From 505b1d6f2b69df84100a19cdce7e84930fee192f Mon Sep 17 00:00:00 2001 From: eabdullin Date: Thu, 5 Feb 2026 11:36:33 +0000 Subject: [PATCH] import OL libnbd-1.22.2-3.el10_1 --- .gitignore | 4 +- .libnbd.metadata | 2 - ...o-build-target-RUST_TARGET-to-be-set.patch | 51 + 0003-maint-Spelling-fixes.patch | 318 +++++ ...const-correctness-warnings-in-golang.patch | 89 ++ ...olerate-nbdkit-slop-on-large-extents.patch | 114 ++ ...uple-of-minor-features-that-have-bee.patch | 42 + ...-ublk-Remove-unused-EXPECTED_VERSION.patch | 28 + 0008-copy-Add-blkhash-option.patch | 1111 +++++++++++++++++ ...hen-blkhash-size-is-not-a-power-of-2.patch | 33 + ...e-block_type-outside-of-block-struct.patch | 66 + 0011-copy-Shrink-struct-block.patch | 78 ++ ...o-optimization-for-allocated-extents.patch | 65 + ...ix-corrupted-hash-on-incomplete-read.patch | 39 + 0014-build-Add-.-configure-with-extra.patch | 76 ++ 0015-lib-New-API-nbd_get_version_extra.patch | 107 ++ ...version-information-in-the-output-of.patch | 268 ++++ ...uri-Sanitize-user-provided-hostnames.patch | 78 ++ ...i.c-Fix-indices-in-SSH-command-array.patch | 59 + ...-sparse-file.sh-Skip-test-unless-nbd.patch | 30 - ...nerator-Refactor-CONNECT.START-state.patch | 57 - ...a-better-error-message-if-connect-2-.patch | 48 - ...t_go-Tolerate-unplanned-server-death.patch | 59 - ...ocument-assignment-of-CVE-2021-20286.patch | 40 - ...my-variable-rather-than-errno-to-cal.patch | 163 --- ...85-Fail-nbdcopy-if-NBD-read-or-write.patch | 318 ----- ...-build-Move-to-minimum-gnutls-3.5.18.patch | 94 -- ...actor-out-some-common-Makefile-flags.patch | 727 ----------- ...i.c-Ensure-Unix-domain-socket-is-cle.patch | 149 --- ...rtificates-DIR-query-parameter-in-UR.patch | 194 --- ...h-Use-Subject-Alternative-Name-for-s.patch | 33 - ...ck-server-certificate-even-when-usin.patch | 57 - ...ow-CA-verification-even-if-h-hostnam.patch | 76 -- ...tls-verify-peer-to-be-overridden-in-.patch | 90 -- ...d-link-to-TLS-server-certificate-che.patch | 32 - ...bd-security.pod-Assign-CVE-2024-7383.patch | 34 - SOURCES/libnbd-1.6.0.tar.gz.sig | 17 - SPECS/libnbd.spec | 441 ------- SOURCES/copy-patches.sh => copy-patches.sh | 2 +- libnbd-1.22.2.tar.gz.sig | 17 + libnbd.spec | 1041 +++++++++++++++ sources | 2 + 42 files changed, 3685 insertions(+), 2664 deletions(-) delete mode 100644 .libnbd.metadata create mode 100644 0001-rust-Allow-cargo-build-target-RUST_TARGET-to-be-set.patch create mode 100644 0003-maint-Spelling-fixes.patch create mode 100644 0004-generator-Avoid-const-correctness-warnings-in-golang.patch create mode 100644 0005-info-Tolerate-nbdkit-slop-on-large-extents.patch create mode 100644 0006-todo-Remove-a-couple-of-minor-features-that-have-bee.patch create mode 100644 0007-ublk-Remove-unused-EXPECTED_VERSION.patch create mode 100644 0008-copy-Add-blkhash-option.patch create mode 100644 0009-copy-Fix-crash-when-blkhash-size-is-not-a-power-of-2.patch create mode 100644 0010-copy-Define-block_type-outside-of-block-struct.patch create mode 100644 0011-copy-Shrink-struct-block.patch create mode 100644 0012-copy-Enable-zero-optimization-for-allocated-extents.patch create mode 100644 0013-copy-Fix-corrupted-hash-on-incomplete-read.patch create mode 100644 0014-build-Add-.-configure-with-extra.patch create mode 100644 0015-lib-New-API-nbd_get_version_extra.patch create mode 100644 0016-tools-Add-extra-version-information-in-the-output-of.patch create mode 100644 0017-uri-Sanitize-user-provided-hostnames.patch create mode 100644 0018-lib-uri.c-Fix-indices-in-SSH-command-array.patch delete mode 100644 SOURCES/0001-copy-copy-nbd-to-sparse-file.sh-Skip-test-unless-nbd.patch delete mode 100644 SOURCES/0002-generator-Refactor-CONNECT.START-state.patch delete mode 100644 SOURCES/0003-generator-Print-a-better-error-message-if-connect-2-.patch delete mode 100644 SOURCES/0004-opt_go-Tolerate-unplanned-server-death.patch delete mode 100644 SOURCES/0005-security-Document-assignment-of-CVE-2021-20286.patch delete mode 100644 SOURCES/0006-copy-Pass-in-dummy-variable-rather-than-errno-to-cal.patch delete mode 100644 SOURCES/0007-copy-CVE-2022-0485-Fail-nbdcopy-if-NBD-read-or-write.patch delete mode 100644 SOURCES/0008-build-Move-to-minimum-gnutls-3.5.18.patch delete mode 100644 SOURCES/0009-tests-Factor-out-some-common-Makefile-flags.patch delete mode 100644 SOURCES/0010-tests-connect-uri.c-Ensure-Unix-domain-socket-is-cle.patch delete mode 100644 SOURCES/0011-lib-Allow-tls-certificates-DIR-query-parameter-in-UR.patch delete mode 100644 SOURCES/0012-tests-make-pki.sh-Use-Subject-Alternative-Name-for-s.patch delete mode 100644 SOURCES/0013-lib-crypto.c-Check-server-certificate-even-when-usin.patch delete mode 100644 SOURCES/0014-lib-crypto.c-Allow-CA-verification-even-if-h-hostnam.patch delete mode 100644 SOURCES/0015-lib-uri.c-Allow-tls-verify-peer-to-be-overridden-in-.patch delete mode 100644 SOURCES/0016-docs-security-Add-link-to-TLS-server-certificate-che.patch delete mode 100644 SOURCES/0017-docs-libnbd-security.pod-Assign-CVE-2024-7383.patch delete mode 100644 SOURCES/libnbd-1.6.0.tar.gz.sig delete mode 100644 SPECS/libnbd.spec rename SOURCES/copy-patches.sh => copy-patches.sh (98%) mode change 100755 => 100644 create mode 100644 libnbd-1.22.2.tar.gz.sig create mode 100644 libnbd.spec create mode 100644 sources diff --git a/.gitignore b/.gitignore index 2f4c71e..5987348 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/libguestfs.keyring -SOURCES/libnbd-1.6.0.tar.gz +libguestfs.keyring +libnbd-1.22.2.tar.gz diff --git a/.libnbd.metadata b/.libnbd.metadata deleted file mode 100644 index bcedfd1..0000000 --- a/.libnbd.metadata +++ /dev/null @@ -1,2 +0,0 @@ -1bbc40f501a7fef9eef2a39b701a71aee2fea7c4 SOURCES/libguestfs.keyring -b14ac9349d324df71d26cf3de9fb606c56f18cb0 SOURCES/libnbd-1.6.0.tar.gz diff --git a/0001-rust-Allow-cargo-build-target-RUST_TARGET-to-be-set.patch b/0001-rust-Allow-cargo-build-target-RUST_TARGET-to-be-set.patch new file mode 100644 index 0000000..ef877ee --- /dev/null +++ b/0001-rust-Allow-cargo-build-target-RUST_TARGET-to-be-set.patch @@ -0,0 +1,51 @@ +From 1455311720b64b51a75fbc9f4da3e4a43551df53 Mon Sep 17 00:00:00 2001 +From: "Richard W.M. Jones" +Date: Tue, 22 Apr 2025 17:30:02 +0100 +Subject: [PATCH] rust: Allow cargo build --target $RUST_TARGET to be set + +(cherry picked from commit 6bfae4e22aad0d21a326ea2418dbc0d59718e14e) +--- + configure.ac | 2 ++ + rust/Makefile.am | 6 ++++-- + 2 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 5feb6dbc..40d4f79f 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -751,6 +751,8 @@ AS_IF([test "x$enable_rust" != "xno"],[ + CARGO=no + ]) + ]) ++ AC_ARG_VAR([RUST_TARGET], ++ [if set, cargo build uses --target $RUST_TARGET]) + ],[CARGO=no]) + AM_CONDITIONAL([HAVE_RUST],[test "x$CARGO" != "xno"]) + +diff --git a/rust/Makefile.am b/rust/Makefile.am +index a7700d69..29c29bd9 100644 +--- a/rust/Makefile.am ++++ b/rust/Makefile.am +@@ -98,15 +98,17 @@ libnbd-sys/libnbd_version: Makefile + $(abs_top_builddir)/run echo $(VERSION) > libnbd-sys/libnbd_version.t + mv libnbd-sys/libnbd_version.t libnbd-sys/libnbd_version + ++RUST_TARGET_PARAM := $(if $(RUST_TARGET),--target $(RUST_TARGET)) ++ + target/debug/liblibnbd.rlib: $(source_files) +- $(abs_top_builddir)/run $(CARGO) build ++ $(abs_top_builddir)/run $(CARGO) build $(RUST_TARGET_PARAM) + + target/doc/libnbd/index.html: $(source_files) + $(abs_top_builddir)/run $(CARGO) doc + + # This will actually build all the examples: + target/debug/examples/get-size: $(source_files) +- $(abs_top_builddir)/run $(CARGO) build --examples ++ $(abs_top_builddir)/run $(CARGO) build $(RUST_TARGET_PARAM) --examples + + if HAVE_POD + +-- +2.47.3 + diff --git a/0003-maint-Spelling-fixes.patch b/0003-maint-Spelling-fixes.patch new file mode 100644 index 0000000..df464f4 --- /dev/null +++ b/0003-maint-Spelling-fixes.patch @@ -0,0 +1,318 @@ +From 3714f8912d9d1a56866df7309c4e9f0e6e60f809 Mon Sep 17 00:00:00 2001 +From: Eric Blake +Date: Thu, 24 Apr 2025 08:30:00 -0500 +Subject: [PATCH] maint: Spelling fixes + +As detected by: + +$ git ls-files | xargs codespell -L Tage + +Signed-off-by: Eric Blake +(cherry picked from commit 17513dabee51b2bbbe878b06aafc50e6e2ba28de) +--- + copy/file-ops.c | 2 +- + docs/libnbd-release-notes-1.18.pod | 2 +- + docs/libnbd.pod | 4 ++-- + examples/copy-libev.c | 12 ++++++------ + golang/aio_buffer.go | 2 +- + golang/callbacks.go | 2 +- + golang/examples/aio_copy/aio_copy.go | 4 ++-- + golang/libnbd_020_aio_buffer_test.go | 2 +- + golang/libnbd_590_aio_copy_test.go | 2 +- + golang/make-dist.sh | 2 +- + info/main.c | 8 ++++---- + interop/interop.c | 2 +- + ocaml/examples/asynch_copy.ml | 2 +- + ocaml/tests/test_590_aio_copy.ml | 2 +- + rust/cargo_test/README.md | 6 +++--- + rust/tests/test_log/mod.rs | 2 +- + tests/closure-lifetimes.c | 2 +- + 17 files changed, 29 insertions(+), 29 deletions(-) + +diff --git a/copy/file-ops.c b/copy/file-ops.c +index 491a4553..b3b04f5d 100644 +--- a/copy/file-ops.c ++++ b/copy/file-ops.c +@@ -82,7 +82,7 @@ struct rw_file { + bool seek_hole_supported; + int sector_size; + +- /* We try to use the most eficient zeroing first. If an efficent zero ++ /* We try to use the most efficient zeroing first. If an efficient zero + * method is not available, we disable the flag so next time we use + * the working method. + */ +diff --git a/docs/libnbd-release-notes-1.18.pod b/docs/libnbd-release-notes-1.18.pod +index 836ebe19..dc284bf4 100644 +--- a/docs/libnbd-release-notes-1.18.pod ++++ b/docs/libnbd-release-notes-1.18.pod +@@ -145,7 +145,7 @@ Consistently wrap source code at 80 columns (Laszlo Ersek). + + Debug messages no longer print the very verbose state transitions + inside the state machine as these are not usually useful. You can +-reenable this by defining C<-DLIBNBD_STATE_VERBOSE=1> at compile time. ++re-enable this by defining C<-DLIBNBD_STATE_VERBOSE=1> at compile time. + + Completion C<.callback> methods are now always called exactly once, + and documentation is clearer on when this happens (Eric Blake). +diff --git a/docs/libnbd.pod b/docs/libnbd.pod +index 796a6f03..a7039210 100644 +--- a/docs/libnbd.pod ++++ b/docs/libnbd.pod +@@ -936,7 +936,7 @@ it would cause deadlock. + + =head2 Completion callbacks + +-All of the asychronous commands have an optional completion callback ++All of the asynchronous commands have an optional completion callback + function that is used if the call to the asynchronous API reports + success. The completion callback is invoked when the submitted + command is eventually marked complete, after any mid-command callbacks +@@ -976,7 +976,7 @@ callback will still be valid (corresponding to the current portion of + the server's reply), and the overall command will still fail (at the + completion callback or L for an + asynchronous command, or as the result of the overall synchronous +-command). Returing C<-1> from a mid-command callback does not prevent ++command). Returning C<-1> from a mid-command callback does not prevent + that callback from being reached again, if the server sends more + mid-command replies that warrant another use of that callback. A + mid-command callback may be reached more times than expected if the +diff --git a/examples/copy-libev.c b/examples/copy-libev.c +index e8e3cda2..6c91c55d 100644 +--- a/examples/copy-libev.c ++++ b/examples/copy-libev.c +@@ -3,7 +3,7 @@ + * + * http://pod.tst.eu/http://cvs.schmorp.de/libev/ev.pod + * +- * To build it you need the libev-devel pacakge. ++ * To build it you need the libev-devel package. + * + * To run it: + * +@@ -32,7 +32,7 @@ + + #include + +-/* These values depend on the enviroment tested. ++/* These values depend on the environment tested. + * + * For shared storage using direct I/O: + * +@@ -76,8 +76,8 @@ enum request_state { + IDLE, /* Not used yet. */ + EXTENTS, /* Getting extents from source. */ + READ, /* Read from source. */ +- WRITE, /* Write to destiation. */ +- ZERO, /* Write zeroes to destiation. */ ++ WRITE, /* Write to destination. */ ++ ZERO, /* Write zeroes to destination. */ + SLEEP /* Waiting for extents completion. */ + }; + +@@ -631,12 +631,12 @@ main (int argc, char *argv[]) + + debug = getenv ("COPY_LIBEV_DEBUG") != NULL; + +- /* Configure soruce to report extents. */ ++ /* Configure source to report extents. */ + + if (nbd_add_meta_context (src.nbd, LIBNBD_CONTEXT_BASE_ALLOCATION)) + FAIL ("Cannot add base:allocation: %s", nbd_get_error ()); + +- /* Connecting is fast, so use the syncronous API. */ ++ /* Connecting is fast, so use the synchronous API. */ + + if (nbd_connect_uri (src.nbd, argv[1])) + FAIL ("Cannot connect to source: %s", nbd_get_error ()); +diff --git a/golang/aio_buffer.go b/golang/aio_buffer.go +index 3ddfce94..ff00e0a4 100644 +--- a/golang/aio_buffer.go ++++ b/golang/aio_buffer.go +@@ -80,7 +80,7 @@ func (b *AioBuffer) Bytes() []byte { + + // Slice creates a slice backed by the underlying C array. The slice can be + // used to access or modify the contents of the underlying array. The slice +-// must not be used after caling Free(). ++// must not be used after calling Free(). + func (b *AioBuffer) Slice() []byte { + if b.P == nil { + panic("Using AioBuffer after Free()") +diff --git a/golang/callbacks.go b/golang/callbacks.go +index ac53572c..f9b4958a 100644 +--- a/golang/callbacks.go ++++ b/golang/callbacks.go +@@ -36,7 +36,7 @@ + // - Create an exported Golang function whose job will be to retrieve + // the context and execute the callback in it + // (connErrCallback). Such a function should receive a callback ID +-// and will use it to retrive the context. ++// and will use it to retrieve the context. + // + // - Create a CGO function similar to the above function but with the + // appropriate signature to be registered as a callback in C code +diff --git a/golang/examples/aio_copy/aio_copy.go b/golang/examples/aio_copy/aio_copy.go +index 1de115b1..62756a97 100644 +--- a/golang/examples/aio_copy/aio_copy.go ++++ b/golang/examples/aio_copy/aio_copy.go +@@ -62,8 +62,8 @@ + ) + + // command keeps state of single AioPread call while the read is handled by +-// libnbd, until the command reach the front of the queue and can be writen to +-// the output. ++// libnbd, until the command reach the front of the queue and can be written ++// to the output. + type command struct { + buf libnbd.AioBuffer + ready bool +diff --git a/golang/libnbd_020_aio_buffer_test.go b/golang/libnbd_020_aio_buffer_test.go +index 5e63e27c..8addc350 100644 +--- a/golang/libnbd_020_aio_buffer_test.go ++++ b/golang/libnbd_020_aio_buffer_test.go +@@ -75,7 +75,7 @@ func TestAioBuffer(t *testing.T) { + t.Fatalf("Expected %v, got %v", zeroes, buf2.Bytes()) + } + +- /* Crated a zeroed buffer. */ ++ /* Create a zeroed buffer. */ + buf3 := MakeAioBufferZero(uint(32)) + defer buf.Free() + +diff --git a/golang/libnbd_590_aio_copy_test.go b/golang/libnbd_590_aio_copy_test.go +index 6ae0cc63..410c8f45 100644 +--- a/golang/libnbd_590_aio_copy_test.go ++++ b/golang/libnbd_590_aio_copy_test.go +@@ -86,7 +86,7 @@ func write_completed(buf AioBuffer) int { + return 1 + } + +-/* Copy between two libnbd handles using aynchronous I/O (AIO). */ ++/* Copy between two libnbd handles using asynchronous I/O (AIO). */ + func asynch_copy(t *testing.T, src *Libnbd, dst *Libnbd) { + size, _ := dst.GetSize() + +diff --git a/golang/make-dist.sh b/golang/make-dist.sh +index e6c126c3..03cfc6a2 100755 +--- a/golang/make-dist.sh ++++ b/golang/make-dist.sh +@@ -112,7 +112,7 @@ echo "$info" > $v_dir/$version.info + cp go.mod $v_dir/$version.mod + mv $version.zip $v_dir + +-# Create the list file by amending the curent file on the server. ++# Create the list file by amending the current file on the server. + list_url=https://download.libguestfs.org/libnbd/golang/libguestfs.org/libnbd/@v/list + curl --silent --show-error "$list_url" | sort > $v_dir/list + grep -q "$version" $v_dir/list || echo "$version" >> $v_dir/list +diff --git a/info/main.c b/info/main.c +index 1ee9e329..f7da425f 100644 +--- a/info/main.c ++++ b/info/main.c +@@ -130,7 +130,7 @@ main (int argc, char *argv[]) + { "can", required_argument, NULL, CAN_OPTION }, + { "cannot", required_argument, NULL, CANNOT_OPTION }, + { "can-not", required_argument, NULL, CANNOT_OPTION }, +- { "cant", required_argument, NULL, CANNOT_OPTION }, ++ { "can""t", required_argument, NULL, CANNOT_OPTION }, + { "color", no_argument, NULL, COLOUR_OPTION }, + { "colors", no_argument, NULL, COLOUR_OPTION }, + { "colour", no_argument, NULL, COLOUR_OPTION }, +@@ -144,15 +144,15 @@ main (int argc, char *argv[]) + { "has", required_argument, NULL, CAN_OPTION }, + { "hasnot", required_argument, NULL, CANNOT_OPTION }, + { "has-not", required_argument, NULL, CANNOT_OPTION }, +- { "hasnt", required_argument, NULL, CANNOT_OPTION }, ++ { "hasn""t", required_argument, NULL, CANNOT_OPTION }, + { "have", required_argument, NULL, CAN_OPTION }, +- { "havent", required_argument, NULL, CANNOT_OPTION }, ++ { "haven""t", required_argument, NULL, CANNOT_OPTION }, + { "havenot", required_argument, NULL, CANNOT_OPTION }, + { "have-not", required_argument, NULL, CANNOT_OPTION }, + { "is", required_argument, NULL, CAN_OPTION }, + { "isnot", required_argument, NULL, CANNOT_OPTION }, + { "is-not", required_argument, NULL, CANNOT_OPTION }, +- { "isnt", required_argument, NULL, CANNOT_OPTION }, ++ { "isn""t", required_argument, NULL, CANNOT_OPTION }, + { "json", no_argument, NULL, JSON_OPTION }, + { "list", no_argument, NULL, 'L' }, + { "long-options", no_argument, NULL, LONG_OPTIONS }, +diff --git a/interop/interop.c b/interop/interop.c +index 1ea0216e..841b7c9d 100644 +--- a/interop/interop.c ++++ b/interop/interop.c +@@ -131,7 +131,7 @@ main (int argc, char *argv[]) + * need to have our own log handler. + * + * Also the log levels are quite random. Level 2 doesn't show the +- * negotiated cyphersuite, but level 3+ shows excessive detail. ++ * negotiated ciphersuite, but level 3+ shows excessive detail. + */ + gnutls_global_set_log_level (2); + gnutls_global_set_log_function (tls_log); +diff --git a/ocaml/examples/asynch_copy.ml b/ocaml/examples/asynch_copy.ml +index 7132f573..8962a09e 100644 +--- a/ocaml/examples/asynch_copy.ml ++++ b/ocaml/examples/asynch_copy.ml +@@ -10,7 +10,7 @@ let max_reads_in_flight = 16 + let dir_is_read dir = dir land (Int32.to_int NBD.aio_direction_read) <> 0 + let dir_is_write dir = dir land (Int32.to_int NBD.aio_direction_write) <> 0 + +-(* Copy between two libnbd handles using aynchronous I/O (AIO). *) ++(* Copy between two libnbd handles using asynchronous I/O (AIO). *) + let asynch_copy src dst = + let size = NBD.get_size dst in + +diff --git a/ocaml/tests/test_590_aio_copy.ml b/ocaml/tests/test_590_aio_copy.ml +index 25105e07..b5fb5cd6 100644 +--- a/ocaml/tests/test_590_aio_copy.ml ++++ b/ocaml/tests/test_590_aio_copy.ml +@@ -34,7 +34,7 @@ let bytes_written = ref 0 + let dir_is_read dir = dir land (Int32.to_int NBD.aio_direction_read) <> 0 + let dir_is_write dir = dir land (Int32.to_int NBD.aio_direction_write) <> 0 + +-(* Copy between two libnbd handles using aynchronous I/O (AIO). *) ++(* Copy between two libnbd handles using asynchronous I/O (AIO). *) + let asynch_copy src dst = + let size = NBD.get_size dst in + +diff --git a/rust/cargo_test/README.md b/rust/cargo_test/README.md +index f80646b9..039cdb3e 100644 +--- a/rust/cargo_test/README.md ++++ b/rust/cargo_test/README.md +@@ -1,3 +1,3 @@ +-The solely purpose of this directory is to serve as a test crate for checking if Cargo is useable. +-`cargo test`, `cargo doc` and `cargo fmt` are run in the Autoconf script in this directory. If any of the commands failes, +-Cargo is assumed not to be useable and the Rust bindings will be disabled. ++The sole purpose of this directory is to serve as a test crate for checking if Cargo is usable. ++`cargo test`, `cargo doc` and `cargo fmt` are run in the Autoconf script in this directory. If any of the commands fails, ++Cargo is assumed not to be usable and the Rust bindings will be disabled. +diff --git a/rust/tests/test_log/mod.rs b/rust/tests/test_log/mod.rs +index 8dbcd79f..d3fe98eb 100644 +--- a/rust/tests/test_log/mod.rs ++++ b/rust/tests/test_log/mod.rs +@@ -49,7 +49,7 @@ impl DebugLogger { + } + } + +- /// Check wether a specific message has been logged. ++ /// Check whether a specific message has been logged. + pub fn contains(&self, msg: &str) -> bool { + self.entries.lock().unwrap().iter().any(|(_, x)| x == msg) + } +diff --git a/tests/closure-lifetimes.c b/tests/closure-lifetimes.c +index b9d9ce14..d6625095 100644 +--- a/tests/closure-lifetimes.c ++++ b/tests/closure-lifetimes.c +@@ -156,7 +156,7 @@ main (int argc, char *argv[]) + completion_callback, 0); + if (cookie == -1) NBD_ERROR; + /* read_cb_called is indeterminate at this point, as state machine +- * progress may vary based on task schduling and network speed factors. ++ * progress may vary based on task scheduling and network speed factors. + */ + assert (completion_cb_called == 0); + assert (read_cb_freed == 0); +-- +2.47.3 + diff --git a/0004-generator-Avoid-const-correctness-warnings-in-golang.patch b/0004-generator-Avoid-const-correctness-warnings-in-golang.patch new file mode 100644 index 0000000..4fa004d --- /dev/null +++ b/0004-generator-Avoid-const-correctness-warnings-in-golang.patch @@ -0,0 +1,89 @@ +From 3d7cc461d78451cda566d6994a30ae8e1e789575 Mon Sep 17 00:00:00 2001 +From: Eric Blake +Date: Sat, 31 May 2025 07:37:28 -0500 +Subject: [PATCH] generator: Avoid const-correctness warnings in golang + +Hack the generator to add the necessary casts to discard const in a +way that shuts up the warnings from compiling wrappers.go. + +Signed-off-by: Eric Blake +(cherry picked from commit a909e74f902bb9d1e8a4ab87ae5ccf76d4675787) +--- + generator/C.ml | 10 ++++++---- + generator/C.mli | 2 +- + generator/GoLang.ml | 4 ++-- + 3 files changed, 9 insertions(+), 7 deletions(-) + +diff --git a/generator/C.ml b/generator/C.ml +index ad08437c..50d22306 100644 +--- a/generator/C.ml ++++ b/generator/C.ml +@@ -286,16 +286,16 @@ let print_fndecl ?wrap ?closure_style name args optargs ret = + pr "\n LIBNBD_ATTRIBUTE_NONNULL (%s);\n" (String.concat ", " nns) + + let rec print_cbarg_list ?(wrap = false) ?maxcol ?types ?(parens = true) +- cbargs = ++ ?(noconst = false) cbargs = + if parens then pr "("; + if wrap then + pr_wrap ?maxcol ',' +- (fun () -> print_cbarg_list' ?types cbargs) ++ (fun () -> print_cbarg_list' ?types noconst cbargs) + else +- print_cbarg_list' ?types cbargs; ++ print_cbarg_list' ?types noconst cbargs; + if parens then pr ")" + +-and print_cbarg_list' ?(types = true) cbargs = ++and print_cbarg_list' ?(types = true) noconst cbargs = + if types then pr "void *"; + pr "user_data"; + +@@ -316,6 +316,7 @@ and print_cbarg_list' ?(types = true) cbargs = + | CBArrayAndLen _ -> assert false + | CBBytesIn (n, len) -> + if types then pr "const void *"; ++ if noconst then pr "(void *)"; + pr "%s, " n; + if types then pr "size_t "; + pr "%s" len +@@ -331,6 +332,7 @@ and print_cbarg_list' ?(types = true) cbargs = + | CBMutable arg -> assert false + | CBString n -> + if types then pr "const char *"; ++ if noconst then pr "(char *)"; + pr "%s" n + | CBUInt n -> + if types then pr "unsigned "; +diff --git a/generator/C.mli b/generator/C.mli +index a4b31351..75d77276 100644 +--- a/generator/C.mli ++++ b/generator/C.mli +@@ -34,7 +34,7 @@ val print_arg_list : ?wrap:bool -> ?maxcol:int -> + ?closure_style:closure_style -> + API.arg list -> API.optarg list -> unit + val print_cbarg_list : ?wrap:bool -> ?maxcol:int -> +- ?types:bool -> ?parens:bool -> ++ ?types:bool -> ?parens:bool -> ?noconst:bool -> + API.cbarg list -> unit + val print_call : ?wrap:bool -> ?maxcol:int -> + ?closure_style:closure_style -> +diff --git a/generator/GoLang.ml b/generator/GoLang.ml +index 3fe7cd53..1505a598 100644 +--- a/generator/GoLang.ml ++++ b/generator/GoLang.ml +@@ -159,9 +159,9 @@ let print_callback_wrapper { cbname; cbargs } = + C.print_cbarg_list ~wrap:true cbargs; + pr "\n"; + pr "{\n"; +- pr " // golang isn't const-correct, there will be warnings here:\n"; ++ pr " // golang isn't const-correct, casts avoid warnings here:\n"; + pr " return %s_callback ((long *)" cbname; +- C.print_cbarg_list ~types:false ~parens:false cbargs; ++ C.print_cbarg_list ~types:false ~parens:false ~noconst:true cbargs; + pr ");\n"; + pr "}\n"; + pr "\n"; +-- +2.47.3 + diff --git a/0005-info-Tolerate-nbdkit-slop-on-large-extents.patch b/0005-info-Tolerate-nbdkit-slop-on-large-extents.patch new file mode 100644 index 0000000..1fd9c73 --- /dev/null +++ b/0005-info-Tolerate-nbdkit-slop-on-large-extents.patch @@ -0,0 +1,114 @@ +From 5fef22179c1ce7e032a773733073349d90aab155 Mon Sep 17 00:00:00 2001 +From: Eric Blake +Date: Sat, 31 May 2025 08:24:37 -0500 +Subject: [PATCH] info: Tolerate nbdkit slop on large extents + +The NBD spec currently requires servers to send aligned block extents +back if the client and server agreed to a minimum block size; but +nbdkit 1.42 has an issue where the server recognizes that a plugin +reporting an aligned extent of exactly 4G is too large for a 32-bit +block status response, and truncates it early but to an unaligned +offset (such a truncation is to an offset larger than the client's +request size). Although I'm also submitting a parallel patch to the +NBD spec to relax things on this front, and to nbdkit 1.44 to report +aligned offsets in the first place, it is still worth teaching nbdinfo +to work around this shortcoming of existing nbdkit releases. The +added test fails when applied in isolation without the corresponding +map.c changes and run against nbdkit 1.42. + +Signed-off-by: Eric Blake +(cherry picked from commit 7dc75f2542a003c7429f1af93b7ecbaef00b567c) +--- + info/Makefile.am | 1 + + info/info-map-large-extent.sh | 42 +++++++++++++++++++++++++++++++++++ + info/map.c | 12 +++++++++- + 3 files changed, 54 insertions(+), 1 deletion(-) + create mode 100755 info/info-map-large-extent.sh + +diff --git a/info/Makefile.am b/info/Makefile.am +index 21cf3f46..697bb2b6 100644 +--- a/info/Makefile.am ++++ b/info/Makefile.am +@@ -49,6 +49,7 @@ info_sh_files = \ + info-map-base-allocation-large.sh \ + info-map-base-allocation-weird.sh \ + info-map-base-allocation-zero.sh \ ++ info-map-large-extent.sh \ + info-map-qemu-dirty-bitmap.sh \ + info-map-qemu-allocation-depth.sh \ + info-map-totals.sh \ +diff --git a/info/info-map-large-extent.sh b/info/info-map-large-extent.sh +new file mode 100755 +index 00000000..91867275 +--- /dev/null ++++ b/info/info-map-large-extent.sh +@@ -0,0 +1,42 @@ ++#!/usr/bin/env bash ++# nbd client library in userspace ++# Copyright Red Hat ++# ++# This library is free software; you can redistribute it and/or ++# modify it under the terms of the GNU Lesser General Public ++# License as published by the Free Software Foundation; either ++# version 2 of the License, or (at your option) any later version. ++# ++# This library is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++# Lesser General Public License for more details. ++# ++# You should have received a copy of the GNU Lesser General Public ++# License along with this library; if not, write to the Free Software ++# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA ++ ++. ../tests/functions.sh ++ ++set -e ++set -x ++ ++requires $NBDKIT --version ++requires $NBDKIT -U - --filter=blocksize-policy data 1 --run 'test "$uri" != ""' ++ ++out=info-map-large-extent.out ++cleanup_fn rm -f $out ++rm -f $out ++ ++# nbdkit < 1.44 had a bug where 4G large extents would truncate larger than ++# the aligned request; whether or not nbdkit is fixed, we can work around it. ++$NBDKIT -U - data data='@4294967296 1 @^512' \ ++ --filter=blocksize-policy blocksize-minimum=512 \ ++ --run '$VG nbdinfo --map "$uri"' > $out ++ ++cat $out ++ ++diff -u - $out < max_len) { ++ entries.ptr[i].length = max_len; ++ entries.len = i + 1; ++ } + offset += entries.ptr[i].length; ++ } + } + + if (!totals) +-- +2.47.3 + diff --git a/0006-todo-Remove-a-couple-of-minor-features-that-have-bee.patch b/0006-todo-Remove-a-couple-of-minor-features-that-have-bee.patch new file mode 100644 index 0000000..752673d --- /dev/null +++ b/0006-todo-Remove-a-couple-of-minor-features-that-have-bee.patch @@ -0,0 +1,42 @@ +From 2a8dbd3840c7b01e7c544035749d3fde893923ed Mon Sep 17 00:00:00 2001 +From: "Richard W.M. Jones" +Date: Sat, 12 Jul 2025 18:12:42 +0100 +Subject: [PATCH] todo: Remove a couple of minor features that have been + implemented + +Rust was implemented in 2023. + +nbdcopy implemented page cache efficient operations. + +(cherry picked from commit fe284d59fa0e5a85a4abac418efb8b79d81cdbb5) +--- + TODO | 6 ------ + 1 file changed, 6 deletions(-) + +diff --git a/TODO b/TODO +index e140b4fd..426b0384 100644 +--- a/TODO ++++ b/TODO +@@ -1,10 +1,6 @@ + Explore if nbd_aio_notify_error is needed for faster response if + server goes away. + +-Bindings in other languages. +- - Latest attempt at adding Rust: +- https://www.redhat.com/archives/libguestfs/2019-August/msg00416.html +- + Example code integrating with ppoll, pollfd, APR pollset (and others?). + + NBD resize extension. +@@ -32,8 +28,6 @@ nbdcopy: + - Synchronous loop should be adjusted to take into account + the NBD preferred block size, as was done for multi-thread loop. + - Benchmark. +- - Better page cache usage, see nbdkit-file-plugin options +- fadvise=sequential cache=none. + - Consider io_uring if there are performance bottlenecks. + - Configurable retries in response to read or write failures. + +-- +2.47.3 + diff --git a/0007-ublk-Remove-unused-EXPECTED_VERSION.patch b/0007-ublk-Remove-unused-EXPECTED_VERSION.patch new file mode 100644 index 0000000..7660637 --- /dev/null +++ b/0007-ublk-Remove-unused-EXPECTED_VERSION.patch @@ -0,0 +1,28 @@ +From 5717b3a12ed7df158abf89fc79d030c415c1a113 Mon Sep 17 00:00:00 2001 +From: "Richard W.M. Jones" +Date: Wed, 16 Jul 2025 12:31:33 +0100 +Subject: [PATCH] ublk: Remove unused EXPECTED_VERSION + +Probably we should test nbdublk --version. As we do not, this +variable was not used. + +(cherry picked from commit 01f5d93d43f7eab0444c87d9d99e2ecea9bf9d44) +--- + ublk/Makefile.am | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/ublk/Makefile.am b/ublk/Makefile.am +index 667d7d0c..e06e4396 100644 +--- a/ublk/Makefile.am ++++ b/ublk/Makefile.am +@@ -24,7 +24,6 @@ EXTRA_DIST = \ + TESTS_ENVIRONMENT = \ + LIBNBD_DEBUG=1 \ + $(MALLOC_CHECKS) \ +- EXPECTED_VERSION=$(VERSION) \ + $(NULL) + LOG_COMPILER = $(top_builddir)/run + TESTS = +-- +2.47.3 + diff --git a/0008-copy-Add-blkhash-option.patch b/0008-copy-Add-blkhash-option.patch new file mode 100644 index 0000000..8f47f64 --- /dev/null +++ b/0008-copy-Add-blkhash-option.patch @@ -0,0 +1,1111 @@ +From 028271bfaa85afeb6f74cb754655efe463e1b884 Mon Sep 17 00:00:00 2001 +From: "Richard W.M. Jones" +Date: Sat, 29 Mar 2025 11:46:52 +0000 +Subject: [PATCH] copy: Add --blkhash option + +This option calculates the blkhash (similar to checksum) of the file +as it is copied. Blkhash is described here: + + https://gitlab.com/nirs/blkhash + +and in more detail in this paper: + + Soffer, N. and Waisbard, E. (2024). An Efficient Hash Function + Construction for Sparse Data. In Proceedings of the 21st + International Conference on Security and Cryptography - SECRYPT; + ISBN 978-989-758-709-2; ISSN 2184-7711, SciTePress, pages + 698-703. DOI: 10.5220/0012764500003767. + +Thanks: Nir Soffer +(cherry picked from commit c6ed852f71fb25e1de8093631c5cfc1c7135d571) +--- + copy/Makefile.am | 12 + + copy/blkhash.c | 490 ++++++++++++++++++++++++++++++++++ + copy/copy-blkhash-known.sh | 83 ++++++ + copy/copy-blkhash-pattern.sh | 49 ++++ + copy/copy-blkhash-randfile.sh | 45 ++++ + copy/main.c | 81 +++++- + copy/multi-thread-copying.c | 12 +- + copy/nbdcopy.h | 12 + + copy/nbdcopy.pod | 55 +++- + copy/synch-copying.c | 3 + + 10 files changed, 836 insertions(+), 6 deletions(-) + create mode 100644 copy/blkhash.c + create mode 100755 copy/copy-blkhash-known.sh + create mode 100755 copy/copy-blkhash-pattern.sh + create mode 100755 copy/copy-blkhash-randfile.sh + +diff --git a/copy/Makefile.am b/copy/Makefile.am +index 0ca76450..c7e37058 100644 +--- a/copy/Makefile.am ++++ b/copy/Makefile.am +@@ -22,6 +22,9 @@ EXTRA_DIST = \ + copy-allocated-synch.sh \ + copy-allocated-destination-zero-asynch.sh \ + copy-allocated-destination-zero-synch.sh \ ++ copy-blkhash-known.sh \ ++ copy-blkhash-pattern.sh \ ++ copy-blkhash-randfile.sh \ + copy-block-to-nbd.sh \ + copy-destination-zero-asynch.sh \ + copy-destination-zero-synch.sh \ +@@ -72,6 +75,7 @@ TESTS = + + nbdcopy_SOURCES = \ + nbdcopy.h \ ++ blkhash.c \ + file-ops.c \ + main.c \ + multi-thread-copying.c \ +@@ -89,8 +93,10 @@ nbdcopy_CPPFLAGS = \ + nbdcopy_CFLAGS = \ + $(WARNINGS_CFLAGS) \ + $(PTHREAD_CFLAGS) \ ++ $(GNUTLS_CFLAGS) \ + $(NULL) + nbdcopy_LDADD = \ ++ $(GNUTLS_LIBS) \ + $(PTHREAD_LIBS) \ + $(top_builddir)/common/utils/libutils.la \ + $(top_builddir)/lib/libnbd.la \ +@@ -164,6 +170,12 @@ TESTS += \ + endif + + if HAVE_GNUTLS ++TESTS += \ ++ copy-blkhash-known.sh \ ++ copy-blkhash-pattern.sh \ ++ copy-blkhash-randfile.sh \ ++ $(NULL) ++ + if HAVE_PSKTOOL + TESTS += copy-tls.sh + endif +diff --git a/copy/blkhash.c b/copy/blkhash.c +new file mode 100644 +index 00000000..622d8a39 +--- /dev/null ++++ b/copy/blkhash.c +@@ -0,0 +1,490 @@ ++/* NBD client library in userspace. ++ * Copyright Red Hat ++ * ++ * This library is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU Lesser General Public ++ * License as published by the Free Software Foundation; either ++ * version 2 of the License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Lesser General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public ++ * License along with this library; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA ++ */ ++ ++#include ++ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#ifdef HAVE_GNUTLS ++#include ++#include ++#endif ++ ++#include ++ ++#include "byte-swapping.h" ++#include "ispowerof2.h" ++#include "iszero.h" ++#include "minmax.h" ++#include "rounding.h" ++#include "vector.h" ++ ++#include "nbdcopy.h" ++ ++#ifdef HAVE_GNUTLS ++ ++/* We will have one of these structs per blkhash block. */ ++struct block { ++ /* unknown => We haven't seen this block yet. 'ptr' is NULL. ++ * ++ * zero => The block is all zeroes. 'ptr' is NULL. ++ * ++ * data => The block is all data, and we have seen the whole block, ++ * and the hash has been computed. 'ptr' points to the computed ++ * hash. 'n' is unused. ++ * ++ * incomplete => Part of the block was seen. 'ptr' points to the ++ * data block, waiting to be completed. 'n' is the number of bytes ++ * seen so far. We will compute the hash and turn this into a ++ * 'data' or 'zero' block, either when we have seen all bytes of ++ * this block, or at the end. ++ * ++ * Note that this code assumes that we are called exactly once for a ++ * range in the disk image. ++ */ ++ enum { block_unknown = 0, block_zero, block_data, block_incomplete } type; ++ void *ptr; ++ size_t n; ++}; ++ ++DEFINE_VECTOR_TYPE(blocks, struct block); ++static blocks block_vec; ++ ++static void ++free_struct_block (struct block b) ++{ ++ free (b.ptr); ++} ++ ++/* Since nbdcopy is multi-threaded, we need to use locks to protect ++ * access to shared resources. But also because computing digests is ++ * very compute intensive, we must allow those to run in parallel as ++ * much as possible. Therefore the locking is carefully chosen to ++ * protect critical resources while allowing (most) hashing to happen ++ * in parallel. ++ * ++ * 'bv_lock' protects access to 'block_vec', and is needed whenever ++ * the vector might be extended. ++ * ++ * It's safe to hash complete blocks without acquiring any lock (since ++ * we should only be called once per complete block). However ++ * 'incomplete_lock' must be acquired whenever we deal with incomplete ++ * blocks as we might be called in parallel for those. ++ */ ++static pthread_mutex_t bv_lock = PTHREAD_MUTEX_INITIALIZER; ++static pthread_mutex_t incomplete_lock = PTHREAD_MUTEX_INITIALIZER; ++ ++/* Length of the digests of this algorithm in bytes. */ ++static size_t alg_len; ++ ++void ++init_blkhash (void) ++{ ++ if (blkhash_alg == GNUTLS_DIG_UNKNOWN) return; ++ ++ assert (is_power_of_2 (blkhash_size)); ++ ++ alg_len = gnutls_hash_get_len (blkhash_alg); ++ ++ /* If we know the source size in advance, reserve the block vector. ++ * We don't always know this (src->size == -1), eg. if reading from ++ * a pipe. If the size is exactly zero we don't need to reserve ++ * anything. ++ */ ++ if (src->size > 0) { ++ if (blocks_reserve_exactly (&block_vec, ++ DIV_ROUND_UP (src->size, blkhash_size)) == -1) { ++ perror ("nbdcopy: realloc"); ++ exit (EXIT_FAILURE); ++ } ++ } ++} ++ ++/* Single block update functions. */ ++static struct block ++get_block (uint64_t blknum) ++{ ++ struct block b; ++ ++ pthread_mutex_lock (&bv_lock); ++ ++ /* Grow the underlying storage if needed. */ ++ if (block_vec.cap <= blknum) { ++ if (blocks_reserve (&block_vec, blknum - block_vec.cap + 1) == -1) { ++ perror ("nbdcopy: realloc"); ++ exit (EXIT_FAILURE); ++ } ++ } ++ ++ /* Initialize new blocks if needed. */ ++ if (block_vec.len <= blknum) { ++ size_t i; ++ for (i = block_vec.len; i <= blknum; ++i) { ++ block_vec.ptr[i].type = block_unknown; ++ block_vec.ptr[i].ptr = NULL; ++ block_vec.ptr[i].n = 0; ++ } ++ block_vec.len = blknum+1; ++ } ++ ++ b = block_vec.ptr[blknum]; ++ ++ pthread_mutex_unlock (&bv_lock); ++ ++ return b; ++} ++ ++static void ++put_block (uint64_t blknum, struct block b) ++{ ++ pthread_mutex_lock (&bv_lock); ++ block_vec.ptr[blknum] = b; ++ pthread_mutex_unlock (&bv_lock); ++} ++ ++/* Compute the hash of a single block of data and return it. This is ++ * normally a full block of size blkhash_size, but may be a smaller ++ * block at the end of the file. ++ */ ++static void * ++compute_one_block_hash (const void *buf, size_t len) ++{ ++ gnutls_hash_hd_t dig; ++ int r; ++ void *digest; ++ ++ /* Create the digest handle. */ ++ r = gnutls_hash_init (&dig, blkhash_alg); ++ if (r < 0) { ++ fprintf (stderr, "nbdcopy: gnutls_hash_init: %s\n", gnutls_strerror (r)); ++ exit (EXIT_FAILURE); ++ } ++ ++ /* Allocate space for the result. */ ++ digest = malloc (alg_len); ++ if (digest == NULL) { ++ perror ("nbdcopy: malloc"); ++ exit (EXIT_FAILURE); ++ } ++ ++ r = gnutls_hash (dig, buf, len); ++ if (r < 0) { ++ fprintf (stderr, "nbdcopy: gnutls_hash: %s\n", gnutls_strerror (r)); ++ exit (EXIT_FAILURE); ++ } ++ ++ gnutls_hash_deinit (dig, digest); ++ return digest; /* caller must free */ ++} ++ ++/* We have received a complete block. Compute the hash for this ++ * block. If buf == NULL, sets the block to zero. Note this function ++ * assumes we can only be called once per complete block, so locking ++ * is unnecessary (apart from inside the calls to get/put_block). ++ */ ++static void ++set_complete_block (uint64_t blknum, const char *buf) ++{ ++ struct block b = get_block (blknum); ++ void *p; ++ ++ /* Assert that we haven't seen this block before. */ ++ assert (b.type == block_unknown); ++ ++ if (buf) { ++ b.type = block_data; ++ ++ /* Compute the hash of the whole block now. */ ++ p = compute_one_block_hash (buf, blkhash_size); ++ b.ptr = p; ++ } ++ else { ++ b.type = block_zero; ++ /* Hash is computed for all zero blocks in one go at the end. */ ++ } ++ ++ put_block (blknum, b); ++} ++ ++static void finish_block (struct block *b); ++ ++/* We have received a partial block. Store or update what we have. ++ * If this completes the block, then do what is needed. If buf == ++ * NULL, this is a partial zero instead. ++ */ ++static void ++set_incomplete_block (uint64_t blknum, ++ uint64_t blkoffs, uint64_t len, ++ const char *buf) ++{ ++ /* We must acquire the incomplete_lock here, see locking comment above. */ ++ pthread_mutex_lock (&incomplete_lock); ++ ++ struct block b = get_block (blknum); ++ ++ switch (b.type) { ++ case block_data: ++ case block_zero: ++ /* We shouldn't have seen the complete block before. */ ++ abort (); ++ ++ case block_unknown: ++ /* Allocate the block. */ ++ b.ptr = calloc (1, blkhash_size); ++ if (b.ptr == NULL) { ++ perror ("nbdcopy: calloc"); ++ exit (EXIT_FAILURE); ++ } ++ b.n = 0; ++ b.type = block_incomplete; ++ ++ /*FALLTHROUGH*/ ++ case block_incomplete: ++ if (buf) ++ /* Add the partial data to the block. */ ++ memcpy ((char *)b.ptr + blkoffs, buf, len); ++ else ++ /* Add the partial zeroes to the block. */ ++ memset ((char *)b.ptr + blkoffs, 0, len); ++ b.n += len; ++ ++ /* If the block is now complete, finish it off. */ ++ if (b.n == blkhash_size) ++ finish_block (&b); ++ ++ put_block (blknum, b); ++ } ++ ++ pthread_mutex_unlock (&incomplete_lock); ++} ++ ++static void ++finish_block (struct block *b) ++{ ++ void *p; ++ ++ assert (b->type == block_incomplete); ++ ++ if (b->n == blkhash_size && is_zero (b->ptr, blkhash_size)) { ++ b->type = block_zero; ++ free (b->ptr); ++ b->ptr = NULL; ++ } ++ else { ++ b->type = block_data; ++ /* Compute the hash of the block. */ ++ p = compute_one_block_hash (b->ptr, b->n); ++ free (b->ptr); ++ b->ptr = p; ++ } ++} ++ ++/* Called from either synch-copying.c or multi-thread-copying.c to ++ * update the hash with some data (or zero if buf == NULL). ++ */ ++void ++update_blkhash (const char *buf, uint64_t offset, size_t len) ++{ ++ uint64_t blknum, blkoffs; ++ ++ if (blkhash_alg == GNUTLS_DIG_UNKNOWN) return; ++ ++ if (verbose) { ++ fprintf (stderr, "blkhash: %s " ++ "[0x%" PRIx64 " - 0x%" PRIx64 "] (length %zu)\n", ++ buf ? "data" : "zero", ++ offset, offset+len, len); ++ } ++ ++ /* Iterate over the blocks. */ ++ blknum = offset / blkhash_size; ++ blkoffs = offset % blkhash_size; ++ ++ /* Unaligned head */ ++ if (blkoffs) { ++ uint64_t n = MIN (blkhash_size - blkoffs, len); ++ set_incomplete_block (blknum, blkoffs, n, buf); ++ if (buf) buf += n; ++ len -= n; ++ offset += n; ++ blknum++; ++ } ++ ++ /* Aligned body */ ++ while (len >= blkhash_size) { ++ set_complete_block (blknum, buf); ++ if (buf) buf += blkhash_size; ++ len -= blkhash_size; ++ offset += blkhash_size; ++ blknum++; ++ } ++ ++ /* Unaligned tail */ ++ if (len) { ++ set_incomplete_block (blknum, 0, len, buf); ++ } ++} ++ ++/* Called after copying to finish and print the resulting blkhash. */ ++void ++finish_blkhash (uint64_t total_size) ++{ ++ gnutls_hash_hd_t dig; ++ size_t i; ++ struct block *b; ++ void *zero_block; ++ void *zero_digest; ++ int r; ++ const uint64_t total_size_le = htole64 (total_size); ++ unsigned char *final_digest; ++ FILE *fp; ++ ++ if (blkhash_alg == GNUTLS_DIG_UNKNOWN) return; ++ ++ if (verbose) { ++ fprintf (stderr, "blkhash: total size 0x%" PRIx64 "\n", total_size); ++ fprintf (stderr, "blkhash: number of blocks %zu\n", block_vec.len); ++ } ++ ++ /* If the last block is incomplete, finish it. */ ++ if (block_vec.len > 0) { ++ b = &block_vec.ptr[block_vec.len-1]; ++ if (b->type == block_incomplete) ++ finish_block (b); ++ } ++ ++ /* There must be no other unknown or incomplete blocks left. */ ++ for (i = 0; i < block_vec.len; ++i) { ++ b = &block_vec.ptr[i]; ++ assert (b->type != block_unknown); ++ assert (b->type != block_incomplete); ++ } ++ ++ /* Calculate the hash of a zero block. */ ++ zero_block = calloc (1, blkhash_size); ++ if (zero_block == NULL) { ++ perror ("nbdcopy: calloc"); ++ exit (EXIT_FAILURE); ++ } ++ zero_digest = compute_one_block_hash (zero_block, blkhash_size); ++ free (zero_block); ++ ++ /* Now compute the blkhash. */ ++ r = gnutls_hash_init (&dig, blkhash_alg); ++ if (r < 0) { ++ fprintf (stderr, "nbdcopy: gnutls_hash_init: %s\n", gnutls_strerror (r)); ++ exit (EXIT_FAILURE); ++ } ++ ++ for (i = 0; i < block_vec.len; ++i) { ++ b = &block_vec.ptr[i]; ++ ++ switch (b->type) { ++ case block_unknown: ++ case block_incomplete: ++ abort (); /* see assertion above */ ++ ++ case block_data: ++ /* Mix in the block digest. */ ++ r = gnutls_hash (dig, b->ptr, alg_len); ++ if (r < 0) { ++ fprintf (stderr, "nbdcopy: gnutls_hash: %s\n", gnutls_strerror (r)); ++ exit (EXIT_FAILURE); ++ } ++ break; ++ ++ case block_zero: ++ /* Block is zero, mix in the zero digest. */ ++ r = gnutls_hash (dig, zero_digest, alg_len); ++ if (r < 0) { ++ fprintf (stderr, "nbdcopy: gnutls_hash: %s\n", gnutls_strerror (r)); ++ exit (EXIT_FAILURE); ++ } ++ break; ++ } ++ } ++ ++ free (zero_digest); ++ ++ /* Append the length at the end. */ ++ r = gnutls_hash (dig, &total_size_le, sizeof total_size_le); ++ if (r < 0) { ++ fprintf (stderr, "nbdcopy: gnutls_hash: %s\n", gnutls_strerror (r)); ++ exit (EXIT_FAILURE); ++ } ++ ++ /* Get the final digest. */ ++ final_digest = malloc (alg_len); ++ if (final_digest == NULL) { ++ perror ("nbdcopy: malloc"); ++ exit (EXIT_FAILURE); ++ } ++ ++ gnutls_hash_deinit (dig, final_digest); ++ ++ /* Print the final digest. */ ++ if (blkhash_file != NULL) { ++ fp = fopen (blkhash_file, "w"); ++ if (fp == NULL) { ++ perror (blkhash_file); ++ exit (EXIT_FAILURE); ++ } ++ } ++ else { ++ fp = stdout; ++ } ++ for (i = 0; i < alg_len; ++i) ++ fprintf (fp, "%02x", final_digest[i]); ++ fprintf (fp, "\n"); ++ fflush (fp); ++ if (blkhash_file != NULL) ++ fclose (fp); ++ ++ free (final_digest); ++ ++ /* Free the hashes and vector. */ ++ blocks_iter (&block_vec, free_struct_block); ++ blocks_reset (&block_vec); ++} ++ ++#else /* !HAVE_GNUTLS */ ++ ++void ++init_blkhash (void) ++{ ++ /* nothing */ ++} ++ ++void ++update_blkhash (const char *buf, uint64_t offset, size_t len) ++{ ++ /* nothing */ ++} ++ ++void ++finish_blkhash (uint64_t total_size) ++{ ++ /* nothing */ ++} ++ ++#endif /* !HAVE_GNUTLS */ +diff --git a/copy/copy-blkhash-known.sh b/copy/copy-blkhash-known.sh +new file mode 100755 +index 00000000..ca398eac +--- /dev/null ++++ b/copy/copy-blkhash-known.sh +@@ -0,0 +1,83 @@ ++#!/usr/bin/env bash ++# nbd client library in userspace ++# Copyright Red Hat ++# ++# This library is free software; you can redistribute it and/or ++# modify it under the terms of the GNU Lesser General Public ++# License as published by the Free Software Foundation; either ++# version 2 of the License, or (at your option) any later version. ++# ++# This library is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++# Lesser General Public License for more details. ++# ++# You should have received a copy of the GNU Lesser General Public ++# License along with this library; if not, write to the Free Software ++# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA ++ ++# Test --blkhash option. ++ ++. ../tests/functions.sh ++ ++set -e ++set -x ++ ++requires $NBDKIT --exit-with-parent --version ++requires $NBDKIT --exit-with-parent data --version ++ ++hashfile=copy-blkhash-known.hash ++cleanup_fn rm -f $hashfile ++rm -f $hashfile ++ ++do_test () { ++ data="$1" ++ hash="$2" ++ expected="$3" ++ ++ export hash hashfile ++ $NBDKIT -U - data "$data" \ ++ --run 'nbdcopy --blkhash=$hash --blkhash-file=$hashfile \ ++ "$uri" null:' ++ cat $hashfile ++ test "$expected" = "$(cat $hashfile)" ++} ++ ++# Instances of the data plugin and the corresponding hash that we ++# previously cross-checked against blkhash's test/blkhash.py ++ ++do_test "" \ ++ sha256 \ ++ af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc ++ ++do_test '"hello"' \ ++ md5 \ ++ f741ac9ce55f5325906bb14e9c05d467 ++ ++do_test '"hello"' \ ++ sha256 \ ++ 337355feb53a5309d5aba92796223c2c84ffab930e706c01fef573a2722545e6 ++ ++do_test '"hello"' \ ++ sha512 \ ++ eca04a593cf12ec4132993da709048e25a2f1be3526e132fb521ec9d41f023ec4018b3fd07b014a33e36bb5fa145b36991f431e62f9e1a93bebea6c9565682c1 ++ ++do_test '"hello"' \ ++ md5/4 \ ++ 8262896de34125dec173722c920e8bd0 ++ ++do_test '"hello" @1048576 "goodbye"' \ ++ sha256 \ ++ 61b8f3a8cea76e16eeff7ce27f1b7711c1f1e437f5038cec17773772a4bded28 ++ ++do_test '"12345678"*512*256' \ ++ md5 \ ++ 84fc21ac2f49ac283ff399378d834d1a ++ ++do_test '"12345678"*512*256' \ ++ sha256 \ ++ cbb388edd25e567b85f504c7b345497f9fb4f6bbf4e39768809184b9f9e678f8 ++ ++do_test '"12345678"*512*256' \ ++ sha512/512k \ ++ 379f7eb1628058c7abbc4c96941ac972074815ea9ef4aca95eefb2b4f9c29f64023fff8d966e9fddf08d07bdba548e75298917f10268fdf9ba636c2321a2214e +diff --git a/copy/copy-blkhash-pattern.sh b/copy/copy-blkhash-pattern.sh +new file mode 100755 +index 00000000..f135f54d +--- /dev/null ++++ b/copy/copy-blkhash-pattern.sh +@@ -0,0 +1,49 @@ ++#!/usr/bin/env bash ++# nbd client library in userspace ++# Copyright Red Hat ++# ++# This library is free software; you can redistribute it and/or ++# modify it under the terms of the GNU Lesser General Public ++# License as published by the Free Software Foundation; either ++# version 2 of the License, or (at your option) any later version. ++# ++# This library is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++# Lesser General Public License for more details. ++# ++# You should have received a copy of the GNU Lesser General Public ++# License along with this library; if not, write to the Free Software ++# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA ++ ++# Test --blkhash option against a large plugin with known content. ++ ++. ../tests/functions.sh ++ ++set -e ++set -x ++ ++requires $NBDKIT --exit-with-parent --version ++requires $NBDKIT --exit-with-parent pattern --version ++ ++hashfile_sha256=copy-blkhash-pattern.hash256 ++hashfile_sha512=copy-blkhash-pattern.hash512 ++cleanup_fn rm -f $hashfile_sha256 $hashfile_sha512 ++rm -f $hashfile_sha256 $hashfile_sha512 ++ ++export hashfile_sha256 hashfile_sha512 ++ ++expected_sha256=6750a1c3d78e46eaffb0d094624825dea88f0c7098b2424fce776c0748442649 ++expected_sha512=aef2905a223b2b9b565374ce9671bcb434fc944b0a108c8b5b98769d830b6c61b9567de177791a092514675c3a3e0740758c6a5a171ae71d844c60315f07e334 ++ ++$NBDKIT -U - pattern 1G \ ++ --run ' ++ nbdcopy --blkhash --blkhash-file=$hashfile_sha256 "$uri" null: && ++ nbdcopy --blkhash=sha512/512k --blkhash-file=$hashfile_sha512 \ ++ "$uri" null: ++' ++cat $hashfile_sha256 ++test "$expected_sha256" = "$(cat $hashfile_sha256)" ++ ++cat $hashfile_sha512 ++test "$expected_sha512" = "$(cat $hashfile_sha512)" +diff --git a/copy/copy-blkhash-randfile.sh b/copy/copy-blkhash-randfile.sh +new file mode 100755 +index 00000000..029237c4 +--- /dev/null ++++ b/copy/copy-blkhash-randfile.sh +@@ -0,0 +1,45 @@ ++#!/usr/bin/env bash ++# nbd client library in userspace ++# Copyright Red Hat ++# ++# This library is free software; you can redistribute it and/or ++# modify it under the terms of the GNU Lesser General Public ++# License as published by the Free Software Foundation; either ++# version 2 of the License, or (at your option) any later version. ++# ++# This library is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++# Lesser General Public License for more details. ++# ++# You should have received a copy of the GNU Lesser General Public ++# License along with this library; if not, write to the Free Software ++# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA ++ ++# Test --blkhash option. ++ ++. ../tests/functions.sh ++ ++set -e ++set -x ++ ++requires $DD --version ++requires $DD oflag=seek_bytes + #include + #include ++#include + + #ifdef HAVE_SYS_IOCTL_H + #include + #endif + +-#include ++#ifdef HAVE_GNUTLS ++#include ++#endif + + #include + +@@ -48,6 +51,11 @@ + #include "nbdcopy.h" + + bool allocated; /* --allocated flag */ ++#ifdef HAVE_GNUTLS /* --blkhash */ ++gnutls_digest_algorithm_t blkhash_alg = GNUTLS_DIG_UNKNOWN; ++#endif ++unsigned blkhash_size = 65536; ++const char *blkhash_file; /* --blkhash-file (NULL = stdout) */ + unsigned connections = 4; /* --connections */ + bool target_is_zero; /* --target-is-zero flag */ + bool extents = true; /* ! --no-extents flag */ +@@ -76,7 +84,8 @@ usage (FILE *fp, int exitcode) + "\n" + "Copy to and from an NBD server:\n" + "\n" +-" nbdcopy [--allocated] [-C N|--connections=N]\n" ++" nbdcopy [--allocated] [--blkhash=DIGEST] [--blkhash-file=FILENAME]\n" ++" [-C N|--connections=N]\n" + " [--destination-is-zero|--target-is-zero] [--flush]\n" + " [--no-extents] [-p|--progress|--progress=FD]\n" + " [--queue-size=N] [--request-size=N] [-R N|--requests=N]\n" +@@ -113,6 +122,8 @@ main (int argc, char *argv[]) + LONG_OPTIONS, + SHORT_OPTIONS, + ALLOCATED_OPTION, ++ BLKHASH_OPTION, ++ BLKHASH_FILE_OPTION, + TARGET_IS_ZERO_OPTION, + FLUSH_OPTION, + NO_EXTENTS_OPTION, +@@ -125,6 +136,8 @@ main (int argc, char *argv[]) + { "help", no_argument, NULL, HELP_OPTION }, + { "long-options", no_argument, NULL, LONG_OPTIONS }, + { "allocated", no_argument, NULL, ALLOCATED_OPTION }, ++ { "blkhash", optional_argument, NULL, BLKHASH_OPTION }, ++ { "blkhash-file", required_argument, NULL, BLKHASH_FILE_OPTION }, + { "connections", required_argument, NULL, 'C' }, + { "destination-is-zero", no_argument, NULL, TARGET_IS_ZERO_OPTION }, + { "flush", no_argument, NULL, FLUSH_OPTION }, +@@ -179,6 +192,64 @@ main (int argc, char *argv[]) + allocated = true; + break; + ++ case BLKHASH_OPTION: ++#ifdef HAVE_GNUTLS ++ if (optarg == NULL || optarg[0] == '\0') { ++ blkhash_alg = GNUTLS_DIG_SHA256; ++ blkhash_size = 65536; ++ } ++ else { ++ i = strcspn (optarg, "/"); ++ if (i == 3 && strncasecmp (optarg, "md5", i) == 0) ++ blkhash_alg = GNUTLS_DIG_MD5; ++ else if (i == 4 && strncasecmp (optarg, "sha1", i) == 0) ++ blkhash_alg = GNUTLS_DIG_SHA1; ++ else if (i == 6 && strncasecmp (optarg, "sha256", i) == 0) ++ blkhash_alg = GNUTLS_DIG_SHA256; ++ else if (i == 6 && strncasecmp (optarg, "sha512", i) == 0) ++ blkhash_alg = GNUTLS_DIG_SHA512; ++ else { ++ fprintf (stderr, "%s: %s: unknown digest algorithm '%s'\n", ++ prog, "--blkhash", optarg); ++ exit (EXIT_FAILURE); ++ } ++ if (optarg[i] == '/') { ++ i64 = human_size_parse (&optarg[i+1], &error, &pstr); ++ if (i64 == -1) { ++ fprintf (stderr, "%s: %s: %s: %s\n", ++ prog, "--blkhash", error, pstr); ++ exit (EXIT_FAILURE); ++ } ++ if (! is_power_of_2 (blkhash_size)) { ++ fprintf (stderr, "%s: %s is not a power of two: %s\n", ++ prog, "--blkhash", &optarg[i+1]); ++ exit (EXIT_FAILURE); ++ } ++ if (i64 > UINT_MAX) { ++ fprintf (stderr, "%s: %s is too large: %s\n", ++ prog, "--blkhash", &optarg[i+1]); ++ exit (EXIT_FAILURE); ++ } ++ blkhash_size = i64; ++ } ++ } ++ break; ++#else ++ fprintf (stderr, "%s: %s: option not supported in this build\n", ++ prog, "--blkhash"); ++ exit (EXIT_FAILURE); ++#endif ++ ++ case BLKHASH_FILE_OPTION: ++#ifdef HAVE_GNUTLS ++ blkhash_file = optarg; ++ break; ++#else ++ fprintf (stderr, "%s: %s: option not supported in this build\n", ++ prog, "--blkhash-file"); ++ exit (EXIT_FAILURE); ++#endif ++ + case TARGET_IS_ZERO_OPTION: + target_is_zero = true; + break; +@@ -369,6 +440,9 @@ main (int argc, char *argv[]) + exit (EXIT_FAILURE); + } + ++ /* Initialize the blkhash function (if used). */ ++ init_blkhash (); ++ + /* If multi-conn is not supported, force connections to 1. */ + if (! src->ops->can_multi_conn (src) || ! dst->ops->can_multi_conn (dst)) + connections = 1; +@@ -482,6 +556,9 @@ main (int argc, char *argv[]) + /* We should always know the total size copied here. */ + assert (src->size >= 0); + ++ /* Finish and print the blkhash. */ ++ finish_blkhash (src->size); ++ + /* Shut down the source side. */ + src->ops->close (src); + +diff --git a/copy/multi-thread-copying.c b/copy/multi-thread-copying.c +index a75fb265..89588e6e 100644 +--- a/copy/multi-thread-copying.c ++++ b/copy/multi-thread-copying.c +@@ -265,8 +265,10 @@ worker_thread (void *wp) + * THREAD_WORK_SIZE, so there is no danger of overflowing + * size_t. + */ +- command = create_command (zeroing_start, offset-zeroing_start, +- true, w); ++ uint64_t zeroing_len = offset - zeroing_start; ++ ++ update_blkhash (NULL, zeroing_start, zeroing_len); ++ command = create_command (zeroing_start, zeroing_len, true, w); + fill_dst_range_with_zeroes (command); + is_zeroing = false; + } +@@ -297,6 +299,9 @@ worker_thread (void *wp) + * THREAD_WORK_SIZE, so there is no danger of overflowing + * size_t. + */ ++ uint64_t zeroing_len = offset - zeroing_start; ++ ++ update_blkhash (NULL, zeroing_start, zeroing_len); + command = create_command (zeroing_start, offset - zeroing_start, + true, w); + fill_dst_range_with_zeroes (command); +@@ -505,6 +510,9 @@ finished_read (void *vp, int *error) + exit (EXIT_FAILURE); + } + ++ update_blkhash (slice_ptr (command->slice), command->offset, ++ command->slice.len); ++ + if (allocated || sparse_size == 0) { + /* If sparseness detection (see below) is turned off then we write + * the whole command. +diff --git a/copy/nbdcopy.h b/copy/nbdcopy.h +index 7c54463d..91289c32 100644 +--- a/copy/nbdcopy.h ++++ b/copy/nbdcopy.h +@@ -25,6 +25,10 @@ + #include + #include + ++#ifdef HAVE_GNUTLS ++#include ++#endif ++ + #include + + #include "vector.h" +@@ -228,6 +232,11 @@ extern void asynch_notify_read_write_not_supported (struct rw *rw, + size_t index); + + extern bool allocated; ++#ifdef HAVE_GNUTLS ++extern gnutls_digest_algorithm_t blkhash_alg; ++#endif ++extern unsigned blkhash_size; ++extern const char *blkhash_file; + extern unsigned connections; + extern bool target_is_zero; + extern bool extents; +@@ -247,5 +256,8 @@ extern const char *prog; + extern void progress_bar (off_t pos, int64_t size); + extern void synch_copying (void); + extern void multi_thread_copying (void); ++extern void init_blkhash (void); ++extern void update_blkhash (const char *buf, uint64_t offset, size_t len); ++extern void finish_blkhash (uint64_t total_size); + + #endif /* NBDCOPY_H */ +diff --git a/copy/nbdcopy.pod b/copy/nbdcopy.pod +index 940e37ad..3efe2b1b 100644 +--- a/copy/nbdcopy.pod ++++ b/copy/nbdcopy.pod +@@ -4,7 +4,8 @@ nbdcopy - copy to and from an NBD server + + =head1 SYNOPSIS + +- nbdcopy [--allocated] [-C N|--connections=N] ++ nbdcopy [--allocated] [--blkhash=DIGEST] [--blkhash-file=FILE] ++ [-C N|--connections=N] + [--destination-is-zero|--target-is-zero] [--flush] + [--no-extents] [-p|--progress|--progress=FD] + [--queue-size=N] [--request-size=N] [-R N|--requests=N] +@@ -50,6 +51,11 @@ option this will print a progress bar. + + Copy a full disk from one NBD server to another. + ++=head2 nbdcopy nbd://server1 nbd://server2 --blkhash ++ ++Copy a full disk from one NBD server to another, computing the blkhash ++(similar to a checksum) of the disk and printing that. ++ + =head2 nbdcopy -- [ qemu-nbd -r -f qcow2 https://example.com/disk.qcow2 ] - + + Run L as a subprocess to open URL +@@ -106,6 +112,49 @@ I<--no-extents>), or by detecting runs of zeroes (see I<-S>). If you + use I<--allocated> then nbdcopy creates a fully allocated, non-sparse + output on the destination. + ++=item B<--blkhash> ++ ++=item B<--blkhash=md5> ++ ++=item B<--blkhash=md5/>SIZE ++ ++=item B<--blkhash=sha1> ++ ++=item B<--blkhash=sha1/>SIZE ++ ++=item B<--blkhash=sha256> ++ ++=item B<--blkhash=sha256/>SIZE ++ ++=item B<--blkhash=sha512> ++ ++=item B<--blkhash=sha512/>SIZE ++ ++Compute the blkhash of the disk image during the copy and print it at ++the end. Blkhash (L) is an algorithm ++similar to a checksum except that it can be computed in parallel. ++Note that it is not compatible with programs like L or ++L. Using this option will make nbdcopy slower. ++ ++You can choose the digest function from C, C, C ++(recommended), or C. You can also choose the block size, the ++default being C<64k> (recommended). ++ ++The I<--blkhash> option without parameters selects sha256/64k. ++ ++To compute the blkhash of a file without copying it, you can do: ++ ++ nbdcopy --blkhash -- disk.raw null: ++ ++or if the format is qcow2: ++ ++ nbdcopy --blkhash -- [ qemu-nbd -f qcow2 disk.qcow2 ] null: ++ ++=item B<--blkhash-file=>FILE ++ ++If I<--blkhash> is selected, choose where to print the blkhash to. ++The default is stdout. ++ + =item B<-C> N + + =item B<--connections=>N +@@ -306,7 +355,9 @@ L, + L, + L, + L, +-L. ++L, ++L, ++L. + + =head1 AUTHORS + +diff --git a/copy/synch-copying.c b/copy/synch-copying.c +index 5d21423d..09f05be2 100644 +--- a/copy/synch-copying.c ++++ b/copy/synch-copying.c +@@ -83,6 +83,7 @@ synch_copying (void) + size_t r; + + while ((r = src->ops->synch_read (src, buf, request_size, offset)) > 0) { ++ update_blkhash ((const char *) buf, offset, request_size); + dst->ops->synch_write (dst, buf, r, offset); + offset += r; + progress_bar (offset, src->size); +@@ -116,6 +117,7 @@ synch_copying (void) + assert (exts.ptr[i].length <= count); + + if (exts.ptr[i].zero) { ++ update_blkhash (NULL, offset, exts.ptr[i].length); + fill_dst_range_with_zeroes(offset, exts.ptr[i].length, buf); + offset += exts.ptr[i].length; + } +@@ -130,6 +132,7 @@ synch_copying (void) + exit (EXIT_FAILURE); + } + ++ update_blkhash ((const char *) buf, offset, r); + dst->ops->synch_write (dst, buf, r, offset); + offset += r; + progress_bar (offset, src->size); +-- +2.47.3 + diff --git a/0009-copy-Fix-crash-when-blkhash-size-is-not-a-power-of-2.patch b/0009-copy-Fix-crash-when-blkhash-size-is-not-a-power-of-2.patch new file mode 100644 index 0000000..99f2e61 --- /dev/null +++ b/0009-copy-Fix-crash-when-blkhash-size-is-not-a-power-of-2.patch @@ -0,0 +1,33 @@ +From d19e6eb145d93c827c5acf1b4c009ff27749a205 Mon Sep 17 00:00:00 2001 +From: "Richard W.M. Jones" +Date: Mon, 7 Apr 2025 11:35:25 +0100 +Subject: [PATCH] copy: Fix crash when blkhash size is not a power of 2 + +nbdcopy: blkhash.c:105: init_blkhash: Assertion `is_power_of_2 (blkhash_size)' failed. + +The check for this was wrong, resulting in a later assertion failure +instead of an error message. + +Reported-by: Vera Wu +Fixes: https://issues.redhat.com/browse/RHEL-85513 +(cherry picked from commit 6c6e0822c854e423d79bef87caf1c20c5bdb5eb5) +--- + copy/main.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/copy/main.c b/copy/main.c +index 8f943b30..9afb627c 100644 +--- a/copy/main.c ++++ b/copy/main.c +@@ -220,7 +220,7 @@ main (int argc, char *argv[]) + prog, "--blkhash", error, pstr); + exit (EXIT_FAILURE); + } +- if (! is_power_of_2 (blkhash_size)) { ++ if (! is_power_of_2 (i64)) { + fprintf (stderr, "%s: %s is not a power of two: %s\n", + prog, "--blkhash", &optarg[i+1]); + exit (EXIT_FAILURE); +-- +2.47.3 + diff --git a/0010-copy-Define-block_type-outside-of-block-struct.patch b/0010-copy-Define-block_type-outside-of-block-struct.patch new file mode 100644 index 0000000..f8fa5c3 --- /dev/null +++ b/0010-copy-Define-block_type-outside-of-block-struct.patch @@ -0,0 +1,66 @@ +From f48db2429c5aa5f56018baa18c2aa37f756975ef Mon Sep 17 00:00:00 2001 +From: Nir Soffer +Date: Sun, 13 Apr 2025 14:51:09 +0000 +Subject: [PATCH] copy: Define block_type outside of block struct + +This make the code easier to follow and maintain. + +(cherry picked from commit dc5f0e6c79e7aa03ba634b71d4780f6d7d039cdd) +--- + copy/blkhash.c | 38 ++++++++++++++++++++------------------ + 1 file changed, 20 insertions(+), 18 deletions(-) + +diff --git a/copy/blkhash.c b/copy/blkhash.c +index 622d8a39..526db4d2 100644 +--- a/copy/blkhash.c ++++ b/copy/blkhash.c +@@ -43,26 +43,28 @@ + + #ifdef HAVE_GNUTLS + ++/* unknown => We haven't seen this block yet. 'ptr' is NULL. ++ * ++ * zero => The block is all zeroes. 'ptr' is NULL. ++ * ++ * data => The block is all data, and we have seen the whole block, ++ * and the hash has been computed. 'ptr' points to the computed ++ * hash. 'n' is unused. ++ * ++ * incomplete => Part of the block was seen. 'ptr' points to the ++ * data block, waiting to be completed. 'n' is the number of bytes ++ * seen so far. We will compute the hash and turn this into a ++ * 'data' or 'zero' block, either when we have seen all bytes of ++ * this block, or at the end. ++ * ++ * Note that this code assumes that we are called exactly once for a ++ * range in the disk image. ++ */ ++enum block_type { block_unknown = 0, block_zero, block_data, block_incomplete }; ++ + /* We will have one of these structs per blkhash block. */ + struct block { +- /* unknown => We haven't seen this block yet. 'ptr' is NULL. +- * +- * zero => The block is all zeroes. 'ptr' is NULL. +- * +- * data => The block is all data, and we have seen the whole block, +- * and the hash has been computed. 'ptr' points to the computed +- * hash. 'n' is unused. +- * +- * incomplete => Part of the block was seen. 'ptr' points to the +- * data block, waiting to be completed. 'n' is the number of bytes +- * seen so far. We will compute the hash and turn this into a +- * 'data' or 'zero' block, either when we have seen all bytes of +- * this block, or at the end. +- * +- * Note that this code assumes that we are called exactly once for a +- * range in the disk image. +- */ +- enum { block_unknown = 0, block_zero, block_data, block_incomplete } type; ++ enum block_type type; + void *ptr; + size_t n; + }; +-- +2.47.3 + diff --git a/0011-copy-Shrink-struct-block.patch b/0011-copy-Shrink-struct-block.patch new file mode 100644 index 0000000..3677156 --- /dev/null +++ b/0011-copy-Shrink-struct-block.patch @@ -0,0 +1,78 @@ +From 361ae3810398d0d5c3550267b0470ba235d94c32 Mon Sep 17 00:00:00 2001 +From: Nir Soffer +Date: Sun, 13 Apr 2025 14:54:31 +0000 +Subject: [PATCH] copy: Shrink struct block + +Change n to uint32_t since block size bigger than 4g does not make +sense. Move the type field to the end to shrink struct size from 24 +bytes to 16. + +This minimizes memory usage and improves locality. For example we can +have 4 blocks in a single cache line instead of 2.5. + +Testing shows up to 8% improvement in time and 33% in maximum resident +set size with 1000g empty image. With images full of zeros or images +full of non-zero bytes we see lower memory usage but no difference in +time. + +| size | content | tool | source | version | memory | time | +|--------|---------|------------|--------|---------|----------|----------| +| 1000g | hole | nbdcopy | file | before | 644716k | 3.33s | +| 1000g | hole | nbdcopy | file | after | 516716k | 3.10s | +| 1000g | hole | nbdcopy | nbd | before | 388844k | 1.13s | +| 1000g | hole | nbdcopy | nbd | after | 260716k | 1.04s | +| 1000g | hole | blksum | nbd | - | 10792k | 0.29s | +| 1000g | hole | sha256sum | file | - | *2796k | *445.00s | +|--------|---------|------------|--------|---------|----------|----------| +| 10g | zero | nbdcopy | file | before | 20236k | 1.33s | +| 10g | zero | nbdcopy | file | after | 18796k | 1.32s | +| 10g | zero | nbdcopy | nbd | before | 32648k | 8.21s | +| 10g | zero | nbdcopy | nbd | after | 31416k | 8.23s | +| 10g | zero | nbdcopy | pipe | before | 19052k | 4.56s | +| 10g | zero | nbdcopy | pipe | after | 17772k | 4.56s | +| 10g | zero | blksum | nbd | - | 13948k | 3.90s | +| 10g | zero | blksum | pipe | - | 10340k | 0.55s | +| 10g | zero | sha256sum | file | - | 2796k | 4.45s | +|--------|---------|------------|--------|---------|----------|----------| +| 10g | data | nbdcopy | file | before | 20224k | 1.28s | +| 10g | data | nbdcopy | file | after | 19036k | 1.26s | +| 10g | data | nbdcopy | nbd | before | 32792k | 8.02s | +| 10g | data | nbdcopy | nbd | after | 31512k | 8.02s | +| 10g | data | nbdcopy | pipe | before | 19052k | 4.56s | +| 10g | data | nbdcopy | pipe | after | 17772k | 4.57s | +| 10g | data | blksum | nbd | - | 13888k | 3.88s | +| 10g | data | blksum | pipe | - | 12512k | 1.10s | +| 10g | data | sha256sum | file | - | 2788k | 4.49s | + +* estimated based on 10g image + +Measured using: + + /usr/bin/time -f "memory=%Mk time=%es" ./nbdcopy --blkhash ... + +Tested on Fedora 41 VM on MacBook Pro M2 Max. + +(cherry picked from commit f3e1b5fe8423558b49a2b829c0fe13f601b475f2) +--- + copy/blkhash.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/copy/blkhash.c b/copy/blkhash.c +index 526db4d2..41253ec8 100644 +--- a/copy/blkhash.c ++++ b/copy/blkhash.c +@@ -64,9 +64,9 @@ enum block_type { block_unknown = 0, block_zero, block_data, block_incomplete }; + + /* We will have one of these structs per blkhash block. */ + struct block { +- enum block_type type; + void *ptr; +- size_t n; ++ uint32_t n; ++ enum block_type type; + }; + + DEFINE_VECTOR_TYPE(blocks, struct block); +-- +2.47.3 + diff --git a/0012-copy-Enable-zero-optimization-for-allocated-extents.patch b/0012-copy-Enable-zero-optimization-for-allocated-extents.patch new file mode 100644 index 0000000..9f12dd0 --- /dev/null +++ b/0012-copy-Enable-zero-optimization-for-allocated-extents.patch @@ -0,0 +1,65 @@ +From d57d58ba193674bef225f0e7094b0efbaa47f680 Mon Sep 17 00:00:00 2001 +From: Nir Soffer +Date: Sun, 13 Apr 2025 23:39:15 +0000 +Subject: [PATCH] copy: Enable zero optimization for allocated extents + +We optimized zero extents but computed the hash for all data blocks, +including data blocks full of zeros. Detecting a zero block is 20-100 +times faster than computing a hash, depending on the machine and the +hash algorithm. + +When adding a completed block, detect zero blocks and mark the block as +zero block, saving the computation of the hash and the allocation of the +digest buffer. + +This optimization is already implemented for incomplete blocks. + +Testing shows that computing a hash for image full of zeros is up to 7.4 +times faster, and memory usage is up to 40% lower. + +| size | content | tool | source | version | memory | time | +|--------|---------|------------|--------|---------|----------|----------| +| 10g | zero | nbdcopy | file | before | 20236k | 1.33s | +| 10g | zero | nbdcopy | file | after | 13212k | 0.33s | +| 10g | zero | nbdcopy | nbd | before | 32648k | 8.21s | +| 10g | zero | nbdcopy | nbd | after | 24996k | 3.32s | +| 10g | zero | nbdcopy | pipe | before | 19052k | 4.56s | +| 10g | zero | nbdcopy | pipe | after | 11244k | 0.61s | +| 10g | zero | blksum | nbd | - | 13948k | 3.90s | +| 10g | zero | blksum | pipe | - | 10340k | 0.55s | +| 10g | zero | sha256sum | file | - | 2796k | 4.45s | +|--------|---------|------------|--------|---------|----------|----------| +| 10g | data | nbdcopy | file | before | 20224k | 1.28s | +| 10g | data | nbdcopy | file | after | 20400k | 1.28s | +| 10g | data | nbdcopy | nbd | before | 32792k | 8.02s | +| 10g | data | nbdcopy | nbd | after | 32536k | 8.01s | +| 10g | data | nbdcopy | pipe | before | 19052k | 4.56s | +| 10g | data | nbdcopy | pipe | after | 19048k | 4.55s | +| 10g | data | blksum | nbd | - | 13888k | 3.88s | +| 10g | data | blksum | pipe | - | 12512k | 1.10s | +| 10g | data | sha256sum | file | - | 2788k | 4.49s | + +(cherry picked from commit efbe283f9fcfc8b4e57370f71356b1bfe7ffd0a4) +--- + copy/blkhash.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/copy/blkhash.c b/copy/blkhash.c +index 41253ec8..92ffafbd 100644 +--- a/copy/blkhash.c ++++ b/copy/blkhash.c +@@ -213,7 +213,10 @@ set_complete_block (uint64_t blknum, const char *buf) + /* Assert that we haven't seen this block before. */ + assert (b.type == block_unknown); + +- if (buf) { ++ /* Detecting a zero block is 20-100 times faster than computing a hash ++ * depending on the machine and the algorithm. ++ */ ++ if (buf && !is_zero (buf, blkhash_size)) { + b.type = block_data; + + /* Compute the hash of the whole block now. */ +-- +2.47.3 + diff --git a/0013-copy-Fix-corrupted-hash-on-incomplete-read.patch b/0013-copy-Fix-corrupted-hash-on-incomplete-read.patch new file mode 100644 index 0000000..436c804 --- /dev/null +++ b/0013-copy-Fix-corrupted-hash-on-incomplete-read.patch @@ -0,0 +1,39 @@ +From 4db52aea6b2c92e7dd199d5ce00f74d107f7f2f3 Mon Sep 17 00:00:00 2001 +From: Nir Soffer +Date: Mon, 14 Apr 2025 21:40:16 +0000 +Subject: [PATCH] copy: Fix corrupted hash on incomplete read + +When using synchronous read with unknown file size, if the read was +shorter than request size, we updated the hash with the complete buffer, +inserting leftover bytes from the previous read into the hash. + +I'm not sure if there is validation for source size and number of blocks +in the blocks vector, so this can generate a corrupted hash silently. + +We probably need to validate later that the image size matches the size +of the hashed data. + +I could not reproduce a corrupted hash, the issue discovered by reading +the code. + +(cherry picked from commit 49cd9fbc0022c0ae5bc5d0b9dd48219dfb92b2f7) +--- + copy/synch-copying.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/copy/synch-copying.c b/copy/synch-copying.c +index 09f05be2..2aa67df6 100644 +--- a/copy/synch-copying.c ++++ b/copy/synch-copying.c +@@ -83,7 +83,7 @@ synch_copying (void) + size_t r; + + while ((r = src->ops->synch_read (src, buf, request_size, offset)) > 0) { +- update_blkhash ((const char *) buf, offset, request_size); ++ update_blkhash ((const char *) buf, offset, r); + dst->ops->synch_write (dst, buf, r, offset); + offset += r; + progress_bar (offset, src->size); +-- +2.47.3 + diff --git a/0014-build-Add-.-configure-with-extra.patch b/0014-build-Add-.-configure-with-extra.patch new file mode 100644 index 0000000..d79f0e3 --- /dev/null +++ b/0014-build-Add-.-configure-with-extra.patch @@ -0,0 +1,76 @@ +From 327d819d8e8161c31da903e8171a89db97862951 Mon Sep 17 00:00:00 2001 +From: "Richard W.M. Jones" +Date: Wed, 16 Jul 2025 12:24:12 +0100 +Subject: [PATCH] build: Add ./configure --with-extra="..." + +This is intended for downstream packagers to use, to provide extra +information about the version of the downstream package (such as the +RPM ENVR). This helps when identifying bugs, especially in packges +which have extensive backports (such as the RHEL packages). This is +the same as the equivalent option in nbdkit. + +In Fedora we intend to use this in the spec file: + + ./configure --with-extra='%{name}-%{version}-%{release}' + +resulting in an extra version string something like "libnbd-1.23.4-1.fc43". + +(cherry picked from commit a04cda6938a9f60b26cb9aa6d55a0b4ef4d0fe76) +--- + README.md | 13 +++++++++++++ + configure.ac | 15 +++++++++++++++ + 2 files changed, 28 insertions(+) + +diff --git a/README.md b/README.md +index 0f6bcdd4..385c0e58 100644 +--- a/README.md ++++ b/README.md +@@ -163,6 +163,19 @@ ### Download tarballs + http://libguestfs.org/download/libnbd + + ++### Downstream packagers ++ ++If you are packaging libnbd, use: ++ ++``` ++./configure --with-extra='...' ++``` ++ ++providing extra information about the distribution, and/or ++distro-specific versions. It helps us with troubleshooting bug ++reports. (Also, talk to us!) ++ ++ + ## Developers + + Install the valgrind program and development headers. +diff --git a/configure.ac b/configure.ac +index 40d4f79f..6fc4342e 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -18,6 +18,21 @@ + AC_INIT([libnbd],[1.22.2]) + + AC_CONFIG_MACRO_DIR([m4]) ++ ++dnl Extra string, a freeform string defined by downstream packagers. ++dnl eg. If you are packaging libnbd for Linux distro X 1.1, you could ++dnl ./configure --with-extra="X release 1.1" ++AC_ARG_WITH([extra], ++ [AS_HELP_STRING([--with-extra=...], ++ [extra version information (for use by packagers)])], ++ [LIBNBD_VERSION_EXTRA="$withval"], ++ [LIBNBD_VERSION_EXTRA=] ++) ++AC_DEFINE_UNQUOTED([LIBNBD_VERSION_EXTRA], ["$LIBNBD_VERSION_EXTRA"], ++ [Extra version information (for use by packagers)]) ++ ++AC_MSG_NOTICE([libnbd version $PACKAGE_VERSION ($LIBNBD_VERSION_EXTRA)]) ++ + m4_ifdef([AC_USE_SYSTEM_EXTENSIONS],[], + [m4_define([AC_USE_SYSTEM_EXTENSIONS],[])]) + AC_USE_SYSTEM_EXTENSIONS +-- +2.47.3 + diff --git a/0015-lib-New-API-nbd_get_version_extra.patch b/0015-lib-New-API-nbd_get_version_extra.patch new file mode 100644 index 0000000..023925f --- /dev/null +++ b/0015-lib-New-API-nbd_get_version_extra.patch @@ -0,0 +1,107 @@ +From e17980b7bc91eb74d2cccfcc4dc89e4dcead5609 Mon Sep 17 00:00:00 2001 +From: "Richard W.M. Jones" +Date: Wed, 16 Jul 2025 12:26:29 +0100 +Subject: [PATCH] lib: New API: nbd_get_version_extra + +This new API gets the ./configure --with-extra="..." string, usually +the empty string (for upstream builds) or the package NVR (for +downstream builds). + +This commit also adds a test. + +(cherry picked from commit 0b7e0831912c9efcd601b4738756a0aeb948df79) +--- + generator/API.ml | 26 ++++++++++++++++++++++++-- + lib/handle.c | 6 ++++++ + tests/get-version.c | 7 +++++++ + 3 files changed, 37 insertions(+), 2 deletions(-) + +diff --git a/generator/API.ml b/generator/API.ml +index 8ee1843a..b1932dfa 100644 +--- a/generator/API.ml ++++ b/generator/API.ml +@@ -4172,7 +4172,7 @@ versions."; + longdesc = "\ + Returns the name of the library, always C<\"libnbd\"> unless + the library was modified with another name at compile time."; +- see_also = [Link "get_version"]; ++ see_also = [Link "get_version"; Link "get_version_extra"]; + }; + + "get_version", { +@@ -4220,7 +4220,26 @@ The release number is incremented for each release along a particular + branch. + + =back"; +- see_also = [Link "get_package_name"]; ++ see_also = [Link "get_package_name"; Link "get_version_extra"]; ++ }; ++ ++ "get_version_extra", { ++ default_call with ++ args = []; ret = RStaticString; is_locked = false; may_set_error = false; ++ shortdesc = "return the extra version of the library"; ++ longdesc = "\ ++Return the extra version of libnbd. This is a freeform string ++which is set at package build time using: ++ ++ ./configure --with-extra=\"...\" ++ ++and it intended to be used by downstream packagers (eg. Linux distributions) ++to convey extra version information, such as the precise version of ++the libnbd RPM, C<.deb> etc. ++ ++The string may be C<\"\">, indicating that no extra version information ++is available, or that this is an upstream build of libnbd."; ++ see_also = [Link "get_package_name"; Link "get_version_extra"]; + }; + + "kill_subprocess", { +@@ -4515,6 +4534,9 @@ let first_version = [ + "is_uri", (1, 22); + "get_subprocess_pid", (1, 22); + ++ (* Added in 1.23.x development cycle, will be stable and supported in 1.24 *) ++ "get_version_extra", (1, 24); ++ + (* These calls are proposed for a future version of libnbd, but + * have not been added to any released version so far. + "get_tls_certificates", (1, ??); +diff --git a/lib/handle.c b/lib/handle.c +index a263cc4c..ec64d601 100644 +--- a/lib/handle.c ++++ b/lib/handle.c +@@ -566,6 +566,12 @@ nbd_unlocked_get_version (struct nbd_handle *h) + return PACKAGE_VERSION; + } + ++const char * ++nbd_unlocked_get_version_extra (struct nbd_handle *h) ++{ ++ return LIBNBD_VERSION_EXTRA; ++} ++ + int + nbd_unlocked_kill_subprocess (struct nbd_handle *h, int signum) + { +diff --git a/tests/get-version.c b/tests/get-version.c +index b8dc5338..c195e5f5 100644 +--- a/tests/get-version.c ++++ b/tests/get-version.c +@@ -53,6 +53,13 @@ main (int argc, char *argv[]) + } + assert (strcmp (s, PACKAGE_VERSION) == 0); + ++ s = nbd_get_version_extra (nbd); ++ if (s == NULL) { ++ fprintf (stderr, "%s\n", nbd_get_error ()); ++ exit (EXIT_FAILURE); ++ } ++ assert (strcmp (s, LIBNBD_VERSION_EXTRA) == 0); ++ + nbd_close (nbd); + exit (EXIT_SUCCESS); + } +-- +2.47.3 + diff --git a/0016-tools-Add-extra-version-information-in-the-output-of.patch b/0016-tools-Add-extra-version-information-in-the-output-of.patch new file mode 100644 index 0000000..3145970 --- /dev/null +++ b/0016-tools-Add-extra-version-information-in-the-output-of.patch @@ -0,0 +1,268 @@ +From 625a79d4eea074d8f83dc590118605d88bd9676a Mon Sep 17 00:00:00 2001 +From: "Richard W.M. Jones" +Date: Wed, 16 Jul 2025 12:27:21 +0100 +Subject: [PATCH] tools: Add extra version information in the output of + --version + +In tools like nbdcopy, add the extra version information, if present +to the output of commands like 'nbdcopy --version'. + +For example in a downstream build you might see: + + $ nbdcopy --version + nbdcopy 1.23.4 (libnbd-1.23.4-1.fc43) + libnbd 1.23.4 (libnbd-1.23.4-1.fc43) + +In upstream builds or builds not using the new ./configure --with-extra +option, the output is unchanged. + +(cherry picked from commit 441eadf352e387aaba687bf424cc46424507bf18) +--- + common/utils/version.c | 13 +++++++++++-- + copy/test-version.sh | 31 ++++++++++++++++--------------- + dump/test-version.sh | 31 ++++++++++++++++--------------- + fuse/test-version.sh | 31 ++++++++++++++++--------------- + info/test-version.sh | 31 ++++++++++++++++--------------- + sh/test-version.sh | 31 ++++++++++++++++--------------- + 6 files changed, 91 insertions(+), 77 deletions(-) + +diff --git a/common/utils/version.c b/common/utils/version.c +index 554d3056..135c0c75 100644 +--- a/common/utils/version.c ++++ b/common/utils/version.c +@@ -20,6 +20,7 @@ + + #include + #include ++#include + + #include "libnbd.h" + #include "version.h" +@@ -30,9 +31,13 @@ display_version (const char *program_name) + struct nbd_handle *nbd; + const char *package_name = NULL; + const char *version = NULL; ++ const char *version_extra = NULL; + + /* The program name and the version of the binary. */ +- printf ("%s %s\n", program_name, PACKAGE_VERSION); ++ printf ("%s %s", program_name, PACKAGE_VERSION); ++ if (strcmp (LIBNBD_VERSION_EXTRA, "") != 0) ++ printf (" (%s)", LIBNBD_VERSION_EXTRA); ++ printf ("\n"); + + /* Flush to make sure it is printed, even if the code below crashes + * for any reason. +@@ -46,9 +51,13 @@ display_version (const char *program_name) + if (nbd) { + package_name = nbd_get_package_name (nbd); + version = nbd_get_version (nbd); ++ version_extra = nbd_get_version_extra (nbd); + } + if (version) { +- printf ("%s %s\n", package_name ? package_name : PACKAGE_NAME, version); ++ printf ("%s %s", package_name ? package_name : PACKAGE_NAME, version); ++ if (strcmp (version_extra, "") != 0) ++ printf (" (%s)", version_extra); ++ printf ("\n"); + fflush (stdout); + } + nbd_close (nbd); +diff --git a/copy/test-version.sh b/copy/test-version.sh +index f3bd30d4..0738f109 100755 +--- a/copy/test-version.sh ++++ b/copy/test-version.sh +@@ -16,18 +16,19 @@ + # License along with this library; if not, write to the Free Software + # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +-# Test that nbdcopy --version looks sane. +- +-fail=0 +-output=$($VG nbdcopy --version) +-if [ $? != 0 ]; then +- echo "$0: unexpected exit status" +- fail=1 +-fi +-if [ "$output" != "nbdcopy $EXPECTED_VERSION +-libnbd $EXPECTED_VERSION" ]; then +- echo "$0: unexpected output" +- fail=1 +-fi +-echo "$output" +-exit $fail ++# Test that --version looks sane. ++ ++. ../tests/functions.sh ++set -e ++set -x ++ ++tool=nbdcopy ++ ++output=test-$tool.out ++cleanup_fn rm -f $output ++ ++$VG $tool --version > $output ++cat $output ++ ++grep "$tool $EXPECTED_VERSION" $output ++grep "libnbd $EXPECTED_VERSION" $output +diff --git a/dump/test-version.sh b/dump/test-version.sh +index 2ef32e05..8adc0e19 100755 +--- a/dump/test-version.sh ++++ b/dump/test-version.sh +@@ -16,18 +16,19 @@ + # License along with this library; if not, write to the Free Software + # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +-# Test that nbddump --version looks sane. +- +-fail=0 +-output=$($VG nbddump --version) +-if [ $? != 0 ]; then +- echo "$0: unexpected exit status" +- fail=1 +-fi +-if [ "$output" != "nbddump $EXPECTED_VERSION +-libnbd $EXPECTED_VERSION" ]; then +- echo "$0: unexpected output" +- fail=1 +-fi +-echo "$output" +-exit $fail ++# Test that --version looks sane. ++ ++. ../tests/functions.sh ++set -e ++set -x ++ ++tool=nbddump ++ ++output=test-$tool.out ++cleanup_fn rm -f $output ++ ++$VG $tool --version > $output ++cat $output ++ ++grep "$tool $EXPECTED_VERSION" $output ++grep "libnbd $EXPECTED_VERSION" $output +diff --git a/fuse/test-version.sh b/fuse/test-version.sh +index 7b3e9929..18924b1f 100755 +--- a/fuse/test-version.sh ++++ b/fuse/test-version.sh +@@ -16,18 +16,19 @@ + # License along with this library; if not, write to the Free Software + # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +-# Test that nbdfuse --version looks sane. +- +-fail=0 +-output=$($VG nbdfuse --version) +-if [ $? != 0 ]; then +- echo "$0: unexpected exit status" +- fail=1 +-fi +-if [ "$output" != "nbdfuse $EXPECTED_VERSION +-libnbd $EXPECTED_VERSION" ]; then +- echo "$0: unexpected output" +- fail=1 +-fi +-echo "$output" +-exit $fail ++# Test that --version looks sane. ++ ++. ../tests/functions.sh ++set -e ++set -x ++ ++tool=nbdfuse ++ ++output=test-$tool.out ++cleanup_fn rm -f $output ++ ++$VG $tool --version > $output ++cat $output ++ ++grep "$tool $EXPECTED_VERSION" $output ++grep "libnbd $EXPECTED_VERSION" $output +diff --git a/info/test-version.sh b/info/test-version.sh +index 0125479e..35b1eec7 100755 +--- a/info/test-version.sh ++++ b/info/test-version.sh +@@ -16,18 +16,19 @@ + # License along with this library; if not, write to the Free Software + # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +-# Test that nbdinfo --version looks sane. +- +-fail=0 +-output=$($VG nbdinfo --version) +-if [ $? != 0 ]; then +- echo "$0: unexpected exit status" +- fail=1 +-fi +-if [ "$output" != "nbdinfo $EXPECTED_VERSION +-libnbd $EXPECTED_VERSION" ]; then +- echo "$0: unexpected output" +- fail=1 +-fi +-echo "$output" +-exit $fail ++# Test that --version looks sane. ++ ++. ../tests/functions.sh ++set -e ++set -x ++ ++tool=nbdinfo ++ ++output=test-$tool.out ++cleanup_fn rm -f $output ++ ++$VG $tool --version > $output ++cat $output ++ ++grep "$tool $EXPECTED_VERSION" $output ++grep "libnbd $EXPECTED_VERSION" $output +diff --git a/sh/test-version.sh b/sh/test-version.sh +index ef730ea2..5caba42c 100755 +--- a/sh/test-version.sh ++++ b/sh/test-version.sh +@@ -16,18 +16,19 @@ + # License along with this library; if not, write to the Free Software + # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +-# Test that nbdsh --version looks sane. +- +-fail=0 +-output=$($VG nbdsh --version) +-if [ $? != 0 ]; then +- echo "$0: unexpected exit status" +- fail=1 +-fi +-if [ "$output" != "nbdsh $EXPECTED_VERSION +-libnbd $EXPECTED_VERSION" ]; then +- echo "$0: unexpected output" +- fail=1 +-fi +-echo "$output" +-exit $fail ++# Test that --version looks sane. ++ ++. ../tests/functions.sh ++set -e ++set -x ++ ++tool=nbdsh ++ ++output=test-$tool.out ++cleanup_fn rm -f $output ++ ++$VG $tool --version > $output ++cat $output ++ ++grep "$tool $EXPECTED_VERSION" $output ++grep "libnbd $EXPECTED_VERSION" $output +-- +2.47.3 + diff --git a/0017-uri-Sanitize-user-provided-hostnames.patch b/0017-uri-Sanitize-user-provided-hostnames.patch new file mode 100644 index 0000000..3d61937 --- /dev/null +++ b/0017-uri-Sanitize-user-provided-hostnames.patch @@ -0,0 +1,78 @@ +From fc92e8bd6c6edaeb65b985ea1948b27c61fb68d4 Mon Sep 17 00:00:00 2001 +From: Eric Blake +Date: Mon, 13 Oct 2025 10:01:21 -0500 +Subject: [PATCH] uri: Sanitize user-provided hostnames +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Dan Berrangé ran a free trial of zeropath (http://zeropath.com/) AI +analysis on libnbd, and it highlighted the following: + + "When using nbd+ssh:// URIs the library constructs an argv array for + ssh from parsed URI parts (server, port, user, unix socket, nbd-port) + and execs it. The server component is used directly as an ssh + argument; if it begins with '-' an attacker can inject ssh options + (e.g. -oProxyCommand=...) that cause ssh to run local commands. There + is no protection (such as rejecting leading '-' in server or inserting + a '--' to stop option parsing), so an attacker who can supply the URI + can cause local command execution in the client process." + + eg with this.... "nbdinfo nbd+ssh://-oProxyCommand=rm%20run.in" + you'll get a failure to start the NBD connection, but it none the less + deletes the file 'run.in' in the local working directory + +The RFCs are vague enough that it is not immediately obvious whether +there is any possibility of a valid hostname with a leading - (see +https://www.netmeister.org/blog/hostnames.html). Still, it is better +to pass the user's string on to ssh's determination of a valid +hostname (which does appear to reject leading -) rather than trying to +teach libnbd what patterns to allow, and thereby avoid risking any +pattern written in libnbd accidentally being too restrictive. Do this +by using "--" to end ssh options before the hostname, but that in turn +must come after any use of -oUser=. With this in place, we now get a +sane error rather than spawning a calculator with: + +$ nbdinfo nbd+ssh://-oProxyCommand=gnome-calculator +hostname contains invalid characters +/home/eblake/libnbd/info/.libs/nbdinfo: nbd_connect_uri: recv: server disconnected unexpectedly + +See also Libvirt commit e4cb8500 (Aug 2017), which in turn was +inspired by GIT security flaws +(http://blog.recurity-labs.com/2017-08-10/scm-vulns). We have put out +a request to Red Hat security on whether this warrants a CVE in +libnbd; however, as the problem was easy to identify using only free +AI resources, and the problem itself is relatively low priority (to +exploit it, an attacker has to convince an admin to run a program that +will use libnbd on an untrusted URI), so we are publishing this now +rather than waiting for any embargo. If a CVE is assigned, it will be +announced to the mailing list in a followup post. + +Signed-off-by: Eric Blake +CC: Daniel P. Berrangé + +(cherry picked from commit fffd87a3ba216cf2f9c212e5db96b13b98985edf) +Conflicts: + lib/uri.c - no username override, backport looks different +Signed-off-by: Eric Blake +(cherry picked from commit f461fe64d21fe8a6d32b56ccb50d06489d2e2698) +--- + lib/uri.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/uri.c b/lib/uri.c +index 2e96c056..5afd0f49 100644 +--- a/lib/uri.c ++++ b/lib/uri.c +@@ -446,7 +446,7 @@ nbd_unlocked_aio_connect_uri (struct nbd_handle *h, const char *raw_uri) + case ssh: { /* SSH */ + char port_str[32]; + const char *ssh_command[] = { +- "ssh", "-p", port_str, uri->server, ++ "ssh", "-p", port_str, "--", uri->server, + "nc", + NULL, /* [5] "-U" or "localhost" */ + NULL, /* [6] socket or "10809" */ +-- +2.47.3 + diff --git a/0018-lib-uri.c-Fix-indices-in-SSH-command-array.patch b/0018-lib-uri.c-Fix-indices-in-SSH-command-array.patch new file mode 100644 index 0000000..225d2e3 --- /dev/null +++ b/0018-lib-uri.c-Fix-indices-in-SSH-command-array.patch @@ -0,0 +1,59 @@ +From f130e5f9554d669791555f330b63353a1a181ca1 Mon Sep 17 00:00:00 2001 +From: "Richard W.M. Jones" +Date: Thu, 23 Oct 2025 11:58:53 +0100 +Subject: [PATCH] lib/uri.c: Fix indices in SSH command array + +Commit f461fe64d2 ("uri: Sanitize user-provided hostnames") didn't +update the fixed indices that we use to access the SSH command array +(this is no longer a problem in upstream code). + +'tests/connect-uri-nbd-ssh' failed with: + + libnbd: debug: nbd1: nbd_connect_uri: poll start: events=1 + bash: -U: invalid option + Usage: bash [GNU long option] [option] ... + bash [GNU long option] [option] script-file ... + [...] + +Fixes: commit f461fe64d21fe8a6d32b56ccb50d06489d2e2698 +Signed-off-by: Richard W.M. Jones +(cherry picked from commit 00181d26a4d891e2d7acdd0a309fbf2af01eb55e) +--- + lib/uri.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/lib/uri.c b/lib/uri.c +index 5afd0f49..9cbec2df 100644 +--- a/lib/uri.c ++++ b/lib/uri.c +@@ -448,8 +448,8 @@ nbd_unlocked_aio_connect_uri (struct nbd_handle *h, const char *raw_uri) + const char *ssh_command[] = { + "ssh", "-p", port_str, "--", uri->server, + "nc", +- NULL, /* [5] "-U" or "localhost" */ +- NULL, /* [6] socket or "10809" */ ++ NULL, /* [6] "-U" or "localhost" */ ++ NULL, /* [7] socket or "10809" */ + NULL, + }; + +@@ -461,12 +461,12 @@ nbd_unlocked_aio_connect_uri (struct nbd_handle *h, const char *raw_uri) + "%d", uri->port > 0 ? uri->port : 22); + + if (unixsocket) { +- ssh_command[5] = "-U"; +- ssh_command[6] = unixsocket; ++ ssh_command[6] = "-U"; ++ ssh_command[7] = unixsocket; + } + else { +- ssh_command[5] = "localhost"; +- ssh_command[6] = "10809"; /* XXX provide a way to configure this */ ++ ssh_command[6] = "localhost"; ++ ssh_command[7] = "10809"; /* XXX provide a way to configure this */ + } + + if (nbd_unlocked_aio_connect_command (h, (char **) ssh_command) == -1) +-- +2.47.3 + diff --git a/SOURCES/0001-copy-copy-nbd-to-sparse-file.sh-Skip-test-unless-nbd.patch b/SOURCES/0001-copy-copy-nbd-to-sparse-file.sh-Skip-test-unless-nbd.patch deleted file mode 100644 index bf90cec..0000000 --- a/SOURCES/0001-copy-copy-nbd-to-sparse-file.sh-Skip-test-unless-nbd.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 486799e853aa9df034366303230a1785087a507a Mon Sep 17 00:00:00 2001 -From: "Richard W.M. Jones" -Date: Fri, 8 Jan 2021 12:14:18 +0000 -Subject: [PATCH] copy/copy-nbd-to-sparse-file.sh: Skip test unless nbdkit - available. - -This test used nbdkit without checking it is available, which broke -the test on RHEL 8 i686. - -Fixes: commit 28fe8d9d8d1ecb491070d20f22e2f34bb147f19f -(cherry picked from commit 781cb44b63a87f2d5f40590ab8c446ad2e7b6702) ---- - copy/copy-nbd-to-sparse-file.sh | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/copy/copy-nbd-to-sparse-file.sh b/copy/copy-nbd-to-sparse-file.sh -index aa2cb1b9..47ff09ae 100755 ---- a/copy/copy-nbd-to-sparse-file.sh -+++ b/copy/copy-nbd-to-sparse-file.sh -@@ -24,6 +24,7 @@ set -x - requires cmp --version - requires dd --version - requires dd oflag=seek_bytes -Date: Thu, 4 Feb 2021 17:57:06 +0000 -Subject: [PATCH] generator: Refactor CONNECT.START state. - -Small, neutral refactoring to the CONNECT.START to make the subsequent -commit easier. - -(cherry picked from commit cd231fd94bbfaacdd9b89e7d355ba2bbc83c2aeb) ---- - generator/states-connect.c | 21 ++++++++++----------- - 1 file changed, 10 insertions(+), 11 deletions(-) - -diff --git a/generator/states-connect.c b/generator/states-connect.c -index 392879d4..03b34c7d 100644 ---- a/generator/states-connect.c -+++ b/generator/states-connect.c -@@ -47,11 +47,12 @@ disable_nagle (int sock) - - STATE_MACHINE { - CONNECT.START: -- int fd; -+ sa_family_t family; -+ int fd, r; - - assert (!h->sock); -- fd = socket (h->connaddr.ss_family, -- SOCK_STREAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0); -+ family = h->connaddr.ss_family; -+ fd = socket (family, SOCK_STREAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0); - if (fd == -1) { - SET_NEXT_STATE (%.DEAD); - set_error (errno, "socket"); -@@ -65,14 +66,12 @@ STATE_MACHINE { - - disable_nagle (fd); - -- if (connect (fd, (struct sockaddr *) &h->connaddr, -- h->connaddrlen) == -1) { -- if (errno != EINPROGRESS) { -- SET_NEXT_STATE (%.DEAD); -- set_error (errno, "connect"); -- return 0; -- } -- } -+ r = connect (fd, (struct sockaddr *) &h->connaddr, h->connaddrlen); -+ if (r == 0 || (r == -1 && errno == EINPROGRESS)) -+ return 0; -+ assert (r == -1); -+ SET_NEXT_STATE (%.DEAD); -+ set_error (errno, "connect"); - return 0; - - CONNECT.CONNECTING: --- -2.43.0 - diff --git a/SOURCES/0003-generator-Print-a-better-error-message-if-connect-2-.patch b/SOURCES/0003-generator-Print-a-better-error-message-if-connect-2-.patch deleted file mode 100644 index ef4ec0c..0000000 --- a/SOURCES/0003-generator-Print-a-better-error-message-if-connect-2-.patch +++ /dev/null @@ -1,48 +0,0 @@ -From f094472efcf34cea8bf1f02a1c5c9442ffc4ca53 Mon Sep 17 00:00:00 2001 -From: "Richard W.M. Jones" -Date: Thu, 4 Feb 2021 18:02:46 +0000 -Subject: [PATCH] generator: Print a better error message if connect(2) returns - EAGAIN. - -The new error message is: - -nbd_connect_unix: connect: server backlog overflowed, see https://bugzilla.redhat.com/1925045: Resource temporarily unavailable - -Fixes: https://bugzilla.redhat.com/1925045 -Thanks: Xin Long, Lukas Doktor, Eric Blake -Reviewed-by: Martin Kletzander -(cherry picked from commit 85ed74960a658a82d7b61b0be07f43d1b2dcede9) ---- - generator/states-connect.c | 16 ++++++++++++++++ - 1 file changed, 16 insertions(+) - -diff --git a/generator/states-connect.c b/generator/states-connect.c -index 03b34c7d..98c26e54 100644 ---- a/generator/states-connect.c -+++ b/generator/states-connect.c -@@ -70,6 +70,22 @@ STATE_MACHINE { - if (r == 0 || (r == -1 && errno == EINPROGRESS)) - return 0; - assert (r == -1); -+#ifdef __linux__ -+ if (errno == EAGAIN && family == AF_UNIX) { -+ /* This can happen on Linux when connecting to a Unix domain -+ * socket, if the server's backlog is full. Unfortunately there -+ * is nothing good we can do on the client side when this happens -+ * since any solution would involve sleeping or busy-waiting. The -+ * only solution is on the server side, increasing the backlog. -+ * But at least improve the error message. -+ * https://bugzilla.redhat.com/1925045 -+ */ -+ SET_NEXT_STATE (%.DEAD); -+ set_error (errno, "connect: server backlog overflowed, " -+ "see https://bugzilla.redhat.com/1925045"); -+ return 0; -+ } -+#endif - SET_NEXT_STATE (%.DEAD); - set_error (errno, "connect"); - return 0; --- -2.43.0 - diff --git a/SOURCES/0004-opt_go-Tolerate-unplanned-server-death.patch b/SOURCES/0004-opt_go-Tolerate-unplanned-server-death.patch deleted file mode 100644 index 46a5a4e..0000000 --- a/SOURCES/0004-opt_go-Tolerate-unplanned-server-death.patch +++ /dev/null @@ -1,59 +0,0 @@ -From ffe8f0a994c1f2656aa011353b386663d32db69e Mon Sep 17 00:00:00 2001 -From: Eric Blake -Date: Mon, 1 Mar 2021 15:25:31 -0600 -Subject: [PATCH] opt_go: Tolerate unplanned server death - -While debugging some experimental nbdkit code that was triggering an -assertion failure in nbdkit, I noticed a secondary failure of nbdsh -also dying from an assertion: - -libnbd: debug: nbdsh: nbd_opt_go: transition: NEWSTYLE.OPT_GO.SEND -> DEAD -libnbd: debug: nbdsh: nbd_opt_go: option queued, ignoring state machine failure -nbdsh: opt.c:86: nbd_unlocked_opt_go: Assertion `nbd_internal_is_state_negotiating (get_next_state (h))' failed. - -Although my trigger was from non-production nbdkit code, libnbd should -never die from an assertion failure merely because a server -disappeared at the wrong moment during an incomplete reply to -NBD_OPT_GO or NBD_OPT_INFO. If this is assigned a CVE, a followup -patch will add mention of it in docs/libnbd-security.pod. - -Fixes: bbf1c51392 (api: Give aio_opt_go a completion callback) -(cherry picked from commit fb4440de9cc76e9c14bd3ddf3333e78621f40ad0) ---- - lib/opt.c | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/lib/opt.c b/lib/opt.c -index 2317b72a..e5802f4d 100644 ---- a/lib/opt.c -+++ b/lib/opt.c -@@ -1,5 +1,5 @@ - /* NBD client library in userspace -- * Copyright (C) 2020 Red Hat Inc. -+ * Copyright (C) 2020-2021 Red Hat Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public -@@ -83,7 +83,8 @@ nbd_unlocked_opt_go (struct nbd_handle *h) - - r = wait_for_option (h); - if (r == 0 && err) { -- assert (nbd_internal_is_state_negotiating (get_next_state (h))); -+ assert (nbd_internal_is_state_negotiating (get_next_state (h)) || -+ nbd_internal_is_state_dead (get_next_state (h))); - set_error (err, "server replied with error to opt_go request"); - return -1; - } -@@ -105,7 +106,8 @@ nbd_unlocked_opt_info (struct nbd_handle *h) - - r = wait_for_option (h); - if (r == 0 && err) { -- assert (nbd_internal_is_state_negotiating (get_next_state (h))); -+ assert (nbd_internal_is_state_negotiating (get_next_state (h)) || -+ nbd_internal_is_state_dead (get_next_state (h))); - set_error (err, "server replied with error to opt_info request"); - return -1; - } --- -2.43.0 - diff --git a/SOURCES/0005-security-Document-assignment-of-CVE-2021-20286.patch b/SOURCES/0005-security-Document-assignment-of-CVE-2021-20286.patch deleted file mode 100644 index d9960a0..0000000 --- a/SOURCES/0005-security-Document-assignment-of-CVE-2021-20286.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 171ffdde8be590f784086a021a7e6f36c4ecdb4b Mon Sep 17 00:00:00 2001 -From: Eric Blake -Date: Fri, 12 Mar 2021 17:00:58 -0600 -Subject: [PATCH] security: Document assignment of CVE-2021-20286 - -Now that we finally have a CVE number, it's time to document -the problem (it's low severity, but still a denial of service). - -Fixes: fb4440de9cc7 (opt_go: Tolerate unplanned server death) -(cherry picked from commit 40308a005eaa6b2e8f98da8952d0c0cacc51efde) ---- - docs/libnbd-security.pod | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/docs/libnbd-security.pod b/docs/libnbd-security.pod -index d8ead875..0cae8462 100644 ---- a/docs/libnbd-security.pod -+++ b/docs/libnbd-security.pod -@@ -22,6 +22,12 @@ L - See the full announcement here: - L - -+=head2 CVE-2021-20286 -+denial of service when using L -+ -+See the full announcement here: -+L -+ - =head1 SEE ALSO - - L. -@@ -34,4 +40,4 @@ Richard W.M. Jones - - =head1 COPYRIGHT - --Copyright (C) 2019 Red Hat Inc. -+Copyright (C) 2019-2021 Red Hat Inc. --- -2.43.0 - diff --git a/SOURCES/0006-copy-Pass-in-dummy-variable-rather-than-errno-to-cal.patch b/SOURCES/0006-copy-Pass-in-dummy-variable-rather-than-errno-to-cal.patch deleted file mode 100644 index 61454d9..0000000 --- a/SOURCES/0006-copy-Pass-in-dummy-variable-rather-than-errno-to-cal.patch +++ /dev/null @@ -1,163 +0,0 @@ -From 22572f8ac13e2e8daf91d227eac2f384303fb5b4 Mon Sep 17 00:00:00 2001 -From: Eric Blake -Date: Thu, 3 Feb 2022 14:25:57 -0600 -Subject: [PATCH] copy: Pass in dummy variable rather than &errno to callback - -In several places where asynch handlers manually call the provided -nbd_completion_callback, the value of errno is indeterminate (for -example, in file-ops.c:file_asynch_read(), the previous call to -file_synch_read() already triggered exit() on error, but does not -guarantee what is left in errno on success). As the callback should -be paying attention to the value of *error (to be fixed in the next -patch), we are better off ensuring that we pass in a pointer to a -known-zero value. Besides, passing in &errno carries a risk that if -the callback uses any other library function that alters errno prior -to dereferncing *error, it will no longer see the value we passed in. -Thus, it is easier to use a dummy variable on the stack than to mess -around with errno and it's magic macro expansion into a thread-local -storage location. - -Note that several callsites then check if the callback returned -1, -and if so assume that the callback has caused errno to now have a sane -value to pass on to perror. In theory, the fact that we are no longer -passing in &errno means that if the callback assigns into *error but -did not otherwise affect errno (a tenuous assumption, given our -argument above that we could not even guarantee that the callback does -not accidentally alter errno prior to reading *error), our perror call -would no longer reflect the intended error value from the callback. -But in practice, since the callback never actually returned -1, nor -even assigned into *error, the call to perror is dead code; although I -have chosen to defer that additional cleanup to the next patch. - -Message-Id: <20220203202558.203013-5-eblake@redhat.com> -Acked-by: Richard W.M. Jones -Acked-by: Nir Soffer -Reviewed-by: Laszlo Ersek -(cherry picked from commit 794c8ce06e995ebd282e8f2b9465a06140572112) -Conflicts: - copy/file-ops.c - no backport of d5f65e56 ("copy: Do not use trim - for zeroing"), so asynch_trim needed same treatment - copy/multi-thread-copying.c - context due to missing refactoring - copy/null-ops.c - no backport of 0b16205e "copy: Implement "null:" - destination." -(cherry picked from commit 26e3dcf80815fe2db320d3046aabc2580c2f7a0d) ---- - copy/file-ops.c | 22 +++++++++++++--------- - copy/multi-thread-copying.c | 8 +++++--- - 2 files changed, 18 insertions(+), 12 deletions(-) - -diff --git a/copy/file-ops.c b/copy/file-ops.c -index 086348a2..cc312b48 100644 ---- a/copy/file-ops.c -+++ b/copy/file-ops.c -@@ -1,5 +1,5 @@ - /* NBD client library in userspace. -- * Copyright (C) 2020 Red Hat Inc. -+ * Copyright (C) 2020-2022 Red Hat Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public -@@ -158,10 +158,11 @@ file_asynch_read (struct rw *rw, - struct command *command, - nbd_completion_callback cb) - { -+ int dummy = 0; -+ - file_synch_read (rw, slice_ptr (command->slice), - command->slice.len, command->offset); -- errno = 0; -- if (cb.callback (cb.user_data, &errno) == -1) { -+ if (cb.callback (cb.user_data, &dummy) == -1) { - perror (rw->name); - exit (EXIT_FAILURE); - } -@@ -172,10 +173,11 @@ file_asynch_write (struct rw *rw, - struct command *command, - nbd_completion_callback cb) - { -+ int dummy = 0; -+ - file_synch_write (rw, slice_ptr (command->slice), - command->slice.len, command->offset); -- errno = 0; -- if (cb.callback (cb.user_data, &errno) == -1) { -+ if (cb.callback (cb.user_data, &dummy) == -1) { - perror (rw->name); - exit (EXIT_FAILURE); - } -@@ -185,10 +187,11 @@ static bool - file_asynch_trim (struct rw *rw, struct command *command, - nbd_completion_callback cb) - { -+ int dummy = 0; -+ - if (!file_synch_trim (rw, command->offset, command->slice.len)) - return false; -- errno = 0; -- if (cb.callback (cb.user_data, &errno) == -1) { -+ if (cb.callback (cb.user_data, &dummy) == -1) { - perror (rw->name); - exit (EXIT_FAILURE); - } -@@ -199,10 +202,11 @@ static bool - file_asynch_zero (struct rw *rw, struct command *command, - nbd_completion_callback cb) - { -+ int dummy = 0; -+ - if (!file_synch_zero (rw, command->offset, command->slice.len)) - return false; -- errno = 0; -- if (cb.callback (cb.user_data, &errno) == -1) { -+ if (cb.callback (cb.user_data, &dummy) == -1) { - perror (rw->name); - exit (EXIT_FAILURE); - } -diff --git a/copy/multi-thread-copying.c b/copy/multi-thread-copying.c -index a7aaa7de..2593ff76 100644 ---- a/copy/multi-thread-copying.c -+++ b/copy/multi-thread-copying.c -@@ -1,5 +1,5 @@ - /* NBD client library in userspace. -- * Copyright (C) 2020 Red Hat Inc. -+ * Copyright (C) 2020-2022 Red Hat Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public -@@ -391,6 +391,7 @@ finished_read (void *vp, int *error) - bool last_is_hole = false; - uint64_t i; - struct command *newcommand; -+ int dummy = 0; - - /* Iterate over whole blocks in the command, starting on a block - * boundary. -@@ -473,7 +474,7 @@ finished_read (void *vp, int *error) - /* Free the original command since it has been split into - * subcommands and the original is no longer needed. - */ -- free_command (command, &errno); -+ free_command (command, &dummy); - } - - return 1; /* auto-retires the command */ -@@ -498,6 +499,7 @@ static void - fill_dst_range_with_zeroes (struct command *command) - { - char *data; -+ int dummy = 0; - - if (destination_is_zero) - goto free_and_return; -@@ -541,7 +543,7 @@ fill_dst_range_with_zeroes (struct command *command) - free (data); - - free_and_return: -- free_command (command, &errno); -+ free_command (command, &dummy); - } - - static int --- -2.43.0 - diff --git a/SOURCES/0007-copy-CVE-2022-0485-Fail-nbdcopy-if-NBD-read-or-write.patch b/SOURCES/0007-copy-CVE-2022-0485-Fail-nbdcopy-if-NBD-read-or-write.patch deleted file mode 100644 index 93d414a..0000000 --- a/SOURCES/0007-copy-CVE-2022-0485-Fail-nbdcopy-if-NBD-read-or-write.patch +++ /dev/null @@ -1,318 +0,0 @@ -From 1b0b732e6a9b4979fccf6a09eb6704264edf675d Mon Sep 17 00:00:00 2001 -From: Eric Blake -Date: Thu, 3 Feb 2022 14:25:58 -0600 -Subject: [PATCH] copy: CVE-2022-0485: Fail nbdcopy if NBD read or write fails - -nbdcopy has a nasty bug when performing multi-threaded copies using -asynchronous nbd calls - it was blindly treating the completion of an -asynchronous command as successful, rather than checking the *error -parameter. This can result in the silent creation of a corrupted -image in two different ways: when a read fails, we blindly wrote -garbage to the destination; when a write fails, we did not flag that -the destination was not written. - -Since nbdcopy already calls exit() on a synchronous read or write -failure to a file, doing the same for an asynchronous op to an NBD -server is the simplest solution. A nicer solution, but more invasive -to code and thus not done here, might be to allow up to N retries of -the transaction (in case the read or write failure was transient), or -even having a mode where as much data is copied as possible (portions -of the copy that failed would be logged on stderr, and nbdcopy would -still fail with a non-zero exit status, but this would copy more than -just stopping at the first error, as can be done with rsync or -ddrescue). - -Note that since we rely on auto-retiring and do NOT call -nbd_aio_command_completed, our completion callbacks must always return -1 (if they do not exit() first), even when acting on *error, so as not -leave the command allocated until nbd_close. As such, there is no -sane way to return an error to a manual caller of the callback, and -therefore we can drop dead code that calls perror() and exit() if the -callback "failed". It is also worth documenting the contract on when -we must manually call the callback during the asynch_zero callback, so -that we do not leak or double-free the command; thankfully, all the -existing code paths were correct. - -The added testsuite script demonstrates several scenarios, some of -which fail without the rest of this patch in place, and others which -showcase ways in which sparse images can bypass errors. - -Once backports are complete, a followup patch on the main branch will -edit docs/libnbd-security.pod with the mailing list announcement of -the stable branch commit ids and release versions that incorporate -this fix. - -Reported-by: Nir Soffer -Fixes: bc896eec4d ("copy: Implement multi-conn, multiple threads, multiple requests in flight.", v1.5.6) -Fixes: https://bugzilla.redhat.com/2046194 -Message-Id: <20220203202558.203013-6-eblake@redhat.com> -Acked-by: Richard W.M. Jones -Acked-by: Nir Soffer -[eblake: fix error message per Nir, tweak requires lines in unit test per Rich] -Reviewed-by: Laszlo Ersek - -(cherry picked from commit 8d444b41d09a700c7ee6f9182a649f3f2d325abb) -Conflicts: - copy/nbdcopy.h - copyright context - copy/null-ops.c - no backport of 0b16205e "copy: Implement "null:" - destination." - copy/copy-nbd-error.sh - no backport of d5f65e56 ("copy: Do not use - trim for zeroing"), so one test needed an additional error-trim-rate; - no backport of 4ff9e62d (copy: Add --request-size option") and friends, so - this version uses larger transactions, so change error rate of 0.5 to 1; - no backport of 0b16205e "copy: Implement "null:" destination.", so use - nbdkit null instead -Note that while the use of NBD_CMD_TRIM can create data corruption, it is -not as severe as what this patch fixes, since trim corruption will only -expose what had previously been on the disk, compared to this patch fixing -a potential leak of nbdcopy heap contents into the destination. -(cherry picked from commit 6c8f2f859926b82094fb5e85c446ea099700fa10) ---- - TODO | 1 + - copy/Makefile.am | 4 +- - copy/copy-nbd-error.sh | 81 +++++++++++++++++++++++++++++++++++++ - copy/file-ops.c | 17 +++----- - copy/multi-thread-copying.c | 13 ++++++ - copy/nbdcopy.h | 7 ++-- - 6 files changed, 107 insertions(+), 16 deletions(-) - create mode 100755 copy/copy-nbd-error.sh - -diff --git a/TODO b/TODO -index 510c219a..19c21d44 100644 ---- a/TODO -+++ b/TODO -@@ -35,6 +35,7 @@ nbdcopy: - - Better page cache usage, see nbdkit-file-plugin options - fadvise=sequential cache=none. - - Consider io_uring if there are performance bottlenecks. -+ - Configurable retries in response to read or write failures. - - nbdfuse: - - If you write beyond the end of the virtual file, it returns EIO. -diff --git a/copy/Makefile.am b/copy/Makefile.am -index d318388f..3406cd85 100644 ---- a/copy/Makefile.am -+++ b/copy/Makefile.am -@@ -1,5 +1,5 @@ - # nbd client library in userspace --# Copyright (C) 2020 Red Hat Inc. -+# Copyright (C) 2020-2022 Red Hat Inc. - # - # This library is free software; you can redistribute it and/or - # modify it under the terms of the GNU Lesser General Public -@@ -30,6 +30,7 @@ EXTRA_DIST = \ - copy-nbd-to-small-nbd-error.sh \ - copy-nbd-to-sparse-file.sh \ - copy-nbd-to-stdout.sh \ -+ copy-nbd-error.sh \ - copy-progress-bar.sh \ - copy-sparse.sh \ - copy-sparse-allocated.sh \ -@@ -105,6 +106,7 @@ TESTS += \ - copy-nbd-to-sparse-file.sh \ - copy-stdin-to-nbd.sh \ - copy-nbd-to-stdout.sh \ -+ copy-nbd-error.sh \ - copy-progress-bar.sh \ - copy-sparse.sh \ - copy-sparse-allocated.sh \ -diff --git a/copy/copy-nbd-error.sh b/copy/copy-nbd-error.sh -new file mode 100755 -index 00000000..bba71db5 ---- /dev/null -+++ b/copy/copy-nbd-error.sh -@@ -0,0 +1,81 @@ -+#!/usr/bin/env bash -+# nbd client library in userspace -+# Copyright (C) 2022 Red Hat Inc. -+# -+# This library is free software; you can redistribute it and/or -+# modify it under the terms of the GNU Lesser General Public -+# License as published by the Free Software Foundation; either -+# version 2 of the License, or (at your option) any later version. -+# -+# This library is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+# Lesser General Public License for more details. -+# -+# You should have received a copy of the GNU Lesser General Public -+# License along with this library; if not, write to the Free Software -+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -+ -+# Tests several scenarios of handling NBD server errors -+# Serves as a regression test for the CVE-2022-0485 fix. -+ -+. ../tests/functions.sh -+ -+set -e -+set -x -+ -+requires nbdkit --exit-with-parent --version -+requires nbdkit --filter=noextents null --version -+requires nbdkit --filter=error pattern --version -+requires nbdkit --filter=nozero memory --version -+ -+fail=0 -+ -+# Failure to get block status should not be fatal, but merely downgrade to -+# reading the entire image as if data -+echo "Testing extents failures on source" -+$VG nbdcopy -- [ nbdkit --exit-with-parent -v --filter=error pattern 5M \ -+ error-extents-rate=1 ] [ nbdkit --exit-with-parent -v null 5M ] || fail=1 -+ -+# Failure to read should be fatal -+echo "Testing read failures on non-sparse source" -+$VG nbdcopy -- [ nbdkit --exit-with-parent -v --filter=error pattern 5M \ -+ error-pread-rate=1 ] [ nbdkit --exit-with-parent -v null 5M ] && fail=1 -+ -+# However, reliable block status on a sparse image can avoid the need to read -+echo "Testing read failures on sparse source" -+$VG nbdcopy -- [ nbdkit --exit-with-parent -v --filter=error null 5M \ -+ error-pread-rate=1 ] [ nbdkit --exit-with-parent -v null 5M ] || fail=1 -+ -+# Failure to write data should be fatal -+echo "Testing write data failures on arbitrary destination" -+$VG nbdcopy -- [ nbdkit --exit-with-parent -v pattern 5M ] \ -+ [ nbdkit --exit-with-parent -v --filter=error --filter=noextents \ -+ memory 5M error-pwrite-rate=1 ] && fail=1 -+ -+# However, writing zeroes can bypass the need for normal writes -+echo "Testing write data failures from sparse source" -+$VG nbdcopy -- [ nbdkit --exit-with-parent -v null 5M ] \ -+ [ nbdkit --exit-with-parent -v --filter=error --filter=noextents \ -+ memory 5M error-pwrite-rate=1 ] || fail=1 -+ -+# Failure to write zeroes should be fatal -+echo "Testing write zero failures on arbitrary destination" -+$VG nbdcopy -- [ nbdkit --exit-with-parent -v null 5M ] \ -+ [ nbdkit --exit-with-parent -v --filter=error memory 5M \ -+ error-trim-rate=1 error-zero-rate=1 ] && fail=1 -+ -+# However, assuming/learning destination is zero can skip need to write -+echo "Testing write failures on pre-zeroed destination" -+$VG nbdcopy --destination-is-zero -- \ -+ [ nbdkit --exit-with-parent -v null 5M ] \ -+ [ nbdkit --exit-with-parent -v --filter=error memory 5M \ -+ error-pwrite-rate=1 error-zero-rate=1 ] || fail=1 -+ -+# Likewise, when write zero is not advertised, fallback to normal write works -+echo "Testing write zeroes to destination without zero support" -+$VG nbdcopy -- [ nbdkit --exit-with-parent -v null 5M ] \ -+ [ nbdkit --exit-with-parent -v --filter=nozero --filter=error memory 5M \ -+ error-zero-rate=1 ] || fail=1 -+ -+exit $fail -diff --git a/copy/file-ops.c b/copy/file-ops.c -index cc312b48..b19af04c 100644 ---- a/copy/file-ops.c -+++ b/copy/file-ops.c -@@ -162,10 +162,8 @@ file_asynch_read (struct rw *rw, - - file_synch_read (rw, slice_ptr (command->slice), - command->slice.len, command->offset); -- if (cb.callback (cb.user_data, &dummy) == -1) { -- perror (rw->name); -- exit (EXIT_FAILURE); -- } -+ /* file_synch_read called exit() on error */ -+ cb.callback (cb.user_data, &dummy); - } - - static void -@@ -177,10 +175,8 @@ file_asynch_write (struct rw *rw, - - file_synch_write (rw, slice_ptr (command->slice), - command->slice.len, command->offset); -- if (cb.callback (cb.user_data, &dummy) == -1) { -- perror (rw->name); -- exit (EXIT_FAILURE); -- } -+ /* file_synch_write called exit() on error */ -+ cb.callback (cb.user_data, &dummy); - } - - static bool -@@ -206,10 +202,7 @@ file_asynch_zero (struct rw *rw, struct command *command, - - if (!file_synch_zero (rw, command->offset, command->slice.len)) - return false; -- if (cb.callback (cb.user_data, &dummy) == -1) { -- perror (rw->name); -- exit (EXIT_FAILURE); -- } -+ cb.callback (cb.user_data, &dummy); - return true; - } - -diff --git a/copy/multi-thread-copying.c b/copy/multi-thread-copying.c -index 2593ff76..28749ae7 100644 ---- a/copy/multi-thread-copying.c -+++ b/copy/multi-thread-copying.c -@@ -28,6 +28,7 @@ - #include - #include - #include -+#include - - #include - -@@ -374,6 +375,12 @@ finished_read (void *vp, int *error) - { - struct command *command = vp; - -+ if (*error) { -+ fprintf (stderr, "read at offset %" PRId64 " failed: %s\n", -+ command->offset, strerror (*error)); -+ exit (EXIT_FAILURE); -+ } -+ - if (allocated || sparse_size == 0) { - /* If sparseness detection (see below) is turned off then we write - * the whole command. -@@ -552,6 +559,12 @@ free_command (void *vp, int *error) - struct command *command = vp; - struct buffer *buffer = command->slice.buffer; - -+ if (*error) { -+ fprintf (stderr, "write at offset %" PRId64 " failed: %s\n", -+ command->offset, strerror (*error)); -+ exit (EXIT_FAILURE); -+ } -+ - if (buffer != NULL) { - if (--buffer->refs == 0) { - free (buffer->data); -diff --git a/copy/nbdcopy.h b/copy/nbdcopy.h -index 3dcc6dfe..9626a52c 100644 ---- a/copy/nbdcopy.h -+++ b/copy/nbdcopy.h -@@ -1,5 +1,5 @@ - /* NBD client library in userspace. -- * Copyright (C) 2020 Red Hat Inc. -+ * Copyright (C) 2020-2022 Red Hat Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public -@@ -134,7 +134,8 @@ struct rw_ops { - bool (*synch_zero) (struct rw *rw, uint64_t offset, uint64_t count); - - /* Asynchronous I/O operations. These start the operation and call -- * 'cb' on completion. -+ * 'cb' on completion. 'cb' will return 1, for auto-retiring with -+ * asynchronous libnbd calls. - * - * The file_ops versions are actually implemented synchronously, but - * still call 'cb'. -@@ -156,7 +157,7 @@ struct rw_ops { - nbd_completion_callback cb); - - /* Asynchronously zero. command->slice.buffer is not used. If not possible, -- * returns false. -+ * returns false. 'cb' must be called only if returning true. - */ - bool (*asynch_zero) (struct rw *rw, struct command *command, - nbd_completion_callback cb); --- -2.43.0 - diff --git a/SOURCES/0008-build-Move-to-minimum-gnutls-3.5.18.patch b/SOURCES/0008-build-Move-to-minimum-gnutls-3.5.18.patch deleted file mode 100644 index cb95661..0000000 --- a/SOURCES/0008-build-Move-to-minimum-gnutls-3.5.18.patch +++ /dev/null @@ -1,94 +0,0 @@ -From cd4f3bed33d5ffdba6846d270c0e11713bc1caf6 Mon Sep 17 00:00:00 2001 -From: "Richard W.M. Jones" -Date: Tue, 25 Jun 2024 10:55:54 +0100 -Subject: [PATCH] build: Move to minimum gnutls >= 3.5.18 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This version matches current qemu. - -RHEL 7 gnutls is too old (lacks gnutls_session_set_verify_cert), which -means TLS will be disabled on this platform. RHEL 8 has gnutls 3.6.14. - -I also unconditionally enabled the gnutls/socket.h header. This -header was added in 2016 (gnutls 3.5.3), so it's not present in RHEL 7. - -On RHEL 7 the configure-time test now prints: - - checking for GNUTLS... no - configure: WARNING: gnutls not found or < 3.5.18, TLS support will be disabled. - ... - Optional library features: - TLS support ............................ no - -Reviewed-by: Daniel P. Berrangé -(cherry picked from commit 5ff09cdbbd19226dd2d5015d76134f88dee9321e) -(cherry picked from commit cb6df4f81a97d5d58385d89b0135039f1eddee15) ---- - configure.ac | 12 +++--------- - lib/crypto.c | 5 +---- - 2 files changed, 4 insertions(+), 13 deletions(-) - -diff --git a/configure.ac b/configure.ac -index da3dc38a..29e3b47a 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -94,12 +94,13 @@ AC_ARG_WITH([gnutls], - [], - [with_gnutls=check]) - AS_IF([test "$with_gnutls" != "no"],[ -- PKG_CHECK_MODULES([GNUTLS], [gnutls >= 3.3.0], [ -+ PKG_CHECK_MODULES([GNUTLS], [gnutls >= 3.5.18], [ -+ printf "gnutls version is "; $PKG_CONFIG --modversion gnutls - AC_SUBST([GNUTLS_CFLAGS]) - AC_SUBST([GNUTLS_LIBS]) - AC_DEFINE([HAVE_GNUTLS],[1],[gnutls found at compile time.]) - ], [ -- AC_MSG_WARN([gnutls not found or < 3.3.0, TLS support will be disabled.]) -+ AC_MSG_WARN([gnutls not found or < 3.5.18, TLS support will be disabled.]) - ]) - ]) - AM_CONDITIONAL([HAVE_GNUTLS], [test "x$GNUTLS_LIBS" != "x"]) -@@ -114,13 +115,6 @@ AS_IF([test "$GNUTLS_LIBS" != ""],[ - AC_MSG_RESULT([$tls_priority]) - AC_DEFINE_UNQUOTED([TLS_PRIORITY],["$tls_priority"], - [Default TLS session priority string]) -- -- # Check for APIs which may not be present. -- old_LIBS="$LIBS" -- LIBS="$GNUTLS_LIBS $LIBS" -- AC_CHECK_FUNCS([\ -- gnutls_session_set_verify_cert]) -- LIBS="$old_LIBS" - ]) - - dnl certtool (part of GnuTLS) for testing TLS with certificates. -diff --git a/lib/crypto.c b/lib/crypto.c -index a9b3789c..705e114a 100644 ---- a/lib/crypto.c -+++ b/lib/crypto.c -@@ -28,6 +28,7 @@ - - #ifdef HAVE_GNUTLS - #include -+#include - #endif - - #include "internal.h" -@@ -512,12 +513,8 @@ set_up_certificate_credentials (struct nbd_handle *h, - return NULL; - - found_certificates: --#ifdef HAVE_GNUTLS_SESSION_SET_VERIFY_CERT - if (h->hostname && h->tls_verify_peer) - gnutls_session_set_verify_cert (session, h->hostname, 0); --#else -- debug (h, "ignoring nbd_set_tls_verify_peer, this requires GnuTLS >= 3.4.6"); --#endif - - err = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, ret); - if (err < 0) { --- -2.43.0 - diff --git a/SOURCES/0009-tests-Factor-out-some-common-Makefile-flags.patch b/SOURCES/0009-tests-Factor-out-some-common-Makefile-flags.patch deleted file mode 100644 index baf36e4..0000000 --- a/SOURCES/0009-tests-Factor-out-some-common-Makefile-flags.patch +++ /dev/null @@ -1,727 +0,0 @@ -From a852cec30a6540b5c1ea2947195454eef6269944 Mon Sep 17 00:00:00 2001 -From: "Richard W.M. Jones" -Date: Fri, 27 Aug 2021 15:12:12 +0100 -Subject: [PATCH] tests: Factor out some common Makefile flags - -We can use AM_CPPFLAGS, AM_CFLAGS etc to factor out some common flags -in the tests. Note the rules here are complicated, see: - -https://www.gnu.org/software/automake/manual/html_node/Flag-Variables-Ordering.html - -and for unclear reasons there is no AM_LDADD nor any workaround: - -https://stackoverflow.com/questions/29252969/automake-am-ldadd-workaround - -This commit is mostly pure refactoring but it also tries to make the -flags usage more consistent across tests so it may have side-effects -like enabling more warnings. - -(cherry picked from commit 5fd648f821e9ab3ee08bf360348d1fb01537a267) -(cherry picked from commit 6cb1f74b09beca1ddaef794136f221bfb7bb4faa) ---- - interop/Makefile.am | 57 ++++++------- - tests/Makefile.am | 190 ++++++++++++++++++-------------------------- - 2 files changed, 104 insertions(+), 143 deletions(-) - -diff --git a/interop/Makefile.am b/interop/Makefile.am -index 9787c26e..9432ad43 100644 ---- a/interop/Makefile.am -+++ b/interop/Makefile.am -@@ -28,6 +28,16 @@ LOG_COMPILER = $(top_builddir)/run - check_PROGRAMS = - TESTS = - -+# Common flags. -+# Note there is no such thing as "AM_LDADD". -+AM_CPPFLAGS = \ -+ -I$(top_srcdir)/include \ -+ -I$(top_srcdir)/tests \ -+ $(NULL) -+AM_CFLAGS = \ -+ $(WARNINGS_CFLAGS) \ -+ $(NULL) -+ - if HAVE_NBD_SERVER - - check_PROGRAMS += \ -@@ -41,22 +51,20 @@ TESTS += \ - - interop_nbd_server_SOURCES = interop.c - interop_nbd_server_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSERVER=\"$(NBD_SERVER)\" \ - -DSERVER_PARAMS='"-d", "-C", "/dev/null", "0", tmpfile' \ - -DEXPORT_NAME='""' --interop_nbd_server_CFLAGS = $(WARNINGS_CFLAGS) - interop_nbd_server_LDADD = $(top_builddir)/lib/libnbd.la - - list_exports_nbd_server_SOURCES = list-exports.c - list_exports_nbd_server_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSERVER=\"$(NBD_SERVER)\" \ - -DSERVER_PARAMS='"-C", "$(srcdir)/list-exports-nbd-config", "-d", "0"' \ - -DEXPORTS='"disk1", "disk2"' \ - -DDESCRIPTIONS='"", ""' \ - $(NULL) --list_exports_nbd_server_CFLAGS = $(WARNINGS_CFLAGS) - list_exports_nbd_server_LDADD = $(top_builddir)/lib/libnbd.la - - endif HAVE_NBD_SERVER -@@ -104,19 +112,18 @@ endif - - interop_qemu_nbd_SOURCES = interop.c - interop_qemu_nbd_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSOCKET_ACTIVATION=1 \ - -DSERVER=\"$(QEMU_NBD)\" \ - -DSERVER_PARAMS='"-f", "raw", "-x", "/", tmpfile' \ - -DEXPORT_NAME='"/"' \ - $(NULL) --interop_qemu_nbd_CFLAGS = $(WARNINGS_CFLAGS) - interop_qemu_nbd_LDADD = $(top_builddir)/lib/libnbd.la - - # qemu-nbd requires absolute path to dir - interop_qemu_nbd_tls_certs_SOURCES = interop.c - interop_qemu_nbd_tls_certs_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSOCKET_ACTIVATION=1 \ - -DSERVER=\"$(QEMU_NBD)\" \ - -DSERVER_PARAMS='"--object", "tls-creds-x509,id=tls0,endpoint=server,dir=$(abs_top_builddir)/tests/pki", "--tls-creds", "tls0", "-f", "raw", "-x", "/", tmpfile' \ -@@ -124,13 +131,12 @@ interop_qemu_nbd_tls_certs_CPPFLAGS = \ - -DCERTS=1 \ - -DTLS_MODE=LIBNBD_TLS_REQUIRE \ - $(NULL) --interop_qemu_nbd_tls_certs_CFLAGS = $(WARNINGS_CFLAGS) - interop_qemu_nbd_tls_certs_LDADD = $(top_builddir)/lib/libnbd.la - - # qemu-nbd requires absolute path to dir - interop_qemu_nbd_tls_psk_SOURCES = interop.c - interop_qemu_nbd_tls_psk_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSOCKET_ACTIVATION=1 \ - -DSERVER=\"$(QEMU_NBD)\" \ - -DSERVER_PARAMS='"--object", "tls-creds-psk,id=tls0,endpoint=server,dir=$(abs_top_builddir)/tests", "--tls-creds", "tls0", "-f", "raw", "-x", "/", tmpfile' \ -@@ -138,7 +144,6 @@ interop_qemu_nbd_tls_psk_CPPFLAGS = \ - -DPSK=1 \ - -DTLS_MODE=LIBNBD_TLS_REQUIRE \ - $(NULL) --interop_qemu_nbd_tls_psk_CFLAGS = $(WARNINGS_CFLAGS) - interop_qemu_nbd_tls_psk_LDADD = $(top_builddir)/lib/libnbd.la - - dirty_bitmap_SOURCES = dirty-bitmap.c -@@ -148,28 +153,24 @@ dirty_bitmap_LDADD = $(top_builddir)/lib/libnbd.la - - list_exports_qemu_nbd_SOURCES = list-exports.c - list_exports_qemu_nbd_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSOCKET_ACTIVATION=1 \ - -DSERVER=\"$(QEMU_NBD)\" \ - -DSERVER_PARAMS='"-f", "raw", "-x", "testing", "-D", "data", tmpfile' \ - -DEXPORTS='"testing"' \ - -DDESCRIPTIONS='"data"' \ - $(NULL) --list_exports_qemu_nbd_CFLAGS = $(WARNINGS_CFLAGS) - list_exports_qemu_nbd_LDADD = $(top_builddir)/lib/libnbd.la - - socket_activation_qemu_nbd_SOURCES = socket-activation.c - socket_activation_qemu_nbd_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSERVER=\"$(QEMU_NBD)\" \ - -DSERVER_PARAMS='"-f", "raw", "-x", "", tmpfile' \ - $(NULL) --socket_activation_qemu_nbd_CFLAGS = $(WARNINGS_CFLAGS) - socket_activation_qemu_nbd_LDADD = $(top_builddir)/lib/libnbd.la - - structured_read_SOURCES = structured-read.c --structured_read_CPPFLAGS = -I$(top_srcdir)/include --structured_read_CFLAGS = $(WARNINGS_CFLAGS) - structured_read_LDADD = $(top_builddir)/lib/libnbd.la - - endif HAVE_QEMU_NBD -@@ -215,88 +216,80 @@ endif - - interop_nbdkit_SOURCES = interop.c - interop_nbdkit_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSERVER=\"$(NBDKIT)\" \ - -DSERVER_PARAMS='"-s", "--exit-with-parent", "file", tmpfile' \ - $(NULL) --interop_nbdkit_CFLAGS = $(WARNINGS_CFLAGS) - interop_nbdkit_LDADD = $(top_builddir)/lib/libnbd.la - - interop_nbdkit_tls_certs_SOURCES = interop.c - interop_nbdkit_tls_certs_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSERVER=\"$(NBDKIT)\" \ - -DSERVER_PARAMS='"--tls=require", "--tls-certificates=../tests/pki", "-s", "--exit-with-parent", "file", tmpfile' \ - -DCERTS=1 \ - -DTLS_MODE=LIBNBD_TLS_REQUIRE \ - $(NULL) --interop_nbdkit_tls_certs_CFLAGS = $(WARNINGS_CFLAGS) - interop_nbdkit_tls_certs_LDADD = $(top_builddir)/lib/libnbd.la - - interop_nbdkit_tls_certs_allow_enabled_SOURCES = interop.c - interop_nbdkit_tls_certs_allow_enabled_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSERVER=\"$(NBDKIT)\" \ - -DSERVER_PARAMS='"--tls=require", "--tls-certificates=../tests/pki", "-s", "--exit-with-parent", "file", tmpfile' \ - -DCERTS=1 \ - -DTLS_MODE=LIBNBD_TLS_ALLOW \ - $(NULL) --interop_nbdkit_tls_certs_allow_enabled_CFLAGS = $(WARNINGS_CFLAGS) - interop_nbdkit_tls_certs_allow_enabled_LDADD = $(top_builddir)/lib/libnbd.la - - interop_nbdkit_tls_certs_allow_fallback_SOURCES = interop.c - interop_nbdkit_tls_certs_allow_fallback_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSERVER=\"$(NBDKIT)\" \ - -DSERVER_PARAMS='"--tls=off", "-s", "--exit-with-parent", "file", tmpfile' \ - -DCERTS=1 \ - -DTLS_MODE=LIBNBD_TLS_ALLOW \ - -DTLS_FALLBACK=1 \ - $(NULL) --interop_nbdkit_tls_certs_allow_fallback_CFLAGS = $(WARNINGS_CFLAGS) - interop_nbdkit_tls_certs_allow_fallback_LDADD = $(top_builddir)/lib/libnbd.la - - interop_nbdkit_tls_psk_SOURCES = interop.c - interop_nbdkit_tls_psk_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSERVER=\"$(NBDKIT)\" \ - -DSERVER_PARAMS='"--tls=require", "--tls-psk=../tests/keys.psk", "-s", "--exit-with-parent", "file", tmpfile' \ - -DPSK=1 \ - -DTLS_MODE=LIBNBD_TLS_REQUIRE \ - $(NULL) --interop_nbdkit_tls_psk_CFLAGS = $(WARNINGS_CFLAGS) - interop_nbdkit_tls_psk_LDADD = $(top_builddir)/lib/libnbd.la - - interop_nbdkit_tls_psk_allow_enabled_SOURCES = interop.c - interop_nbdkit_tls_psk_allow_enabled_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSERVER=\"$(NBDKIT)\" \ - -DSERVER_PARAMS='"--tls=require", "--tls-psk=../tests/keys.psk", "-s", "--exit-with-parent", "file", tmpfile' \ - -DPSK=1 \ - -DTLS_MODE=LIBNBD_TLS_ALLOW \ - $(NULL) --interop_nbdkit_tls_psk_allow_enabled_CFLAGS = $(WARNINGS_CFLAGS) - interop_nbdkit_tls_psk_allow_enabled_LDADD = $(top_builddir)/lib/libnbd.la - - interop_nbdkit_tls_psk_allow_fallback_SOURCES = interop.c - interop_nbdkit_tls_psk_allow_fallback_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSERVER=\"$(NBDKIT)\" \ - -DSERVER_PARAMS='"--tls=off", "-s", "--exit-with-parent", "file", tmpfile' \ - -DPSK=1 \ - -DTLS_MODE=LIBNBD_TLS_ALLOW \ - -DTLS_FALLBACK=1 \ - $(NULL) --interop_nbdkit_tls_psk_allow_fallback_CFLAGS = $(WARNINGS_CFLAGS) - interop_nbdkit_tls_psk_allow_fallback_LDADD = $(top_builddir)/lib/libnbd.la - - socket_activation_nbdkit_SOURCES = socket-activation.c - socket_activation_nbdkit_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSERVER=\"$(NBDKIT)\" \ - -DSERVER_PARAMS='"file", tmpfile' \ - $(NULL) --socket_activation_nbdkit_CFLAGS = $(WARNINGS_CFLAGS) - socket_activation_nbdkit_LDADD = $(top_builddir)/lib/libnbd.la - - endif HAVE_NBDKIT -diff --git a/tests/Makefile.am b/tests/Makefile.am -index 64320cad..436e1c10 100644 ---- a/tests/Makefile.am -+++ b/tests/Makefile.am -@@ -52,6 +52,18 @@ TESTS_ENVIRONMENT = srcdir=$(srcdir) LIBNBD_DEBUG=1 - # Use the ./run script so we're always using the local library and tools. - LOG_COMPILER = $(top_builddir)/run - -+# Common flags. -+# Note there is no such thing as "AM_LDADD". -+AM_CPPFLAGS = \ -+ -I$(top_srcdir)/include \ -+ $(NULL) -+AM_CFLAGS = \ -+ $(WARNINGS_CFLAGS) \ -+ $(NULL) -+AM_CXXFLAGS = \ -+ $(WARNINGS_CFLAGS) \ -+ $(NULL) -+ - #---------------------------------------------------------------------- - # The following tests do not need an NBD server. - -@@ -81,45 +93,30 @@ TESTS += \ - .PHONY: compile - - compile_header_only_SOURCES = compile-header-only.c --compile_header_only_CPPFLAGS = -I$(top_srcdir)/include --compile_header_only_CFLAGS = $(WARNINGS_CFLAGS) - compile_header_only_LDADD = $(top_builddir)/lib/libnbd.la - - compile_c_SOURCES = compile.c --compile_c_CPPFLAGS = -I$(top_srcdir)/include --compile_c_CFLAGS = $(WARNINGS_CFLAGS) - compile_c_LDADD = $(top_builddir)/lib/libnbd.la - - compile_ansi_c_SOURCES = compile-ansi-c.c - compile_ansi_c_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -std=c90 -pedantic --compile_ansi_c_CFLAGS = $(WARNINGS_CFLAGS) - compile_ansi_c_LDADD = $(top_builddir)/lib/libnbd.la - - close_null_SOURCES = close-null.c --close_null_CPPFLAGS = -I$(top_srcdir)/include --close_null_CFLAGS = $(WARNINGS_CFLAGS) - close_null_LDADD = $(top_builddir)/lib/libnbd.la - - debug_SOURCES = debug.c --debug_CPPFLAGS = -I$(top_srcdir)/include --debug_CFLAGS = $(WARNINGS_CFLAGS) - debug_LDADD = $(top_builddir)/lib/libnbd.la - - debug_environment_SOURCES = debug-environment.c --debug_environment_CPPFLAGS = -I$(top_srcdir)/include --debug_environment_CFLAGS = $(WARNINGS_CFLAGS) - debug_environment_LDADD = $(top_builddir)/lib/libnbd.la - - version_SOURCES = version.c --version_CPPFLAGS = -I$(top_srcdir)/include --version_CFLAGS = $(WARNINGS_CFLAGS) - version_LDADD = $(top_builddir)/lib/libnbd.la - - export_name_SOURCES = export-name.c --export_name_CPPFLAGS = -I$(top_srcdir)/include --export_name_CFLAGS = $(WARNINGS_CFLAGS) - export_name_LDADD = $(top_builddir)/lib/libnbd.la - - if HAVE_CXX -@@ -128,8 +125,6 @@ check_PROGRAMS += compile-cxx - TESTS += compile-cxx - - compile_cxx_SOURCES = compile-cxx.cpp --compile_cxx_CPPFLAGS = -I$(top_srcdir)/include --compile_cxx_CXXFLAGS = $(WARNINGS_CFLAGS) - compile_cxx_LDADD = $(top_builddir)/lib/libnbd.la - - endif HAVE_CXX -@@ -220,243 +215,208 @@ TESTS += \ - $(NULL) - - errors_SOURCES = errors.c --errors_CPPFLAGS = -I$(top_srcdir)/include --errors_CFLAGS = $(WARNINGS_CFLAGS) - errors_LDADD = $(top_builddir)/lib/libnbd.la - - server_death_SOURCES = server-death.c --server_death_CPPFLAGS = -I$(top_srcdir)/include --server_death_CFLAGS = $(WARNINGS_CFLAGS) - server_death_LDADD = $(top_builddir)/lib/libnbd.la - - shutdown_flags_SOURCES = shutdown-flags.c --shutdown_flags_CPPFLAGS = -I$(top_srcdir)/include --shutdown_flags_CFLAGS = $(WARNINGS_CFLAGS) - shutdown_flags_LDADD = $(top_builddir)/lib/libnbd.la - - get_size_SOURCES = get-size.c --get_size_CPPFLAGS = -I$(top_srcdir)/include --get_size_CFLAGS = $(WARNINGS_CFLAGS) - get_size_LDADD = $(top_builddir)/lib/libnbd.la - - read_only_flag_SOURCES = read-only-flag.c --read_only_flag_CPPFLAGS = -I$(top_srcdir)/include --read_only_flag_CFLAGS = $(WARNINGS_CFLAGS) - read_only_flag_LDADD = $(top_builddir)/lib/libnbd.la - - read_write_flag_SOURCES = read-write-flag.c --read_write_flag_CPPFLAGS = -I$(top_srcdir)/include --read_write_flag_CFLAGS = $(WARNINGS_CFLAGS) - read_write_flag_LDADD = $(top_builddir)/lib/libnbd.la - - can_flush_flag_SOURCES = eflags.c - can_flush_flag_CPPFLAGS = \ -- -I$(top_srcdir)/include -Dflag=can_flush \ -+ $(AM_CPPFLAGS) \ -+ -Dflag=can_flush \ - $(NULL) --can_flush_flag_CFLAGS = $(WARNINGS_CFLAGS) - can_flush_flag_LDADD = $(top_builddir)/lib/libnbd.la - - can_not_flush_flag_SOURCES = eflags.c - can_not_flush_flag_CPPFLAGS = \ -- -I$(top_srcdir)/include -Dflag=can_flush -Dvalue=false \ -+ $(AM_CPPFLAGS) \ -+ -Dflag=can_flush -Dvalue=false \ - $(NULL) --can_not_flush_flag_CFLAGS = $(WARNINGS_CFLAGS) - can_not_flush_flag_LDADD = $(top_builddir)/lib/libnbd.la - - can_fua_flag_SOURCES = eflags.c - can_fua_flag_CPPFLAGS = \ -- -I$(top_srcdir)/include -Dflag=can_fua -Dvalue=native \ -+ $(AM_CPPFLAGS) \ -+ -Dflag=can_fua -Dvalue=native \ - $(NULL) --can_fua_flag_CFLAGS = $(WARNINGS_CFLAGS) - can_fua_flag_LDADD = $(top_builddir)/lib/libnbd.la - - can_not_fua_flag_SOURCES = eflags.c - can_not_fua_flag_CPPFLAGS = \ -- -I$(top_srcdir)/include -Dflag=can_fua -Dvalue=none \ -+ $(AM_CPPFLAGS) \ -+ -Dflag=can_fua -Dvalue=none \ - $(NULL) --can_not_fua_flag_CFLAGS = $(WARNINGS_CFLAGS) - can_not_fua_flag_LDADD = $(top_builddir)/lib/libnbd.la - - is_rotational_flag_SOURCES = eflags.c - is_rotational_flag_CPPFLAGS = \ -- -I$(top_srcdir)/include -Dflag=is_rotational \ -+ $(AM_CPPFLAGS) \ -+ -Dflag=is_rotational \ - $(NULL) --is_rotational_flag_CFLAGS = $(WARNINGS_CFLAGS) - is_rotational_flag_LDADD = $(top_builddir)/lib/libnbd.la - - is_not_rotational_flag_SOURCES = eflags.c - is_not_rotational_flag_CPPFLAGS = \ -- -I$(top_srcdir)/include -Dflag=is_rotational -Dvalue=false \ -+ $(AM_CPPFLAGS) \ -+ -Dflag=is_rotational -Dvalue=false \ - $(NULL) --is_not_rotational_flag_CFLAGS = $(WARNINGS_CFLAGS) - is_not_rotational_flag_LDADD = $(top_builddir)/lib/libnbd.la - - can_trim_flag_SOURCES = eflags.c - can_trim_flag_CPPFLAGS = \ -- -I$(top_srcdir)/include -Dflag=can_trim \ -+ $(AM_CPPFLAGS) \ -+ -Dflag=can_trim \ - $(NULL) --can_trim_flag_CFLAGS = $(WARNINGS_CFLAGS) - can_trim_flag_LDADD = $(top_builddir)/lib/libnbd.la - - can_not_trim_flag_SOURCES = eflags.c - can_not_trim_flag_CPPFLAGS = \ -- -I$(top_srcdir)/include -Dflag=can_trim -Dvalue=false \ -+ $(AM_CPPFLAGS) \ -+ -Dflag=can_trim -Dvalue=false \ - $(NULL) --can_not_trim_flag_CFLAGS = $(WARNINGS_CFLAGS) - can_not_trim_flag_LDADD = $(top_builddir)/lib/libnbd.la - - can_zero_flag_SOURCES = eflags.c - can_zero_flag_CPPFLAGS = \ -- -I$(top_srcdir)/include -Dflag=can_zero \ -+ $(AM_CPPFLAGS) \ -+ -Dflag=can_zero \ - $(NULL) --can_zero_flag_CFLAGS = $(WARNINGS_CFLAGS) - can_zero_flag_LDADD = $(top_builddir)/lib/libnbd.la - - can_not_zero_flag_SOURCES = eflags.c - can_not_zero_flag_CPPFLAGS = \ -- -I$(top_srcdir)/include -Dflag=can_zero -Dvalue=false \ -+ $(AM_CPPFLAGS) \ -+ -Dflag=can_zero -Dvalue=false \ - -Dfilter='"--filter=nozero"' \ - $(NULL) --can_not_zero_flag_CFLAGS = $(WARNINGS_CFLAGS) - can_not_zero_flag_LDADD = $(top_builddir)/lib/libnbd.la - - can_fast_zero_flag_SOURCES = eflags.c - can_fast_zero_flag_CPPFLAGS = \ -+ $(AM_CPPFLAGS) \ - -I$(top_srcdir)/include -Dflag=can_fast_zero \ - -Drequire='"has_can_fast_zero=1"' \ - $(NULL) --can_fast_zero_flag_CFLAGS = $(WARNINGS_CFLAGS) - can_fast_zero_flag_LDADD = $(top_builddir)/lib/libnbd.la - - can_not_fast_zero_flag_SOURCES = eflags.c - can_not_fast_zero_flag_CPPFLAGS = \ -+ $(AM_CPPFLAGS) \ - -I$(top_srcdir)/include -Dflag=can_fast_zero -Dvalue=false \ - -Drequire='"has_can_fast_zero=1"' \ - $(NULL) --can_not_fast_zero_flag_CFLAGS = $(WARNINGS_CFLAGS) - can_not_fast_zero_flag_LDADD = $(top_builddir)/lib/libnbd.la - - can_df_flag_SOURCES = eflags.c - can_df_flag_CPPFLAGS = \ -- -I$(top_srcdir)/include -Dflag=can_df \ -+ $(AM_CPPFLAGS) \ -+ -Dflag=can_df \ - $(NULL) --can_df_flag_CFLAGS = $(WARNINGS_CFLAGS) - can_df_flag_LDADD = $(top_builddir)/lib/libnbd.la - - can_not_df_flag_SOURCES = eflags.c - can_not_df_flag_CPPFLAGS = \ -- -I$(top_srcdir)/include -Dflag=can_df -Dvalue=false -Dno_sr \ -+ $(AM_CPPFLAGS) \ -+ -Dflag=can_df -Dvalue=false -Dno_sr \ - $(NULL) --can_not_df_flag_CFLAGS = $(WARNINGS_CFLAGS) - can_not_df_flag_LDADD = $(top_builddir)/lib/libnbd.la - - can_multi_conn_flag_SOURCES = eflags.c - can_multi_conn_flag_CPPFLAGS = \ -- -I$(top_srcdir)/include -Dflag=can_multi_conn \ -+ $(AM_CPPFLAGS) \ -+ -Dflag=can_multi_conn \ - $(NULL) --can_multi_conn_flag_CFLAGS = $(WARNINGS_CFLAGS) - can_multi_conn_flag_LDADD = $(top_builddir)/lib/libnbd.la - - can_not_multi_conn_flag_SOURCES = eflags.c - can_not_multi_conn_flag_CPPFLAGS = \ -- -I$(top_srcdir)/include -Dflag=can_multi_conn -Dvalue=false \ -+ $(AM_CPPFLAGS) \ -+ -Dflag=can_multi_conn -Dvalue=false \ - $(NULL) --can_not_multi_conn_flag_CFLAGS = $(WARNINGS_CFLAGS) - can_not_multi_conn_flag_LDADD = $(top_builddir)/lib/libnbd.la - - can_cache_flag_SOURCES = eflags.c - can_cache_flag_CPPFLAGS = \ -+ $(AM_CPPFLAGS) \ - -I$(top_srcdir)/include -Dflag=can_cache -Dvalue=native \ - -Drequire='"has_can_cache=1"' \ - $(NULL) --can_cache_flag_CFLAGS = $(WARNINGS_CFLAGS) - can_cache_flag_LDADD = $(top_builddir)/lib/libnbd.la - - can_not_cache_flag_SOURCES = eflags.c - can_not_cache_flag_CPPFLAGS = \ -+ $(AM_CPPFLAGS) \ - -I$(top_srcdir)/include -Dflag=can_cache -Dvalue=none \ - -Drequire='"has_can_cache=1"' \ - $(NULL) --can_not_cache_flag_CFLAGS = $(WARNINGS_CFLAGS) - can_not_cache_flag_LDADD = $(top_builddir)/lib/libnbd.la - - oldstyle_SOURCES = oldstyle.c --oldstyle_CPPFLAGS = -I$(top_srcdir)/include --oldstyle_CFLAGS = $(WARNINGS_CFLAGS) - oldstyle_LDADD = $(top_builddir)/lib/libnbd.la - - newstyle_limited_SOURCES = newstyle-limited.c --newstyle_limited_CPPFLAGS = -I$(top_srcdir)/include --newstyle_limited_CFLAGS = $(WARNINGS_CFLAGS) - newstyle_limited_LDADD = $(top_builddir)/lib/libnbd.la - - opt_abort_SOURCES = opt-abort.c --opt_abort_CPPFLAGS = -I$(top_srcdir)/include --opt_abort_CFLAGS = $(WARNINGS_CFLAGS) - opt_abort_LDADD = $(top_builddir)/lib/libnbd.la - - opt_list_SOURCES = opt-list.c - opt_list_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSCRIPT='"$(abs_srcdir)/opt-list.sh"' \ - $(NULL) --opt_list_CFLAGS = $(WARNINGS_CFLAGS) - opt_list_LDADD = $(top_builddir)/lib/libnbd.la - - opt_info_SOURCES = opt-info.c - opt_info_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSCRIPT='"$(abs_srcdir)/opt-info.sh"' \ - $(NULL) --opt_info_CFLAGS = $(WARNINGS_CFLAGS) - opt_info_LDADD = $(top_builddir)/lib/libnbd.la - - opt_list_meta_SOURCES = opt-list-meta.c --opt_list_meta_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -- $(NULL) --opt_list_meta_CFLAGS = $(WARNINGS_CFLAGS) - opt_list_meta_LDADD = $(top_builddir)/lib/libnbd.la - - connect_unix_SOURCES = connect-unix.c --connect_unix_CPPFLAGS = -I$(top_srcdir)/include --connect_unix_CFLAGS = $(WARNINGS_CFLAGS) - connect_unix_LDADD = $(top_builddir)/lib/libnbd.la - - connect_tcp_SOURCES = connect-tcp.c --connect_tcp_CPPFLAGS = -I$(top_srcdir)/include --connect_tcp_CFLAGS = $(WARNINGS_CFLAGS) - connect_tcp_LDADD = $(top_builddir)/lib/libnbd.la - - aio_parallel_SOURCES = aio-parallel.c - aio_parallel_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -I$(top_srcdir)/common/include \ - $(NULL) --aio_parallel_CFLAGS = $(WARNINGS_CFLAGS) $(PTHREAD_CFLAGS) - aio_parallel_LDADD = $(top_builddir)/lib/libnbd.la $(PTHREAD_LIBS) - - aio_parallel_load_SOURCES = aio-parallel-load.c --aio_parallel_load_CPPFLAGS = -I$(top_srcdir)/include --aio_parallel_load_CFLAGS = $(WARNINGS_CFLAGS) $(PTHREAD_CFLAGS) - aio_parallel_load_LDADD = $(top_builddir)/lib/libnbd.la $(PTHREAD_LIBS) - - synch_parallel_SOURCES = synch-parallel.c - synch_parallel_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -I$(top_srcdir)/common/include \ - $(NULL) --synch_parallel_CFLAGS = $(WARNINGS_CFLAGS) $(PTHREAD_CFLAGS) -+synch_parallel_CFLAGS = $(AM_CFLAGS) $(PTHREAD_CFLAGS) - synch_parallel_LDADD = $(top_builddir)/lib/libnbd.la $(PTHREAD_LIBS) - - meta_base_allocation_SOURCES = meta-base-allocation.c --meta_base_allocation_CPPFLAGS = -I$(top_srcdir)/include --meta_base_allocation_CFLAGS = $(WARNINGS_CFLAGS) - meta_base_allocation_LDADD = $(top_builddir)/lib/libnbd.la - - closure_lifetimes_SOURCES = closure-lifetimes.c --closure_lifetimes_CPPFLAGS = -I$(top_srcdir)/include --closure_lifetimes_CFLAGS = $(WARNINGS_CFLAGS) - closure_lifetimes_LDADD = $(top_builddir)/lib/libnbd.la - - #---------------------------------------------------------------------- -@@ -470,8 +430,10 @@ check_DATA += pki/stamp-pki - TESTS += connect-tls-certs - - connect_tls_certs_SOURCES = connect-tls.c --connect_tls_certs_CPPFLAGS = -I$(top_srcdir)/include -DCERTS=1 --connect_tls_certs_CFLAGS = $(WARNINGS_CFLAGS) -+connect_tls_certs_CPPFLAGS = \ -+ $(AM_CPPFLAGS) \ -+ -DCERTS=1 \ -+ $(NULL) - connect_tls_certs_LDADD = $(top_builddir)/lib/libnbd.la - - pki/stamp-pki: $(srcdir)/make-pki.sh -@@ -499,31 +461,36 @@ TESTS += \ - check_DATA += keys.psk - - connect_tls_psk_SOURCES = connect-tls.c --connect_tls_psk_CPPFLAGS = -I$(top_srcdir)/include -DPSK=1 --connect_tls_psk_CFLAGS = $(WARNINGS_CFLAGS) -+connect_tls_psk_CPPFLAGS = \ -+ $(AM_CPPFLAGS) \ -+ -DPSK=1 \ -+ $(NULL) - connect_tls_psk_LDADD = $(top_builddir)/lib/libnbd.la - - aio_parallel_tls_SOURCES = aio-parallel.c - aio_parallel_tls_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -I$(top_srcdir)/common/include \ - -DTLS=1 \ - $(NULL) --aio_parallel_tls_CFLAGS = $(WARNINGS_CFLAGS) $(PTHREAD_CFLAGS) -+aio_parallel_tls_CFLAGS = $(AM_CFLAGS) $(PTHREAD_CFLAGS) - aio_parallel_tls_LDADD = $(top_builddir)/lib/libnbd.la $(PTHREAD_LIBS) - - aio_parallel_load_tls_SOURCES = aio-parallel-load.c --aio_parallel_load_tls_CPPFLAGS = -I$(top_srcdir)/include -DTLS=1 --aio_parallel_load_tls_CFLAGS = $(WARNINGS_CFLAGS) $(PTHREAD_CFLAGS) -+aio_parallel_load_tls_CPPFLAGS = \ -+ $(AM_CPPFLAGS) \ -+ -DTLS=1 \ -+ $(NULL) -+aio_parallel_load_tls_CFLAGS = $(AM_CFLAGS) $(PTHREAD_CFLAGS) - aio_parallel_load_tls_LDADD = $(top_builddir)/lib/libnbd.la $(PTHREAD_LIBS) - - synch_parallel_tls_SOURCES = synch-parallel.c - synch_parallel_tls_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -I$(top_srcdir)/common/include \ - -DTLS=1 \ - $(NULL) --synch_parallel_tls_CFLAGS = $(WARNINGS_CFLAGS) $(PTHREAD_CFLAGS) -+synch_parallel_tls_CFLAGS = $(AM_CFLAGS) $(PTHREAD_CFLAGS) - synch_parallel_tls_LDADD = $(top_builddir)/lib/libnbd.la $(PTHREAD_LIBS) - - keys.psk: -@@ -550,18 +517,19 @@ TESTS += \ - RANDOM1 := $(shell bash -c "echo $$(( 32768 + (RANDOM & 16383) ))") - connect_uri_nbd_SOURCES = connect-uri.c - connect_uri_nbd_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSERVER_PARAMS='"-p", "$(RANDOM1)"' \ - -DPIDFILE='"connect-uri-nbd.pid"' \ -- -DURI='"nbd://localhost:$(RANDOM1)/"' --connect_uri_nbd_CFLAGS = $(WARNINGS_CFLAGS) -+ -DURI='"nbd://localhost:$(RANDOM1)/"' \ -+ $(NULL) -+connect_uri_nbd_CFLAGS = $(AM_CFLAGS) - connect_uri_nbd_LDADD = $(top_builddir)/lib/libnbd.la - - CONNECT_URI_NBD_UNIX_SOCKET := \ - $(shell mktemp /tmp/connect-uri-nbd-unix-socket-XXXXXX) - connect_uri_nbd_unix_SOURCES = connect-uri.c - connect_uri_nbd_unix_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSERVER_PARAMS='"-U", SOCKET' \ - -DSOCKET='"$(CONNECT_URI_NBD_UNIX_SOCKET)"' \ - -DPIDFILE='"connect-uri-nbd-unix.pid"' \ -@@ -584,18 +552,18 @@ TESTS += \ - RANDOM2 := $(shell bash -c "echo $$(( 32768 + (RANDOM & 16383) ))") - connect_uri_nbds_SOURCES = connect-uri.c - connect_uri_nbds_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSERVER_PARAMS='"-p", "$(RANDOM2)", "--tls=require", "--tls-certificates=pki"' \ - -DPIDFILE='"connect-uri-nbds.pid"' \ -- -DURI='"nbds://localhost:$(RANDOM2)/"' --connect_uri_nbds_CFLAGS = $(WARNINGS_CFLAGS) -+ -DURI='"nbds://localhost:$(RANDOM2)/"' \ -+ $(NULL) - connect_uri_nbds_LDADD = $(top_builddir)/lib/libnbd.la - - CONNECT_URI_NBDS_UNIX_SOCKET := \ - $(shell mktemp /tmp/connect-uri-nbds-unix-socket-XXXXXX) - connect_uri_nbds_unix_SOURCES = connect-uri.c - connect_uri_nbds_unix_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSERVER_PARAMS='"-U", SOCKET, "--tls=require", "--tls-certificates=pki"' \ - -DSOCKET='"$(CONNECT_URI_NBDS_UNIX_SOCKET)"' \ - -DPIDFILE='"connect-uri-nbds-unix.pid"' \ -@@ -617,11 +585,11 @@ TESTS += \ - RANDOM3 := $(shell bash -c "echo $$(( 32768 + (RANDOM & 16383) ))") - connect_uri_nbds_psk_SOURCES = connect-uri.c - connect_uri_nbds_psk_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSERVER_PARAMS='"-p", "$(RANDOM3)", "--tls=require", "--tls-psk=keys.psk"' \ - -DPIDFILE='"connect-uri-nbds-psk.pid"' \ -- -DURI='"nbds://alice@localhost:$(RANDOM3)/?tls-psk-file=keys.psk"' --connect_uri_nbds_psk_CFLAGS = $(WARNINGS_CFLAGS) -+ -DURI='"nbds://alice@localhost:$(RANDOM3)/?tls-psk-file=keys.psk"' \ -+ $(NULL) - connect_uri_nbds_psk_LDADD = $(top_builddir)/lib/libnbd.la - - endif HAVE_PSKTOOL --- -2.43.0 - diff --git a/SOURCES/0010-tests-connect-uri.c-Ensure-Unix-domain-socket-is-cle.patch b/SOURCES/0010-tests-connect-uri.c-Ensure-Unix-domain-socket-is-cle.patch deleted file mode 100644 index 5668a44..0000000 --- a/SOURCES/0010-tests-connect-uri.c-Ensure-Unix-domain-socket-is-cle.patch +++ /dev/null @@ -1,149 +0,0 @@ -From da628792ddf7a3d3cb8f8b770c7dbb9b9d67444b Mon Sep 17 00:00:00 2001 -From: "Richard W.M. Jones" -Date: Sat, 24 Apr 2021 21:40:58 +0100 -Subject: [PATCH] tests/connect-uri.c: Ensure Unix domain socket is cleaned up - on exit - -Commit 70f83fed13 ("tests: Create test sockets in /tmp instead of -local directory.") aimed to create sockets with short path names in -/tmp. However it never cleaned them up. Worse still, every time the -Makefile was evaluated at all a temporary file was created. - -Fix this properly in the C file. - -Fixes: commit 70f83fed131c7e52b1a31a28d9acaf19f6c11d57 -(cherry picked from commit f5955c4c5bb0269e192b906a3ef98601aa63ad59) -(cherry picked from commit 502f0b59ec1dbd64c6c64279316e03540258a54c) ---- - tests/Makefile.am | 16 ++++++---------- - tests/connect-uri.c | 45 +++++++++++++++++++++++++++++++++++++++------ - 2 files changed, 45 insertions(+), 16 deletions(-) - -diff --git a/tests/Makefile.am b/tests/Makefile.am -index 436e1c10..ed5585a5 100644 ---- a/tests/Makefile.am -+++ b/tests/Makefile.am -@@ -525,15 +525,13 @@ connect_uri_nbd_CPPFLAGS = \ - connect_uri_nbd_CFLAGS = $(AM_CFLAGS) - connect_uri_nbd_LDADD = $(top_builddir)/lib/libnbd.la - --CONNECT_URI_NBD_UNIX_SOCKET := \ -- $(shell mktemp /tmp/connect-uri-nbd-unix-socket-XXXXXX) - connect_uri_nbd_unix_SOURCES = connect-uri.c - connect_uri_nbd_unix_CPPFLAGS = \ - $(AM_CPPFLAGS) \ -- -DSERVER_PARAMS='"-U", SOCKET' \ -- -DSOCKET='"$(CONNECT_URI_NBD_UNIX_SOCKET)"' \ -+ -DNEEDS_UNIX_SOCKET=1 \ -+ -DSERVER_PARAMS='"-U", UNIX_SOCKET' \ - -DPIDFILE='"connect-uri-nbd-unix.pid"' \ -- -DURI='"nbd+unix:///?socket=" SOCKET' -+ -DURI='"nbd+unix:///?socket="' # UNIX_SOCKET appended - connect_uri_nbd_unix_CFLAGS = $(WARNINGS_CFLAGS) - connect_uri_nbd_unix_LDADD = $(top_builddir)/lib/libnbd.la - -@@ -559,15 +557,13 @@ connect_uri_nbds_CPPFLAGS = \ - $(NULL) - connect_uri_nbds_LDADD = $(top_builddir)/lib/libnbd.la - --CONNECT_URI_NBDS_UNIX_SOCKET := \ -- $(shell mktemp /tmp/connect-uri-nbds-unix-socket-XXXXXX) - connect_uri_nbds_unix_SOURCES = connect-uri.c - connect_uri_nbds_unix_CPPFLAGS = \ - $(AM_CPPFLAGS) \ -- -DSERVER_PARAMS='"-U", SOCKET, "--tls=require", "--tls-certificates=pki"' \ -- -DSOCKET='"$(CONNECT_URI_NBDS_UNIX_SOCKET)"' \ -+ -DNEEDS_UNIX_SOCKET=1 \ -+ -DSERVER_PARAMS='"-U", UNIX_SOCKET, "--tls=require", "--tls-certificates=pki"' \ - -DPIDFILE='"connect-uri-nbds-unix.pid"' \ -- -DURI='"nbds+unix:///?socket=" SOCKET' -+ -DURI='"nbds+unix:///?socket="' # UNIX_SOCKET appended - connect_uri_nbds_unix_CFLAGS = $(WARNINGS_CFLAGS) - connect_uri_nbds_unix_LDADD = $(top_builddir)/lib/libnbd.la - -diff --git a/tests/connect-uri.c b/tests/connect-uri.c -index 6e7d1685..ce9e4d9b 100644 ---- a/tests/connect-uri.c -+++ b/tests/connect-uri.c -@@ -29,16 +29,49 @@ - - #include - -+#ifdef NEEDS_UNIX_SOCKET -+#define UNIX_SOCKET tmp -+static char tmp[] = "/tmp/nbdXXXXXX"; -+ -+static void -+unlink_unix_socket (void) -+{ -+ unlink (UNIX_SOCKET); -+} -+#endif /* NEEDS_UNIX_SOCKET */ -+ - int - main (int argc, char *argv[]) - { - struct nbd_handle *nbd; - pid_t pid; - size_t i; -+#ifdef NEEDS_UNIX_SOCKET -+ char *uri; -+#else -+ const char *uri = URI; -+#endif -+ -+#ifdef NEEDS_UNIX_SOCKET -+ int fd = mkstemp (UNIX_SOCKET); -+ if (fd == -1 || -+ close (fd) == -1) { -+ perror (UNIX_SOCKET); -+ exit (EXIT_FAILURE); -+ } -+ /* We have to remove the temporary file first, since we will create -+ * a socket in its place, and ensure the socket is removed on exit. -+ */ -+ unlink_unix_socket (); -+ atexit (unlink_unix_socket); - --#ifdef SOCKET -- unlink (SOCKET); -+ /* uri = URI + UNIX_SOCKET */ -+ if (asprintf (&uri, "%s%s", URI, UNIX_SOCKET) == -1) { -+ perror ("asprintf"); -+ exit (EXIT_FAILURE); -+ } - #endif -+ - unlink (PIDFILE); - - pid = fork (); -@@ -75,13 +108,13 @@ main (int argc, char *argv[]) - - nbd_set_uri_allow_local_file (nbd, true); - -- if (nbd_connect_uri (nbd, URI) == -1) { -+ if (nbd_connect_uri (nbd, uri) == -1) { - fprintf (stderr, "%s\n", nbd_get_error ()); - exit (EXIT_FAILURE); - } - - /* Check we negotiated the right kind of connection. */ -- if (strncmp (URI, "nbds", 4) == 0) { -+ if (strncmp (uri, "nbds", 4) == 0) { - if (! nbd_get_tls_negotiated (nbd)) { - fprintf (stderr, "%s: failed to negotiate a TLS connection\n", - argv[0]); -@@ -95,8 +128,8 @@ main (int argc, char *argv[]) - } - - nbd_close (nbd); --#ifdef SOCKET -- unlink (SOCKET); -+#ifdef NEEDS_UNIX_SOCKET -+ free (uri); - #endif - exit (EXIT_SUCCESS); - } --- -2.43.0 - diff --git a/SOURCES/0011-lib-Allow-tls-certificates-DIR-query-parameter-in-UR.patch b/SOURCES/0011-lib-Allow-tls-certificates-DIR-query-parameter-in-UR.patch deleted file mode 100644 index 4226f72..0000000 --- a/SOURCES/0011-lib-Allow-tls-certificates-DIR-query-parameter-in-UR.patch +++ /dev/null @@ -1,194 +0,0 @@ -From ee3f88640062372d04406da321270a775377eb6c Mon Sep 17 00:00:00 2001 -From: "Richard W.M. Jones" -Date: Fri, 3 Sep 2021 08:42:31 +0100 -Subject: [PATCH] lib: Allow tls-certificates= query parameter in URIs - -For nbd_connect_uri, this allows a non-default path to a certificates -directory to be specified. For example: - - nbds+unix://user@/?socket=/tmp/sock&tls-certificates=tests/pki - -nbd_get_uri is also extended to produce the tls-certificates query -field if nbd_set_tls_certificates was called. - -The main work here is extending the test suite so it actually tests -TLS URIs properly. Firstly we need to add --tls-verify-peer to the -nbdkit command line so it checks TLS client credentials at all -(previously it enabled TLS but didn't verify the client). Then we -need to add tests which use TLS certificates (previously only PSK was -being tested). And finally I loosened the rules for comparing URIs -since the order that query strings are returned by nbd_get_uri is not -necessarily the same as the query strings in nbd_connect_uri. - -(cherry picked from commit 847e0b9830f6a9f07b4c242e1a500cd2b90cca5a) -(cherry picked from commit 5e85582ec79460c95552f06c6d6c41d15dae092f) ---- - .gitignore | 5 +++-- - generator/API.ml | 10 ++++++++++ - lib/uri.c | 14 ++++++++++++-- - tests/Makefile.am | 47 +++++++++++++++++++++++++++++------------------ - 4 files changed, 54 insertions(+), 22 deletions(-) - -diff --git a/.gitignore b/.gitignore -index 4935b81b..c974e27b 100644 ---- a/.gitignore -+++ b/.gitignore -@@ -167,9 +167,10 @@ Makefile.in - /tests/connect-unix - /tests/connect-uri-nbd - /tests/connect-uri-nbd-unix --/tests/connect-uri-nbds -+/tests/connect-uri-nbds-certs - /tests/connect-uri-nbds-psk --/tests/connect-uri-nbds-unix -+/tests/connect-uri-nbds-unix-certs -+/tests/connect-uri-nbds-unix-psk - /tests/debug - /tests/debug-environment - /tests/errors -diff --git a/generator/API.ml b/generator/API.ml -index a46c6407..4b2a62e8 100644 ---- a/generator/API.ml -+++ b/generator/API.ml -@@ -1231,6 +1231,11 @@ Connect over the Unix domain socket F to - an NBD server running locally. The export name is set to C - (note without any leading C character). - -+=item C -+ -+Connect over a Unix domain socket, enabling TLS and setting the -+path to a directory containing certificates and keys. -+ - =item C - - In this scenario libnbd is running in a virtual machine. Connect -@@ -1291,6 +1296,11 @@ Specifies the Unix domain socket to connect on. - Must be present for the C<+unix> transport and must not - be present for the other transports. - -+=item BF -+ -+Set the certificates directory. See L. -+Note this is not allowed by default - see next section. -+ - =item BF - - Set the PSK file. See L. Note -diff --git a/lib/uri.c b/lib/uri.c -index 9f5a2901..c8d9041e 100644 ---- a/lib/uri.c -+++ b/lib/uri.c -@@ -249,9 +249,19 @@ nbd_unlocked_aio_connect_uri (struct nbd_handle *h, const char *raw_uri) - if (tls && nbd_unlocked_set_tls (h, LIBNBD_TLS_REQUIRE) == -1) - goto cleanup; - -- /* Look for some tls-* parameters. XXX More to come. */ -+ /* Look for some tls-* parameters. */ - for (i = 0; i < queries.size; i++) { -- if (strcmp (queries.ptr[i].name, "tls-psk-file") == 0) { -+ if (strcmp (queries.ptr[i].name, "tls-certificates") == 0) { -+ if (! h->uri_allow_local_file) { -+ set_error (EPERM, -+ "local file access (tls-certificates) is not allowed, " -+ "call nbd_set_uri_allow_local_file to enable this"); -+ goto cleanup; -+ } -+ if (nbd_unlocked_set_tls_certificates (h, queries.ptr[i].value) == -1) -+ goto cleanup; -+ } -+ else if (strcmp (queries.ptr[i].name, "tls-psk-file") == 0) { - if (! h->uri_allow_local_file) { - set_error (EPERM, - "local file access (tls-psk-file) is not allowed, " -diff --git a/tests/Makefile.am b/tests/Makefile.am -index ed5585a5..3c33b747 100644 ---- a/tests/Makefile.am -+++ b/tests/Makefile.am -@@ -539,33 +539,32 @@ if HAVE_GNUTLS - if HAVE_CERTTOOL - - check_PROGRAMS += \ -- connect-uri-nbds \ -- connect-uri-nbds-unix \ -+ connect-uri-nbds-certs \ -+ connect-uri-nbds-unix-certs \ - $(NULL) - TESTS += \ -- connect-uri-nbds \ -- connect-uri-nbds-unix \ -+ connect-uri-nbds-certs \ -+ connect-uri-nbds-unix-certs \ - $(NULL) - - RANDOM2 := $(shell bash -c "echo $$(( 32768 + (RANDOM & 16383) ))") --connect_uri_nbds_SOURCES = connect-uri.c --connect_uri_nbds_CPPFLAGS = \ -+connect_uri_nbds_certs_SOURCES = connect-uri.c -+connect_uri_nbds_certs_CPPFLAGS = \ - $(AM_CPPFLAGS) \ -- -DSERVER_PARAMS='"-p", "$(RANDOM2)", "--tls=require", "--tls-certificates=pki"' \ -- -DPIDFILE='"connect-uri-nbds.pid"' \ -- -DURI='"nbds://localhost:$(RANDOM2)/"' \ -+ -DSERVER_PARAMS='"-p", "$(RANDOM2)", "--tls=require", "--tls-verify-peer", "--tls-certificates=pki"' \ -+ -DPIDFILE='"connect-uri-nbds-certs.pid"' \ -+ -DURI='"nbds://localhost:$(RANDOM2)/?tls-certificates=pki"' \ - $(NULL) --connect_uri_nbds_LDADD = $(top_builddir)/lib/libnbd.la -+connect_uri_nbds_certs_LDADD = $(top_builddir)/lib/libnbd.la - --connect_uri_nbds_unix_SOURCES = connect-uri.c --connect_uri_nbds_unix_CPPFLAGS = \ -+connect_uri_nbds_unix_certs_SOURCES = connect-uri.c -+connect_uri_nbds_unix_certs_CPPFLAGS = \ - $(AM_CPPFLAGS) \ - -DNEEDS_UNIX_SOCKET=1 \ -- -DSERVER_PARAMS='"-U", UNIX_SOCKET, "--tls=require", "--tls-certificates=pki"' \ -- -DPIDFILE='"connect-uri-nbds-unix.pid"' \ -- -DURI='"nbds+unix:///?socket="' # UNIX_SOCKET appended --connect_uri_nbds_unix_CFLAGS = $(WARNINGS_CFLAGS) --connect_uri_nbds_unix_LDADD = $(top_builddir)/lib/libnbd.la -+ -DSERVER_PARAMS='"-U", UNIX_SOCKET, "--tls=require", "--tls-verify-peer", "--tls-certificates=pki"' \ -+ -DPIDFILE='"connect-uri-nbds-unix-certs.pid"' \ -+ -DURI='"nbds+unix://alice@/?tls-certificates=pki&socket="' # UNIX_SOCKET appended -+connect_uri_nbds_unix_certs_LDADD = $(top_builddir)/lib/libnbd.la - - endif HAVE_CERTTOOL - -@@ -573,21 +572,33 @@ if HAVE_PSKTOOL - - check_PROGRAMS += \ - connect-uri-nbds-psk \ -+ connect-uri-nbds-unix-psk \ - $(NULL) - TESTS += \ - connect-uri-nbds-psk \ -+ connect-uri-nbds-unix-psk \ - $(NULL) - - RANDOM3 := $(shell bash -c "echo $$(( 32768 + (RANDOM & 16383) ))") - connect_uri_nbds_psk_SOURCES = connect-uri.c - connect_uri_nbds_psk_CPPFLAGS = \ - $(AM_CPPFLAGS) \ -- -DSERVER_PARAMS='"-p", "$(RANDOM3)", "--tls=require", "--tls-psk=keys.psk"' \ -+ -DSERVER_PARAMS='"-p", "$(RANDOM3)", "--tls=require", "--tls-verify-peer", "--tls-psk=keys.psk"' \ - -DPIDFILE='"connect-uri-nbds-psk.pid"' \ - -DURI='"nbds://alice@localhost:$(RANDOM3)/?tls-psk-file=keys.psk"' \ - $(NULL) - connect_uri_nbds_psk_LDADD = $(top_builddir)/lib/libnbd.la - -+connect_uri_nbds_unix_psk_SOURCES = connect-uri.c -+connect_uri_nbds_unix_psk_CPPFLAGS = \ -+ $(AM_CPPFLAGS) \ -+ -DNEEDS_UNIX_SOCKET=1 \ -+ -DSERVER_PARAMS='"-U", UNIX_SOCKET, "--tls=require", "--tls-verify-peer", "--tls-psk=keys.psk"' \ -+ -DPIDFILE='"connect-uri-nbds-unix-psk.pid"' \ -+ -DURI='"nbds+unix://alice@/?tls-psk-file=keys.psk&socket="' # UNIX_SOCKET appended \ -+ $(NULL) -+connect_uri_nbds_unix_psk_LDADD = $(top_builddir)/lib/libnbd.la -+ - endif HAVE_PSKTOOL - - endif HAVE_GNUTLS --- -2.43.0 - diff --git a/SOURCES/0012-tests-make-pki.sh-Use-Subject-Alternative-Name-for-s.patch b/SOURCES/0012-tests-make-pki.sh-Use-Subject-Alternative-Name-for-s.patch deleted file mode 100644 index 12e461f..0000000 --- a/SOURCES/0012-tests-make-pki.sh-Use-Subject-Alternative-Name-for-s.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 10ca0d72932092b09475893de233f17d3eff8a72 Mon Sep 17 00:00:00 2001 -From: "Richard W.M. Jones" -Date: Thu, 4 Aug 2022 13:28:25 +0100 -Subject: [PATCH] tests/make-pki.sh: Use Subject Alternative Name for server - certificate - -This allows us to test this feature. - -(cherry picked from nbdkit commit 0c50bef16f9d6705add8db85c7ea7b4523770fba) - -(cherry picked from commit 38eabf6df05fae109212a4ce9afc9c0fe63c2f0e) -(cherry picked from commit b07898e1ee70b0641ec5233d6e8f7fa16b63c287) ---- - tests/make-pki.sh | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/tests/make-pki.sh b/tests/make-pki.sh -index d4f61204..03f4faa1 100755 ---- a/tests/make-pki.sh -+++ b/tests/make-pki.sh -@@ -75,6 +75,9 @@ chmod 0600 $1/server-key.pem - cat > $1/server.info < -Date: Mon, 24 Jun 2024 10:48:12 +0100 -Subject: [PATCH] lib/crypto.c: Check server certificate even when using system - CA -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The previous code checked the server certificate only when a custom -certificate directory was set (ie. nbd_set_tls_certificates / -?tls-certificates=DIR). In the fallback case where we use the system -CA, we never called gnutls_session_set_verify_cert and so the server -certificate was never checked. - -Move the call to gnutls_session_set_verify_cert later so it is called -on both paths. - -If the server certificate does not match the hostname you will see: - -nbdinfo: nbd_connect_uri: gnutls_handshake: Error in the certificate verification. (15/1) - -Reported-by: Jon Szymaniak -Reviewed-by: Daniel P. Berrangé -(cherry picked from commit 87ef41b69929d5d293390ec36b1c10aba2c9a57a) -(cherry picked from commit 81bd57bb8ab0b142207efb9f69a233418fbb4f8f) ---- - lib/crypto.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/lib/crypto.c b/lib/crypto.c -index 705e114a..4c398b03 100644 ---- a/lib/crypto.c -+++ b/lib/crypto.c -@@ -513,9 +513,6 @@ set_up_certificate_credentials (struct nbd_handle *h, - return NULL; - - found_certificates: -- if (h->hostname && h->tls_verify_peer) -- gnutls_session_set_verify_cert (session, h->hostname, 0); -- - err = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, ret); - if (err < 0) { - set_error (0, "gnutls_credentials_set: %s", gnutls_strerror (err)); -@@ -625,6 +622,9 @@ nbd_internal_crypto_create_session (struct nbd_handle *h, - gnutls_deinit (session); - return NULL; - } -+ -+ if (h->hostname && h->tls_verify_peer) -+ gnutls_session_set_verify_cert (session, h->hostname, 0); - } - - /* Wrap the underlying socket with GnuTLS. */ --- -2.43.0 - diff --git a/SOURCES/0014-lib-crypto.c-Allow-CA-verification-even-if-h-hostnam.patch b/SOURCES/0014-lib-crypto.c-Allow-CA-verification-even-if-h-hostnam.patch deleted file mode 100644 index d8fe97d..0000000 --- a/SOURCES/0014-lib-crypto.c-Allow-CA-verification-even-if-h-hostnam.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 17dc75c8235af7126b3820d5e0be3488efe74671 Mon Sep 17 00:00:00 2001 -From: "Richard W.M. Jones" -Date: Mon, 24 Jun 2024 10:31:10 +0100 -Subject: [PATCH] lib/crypto.c: Allow CA verification even if h->hostname is - not set -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Calling gnutls_session_set_verify_cert with the hostname parameter set -to NULL is permitted: -https://www.gnutls.org/manual/html_node/Core-TLS-API.html#gnutls_005fsession_005fset_005fverify_005fcert - -It means that the server's hostname in the certificate will not be -verified but we can at least check that the certificate was signed by -the CA. This allows the CA to be checked even for connections over -Unix domain sockets. - -Example: - - $ rm -f /tmp/sock - $ nbdkit -U /tmp/sock -f --tls=require --tls-certificates=$HOME/d/nbdkit/tests/pki memory 1G & - -Before this change: - - $ nbdinfo 'nbds+unix://?socket=/tmp/sock' - protocol: newstyle-fixed with TLS, using structured packets - export="": - export-size: 1073741824 (1G) - content: data - uri: nbds+unix:///?socket=/tmp/sock - [etc] - -(works because it never called gnutls_session_set_verify_cert). - -After this change: - - $ nbdinfo 'nbds+unix://?socket=/tmp/sock' - nbdinfo: nbd_connect_uri: gnutls_handshake: Error in the certificate verification. (15/1) - -(fails because system CA does not know about nbdkit's certificate -which is signed by the CA from the nbdkit/tests/pki directory) - - $ nbdinfo 'nbds+unix://?socket=/tmp/sock&tls-certificates=/home/rjones/d/nbdkit/tests/pki' - protocol: newstyle-fixed with TLS, using structured packets - export="": - export-size: 1073741824 (1G) - content: data - uri: nbds+unix:///?socket=/tmp/sock&tls-certificates=/home/rjones/d/nbdkit/tests/pki - [etc] - -(works because we supplied the correct CA) - -Reviewed-by: Daniel P. Berrangé -(cherry picked from commit 6ed47a27d14f6f11946bb096d94e5bf21d97083d) -(cherry picked from commit 42ee6d8dd919b241b1f1510f5759673b26fc9731) ---- - lib/crypto.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/crypto.c b/lib/crypto.c -index 4c398b03..a5177bbb 100644 ---- a/lib/crypto.c -+++ b/lib/crypto.c -@@ -623,7 +623,7 @@ nbd_internal_crypto_create_session (struct nbd_handle *h, - return NULL; - } - -- if (h->hostname && h->tls_verify_peer) -+ if (h->tls_verify_peer) - gnutls_session_set_verify_cert (session, h->hostname, 0); - } - --- -2.43.0 - diff --git a/SOURCES/0015-lib-uri.c-Allow-tls-verify-peer-to-be-overridden-in-.patch b/SOURCES/0015-lib-uri.c-Allow-tls-verify-peer-to-be-overridden-in-.patch deleted file mode 100644 index c2c24d4..0000000 --- a/SOURCES/0015-lib-uri.c-Allow-tls-verify-peer-to-be-overridden-in-.patch +++ /dev/null @@ -1,90 +0,0 @@ -From 1f82b6d2d894bf567926f4ae52f4362654db8f38 Mon Sep 17 00:00:00 2001 -From: "Richard W.M. Jones" -Date: Tue, 25 Jun 2024 11:12:56 +0100 -Subject: [PATCH] lib/uri.c: Allow tls-verify-peer to be overridden in URIs -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Older versions of libnbd didn't always check the server certificate. -Since some clients might be depending on this, allow -?tls-verify-peer=false in URIs to skip this check. - -Reviewed-by: Daniel P. Berrangé -(cherry picked from commit 75641c6b30155abce272f60cf3518a65654aa401) -(cherry picked from commit caad9cfb5dda0957c4b15cc85738a4c6ac856e8b) -(cherry picked from commit 4bfc3176de535350f884732b8793574e37714d2a) ---- - generator/API.ml | 5 +++++ - lib/uri.c | 32 ++++++++++++++++++++++++++++++++ - 2 files changed, 37 insertions(+) - -diff --git a/generator/API.ml b/generator/API.ml -index 4b2a62e8..69ee428d 100644 ---- a/generator/API.ml -+++ b/generator/API.ml -@@ -1306,6 +1306,11 @@ Note this is not allowed by default - see next section. - Set the PSK file. See L. Note - this is not allowed by default - see next section. - -+=item B -+ -+Do not verify the server certificate. See L. -+The default is C. -+ - =back - - =head2 Disable URI features -diff --git a/lib/uri.c b/lib/uri.c -index c8d9041e..8dfefd00 100644 ---- a/lib/uri.c -+++ b/lib/uri.c -@@ -140,6 +140,31 @@ error: - return -1; - } - -+/* Similar to nbdkit_parse_bool */ -+int -+parse_bool (const char *param, const char *value) -+{ -+ if (!strcmp (value, "1") || -+ !strcasecmp (value, "true") || -+ !strcasecmp (value, "t") || -+ !strcasecmp (value, "yes") || -+ !strcasecmp (value, "y") || -+ !strcasecmp (value, "on")) -+ return 1; -+ -+ if (!strcmp (value, "0") || -+ !strcasecmp (value, "false") || -+ !strcasecmp (value, "f") || -+ !strcasecmp (value, "no") || -+ !strcasecmp (value, "n") || -+ !strcasecmp (value, "off")) -+ return 0; -+ -+ set_error (EINVAL, "could not parse %s parameter, expecting %s=true|false", -+ param, param); -+ return -1; -+} -+ - int - nbd_unlocked_aio_connect_uri (struct nbd_handle *h, const char *raw_uri) - { -@@ -271,6 +296,13 @@ nbd_unlocked_aio_connect_uri (struct nbd_handle *h, const char *raw_uri) - if (nbd_unlocked_set_tls_psk_file (h, queries.ptr[i].value) == -1) - goto cleanup; - } -+ else if (strcasecmp (queries.ptr[i].name, "tls-verify-peer") == 0) { -+ int v = parse_bool ("tls-verify-peer", queries.ptr[i].value); -+ if (v == -1) -+ goto cleanup; -+ if (nbd_unlocked_set_tls_verify_peer (h, v) == -1) -+ goto cleanup; -+ } - } - - /* Username. */ --- -2.43.0 - diff --git a/SOURCES/0016-docs-security-Add-link-to-TLS-server-certificate-che.patch b/SOURCES/0016-docs-security-Add-link-to-TLS-server-certificate-che.patch deleted file mode 100644 index 8a6556b..0000000 --- a/SOURCES/0016-docs-security-Add-link-to-TLS-server-certificate-che.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 437d3aedd5ecbcb8d5234665015c5813a6ca1712 Mon Sep 17 00:00:00 2001 -From: "Richard W.M. Jones" -Date: Tue, 25 Jun 2024 17:53:47 +0100 -Subject: [PATCH] docs: security: Add link to TLS server certificate checking - announcement - -(cherry picked from commit 9c723aa660c6ee7d224afbfc16eb7450d21fb9cf) -(cherry picked from commit 9b77d853d82c291f74b51305d58e9db7f555a254) -(cherry picked from commit b477be4ed47daa6ba73c176ae8b0288ec8e84f23) ---- - docs/libnbd-security.pod | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/docs/libnbd-security.pod b/docs/libnbd-security.pod -index 0cae8462..b31f3f8b 100644 ---- a/docs/libnbd-security.pod -+++ b/docs/libnbd-security.pod -@@ -28,6 +28,11 @@ denial of service when using L - See the full announcement here: - L - -+=head2 multiple flaws in TLS server certificate checking -+ -+See the full announcement here: -+L -+ - =head1 SEE ALSO - - L. --- -2.43.0 - diff --git a/SOURCES/0017-docs-libnbd-security.pod-Assign-CVE-2024-7383.patch b/SOURCES/0017-docs-libnbd-security.pod-Assign-CVE-2024-7383.patch deleted file mode 100644 index efe2348..0000000 --- a/SOURCES/0017-docs-libnbd-security.pod-Assign-CVE-2024-7383.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 626331d88fdf8ed87dc066faeb836fc5926f5420 Mon Sep 17 00:00:00 2001 -From: "Richard W.M. Jones" -Date: Thu, 1 Aug 2024 15:17:29 +0100 -Subject: [PATCH] docs/libnbd-security.pod: Assign CVE-2024-7383 - -CVE-2024-7383 was assigned to the (already published & fixed) flaws -found in libnbd certificate checking. - -Reported-by: Jon Szymaniak -Thanks: Mauro Matteo Cascella -(cherry picked from commit 81a22ac6697ccdeb13509aba3072609251d1378b) -(cherry picked from commit 599281af594db8414d856db409846b04fce03824) -(cherry picked from commit 8f7dce2b6d6716f9eec0f352a3c420ae84a84be9) ---- - docs/libnbd-security.pod | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/docs/libnbd-security.pod b/docs/libnbd-security.pod -index b31f3f8b..4c3b5bbd 100644 ---- a/docs/libnbd-security.pod -+++ b/docs/libnbd-security.pod -@@ -28,7 +28,8 @@ denial of service when using L - See the full announcement here: - L - --=head2 multiple flaws in TLS server certificate checking -+=head2 CVE-2024-7383 -+multiple flaws in TLS server certificate checking - - See the full announcement here: - L --- -2.43.0 - diff --git a/SOURCES/libnbd-1.6.0.tar.gz.sig b/SOURCES/libnbd-1.6.0.tar.gz.sig deleted file mode 100644 index fa6006d..0000000 --- a/SOURCES/libnbd-1.6.0.tar.gz.sig +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAl/3RFQRHHJpY2hAYW5u -ZXhpYS5vcmcACgkQkXOPc+G3aKD9aw/+Pfg3owjJmhTcCyFvuH2lgiiBb+qL2An+ -hsoax6dM5JxzV6x1Ikgn3C8z2+dLRMowo2FrRgpzTwfaS+ngLDipSC04hKl9MhFN -7OPLCm+L7wcP7KUk4cC0qTSHpHkApo2SP3/bD7vVBYZMYSjgUVFcRoqZlRl3N9RF -7XNsxA2YG9bV4Ln3KbB+k2uxIKNUZIVjmEpretVbb+NTKW9C23ZHicSHYB+Eok1M -iTN6j66rYFn0Xb+L2v7jty19tSdYOMbkdSn0KpniURAWevjjVWGqcojMqW4YuAZ5 -h2MpRfyKFyusbsbtX5bjICTu6+AgFFUALKH7ReDs1RY1cEph9XdBLVulXTggxY05 -E3I1Nns1YmjRlV6ky2Abl2e+Doc44mycINRlwL2q8+Q3TqlVVPFXoVTWxIJ6/Uae -tqnEwWIa2wGv3KU1KLNbWTn1z6I8NM/Nj+7pMKDNnxJzFmHEjL94tmG+iNmHsF34 -vWBZ1q7h9EezxHLOPFYDjlpS+IxeuXakbpuTX2jXvi3zSAbr5WmRR1uO8dAiwu9b -RwOHRmVQOFLAAICYTZDmxl42DpWs5Z2aP7eRwpe8/MOSRiAVepjhUD/bsdaFwmBR -8Z7CGNzyTtt+sy5l7cPBYZ+4RdxWgFEBceBbHs06zdlD/Pui288UQVB/0e9AXYOc -wluyWT1v7sA= -=BaN1 ------END PGP SIGNATURE----- diff --git a/SPECS/libnbd.spec b/SPECS/libnbd.spec deleted file mode 100644 index 983cbcc..0000000 --- a/SPECS/libnbd.spec +++ /dev/null @@ -1,441 +0,0 @@ -# If we should verify tarball signature with GPGv2. -%global verify_tarball_signature 1 - -# If there are patches which touch autotools files, set this to 1. -%global patches_touch_autotools 1 - -# The source directory. -%global source_directory 1.6-stable - -Name: libnbd -Version: 1.6.0 -Release: 6%{?dist} -Summary: NBD client library in userspace - -License: LGPLv2+ -URL: https://github.com/libguestfs/libnbd - -Source0: http://libguestfs.org/download/libnbd/%{source_directory}/%{name}-%{version}.tar.gz -Source1: http://libguestfs.org/download/libnbd/%{source_directory}/%{name}-%{version}.tar.gz.sig -# Keyring used to verify tarball signature. This contains the single -# key from here: -# https://pgp.key-server.io/pks/lookup?search=rjones%40redhat.com&fingerprint=on&op=vindex -Source2: libguestfs.keyring - -# Maintainer script which helps with handling patches. -Source3: copy-patches.sh - -# Patches come from this upstream branch: -# https://github.com/libguestfs/libnbd/tree/rhel-8.10 - -# Patches. -Patch0001: 0001-copy-copy-nbd-to-sparse-file.sh-Skip-test-unless-nbd.patch -Patch0002: 0002-generator-Refactor-CONNECT.START-state.patch -Patch0003: 0003-generator-Print-a-better-error-message-if-connect-2-.patch -Patch0004: 0004-opt_go-Tolerate-unplanned-server-death.patch -Patch0005: 0005-security-Document-assignment-of-CVE-2021-20286.patch -Patch0006: 0006-copy-Pass-in-dummy-variable-rather-than-errno-to-cal.patch -Patch0007: 0007-copy-CVE-2022-0485-Fail-nbdcopy-if-NBD-read-or-write.patch -Patch0008: 0008-build-Move-to-minimum-gnutls-3.5.18.patch -Patch0009: 0009-tests-Factor-out-some-common-Makefile-flags.patch -Patch0010: 0010-tests-connect-uri.c-Ensure-Unix-domain-socket-is-cle.patch -Patch0011: 0011-lib-Allow-tls-certificates-DIR-query-parameter-in-UR.patch -Patch0012: 0012-tests-make-pki.sh-Use-Subject-Alternative-Name-for-s.patch -Patch0013: 0013-lib-crypto.c-Check-server-certificate-even-when-usin.patch -Patch0014: 0014-lib-crypto.c-Allow-CA-verification-even-if-h-hostnam.patch -Patch0015: 0015-lib-uri.c-Allow-tls-verify-peer-to-be-overridden-in-.patch -Patch0016: 0016-docs-security-Add-link-to-TLS-server-certificate-che.patch -Patch0017: 0017-docs-libnbd-security.pod-Assign-CVE-2024-7383.patch - -%if 0%{patches_touch_autotools} -BuildRequires: autoconf, automake, libtool -%endif - -%if 0%{verify_tarball_signature} -BuildRequires: gnupg2 -%endif - -# For the core library. -BuildRequires: gcc -BuildRequires: /usr/bin/pod2man -BuildRequires: gnutls-devel -BuildRequires: libxml2-devel - -# For nbdfuse. -BuildRequires: fuse, fuse-devel - -# For the Python 3 bindings. -BuildRequires: python3-devel - -# For the OCaml bindings. -BuildRequires: ocaml -BuildRequires: ocaml-findlib-devel -BuildRequires: ocaml-ocamldoc - -# Only for building the examples. -BuildRequires: glib2-devel - -# For bash-completion. -BuildRequires: bash-completion - -# Only for running the test suite. -BuildRequires: coreutils -BuildRequires: gcc-c++ -BuildRequires: gnutls-utils -#BuildRequires: jq -%ifnarch %{ix86} -BuildRequires: nbdkit -BuildRequires: nbdkit-data-plugin -#BuildRequires: nbdkit-eval-plugin -BuildRequires: nbdkit-memory-plugin -BuildRequires: nbdkit-null-plugin -BuildRequires: nbdkit-pattern-plugin -BuildRequires: nbdkit-sh-plugin -#BuildRequires: nbdkit-sparse-random-plugin -#BuildRequires: nbd -BuildRequires: qemu-img -%endif -BuildRequires: util-linux - - -%description -NBD — Network Block Device — is a protocol for accessing Block Devices -(hard disks and disk-like things) over a Network. - -This is the NBD client library in userspace, a simple library for -writing NBD clients. - -The key features are: - - * Synchronous and asynchronous APIs, both for ease of use and for - writing non-blocking, multithreaded clients. - - * High performance. - - * Minimal dependencies for the basic library. - - * Well-documented, stable API. - - * Bindings in several programming languages. - - -%package devel -Summary: Development headers for %{name} -License: LGPLv2+ and BSD -Requires: %{name}%{?_isa} = %{version}-%{release} - - -%description devel -This package contains development headers for %{name}. - - -%package -n ocaml-%{name} -Summary: OCaml language bindings for %{name} -Requires: %{name}%{?_isa} = %{version}-%{release} - - -%description -n ocaml-%{name} -This package contains OCaml language bindings for %{name}. - - -%package -n ocaml-%{name}-devel -Summary: OCaml language development package for %{name} -Requires: ocaml-%{name}%{?_isa} = %{version}-%{release} - - -%description -n ocaml-%{name}-devel -This package contains OCaml language development package for -%{name}. Install this if you want to compile OCaml software which -uses %{name}. - - -%package -n python3-%{name} -Summary: Python 3 bindings for %{name} -Requires: %{name}%{?_isa} = %{version}-%{release} -%{?python_provide:%python_provide python3-%{name}} - -# The Python module happens to be called lib*.so. Don't scan it and -# have a bogus "Provides: libnbdmod.*". -%global __provides_exclude_from ^%{python3_sitearch}/lib.*\\.so - - -%description -n python3-%{name} -python3-%{name} contains Python 3 bindings for %{name}. - - -%package -n nbdfuse -Summary: FUSE support for %{name} -License: LGPLv2+ and BSD -Requires: %{name}%{?_isa} = %{version}-%{release} - - -%description -n nbdfuse -This package contains FUSE support for %{name}. - - -%package bash-completion -Summary: Bash tab-completion for %{name} -BuildArch: noarch -Requires: bash-completion >= 2.0 -# Don't use _isa here because it's a noarch package. This dependency -# is just to ensure that the subpackage is updated along with libnbd. -Requires: %{name} = %{version}-%{release} - - -%description bash-completion -Install this package if you want intelligent bash tab-completion -for %{name}. - - -%prep -%if 0%{verify_tarball_signature} -tmphome="$(mktemp -d)" -gpgv2 --homedir "$tmphome" --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0} -%endif -%autosetup -p1 -%if 0%{patches_touch_autotools} -autoreconf -i -%endif - - -%build -%configure \ - --disable-static \ - --with-tls-priority=@LIBNBD,SYSTEM \ - PYTHON=%{__python3} \ - --enable-python \ - --enable-ocaml \ - --enable-fuse \ - --disable-golang - -make %{?_smp_mflags} - - -%install -%make_install - -# Delete libtool crap. -find $RPM_BUILD_ROOT -name '*.la' -delete - -# Delete the golang man page since we're not distributing the bindings. -rm $RPM_BUILD_ROOT%{_mandir}/man3/libnbd-golang.3* - - -%check -# interop/structured-read.sh fails with the old qemu-nbd in Fedora 29, -# so disable it there. -%if 0%{?fedora} <= 29 -rm interop/structured-read.sh -touch interop/structured-read.sh -chmod +x interop/structured-read.sh -%endif - -# All fuse tests fail in Koji with: -# fusermount: entry for fuse/test-*.d not found in /etc/mtab -# for unknown reasons but probably related to the Koji environment. -for f in fuse/test-*.sh; do - rm $f - touch $f - chmod +x $f -done - -# info/info-map-base-allocation-json.sh fails because of a bug in -# jq 1.5 in RHEL 8 (fixed in later versions). -rm info/info-map-base-allocation-json.sh -touch info/info-map-base-allocation-json.sh -chmod +x info/info-map-base-allocation-json.sh - -make %{?_smp_mflags} check || { - for f in $(find -name test-suite.log); do - echo - echo "==== $f ====" - cat $f - done - exit 1 - } - - -%files -%doc README -%license COPYING.LIB -%{_bindir}/nbdcopy -%{_bindir}/nbdinfo -%{_libdir}/libnbd.so.* -%{_mandir}/man1/nbdcopy.1* -%{_mandir}/man1/nbdinfo.1* - - -%files devel -%doc TODO examples/*.c -%license examples/LICENSE-FOR-EXAMPLES -%{_includedir}/libnbd.h -%{_libdir}/libnbd.so -%{_libdir}/pkgconfig/libnbd.pc -%{_mandir}/man3/libnbd.3* -%{_mandir}/man1/libnbd-release-notes-1.*.1* -%{_mandir}/man3/libnbd-security.3* -%{_mandir}/man3/nbd_*.3* - - -%files -n ocaml-%{name} -%{_libdir}/ocaml/nbd -%exclude %{_libdir}/ocaml/nbd/*.a -%exclude %{_libdir}/ocaml/nbd/*.cmxa -%exclude %{_libdir}/ocaml/nbd/*.cmx -%exclude %{_libdir}/ocaml/nbd/*.mli -%{_libdir}/ocaml/stublibs/dllmlnbd.so -%{_libdir}/ocaml/stublibs/dllmlnbd.so.owner - - -%files -n ocaml-%{name}-devel -%doc ocaml/examples/*.ml -%license ocaml/examples/LICENSE-FOR-EXAMPLES -%{_libdir}/ocaml/nbd/*.a -%{_libdir}/ocaml/nbd/*.cmxa -%{_libdir}/ocaml/nbd/*.cmx -%{_libdir}/ocaml/nbd/*.mli -%{_mandir}/man3/libnbd-ocaml.3* -%{_mandir}/man3/NBD.3* -%{_mandir}/man3/NBD.*.3* - - -%files -n python3-%{name} -%{python3_sitearch}/libnbdmod*.so -%{python3_sitearch}/nbd.py -%{python3_sitearch}/nbdsh.py -%{python3_sitearch}/__pycache__/nbd*.py* -%{_bindir}/nbdsh -%{_mandir}/man1/nbdsh.1* - - -%files -n nbdfuse -%{_bindir}/nbdfuse -%{_mandir}/man1/nbdfuse.1* - - -%files bash-completion -%dir %{_datadir}/bash-completion/completions -%{_datadir}/bash-completion/completions/nbdcopy -%{_datadir}/bash-completion/completions/nbdfuse -%{_datadir}/bash-completion/completions/nbdinfo -%{_datadir}/bash-completion/completions/nbdsh - - -%changelog -* Tue Aug 27 2024 Richard W.M. Jones - 1.6.0-6.el8 -- Fix CVE-2024-7383 NBD server improper certificate validation - resolves: RHEL-52728 - -* Mon Feb 7 2022 Richard W.M. Jones - 1.6.0-5.el8 -- Fix CVE-2022-0485: Fail nbdcopy if NBD read or write fails - resolves: rhbz#2045718 - -* Thu Sep 2 2021 Danilo C. L. de Paula - 1.6.0-4.el8 -- Resolves: bz#2000225 - (Rebase virt:rhel module:stream based on AV-8.6) - -* Mon Jul 13 2020 Danilo C. L. de Paula - 1.2.2 -- Resolves: bz#1844296 -(Upgrade components in virt:rhel module:stream for RHEL-8.3 release) - -* Wed Feb 5 2020 Richard W.M. Jones - 1.2.2-1 -- New stable release 1.2.2. - -* Tue Dec 3 2019 Richard W.M. Jones - 1.2.1-1 -- New stable release 1.2.1. - -* Thu Nov 14 2019 Richard W.M. Jones - 1.2.0-1 -- New stable release 1.2.0. - -* Wed Oct 9 2019 Richard W.M. Jones - 1.0.3-1 -- New upstream version 1.0.3. -- Contains fix for remote code execution vulnerability. -- Add new libnbd-security(3) man page. - -* Tue Sep 17 2019 Richard W.M. Jones - 1.0.2-1 -- New upstream version 1.0.2. -- Remove patches which are upstream. -- Contains fix for NBD Protocol Downgrade Attack (CVE-2019-14842). -- Fix previous commit message. - -* Thu Sep 12 2019 Richard W.M. Jones - 1.0.1-2 -- Add upstream patch to fix nbdsh (for nbdkit tests). -- Fix interop tests on slow machines. - -* Sun Sep 08 2019 Richard W.M. Jones - 1.0.1-1 -- New stable version 1.0.1. - -* Wed Aug 28 2019 Richard W.M. Jones - 1.0.0-1 -- New upstream version 1.0.0. - -* Wed Aug 21 2019 Miro Hrončok - 0.9.9-2 -- Rebuilt for Python 3.8 - -* Wed Aug 21 2019 Richard W.M. Jones - 0.9.9-1 -- New upstream version 0.9.9. - -* Wed Aug 21 2019 Richard W.M. Jones - 0.9.8-4 -- Fix nbdkit dependencies so we're actually running the tests. -- Add glib2-devel BR so we build the glib main loop example. -- Add upstream patch to fix test error: - nbd_connect_unix: getlogin: No such device or address -- Fix test failure on 32 bit. - -* Tue Aug 20 2019 Richard W.M. Jones - 0.9.8-3 -- Bump and rebuild to fix releng brokenness. - https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/2LIDI33G3IEIPYSCCIP6WWKNHY7XZJGQ/ - -* Mon Aug 19 2019 Miro Hrončok - 0.9.8-2 -- Rebuilt for Python 3.8 - -* Thu Aug 15 2019 Richard W.M. Jones - 0.9.8-1 -- New upstream version 0.9.8. -- Package the new nbd_*(3) man pages. - -* Mon Aug 5 2019 Richard W.M. Jones - 0.9.7-1 -- New upstream version 0.9.7. -- Add libnbd-ocaml(3) man page. - -* Sat Aug 3 2019 Richard W.M. Jones - 0.9.6-2 -- Add all upstream patches since 0.9.6 was released. -- Package the ocaml bindings into a subpackage. - -* Tue Jul 30 2019 Richard W.M. Jones - 0.9.6-1 -- New upstream verison 0.9.6. - -* Fri Jul 26 2019 Richard W.M. Jones - 0.1.9-1 -- New upstream version 0.1.9. - -* Thu Jul 25 2019 Fedora Release Engineering - 0.1.8-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - -* Wed Jul 17 2019 Richard W.M. Jones - 0.1.8-1 -- New upstream version 0.1.8. - -* Tue Jul 16 2019 Richard W.M. Jones - 0.1.7-1 -- New upstream version 0.1.7. - -* Wed Jul 3 2019 Richard W.M. Jones - 0.1.6-1 -- New upstream version 0.1.6. - -* Thu Jun 27 2019 Richard W.M. Jones - 0.1.5-1 -- New upstream version 0.1.5. - -* Sun Jun 09 2019 Richard W.M. Jones - 0.1.4-1 -- New upstream version 0.1.4. - -* Sun Jun 2 2019 Richard W.M. Jones - 0.1.2-2 -- Enable libxml2 for NBD URI support. - -* Thu May 30 2019 Richard W.M. Jones - 0.1.2-1 -- New upstream version 0.1.2. - -* Tue May 28 2019 Richard W.M. Jones - 0.1.1-1 -- Fix license in man pages and examples. -- Add nbdsh(1) man page. -- Include the signature and keyring even if validation is disabled. -- Update devel subpackage license. -- Fix old FSF address in Python tests. -- Filter Python provides. -- Remove executable permission on the tar.gz.sig file. -- Initial release. diff --git a/SOURCES/copy-patches.sh b/copy-patches.sh old mode 100755 new mode 100644 similarity index 98% rename from SOURCES/copy-patches.sh rename to copy-patches.sh index 36f191b..ba47329 --- a/SOURCES/copy-patches.sh +++ b/copy-patches.sh @@ -6,7 +6,7 @@ set -e # directory. Use it like this: # ./copy-patches.sh -rhel_version=8.10 +rhel_version=10.1 # Check we're in the right directory. if [ ! -f libnbd.spec ]; then diff --git a/libnbd-1.22.2.tar.gz.sig b/libnbd-1.22.2.tar.gz.sig new file mode 100644 index 0000000..114ca97 --- /dev/null +++ b/libnbd-1.22.2.tar.gz.sig @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- + +iQJFBAABCgAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAmgHrdkRHHJpY2hAYW5u +ZXhpYS5vcmcACgkQkXOPc+G3aKClxRAAmO7p5j46ou9J2CyC+iefWIoBo+tgZIyz +wi/qwDrkVrpNx36T8XJj4DDC3NZrWsq72CdVrtMydVI22+gF9hA2tCIYwO+wMbc4 +tZ11HCj4g6wacPwXdzAnXHteajpzngnXC041Q4JczwvhgPcyGVeswGXOe++cfBx7 +bXX5S4bGVCb3fZiGQIASStX4vQgO2X7L5557ELIrRR0w3LIM7eVvr5YM+2cmiAx8 +ihnnf9bK7VR2r6VJjczBd+AyLRhYFX+rCfHe2eO00amPn+J+wACy+04eoHfhH/gt +V7oIW4q2cwqFlr9hZxvkm6nC3xt1zOVgQL6Sft38zRQoYBjIyE3FRwl5Pu3pPtnT +Iw7CNyKUJgIvDZq9hsXbqD2AqNSaxO04y/SPeUs3i+uNCscBOYEDsB9YTYXw28Xb +zayDK2HVL1QRXHgrefh6HgBUAL97qHjxLS1PClqDNaSGgfWpDPPUoRhyUl+3PcsS +M+VRmRvglNpkFPP0IAXJoBJqd+Vvc+8xAAotBFNxTVe8tP1QizqH0bLVNAv5d+Az +lq0qqTBz3AzH4JH/ULg45uwU9Z0BIJFce1FS3EzdcZJRD9g/zeqmnjZ64gWFWJG3 +01lmYBWI18PtaZkvXE5IipRjGGc/8aM8MFtrD4VSEAIJ+2fRYysaW8Qr5znfp4XF +Uj+AqVPXp+M= +=PPy1 +-----END PGP SIGNATURE----- diff --git a/libnbd.spec b/libnbd.spec new file mode 100644 index 0000000..1b74fd3 --- /dev/null +++ b/libnbd.spec @@ -0,0 +1,1041 @@ +# i686 no longer has any kind of OCaml compiler, not even ocamlc. +%ifnarch %{ix86} +%global have_ocaml 1 +%endif + +# No ublk in RHEL 9. +%if !0%{?rhel} +%global have_ublk 1 +%endif + +# No nbd.ko in RHEL 9. +%if !0%{?rhel} +%global have_nbd_ko 1 +%endif + +# If we should verify tarball signature with GPGv2. +%global verify_tarball_signature 1 + +# The source directory. +%global source_directory 1.22-stable + +Name: libnbd +Version: 1.22.2 +Release: 3%{?dist} +Summary: NBD client library in userspace + +License: LGPL-2.0-or-later AND BSD-3-Clause +URL: https://gitlab.com/nbdkit/libnbd + +Source0: http://libguestfs.org/download/libnbd/%{source_directory}/%{name}-%{version}.tar.gz +Source1: http://libguestfs.org/download/libnbd/%{source_directory}/%{name}-%{version}.tar.gz.sig +# Keyring used to verify tarball signature. This contains the single +# key from here: +# https://pgp.key-server.io/pks/lookup?search=rjones%40redhat.com&fingerprint=on&op=vindex +Source2: libguestfs.keyring + +# Maintainer script which helps with handling patches. +Source3: copy-patches.sh + +# Patches are stored in the upstream repository: +# https://gitlab.com/nbdkit/libnbd/-/commits/rhel-10.1/ + +# Patches. +Patch0001: 0001-rust-Allow-cargo-build-target-RUST_TARGET-to-be-set.patch +#Patch0002: 0002-ci-Disable-cross-builds-of-Rust.patch +Patch0003: 0003-maint-Spelling-fixes.patch +Patch0004: 0004-generator-Avoid-const-correctness-warnings-in-golang.patch +Patch0005: 0005-info-Tolerate-nbdkit-slop-on-large-extents.patch +Patch0006: 0006-todo-Remove-a-couple-of-minor-features-that-have-bee.patch +Patch0007: 0007-ublk-Remove-unused-EXPECTED_VERSION.patch +Patch0008: 0008-copy-Add-blkhash-option.patch +Patch0009: 0009-copy-Fix-crash-when-blkhash-size-is-not-a-power-of-2.patch +Patch0010: 0010-copy-Define-block_type-outside-of-block-struct.patch +Patch0011: 0011-copy-Shrink-struct-block.patch +Patch0012: 0012-copy-Enable-zero-optimization-for-allocated-extents.patch +Patch0013: 0013-copy-Fix-corrupted-hash-on-incomplete-read.patch +Patch0014: 0014-build-Add-.-configure-with-extra.patch +Patch0015: 0015-lib-New-API-nbd_get_version_extra.patch +Patch0016: 0016-tools-Add-extra-version-information-in-the-output-of.patch +Patch0017: 0017-uri-Sanitize-user-provided-hostnames.patch +Patch0018: 0018-lib-uri.c-Fix-indices-in-SSH-command-array.patch + +%if 0%{verify_tarball_signature} +BuildRequires: gnupg2 +%endif + +# For rebuilding autoconf cruft. +BuildRequires: autoconf, automake, libtool + +# For the core library. +BuildRequires: gcc +BuildRequires: make +BuildRequires: /usr/bin/pod2man +BuildRequires: gnutls-devel +BuildRequires: libxml2-devel + +# For nbdfuse. +BuildRequires: fuse3, fuse3-devel + +%if 0%{?have_ublk} +# For nbdublk +BuildRequires: liburing-devel >= 2.2 +BuildRequires: ubdsrv-devel >= 1.0-3.rc6 +%endif + +# For the Python 3 bindings. +BuildRequires: python3-devel + +%if 0%{?have_ocaml} +# For the OCaml bindings. +BuildRequires: ocaml +BuildRequires: ocaml-findlib-devel +BuildRequires: ocaml-ocamldoc +%endif + +# Only for building the examples. +BuildRequires: glib2-devel + +# For bash-completion. +BuildRequires: bash-completion + +# Only for running the test suite. +BuildRequires: coreutils +BuildRequires: gcc-c++ +BuildRequires: glibc-utils +BuildRequires: gnutls-utils +BuildRequires: iproute +BuildRequires: jq +%if 0%{?have_nbd_ko} +BuildRequires: nbd +%endif +BuildRequires: util-linux + +# On RHEL, maybe even in Fedora in future, we do not build qemu-img or +# nbdkit for i686. These are only needed for the test suite so make +# them optional. This reduces our test exposure on 32 bit platforms, +# although there is still Fedora/armv7 and some upstream testing. +%ifnarch %{ix86} +BuildRequires: qemu-img +BuildRequires: nbdkit +BuildRequires: nbdkit-data-plugin +BuildRequires: nbdkit-eval-plugin +BuildRequires: nbdkit-memory-plugin +BuildRequires: nbdkit-null-plugin +BuildRequires: nbdkit-pattern-plugin +BuildRequires: nbdkit-sh-plugin +BuildRequires: nbdkit-sparse-random-plugin +%endif + + +%description +NBD — Network Block Device — is a protocol for accessing Block Devices +(hard disks and disk-like things) over a Network. + +This is the NBD client library in userspace, a simple library for +writing NBD clients. + +The key features are: + + * Synchronous and asynchronous APIs, both for ease of use and for + writing non-blocking, multithreaded clients. + + * High performance. + + * Minimal dependencies for the basic library. + + * Well-documented, stable API. + + * Bindings in several programming languages. + + +%package devel +Summary: Development headers for %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} + + +%description devel +This package contains development headers for %{name}. + + +%if 0%{?have_ocaml} +%package -n ocaml-%{name} +Summary: OCaml language bindings for %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} + + +%description -n ocaml-%{name} +This package contains OCaml language bindings for %{name}. + + +%package -n ocaml-%{name}-devel +Summary: OCaml language development package for %{name} +Requires: ocaml-%{name}%{?_isa} = %{version}-%{release} + + +%description -n ocaml-%{name}-devel +This package contains OCaml language development package for +%{name}. Install this if you want to compile OCaml software which +uses %{name}. +%endif + + +%package -n python3-%{name} +Summary: Python 3 bindings for %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} +%{?python_provide:%python_provide python3-%{name}} + +# The Python module happens to be called lib*.so. Don't scan it and +# have a bogus "Provides: libnbdmod.*". +%global __provides_exclude_from ^%{python3_sitearch}/lib.*\\.so + + +%description -n python3-%{name} +python3-%{name} contains Python 3 bindings for %{name}. + + +%package -n nbdfuse +Summary: FUSE support for %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} +Recommends: fuse3 + + +%description -n nbdfuse +This package contains FUSE support for %{name}. + + +%if 0%{?have_ublk} +%package -n nbdublk +Summary: Userspace NBD block device +Requires: %{name}%{?_isa} = %{version}-%{release} +Recommends: kernel >= 6.0.0 +Recommends: %{_sbindir}/ublk + + +%description -n nbdublk +This package contains a userspace NBD block device +based on %{name}. +%endif + + +%package bash-completion +Summary: Bash tab-completion for %{name} +BuildArch: noarch +Requires: bash-completion >= 2.0 +# Don't use _isa here because it's a noarch package. This dependency +# is just to ensure that the subpackage is updated along with libnbd. +Requires: %{name} = %{version}-%{release} + + +%description bash-completion +Install this package if you want intelligent bash tab-completion +for %{name}. + + +%prep +%if 0%{verify_tarball_signature} +%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' +%endif +%autosetup -p1 +autoreconf -i + + +%build +%configure \ + --disable-static \ + --with-extra='%{name}-%{version}-%{release}' \ + --with-tls-priority=@LIBNBD,SYSTEM \ + --with-bash-completions \ + PYTHON=%{__python3} \ + --enable-python \ +%if 0%{?have_ocaml} + --enable-ocaml \ +%else + --disable-ocaml \ +%endif + --enable-fuse \ + --disable-golang \ + --disable-rust \ +%if 0%{?have_ublk} + --enable-ublk \ +%else + --disable-ublk \ +%endif + %{nil} + +make %{?_smp_mflags} + + +%install +%make_install + +# Delete libtool crap. +find $RPM_BUILD_ROOT -name '*.la' -delete + +# Delete the golang man page since we're not distributing the bindings. +rm $RPM_BUILD_ROOT%{_mandir}/man3/libnbd-golang.3* + +%if !0%{?have_ocaml} +# Delete the OCaml man page on i686. +rm $RPM_BUILD_ROOT%{_mandir}/man3/libnbd-ocaml.3* +%endif + + +%check +function skip_test () +{ + for f in "$@"; do + rm -f "$f" + echo 'exit 77' > "$f" + chmod +x "$f" + done +} + +# interop/interop-qemu-storage-daemon.sh fails in RHEL 9 because of +# this bug in qemu: +# https://lists.nongnu.org/archive/html/qemu-devel/2021-03/threads.html#03544 +%if 0%{?rhel} +skip_test interop/interop-qemu-storage-daemon.sh +%endif + +# All fuse tests fail in Koji with: +# fusermount: entry for fuse/test-*.d not found in /etc/mtab +# for unknown reasons but probably related to the Koji environment. +skip_test fuse/test-*.sh + +# IPv6 loopback connections fail in Koji. +make -C tests connect-tcp6 ||: +skip_test tests/connect-tcp6 + +make %{?_smp_mflags} check || { + for f in $(find -name test-suite.log); do + echo + echo "==== $f ====" + cat $f + done + exit 1 + } + + +%files +%doc README.md +%license COPYING.LIB +%{_bindir}/nbdcopy +%{_bindir}/nbddump +%{_bindir}/nbdinfo +%{_libdir}/libnbd.so.* +%{_mandir}/man1/nbdcopy.1* +%{_mandir}/man1/nbddump.1* +%{_mandir}/man1/nbdinfo.1* + + +%files devel +%doc TODO examples/*.c +%license examples/LICENSE-FOR-EXAMPLES +%{_includedir}/libnbd.h +%{_libdir}/libnbd.so +%{_libdir}/pkgconfig/libnbd.pc +%{_mandir}/man3/libnbd.3* +%{_mandir}/man1/libnbd-release-notes-1.*.1* +%{_mandir}/man3/libnbd-security.3* +%{_mandir}/man3/nbd_*.3* + + +%if 0%{?have_ocaml} +%files -n ocaml-%{name} +%dir %{_libdir}/ocaml/nbd +%{_libdir}/ocaml/nbd/META +%{_libdir}/ocaml/nbd/*.cma +%{_libdir}/ocaml/nbd/*.cmi +%{_libdir}/ocaml/stublibs/dllmlnbd.so +%{_libdir}/ocaml/stublibs/dllmlnbd.so.owner + + +%files -n ocaml-%{name}-devel +%doc ocaml/examples/*.ml +%license ocaml/examples/LICENSE-FOR-EXAMPLES +%ifarch %{ocaml_native_compiler} +%{_libdir}/ocaml/nbd/*.cmxa +%{_libdir}/ocaml/nbd/*.cmx +%endif +%{_libdir}/ocaml/nbd/*.a +%{_libdir}/ocaml/nbd/*.mli +%{_mandir}/man3/libnbd-ocaml.3* +%{_mandir}/man3/NBD.3* +%{_mandir}/man3/NBD.*.3* +%endif + + +%files -n python3-%{name} +%{python3_sitearch}/libnbdmod*.so +%{python3_sitearch}/nbd.py +%{python3_sitearch}/nbdsh.py +%{python3_sitearch}/__pycache__/nbd*.py* +%{_bindir}/nbdsh +%{_mandir}/man1/nbdsh.1* + + +%files -n nbdfuse +%{_bindir}/nbdfuse +%{_mandir}/man1/nbdfuse.1* + + +%if 0%{?have_ublk} +%files -n nbdublk +%{_bindir}/nbdublk +%{_mandir}/man1/nbdublk.1* +%endif + + +%files bash-completion +%dir %{_datadir}/bash-completion/completions +%{_datadir}/bash-completion/completions/nbdcopy +%{_datadir}/bash-completion/completions/nbddump +%{_datadir}/bash-completion/completions/nbdfuse +%{_datadir}/bash-completion/completions/nbdinfo +%{_datadir}/bash-completion/completions/nbdsh +%if 0%{?have_ublk} +%{_datadir}/bash-completion/completions/nbdublk +%endif + + +%changelog +* Tue Nov 18 2025 Richard W.M. Jones - 1.22.2-3 +- Fix unsanitized hostnames in nbd+ssh URIs allow remote execution + resolves: RHEL-129311 + +* Wed Jul 16 2025 Richard W.M. Jones - 1.22.2-2 +- Rebase to libnbd 1.22.2 +- Synch spec file with Fedora Rawhide. + resolves: RHEL-78831 +- Fix nbdinfo with dark theme + resolves: RHEL-7119 +- Add nbdcopy --blkhash option + resolves: RHEL-85513 +- Log the version of libnbd / nbdcopy in virt-v2v output + resolves: RHEL-104019 + +* Wed Oct 30 2024 Troy Dawson - 1.20.3-2 +- Bump release for October 2024 mass rebuild: + Resolves: RHEL-64018 + +* Sat Sep 28 2024 Richard W.M. Jones - 1.20.3-1 +- Rebase to libnbd 1.20.3 + +* Fri Jul 26 2024 Richard W.M. Jones - 1.20.2-2 +- Rebase to libnbd 1.20.2 +- Fix multiple flaws in TLS server certificate checking + resolves: RHEL-49802 +- Print full NBD error from server + resolves: RHEL-50667 + +* Tue Jun 25 2024 Troy Dawson - 1.20.1-5 +- Bump release for June 2024 mass rebuild + +* Wed Jun 19 2024 Richard W.M. Jones - 1.20.1-4 +- OCaml 5.2.0 ppc64le fix + +* Fri Jun 07 2024 Python Maint - 1.20.1-3 +- Rebuilt for Python 3.13 + +* Wed May 29 2024 Richard W.M. Jones - 1.20.1-2 +- OCaml 5.2.0 for Fedora 41 + +* Thu May 23 2024 Jerry James - 1.20.1-1 +- Remove unneeded Stdlib__Callback workaround + +* Tue May 7 2024 Richard W.M. Jones - 1.20.1-1 +- New stable branch version 1.20.1 + +* Mon Apr 15 2024 Miroslav Rezanina - 1.20.0-1 +- New stable branch version 1.20.0 +- Rebuild autoconf cruft unconditionally. +- Resolves: RHEL-32642 + +* Mon Feb 05 2024 Richard W.M. Jones - 1.19.6-1 +- New upstream development version 1.19.6 + +* Thu Jan 25 2024 Richard W.M. Jones - 1.19.5-3 +- Bump and rebuild for ELN + +* Thu Jan 25 2024 Fedora Release Engineering - 1.19.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Mon Jan 22 2024 Richard W.M. Jones - 1.19.5-1 +- New upstream development version 1.19.5 + +* Sun Jan 21 2024 Fedora Release Engineering - 1.19.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Tue Jan 16 2024 Richard W.M. Jones - 1.19.4-1 +- New upstream development version 1.19.4 + +* Tue Dec 19 2023 Richard W.M. Jones - 1.19.3-2 +- New upstream development version 1.19.3 + +* Mon Dec 18 2023 Richard W.M. Jones - 1.19.2-4 +- OCaml 5.1.1 + s390x code gen fix for Fedora 40 + +* Thu Dec 14 2023 Richard W.M. Jones - 1.19.2-3 +- Fixes for https://github.com/ocaml/ocaml/issues/12820 + +* Tue Dec 12 2023 Richard W.M. Jones - 1.19.2-2 +- OCaml 5.1.1 rebuild for Fedora 40 + +* Wed Nov 22 2023 Richard W.M. Jones - 1.19.2-1 +- New upstream development version 1.19.2 + +* Tue Oct 31 2023 Richard W.M. Jones - 1.19.1-2 +- Fix assertion in ext-mode BLOCK_STATUS (CVE-2023-5871) + +* Mon Oct 23 2023 Richard W.M. Jones - 1.19.1-1 +- New upstream development version 1.19.1 + +* Thu Oct 05 2023 Richard W.M. Jones - 1.18.0-2 +- OCaml 5.1 rebuild for Fedora 40 + +* Wed Sep 27 2023 Richard W.M. Jones - 1.18.0-1 +- New upstream stable version 1.18.0 + +* Fri Sep 08 2023 Richard W.M. Jones - 1.17.5-1 +- New upstream development version 1.17.5 + +* Wed Aug 30 2023 Richard W.M. Jones - 1.17.4-1 +- New upstream development version 1.17.4 + +* Fri Aug 04 2023 Richard W.M. Jones - 1.17.3-1 +- New upstream development version 1.17.3 +- Disable Rust bindings. + +* Thu Jul 20 2023 Fedora Release Engineering - 1.17.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Fri Jul 14 2023 Richard W.M. Jones - 1.17.2-1 +- New upstream development version 1.17.2 + +* Thu Jul 13 2023 Richard W.M. Jones - 1.17.1-6 +- Bump and rebuild for updated python3 and perl + +* Tue Jul 11 2023 Richard W.M. Jones - 1.17.1-5 +- OCaml 5.0 rebuild for Fedora 39 + +* Mon Jul 10 2023 Jerry James - 1.17.1-4 +- OCaml 5.0.0 rebuild + +* Mon Jun 26 2023 Python Maint - 1.17.1-3 +- Rebuilt for Python 3.12 + +* Thu Jun 22 2023 Richard W.M. Jones - 1.17.1-2 +- Add OCaml 5 support + +* Mon Jun 19 2023 Richard W.M. Jones - 1.17.1-1 +- New upstream development version 1.17.1 + +* Tue Jun 13 2023 Python Maint - 1.16.1-3 +- Rebuilt for Python 3.12 + +* Mon Jun 05 2023 Richard W.M. Jones - 1.16.1-2 +- Migrated to SPDX license + +* Wed May 10 2023 Richard W.M. Jones - 1.16.1-1 +- New upstream stable version 1.16.1 + +* Tue Apr 18 2023 Richard W.M. Jones - 1.16.0-1 +- New upstream stable version 1.16.0 + +* Thu Apr 13 2023 Richard W.M. Jones - 1.15.13-1 +- New upstream development version 1.15.13 + +* Thu Mar 09 2023 Richard W.M. Jones - 1.15.12-1 +- New upstream development version 1.15.12 + +* Tue Feb 28 2023 Richard W.M. Jones - 1.15.11-1 +- New upstream development version 1.15.11 + +* Sat Feb 25 2023 Richard W.M. Jones - 1.15.10-1 +- New upstream development version 1.15.10 + +* Tue Jan 24 2023 Richard W.M. Jones - 1.15.9-2 +- Rebuild OCaml packages for F38 + +* Sat Jan 21 2023 Richard W.M. Jones - 1.15.9-1 +- New upstream development version 1.15.9 + +* Thu Jan 19 2023 Fedora Release Engineering - 1.15.8-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Tue Jan 03 2023 Richard W.M. Jones - 1.15.8-3 +- Fix for Python 3.12 distutils change (RHBZ#2152674). + +* Fri Dec 09 2022 Richard W.M. Jones - 1.15.8-2 +- Rebuild against new ubdsrv API + +* Fri Nov 25 2022 Richard W.M. Jones - 1.15.8-1 +- New upstream development version 1.15.8 + +* Thu Nov 03 2022 Richard W.M. Jones - 1.15.7-1 +- New upstream development version 1.15.7 + +* Thu Oct 13 2022 Richard W.M. Jones - 1.15.6-1 +- New upstream development version 1.15.6 + +* Tue Oct 11 2022 Richard W.M. Jones - 1.15.5-1 +- New upstream development version 1.15.5 + +* Tue Sep 27 2022 Richard W.M. Jones - 1.15.4-1 +- New upstream development version 1.15.4 + +* Fri Sep 02 2022 Richard W.M. Jones - 1.15.3-1 +- New upstream development version 1.15.3 +- New tool: nbdublk + +* Thu Aug 18 2022 Richard W.M. Jones - 1.15.1-1 +- New upstream development version 1.15.1 + +* Thu Aug 11 2022 Richard W.M. Jones - 1.14.1-1 +- New upstream stable version 1.14.1 + +* Tue Aug 02 2022 Richard W.M. Jones - 1.14.0-2 +- Add some small upstream patches since 1.14.0 + +* Mon Aug 01 2022 Richard W.M. Jones - 1.14.0-1 +- New upstream stable version 1.14.0 + +* Fri Jul 29 2022 Richard W.M. Jones - 1.13.9-1 +- New upstream development version 1.13.9 + +* Wed Jul 27 2022 Richard W.M. Jones - 1.13.8-1 +- New upstream development version 1.13.8 + +* Thu Jul 21 2022 Fedora Release Engineering - 1.13.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Sun Jul 10 2022 Richard W.M. Jones - 1.13.7-1 +- New upstream development version 1.13.7 + +* Sun Jul 10 2022 Richard W.M. Jones - 1.13.6-1 +- New upstream development version 1.13.6 + +* Fri Jul 01 2022 Richard W.M. Jones - 1.13.5-1 +- New upstream development version 1.13.5 + +* Thu Jun 30 2022 Richard W.M. Jones - 1.13.4-1 +- New upstream development version 1.13.4 +- New tool: nbddump + +* Mon Jun 27 2022 Richard W.M. Jones - 1.13.3-1 +- New upstream development version 1.13.3 + +* Mon Jun 20 2022 Richard W.M. Jones - 1.13.2-5 +- Rebuild for OCaml 4.14.0 because of Python conflict + +* Mon Jun 20 2022 Python Maint - 1.13.2-4 +- Rebuilt for Python 3.11 + +* Sat Jun 18 2022 Richard W.M. Jones - 1.13.2-3 +- OCaml 4.14.0 rebuild + +* Mon Jun 13 2022 Python Maint - 1.13.2-2 +- Rebuilt for Python 3.11 + +* Mon Jun 13 2022 Richard W.M. Jones - 1.13.2-1 +- New upstream development version 1.13.2 + +* Thu Jun 09 2022 Richard W.M. Jones - 1.13.1-1 +- New upstream development version 1.13.1 +- Rename README file. + +* Sun May 29 2022 Richard W.M. Jones - 1.12.3-1 +- New upstream stable version 1.12.3 + +* Tue Mar 15 2022 Richard W.M. Jones - 1.12.2-1 +- New upstream stable version 1.12.2 + +* Tue Mar 01 2022 Richard W.M. Jones - 1.12.1-1 +- New upstream stable version 1.12.1 + +* Thu Feb 24 2022 Richard W.M. Jones - 1.12.0-1 +- New upstream stable version 1.12.0 + +* Sat Feb 19 2022 Richard W.M. Jones - 1.11.11-1 +- New upstream development version 1.11.11 + +* Tue Feb 15 2022 Richard W.M. Jones - 1.11.10-1 +- New upstream development version 1.11.10 + +* Thu Feb 10 2022 Richard W.M. Jones - 1.11.9-1 +- New upstream development version 1.11.9 + +* Sat Feb 05 2022 Richard W.M. Jones - 1.11.8-1 +- New upstream development version 1.11.8. +- Fixes: CVE-2022-0485 nbdcopy may create corrupted destination image + +* Fri Feb 04 2022 Richard W.M. Jones - 1.11.7-3 +- OCaml 4.13.1 rebuild to remove package notes + +* Thu Jan 20 2022 Fedora Release Engineering - 1.11.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Mon Jan 17 2022 Richard W.M. Jones - 1.11.7-1 +- New upstream development version 1.11.7 + +* Tue Jan 04 2022 Richard W.M. Jones - 1.11.6-1 +- New upstream development version 1.11.6 + +* Tue Nov 30 2021 Eric Blake - 1.11.5-1 +- New upstream development version 1.11.5 + +* Fri Nov 19 2021 Richard W.M. Jones - 1.11.4-1 +- New upstream development version 1.11.4 + +* Thu Nov 04 2021 Richard W.M. Jones - 1.11.3-1 +- New upstream development version 1.11.3 + +* Tue Nov 02 2021 Richard W.M. Jones - 1.11.2-1 +- New upstream development version 1.11.2 + +* Mon Oct 25 2021 Richard W.M. Jones - 1.11.1-1 +- New upstream development version 1.11.1 + +* Mon Oct 04 2021 Richard W.M. Jones - 1.10.0-2 +- OCaml 4.13.1 build + +* Thu Sep 23 2021 Richard W.M. Jones - 1.10.0-1 +- New upstream stable branch version 1.10.0 + +* Tue Sep 21 2021 Richard W.M. Jones - 1.9.6-1 +- New upstream development version 1.9.6. + +* Fri Sep 03 2021 Richard W.M. Jones - 1.9.5-1 +- New upstream development version 1.9.5. + +* Fri Aug 27 2021 Richard W.M. Jones - 1.9.4-1 +- New upstream development version 1.9.4. + +* Fri Jul 30 2021 Eric Blake - 1.9.3-1 +- New upstream development version 1.9.3. + +* Thu Jul 22 2021 Fedora Release Engineering - 1.9.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Sat Jul 03 2021 Richard W.M. Jones - 1.9.2-1 +- New upstream development version 1.9.2. + +* Fri Jun 11 2021 Richard W.M. Jones - 1.9.1-1 +- New upstream development version 1.9.1. + +* Mon Jun 07 2021 Python Maint - 1.8.0-2 +- Rebuilt for Python 3.10 + +* Mon Jun 07 2021 Richard W.M. Jones - 1.8.0-1 +- New upstream version 1.8.0. + +* Fri Jun 04 2021 Python Maint - 1.7.12-2 +- Rebuilt for Python 3.10 + +* Sat May 29 2021 Richard W.M. Jones - 1.7.12-1 +- New upstream version 1.7.12. + +* Thu May 20 2021 Richard W.M. Jones - 1.7.11-1 +- New upstream version 1.7.11. + +* Fri May 14 2021 Richard W.M. Jones - 1.7.10-1 +- New upstream version 1.7.10. + +* Thu Apr 29 2021 Richard W.M. Jones - 1.7.9-1 +- New upstream version 1.7.9. +- Switch to fuse3. +- Make nbdfuse package recommend fuse3 (to get fusermount3). + +* Sat Apr 24 2021 Richard W.M. Jones - 1.7.8-1 +- New upstream development version 1.7.8. + +* Sat Apr 10 2021 Richard W.M. Jones - 1.7.7-1 +- New upstream development version 1.7.7. +- +BR iproute +- Add skip_test helper function. +- Skip connect-tcp6 test which fails under Koji. + +* Thu Apr 08 2021 Richard W.M. Jones - 1.7.6-1 +- New upstream development version 1.7.6. + +* Sat Apr 03 2021 Richard W.M. Jones - 1.7.5-1 +- New upstream development version 1.7.5. + +* Mon Mar 15 2021 Richard W.M. Jones - 1.7.4-1 +- New upstream development version 1.7.4. + +* Mon Mar 15 2021 Richard W.M. Jones - 1.7.3-3 +- Update documentation for CVE-2021-20286. +- Workaround broken interop/interop-qemu-storage-daemon.sh test in RHEL 9. + +* Thu Mar 4 2021 Richard W.M. Jones - 1.7.3-2 +- Add fix for nbdkit test suite. + +* Tue Mar 2 2021 Richard W.M. Jones - 1.7.3-1 +- New upstream version 1.7.3. + +* Mon Mar 1 2021 Richard W.M. Jones - 1.7.2-3 +- OCaml 4.12.0 build + +* Wed Feb 24 2021 Richard W.M. Jones - 1.7.2-2 +- Disable nbd BR on RHEL. + +* Mon Feb 22 2021 Richard W.M. Jones - 1.7.2-1 +- New upstream version 1.7.2. + +* Fri Jan 29 2021 Richard W.M. Jones - 1.7.1-6 +- Disable BR qemu-img on i686. + +* Thu Jan 28 2021 Richard W.M. Jones - 1.7.1-3 +- Disable BR nbdkit on i686 because it breaks ELN/RHEL 9. + +* Tue Jan 26 2021 Fedora Release Engineering - 1.7.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Jan 20 2021 Richard W.M. Jones - 1.7.1-1 +- New upstream development version 1.7.1. + +* Thu Jan 07 2021 Richard W.M. Jones - 1.6.0-1 +- New upstream stable version 1.6.0. + +* Tue Dec 08 2020 Richard W.M. Jones - 1.5.9-1 +- New upstream development version 1.5.9. + +* Thu Dec 03 2020 Richard W.M. Jones - 1.5.8-1 +- New upstream development version 1.5.8. +- Unify Fedora and RHEL spec files. + +* Wed Nov 25 2020 Richard W.M. Jones - 1.5.7-1 +- New upstream development version 1.5.7. +- Add some more test suite buildrequires lines. +- Fix bogus date in changelog. + +* Thu Nov 12 2020 Richard W.M. Jones - 1.5.6-1 +- New upstream development version 1.5.6. + +* Mon Nov 02 2020 Richard W.M. Jones - 1.5.5-1 +- New upstream development version 1.5.5. + +* Mon Oct 05 2020 Richard W.M. Jones - 1.5.4-1 +- New upstream development version 1.5.4. +- More OCaml man pages. + +* Sat Sep 26 2020 Richard W.M. Jones - 1.5.3-1 +- New upstream development version 1.5.3. + +* Thu Sep 10 2020 Richard W.M. Jones - 1.5.2-1 +- New upstream development version 1.5.2. + +* Tue Sep 08 2020 Richard W.M. Jones - 1.5.1-1 +- New upstream development version 1.5.1. + +* Tue Sep 01 2020 Richard W.M. Jones - 1.4.0-2 +- OCaml 4.11.1 rebuild + +* Tue Aug 25 2020 Richard W.M. Jones - 1.4.0-1 +- New stable release 1.4.0. + +* Fri Aug 21 2020 Richard W.M. Jones - 1.3.12-3 +- Bump release and rebuild. + +* Fri Aug 21 2020 Richard W.M. Jones - 1.3.12-2 +- OCaml 4.11.0 rebuild + +* Thu Aug 20 2020 Richard W.M. Jones - 1.3.12-1 +- New upstream version 1.3.12. + +* Thu Aug 6 2020 Richard W.M. Jones - 1.3.11-1 +- New upstream version 1.3.11. + +* Tue Aug 4 2020 Richard W.M. Jones - 1.3.10-1 +- New upstream version 1.3.10. + +* Wed Jul 29 2020 Richard W.M. Jones - 1.3.9-3 +- Bump and rebuild. + +* Tue Jul 28 2020 Fedora Release Engineering - 1.3.9-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jul 21 2020 Richard W.M. Jones - 1.3.9-1 +- New upstream version 1.3.9. +- New tool: nbdinfo. + +* Fri Jul 17 2020 Richard W.M. Jones - 1.3.8-2 +- New upstream version 1.3.8. +- New tool: nbdcopy +- Add upstream patch to fix compilation with glibc from Rawhide. + +* Tue May 26 2020 Miro Hrončok - 1.3.7-3 +- Rebuilt for Python 3.9 + +* Mon May 04 2020 Richard W.M. Jones - 1.3.7-2 +- OCaml 4.11.0+dev2-2020-04-22 rebuild + +* Thu Apr 23 2020 Richard W.M. Jones - 1.3.7-1 +- New upstream version 1.3.7. + +* Tue Apr 21 2020 Richard W.M. Jones - 1.3.6-5 +- OCaml 4.11.0 pre-release attempt 2 + +* Fri Apr 17 2020 Richard W.M. Jones - 1.3.6-4 +- OCaml 4.11.0 pre-release +- Add upstream patch to fix one of the tests that fails on slow machines. + +* Thu Apr 02 2020 Richard W.M. Jones - 1.3.6-2 +- Update all OCaml dependencies for RPM 4.16. + +* Tue Mar 31 2020 Richard W.M. Jones - 1.3.6-1 +- New upstream development version 1.3.6. +- Golang bindings are contained in this release but not distributed. + +* Wed Mar 11 2020 Richard W.M. Jones - 1.3.5-2 +- Fix bogus runtime Requires of new bash-completion package. + +* Tue Mar 10 2020 Richard W.M. Jones - 1.3.5-1 +- New upstream development version 1.3.5. +- Add new bash-completion subpackage. + +* Sat Feb 29 2020 Richard W.M. Jones - 1.3.4-1 +- New upstream development version 1.3.4. + +* Wed Feb 26 2020 Richard W.M. Jones - 1.3.3-2 +- OCaml 4.10.0 final. + +* Wed Feb 05 2020 Richard W.M. Jones - 1.3.3-1 +- New upstream development version 1.3.3. + +* Thu Jan 30 2020 Richard W.M. Jones - 1.3.2-1 +- New upstream development version 1.3.2. + +* Wed Jan 29 2020 Fedora Release Engineering - 1.3.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Sun Jan 19 2020 Richard W.M. Jones - 1.3.1-4 +- Bump release and rebuild. + +* Sun Jan 19 2020 Richard W.M. Jones - 1.3.1-3 +- OCaml 4.10.0+beta1 rebuild. + +* Thu Dec 12 2019 Richard W.M. Jones - 1.3.1-2 +- Rebuild for OCaml 4.09.0. + +* Tue Dec 03 2019 Richard W.M. Jones - 1.3.1-1 +- New upstream development version 1.3.1. + +* Wed Nov 27 2019 Richard W.M. Jones - 1.2.0-2 +- Use gpgverify macro instead of explicit gpgv2 command. + +* Thu Nov 14 2019 Richard W.M. Jones - 1.2.0-1 +- New stable release 1.2.0 + +* Sat Nov 09 2019 Richard W.M. Jones - 1.1.9-1 +- New upstream version 1.1.9. +- Add new nbdkit-release-notes-1.2(1) man page. + +* Wed Nov 06 2019 Richard W.M. Jones - 1.1.8-1 +- New upstream version 1.1.8. + +* Thu Oct 24 2019 Richard W.M. Jones - 1.1.7-1 +- New upstream version 1.1.7. + +* Sat Oct 19 2019 Richard W.M. Jones - 1.1.6-1 +- New upstream version 1.1.6. + +* Sat Oct 12 2019 Richard W.M. Jones - 1.1.5-1 +- New upstream version 1.1.5. +- New tool and subpackage nbdfuse. + +* Wed Oct 9 2019 Richard W.M. Jones - 1.1.4-1 +- New upstream version 1.1.4. +- Contains fix for remote code execution vulnerability. +- Add new libnbd-security(3) man page. + +* Tue Oct 1 2019 Richard W.M. Jones - 1.1.3-1 +- New upstream version 1.1.3. + +* Tue Sep 17 2019 Richard W.M. Jones - 1.1.2-1 +- New upstream version 1.1.2. +- Remove patches which are upstream. +- Contains fix for NBD Protocol Downgrade Attack (CVE-2019-14842). + +* Thu Sep 12 2019 Richard W.M. Jones - 1.1.1-2 +- Add upstream patch to fix nbdsh (for nbdkit tests). + +* Sun Sep 08 2019 Richard W.M. Jones - 1.1.1-1 +- New development version 1.1.1. + +* Wed Aug 28 2019 Richard W.M. Jones - 1.0.0-1 +- New upstream version 1.0.0. + +* Wed Aug 21 2019 Miro Hrončok - 0.9.9-2 +- Rebuilt for Python 3.8 + +* Wed Aug 21 2019 Richard W.M. Jones - 0.9.9-1 +- New upstream version 0.9.9. + +* Wed Aug 21 2019 Richard W.M. Jones - 0.9.8-4 +- Fix nbdkit dependencies so we're actually running the tests. +- Add glib2-devel BR so we build the glib main loop example. +- Add upstream patch to fix test error: + nbd_connect_unix: getlogin: No such device or address +- Fix test failure on 32 bit. + +* Tue Aug 20 2019 Richard W.M. Jones - 0.9.8-3 +- Bump and rebuild to fix releng brokenness. + https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/2LIDI33G3IEIPYSCCIP6WWKNHY7XZJGQ/ + +* Mon Aug 19 2019 Miro Hrončok - 0.9.8-2 +- Rebuilt for Python 3.8 + +* Thu Aug 15 2019 Richard W.M. Jones - 0.9.8-1 +- New upstream version 0.9.8. +- Package the new nbd_*(3) man pages. + +* Mon Aug 5 2019 Richard W.M. Jones - 0.9.7-1 +- New upstream version 0.9.7. +- Add libnbd-ocaml(3) man page. + +* Sat Aug 3 2019 Richard W.M. Jones - 0.9.6-2 +- Add all upstream patches since 0.9.6 was released. +- Package the ocaml bindings into a subpackage. + +* Tue Jul 30 2019 Richard W.M. Jones - 0.9.6-1 +- New upstream verison 0.9.6. + +* Fri Jul 26 2019 Richard W.M. Jones - 0.1.9-1 +- New upstream version 0.1.9. + +* Thu Jul 25 2019 Fedora Release Engineering - 0.1.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Wed Jul 17 2019 Richard W.M. Jones - 0.1.8-1 +- New upstream version 0.1.8. + +* Tue Jul 16 2019 Richard W.M. Jones - 0.1.7-1 +- New upstream version 0.1.7. + +* Wed Jul 3 2019 Richard W.M. Jones - 0.1.6-1 +- New upstream version 0.1.6. + +* Thu Jun 27 2019 Richard W.M. Jones - 0.1.5-1 +- New upstream version 0.1.5. + +* Sun Jun 09 2019 Richard W.M. Jones - 0.1.4-1 +- New upstream version 0.1.4. + +* Sun Jun 2 2019 Richard W.M. Jones - 0.1.2-2 +- Enable libxml2 for NBD URI support. + +* Thu May 30 2019 Richard W.M. Jones - 0.1.2-1 +- New upstream version 0.1.2. + +* Tue May 28 2019 Richard W.M. Jones - 0.1.1-1 +- Fix license in man pages and examples. +- Add nbdsh(1) man page. +- Include the signature and keyring even if validation is disabled. +- Update devel subpackage license. +- Fix old FSF address in Python tests. +- Filter Python provides. +- Remove executable permission on the tar.gz.sig file. +- Initial release. diff --git a/sources b/sources new file mode 100644 index 0000000..c45ba49 --- /dev/null +++ b/sources @@ -0,0 +1,2 @@ +SHA512 (libguestfs.keyring) = 69663d5dd3edb47af6f18119c0748211c1cecf230c2dd8baaf349f44df1f893730ca6bb8b1f60a55ea42f8ff04fd48c3e5954501bb57952950032012a42c9f19 +SHA512 (libnbd-1.22.2.tar.gz) = 5ece4cdc41cafefbe27ddaeafc2b6b390b0cf25f38f80c1b10ec2e17ee1dcda92964891faf4abca4c8aa5827c9eec6e0b38162871e8c72b2af8e769287cd603d