g,
-       } end_element ();
-     } end_element ();
- 
-+    /* Virtio-net NIC with SLIRP (= userspace) back-end, if networking is
-+     * enabled. Starting with libvirt 3.8.0, we can specify the network address
-+     * and prefix for SLIRP in the domain XML. Therefore, we can add the NIC
-+     * via the standard <interface> element rather than <qemu:commandline>, and
-+     * so libvirt can manage the PCI address of the virtio-net NIC like the PCI
-+     * addresses of all other devices. Refer to RHBZ#2034160.
-+     */
-+    if (g->enable_network &&
-+        guestfs_int_version_ge (&params->data->libvirt_version, 3, 8, 0)) {
-+      start_element ("interface") {
-+        attribute ("type", "user");
-+        start_element ("model") {
-+          attribute ("type", "virtio");
-+        } end_element ();
-+        start_element ("ip") {
-+          attribute ("family", "ipv4");
-+          attribute ("address", NETWORK_ADDRESS);
-+          attribute ("prefix", NETWORK_PREFIX);
-+        } end_element ();
-+      } end_element ();
-+    }
-+
-     /* Libvirt adds some devices by default.  Indicate to libvirt
-      * that we don't want them.
-      */
-@@ -1818,9 +1840,10 @@ construct_libvirt_xml_qemu_cmdline (guestfs_h *g,
-     } end_element ();
- 
-     /* Workaround because libvirt user networking cannot specify "net="
-     * parameter.
-+     * parameter. Necessary only before libvirt 3.8.0; refer to RHBZ#2034160.
-      */
-    if (g->enable_network) {
-+    if (g->enable_network &&
-+        !guestfs_int_version_ge (&params->data->libvirt_version, 3, 8, 0)) {
-       start_element ("qemu:arg") {
-         attribute ("value", "-netdev");
-       } end_element ();
-- 
-2.31.1
-
--- a/SOURCES/0020-appliance-Use-cpu-max.patch
+++ b/SOURCES/0020-appliance-Use-cpu-max.patch
@ -1,86 +0,0 @@
-From fbb053fc71c0c072acb3fbf6e5fbbfc3b0667fd2 Mon Sep 17 00:00:00 2001
-From: "Richard W.M. Jones" <rjones@redhat.com>
-Date: Thu, 28 Jan 2021 12:20:49 +0000
-Subject: [PATCH] appliance: Use -cpu max.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-QEMU has a newish feature (from about 2017 / qemu 2.9) called -cpu max
-which is supposed to select the best CPU, ideal for libguestfs.
-
-After this change, on x86-64:
-
-               KVM                          TCG
-
-Direct         -cpu max                     -cpu max
-(non-libvirt)
-
-Libvirt   <cpu mode="host-passthrough">     <cpu mode="host-model">
-            <model fallback="allow"/>         <model fallback="allow"/>
-          </cpu>                            </cpu>
-
-Thanks: Daniel Berrangé
-(cherry picked from commit 30f74f38bd6e42e783ba80895f4d6826abddd417)
---
- lib/appliance-cpu.c  | 16 ++++++++--------
- lib/launch-libvirt.c |  9 +++++++++
- 2 files changed, 17 insertions(+), 8 deletions(-)
-
-diff --git a/lib/appliance-cpu.c b/lib/appliance-cpu.c
-index 5ef9f5c72..54ac6e2e3 100644
--- a/lib/appliance-cpu.c
-+++ b/lib/appliance-cpu.c
-@@ -38,6 +38,11 @@
-  *
-  * The literal string C<"host"> means use C<-cpu host>.
-  *
-+ * =item C<"max">
-+ *
-+ * The literal string C<"max"> means use C<-cpu max> (the best
-+ * possible).  This requires awkward translation for libvirt.
-+ *
-  * =item some string
-  *
-  * Some string such as C<"cortex-a57"> means use C<-cpu cortex-a57>.
-@@ -80,14 +85,9 @@ guestfs_int_get_cpu_model (int kvm)
-   /* See discussion in https://bugzilla.redhat.com/show_bug.cgi?id=1605071 */
-   return NULL;
- #else
-  /* On most architectures, it is faster to pass the CPU host model to
-   * the appliance, allowing maximum speed for things like checksums
-   * and encryption.  Only do this with KVM.  It is broken in subtle
-   * ways on TCG, and fairly pointless when you're emulating anyway.
-+  /* On most architectures we can use "max" to get the best possible CPU.
-+   * For recent qemu this should work even on TCG.
-    */
-  if (kvm)
-    return "host";
-  else
-    return NULL;
-+  return "max";
- #endif
- }
-diff --git a/lib/launch-libvirt.c b/lib/launch-libvirt.c
-index f6bb39d99..e3ff1ffe0 100644
--- a/lib/launch-libvirt.c
-+++ b/lib/launch-libvirt.c
-@@ -1169,6 +1169,15 @@ construct_libvirt_xml_cpu (guestfs_h *g,
-           attribute ("fallback", "allow");
-         } end_element ();
-       }
-+      else if (STREQ (cpu_model, "max")) {
-+        if (params->data->is_kvm)
-+          attribute ("mode", "host-passthrough");
-+        else
-+          attribute ("mode", "host-model");
-+        start_element ("model") {
-+          attribute ("fallback", "allow");
-+        } end_element ();
-+      }
-       else
-         single_element ("model", cpu_model);
-     } end_element ();
-- 
-2.31.1
-
--- a/SOURCES/0021-appliance-Use-cpu-mode-maximum-for-cpu-max-on-libvir.patch
+++ b/SOURCES/0021-appliance-Use-cpu-mode-maximum-for-cpu-max-on-libvir.patch
@ -1,48 +0,0 @@
-From 7dde1007525ec235e769351be15ca5de34eeda4a Mon Sep 17 00:00:00 2001
-From: "Richard W.M. Jones" <rjones@redhat.com>
-Date: Thu, 18 Mar 2021 12:32:26 +0000
-Subject: [PATCH] appliance: Use <cpu mode="maximum"/> for -cpu max on libvirt.
-
-Note this requires libvirt >= 7.1.0 which was only released in March 2021.
-
-With an older libvirt you will see this error:
-
-  Original error from libvirt: unsupported configuration: Invalid mode attribute 'maximum' [code=67 int1=-1]
-
-In theory we could check if this is supported by looking at the
-libvirt capabilities and fall back, but this commit does not do that,
-in the expectation that most people will be using the default backend
-(direct) and on Fedora/RHEL we will add an explicit minimum version
-dependency to the package.
-
-qemu support has been around quite a bit longer (at least since 2017).
-
-Fixes: commit 30f74f38bd6e42e783ba80895f4d6826abddd417
-(cherry picked from commit 13ceb6a87b2869909a6a0e3c8caa962b72e4cb0e)
---
- lib/launch-libvirt.c | 9 ++-------
- 1 file changed, 2 insertions(+), 7 deletions(-)
-
-diff --git a/lib/launch-libvirt.c b/lib/launch-libvirt.c
-index e3ff1ffe0..db619910f 100644
--- a/lib/launch-libvirt.c
-+++ b/lib/launch-libvirt.c
-@@ -1170,13 +1170,8 @@ construct_libvirt_xml_cpu (guestfs_h *g,
-         } end_element ();
-       }
-       else if (STREQ (cpu_model, "max")) {
-        if (params->data->is_kvm)
-          attribute ("mode", "host-passthrough");
-        else
-          attribute ("mode", "host-model");
-        start_element ("model") {
-          attribute ("fallback", "allow");
-        } end_element ();
-+        /* https://bugzilla.redhat.com/show_bug.cgi?id=1935572#c11 */
-+        attribute ("mode", "maximum");
-       }
-       else
-         single_element ("model", cpu_model);
-- 
-2.31.1
-
--- a/SOURCES/0022-lib-Disable-5-level-page-tables-when-using-cpu-max.patch
+++ b/SOURCES/0022-lib-Disable-5-level-page-tables-when-using-cpu-max.patch
@ -1,92 +0,0 @@
-From bb19cc0cdd43619ccf830e1e608f79e46f8ddf86 Mon Sep 17 00:00:00 2001
-From: "Richard W.M. Jones" <rjones@redhat.com>
-Date: Thu, 12 May 2022 08:36:37 +0100
-Subject: [PATCH] lib: Disable 5-level page tables when using -cpu max
-
-In https://bugzilla.redhat.com/show_bug.cgi?id=2082806 we've been
-tracking an insidious qemu bug which intermittently prevents the
-libguestfs appliance from starting.  The symptoms are that SeaBIOS
-starts and displays its messages, but the kernel isn't reached.  We
-found that the kernel does in fact start, but when it tries to set up
-page tables and jump to protected mode it gets a triple fault which
-causes the emulated CPU in qemu to reset (qemu exits).
-
-This seems to only affect TCG (not KVM).
-
-Yesterday I found that this is caused by using -cpu max which enables
-the "la57" feature (5-level page tables[0]), and that we can make the
-problem go away using -cpu max,la57=off.  Note that I still don't
-fully understand the qemu bug, so this is only a workaround.
-
-I chose to disable 5-level page tables for both TCG and KVM, partly to
-make the patch simpler, and partly because I guess it's not a feature
-(ie. 57 bit linear addresses) that is useful for the libguestfs
-appliance case, where we have limited physical memory and no need to
-run any programs with huge address spaces.
-
-I tested this by running both the direct & libvirt paths overnight.  I
-expect that this patch will fail with old qemu/libvirt which doesn't
-understand the "la57" feature, but this is only intended as a
-temporary workaround.
-
-[0] Article about 5-level page tables as background:
-https://lwn.net/Articles/717293/
-
-Thanks: Laszlo Ersek
-Fixes: https://answers.launchpad.net/ubuntu/+source/libguestfs/+question/701625
-
-[RHEL 8.7: Patch is not upstream.  This is the initial patch as posted
-to the mailing list here:
-https://listman.redhat.com/archives/libguestfs/2022-May/028853.html]
---
- lib/launch-direct.c  | 15 +++++++++++++--
- lib/launch-libvirt.c |  7 +++++++
- 2 files changed, 20 insertions(+), 2 deletions(-)
-
-diff --git a/lib/launch-direct.c b/lib/launch-direct.c
-index de17d2167..6b28e4724 100644
--- a/lib/launch-direct.c
-+++ b/lib/launch-direct.c
-@@ -534,8 +534,19 @@ launch_direct (guestfs_h *g, void *datav, const char *arg)
-   } end_list ();
- 
-   cpu_model = guestfs_int_get_cpu_model (has_kvm && !force_tcg);
-  if (cpu_model)
-    arg ("-cpu", cpu_model);
-+  if (cpu_model) {
-+#if defined(__x86_64__)
-+    /* Temporary workaround for RHBZ#2082806 */
-+    if (STREQ (cpu_model, "max")) {
-+      start_list ("-cpu") {
-+        append_list (cpu_model);
-+        append_list ("la57=off");
-+      } end_list ();
-+    }
-+    else
-+#endif
-+      arg ("-cpu", cpu_model);
-+  }
- 
-   if (g->smp > 1)
-     arg_format ("-smp", "%d", g->smp);
-diff --git a/lib/launch-libvirt.c b/lib/launch-libvirt.c
-index db619910f..bad4a54ea 100644
--- a/lib/launch-libvirt.c
-+++ b/lib/launch-libvirt.c
-@@ -1172,6 +1172,13 @@ construct_libvirt_xml_cpu (guestfs_h *g,
-       else if (STREQ (cpu_model, "max")) {
-         /* https://bugzilla.redhat.com/show_bug.cgi?id=1935572#c11 */
-         attribute ("mode", "maximum");
-+#if defined(__x86_64__)
-+        /* Temporary workaround for RHBZ#2082806 */
-+        start_element ("feature") {
-+          attribute ("policy", "disable");
-+          attribute ("name", "la57");
-+        } end_element ();
-+#endif
-       }
-       else
-         single_element ("model", cpu_model);
-- 
-2.31.1
-
--- a/SOURCES/0023-docs-guestfs-security-document-CVE-2022-2211.patch
+++ b/SOURCES/0023-docs-guestfs-security-document-CVE-2022-2211.patch
@ -1,103 +0,0 @@
-From 22d779d5982dc82d629710d41973ed6545707bd9 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Tue, 28 Jun 2022 13:54:16 +0200
-Subject: [PATCH] docs/guestfs-security: document CVE-2022-2211
-
-Short log for the common submodule, commit range
-f8de5508fe75..35467027f657:
-
-Laszlo Ersek (2):
-      mlcustomize: factor out pkg install/update/uninstall from guestfs-tools
-      options: fix buffer overflow in get_keys() [CVE-2022-2211]
-
-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453
-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2100862
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-Message-Id: <20220628115418.5376-2-lersek@redhat.com>
-Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
-
-Cherry picked from commit 99844660b48ed809e37378262c65d63df6ce4a53.
-For the cherry pick I only added one submodule commit:
-
-options: fix buffer overflow in get_keys() [CVE-2022-2211]
---
- common                    |  2 +-
- docs/guestfs-security.pod | 28 ++++++++++++++++++++++++++++
- 2 files changed, 29 insertions(+), 1 deletion(-)
-
-Submodule common be09523d6..1174b443a:
-diff --git a/common/options/keys.c b/common/options/keys.c
-index 798315c..d27a712 100644
--- a/common/options/keys.c
-+++ b/common/options/keys.c
-@@ -128,17 +128,23 @@ read_first_line_from_file (const char *filename)
- char **
- get_keys (struct key_store *ks, const char *device, const char *uuid)
- {
-  size_t i, j, len;
-+  size_t i, j, nmemb;
-   char **r;
-   char *s;
- 
-   /* We know the returned list must have at least one element and not
-    * more than ks->nr_keys.
-    */
-  len = 1;
-  if (ks)
-    len = MIN (1, ks->nr_keys);
-  r = calloc (len+1, sizeof (char *));
-+  nmemb = 1;
-+  if (ks && ks->nr_keys > nmemb)
-+    nmemb = ks->nr_keys;
-+
-+  /* make room for the terminating NULL */
-+  if (nmemb == (size_t)-1)
-+    error (EXIT_FAILURE, 0, _("size_t overflow"));
-+  nmemb++;
-+
-+  r = calloc (nmemb, sizeof (char *));
-   if (r == NULL)
-     error (EXIT_FAILURE, errno, "calloc");
- 
-diff --git a/docs/guestfs-security.pod b/docs/guestfs-security.pod
-index 9ceef5623..efa35b29d 100644
--- a/docs/guestfs-security.pod
-+++ b/docs/guestfs-security.pod
-@@ -406,6 +406,34 @@ The libvirt backend is not affected.
- The solution is to update qemu to a version containing the fix (see
- L<https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html>).
- 
-+=head2 CVE-2022-2211
-+
-+L<https://bugzilla.redhat.com/CVE-2022-2211>
-+
-+The C<get_keys> function in F<libguestfs-common/options/keys.c> collects
-+those I<--key> options from the command line into a new array that match
-+a particular block device that's being decrypted for inspection. The
-+function intends to size the result array such that potentially all
-+I<--key> options, plus a terminating C<NULL> element, fit into it. The
-+code mistakenly uses the C<MIN> macro instead of C<MAX>, and therefore
-+only one element is allocated before the C<NULL> terminator.
-+
-+Passing precisely two I<--key ID:...> options on the command line for
-+the encrypted block device C<ID> causes C<get_keys> to overwrite the
-+terminating C<NULL>, leading to an out-of-bounds read in
-+C<decrypt_mountables>, file F<libguestfs-common/options/decrypt.c>.
-+
-+Passing more than two I<--key ID:...> options on the command line for
-+the encrypted block device C<ID> causes C<get_keys> itself to perform
-+out-of-bounds writes. The most common symptom is a crash with C<SIGSEGV>
-+later on.
-+
-+This issue affects -- broadly speaking -- all libguestfs-based utilities
-+that accept I<--key>, namely: C<guestfish>, C<guestmount>, C<virt-cat>,
-+C<virt-customize>, C<virt-diff>, C<virt-edit>, C<virt-get-kernel>,
-+C<virt-inspector>, C<virt-log>, C<virt-ls>, C<virt-sparsify>,
-+C<virt-sysprep>, C<virt-tail>, C<virt-v2v>.
-+
- =head1 SEE ALSO
- 
- L<guestfs(3)>,
-- 
-2.31.1
-
--- a/SOURCES/libguestfs-1.44.0.tar.gz.sig
+++ b/SOURCES/libguestfs-1.44.0.tar.gz.sig
@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAl/1jrcRHHJpY2hAYW5u
-ZXhpYS5vcmcACgkQkXOPc+G3aKCBcQ/+JwE8JTm3PdTPGoKxCqSgAOirbqE4ZvMY
-p/3y5mexagcWXx6X2Y+u6dlybS06jFR8TkbjdE3VAhhJo0C8l1vfvUTWKVDZoBhG
-3jZ6e+exff3VEUY4nFIVvYPNP+/J1BCiexMO0/2f1MDKwnJ73je9GlzwPEpdqPj/
-jSxaAy1G/rA5qV5rWQd4n5S9m8zRnf1lnM7YI7I0PunC2Wt/U6BZidL/FVVWVBxV
-DGKTIy7GgWnfGWdqJ+Wi9o9QCJH/9FGTP35xonyQEM/7GI+jLz+a9g2xgvv584Ni
-FF0Gqywrp5QFd13Nj3MPM7MXjGjUY5vB964k3mgE4fH91CnVvisRWfUCCo+c/9wG
-odS0YTrveWJpm0oYU2tL3AjahRclskAxXEIxx9kbnWMUTrpXG0r8G4+vE+estCjb
-mbyK5FQh2KASqNgmeopjK9DAEwD7SfPyHmPQ07Q76Pgl8X+FfBX2uyXBjaR5IJJJ
-qVVamdVtPilqwWqQ8hGkKE0qVKqZHGCOJ8+AkQjHjUtSVegT6zHmCG/bM4im1dGV
-r9fv6oQ7kWViz8mBluoETWr5sd2AfLOdLS8A42JaOnU7ASJUX/9eN0Y9u4BYC9P3
-l+QXikyq6T/4iC+tADOYGBr9uNitksLwSSUYScpnN+4AY+M+qjXTBq38MEHmwcgK
-5mwscgQefcY=
-=UrAA
-----END PGP SIGNATURE-----
--- a/SOURCES/copy-patches.sh
+++ b/SOURCES/copy-patches.sh
@ -3,10 +3,11 @@
 set -e

 # Maintainer script to copy patches from the git repo to the current
-# directory.  Use it like this:
+# directory.  It's normally only used downstream (ie. in RHEL).  Use
+# it like this:
 #   ./copy-patches.sh

-rhel_version=8.7.0
+rhel_version=10.1

 # Check we're in the right directory.
 if [ ! -f libguestfs.spec ]; then
--- a/SOURCES/guestfish.sh
+++ b/SOURCES/guestfish.sh
--- a/libguestfs-1.56.1.tar.gz.sig
+++ b/libguestfs-1.56.1.tar.gz.sig
@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJFBAABCgAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAmhQPkcRHHJpY2hAYW5u
+ZXhpYS5vcmcACgkQkXOPc+G3aKBzGBAAnhwMRwtiYaw94nMMhZA+896zxzBDi6Wx
+YhWiJ7wrlgx7qchP21Y+As4mz5ldDeiFFsFMXXuIBz2m+G73yM1EGbcwxYlpWV+h
+bSBca5Vd14WFAVX497fWTzcz3UXAvkYmqLJqCliSJ4BdnCuTcCoKK4+sl/F0kwXe
+F2x0YNaUxCMiuscFhmLIkz1r+RDUyuQfCeb+ilkkdsd+Gugq42CkW5kLxCfy/dn7
+gSyj/oaYIaE2bsYW39EKXuJX1qb4DlmwZa8JUsYsi9uZGQbwH+gka9XkKVvbSd6Q
+s7q68xl3DIna7rfIrnLdf/OGcwmPQ0U02Yhfam7tM/4FY2t5hBOSCahBSrZVfuQt
+Q/QXpXiYzoD/nmgUNHgFqgN1kgm22E/qaqwwbKf6k412NDfF+Ez84sZHCcgJH+LR
+/eJrp7lde74QxGervdQ5dYmwNBuv5IPrRJA2kWv97wVDqaOlMgpjpmYNTFyxppZm
+9H2NyI8x+jSZ9KQT0vEjIWpe3Yr5l0zUkLLzLoD7t0DcxTZGVIeHV7n8ITLlK0dH
+Ki/BmkWqs2p39Izv7IWWBlRV/URVxW5zK4zEvRtTQtFidlaRqAy5oWUrARnmO4Te
+sT7Y7ZQss9ZJkcz3JF9lh27JCvD4aRW62y4n2zreq7FXPA67YjbsMJ43BLQ7Gek2
+I0nROw3mmHw=
+=OxmC
+-----END PGP SIGNATURE-----
--- a/SPECS/libguestfs.spec
+++ b/SPECS/libguestfs.spec
--- a/2
+++ b/2
@ -0,0 +1,2 @@
+SHA512 (libguestfs-1.56.1.tar.gz) = 8ec8db8b3de7471c7ab77161fa98349d7b6f88a803ab563f1859606a2ef55737f323b1cf3ef2ebb3055770f4140aabb056f97099ef76fa7ad0f7bd792cc699fc
+SHA512 (libguestfs.keyring) = 297a15edc7c220222b9f650e0a9361ae132d3f0fed04aeb2237a1d9c3f6dac6f336846434f66480faed72635a33f659e849b052e74b88d1508aeff03f8c9a2ac
--- a/SOURCES/yum.conf.in
+++ b/SOURCES/yum.conf.in
Author	SHA1	Message	Date
AlmaLinux RelEng Bot	a6a8a033b8	Revert OL modifications	2026-04-08 18:19:39 -04:00
AlmaLinux RelEng Bot	dcb2346b2e	import Oracle_OSS libguestfs-1.56.1-4.0.1.el10_1	2026-04-08 18:19:37 -04:00