.gitignore

@@ -1,2 +1,2 @@
-SOURCES/libguestfs-1.50.1.tar.gz
+SOURCES/libguestfs-1.44.0.tar.gz
 SOURCES/libguestfs.keyring

.libguestfs.metadata

@@ -1,2 +1,2 @@
-b2ccc62a61d43917d982bb380709cd283fda465a SOURCES/libguestfs-1.50.1.tar.gz
+99d241dc4a5ba0dc6111954ed7a872e0b0bb6944 SOURCES/libguestfs-1.44.0.tar.gz
 1bbc40f501a7fef9eef2a39b701a71aee2fea7c4 SOURCES/libguestfs.keyring

SOURCES/0001-RHEL-8-Remove-libguestfs-live-RHBZ-798980.patch

@@ -0,0 +1,56 @@
+From 5b6d2b05fe0c4035b9791a751e3133d26c7baa2d Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Fri, 21 Dec 2012 15:50:11 +0000
+Subject: [PATCH] RHEL 8: Remove libguestfs live (RHBZ#798980).
+
+This isn't supported in RHEL 8.
+
+Disable daemon tests that require the 'unix' backend.
+---
+ lib/launch-unix.c        | 7 +++++++
+ tests/daemon/Makefile.am | 4 +---
+ 2 files changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/lib/launch-unix.c b/lib/launch-unix.c
+index 0d344f9df..74dd1bb4a 100644
+--- a/lib/launch-unix.c
++++ b/lib/launch-unix.c
+@@ -37,6 +37,12 @@
+ static int
+ launch_unix (guestfs_h *g, void *datav, const char *sockpath)
+ {
++  error (g,
++	 "launch: In RHEL, only the 'libvirt' or 'direct' method is supported.\n"
++	 "In particular, \"libguestfs live\" is not supported.");
++  return -1;
++
++#if 0
+   int r, daemon_sock = -1;
+   struct sockaddr_un addr;
+   uint32_t size;
+@@ -106,6 +112,7 @@ launch_unix (guestfs_h *g, void *datav, const char *sockpath)
+     g->conn = NULL;
+   }
+   return -1;
++#endif
+ }
+ 
+ static int
+diff --git a/tests/daemon/Makefile.am b/tests/daemon/Makefile.am
+index 921e6d1df..8b2887247 100644
+--- a/tests/daemon/Makefile.am
++++ b/tests/daemon/Makefile.am
+@@ -23,9 +23,7 @@ include $(top_srcdir)/subdir-rules.mk
+ 
+ check_DATA = captive-daemon.pm
+ 
+-TESTS = \
+-	test-daemon-start.pl \
+-	test-btrfs.pl
++TESTS =
+ 
+ TESTS_ENVIRONMENT = $(top_builddir)/run --test
+ 
+-- 
+2.31.1
+

SOURCES/0002-RHEL-8-Remove-9p-APIs-from-RHEL-RHBZ-921710.patch

@@ -0,0 +1,330 @@
+From 91b2a6e50211c58ea31a36351ec63c358f708bf9 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Thu, 18 Jul 2013 18:31:53 +0100
+Subject: [PATCH] RHEL 8: Remove 9p APIs from RHEL (RHBZ#921710).
+
+---
+ Makefile.am               |   2 +-
+ daemon/9p.c               | 182 --------------------------------------
+ daemon/Makefile.am        |   1 -
+ docs/C_SOURCE_FILES       |   1 -
+ generator/actions_core.ml |  21 -----
+ generator/proc_nr.ml      |   2 -
+ gobject/Makefile.inc      |   2 -
+ po/POTFILES               |   2 -
+ 8 files changed, 1 insertion(+), 212 deletions(-)
+ delete mode 100644 daemon/9p.c
+
+diff --git a/Makefile.am b/Makefile.am
+index 3df1b6a7a..36e44dfd5 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -78,7 +78,7 @@ SUBDIRS += tests/xfs
+ SUBDIRS += tests/charsets
+ SUBDIRS += tests/xml
+ SUBDIRS += tests/mount-local
+-SUBDIRS += tests/9p
++#SUBDIRS += tests/9p
+ SUBDIRS += tests/rsync
+ SUBDIRS += tests/bigdirs
+ SUBDIRS += tests/disk-labels
+diff --git a/daemon/9p.c b/daemon/9p.c
+deleted file mode 100644
+index 743a96abd..000000000
+--- a/daemon/9p.c
++++ /dev/null
+@@ -1,182 +0,0 @@
+-/* libguestfs - the guestfsd daemon
+- * Copyright (C) 2011 Red Hat Inc.
+- *
+- * This program is free software; you can redistribute it and/or modify
+- * it under the terms of the GNU General Public License as published by
+- * the Free Software Foundation; either version 2 of the License, or
+- * (at your option) any later version.
+- *
+- * This program is distributed in the hope that it will be useful,
+- * but WITHOUT ANY WARRANTY; without even the implied warranty of
+- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+- * GNU General Public License for more details.
+- *
+- * You should have received a copy of the GNU General Public License
+- * along with this program; if not, write to the Free Software
+- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+- */
+-
+-#include <config.h>
+-
+-#include <stdio.h>
+-#include <stdlib.h>
+-#include <string.h>
+-#include <unistd.h>
+-#include <limits.h>
+-#include <errno.h>
+-#include <sys/types.h>
+-#include <sys/stat.h>
+-#include <dirent.h>
+-#include <fcntl.h>
+-
+-#include "ignore-value.h"
+-
+-#include "daemon.h"
+-#include "actions.h"
+-
+-#define BUS_PATH "/sys/bus/virtio/drivers/9pnet_virtio"
+-
+-static void
+-modprobe_9pnet_virtio (void)
+-{
+-  /* Required with Linux 5.6 and maybe earlier kernels.  For unclear
+-   * reasons the module is not an automatic dependency of the 9p
+-   * module so doesn't get loaded automatically.
+-   */
+-  ignore_value (command (NULL, NULL, "modprobe", "9pnet_virtio", NULL));
+-}
+-
+-/* https://bugzilla.redhat.com/show_bug.cgi?id=714981#c1 */
+-char **
+-do_list_9p (void)
+-{
+-  CLEANUP_FREE_STRINGSBUF DECLARE_STRINGSBUF (r);
+-  DIR *dir;
+-
+-  modprobe_9pnet_virtio ();
+-
+-  dir = opendir (BUS_PATH);
+-  if (!dir) {
+-    perror ("opendir: " BUS_PATH);
+-    if (errno != ENOENT) {
+-      reply_with_perror ("opendir: " BUS_PATH);
+-      return NULL;
+-    }
+-
+-    /* If this directory doesn't exist, it probably means that
+-     * the virtio driver isn't loaded.  Don't return an error
+-     * in this case, but return an empty list.
+-     */
+-    if (end_stringsbuf (&r) == -1)
+-      return NULL;
+-
+-    return take_stringsbuf (&r);
+-  }
+-
+-  while (1) {
+-    struct dirent *d;
+-
+-    errno = 0;
+-    d = readdir (dir);
+-    if (d == NULL) break;
+-
+-    if (STRPREFIX (d->d_name, "virtio")) {
+-      CLEANUP_FREE char *mount_tag_path = NULL;
+-      if (asprintf (&mount_tag_path, BUS_PATH "/%s/mount_tag",
+-                    d->d_name) == -1) {
+-        reply_with_perror ("asprintf");
+-        closedir (dir);
+-        return NULL;
+-      }
+-
+-      /* A bit unclear, but it looks like the virtio transport allows
+-       * the mount tag length to be unlimited (or up to 65536 bytes).
+-       * See: linux/include/linux/virtio_9p.h
+-       */
+-      CLEANUP_FREE char *mount_tag = read_whole_file (mount_tag_path, NULL);
+-      if (mount_tag == 0)
+-        continue;
+-
+-      if (add_string (&r, mount_tag) == -1) {
+-        closedir (dir);
+-        return NULL;
+-      }
+-    }
+-  }
+-
+-  /* Check readdir didn't fail */
+-  if (errno != 0) {
+-    reply_with_perror ("readdir: /sys/block");
+-    closedir (dir);
+-    return NULL;
+-  }
+-
+-  /* Close the directory handle */
+-  if (closedir (dir) == -1) {
+-    reply_with_perror ("closedir: /sys/block");
+-    return NULL;
+-  }
+-
+-  /* Sort the tags. */
+-  if (r.size > 0)
+-    sort_strings (r.argv, r.size);
+-
+-  /* NULL terminate the list */
+-  if (end_stringsbuf (&r) == -1)
+-    return NULL;
+-
+-  return take_stringsbuf (&r);
+-}
+-
+-/* Takes optional arguments, consult optargs_bitmask. */
+-int
+-do_mount_9p (const char *mount_tag, const char *mountpoint, const char *options)
+-{
+-  CLEANUP_FREE char *mp = NULL, *opts = NULL, *err = NULL;
+-  struct stat statbuf;
+-  int r;
+-
+-  ABS_PATH (mountpoint, 0, return -1);
+-
+-  mp = sysroot_path (mountpoint);
+-  if (!mp) {
+-    reply_with_perror ("malloc");
+-    return -1;
+-  }
+-
+-  /* Check the mountpoint exists and is a directory. */
+-  if (stat (mp, &statbuf) == -1) {
+-    reply_with_perror ("%s", mountpoint);
+-    return -1;
+-  }
+-  if (!S_ISDIR (statbuf.st_mode)) {
+-    reply_with_perror ("%s: mount point is not a directory", mountpoint);
+-    return -1;
+-  }
+-
+-  /* Add trans=virtio to the options. */
+-  if ((optargs_bitmask & GUESTFS_MOUNT_9P_OPTIONS_BITMASK) &&
+-      STRNEQ (options, "")) {
+-    if (asprintf (&opts, "trans=virtio,%s", options) == -1) {
+-      reply_with_perror ("asprintf");
+-      return -1;
+-    }
+-  }
+-  else {
+-    opts = strdup ("trans=virtio");
+-    if (opts == NULL) {
+-      reply_with_perror ("strdup");
+-      return -1;
+-    }
+-  }
+-
+-  modprobe_9pnet_virtio ();
+-  r = command (NULL, &err,
+-               "mount", "-o", opts, "-t", "9p", mount_tag, mp, NULL);
+-  if (r == -1) {
+-    reply_with_error ("%s on %s: %s", mount_tag, mountpoint, err);
+-    return -1;
+-  }
+-
+-  return 0;
+-}
+diff --git a/daemon/Makefile.am b/daemon/Makefile.am
+index 038be592c..df9dcc4ee 100644
+--- a/daemon/Makefile.am
++++ b/daemon/Makefile.am
+@@ -82,7 +82,6 @@ guestfsd_SOURCES = \
+ 	../common/protocol/guestfs_protocol.h \
+ 	../common/utils/cleanups.h \
+ 	../common/utils/guestfs-utils.h \
+-	9p.c \
+ 	acl.c \
+ 	actions.h \
+ 	available.c \
+diff --git a/docs/C_SOURCE_FILES b/docs/C_SOURCE_FILES
+index cd5bd2924..831b7e25a 100644
+--- a/docs/C_SOURCE_FILES
++++ b/docs/C_SOURCE_FILES
+@@ -63,7 +63,6 @@ common/windows/windows.c
+ common/windows/windows.h
+ customize/crypt-c.c
+ customize/perl_edit-c.c
+-daemon/9p.c
+ daemon/acl.c
+ daemon/actions.h
+ daemon/augeas.c
+diff --git a/generator/actions_core.ml b/generator/actions_core.ml
+index 806565b19..37476c93e 100644
+--- a/generator/actions_core.ml
++++ b/generator/actions_core.ml
+@@ -6157,27 +6157,6 @@ This returns true iff the device exists and contains all zero bytes.
+ 
+ Note that for large devices this can take a long time to run." };
+ 
+-  { defaults with
+-    name = "list_9p"; added = (1, 11, 12);
+-    style = RStringList (RPlainString, "mounttags"), [], [];
+-    shortdesc = "list 9p filesystems";
+-    longdesc = "\
+-List all 9p filesystems attached to the guest.  A list of
+-mount tags is returned." };
+-
+-  { defaults with
+-    name = "mount_9p"; added = (1, 11, 12);
+-    style = RErr, [String (PlainString, "mounttag"); String (PlainString, "mountpoint")], [OString "options"];
+-    camel_name = "Mount9P";
+-    shortdesc = "mount 9p filesystem";
+-    longdesc = "\
+-Mount the virtio-9p filesystem with the tag C<mounttag> on the
+-directory C<mountpoint>.
+-
+-If required, C<trans=virtio> will be automatically added to the options.
+-Any other options required can be passed in the optional C<options>
+-parameter." };
+-
+   { defaults with
+     name = "list_dm_devices"; added = (1, 11, 15);
+     style = RStringList (RDevice, "devices"), [], [];
+diff --git a/generator/proc_nr.ml b/generator/proc_nr.ml
+index 30e42864f..57976be36 100644
+--- a/generator/proc_nr.ml
++++ b/generator/proc_nr.ml
+@@ -295,8 +295,6 @@ let proc_nr = [
+ 282, "internal_autosync";
+ 283, "is_zero";
+ 284, "is_zero_device";
+-285, "list_9p";
+-286, "mount_9p";
+ 287, "list_dm_devices";
+ 288, "ntfsresize";
+ 289, "btrfs_filesystem_resize";
+diff --git a/gobject/Makefile.inc b/gobject/Makefile.inc
+index 650f8ddac..c4e735967 100644
+--- a/gobject/Makefile.inc
++++ b/gobject/Makefile.inc
+@@ -94,7 +94,6 @@ guestfs_gobject_headers= \
+   include/guestfs-gobject/optargs-mksquashfs.h \
+   include/guestfs-gobject/optargs-mkswap.h \
+   include/guestfs-gobject/optargs-mktemp.h \
+-  include/guestfs-gobject/optargs-mount_9p.h \
+   include/guestfs-gobject/optargs-mount_local.h \
+   include/guestfs-gobject/optargs-ntfsclone_out.h \
+   include/guestfs-gobject/optargs-ntfsfix.h \
+@@ -188,7 +187,6 @@ guestfs_gobject_sources= \
+   src/optargs-mksquashfs.c \
+   src/optargs-mkswap.c \
+   src/optargs-mktemp.c \
+-  src/optargs-mount_9p.c \
+   src/optargs-mount_local.c \
+   src/optargs-ntfsclone_out.c \
+   src/optargs-ntfsfix.c \
+diff --git a/po/POTFILES b/po/POTFILES
+index 69ea7134a..0782e8ceb 100644
+--- a/po/POTFILES
++++ b/po/POTFILES
+@@ -47,7 +47,6 @@ common/visit/visit.c
+ common/windows/windows.c
+ customize/crypt-c.c
+ customize/perl_edit-c.c
+-daemon/9p.c
+ daemon/acl.c
+ daemon/augeas.c
+ daemon/available.c
+@@ -277,7 +276,6 @@ gobject/src/optargs-mkfs_btrfs.c
+ gobject/src/optargs-mksquashfs.c
+ gobject/src/optargs-mkswap.c
+ gobject/src/optargs-mktemp.c
+-gobject/src/optargs-mount_9p.c
+ gobject/src/optargs-mount_local.c
+ gobject/src/optargs-ntfsclone_out.c
+ gobject/src/optargs-ntfsfix.c
+-- 
+2.31.1
+

SOURCES/0002-update-common-submodule.patch

@@ -1,37 +0,0 @@
-From 89b6c8b458dcb00de83b543c47a6acb049f63f18 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Tue, 21 Mar 2023 16:55:15 +0100
-Subject: [PATCH] update common submodule
-
-HATAYAMA Daisuke (1):
-      progress: fix segmentation fault when TERM variable is "dumb"
-
-Laszlo Ersek (2):
-      detect_kernels: tighten "try" scope
-      detect_kernels: deal with RHEL's kernel-core / kernel-modules-core split
-
-rwmjones (1):
-      Merge pull request #5 from d-hatayama/fix_segfault_progress_bar
-
-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2175703
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-(cherry picked from commit be11d25b3e2770d86699e94c5087e6625477d5ec)
----
- common | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Submodule common 360e037d..70c10a07:
-diff --git a/common/progress/progress.c b/common/progress/progress.c
-index 4d52b97e..e4b30663 100644
---- a/common/progress/progress.c
-+++ b/common/progress/progress.c
-@@ -318,7 +318,8 @@ progress_bar_set (struct progress_bar *bar,
-        * (b) it's just not possible to use tputs in a sane way here.
-        */
-       /*tputs (UP, 2, putchar);*/
--      fprintf (fp, "%s", UP);
-+      if (UP)
-+        fprintf (fp, "%s", UP);
-     }
-     bar->count++;
- 

SOURCES/0003-RHEL-8-Disable-unsupported-remote-drive-protocols-RH.patch

@@ -1,7 +1,7 @@
-From ab7e68dbeefe464734bd63a862a36f612f76d396 Mon Sep 17 00:00:00 2001
+From 4dd2f3f56a39411a255ad0a8f38081d46620dbd8 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Mon, 29 Jul 2013 14:47:56 +0100
-Subject: [PATCH] RHEL: Disable unsupported remote drive protocols
+Subject: [PATCH] RHEL 8: Disable unsupported remote drive protocols
  (RHBZ#962113).
 
 This disables support for unsupported remote drive protocols:
@@ -18,7 +18,7 @@ This disables support for unsupported remote drive protocols:
 
 Note 'nbd' is not disabled, and of course 'file' works.
 
-We hope to gradually add some of these back over the lifetime of RHEL.
+We hope to gradually add some of these back over the lifetime of RHEL 8.
 ---
  docs/guestfs-testing.pod               |  20 -----
  fish/guestfish.pod                     |  66 ++--------------
@@ -31,7 +31,7 @@ We hope to gradually add some of these back over the lifetime of RHEL.
  8 files changed, 16 insertions(+), 348 deletions(-)
 
 diff --git a/docs/guestfs-testing.pod b/docs/guestfs-testing.pod
-index 47f381a7..c7b44928 100644
+index f558964bf..8f264ed17 100644
 --- a/docs/guestfs-testing.pod
 +++ b/docs/guestfs-testing.pod
 @@ -109,26 +109,6 @@ image.  To exit, type C<exit>.
@@ -62,7 +62,7 @@ index 47f381a7..c7b44928 100644
  
  Run L<virt-alignment-scan(1)> on guests or disk images:
 diff --git a/fish/guestfish.pod b/fish/guestfish.pod
-index ccc0825b..d36cac9d 100644
+index 9f086f110..bb4167b06 100644
 --- a/fish/guestfish.pod
 +++ b/fish/guestfish.pod
 @@ -131,9 +131,9 @@ To list what is available do:
@@ -77,7 +77,7 @@ index ccc0825b..d36cac9d 100644
  
  =head2 Remote control
  
-@@ -1129,12 +1129,12 @@ L<guestfs(3)/REMOTE STORAGE>>.
+@@ -1134,12 +1134,12 @@ L<guestfs(3)/REMOTE STORAGE>>.
  On the command line, you can use the I<-a> option to add network
  block devices using a URI-style format, for example:
  
@@ -92,7 +92,7 @@ index ccc0825b..d36cac9d 100644
  
  The possible I<-a URI> formats are described below.
  
-@@ -1144,40 +1144,6 @@ The possible I<-a URI> formats are described below.
+@@ -1149,40 +1149,6 @@ The possible I<-a URI> formats are described below.
  
  Add the local disk image (or device) called F<disk.img>.
  
@@ -133,7 +133,7 @@ index ccc0825b..d36cac9d 100644
  =head2 B<-a nbd://example.com[:port]>
  
  =head2 B<-a nbd://example.com[:port]/exportname>
-@@ -1212,35 +1178,13 @@ The equivalent API command would be:
+@@ -1217,35 +1183,13 @@ The equivalent API command would be:
  
   ><fs> add pool/disk protocol:rbd server:tcp:example.com:port
  
@@ -171,7 +171,7 @@ index ccc0825b..d36cac9d 100644
  In this case, the password is C<pass@word>.
  
 diff --git a/fish/test-add-uri.sh b/fish/test-add-uri.sh
-index 21d42498..ddabeb63 100755
+index 21d424984..ddabeb639 100755
 --- a/fish/test-add-uri.sh
 +++ b/fish/test-add-uri.sh
 @@ -40,14 +40,6 @@ function fail ()
@@ -220,10 +220,10 @@ index 21d42498..ddabeb63 100755
  rm test-add-uri.out
  rm test-add-uri.img
 diff --git a/generator/actions_core.ml b/generator/actions_core.ml
-index c8d9949b..26c576c7 100644
+index 37476c93e..9f0402510 100644
 --- a/generator/actions_core.ml
 +++ b/generator/actions_core.ml
-@@ -350,29 +350,6 @@ F<filename> is interpreted as a local file or device.
+@@ -297,29 +297,6 @@ F<filename> is interpreted as a local file or device.
  This is the default if the optional protocol parameter
  is omitted.
  
@@ -253,7 +253,7 @@ index c8d9949b..26c576c7 100644
  =item C<protocol = \"nbd\">
  
  Connect to the Network Block Device server.
-@@ -389,22 +366,6 @@ The C<secret> parameter may be supplied.  See below.
+@@ -336,22 +313,6 @@ The C<secret> parameter may be supplied.  See below.
  
  See also: L<guestfs(3)/CEPH>.
  
@@ -276,7 +276,7 @@ index c8d9949b..26c576c7 100644
  =back
  
  =item C<server>
-@@ -415,13 +376,8 @@ is a list of server(s).
+@@ -362,13 +323,8 @@ is a list of server(s).
   Protocol       Number of servers required
   --------       --------------------------
   file           List must be empty or param not used at all
@@ -290,7 +290,7 @@ index c8d9949b..26c576c7 100644
  
  Each list element is a string specifying a server.  The string must be
  in one of the following formats:
-@@ -437,10 +393,10 @@ for the protocol is used (see F</etc/services>).
+@@ -384,10 +340,10 @@ for the protocol is used (see F</etc/services>).
  
  =item C<username>
  
@@ -305,10 +305,10 @@ index c8d9949b..26c576c7 100644
  example if using the libvirt backend and if the libvirt backend is configured to
  start the qemu appliance as a special user such as C<qemu.qemu>.  If in doubt,
 diff --git a/lib/drives.c b/lib/drives.c
-index c5a20846..efb28925 100644
+index 46af66db4..c81ded5d7 100644
 --- a/lib/drives.c
 +++ b/lib/drives.c
-@@ -166,6 +166,7 @@ create_drive_non_file (guestfs_h *g,
+@@ -168,6 +168,7 @@ create_drive_non_file (guestfs_h *g,
    return drv;
  }
  
@@ -316,7 +316,7 @@ index c5a20846..efb28925 100644
  static struct drive *
  create_drive_curl (guestfs_h *g,
                     const struct drive_create_data *data)
-@@ -224,6 +225,7 @@ create_drive_gluster (guestfs_h *g,
+@@ -226,6 +227,7 @@ create_drive_gluster (guestfs_h *g,
  
    return create_drive_non_file (g, data);
  }
@@ -324,7 +324,7 @@ index c5a20846..efb28925 100644
  
  static int
  nbd_port (void)
-@@ -292,6 +294,7 @@ create_drive_rbd (guestfs_h *g,
+@@ -294,6 +296,7 @@ create_drive_rbd (guestfs_h *g,
    return create_drive_non_file (g, data);
  }
  
@@ -332,7 +332,7 @@ index c5a20846..efb28925 100644
  static struct drive *
  create_drive_sheepdog (guestfs_h *g,
                         const struct drive_create_data *data)
-@@ -392,6 +395,7 @@ create_drive_iscsi (guestfs_h *g,
+@@ -394,6 +397,7 @@ create_drive_iscsi (guestfs_h *g,
  
    return create_drive_non_file (g, data);
  }
@@ -340,7 +340,7 @@ index c5a20846..efb28925 100644
  
  /**
   * Create the special F</dev/null> drive.
-@@ -842,6 +846,7 @@ guestfs_impl_add_drive_opts (guestfs_h *g, const char *filename,
+@@ -856,6 +860,7 @@ guestfs_impl_add_drive_opts (guestfs_h *g, const char *filename,
        drv = create_drive_file (g, &data);
      }
    }
@@ -348,7 +348,7 @@ index c5a20846..efb28925 100644
    else if (STREQ (protocol, "ftp")) {
      data.protocol = drive_protocol_ftp;
      drv = create_drive_curl (g, &data);
-@@ -866,6 +871,7 @@ guestfs_impl_add_drive_opts (guestfs_h *g, const char *filename,
+@@ -880,6 +885,7 @@ guestfs_impl_add_drive_opts (guestfs_h *g, const char *filename,
      data.protocol = drive_protocol_iscsi;
      drv = create_drive_iscsi (g, &data);
    }
@@ -356,7 +356,7 @@ index c5a20846..efb28925 100644
    else if (STREQ (protocol, "nbd")) {
      data.protocol = drive_protocol_nbd;
      drv = create_drive_nbd (g, &data);
-@@ -874,6 +880,7 @@ guestfs_impl_add_drive_opts (guestfs_h *g, const char *filename,
+@@ -888,6 +894,7 @@ guestfs_impl_add_drive_opts (guestfs_h *g, const char *filename,
      data.protocol = drive_protocol_rbd;
      drv = create_drive_rbd (g, &data);
    }
@@ -364,7 +364,7 @@ index c5a20846..efb28925 100644
    else if (STREQ (protocol, "sheepdog")) {
      data.protocol = drive_protocol_sheepdog;
      drv = create_drive_sheepdog (g, &data);
-@@ -886,6 +893,7 @@ guestfs_impl_add_drive_opts (guestfs_h *g, const char *filename,
+@@ -900,6 +907,7 @@ guestfs_impl_add_drive_opts (guestfs_h *g, const char *filename,
      data.protocol = drive_protocol_tftp;
      drv = create_drive_curl (g, &data);
    }
@@ -373,12 +373,12 @@ index c5a20846..efb28925 100644
      error (g, _("unknown protocol ‘%s’"), protocol);
      drv = NULL; /*FALLTHROUGH*/
 diff --git a/lib/guestfs.pod b/lib/guestfs.pod
-index c6c8cb16..866a4638 100644
+index bce9eb79f..2bb13b875 100644
 --- a/lib/guestfs.pod
 +++ b/lib/guestfs.pod
-@@ -723,70 +723,6 @@ a qcow2 backing file specification, libvirt does not construct an
+@@ -715,70 +715,6 @@ servers.  The server string is documented in
- ephemeral secret object from those, for Ceph authentication.  Refer to
+ L</guestfs_add_drive_opts>. The C<username> and C<secret> parameters are
- L<https://bugzilla.redhat.com/2033247>.
+ also optional, and if not given, then no authentication will be used.
  
 -=head3 FTP, HTTP AND TFTP
 -
@@ -447,7 +447,7 @@ index c6c8cb16..866a4638 100644
  =head3 NETWORK BLOCK DEVICE
  
  Libguestfs can access Network Block Device (NBD) disks remotely.
-@@ -849,42 +785,6 @@ L<https://bugs.launchpad.net/qemu/+bug/1155677>
+@@ -841,42 +777,6 @@ L<https://bugs.launchpad.net/qemu/+bug/1155677>
  
  =back
  
@@ -491,10 +491,10 @@ index c6c8cb16..866a4638 100644
  
  Libguestfs has APIs for inspecting an unknown disk image to find out
 diff --git a/tests/disks/test-qemu-drive-libvirt.sh b/tests/disks/test-qemu-drive-libvirt.sh
-index d86a1ecd..cf7d2a0c 100755
+index 3c5aa592e..f73827bd6 100755
 --- a/tests/disks/test-qemu-drive-libvirt.sh
 +++ b/tests/disks/test-qemu-drive-libvirt.sh
-@@ -65,34 +65,6 @@ check_output
+@@ -64,34 +64,6 @@ check_output
  grep -sq -- '-drive file=rbd:abc-def/ghi-jkl:auth_supported=none,' "$DEBUG_QEMU_FILE" || fail ceph2
  rm "$DEBUG_QEMU_FILE"
  
@@ -530,7 +530,7 @@ index d86a1ecd..cf7d2a0c 100755
  
  $guestfish -d pool1 run ||:
 diff --git a/tests/disks/test-qemu-drive.sh b/tests/disks/test-qemu-drive.sh
-index 12937fb3..b3e4f990 100755
+index 19dd60a2f..583e031bd 100755
 --- a/tests/disks/test-qemu-drive.sh
 +++ b/tests/disks/test-qemu-drive.sh
 @@ -62,45 +62,6 @@ check_output
@@ -604,3 +604,6 @@ index 12937fb3..b3e4f990 100755
 -check_output
 -grep -sq -- '-drive file=ssh://rich@example.com/disk.img,' "$DEBUG_QEMU_FILE" || fail
 -rm "$DEBUG_QEMU_FILE"
+-- 
+2.31.1
+

SOURCES/0003-daemon-selinux-relabel-don-t-exclude-selinux-if-it-s.patch

@@ -1,63 +0,0 @@
-From e58cd8df467e342463d08e3d761c2e322287b13e Mon Sep 17 00:00:00 2001
-From: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
-Date: Wed, 26 Apr 2023 15:59:44 +0300
-Subject: [PATCH] daemon/selinux-relabel: don't exclude "/selinux" if it's
- non-existent
-
-Since RHBZ#726528, filesystem.rpm doesn't include /selinux.  setfiles
-then gives us the warning: "Can't stat exclude path "/sysroot/selinux",
-No such file or directory - ignoring."
-
-Though the warning is harmless, let's get rid of it by checking the
-existence of /selinux directory.
-
-Signed-off-by: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
-Reviewed-by: Laszlo Ersek <lersek@redhat.com>
-Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
-(cherry picked from commit 9ced5fac8c1f0f8ff7ed2b5671c1c7f5f0bfa875)
----
- daemon/selinux-relabel.c | 16 +++++++++++++++-
- 1 file changed, 15 insertions(+), 1 deletion(-)
-
-diff --git a/daemon/selinux-relabel.c b/daemon/selinux-relabel.c
-index 976cffe3..454486c1 100644
---- a/daemon/selinux-relabel.c
-+++ b/daemon/selinux-relabel.c
-@@ -21,6 +21,7 @@
- #include <stdio.h>
- #include <stdlib.h>
- #include <string.h>
-+#include <sys/stat.h>
- 
- #include "guestfs_protocol.h"
- #include "daemon.h"
-@@ -37,6 +38,17 @@ optgroup_selinuxrelabel_available (void)
-   return prog_exists ("setfiles");
- }
- 
-+static int
-+dir_exists (const char *dir)
-+{
-+  struct stat statbuf;
-+
-+  if (stat (dir, &statbuf) == 0 && S_ISDIR (statbuf.st_mode))
-+    return 1;
-+  else
-+    return 0;
-+}
-+
- static int
- setfiles_has_option (int *flag, char opt_char)
- {
-@@ -99,8 +111,10 @@ do_selinux_relabel (const char *specfile, const char *path,
-    */
-   ADD_ARG (argv, i, "-e"); ADD_ARG (argv, i, s_dev);
-   ADD_ARG (argv, i, "-e"); ADD_ARG (argv, i, s_proc);
--  ADD_ARG (argv, i, "-e"); ADD_ARG (argv, i, s_selinux);
-   ADD_ARG (argv, i, "-e"); ADD_ARG (argv, i, s_sys);
-+  if (dir_exists (s_selinux)) {
-+    ADD_ARG (argv, i, "-e"); ADD_ARG (argv, i, s_selinux);
-+  }
- 
-   /* You have to use the -m option (where available) otherwise
-    * setfiles puts all the mountpoints on the excludes list for no

SOURCES/0004-RHEL-8-Remove-User-Mode-Linux-RHBZ-1144197.patch

@@ -0,0 +1,72 @@
+From 34f8c6a5eb0eabfba4ab1831b45e2baa73a4b501 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Fri, 19 Sep 2014 13:38:20 +0100
+Subject: [PATCH] RHEL 8: Remove User-Mode Linux (RHBZ#1144197).
+
+This isn't supported in RHEL 8.
+---
+ lib/launch-uml.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/lib/launch-uml.c b/lib/launch-uml.c
+index 5aec50a57..8b9fcd770 100644
+--- a/lib/launch-uml.c
++++ b/lib/launch-uml.c
+@@ -44,7 +44,9 @@ struct backend_uml_data {
+   char umid[UML_UMID_LEN+1];    /* umid=<...> unique ID. */
+ };
+ 
++#if 0
+ static void print_vmlinux_command_line (guestfs_h *g, char **argv);
++#endif
+ 
+ /* Run uml_mkcow to create a COW overlay. */
+ static char *
+@@ -81,6 +83,7 @@ create_cow_overlay_uml (guestfs_h *g, void *datav, struct drive *drv)
+   return make_cow_overlay (g, drv->src.u.path);
+ }
+ 
++#if 0
+ /* Test for features which are not supported by the UML backend.
+  * Possibly some of these should just be warnings, not errors.
+  */
+@@ -133,10 +136,17 @@ uml_supported (guestfs_h *g)
+ 
+   return true;
+ }
++#endif
+ 
+ static int
+ launch_uml (guestfs_h *g, void *datav, const char *arg)
+ {
++  error (g,
++	 "launch: In RHEL, only the 'libvirt' or 'direct' method is supported.\n"
++	 "In particular, User-Mode Linux (UML) is not supported.");
++  return -1;
++
++#if 0
+   struct backend_uml_data *data = datav;
+   CLEANUP_FREE_STRINGSBUF DECLARE_STRINGSBUF (cmdline);
+   int console_sock = -1, daemon_sock = -1;
+@@ -496,8 +506,10 @@ launch_uml (guestfs_h *g, void *datav, const char *arg)
+   }
+   g->state = CONFIG;
+   return -1;
++#endif
+ }
+ 
++#if 0
+ /* This is called from the forked subprocess just before vmlinux runs,
+  * so it can just print the message straight to stderr, where it will
+  * be picked up and funnelled through the usual appliance event API.
+@@ -527,6 +539,7 @@ print_vmlinux_command_line (guestfs_h *g, char **argv)
+ 
+   fputc ('\n', stderr);
+ }
++#endif
+ 
+ static int
+ shutdown_uml (guestfs_h *g, void *datav, int check_for_errors)
+-- 
+2.31.1
+

SOURCES/0004-daemon-selinux-relabel-search-for-invalid-option-in-.patch

@@ -1,33 +0,0 @@
-From c1829048c598e11950c9d355fdd5c177a99e046f Mon Sep 17 00:00:00 2001
-From: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
-Date: Wed, 26 Apr 2023 15:59:45 +0300
-Subject: [PATCH] daemon/selinux-relabel: search for "invalid option" in
- setfiles output
-
-'X' in the setiles' stderr doesn't necessarily mean that option 'X'
-doesn't exist.  For instance, when passing '-T' we get: "setfiles:
-option requires an argument -- 'T'".
-
-Signed-off-by: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
-Reviewed-by: Laszlo Ersek <lersek@redhat.com>
-Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
-(cherry picked from commit 152d6e4bdf2dac88856a4ff83cf73451f897d4d4)
----
- daemon/selinux-relabel.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/daemon/selinux-relabel.c b/daemon/selinux-relabel.c
-index 454486c1..60a6f48a 100644
---- a/daemon/selinux-relabel.c
-+++ b/daemon/selinux-relabel.c
-@@ -56,8 +56,9 @@ setfiles_has_option (int *flag, char opt_char)
- 
-   if (*flag == -1) {
-     char option[] = { '-', opt_char, '\0' };       /* "-X" */
--    char err_opt[] = { '\'', opt_char, '\'', '\0'}; /* "'X'" */
-+    char err_opt[32];     /* "invalid option -- 'X'" */
- 
-+    snprintf(err_opt, sizeof(err_opt), "invalid option -- '%c'", opt_char);
-     ignore_value (command (NULL, &err, "setfiles", option, NULL));
-     *flag = err && strstr (err, /* "invalid option -- " */ err_opt) == NULL;
-   }

SOURCES/0005-RHEL-8-Reject-use-of-libguestfs-winsupport-features-.patch

@@ -1,8 +1,8 @@
-From b74c6c8520773c2ef4a4d69b08b70e5ceeb06964 Mon Sep 17 00:00:00 2001
+From cb2ac63562447e2780bd7103ed060fd6013b9054 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Tue, 7 Jul 2015 09:28:03 -0400
-Subject: [PATCH] RHEL: Reject use of libguestfs-winsupport features except for
+Subject: [PATCH] RHEL 8: Reject use of libguestfs-winsupport features except
- virt-* tools (RHBZ#1240276).
+ for virt-* tools (RHBZ#1240276).
 
 Fix the tests: it doesn't let us use guestfish for arbitrary Windows
 edits.
@@ -13,7 +13,7 @@ edits.
  3 files changed, 19 insertions(+)
 
 diff --git a/generator/c.ml b/generator/c.ml
-index 447059b8..0391dd3d 100644
+index 86d3b26f8..a625361a9 100644
 --- a/generator/c.ml
 +++ b/generator/c.ml
 @@ -1846,6 +1846,22 @@ and generate_client_actions actions () =
@@ -40,7 +40,7 @@ index 447059b8..0391dd3d 100644
       * as a progress bar hint.
       *)
 diff --git a/test-data/phony-guests/make-windows-img.sh b/test-data/phony-guests/make-windows-img.sh
-index 16debd12..1c13ddac 100755
+index 30908a918..73cf5144e 100755
 --- a/test-data/phony-guests/make-windows-img.sh
 +++ b/test-data/phony-guests/make-windows-img.sh
 @@ -37,6 +37,7 @@ fi
@@ -52,10 +52,10 @@ index 16debd12..1c13ddac 100755
  run
  
 diff --git a/tests/charsets/test-charset-fidelity.c b/tests/charsets/test-charset-fidelity.c
-index 105291dc..5ca4f3b6 100644
+index 39ccc2068..2b2e2d8a9 100644
 --- a/tests/charsets/test-charset-fidelity.c
 +++ b/tests/charsets/test-charset-fidelity.c
-@@ -96,6 +96,8 @@ main (int argc, char *argv[])
+@@ -94,6 +94,8 @@ main (int argc, char *argv[])
    if (g == NULL)
      error (EXIT_FAILURE, 0, "failed to create handle");
  
@@ -64,3 +64,6 @@ index 105291dc..5ca4f3b6 100644
    if (guestfs_add_drive_scratch (g, 1024*1024*1024, -1) == -1)
      exit (EXIT_FAILURE);
  
+-- 
+2.31.1
+

SOURCES/0005-daemon-selinux-relabel-run-setfiles-with-T-0-if-supp.patch

@@ -1,78 +0,0 @@
-From 3046af080baad9935627ebb671950448cfd0fa7b Mon Sep 17 00:00:00 2001
-From: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
-Date: Wed, 26 Apr 2023 15:59:46 +0300
-Subject: [PATCH] daemon/selinux-relabel: run setfiles with "-T 0", if
- supported
-
-Since SELinux userspace v3.4 [1], setfiles command supports "-T nthreads"
-option, which allows parallel execution.  "-T 0" allows using as many
-threads as there're available CPU cores.  This might speed up the process
-of filesystem relabeling in case the appliance is being run with multiple
-vCPUs.  The latter is true for at least v2v starting from d2b64ecc67
-("v2v: Set the number of vCPUs to same as host number of pCPUs.").
-
-For instance, when running virt-v2v-in-place on my 12-core Xeon host
-with SSD, with appliance being run with 8 vCPUs (the upper limit specified
-in d2b64ecc67), and on the ~150GiB disk VM (physical size on the host),
-I get the following results:
-
-./in-place/virt-v2v-in-place -i libvirt fedora37-vm -v -x
-
-Without this patch:
-...
-commandrvf: setfiles -F -e /sysroot/dev -e /sysroot/proc -e /sysroot/sys -m -C -r /sysroot -v /sysroot/etc/selinux/targeted/contexts/files/file_contexts /sysroot/^M
-libguestfs: trace: v2v: selinux_relabel = 0
-libguestfs: trace: v2v: rm_f "/.autorelabel"
-guestfsd: => selinux_relabel (0x1d3) took 17.94 secs
-...
-
-With this patch:
-...
-commandrvf: setfiles -F -e /sysroot/dev -e /sysroot/proc -e /sysroot/sys -m -C -T 0 -r /sysroot -v /sysroot/etc/selinux/targeted/contexts/files/file_contexts /sysroot/^M
-libguestfs: trace: v2v: selinux_relabel = 0
-libguestfs: trace: v2v: rm_f "/.autorelabel"
-guestfsd: => selinux_relabel (0x1d3) took 5.88 secs
-...
-
-So in my scenario it's getting 3 times faster.
-
-[1] https://github.com/SELinuxProject/selinux/releases/tag/3.4
-
-Signed-off-by: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
-Reviewed-by: Laszlo Ersek <lersek@redhat.com>
-Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
-(cherry picked from commit d0d8e6738477148a7b752348f9364a3b8faed67f)
----
- daemon/selinux-relabel.c | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
-diff --git a/daemon/selinux-relabel.c b/daemon/selinux-relabel.c
-index 60a6f48a..cfc5a31d 100644
---- a/daemon/selinux-relabel.c
-+++ b/daemon/selinux-relabel.c
-@@ -73,6 +73,7 @@ do_selinux_relabel (const char *specfile, const char *path,
- {
-   static int flag_m = -1;
-   static int flag_C = -1;
-+  static int flag_T = -1;
-   const char *argv[MAX_ARGS];
-   CLEANUP_FREE char *s_dev = NULL, *s_proc = NULL, *s_selinux = NULL,
-     *s_sys = NULL, *s_specfile = NULL, *s_path = NULL;
-@@ -131,6 +132,17 @@ do_selinux_relabel (const char *specfile, const char *path,
-   if (setfiles_has_option (&flag_C, 'C'))
-     ADD_ARG (argv, i, "-C");
- 
-+  /* If the appliance is being run with multiple vCPUs, running setfiles
-+   * in multithreading mode might speeds up the process.  Option "-T" was
-+   * introduced in SELinux userspace v3.4, and we need to check whether it's
-+   * supported.  Passing "-T 0" creates as many threads as there're available
-+   * vCPU cores.
-+   * https://github.com/SELinuxProject/selinux/releases/tag/3.4
-+   */
-+  if (setfiles_has_option (&flag_T, 'T')) {
-+    ADD_ARG (argv, i, "-T"); ADD_ARG (argv, i, "0");
-+  }
-+
-   /* Relabelling in a chroot. */
-   if (STRNEQ (sysroot, "/")) {
-     ADD_ARG (argv, i, "-r");

SOURCES/0006-build-Avoid-warnings-about-unknown-pragmas.patch

@@ -0,0 +1,37 @@
+From dbd1eaab6a478cf0c3ea093a56b3d04c29278615 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Tue, 12 Jan 2021 10:23:11 +0000
+Subject: [PATCH] build: Avoid warnings about unknown pragmas.
+
+In commit 4bbbf03b8bc266ed2b63c461cd0945250bb134fe we started to
+ignore bogus GCC 11 warnings.  Unfortunately earlier versions of GCC
+don't know about those pragmas so give warnings [hence errors in
+developer builds] like:
+
+tsk.c:75:32: error: unknown option after '#pragma GCC diagnostic' kind [-Werror=pragmas]
+
+Turn off these warnings.
+
+Updates: commit 4bbbf03b8bc266ed2b63c461cd0945250bb134fe
+(cherry picked from commit 812f837c97f48ce0c26a0e02286fb9180c282923)
+---
+ m4/guestfs-c.m4 | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/m4/guestfs-c.m4 b/m4/guestfs-c.m4
+index 25ffea0d9..bbb4db464 100644
+--- a/m4/guestfs-c.m4
++++ b/m4/guestfs-c.m4
+@@ -108,6 +108,9 @@ gl_WARN_ADD([-Wformat-truncation=1])
+ dnl GCC 9 at level 2 gives apparently bogus errors when %.*s is used.
+ gl_WARN_ADD([-Wformat-overflow=1])
+ 
++dnl GCC < 11 gives warnings when disabling GCC 11 warnings.
++gl_WARN_ADD([-Wno-pragmas])
++
+ AC_SUBST([WARN_CFLAGS])
+ 
+ NO_SNV_CFLAGS=
+-- 
+2.31.1
+

SOURCES/0007-daemon-lvm-Use-lvcreate-yes-to-avoid-interactive-pro.patch

@@ -0,0 +1,94 @@
+From 22416a2329ec531b9608c21b11ff3d53275fe7a0 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Mon, 22 Feb 2021 10:18:45 +0000
+Subject: [PATCH] daemon: lvm: Use lvcreate --yes to avoid interactive prompts.
+
+See https://bugzilla.redhat.com/show_bug.cgi?id=1930996#c1
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1930996
+(cherry picked from commit 21cd97732c4973db835b8b6540c8ad582ebd2bda)
+---
+ daemon/lvm.c                     |  2 +-
+ tests/regressions/Makefile.am    |  2 ++
+ tests/regressions/rhbz1930996.sh | 36 ++++++++++++++++++++++++++++++++
+ 3 files changed, 39 insertions(+), 1 deletion(-)
+ create mode 100755 tests/regressions/rhbz1930996.sh
+
+diff --git a/daemon/lvm.c b/daemon/lvm.c
+index 841dc4b6b..72c59c3a1 100644
+--- a/daemon/lvm.c
++++ b/daemon/lvm.c
+@@ -219,7 +219,7 @@ do_lvcreate (const char *logvol, const char *volgroup, int mbytes)
+   snprintf (size, sizeof size, "%d", mbytes);
+ 
+   r = command (NULL, &err,
+-               "lvm", "lvcreate",
++               "lvm", "lvcreate", "--yes",
+                "-L", size, "-n", logvol, volgroup, NULL);
+   if (r == -1) {
+     reply_with_error ("%s", err);
+diff --git a/tests/regressions/Makefile.am b/tests/regressions/Makefile.am
+index ecb0d68a7..c1e0ee8a9 100644
+--- a/tests/regressions/Makefile.am
++++ b/tests/regressions/Makefile.am
+@@ -49,6 +49,7 @@ EXTRA_DIST = \
+ 	rhbz1370424.sh \
+ 	rhbz1370424.xml \
+ 	rhbz1477623.sh \
++	rhbz1930996.sh \
+ 	test-noexec-stack.pl
+ 
+ TESTS = \
+@@ -79,6 +80,7 @@ TESTS = \
+ 	rhbz1285847.sh \
+ 	rhbz1370424.sh \
+ 	rhbz1477623.sh \
++	rhbz1930996.sh \
+ 	test-big-heap \
+ 	test-noexec-stack.pl \
+ 	$(SLOW_TESTS)
+diff --git a/tests/regressions/rhbz1930996.sh b/tests/regressions/rhbz1930996.sh
+new file mode 100755
+index 000000000..27089beaa
+--- /dev/null
++++ b/tests/regressions/rhbz1930996.sh
+@@ -0,0 +1,36 @@
++#!/bin/bash -
++# libguestfs
++# Copyright (C) 2017-2021 Red Hat Inc.
++#
++# This program is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 2 of the License, or
++# (at your option) any later version.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program; if not, write to the Free Software
++# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
++
++# Regression test for:
++# https://bugzilla.redhat.com/show_bug.cgi?id=1930996#c1
++#
++# Actually a bug/change in LVM, previously we failed to create an LV
++# if the underlying disk contained a filesystem signature.
++
++set -e
++
++$TEST_FUNCTIONS
++skip_if_skipped
++skip_unless_phony_guest fedora.img
++
++f=rhbz1930996.img
++rm -f $f
++
++guestfish -N $f=lvfs vgremove VG : vgcreate VG /dev/sda1 : lvcreate LV2 VG 100
++
++rm $f
+-- 
+2.31.1
+

SOURCES/0008-Remove-virt-dib.patch

@@ -1,63 +0,0 @@
-From e916ad54c31a725cbf08fb186756d9e968ff20b2 Mon Sep 17 00:00:00 2001
-From: "Richard W.M. Jones" <rjones@redhat.com>
-Date: Tue, 7 Feb 2023 13:20:36 +0000
-Subject: [PATCH] Remove virt-dib
-
-The tool only supports an older version of the diskimage-builder
-metadata, and we do not have the time or inclination to update it to a
-newer version.
-
-Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1910039
-(cherry picked from commit 7503eeebede688409b2adf616d71a94e04b7f0d2)
----
- appliance/packagelist.in | 30 ------------------------------
- 1 file changed, 30 deletions(-)
-
-diff --git a/appliance/packagelist.in b/appliance/packagelist.in
-index 585d52ad..20b08c47 100644
---- a/appliance/packagelist.in
-+++ b/appliance/packagelist.in
-@@ -110,7 +110,6 @@ ifelse(ARCHLINUX,1,
-   dnl syslinux has mtools as optional dependency, but in reality it's
-   dnl a hard one:
-   mtools
--  multipath-tools  dnl for kpartx
-   nilfs-utils
-   ntfs-3g
-   ntfs-3g-system-compression
-@@ -266,35 +265,6 @@ util-linux-ng
- xfsprogs
- zerofree
- 
--dnl tools needed by virt-dib
--ifelse(REDHAT,1,
--  qemu-img
--  which
--)
--ifelse(DEBIAN,1,
--  qemu-utils
--)
--ifelse(ARCHLINUX,1,
--  qemu
--  which
--)
--ifelse(SUSE,1,
--  qemu-tools
--  which
--)
--ifelse(FRUGALWARE,1,
--  qemu
--  which
--)
--ifelse(MAGEIA,1,
--  qemu-img
--  which
--)
--curl
--kpartx
--dnl (virt-dib) tools optionally used for elements
--debootstrap
--
- dnl exFAT is not usually available in free software repos
- exfat-fuse
- exfat-utils

SOURCES/0008-inspection-More-reliable-detection-of-Linux-split-us.patch

@@ -0,0 +1,113 @@
+From e1b339688e5f8f2a14fe0c7e9d02ad68004e4655 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Thu, 15 Apr 2021 09:18:22 +0100
+Subject: [PATCH] inspection: More reliable detection of Linux split /usr
+ configurations
+
+In RHEL 8+, /usr/etc no longer exists.  Since we were looking for this
+directory in order to detect a separate /usr partition, those were no
+longer detected, so the merging of /usr data into the root was not
+being done.  The result was incomplete inspection data and failure of
+virt-v2v.
+
+All Linux systems since forever have had /usr/src but not /src, so
+detect this instead.
+
+Furthermore the merging code didn't work, because we expected that the
+root filesystem had a distro assigned, but in this configuration we
+may need to look for that information in /usr/lib/os-release (not on
+the root filesystem).  This change makes the merging work even if we
+have incomplete information about the root filesystem, so long as we
+have an /etc/fstab entry pointing to the /usr mountpoint.
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1949683
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1930133
+Fixes: commit 394d11be49121884295e61964ed47f5a8488c252
+(cherry picked from commit 26427b9ecc64e7e5e53a1d577cef9dc080d08877)
+---
+ daemon/inspect.ml    | 33 +++++++++++++++------------------
+ daemon/inspect_fs.ml |  6 +++---
+ 2 files changed, 18 insertions(+), 21 deletions(-)
+
+diff --git a/daemon/inspect.ml b/daemon/inspect.ml
+index 945a476f6..fb75b4a6c 100644
+--- a/daemon/inspect.ml
++++ b/daemon/inspect.ml
+@@ -182,11 +182,9 @@ and check_for_duplicated_bsd_root fses =
+ and collect_linux_inspection_info fses =
+   List.map (
+     function
+-    | { role = RoleRoot { distro = Some d } } as root ->
+-       if d <> DISTRO_COREOS then
+-         collect_linux_inspection_info_for fses root
+-       else
+-         root
++    | { role = RoleRoot { distro = Some DISTRO_COREOS } } as root -> root
++    | { role = RoleRoot _ } as root ->
++       collect_linux_inspection_info_for fses root
+     | fs -> fs
+   ) fses
+ 
+@@ -196,29 +194,28 @@ and collect_linux_inspection_info fses =
+  * or other ways to identify the OS).
+  *)
+ and collect_linux_inspection_info_for fses root =
+-  let root_distro, root_fstab =
++  let root_fstab =
+     match root with
+-    | { role = RoleRoot { distro = Some d; fstab = f } } -> d, f
++    | { role = RoleRoot { fstab = f } } -> f
+     | _ -> assert false in
+ 
+   try
+     let usr =
+       List.find (
+         function
+-        | { role = RoleUsr { distro = d } }
+-             when d = Some root_distro || d = None -> true
++        | { role = RoleUsr _; fs_location = usr_mp } ->
++           (* This checks that this usr is found in the fstab of
++            * the root filesystem.
++            *)
++           List.exists (
++             fun (mountable, _) ->
++               usr_mp.mountable = mountable
++           ) root_fstab
+         | _ -> false
+       ) fses in
+ 
+-    let usr_mountable = usr.fs_location.mountable in
+-
+-    (* This checks that [usr] is found in the fstab of the root
+-     * filesystem.  If not, [Not_found] is thrown.
+-     *)
+-    ignore (
+-      List.find (fun (mountable, _) -> usr_mountable = mountable) root_fstab
+-    );
+-
++    eprintf "collect_linux_inspection_info_for: merging:\n%sinto:\n%s"
++      (string_of_fs usr) (string_of_fs root);
+     merge usr root;
+     root
+   with
+diff --git a/daemon/inspect_fs.ml b/daemon/inspect_fs.ml
+index 6e00c7083..02b5a0470 100644
+--- a/daemon/inspect_fs.ml
++++ b/daemon/inspect_fs.ml
+@@ -164,10 +164,10 @@ and check_filesystem mountable =
+     ()
+   )
+   (* Linux /usr? *)
+-  else if Is.is_dir "/etc" &&
+-          Is.is_dir "/bin" &&
+-          Is.is_dir "/share" &&
++  else if Is.is_dir "/bin" &&
+           Is.is_dir "/local" &&
++          Is.is_dir "/share" &&
++          Is.is_dir "/src" &&
+           not (Is.is_file "/etc/fstab") then (
+     debug_matching "Linux /usr";
+     role := `Usr;
+-- 
+2.31.1
+

SOURCES/0009-lib-Autodetect-backing-format-for-qemu-img-create-b.patch

@@ -0,0 +1,49 @@
+From 791a16b049ea1ce2c450acd367fce774d9aab5b1 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Tue, 31 Aug 2021 08:27:15 +0100
+Subject: [PATCH] lib: Autodetect backing format for qemu-img create -b
+
+qemu 6.1 has decided to change qemu-img create so that a backing
+format (-F) is required if a backing file (-b) is specified.  Since we
+don't want to change the libguestfs API to force callers to specify
+this because that would be an API break, autodetect it.
+
+This is similar to commit c8c181e8d9 ("launch: libvirt: Autodetect
+backing format for readonly drive overlays").
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1998820
+(cherry picked from commit 45de287447bb18d59749fbfc1ec5072413090109)
+---
+ lib/create.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/lib/create.c b/lib/create.c
+index 44a7df25f..75a4d3a28 100644
+--- a/lib/create.c
++++ b/lib/create.c
+@@ -255,6 +255,7 @@ disk_create_qcow2 (guestfs_h *g, const char *filename, int64_t size,
+                    const struct guestfs_disk_create_argv *optargs)
+ {
+   const char *backingformat = NULL;
++  CLEANUP_FREE char *backingformat_free = NULL;
+   const char *preallocation = NULL;
+   const char *compat = NULL;
+   int clustersize = -1;
+@@ -270,6 +271,14 @@ disk_create_qcow2 (guestfs_h *g, const char *filename, int64_t size,
+       return -1;
+     }
+   }
++  else if (backingfile) {
++    /* Since qemu 6.1, qemu-img create has requires a backing format (-F)
++     * parameter if backing file (-b) is used (RHBZ#1998820).
++     */
++    backingformat = backingformat_free = guestfs_disk_format (g, backingfile);
++    if (!backingformat)
++      return -1;
++  }
+   if (optargs->bitmask & GUESTFS_DISK_CREATE_PREALLOCATION_BITMASK) {
+     if (STREQ (optargs->preallocation, "off") ||
+         STREQ (optargs->preallocation, "sparse"))
+-- 
+2.31.1
+

SOURCES/0009-lib-Choose-q35-machine-type-for-x86-64.patch

@@ -1,32 +0,0 @@
-From e712c4b81cbd2cf0e990d01cb4d1f54734e62de6 Mon Sep 17 00:00:00 2001
-From: "Richard W.M. Jones" <rjones@redhat.com>
-Date: Thu, 9 Feb 2023 13:38:50 +0000
-Subject: [PATCH] lib: Choose q35 machine type for x86-64
-
-This machine type is more modern than the older 'pc' type and as most
-qemu development is now focused there we expect it will perform and
-behave better.  In almost all respects this change should make no
-difference.
-
-Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2168578
-Acked-by: Laszlo Ersek <lersek@redhat.com>
-See-also: https://listman.redhat.com/archives/libguestfs/2023-February/030645.html
-(cherry picked from commit f0f8e6c5fe0c3f6d5d90534d263bded3a4dc7e8d)
----
- lib/guestfs-internal.h | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/lib/guestfs-internal.h b/lib/guestfs-internal.h
-index 306f2a2e..fb55e026 100644
---- a/lib/guestfs-internal.h
-+++ b/lib/guestfs-internal.h
-@@ -113,6 +113,9 @@ cleanup_mutex_unlock (pthread_mutex_t **ptr)
- #define MAX_WINDOWS_EXPLORER_SIZE (4 * 1000 * 1000)
- 
- /* Machine types. */
-+#if defined(__x86_64__)
-+#define MACHINE_TYPE "q35"
-+#endif
- #ifdef __arm__
- #define MACHINE_TYPE "virt"
- #endif

SOURCES/0010-daemon-chroot-Fix-long-standing-possible-deadlock.patch

@@ -0,0 +1,44 @@
+From 3435938f43ca3737ec1d73da4d8cad756b5c9508 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Fri, 26 Mar 2021 16:04:43 +0000
+Subject: [PATCH] daemon: chroot: Fix long-standing possible deadlock.
+
+The child (chrooted) process wrote its answer on the pipe and then
+exited.  Meanwhile the parent waiting for the child to exit before
+reading from the pipe.  Thus if the output was larger than a Linux
+pipebuffer then the whole thing would deadlock.
+
+(cherry picked from commit 94e64b28bee3b8dc7ed354a366d6a8f7ba5f245c)
+---
+ daemon/chroot.ml | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/daemon/chroot.ml b/daemon/chroot.ml
+index 5e856c91f..7da8ae29e 100644
+--- a/daemon/chroot.ml
++++ b/daemon/chroot.ml
+@@ -62,6 +62,10 @@ let f t func arg =
+   (* Parent. *)
+   close wfd;
+ 
++  let chan = in_channel_of_descr rfd in
++  let ret = input_value chan in
++  close_in chan;
++
+   let _, status = waitpid [] pid in
+   (match status with
+    | WEXITED 0 -> ()
+@@ -76,10 +80,6 @@ let f t func arg =
+       failwithf "chroot ‘%s’ stopped by signal %d" t.name i
+   );
+ 
+-  let chan = in_channel_of_descr rfd in
+-  let ret = input_value chan in
+-  close_in chan;
+-
+   match ret with
+   | Either ret -> ret
+   | Or exn -> raise exn
+-- 
+2.31.1
+

SOURCES/0011-update-common-submodule.patch

@@ -1,160 +0,0 @@
-From 194a48aef32367c45c555a4d93fb1a3375b0dead Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Fri, 19 May 2023 16:08:47 +0200
-Subject: [PATCH] update common submodule
-
-Laszlo Ersek (2):
-      options/keys: key_store_import_key(): un-constify "key" parameter
-      options/keys: introduce unescape_device_mapper_lvm()
-
-Richard W.M. Jones (1):
-      mlcustomize/SELinux_relabel.ml: Use Array.mem
-
-Roman Kagan (1):
-      mlcustomize: skip SELinux relabeling if it's disabled
-
-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2168506
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-Message-Id: <20230519140849.310774-2-lersek@redhat.com>
-Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
-(cherry picked from commit 83afd6d3d2c82ee3a8f22079ba12ef7eac38ac34)
----
- common | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Submodule common 70c10a07..b636c3f2:
-diff --git a/common/options/options.h b/common/options/options.h
-index 94573ee0..94e8b9ee 100644
---- a/common/options/options.h
-+++ b/common/options/options.h
-@@ -169,7 +169,8 @@ extern struct matching_key *get_keys (struct key_store *ks, const char *device,
-                                       const char *uuid, size_t *nr_matches);
- extern void free_keys (struct matching_key *keys, size_t nr_matches);
- extern struct key_store *key_store_add_from_selector (struct key_store *ks, const char *selector);
--extern struct key_store *key_store_import_key (struct key_store *ks, const struct key_store_key *key);
-+extern struct key_store *key_store_import_key (struct key_store *ks,
-+                                               struct key_store_key *key);
- extern bool key_store_requires_network (const struct key_store *ks);
- extern void free_key_store (struct key_store *ks);
- 
-diff --git a/common/options/keys.c b/common/options/keys.c
-index 48f1bc7c..52b27369 100644
---- a/common/options/keys.c
-+++ b/common/options/keys.c
-@@ -260,8 +260,107 @@ key_store_add_from_selector (struct key_store *ks, const char *selector)
-   return key_store_import_key (ks, &key);
- }
- 
-+/* Turn /dev/mapper/VG-LV into /dev/VG/LV, in-place. */
-+static void
-+unescape_device_mapper_lvm (char *id)
-+{
-+  static const char dev[] = "/dev/", dev_mapper[] = "/dev/mapper/";
-+  const char *input_start;
-+  char *output;
-+  enum { M_SCAN, M_FILL, M_DONE } mode;
-+
-+  if (!STRPREFIX (id, dev_mapper))
-+    return;
-+
-+  /* Start parsing "VG-LV" from "id" after "/dev/mapper/". */
-+  input_start = id + (sizeof dev_mapper - 1);
-+
-+  /* Start writing the unescaped "VG/LV" output after "/dev/". */
-+  output = id + (sizeof dev - 1);
-+
-+  for (mode = M_SCAN; mode < M_DONE; ++mode) {
-+    char c;
-+    const char *input = input_start;
-+    const char *hyphen_buffered = NULL;
-+    bool single_hyphen_seen = false;
-+
-+    do {
-+      c = *input;
-+
-+      switch (c) {
-+      case '-':
-+        if (hyphen_buffered == NULL)
-+          /* This hyphen may start an escaped hyphen, or it could be the
-+           * separator in VG-LV.
-+           */
-+          hyphen_buffered = input;
-+        else {
-+          /* This hyphen completes an escaped hyphen; unescape it. */
-+          if (mode == M_FILL)
-+            *output++ = '-';
-+          hyphen_buffered = NULL;
-+        }
-+        break;
-+
-+      case '/':
-+        /* Slash characters are forbidden in VG-LV anywhere. If there's any,
-+         * we'll find it in the first (i.e., scanning) phase, before we output
-+         * anything back to "id".
-+         */
-+        assert (mode == M_SCAN);
-+        return;
-+
-+      default:
-+        /* Encountered a non-slash, non-hyphen character -- which also may be
-+         * the terminating NUL.
-+         */
-+        if (hyphen_buffered != NULL) {
-+          /* The non-hyphen character comes after a buffered hyphen, so the
-+           * buffered hyphen is supposed to be the single hyphen that separates
-+           * VG from LV in VG-LV. There are three requirements for this
-+           * separator: (a) it must be unique (we must not have seen another
-+           * such separator earlier), (b) it must not be at the start of VG-LV
-+           * (because VG would be empty that way), (c) it must not be at the end
-+           * of VG-LV (because LV would be empty that way). Should any of these
-+           * be violated, we'll catch that during the first (i.e., scanning)
-+           * phase, before modifying "id".
-+           */
-+          if (single_hyphen_seen || hyphen_buffered == input_start ||
-+              c == '\0') {
-+            assert (mode == M_SCAN);
-+            return;
-+          }
-+
-+          /* Translate the separator hyphen to a slash character. */
-+          if (mode == M_FILL)
-+            *output++ = '/';
-+          hyphen_buffered = NULL;
-+          single_hyphen_seen = true;
-+        }
-+
-+        /* Output the non-hyphen character (including the terminating NUL)
-+         * regardless of whether there was a buffered hyphen separator (which,
-+         * by now, we'll have attempted to translate and flush).
-+         */
-+        if (mode == M_FILL)
-+          *output++ = c;
-+      }
-+
-+      ++input;
-+    } while (c != '\0');
-+
-+    /* We must have seen the VG-LV separator. If that's not the case, we'll
-+     * catch it before modifying "id".
-+     */
-+    if (!single_hyphen_seen) {
-+      assert (mode == M_SCAN);
-+      return;
-+    }
-+  }
-+}
-+
- struct key_store *
--key_store_import_key (struct key_store *ks, const struct key_store_key *key)
-+key_store_import_key (struct key_store *ks, struct key_store_key *key)
- {
-   struct key_store_key *new_keys;
- 
-@@ -278,6 +377,7 @@ key_store_import_key (struct key_store *ks, const struct key_store_key *key)
-     error (EXIT_FAILURE, errno, "realloc");
- 
-   ks->keys = new_keys;
-+  unescape_device_mapper_lvm (key->id);
-   ks->keys[ks->nr_keys] = *key;
-   ++ks->nr_keys;
- 

SOURCES/0012-LUKS-on-LVM-inspection-test-rename-VGs-and-LVs.patch

@@ -1,97 +0,0 @@
-From c95b3086bdbdf840de8d3b24c3ae5e9b847bf588 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Fri, 19 May 2023 16:08:48 +0200
-Subject: [PATCH] LUKS-on-LVM inspection test: rename VGs and LVs
-
-In preparation for a subsequent patch, rename "VG" to "Volume-Group", and
-"LV<n>" to "Logical-Volume-<n>", in the LUKS-on-LVM inspection test.
-
-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2168506
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-Message-Id: <20230519140849.310774-3-lersek@redhat.com>
-Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
-(cherry picked from commit 58e26402334a4696fa08730eecc9098fc270ed1c)
----
- test-data/phony-guests/make-fedora-img.pl     | 30 +++++++++++--------
- .../test-key-option-inspect-luks-on-lvm.sh    | 16 +++++-----
- 2 files changed, 25 insertions(+), 21 deletions(-)
-
-diff --git a/test-data/phony-guests/make-fedora-img.pl b/test-data/phony-guests/make-fedora-img.pl
-index c0cb5d0b..6362e225 100755
---- a/test-data/phony-guests/make-fedora-img.pl
-+++ b/test-data/phony-guests/make-fedora-img.pl
-@@ -224,23 +224,27 @@ EOF
- 
-     # Create the Volume Group on /dev/sda2.
-     $g->pvcreate ('/dev/sda2');
--    $g->vgcreate ('VG', ['/dev/sda2']);
--    $g->lvcreate ('Root', 'VG', 32);
--    $g->lvcreate ('LV1',  'VG', 32);
--    $g->lvcreate ('LV2',  'VG', 32);
--    $g->lvcreate ('LV3',  'VG', 64);
-+    $g->vgcreate ('Volume-Group', ['/dev/sda2']);
-+    $g->lvcreate ('Root',              'Volume-Group', 32);
-+    $g->lvcreate ('Logical-Volume-1',  'Volume-Group', 32);
-+    $g->lvcreate ('Logical-Volume-2',  'Volume-Group', 32);
-+    $g->lvcreate ('Logical-Volume-3',  'Volume-Group', 64);
- 
-     # Format each Logical Group as a LUKS device, with a different password.
--    $g->luks_format ('/dev/VG/Root', 'FEDORA-Root', 0);
--    $g->luks_format ('/dev/VG/LV1',  'FEDORA-LV1',  0);
--    $g->luks_format ('/dev/VG/LV2',  'FEDORA-LV2',  0);
--    $g->luks_format ('/dev/VG/LV3',  'FEDORA-LV3',  0);
-+    $g->luks_format ('/dev/Volume-Group/Root',              'FEDORA-Root', 0);
-+    $g->luks_format ('/dev/Volume-Group/Logical-Volume-1',  'FEDORA-LV1',  0);
-+    $g->luks_format ('/dev/Volume-Group/Logical-Volume-2',  'FEDORA-LV2',  0);
-+    $g->luks_format ('/dev/Volume-Group/Logical-Volume-3',  'FEDORA-LV3',  0);
- 
-     # Open the LUKS devices. This creates nodes like /dev/mapper/*-luks.
--    $g->cryptsetup_open ('/dev/VG/Root', 'FEDORA-Root', 'Root-luks');
--    $g->cryptsetup_open ('/dev/VG/LV1',  'FEDORA-LV1',  'LV1-luks');
--    $g->cryptsetup_open ('/dev/VG/LV2',  'FEDORA-LV2',  'LV2-luks');
--    $g->cryptsetup_open ('/dev/VG/LV3',  'FEDORA-LV3',  'LV3-luks');
-+    $g->cryptsetup_open ('/dev/Volume-Group/Root',
-+                         'FEDORA-Root', 'Root-luks');
-+    $g->cryptsetup_open ('/dev/Volume-Group/Logical-Volume-1',
-+                         'FEDORA-LV1',  'LV1-luks');
-+    $g->cryptsetup_open ('/dev/Volume-Group/Logical-Volume-2',
-+                         'FEDORA-LV2',  'LV2-luks');
-+    $g->cryptsetup_open ('/dev/Volume-Group/Logical-Volume-3',
-+                         'FEDORA-LV3',  'LV3-luks');
- 
-     # Phony root filesystem.
-     $g->mkfs ('ext2', '/dev/mapper/Root-luks', blocksize => 4096, label => 'ROOT');
-diff --git a/tests/luks/test-key-option-inspect-luks-on-lvm.sh b/tests/luks/test-key-option-inspect-luks-on-lvm.sh
-index 52cd7e98..a8d72b9f 100755
---- a/tests/luks/test-key-option-inspect-luks-on-lvm.sh
-+++ b/tests/luks/test-key-option-inspect-luks-on-lvm.sh
-@@ -30,10 +30,10 @@ skip_unless_phony_guest fedora-luks-on-lvm.img
- # Volume names.
- guestfish=(guestfish --listen --ro --inspector
-            --add ../test-data/phony-guests/fedora-luks-on-lvm.img)
--keys_by_lvname=(--key /dev/VG/Root:key:FEDORA-Root
--                --key /dev/VG/LV1:key:FEDORA-LV1
--                --key /dev/VG/LV2:key:FEDORA-LV2
--                --key /dev/VG/LV3:key:FEDORA-LV3)
-+keys_by_lvname=(--key /dev/Volume-Group/Root:key:FEDORA-Root
-+                --key /dev/Volume-Group/Logical-Volume-1:key:FEDORA-LV1
-+                --key /dev/Volume-Group/Logical-Volume-2:key:FEDORA-LV2
-+                --key /dev/Volume-Group/Logical-Volume-3:key:FEDORA-LV3)
- 
- # The variable assignment below will fail, and abort the script, if guestfish
- # refuses to start up.
-@@ -56,10 +56,10 @@ function cleanup_guestfish
- trap cleanup_guestfish EXIT
- 
- # Get the UUIDs of the LUKS devices.
--uuid_root=$(guestfish --remote -- luks-uuid /dev/VG/Root)
--uuid_lv1=$( guestfish --remote -- luks-uuid /dev/VG/LV1)
--uuid_lv2=$( guestfish --remote -- luks-uuid /dev/VG/LV2)
--uuid_lv3=$( guestfish --remote -- luks-uuid /dev/VG/LV3)
-+uuid_root=$(guestfish --remote -- luks-uuid /dev/Volume-Group/Root)
-+uuid_lv1=$( guestfish --remote -- luks-uuid /dev/Volume-Group/Logical-Volume-1)
-+uuid_lv2=$( guestfish --remote -- luks-uuid /dev/Volume-Group/Logical-Volume-2)
-+uuid_lv3=$( guestfish --remote -- luks-uuid /dev/Volume-Group/Logical-Volume-3)
- 
- # The actual test.
- function check_filesystems

SOURCES/0012-inspection-Return-RPM-epoch.patch

@@ -0,0 +1,36 @@
+From 3ce392c9870a589cc50d2270fcf07b4d129c3dc3 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Sat, 27 Mar 2021 09:31:00 +0000
+Subject: [PATCH] inspection: Return RPM epoch.
+
+Fixes: commit c9ee831affed55abe0f928134cbbd2ed83b2f510
+(cherry picked from commit fef73bce7eec0ce0753a2e150e4e088020d38643)
+---
+ daemon/rpm-c.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/daemon/rpm-c.c b/daemon/rpm-c.c
+index 92a3abf58..be0e81e22 100644
+--- a/daemon/rpm-c.c
++++ b/daemon/rpm-c.c
+@@ -108,13 +108,16 @@ guestfs_int_daemon_rpm_next_application (value unitv)
+ 
+   h = headerLink (h);
+   app.app2_name = headerFormat (h, "%{NAME}", NULL);
+-  // XXXapp.app2_epoch = headerFormat (h, "%{NAME}", NULL);
+   app.app2_version = headerFormat (h, "%{VERSION}", NULL);
+   app.app2_release = headerFormat (h, "%{RELEASE}", NULL);
+   app.app2_arch = headerFormat (h, "%{ARCH}", NULL);
+   app.app2_url = headerFormat (h, "%{URL}", NULL);
+   app.app2_summary = headerFormat (h, "%{SUMMARY}", NULL);
+   app.app2_description = headerFormat (h, "%{DESCRIPTION}", NULL);
++
++  /* epoch is special as the only int field. */
++  app.app2_epoch = headerGetNumber (h, RPMTAG_EPOCH);
++
+   headerFree (h);
+ 
+   /* Convert this to an OCaml struct.  Any NULL fields must be turned
+-- 
+2.31.1
+

SOURCES/0013-LUKS-on-LVM-inspection-test-test-dev-mapper-VG-LV-tr.patch

@@ -1,46 +0,0 @@
-From 15cc20d1f5e0413c1af26c683437995886146eb6 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Fri, 19 May 2023 16:08:49 +0200
-Subject: [PATCH] LUKS-on-LVM inspection test: test /dev/mapper/VG-LV
- translation
-
-In the LUKS-on-LVM inspection test, call the "check_filesystems" function
-yet another time, now with such "--key" options that exercise the recent
-"/dev/mapper/VG-LV" -> "/dev/VG/LV" translation (unescaping) from
-libguestfs-common.
-
-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2168506
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-Message-Id: <20230519140849.310774-4-lersek@redhat.com>
-Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
-(cherry picked from commit 32408a9c36165af376f9f42e7d3e158d3da2c76e)
----
- .../test-key-option-inspect-luks-on-lvm.sh     | 18 ++++++++++++++++++
- 1 file changed, 18 insertions(+)
-
-diff --git a/tests/luks/test-key-option-inspect-luks-on-lvm.sh b/tests/luks/test-key-option-inspect-luks-on-lvm.sh
-index a8d72b9f..932862b1 100755
---- a/tests/luks/test-key-option-inspect-luks-on-lvm.sh
-+++ b/tests/luks/test-key-option-inspect-luks-on-lvm.sh
-@@ -101,3 +101,21 @@ eval "$fish_ref"
- 
- # Repeat the test.
- check_filesystems
-+
-+# Exit the current guestfish background process.
-+guestfish --remote -- exit
-+GUESTFISH_PID=
-+
-+# Start up another guestfish background process, and specify the keys in
-+# /dev/mapper/VG-LV format this time.
-+keys_by_mapper_lvname=(
-+  --key /dev/mapper/Volume--Group-Root:key:FEDORA-Root
-+  --key /dev/mapper/Volume--Group-Logical--Volume--1:key:FEDORA-LV1
-+  --key /dev/mapper/Volume--Group-Logical--Volume--2:key:FEDORA-LV2
-+  --key /dev/mapper/Volume--Group-Logical--Volume--3:key:FEDORA-LV3
-+)
-+fish_ref=$("${guestfish[@]}" "${keys_by_mapper_lvname[@]}")
-+eval "$fish_ref"
-+
-+# Repeat the test.
-+check_filesystems

SOURCES/0014-po-POTFILES-Fix-list-of-files-for-translation.patch

@@ -0,0 +1,34 @@
+From 9664527c107d04aab416be87cc4fcd76dcbe5927 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Mon, 29 Mar 2021 18:25:13 +0100
+Subject: [PATCH] po/POTFILES: Fix list of files for translation.
+
+Fixes: commit c9ee831affed55abe0f928134cbbd2ed83b2f510
+(cherry picked from commit df983200d76bac37c811fbd2fb67e7ebe830e759)
+---
+ po/POTFILES | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/po/POTFILES b/po/POTFILES
+index 0782e8ceb..fdc6e8062 100644
+--- a/po/POTFILES
++++ b/po/POTFILES
+@@ -128,6 +128,7 @@ daemon/pingdaemon.c
+ daemon/proto.c
+ daemon/readdir.c
+ daemon/rename.c
++daemon/rpm-c.c
+ daemon/rsync.c
+ daemon/scrub.c
+ daemon/selinux-relabel.c
+@@ -353,7 +354,6 @@ lib/command.c
+ lib/conn-socket.c
+ lib/copy-in-out.c
+ lib/create.c
+-lib/dbdump.c
+ lib/drives.c
+ lib/errors.c
+ lib/event-string.c
+-- 
+2.31.1
+

SOURCES/0015-m4-guestfs-find-db-tool.m4-Remove-unused-file.patch

@@ -0,0 +1,64 @@
+From 083856d9f9c8fccc629bf0f3a5237d26434c8940 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Mon, 29 Mar 2021 18:35:48 +0100
+Subject: [PATCH] m4/guestfs-find-db-tool.m4: Remove unused file.
+
+Fixes: commit 42e5e7cfdbca01b2e9bd50c63a9fc65b6da9192f
+(cherry picked from commit 8317279c3539562ebad9de13c7ac515dded74e4d)
+---
+ m4/guestfs-find-db-tool.m4 | 43 --------------------------------------
+ 1 file changed, 43 deletions(-)
+ delete mode 100644 m4/guestfs-find-db-tool.m4
+
+diff --git a/m4/guestfs-find-db-tool.m4 b/m4/guestfs-find-db-tool.m4
+deleted file mode 100644
+index b404148c6..000000000
+--- a/m4/guestfs-find-db-tool.m4
++++ /dev/null
+@@ -1,43 +0,0 @@
+-# libguestfs
+-# Copyright (C) 2014 Red Hat Inc.
+-#
+-# This program is free software; you can redistribute it and/or modify
+-# it under the terms of the GNU General Public License as published by
+-# the Free Software Foundation; either version 2 of the License, or
+-# (at your option) any later version.
+-#
+-# This program is distributed in the hope that it will be useful,
+-# but WITHOUT ANY WARRANTY; without even the implied warranty of
+-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+-# GNU General Public License for more details.
+-#
+-# You should have received a copy of the GNU General Public License
+-# along with this program; if not, write to the Free Software
+-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+-
+-AC_DEFUN([GUESTFS_FIND_DB_TOOL],[
+-    pushdef([VARIABLE],$1)
+-    TOOL=$2
+-
+-    db_tool_name="db_$TOOL"
+-    db_versions="53 5.3 5.2 5.1 4.8 4.7 4.6"
+-    db_tool_patterns="dbX_$TOOL dbX.Y_$TOOL"
+-    db_tool_patterns="dbX_$TOOL db_$TOOL-X dbX.Y_$TOOL db_$TOOL-X.Y"
+-
+-    AC_ARG_VAR(VARIABLE, [Absolute path to $db_tool_name executable])
+-
+-    AS_IF(test -z "$VARIABLE", [
+-        exe_list="db_$TOOL"
+-        for ver in $db_versions ; do
+-            ver_maj=`echo $ver | cut -d. -f1`
+-            ver_min=`echo $ver | cut -d. -f2`
+-            for pattern in $db_tool_patterns ; do
+-                exe=`echo "$pattern" | sed -e "s/X/$ver_maj/g;s/Y/$ver_min/g"`
+-                exe_list="$exe_list $exe"
+-            done
+-        done
+-        AC_PATH_PROGS([]VARIABLE[], [$exe_list], [no])
+-    ])
+-
+-    popdef([VARIABLE])
+-])
+-- 
+2.31.1
+

SOURCES/0016-test-data-phony-guests-Fix-phony-RPM-database-fix-vi.patch

@@ -0,0 +1,474 @@
+From f8ccce2c7a0c1323e0721f503322df525dd5b139 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Mon, 29 Mar 2021 12:22:12 +0100
+Subject: [PATCH] test-data/phony-guests: Fix phony RPM database, fix
+ virt-inspector test.
+
+libguestfs 1.45.3 now reads the RPM database using librpm, which means
+our old phony database created by db_dump can no longer work.  Instead
+provide a real (but very minimal) sqlite database.
+
+This commit also fixes the virt-inspector test since the RPM database
+contents are now different.
+
+(cherry picked from commit 46bf6fb473889ed28bd7220476120edcda47ae07)
+---
+ inspector/expected-fedora-luks.img.xml | 208 +++++++++++++++++++++++--
+ inspector/expected-fedora.img.xml      | 208 +++++++++++++++++++++++--
+ 2 files changed, 398 insertions(+), 18 deletions(-)
+
+diff --git a/inspector/expected-fedora-luks.img.xml b/inspector/expected-fedora-luks.img.xml
+index df6060a73..72cddaf88 100644
+--- a/inspector/expected-fedora-luks.img.xml
++++ b/inspector/expected-fedora-luks.img.xml
+@@ -30,22 +30,212 @@
+     </filesystems>
+     <applications>
+       <application>
+-        <name>test1</name>
+-        <version>1.0</version>
+-        <release>1.fc14</release>
++        <name>basesystem</name>
++        <version>11</version>
++        <release>10.fc33</release>
++        <arch>noarch</arch>
++        <url>(none)</url>
++        <summary>The skeleton package which defines a simple Fedora system</summary>
++        <description>Basesystem defines the components of a basic Fedora system
++(for example, the package installation order to use during bootstrapping).
++Basesystem should be in every installation of a system, and it
++should never be removed.</description>
++      </application>
++      <application>
++        <name>bash</name>
++        <version>5.0.17</version>
++        <release>2.fc33</release>
++        <arch>x86_64</arch>
++        <url>https://www.gnu.org/software/bash</url>
++        <summary>The GNU Bourne Again shell</summary>
++        <description>The GNU Bourne Again shell (Bash) is a shell or command language
++interpreter that is compatible with the Bourne shell (sh). Bash
++incorporates useful features from the Korn shell (ksh) and the C shell
++(csh). Most sh scripts can be run by bash without modification.</description>
++      </application>
++      <application>
++        <name>fedora-gpg-keys</name>
++        <version>33</version>
++        <release>3</release>
++        <arch>noarch</arch>
++        <url>https://fedoraproject.org/</url>
++        <summary>Fedora RPM keys</summary>
++        <description>This package provides the RPM signature keys.</description>
++      </application>
++      <application>
++        <name>fedora-release</name>
++        <version>33</version>
++        <release>3</release>
++        <arch>noarch</arch>
++        <url>https://fedoraproject.org/</url>
++        <summary>Fedora release files</summary>
++        <description>Fedora release files such as various /etc/ files that define the release
++and systemd preset files that determine which services are enabled by default.</description>
++      </application>
++      <application>
++        <name>fedora-release-common</name>
++        <version>33</version>
++        <release>3</release>
++        <arch>noarch</arch>
++        <url>https://fedoraproject.org/</url>
++        <summary>Fedora release files</summary>
++        <description>Release files common to all Editions and Spins of Fedora</description>
++      </application>
++      <application>
++        <name>fedora-release-identity-basic</name>
++        <version>33</version>
++        <release>3</release>
++        <arch>noarch</arch>
++        <url>https://fedoraproject.org/</url>
++        <summary>Package providing the basic Fedora identity</summary>
++        <description>Provides the necessary files for a Fedora installation that is not identifying
++itself as a particular Edition or Spin.</description>
++      </application>
++      <application>
++        <name>fedora-repos</name>
++        <version>33</version>
++        <release>3</release>
++        <arch>noarch</arch>
++        <url>https://fedoraproject.org/</url>
++        <summary>Fedora package repositories</summary>
++        <description>Fedora package repository files for yum and dnf along with gpg public keys.</description>
++      </application>
++      <application>
++        <name>filesystem</name>
++        <version>3.14</version>
++        <release>3.fc33</release>
++        <arch>x86_64</arch>
++        <url>https://pagure.io/filesystem</url>
++        <summary>The basic directory layout for a Linux system</summary>
++        <description>The filesystem package is one of the basic packages that is installed
++on a Linux system. Filesystem contains the basic directory layout
++for a Linux operating system, including the correct permissions for
++the directories.</description>
++      </application>
++      <application>
++        <name>glibc</name>
++        <version>2.32</version>
++        <release>4.fc33</release>
++        <arch>x86_64</arch>
++        <url>http://www.gnu.org/software/glibc/</url>
++        <summary>The GNU libc libraries</summary>
++        <description>The glibc package contains standard libraries which are used by
++multiple programs on the system. In order to save disk space and
++memory, as well as to make upgrading easier, common system code is
++kept in one place and shared between programs. This particular package
++contains the most important sets of shared libraries: the standard C
++library and the standard math library. Without these two libraries, a
++Linux system will not function.</description>
++      </application>
++      <application>
++        <name>glibc-all-langpacks</name>
++        <version>2.32</version>
++        <release>4.fc33</release>
++        <arch>x86_64</arch>
++        <url>http://www.gnu.org/software/glibc/</url>
++        <summary>All language packs for glibc.</summary>
++      </application>
++      <application>
++        <name>glibc-common</name>
++        <version>2.32</version>
++        <release>4.fc33</release>
+         <arch>x86_64</arch>
++        <url>http://www.gnu.org/software/glibc/</url>
++        <summary>Common binaries and locale data for glibc</summary>
++        <description>The glibc-common package includes common binaries for the GNU libc
++libraries, as well as national language (locale) support.</description>
+       </application>
+       <application>
+-        <name>test2</name>
+-        <version>2.0</version>
+-        <release>2.fc14</release>
++        <name>gpg-pubkey</name>
++        <version>9570ff31</version>
++        <release>5e3006fb</release>
++        <arch>(none)</arch>
++        <url>(none)</url>
++        <summary>Fedora (33) &lt;fedora-33-primary@fedoraproject.org&gt; public key</summary>
++        <description>-----BEGIN PGP PUBLIC KEY BLOCK-----
++Version: rpm-4.16.1.2 (NSS-3)
++
++mQINBF4wBvsBEADQmcGbVUbDRUoXADReRmOOEMeydHghtKC9uRs9YNpGYZIB+bie
++bGYZmflQayfh/wEpO2W/IZfGpHPL42V7SbyvqMjwNls/fnXsCtf4LRofNK8Qd9fN
++kYargc9R7BEz/mwXKMiRQVx+DzkmqGWy2gq4iD0/mCyf5FdJCE40fOWoIGJXaOI1
++Tz1vWqKwLS5T0dfmi9U4Tp/XsKOZGvN8oi5h0KmqFk7LEZr1MXarhi2Va86sgxsF
++QcZEKfu5tgD0r00vXzikoSjn3qA5JW5FW07F1pGP4bF5f9J3CZbQyOjTSWMmmfTm
++2d2BURWzaDiJN9twY2yjzkoOMuPdXXvovg7KxLcQerKT+FbKbq8DySJX2rnOA77k
++UG4c9BGf/L1uBkAT8dpHLk6Uf5BfmypxUkydSWT1xfTDnw1MqxO0MsLlAHOR3J7c
++oW9kLcOLuCQn1hBEwfZv7VSWBkGXSmKfp0LLIxAFgRtv+Dh+rcMMRdJgKr1V3FU+
++rZ1+ZAfYiBpQJFPjv70vx+rGEgS801D3PJxBZUEy4Ic4ZYaKNhK9x9PRQuWcIBuW
++6eTe/6lKWZeyxCumLLdiS75mF2oTcBaWeoc3QxrPRV15eDKeYJMbhnUai/7lSrhs
++EWCkKR1RivgF4slYmtNE5ZPGZ/d61zjwn2xi4xNJVs8q9WRPMpHp0vCyMwARAQAB
++tDFGZWRvcmEgKDMzKSA8ZmVkb3JhLTMzLXByaW1hcnlAZmVkb3JhcHJvamVjdC5v
++cmc+iQI4BBMBAgAiBQJeMAb7AhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK
++CRBJ/XdJlXD/MZm2D/9kriL43vd3+0DNMeA82n2v9mSR2PQqKny39xNlYPyy/1yZ
++P/KXoa4NYSCA971LSd7lv4n/h5bEKgGHxZfttfOzOnWMVSSTfjRyM/df/NNzTUEV
++7ORA5GW18g8PEtS7uRxVBf3cLvWu5q+8jmqES5HqTAdGVcuIFQeBXFN8Gy1Jinuz
++AH8rJSdkUeZ0cehWbERq80BWM9dhad5dW+/+Gv0foFBvP15viwhWqajr8V0B8es+
++2/tHI0k86FAujV5i0rrXl5UOoLilO57QQNDZH/qW9GsHwVI+2yecLstpUNLq+EZC
++GqTZCYoxYRpl0gAMbDLztSL/8Bc0tJrCRG3tavJotFYlgUK60XnXlQzRkh9rgsfT
++EXbQifWdQMMogzjCJr0hzJ+V1d0iozdUxB2ZEgTjukOvatkB77DY1FPZRkSFIQs+
++fdcjazDIBLIxwJu5QwvTNW8lOLnJ46g4sf1WJoUdNTbR0BaC7HHj1inVWi0p7IuN
++66EPGzJOSjLK+vW+J0ncPDEgLCV74RF/0nR5fVTdrmiopPrzFuguHf9S9gYI3Zun
++Yl8FJUu4kRO6JPPTicUXWX+8XZmE94aK14RCJL23nOSi8T1eW8JLW43dCBRO8QUE
++Aso1t2pypm/1zZexJdOV8yGME3g5l2W6PLgpz58DBECgqc/kda+VWgEAp7rO2A==
++=EPL3
++-----END PGP PUBLIC KEY BLOCK-----
++</description>
++      </application>
++      <application>
++        <name>libgcc</name>
++        <version>10.2.1</version>
++        <release>9.fc33</release>
+         <arch>x86_64</arch>
++        <url>http://gcc.gnu.org</url>
++        <summary>GCC version 10 shared support library</summary>
++        <description>This package contains GCC shared support library which is needed
++e.g. for exception handling support.</description>
++      </application>
++      <application>
++        <name>ncurses-base</name>
++        <version>6.2</version>
++        <release>3.20200222.fc33</release>
++        <arch>noarch</arch>
++        <url>https://invisible-island.net/ncurses/ncurses.html</url>
++        <summary>Descriptions of common terminals</summary>
++        <description>This package contains descriptions of common terminals. Other terminal
++descriptions are included in the ncurses-term package.</description>
+       </application>
+       <application>
+-        <name>test3</name>
+-        <version>3.0</version>
+-        <release>3.fc14</release>
++        <name>ncurses-libs</name>
++        <version>6.2</version>
++        <release>3.20200222.fc33</release>
+         <arch>x86_64</arch>
++        <url>https://invisible-island.net/ncurses/ncurses.html</url>
++        <summary>Ncurses libraries</summary>
++        <description>The curses library routines are a terminal-independent method of
++updating character screens with reasonable optimization.  The ncurses
++(new curses) library is a freely distributable replacement for the
++discontinued 4.4 BSD classic curses library.
++
++This package contains the ncurses libraries.</description>
++      </application>
++      <application>
++        <name>setup</name>
++        <version>2.13.7</version>
++        <release>2.fc33</release>
++        <arch>noarch</arch>
++        <url>https://pagure.io/setup/</url>
++        <summary>A set of system configuration and setup files</summary>
++        <description>The setup package contains a set of important system configuration and
++setup files, such as passwd, group, and profile.</description>
++      </application>
++      <application>
++        <name>tzdata</name>
++        <version>2021a</version>
++        <release>1.fc33</release>
++        <arch>noarch</arch>
++        <url>https://www.iana.org/time-zones</url>
++        <summary>Timezone data</summary>
++        <description>This package contains data files with rules for various timezones around
++the world.</description>
+       </application>
+     </applications>
+   </operatingsystem>
+diff --git a/inspector/expected-fedora.img.xml b/inspector/expected-fedora.img.xml
+index df6060a73..72cddaf88 100644
+--- a/inspector/expected-fedora.img.xml
++++ b/inspector/expected-fedora.img.xml
+@@ -30,22 +30,212 @@
+     </filesystems>
+     <applications>
+       <application>
+-        <name>test1</name>
+-        <version>1.0</version>
+-        <release>1.fc14</release>
++        <name>basesystem</name>
++        <version>11</version>
++        <release>10.fc33</release>
++        <arch>noarch</arch>
++        <url>(none)</url>
++        <summary>The skeleton package which defines a simple Fedora system</summary>
++        <description>Basesystem defines the components of a basic Fedora system
++(for example, the package installation order to use during bootstrapping).
++Basesystem should be in every installation of a system, and it
++should never be removed.</description>
++      </application>
++      <application>
++        <name>bash</name>
++        <version>5.0.17</version>
++        <release>2.fc33</release>
++        <arch>x86_64</arch>
++        <url>https://www.gnu.org/software/bash</url>
++        <summary>The GNU Bourne Again shell</summary>
++        <description>The GNU Bourne Again shell (Bash) is a shell or command language
++interpreter that is compatible with the Bourne shell (sh). Bash
++incorporates useful features from the Korn shell (ksh) and the C shell
++(csh). Most sh scripts can be run by bash without modification.</description>
++      </application>
++      <application>
++        <name>fedora-gpg-keys</name>
++        <version>33</version>
++        <release>3</release>
++        <arch>noarch</arch>
++        <url>https://fedoraproject.org/</url>
++        <summary>Fedora RPM keys</summary>
++        <description>This package provides the RPM signature keys.</description>
++      </application>
++      <application>
++        <name>fedora-release</name>
++        <version>33</version>
++        <release>3</release>
++        <arch>noarch</arch>
++        <url>https://fedoraproject.org/</url>
++        <summary>Fedora release files</summary>
++        <description>Fedora release files such as various /etc/ files that define the release
++and systemd preset files that determine which services are enabled by default.</description>
++      </application>
++      <application>
++        <name>fedora-release-common</name>
++        <version>33</version>
++        <release>3</release>
++        <arch>noarch</arch>
++        <url>https://fedoraproject.org/</url>
++        <summary>Fedora release files</summary>
++        <description>Release files common to all Editions and Spins of Fedora</description>
++      </application>
++      <application>
++        <name>fedora-release-identity-basic</name>
++        <version>33</version>
++        <release>3</release>
++        <arch>noarch</arch>
++        <url>https://fedoraproject.org/</url>
++        <summary>Package providing the basic Fedora identity</summary>
++        <description>Provides the necessary files for a Fedora installation that is not identifying
++itself as a particular Edition or Spin.</description>
++      </application>
++      <application>
++        <name>fedora-repos</name>
++        <version>33</version>
++        <release>3</release>
++        <arch>noarch</arch>
++        <url>https://fedoraproject.org/</url>
++        <summary>Fedora package repositories</summary>
++        <description>Fedora package repository files for yum and dnf along with gpg public keys.</description>
++      </application>
++      <application>
++        <name>filesystem</name>
++        <version>3.14</version>
++        <release>3.fc33</release>
++        <arch>x86_64</arch>
++        <url>https://pagure.io/filesystem</url>
++        <summary>The basic directory layout for a Linux system</summary>
++        <description>The filesystem package is one of the basic packages that is installed
++on a Linux system. Filesystem contains the basic directory layout
++for a Linux operating system, including the correct permissions for
++the directories.</description>
++      </application>
++      <application>
++        <name>glibc</name>
++        <version>2.32</version>
++        <release>4.fc33</release>
++        <arch>x86_64</arch>
++        <url>http://www.gnu.org/software/glibc/</url>
++        <summary>The GNU libc libraries</summary>
++        <description>The glibc package contains standard libraries which are used by
++multiple programs on the system. In order to save disk space and
++memory, as well as to make upgrading easier, common system code is
++kept in one place and shared between programs. This particular package
++contains the most important sets of shared libraries: the standard C
++library and the standard math library. Without these two libraries, a
++Linux system will not function.</description>
++      </application>
++      <application>
++        <name>glibc-all-langpacks</name>
++        <version>2.32</version>
++        <release>4.fc33</release>
++        <arch>x86_64</arch>
++        <url>http://www.gnu.org/software/glibc/</url>
++        <summary>All language packs for glibc.</summary>
++      </application>
++      <application>
++        <name>glibc-common</name>
++        <version>2.32</version>
++        <release>4.fc33</release>
+         <arch>x86_64</arch>
++        <url>http://www.gnu.org/software/glibc/</url>
++        <summary>Common binaries and locale data for glibc</summary>
++        <description>The glibc-common package includes common binaries for the GNU libc
++libraries, as well as national language (locale) support.</description>
+       </application>
+       <application>
+-        <name>test2</name>
+-        <version>2.0</version>
+-        <release>2.fc14</release>
++        <name>gpg-pubkey</name>
++        <version>9570ff31</version>
++        <release>5e3006fb</release>
++        <arch>(none)</arch>
++        <url>(none)</url>
++        <summary>Fedora (33) &lt;fedora-33-primary@fedoraproject.org&gt; public key</summary>
++        <description>-----BEGIN PGP PUBLIC KEY BLOCK-----
++Version: rpm-4.16.1.2 (NSS-3)
++
++mQINBF4wBvsBEADQmcGbVUbDRUoXADReRmOOEMeydHghtKC9uRs9YNpGYZIB+bie
++bGYZmflQayfh/wEpO2W/IZfGpHPL42V7SbyvqMjwNls/fnXsCtf4LRofNK8Qd9fN
++kYargc9R7BEz/mwXKMiRQVx+DzkmqGWy2gq4iD0/mCyf5FdJCE40fOWoIGJXaOI1
++Tz1vWqKwLS5T0dfmi9U4Tp/XsKOZGvN8oi5h0KmqFk7LEZr1MXarhi2Va86sgxsF
++QcZEKfu5tgD0r00vXzikoSjn3qA5JW5FW07F1pGP4bF5f9J3CZbQyOjTSWMmmfTm
++2d2BURWzaDiJN9twY2yjzkoOMuPdXXvovg7KxLcQerKT+FbKbq8DySJX2rnOA77k
++UG4c9BGf/L1uBkAT8dpHLk6Uf5BfmypxUkydSWT1xfTDnw1MqxO0MsLlAHOR3J7c
++oW9kLcOLuCQn1hBEwfZv7VSWBkGXSmKfp0LLIxAFgRtv+Dh+rcMMRdJgKr1V3FU+
++rZ1+ZAfYiBpQJFPjv70vx+rGEgS801D3PJxBZUEy4Ic4ZYaKNhK9x9PRQuWcIBuW
++6eTe/6lKWZeyxCumLLdiS75mF2oTcBaWeoc3QxrPRV15eDKeYJMbhnUai/7lSrhs
++EWCkKR1RivgF4slYmtNE5ZPGZ/d61zjwn2xi4xNJVs8q9WRPMpHp0vCyMwARAQAB
++tDFGZWRvcmEgKDMzKSA8ZmVkb3JhLTMzLXByaW1hcnlAZmVkb3JhcHJvamVjdC5v
++cmc+iQI4BBMBAgAiBQJeMAb7AhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK
++CRBJ/XdJlXD/MZm2D/9kriL43vd3+0DNMeA82n2v9mSR2PQqKny39xNlYPyy/1yZ
++P/KXoa4NYSCA971LSd7lv4n/h5bEKgGHxZfttfOzOnWMVSSTfjRyM/df/NNzTUEV
++7ORA5GW18g8PEtS7uRxVBf3cLvWu5q+8jmqES5HqTAdGVcuIFQeBXFN8Gy1Jinuz
++AH8rJSdkUeZ0cehWbERq80BWM9dhad5dW+/+Gv0foFBvP15viwhWqajr8V0B8es+
++2/tHI0k86FAujV5i0rrXl5UOoLilO57QQNDZH/qW9GsHwVI+2yecLstpUNLq+EZC
++GqTZCYoxYRpl0gAMbDLztSL/8Bc0tJrCRG3tavJotFYlgUK60XnXlQzRkh9rgsfT
++EXbQifWdQMMogzjCJr0hzJ+V1d0iozdUxB2ZEgTjukOvatkB77DY1FPZRkSFIQs+
++fdcjazDIBLIxwJu5QwvTNW8lOLnJ46g4sf1WJoUdNTbR0BaC7HHj1inVWi0p7IuN
++66EPGzJOSjLK+vW+J0ncPDEgLCV74RF/0nR5fVTdrmiopPrzFuguHf9S9gYI3Zun
++Yl8FJUu4kRO6JPPTicUXWX+8XZmE94aK14RCJL23nOSi8T1eW8JLW43dCBRO8QUE
++Aso1t2pypm/1zZexJdOV8yGME3g5l2W6PLgpz58DBECgqc/kda+VWgEAp7rO2A==
++=EPL3
++-----END PGP PUBLIC KEY BLOCK-----
++</description>
++      </application>
++      <application>
++        <name>libgcc</name>
++        <version>10.2.1</version>
++        <release>9.fc33</release>
+         <arch>x86_64</arch>
++        <url>http://gcc.gnu.org</url>
++        <summary>GCC version 10 shared support library</summary>
++        <description>This package contains GCC shared support library which is needed
++e.g. for exception handling support.</description>
++      </application>
++      <application>
++        <name>ncurses-base</name>
++        <version>6.2</version>
++        <release>3.20200222.fc33</release>
++        <arch>noarch</arch>
++        <url>https://invisible-island.net/ncurses/ncurses.html</url>
++        <summary>Descriptions of common terminals</summary>
++        <description>This package contains descriptions of common terminals. Other terminal
++descriptions are included in the ncurses-term package.</description>
+       </application>
+       <application>
+-        <name>test3</name>
+-        <version>3.0</version>
+-        <release>3.fc14</release>
++        <name>ncurses-libs</name>
++        <version>6.2</version>
++        <release>3.20200222.fc33</release>
+         <arch>x86_64</arch>
++        <url>https://invisible-island.net/ncurses/ncurses.html</url>
++        <summary>Ncurses libraries</summary>
++        <description>The curses library routines are a terminal-independent method of
++updating character screens with reasonable optimization.  The ncurses
++(new curses) library is a freely distributable replacement for the
++discontinued 4.4 BSD classic curses library.
++
++This package contains the ncurses libraries.</description>
++      </application>
++      <application>
++        <name>setup</name>
++        <version>2.13.7</version>
++        <release>2.fc33</release>
++        <arch>noarch</arch>
++        <url>https://pagure.io/setup/</url>
++        <summary>A set of system configuration and setup files</summary>
++        <description>The setup package contains a set of important system configuration and
++setup files, such as passwd, group, and profile.</description>
++      </application>
++      <application>
++        <name>tzdata</name>
++        <version>2021a</version>
++        <release>1.fc33</release>
++        <arch>noarch</arch>
++        <url>https://www.iana.org/time-zones</url>
++        <summary>Timezone data</summary>
++        <description>This package contains data files with rules for various timezones around
++the world.</description>
+       </application>
+     </applications>
+   </operatingsystem>
+-- 
+2.31.1
+

SOURCES/0017-launch-libvirt-place-our-virtio-net-pci-device-in-sl.patch

@@ -0,0 +1,65 @@
+From 6657d0c1018ab44ae680376463ac3f0421548fb4 Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Thu, 23 Dec 2021 11:36:59 +0100
+Subject: [PATCH] launch-libvirt: place our virtio-net-pci device in slot 0x1e
+
+The <qemu:commandline> trick we use for adding our virtio-net-pci device
+in the libvirt backend can conflict with libvirtd's and QEMU's PCI address
+assignment. Try to mitigate that by placing our device in slot 0x1e on the
+root bus. In practice this could only conflict with a "dmi-to-pci-bridge"
+device model, which libvirtd itself places in slot 0x1e. However, given
+the XMLs we generate, and modern QEMU versions, libvirtd has no reason to
+auto-add "dmi-to-pci-bridge". Refer to
+<https://libvirt.org/formatdomain.html#controllers>.
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2034160
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+Message-Id: <20211223103701.12702-2-lersek@redhat.com>
+Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
+Tested-by: Richard W.M. Jones <rjones@redhat.com>
+(cherry picked from commit 5ce5ef6a97a58c5e906083ad4e944545712b3f3f)
+---
+ lib/guestfs-internal.h | 11 +++++++++++
+ lib/launch-libvirt.c   |  4 +++-
+ 2 files changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/lib/guestfs-internal.h b/lib/guestfs-internal.h
+index 4799ee0a1..0b46f0070 100644
+--- a/lib/guestfs-internal.h
++++ b/lib/guestfs-internal.h
+@@ -147,6 +147,17 @@
+ #define VIRTIO_DEVICE_NAME(type) type "-pci"
+ #endif
+ 
++/* Place the virtio-net controller in slot 0x1e on the root bus, on normal
++ * hardware with PCI. Refer to RHBZ#2034160.
++ */
++#ifdef HAVE_LIBVIRT_BACKEND
++#if defined(__arm__) || defined(__s390x__)
++#define VIRTIO_NET_PCI_ADDR ""
++#else
++#define VIRTIO_NET_PCI_ADDR ",addr=1e.0"
++#endif
++#endif
++
+ /* Guestfs handle and associated structures. */
+ 
+ /* State. */
+diff --git a/lib/launch-libvirt.c b/lib/launch-libvirt.c
+index 026dc6b26..5842319df 100644
+--- a/lib/launch-libvirt.c
++++ b/lib/launch-libvirt.c
+@@ -1834,7 +1834,9 @@ construct_libvirt_xml_qemu_cmdline (guestfs_h *g,
+       } end_element ();
+ 
+       start_element ("qemu:arg") {
+-        attribute ("value", VIRTIO_DEVICE_NAME ("virtio-net") ",netdev=usernet");
++        attribute ("value", (VIRTIO_DEVICE_NAME ("virtio-net")
++                             ",netdev=usernet"
++                             VIRTIO_NET_PCI_ADDR));
+       } end_element ();
+     }
+ 
+-- 
+2.31.1
+

SOURCES/0018-lib-extract-NETWORK_ADDRESS-and-NETWORK_PREFIX-as-ma.patch

@@ -0,0 +1,70 @@
+From 4b9eac11db3e2cc9ace397ed4c804356a7d9adbf Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Thu, 23 Dec 2021 11:37:00 +0100
+Subject: [PATCH] lib: extract NETWORK_ADDRESS and NETWORK_PREFIX as macros
+
+The 169.254.0.0/16 network specification (for the appliance) is currently
+duplicated between the direct backend and the libvirt backend. In a
+subsequent patch, we're going to need the network specification in yet
+another spot; extract it now to the NETWORK_ADDRESS and NETWORK_PREFIX
+macros (simply as strings).
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2034160
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+Message-Id: <20211223103701.12702-3-lersek@redhat.com>
+Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
+Tested-by: Richard W.M. Jones <rjones@redhat.com>
+(cherry picked from commit 216de164e091a5c36403f24901698044a43ae0d9)
+---
+ lib/guestfs-internal.h | 6 ++++++
+ lib/launch-direct.c    | 2 +-
+ lib/launch-libvirt.c   | 3 ++-
+ 3 files changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/lib/guestfs-internal.h b/lib/guestfs-internal.h
+index 0b46f0070..97a13ff2c 100644
+--- a/lib/guestfs-internal.h
++++ b/lib/guestfs-internal.h
+@@ -158,6 +158,12 @@
+ #endif
+ #endif
+ 
++/* Network address and network mask (expressed as address prefix) that the
++ * appliance will see (if networking is enabled).
++ */
++#define NETWORK_ADDRESS "169.254.0.0"
++#define NETWORK_PREFIX  "16"
++
+ /* Guestfs handle and associated structures. */
+ 
+ /* State. */
+diff --git a/lib/launch-direct.c b/lib/launch-direct.c
+index b6ed9766f..de17d2167 100644
+--- a/lib/launch-direct.c
++++ b/lib/launch-direct.c
+@@ -681,7 +681,7 @@ launch_direct (guestfs_h *g, void *datav, const char *arg)
+     start_list ("-netdev") {
+       append_list ("user");
+       append_list ("id=usernet");
+-      append_list ("net=169.254.0.0/16");
++      append_list ("net=" NETWORK_ADDRESS "/" NETWORK_PREFIX);
+     } end_list ();
+     start_list ("-device") {
+       append_list (VIRTIO_DEVICE_NAME ("virtio-net"));
+diff --git a/lib/launch-libvirt.c b/lib/launch-libvirt.c
+index 5842319df..0f38f0aec 100644
+--- a/lib/launch-libvirt.c
++++ b/lib/launch-libvirt.c
+@@ -1826,7 +1826,8 @@ construct_libvirt_xml_qemu_cmdline (guestfs_h *g,
+       } end_element ();
+ 
+       start_element ("qemu:arg") {
+-        attribute ("value", "user,id=usernet,net=169.254.0.0/16");
++        attribute ("value",
++                   "user,id=usernet,net=" NETWORK_ADDRESS "/" NETWORK_PREFIX);
+       } end_element ();
+ 
+       start_element ("qemu:arg") {
+-- 
+2.31.1
+

SOURCES/0019-launch-libvirt-add-virtio-net-via-the-standard-inter.patch

@@ -0,0 +1,91 @@
+From 8570de6e766297e4c9feab1c54ae05037f33edeb Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Thu, 23 Dec 2021 11:37:01 +0100
+Subject: [PATCH] launch-libvirt: add virtio-net via the standard <interface>
+ element
+
+Starting with version 3.8.0, libvirt allows us to specify the network
+address and network mask (as prefix) for SLIRP directly via the
+<interface> element in the domain XML:
+<https://libvirt.org/formatdomain.html#userspace-slirp-stack>. This means
+we don't need the <qemu:commandline> hack for virtio-net on such versions.
+
+Restrict the hack in construct_libvirt_xml_qemu_cmdline() to
+libvirt<3.8.0, and generate the proper <interface> element in
+construct_libvirt_xml_devices() on libvirt>=3.8.0.
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2034160
+Suggested-by: Richard W.M. Jones <rjones@redhat.com>
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+Message-Id: <20211223103701.12702-4-lersek@redhat.com>
+Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
+Tested-by: Richard W.M. Jones <rjones@redhat.com>
+(cherry picked from commit 5858c2cf6c24b3776e3867eafd9d86a1f4912d9c)
+---
+ lib/guestfs-internal.h |  3 ++-
+ lib/launch-libvirt.c   | 27 +++++++++++++++++++++++++--
+ 2 files changed, 27 insertions(+), 3 deletions(-)
+
+diff --git a/lib/guestfs-internal.h b/lib/guestfs-internal.h
+index 97a13ff2c..b11c945e9 100644
+--- a/lib/guestfs-internal.h
++++ b/lib/guestfs-internal.h
+@@ -148,7 +148,8 @@
+ #endif
+ 
+ /* Place the virtio-net controller in slot 0x1e on the root bus, on normal
+- * hardware with PCI. Refer to RHBZ#2034160.
++ * hardware with PCI. Necessary only before libvirt 3.8.0. Refer to
++ * RHBZ#2034160.
+  */
+ #ifdef HAVE_LIBVIRT_BACKEND
+ #if defined(__arm__) || defined(__s390x__)
+diff --git a/lib/launch-libvirt.c b/lib/launch-libvirt.c
+index 0f38f0aec..f6bb39d99 100644
+--- a/lib/launch-libvirt.c
++++ b/lib/launch-libvirt.c
+@@ -1396,6 +1396,28 @@ construct_libvirt_xml_devices (guestfs_h *g,
+       } end_element ();
+     } end_element ();
+ 
++    /* Virtio-net NIC with SLIRP (= userspace) back-end, if networking is
++     * enabled. Starting with libvirt 3.8.0, we can specify the network address
++     * and prefix for SLIRP in the domain XML. Therefore, we can add the NIC
++     * via the standard <interface> element rather than <qemu:commandline>, and
++     * so libvirt can manage the PCI address of the virtio-net NIC like the PCI
++     * addresses of all other devices. Refer to RHBZ#2034160.
++     */
++    if (g->enable_network &&
++        guestfs_int_version_ge (&params->data->libvirt_version, 3, 8, 0)) {
++      start_element ("interface") {
++        attribute ("type", "user");
++        start_element ("model") {
++          attribute ("type", "virtio");
++        } end_element ();
++        start_element ("ip") {
++          attribute ("family", "ipv4");
++          attribute ("address", NETWORK_ADDRESS);
++          attribute ("prefix", NETWORK_PREFIX);
++        } end_element ();
++      } end_element ();
++    }
++
+     /* Libvirt adds some devices by default.  Indicate to libvirt
+      * that we don't want them.
+      */
+@@ -1818,9 +1840,10 @@ construct_libvirt_xml_qemu_cmdline (guestfs_h *g,
+     } end_element ();
+ 
+     /* Workaround because libvirt user networking cannot specify "net="
+-     * parameter.
++     * parameter. Necessary only before libvirt 3.8.0; refer to RHBZ#2034160.
+      */
+-    if (g->enable_network) {
++    if (g->enable_network &&
++        !guestfs_int_version_ge (&params->data->libvirt_version, 3, 8, 0)) {
+       start_element ("qemu:arg") {
+         attribute ("value", "-netdev");
+       } end_element ();
+-- 
+2.31.1
+

SOURCES/0020-appliance-Use-cpu-max.patch

@@ -0,0 +1,86 @@
+From fbb053fc71c0c072acb3fbf6e5fbbfc3b0667fd2 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Thu, 28 Jan 2021 12:20:49 +0000
+Subject: [PATCH] appliance: Use -cpu max.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+QEMU has a newish feature (from about 2017 / qemu 2.9) called -cpu max
+which is supposed to select the best CPU, ideal for libguestfs.
+
+After this change, on x86-64:
+
+               KVM                          TCG
+
+Direct         -cpu max                     -cpu max
+(non-libvirt)
+
+Libvirt   <cpu mode="host-passthrough">     <cpu mode="host-model">
+            <model fallback="allow"/>         <model fallback="allow"/>
+          </cpu>                            </cpu>
+
+Thanks: Daniel Berrangé
+(cherry picked from commit 30f74f38bd6e42e783ba80895f4d6826abddd417)
+---
+ lib/appliance-cpu.c  | 16 ++++++++--------
+ lib/launch-libvirt.c |  9 +++++++++
+ 2 files changed, 17 insertions(+), 8 deletions(-)
+
+diff --git a/lib/appliance-cpu.c b/lib/appliance-cpu.c
+index 5ef9f5c72..54ac6e2e3 100644
+--- a/lib/appliance-cpu.c
++++ b/lib/appliance-cpu.c
+@@ -38,6 +38,11 @@
+  *
+  * The literal string C<"host"> means use C<-cpu host>.
+  *
++ * =item C<"max">
++ *
++ * The literal string C<"max"> means use C<-cpu max> (the best
++ * possible).  This requires awkward translation for libvirt.
++ *
+  * =item some string
+  *
+  * Some string such as C<"cortex-a57"> means use C<-cpu cortex-a57>.
+@@ -80,14 +85,9 @@ guestfs_int_get_cpu_model (int kvm)
+   /* See discussion in https://bugzilla.redhat.com/show_bug.cgi?id=1605071 */
+   return NULL;
+ #else
+-  /* On most architectures, it is faster to pass the CPU host model to
+-   * the appliance, allowing maximum speed for things like checksums
+-   * and encryption.  Only do this with KVM.  It is broken in subtle
+-   * ways on TCG, and fairly pointless when you're emulating anyway.
++  /* On most architectures we can use "max" to get the best possible CPU.
++   * For recent qemu this should work even on TCG.
+    */
+-  if (kvm)
+-    return "host";
+-  else
+-    return NULL;
++  return "max";
+ #endif
+ }
+diff --git a/lib/launch-libvirt.c b/lib/launch-libvirt.c
+index f6bb39d99..e3ff1ffe0 100644
+--- a/lib/launch-libvirt.c
++++ b/lib/launch-libvirt.c
+@@ -1169,6 +1169,15 @@ construct_libvirt_xml_cpu (guestfs_h *g,
+           attribute ("fallback", "allow");
+         } end_element ();
+       }
++      else if (STREQ (cpu_model, "max")) {
++        if (params->data->is_kvm)
++          attribute ("mode", "host-passthrough");
++        else
++          attribute ("mode", "host-model");
++        start_element ("model") {
++          attribute ("fallback", "allow");
++        } end_element ();
++      }
+       else
+         single_element ("model", cpu_model);
+     } end_element ();
+-- 
+2.31.1
+

SOURCES/0021-appliance-Use-cpu-mode-maximum-for-cpu-max-on-libvir.patch

@@ -0,0 +1,48 @@
+From 7dde1007525ec235e769351be15ca5de34eeda4a Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Thu, 18 Mar 2021 12:32:26 +0000
+Subject: [PATCH] appliance: Use <cpu mode="maximum"/> for -cpu max on libvirt.
+
+Note this requires libvirt >= 7.1.0 which was only released in March 2021.
+
+With an older libvirt you will see this error:
+
+  Original error from libvirt: unsupported configuration: Invalid mode attribute 'maximum' [code=67 int1=-1]
+
+In theory we could check if this is supported by looking at the
+libvirt capabilities and fall back, but this commit does not do that,
+in the expectation that most people will be using the default backend
+(direct) and on Fedora/RHEL we will add an explicit minimum version
+dependency to the package.
+
+qemu support has been around quite a bit longer (at least since 2017).
+
+Fixes: commit 30f74f38bd6e42e783ba80895f4d6826abddd417
+(cherry picked from commit 13ceb6a87b2869909a6a0e3c8caa962b72e4cb0e)
+---
+ lib/launch-libvirt.c | 9 ++-------
+ 1 file changed, 2 insertions(+), 7 deletions(-)
+
+diff --git a/lib/launch-libvirt.c b/lib/launch-libvirt.c
+index e3ff1ffe0..db619910f 100644
+--- a/lib/launch-libvirt.c
++++ b/lib/launch-libvirt.c
+@@ -1170,13 +1170,8 @@ construct_libvirt_xml_cpu (guestfs_h *g,
+         } end_element ();
+       }
+       else if (STREQ (cpu_model, "max")) {
+-        if (params->data->is_kvm)
+-          attribute ("mode", "host-passthrough");
+-        else
+-          attribute ("mode", "host-model");
+-        start_element ("model") {
+-          attribute ("fallback", "allow");
+-        } end_element ();
++        /* https://bugzilla.redhat.com/show_bug.cgi?id=1935572#c11 */
++        attribute ("mode", "maximum");
+       }
+       else
+         single_element ("model", cpu_model);
+-- 
+2.31.1
+

SOURCES/0022-lib-Disable-5-level-page-tables-when-using-cpu-max.patch

@@ -0,0 +1,92 @@
+From bb19cc0cdd43619ccf830e1e608f79e46f8ddf86 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Thu, 12 May 2022 08:36:37 +0100
+Subject: [PATCH] lib: Disable 5-level page tables when using -cpu max
+
+In https://bugzilla.redhat.com/show_bug.cgi?id=2082806 we've been
+tracking an insidious qemu bug which intermittently prevents the
+libguestfs appliance from starting.  The symptoms are that SeaBIOS
+starts and displays its messages, but the kernel isn't reached.  We
+found that the kernel does in fact start, but when it tries to set up
+page tables and jump to protected mode it gets a triple fault which
+causes the emulated CPU in qemu to reset (qemu exits).
+
+This seems to only affect TCG (not KVM).
+
+Yesterday I found that this is caused by using -cpu max which enables
+the "la57" feature (5-level page tables[0]), and that we can make the
+problem go away using -cpu max,la57=off.  Note that I still don't
+fully understand the qemu bug, so this is only a workaround.
+
+I chose to disable 5-level page tables for both TCG and KVM, partly to
+make the patch simpler, and partly because I guess it's not a feature
+(ie. 57 bit linear addresses) that is useful for the libguestfs
+appliance case, where we have limited physical memory and no need to
+run any programs with huge address spaces.
+
+I tested this by running both the direct & libvirt paths overnight.  I
+expect that this patch will fail with old qemu/libvirt which doesn't
+understand the "la57" feature, but this is only intended as a
+temporary workaround.
+
+[0] Article about 5-level page tables as background:
+https://lwn.net/Articles/717293/
+
+Thanks: Laszlo Ersek
+Fixes: https://answers.launchpad.net/ubuntu/+source/libguestfs/+question/701625
+
+[RHEL 8.7: Patch is not upstream.  This is the initial patch as posted
+to the mailing list here:
+https://listman.redhat.com/archives/libguestfs/2022-May/028853.html]
+---
+ lib/launch-direct.c  | 15 +++++++++++++--
+ lib/launch-libvirt.c |  7 +++++++
+ 2 files changed, 20 insertions(+), 2 deletions(-)
+
+diff --git a/lib/launch-direct.c b/lib/launch-direct.c
+index de17d2167..6b28e4724 100644
+--- a/lib/launch-direct.c
++++ b/lib/launch-direct.c
+@@ -534,8 +534,19 @@ launch_direct (guestfs_h *g, void *datav, const char *arg)
+   } end_list ();
+ 
+   cpu_model = guestfs_int_get_cpu_model (has_kvm && !force_tcg);
+-  if (cpu_model)
+-    arg ("-cpu", cpu_model);
++  if (cpu_model) {
++#if defined(__x86_64__)
++    /* Temporary workaround for RHBZ#2082806 */
++    if (STREQ (cpu_model, "max")) {
++      start_list ("-cpu") {
++        append_list (cpu_model);
++        append_list ("la57=off");
++      } end_list ();
++    }
++    else
++#endif
++      arg ("-cpu", cpu_model);
++  }
+ 
+   if (g->smp > 1)
+     arg_format ("-smp", "%d", g->smp);
+diff --git a/lib/launch-libvirt.c b/lib/launch-libvirt.c
+index db619910f..bad4a54ea 100644
+--- a/lib/launch-libvirt.c
++++ b/lib/launch-libvirt.c
+@@ -1172,6 +1172,13 @@ construct_libvirt_xml_cpu (guestfs_h *g,
+       else if (STREQ (cpu_model, "max")) {
+         /* https://bugzilla.redhat.com/show_bug.cgi?id=1935572#c11 */
+         attribute ("mode", "maximum");
++#if defined(__x86_64__)
++        /* Temporary workaround for RHBZ#2082806 */
++        start_element ("feature") {
++          attribute ("policy", "disable");
++          attribute ("name", "la57");
++        } end_element ();
++#endif
+       }
+       else
+         single_element ("model", cpu_model);
+-- 
+2.31.1
+

SOURCES/0023-docs-guestfs-security-document-CVE-2022-2211.patch

@@ -0,0 +1,103 @@
+From 22d779d5982dc82d629710d41973ed6545707bd9 Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Tue, 28 Jun 2022 13:54:16 +0200
+Subject: [PATCH] docs/guestfs-security: document CVE-2022-2211
+
+Short log for the common submodule, commit range
+f8de5508fe75..35467027f657:
+
+Laszlo Ersek (2):
+      mlcustomize: factor out pkg install/update/uninstall from guestfs-tools
+      options: fix buffer overflow in get_keys() [CVE-2022-2211]
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2100862
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+Message-Id: <20220628115418.5376-2-lersek@redhat.com>
+Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
+
+Cherry picked from commit 99844660b48ed809e37378262c65d63df6ce4a53.
+For the cherry pick I only added one submodule commit:
+
+options: fix buffer overflow in get_keys() [CVE-2022-2211]
+---
+ common                    |  2 +-
+ docs/guestfs-security.pod | 28 ++++++++++++++++++++++++++++
+ 2 files changed, 29 insertions(+), 1 deletion(-)
+
+Submodule common be09523d6..1174b443a:
+diff --git a/common/options/keys.c b/common/options/keys.c
+index 798315c..d27a712 100644
+--- a/common/options/keys.c
++++ b/common/options/keys.c
+@@ -128,17 +128,23 @@ read_first_line_from_file (const char *filename)
+ char **
+ get_keys (struct key_store *ks, const char *device, const char *uuid)
+ {
+-  size_t i, j, len;
++  size_t i, j, nmemb;
+   char **r;
+   char *s;
+ 
+   /* We know the returned list must have at least one element and not
+    * more than ks->nr_keys.
+    */
+-  len = 1;
+-  if (ks)
+-    len = MIN (1, ks->nr_keys);
+-  r = calloc (len+1, sizeof (char *));
++  nmemb = 1;
++  if (ks && ks->nr_keys > nmemb)
++    nmemb = ks->nr_keys;
++
++  /* make room for the terminating NULL */
++  if (nmemb == (size_t)-1)
++    error (EXIT_FAILURE, 0, _("size_t overflow"));
++  nmemb++;
++
++  r = calloc (nmemb, sizeof (char *));
+   if (r == NULL)
+     error (EXIT_FAILURE, errno, "calloc");
+ 
+diff --git a/docs/guestfs-security.pod b/docs/guestfs-security.pod
+index 9ceef5623..efa35b29d 100644
+--- a/docs/guestfs-security.pod
++++ b/docs/guestfs-security.pod
+@@ -406,6 +406,34 @@ The libvirt backend is not affected.
+ The solution is to update qemu to a version containing the fix (see
+ L<https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html>).
+ 
++=head2 CVE-2022-2211
++
++L<https://bugzilla.redhat.com/CVE-2022-2211>
++
++The C<get_keys> function in F<libguestfs-common/options/keys.c> collects
++those I<--key> options from the command line into a new array that match
++a particular block device that's being decrypted for inspection. The
++function intends to size the result array such that potentially all
++I<--key> options, plus a terminating C<NULL> element, fit into it. The
++code mistakenly uses the C<MIN> macro instead of C<MAX>, and therefore
++only one element is allocated before the C<NULL> terminator.
++
++Passing precisely two I<--key ID:...> options on the command line for
++the encrypted block device C<ID> causes C<get_keys> to overwrite the
++terminating C<NULL>, leading to an out-of-bounds read in
++C<decrypt_mountables>, file F<libguestfs-common/options/decrypt.c>.
++
++Passing more than two I<--key ID:...> options on the command line for
++the encrypted block device C<ID> causes C<get_keys> itself to perform
++out-of-bounds writes. The most common symptom is a crash with C<SIGSEGV>
++later on.
++
++This issue affects -- broadly speaking -- all libguestfs-based utilities
++that accept I<--key>, namely: C<guestfish>, C<guestmount>, C<virt-cat>,
++C<virt-customize>, C<virt-diff>, C<virt-edit>, C<virt-get-kernel>,
++C<virt-inspector>, C<virt-log>, C<virt-ls>, C<virt-sparsify>,
++C<virt-sysprep>, C<virt-tail>, C<virt-v2v>.
++
+ =head1 SEE ALSO
+ 
+ L<guestfs(3)>,
+-- 
+2.31.1
+

SOURCES/README-replacement.in

@@ -8,7 +8,8 @@ list:
 
   http://www.redhat.com/mailman/listinfo/libguestfs
 
-This package comes with a lot of help and examples to get you started.
+This Red Hat Enterprise Linux package comes with a lot of help and
+examples to get you started.
 
 The first place to start are the manual pages.  Type:
 
@@ -19,19 +20,19 @@ The first place to start are the manual pages.  Type:
   man virt-cat   # and other virt-* tools
 
 If you install the libguestfs-devel package, then in the
-/usr/share/doc/libguestfs-devel/ directory you will find other
+/usr/share/doc/libguestfs-devel/ directory you will also
-documentation including:
+find:
 
  - BUGS: list of open bugs in this version
 
- - ChangeLog.gz: the detailed list of changes in this version
+ - ChangeLog: the detailed list of changes in this version
 
- - HACKING: how to extend libguestfs
+ - ROADMAP: the roadmap for future versions
 
  - TODO: ideas for extending libguestfs
 
  - *.c: example C programs using the API
 
- - *.xml.gz: example virt-inspector output (compressed)
+ - *.xml: example virt-inspector output
 
- - virt-inspector.rng: virt-inspector RelaxNG schema
+ - *.rng: virt-inspector RelaxNG schema

SOURCES/copy-patches.sh

@@ -6,29 +6,24 @@ set -e
 # directory.  Use it like this:
 #   ./copy-patches.sh
 
-project=libguestfs
+rhel_version=8.7.0
-rhel_version=9.3
 
 # Check we're in the right directory.
-if [ ! -f $project.spec ]; then
+if [ ! -f libguestfs.spec ]; then
-    echo "$0: run this from the directory containing '$project.spec'"
+    echo "$0: run this from the directory containing 'libguestfs.spec'"
     exit 1
 fi
 
-case `id -un` in
+git_checkout=$HOME/d/libguestfs-rhel-$rhel_version
-    rjones) git_checkout=$HOME/d/$project-rhel-$rhel_version ;;
-    lacos)  git_checkout=$HOME/src/v2v/$project ;;
-    *)      git_checkout=$HOME/d/$project-rhel-$rhel_version ;;
-esac
 if [ ! -d $git_checkout ]; then
     echo "$0: $git_checkout does not exist"
     echo "This script is only for use by the maintainer when preparing a"
-    echo "$project release on RHEL."
+    echo "libguestfs release on RHEL."
     exit 1
 fi
 
-# Get the base version of the project.
+# Get the base version of libguestfs.
-version=`grep '^Version:' $project.spec | awk '{print $2}'`
+version=`grep '^Version:' libguestfs.spec | awk '{print $2}'`
 tag="v$version"
 
 # Remove any existing patches.
@@ -36,12 +31,7 @@ git rm -f [0-9]*.patch ||:
 rm -f [0-9]*.patch
 
 # Get the patches.
-(
+(cd $git_checkout; rm -f [0-9]*.patch; git format-patch -N --submodule=diff $tag)
-  cd $git_checkout
-  rm -f [0-9]*.patch
-  git -c core.abbrev=8 format-patch -O/dev/null --subject-prefix=PATCH -N \
-      --submodule=diff --no-signature --patience $tag
-)
 mv $git_checkout/[0-9]*.patch .
 
 # Remove any not to be applied.
@@ -52,7 +42,7 @@ git add [0-9]*.patch
 
 # Print out the patch lines.
 echo
-echo "--- Copy the following text into $project.spec file"
+echo "--- Copy the following text into libguestfs.spec file"
 echo
 
 echo "# Patches."

SOURCES/libguestfs-1.44.0.tar.gz.sig

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAl/1jrcRHHJpY2hAYW5u
+ZXhpYS5vcmcACgkQkXOPc+G3aKCBcQ/+JwE8JTm3PdTPGoKxCqSgAOirbqE4ZvMY
+p/3y5mexagcWXx6X2Y+u6dlybS06jFR8TkbjdE3VAhhJo0C8l1vfvUTWKVDZoBhG
+3jZ6e+exff3VEUY4nFIVvYPNP+/J1BCiexMO0/2f1MDKwnJ73je9GlzwPEpdqPj/
+jSxaAy1G/rA5qV5rWQd4n5S9m8zRnf1lnM7YI7I0PunC2Wt/U6BZidL/FVVWVBxV
+DGKTIy7GgWnfGWdqJ+Wi9o9QCJH/9FGTP35xonyQEM/7GI+jLz+a9g2xgvv584Ni
+FF0Gqywrp5QFd13Nj3MPM7MXjGjUY5vB964k3mgE4fH91CnVvisRWfUCCo+c/9wG
+odS0YTrveWJpm0oYU2tL3AjahRclskAxXEIxx9kbnWMUTrpXG0r8G4+vE+estCjb
+mbyK5FQh2KASqNgmeopjK9DAEwD7SfPyHmPQ07Q76Pgl8X+FfBX2uyXBjaR5IJJJ
+qVVamdVtPilqwWqQ8hGkKE0qVKqZHGCOJ8+AkQjHjUtSVegT6zHmCG/bM4im1dGV
+r9fv6oQ7kWViz8mBluoETWr5sd2AfLOdLS8A42JaOnU7ASJUX/9eN0Y9u4BYC9P3
+l+QXikyq6T/4iC+tADOYGBr9uNitksLwSSUYScpnN+4AY+M+qjXTBq38MEHmwcgK
+5mwscgQefcY=
+=UrAA
+-----END PGP SIGNATURE-----

SOURCES/libguestfs-1.50.1.tar.gz.sig

@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAmP1QzoRHHJpY2hAYW5u
-ZXhpYS5vcmcACgkQkXOPc+G3aKCAEBAAimQxT37HMWTHOqvj4s6ipOhDCNPlqo4L
-z+syvIkgbp024IOPUbrlmSCtrCFiLXsRmmenynFv66N8GXoWmJruyJMyvBxsupZT
-lTo7WdCEix/xPh/LAb8Q9RWA2SQYfkOKHRs/gr4b/LbtXBklMlcOdhegx3Mml4SW
-gwK5n799YebUVgzYch5hWjHcRAphPaUdMyaJ6MUnFrfUPyGK2QO1yXdnGxkseAPz
-srjlhFqu5kNojWzcaNcdHBdKvJVEZo7L6laADRS31sRH0BGVc6/DFJgOPdxROGJe
-oeq3Oo1EF88P15NSTNZSXLa65n9kts2OnqRgX/c3njV9+1/JPHJWVM+VezuCcN8D
-hHktHVOBjM209N5RmLtR92eROvo1aTrgjsLqOTvwbKBu7NrPc4ZICnX7dMjD6irj
-vQz0P5MUmELMvdEN3FMGf45v77z+249e1z+5EGi2HUPKLfxd+I3+2mxUm2xjWOy/
-zNzkG2rCgYRB8Tioj6Mw80RYKioRyu8p5lUZvvLk85CJbT4BFH8rXgJbrEBOSunE
-lWEcv690GzyszAN8zKZaIqhNzIKdlkQZAd1DMXfNBEfAy23YHRApB1O2EFhNAjAf
-yEsUjpiYc0pq64QiCPGzUp4iLfMt9hg4ey5Pquud/j6cfvJ3ak5gZECbFnbUjysZ
-YYpwSgy/FVI=
-=OPC/
------END PGP SIGNATURE-----