rpms/libnbd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: rpms:c8-stream-rhel
Branches Tags
rpms:c8-stream-rhel
rpms:c10s
rpms:c10
rpms:c9
rpms:c9-beta
rpms:c9s
rpms:c10-beta
rpms:stream-virt-rhel-rhel-8.10.0
rpms:stream-virt-rhel-rhel-8.9.0
rpms:c8-beta-stream-rhel
rpms:c8s-stream-rhel
rpms:a8-stream-rhel
rpms:imports/c10s/libnbd-1.24.1-1.el10
rpms:imports/c10/libnbd-1.22.2-3.el10_1
rpms:imports/c10s/libnbd-1.24.0-1.el10
rpms:imports/c9/libnbd-1.20.3-4.el9
rpms:imports/c10s/libnbd-1.23.12-1.el10
rpms:imports/c9-beta/libnbd-1.20.3-4.el9
rpms:imports/c10s/libnbd-1.23.7-1.el10
rpms:imports/c10s/libnbd-1.22.2-2.el10
rpms:imports/c10s/libnbd-1.22.2-1.el10
rpms:imports/c10s/libnbd-1.22.1-4.el10
rpms:imports/c10s/libnbd-1.22.1-3.el10
rpms:imports/c10s/libnbd-1.22.1-2.el10
rpms:imports/c9-beta/libnbd-1.20.3-1.el9
rpms:imports/c10s/libnbd-1.22.1-1.el10
rpms:imports/c10s/libnbd-1.22.0-1.el10
rpms:imports/c10-beta/libnbd-1.20.2-2.el10
rpms:imports/c10s/libnbd-1.20.3-2.el10
rpms:imports/c9-beta/libnbd-1.20.2-2.el9
rpms:imports/c10s/libnbd-1.20.3-1.el10
rpms:imports/c8-stream-rhel/libnbd-1.6.0-6.el8_10
rpms:imports/c9/libnbd-1.18.1-4.el9_4
rpms:imports/c10s/libnbd-1.20.2-2.el10
rpms:imports/c10s/libnbd-1.20.1-5.el10
rpms:imports/c9/libnbd-1.18.1-3.el9
rpms:imports/c9-beta/libnbd-1.16.0-1.el9
rpms:imports/c8-stream-rhel/libnbd-1.6.0-5.module+el8.8.0+16781+9f4724c2
rpms:imports/c9/libnbd-1.14.2-1.el9
rpms:imports/c9-beta/libnbd-1.14.2-1.el9
rpms:imports/c8-beta-stream-rhel/libnbd-1.6.0-5.module+el8.8.0+16781+9f4724c2
rpms:imports/c8s-stream-rhel/libnbd-1.6.0-5.module+el8.8.0+16781+9f4724c2
rpms:imports/c9/libnbd-1.12.6-1.el9
rpms:imports/c8-stream-rhel/libnbd-1.6.0-5.module+el8.7.0+16689+53d59bc2
rpms:imports/c9-beta/libnbd-1.12.6-1.el9
rpms:imports/c9/libnbd-1.10.5-1.el9
rpms:imports/c8-stream-rhel/libnbd-1.6.0-5.module+el8.6.0+14480+c0a3aa0f
rpms:imports/c8s-stream-rhel/libnbd-1.6.0-5.module+el8.6.0+14156+faad4bd2
rpms:imports/c8-beta-stream-rhel/libnbd-1.6.0-5.module+el8.6.0+14156+faad4bd2
rpms:imports/c9-beta/libnbd-1.10.5-1.el9
rpms:imports/c9-beta/libnbd-1.10.2-1.el9
rpms:imports/c9-beta/libnbd-1.10.1-1.el9
rpms:imports/c9-beta/libnbd-1.8.2-3.el9
rpms:imports/c8s-stream-rhel/libnbd-1.6.0-4.module+el8.6.0+12861+13975d62
rpms:imports/c8-beta-stream-rhel/libnbd-1.2.2-1.module+el8.3.0+7353+9de0a3cc
rpms:imports/c8-beta-stream-rhel/libnbd-1.2.2-1.module+el8.3.0+6423+e4cb6418
rpms:imports/c8s-stream-rhel/libnbd-1.2.2-1.module+el8.3.0+7353+9de0a3cc
rpms:imports/c8s-stream-rhel/libnbd-1.2.2-1.module+el8.3.0+6423+e4cb6418
rpms:imports/c8-stream-rhel/libnbd-1.2.2-1.module+el8.3.0+7353+9de0a3cc
..
compare: rpms:c10
Branches Tags
rpms:c10s
rpms:c10
rpms:c9
rpms:c9-beta
rpms:c9s
rpms:c10-beta
rpms:c8-stream-rhel
rpms:stream-virt-rhel-rhel-8.10.0
rpms:stream-virt-rhel-rhel-8.9.0
rpms:c8-beta-stream-rhel
rpms:c8s-stream-rhel
rpms:a8-stream-rhel
rpms:imports/c10s/libnbd-1.24.1-1.el10
rpms:imports/c10/libnbd-1.22.2-3.el10_1
rpms:imports/c10s/libnbd-1.24.0-1.el10
rpms:imports/c9/libnbd-1.20.3-4.el9
rpms:imports/c10s/libnbd-1.23.12-1.el10
rpms:imports/c9-beta/libnbd-1.20.3-4.el9
rpms:imports/c10s/libnbd-1.23.7-1.el10
rpms:imports/c10s/libnbd-1.22.2-2.el10
rpms:imports/c10s/libnbd-1.22.2-1.el10
rpms:imports/c10s/libnbd-1.22.1-4.el10
rpms:imports/c10s/libnbd-1.22.1-3.el10
rpms:imports/c10s/libnbd-1.22.1-2.el10
rpms:imports/c9-beta/libnbd-1.20.3-1.el9
rpms:imports/c10s/libnbd-1.22.1-1.el10
rpms:imports/c10s/libnbd-1.22.0-1.el10
rpms:imports/c10-beta/libnbd-1.20.2-2.el10
rpms:imports/c10s/libnbd-1.20.3-2.el10
rpms:imports/c9-beta/libnbd-1.20.2-2.el9
rpms:imports/c10s/libnbd-1.20.3-1.el10
rpms:imports/c8-stream-rhel/libnbd-1.6.0-6.el8_10
rpms:imports/c9/libnbd-1.18.1-4.el9_4
rpms:imports/c10s/libnbd-1.20.2-2.el10
rpms:imports/c10s/libnbd-1.20.1-5.el10
rpms:imports/c9/libnbd-1.18.1-3.el9
rpms:imports/c9-beta/libnbd-1.16.0-1.el9
rpms:imports/c8-stream-rhel/libnbd-1.6.0-5.module+el8.8.0+16781+9f4724c2
rpms:imports/c9/libnbd-1.14.2-1.el9
rpms:imports/c9-beta/libnbd-1.14.2-1.el9
rpms:imports/c8-beta-stream-rhel/libnbd-1.6.0-5.module+el8.8.0+16781+9f4724c2
rpms:imports/c8s-stream-rhel/libnbd-1.6.0-5.module+el8.8.0+16781+9f4724c2
rpms:imports/c9/libnbd-1.12.6-1.el9
rpms:imports/c8-stream-rhel/libnbd-1.6.0-5.module+el8.7.0+16689+53d59bc2
rpms:imports/c9-beta/libnbd-1.12.6-1.el9
rpms:imports/c9/libnbd-1.10.5-1.el9
rpms:imports/c8-stream-rhel/libnbd-1.6.0-5.module+el8.6.0+14480+c0a3aa0f
rpms:imports/c8s-stream-rhel/libnbd-1.6.0-5.module+el8.6.0+14156+faad4bd2
rpms:imports/c8-beta-stream-rhel/libnbd-1.6.0-5.module+el8.6.0+14156+faad4bd2
rpms:imports/c9-beta/libnbd-1.10.5-1.el9
rpms:imports/c9-beta/libnbd-1.10.2-1.el9
rpms:imports/c9-beta/libnbd-1.10.1-1.el9
rpms:imports/c9-beta/libnbd-1.8.2-3.el9
rpms:imports/c8s-stream-rhel/libnbd-1.6.0-4.module+el8.6.0+12861+13975d62
rpms:imports/c8-beta-stream-rhel/libnbd-1.2.2-1.module+el8.3.0+7353+9de0a3cc
rpms:imports/c8-beta-stream-rhel/libnbd-1.2.2-1.module+el8.3.0+6423+e4cb6418
rpms:imports/c8s-stream-rhel/libnbd-1.2.2-1.module+el8.3.0+7353+9de0a3cc
rpms:imports/c8s-stream-rhel/libnbd-1.2.2-1.module+el8.3.0+6423+e4cb6418
rpms:imports/c8-stream-rhel/libnbd-1.2.2-1.module+el8.3.0+7353+9de0a3cc

1 Commits
c8-stream- ... c10

Author SHA1 Message Date
eabdullin
505b1d6f2b import OL libnbd-1.22.2-3.el10_1 2026-02-05 12:36:33 +00:00
42 changed files with 3685 additions and 2664 deletions
Show Stats Expand all files Collapse all files

4
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/libguestfs.keyring
SOURCES/libnbd-1.6.0.tar.gz
libguestfs.keyring
libnbd-1.22.2.tar.gz

2
.libnbd.metadata
View File

@ -1,2 +0,0 @@
1bbc40f501a7fef9eef2a39b701a71aee2fea7c4 SOURCES/libguestfs.keyring
b14ac9349d324df71d26cf3de9fb606c56f18cb0 SOURCES/libnbd-1.6.0.tar.gz

51
0001-rust-Allow-cargo-build-target-RUST_TARGET-to-be-set.patch Normal file
View File

@ -0,0 +1,51 @@
From 1455311720b64b51a75fbc9f4da3e4a43551df53 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 22 Apr 2025 17:30:02 +0100
Subject: [PATCH] rust: Allow cargo build --target $RUST_TARGET to be set
(cherry picked from commit 6bfae4e22aad0d21a326ea2418dbc0d59718e14e)
---
configure.ac | 2 ++
rust/Makefile.am | 6 ++++--
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/configure.ac b/configure.ac
index 5feb6dbc..40d4f79f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -751,6 +751,8 @@ AS_IF([test "x$enable_rust" != "xno"],[
CARGO=no
])
])
+ AC_ARG_VAR([RUST_TARGET],
+ [if set, cargo build uses --target $RUST_TARGET])
],[CARGO=no])
AM_CONDITIONAL([HAVE_RUST],[test "x$CARGO" != "xno"])
diff --git a/rust/Makefile.am b/rust/Makefile.am
index a7700d69..29c29bd9 100644
--- a/rust/Makefile.am
+++ b/rust/Makefile.am
@@ -98,15 +98,17 @@ libnbd-sys/libnbd_version: Makefile
$(abs_top_builddir)/run echo $(VERSION) > libnbd-sys/libnbd_version.t
mv libnbd-sys/libnbd_version.t libnbd-sys/libnbd_version
+RUST_TARGET_PARAM := $(if $(RUST_TARGET),--target $(RUST_TARGET))
+
target/debug/liblibnbd.rlib: $(source_files)
- $(abs_top_builddir)/run $(CARGO) build
+ $(abs_top_builddir)/run $(CARGO) build $(RUST_TARGET_PARAM)
target/doc/libnbd/index.html: $(source_files)
$(abs_top_builddir)/run $(CARGO) doc
# This will actually build all the examples:
target/debug/examples/get-size: $(source_files)
- $(abs_top_builddir)/run $(CARGO) build --examples
+ $(abs_top_builddir)/run $(CARGO) build $(RUST_TARGET_PARAM) --examples
if HAVE_POD
--
2.47.3

318
0003-maint-Spelling-fixes.patch Normal file
View File

@ -0,0 +1,318 @@
From 3714f8912d9d1a56866df7309c4e9f0e6e60f809 Mon Sep 17 00:00:00 2001
From: Eric Blake <eblake@redhat.com>
Date: Thu, 24 Apr 2025 08:30:00 -0500
Subject: [PATCH] maint: Spelling fixes
As detected by:
$ git ls-files | xargs codespell -L Tage
Signed-off-by: Eric Blake <eblake@redhat.com>
(cherry picked from commit 17513dabee51b2bbbe878b06aafc50e6e2ba28de)
---
copy/file-ops.c | 2 +-
docs/libnbd-release-notes-1.18.pod | 2 +-
docs/libnbd.pod | 4 ++--
examples/copy-libev.c | 12 ++++++------
golang/aio_buffer.go | 2 +-
golang/callbacks.go | 2 +-
golang/examples/aio_copy/aio_copy.go | 4 ++--
golang/libnbd_020_aio_buffer_test.go | 2 +-
golang/libnbd_590_aio_copy_test.go | 2 +-
golang/make-dist.sh | 2 +-
info/main.c | 8 ++++----
interop/interop.c | 2 +-
ocaml/examples/asynch_copy.ml | 2 +-
ocaml/tests/test_590_aio_copy.ml | 2 +-
rust/cargo_test/README.md | 6 +++---
rust/tests/test_log/mod.rs | 2 +-
tests/closure-lifetimes.c | 2 +-
17 files changed, 29 insertions(+), 29 deletions(-)
diff --git a/copy/file-ops.c b/copy/file-ops.c
index 491a4553..b3b04f5d 100644
--- a/copy/file-ops.c
+++ b/copy/file-ops.c
@@ -82,7 +82,7 @@ struct rw_file {
bool seek_hole_supported;
int sector_size;
- /* We try to use the most eficient zeroing first. If an efficent zero
+ /* We try to use the most efficient zeroing first. If an efficient zero
* method is not available, we disable the flag so next time we use
* the working method.
*/
diff --git a/docs/libnbd-release-notes-1.18.pod b/docs/libnbd-release-notes-1.18.pod
index 836ebe19..dc284bf4 100644
--- a/docs/libnbd-release-notes-1.18.pod
+++ b/docs/libnbd-release-notes-1.18.pod
@@ -145,7 +145,7 @@ Consistently wrap source code at 80 columns (Laszlo Ersek).
Debug messages no longer print the very verbose state transitions
inside the state machine as these are not usually useful. You can
-reenable this by defining C<-DLIBNBD_STATE_VERBOSE=1> at compile time.
+re-enable this by defining C<-DLIBNBD_STATE_VERBOSE=1> at compile time.
Completion C<.callback> methods are now always called exactly once,
and documentation is clearer on when this happens (Eric Blake).
diff --git a/docs/libnbd.pod b/docs/libnbd.pod
index 796a6f03..a7039210 100644
--- a/docs/libnbd.pod
+++ b/docs/libnbd.pod
@@ -936,7 +936,7 @@ it would cause deadlock.
=head2 Completion callbacks
-All of the asychronous commands have an optional completion callback
+All of the asynchronous commands have an optional completion callback
function that is used if the call to the asynchronous API reports
success. The completion callback is invoked when the submitted
command is eventually marked complete, after any mid-command callbacks
@@ -976,7 +976,7 @@ callback will still be valid (corresponding to the current portion of
the server's reply), and the overall command will still fail (at the
completion callback or L<nbd_aio_command_completed(3)> for an
asynchronous command, or as the result of the overall synchronous
-command). Returing C<-1> from a mid-command callback does not prevent
+command). Returning C<-1> from a mid-command callback does not prevent
that callback from being reached again, if the server sends more
mid-command replies that warrant another use of that callback. A
mid-command callback may be reached more times than expected if the
diff --git a/examples/copy-libev.c b/examples/copy-libev.c
index e8e3cda2..6c91c55d 100644
--- a/examples/copy-libev.c
+++ b/examples/copy-libev.c
@@ -3,7 +3,7 @@
*
* http://pod.tst.eu/http://cvs.schmorp.de/libev/ev.pod
*
- * To build it you need the libev-devel pacakge.
+ * To build it you need the libev-devel package.
*
* To run it:
*
@@ -32,7 +32,7 @@
#include <ev.h>
-/* These values depend on the enviroment tested.
+/* These values depend on the environment tested.
*
* For shared storage using direct I/O:
*
@@ -76,8 +76,8 @@ enum request_state {
IDLE, /* Not used yet. */
EXTENTS, /* Getting extents from source. */
READ, /* Read from source. */
- WRITE, /* Write to destiation. */
- ZERO, /* Write zeroes to destiation. */
+ WRITE, /* Write to destination. */
+ ZERO, /* Write zeroes to destination. */
SLEEP /* Waiting for extents completion. */
};
@@ -631,12 +631,12 @@ main (int argc, char *argv[])
debug = getenv ("COPY_LIBEV_DEBUG") != NULL;
- /* Configure soruce to report extents. */
+ /* Configure source to report extents. */
if (nbd_add_meta_context (src.nbd, LIBNBD_CONTEXT_BASE_ALLOCATION))
FAIL ("Cannot add base:allocation: %s", nbd_get_error ());
- /* Connecting is fast, so use the syncronous API. */
+ /* Connecting is fast, so use the synchronous API. */
if (nbd_connect_uri (src.nbd, argv[1]))
FAIL ("Cannot connect to source: %s", nbd_get_error ());
diff --git a/golang/aio_buffer.go b/golang/aio_buffer.go
index 3ddfce94..ff00e0a4 100644
--- a/golang/aio_buffer.go
+++ b/golang/aio_buffer.go
@@ -80,7 +80,7 @@ func (b *AioBuffer) Bytes() []byte {
// Slice creates a slice backed by the underlying C array. The slice can be
// used to access or modify the contents of the underlying array. The slice
-// must not be used after caling Free().
+// must not be used after calling Free().
func (b *AioBuffer) Slice() []byte {
if b.P == nil {
panic("Using AioBuffer after Free()")
diff --git a/golang/callbacks.go b/golang/callbacks.go
index ac53572c..f9b4958a 100644
--- a/golang/callbacks.go
+++ b/golang/callbacks.go
@@ -36,7 +36,7 @@
// - Create an exported Golang function whose job will be to retrieve
// the context and execute the callback in it
// (connErrCallback). Such a function should receive a callback ID
-// and will use it to retrive the context.
+// and will use it to retrieve the context.
//
// - Create a CGO function similar to the above function but with the
// appropriate signature to be registered as a callback in C code
diff --git a/golang/examples/aio_copy/aio_copy.go b/golang/examples/aio_copy/aio_copy.go
index 1de115b1..62756a97 100644
--- a/golang/examples/aio_copy/aio_copy.go
+++ b/golang/examples/aio_copy/aio_copy.go
@@ -62,8 +62,8 @@
)
// command keeps state of single AioPread call while the read is handled by
-// libnbd, until the command reach the front of the queue and can be writen to
-// the output.
+// libnbd, until the command reach the front of the queue and can be written
+// to the output.
type command struct {
buf libnbd.AioBuffer
ready bool
diff --git a/golang/libnbd_020_aio_buffer_test.go b/golang/libnbd_020_aio_buffer_test.go
index 5e63e27c..8addc350 100644
--- a/golang/libnbd_020_aio_buffer_test.go
+++ b/golang/libnbd_020_aio_buffer_test.go
@@ -75,7 +75,7 @@ func TestAioBuffer(t *testing.T) {
t.Fatalf("Expected %v, got %v", zeroes, buf2.Bytes())
}
- /* Crated a zeroed buffer. */
+ /* Create a zeroed buffer. */
buf3 := MakeAioBufferZero(uint(32))
defer buf.Free()
diff --git a/golang/libnbd_590_aio_copy_test.go b/golang/libnbd_590_aio_copy_test.go
index 6ae0cc63..410c8f45 100644
--- a/golang/libnbd_590_aio_copy_test.go
+++ b/golang/libnbd_590_aio_copy_test.go
@@ -86,7 +86,7 @@ func write_completed(buf AioBuffer) int {
return 1
}
-/* Copy between two libnbd handles using aynchronous I/O (AIO). */
+/* Copy between two libnbd handles using asynchronous I/O (AIO). */
func asynch_copy(t *testing.T, src *Libnbd, dst *Libnbd) {
size, _ := dst.GetSize()
diff --git a/golang/make-dist.sh b/golang/make-dist.sh
index e6c126c3..03cfc6a2 100755
--- a/golang/make-dist.sh
+++ b/golang/make-dist.sh
@@ -112,7 +112,7 @@ echo "$info" > $v_dir/$version.info
cp go.mod $v_dir/$version.mod
mv $version.zip $v_dir
-# Create the list file by amending the curent file on the server.
+# Create the list file by amending the current file on the server.
list_url=https://download.libguestfs.org/libnbd/golang/libguestfs.org/libnbd/@v/list
curl --silent --show-error "$list_url" | sort > $v_dir/list
grep -q "$version" $v_dir/list || echo "$version" >> $v_dir/list
diff --git a/info/main.c b/info/main.c
index 1ee9e329..f7da425f 100644
--- a/info/main.c
+++ b/info/main.c
@@ -130,7 +130,7 @@ main (int argc, char *argv[])
{ "can", required_argument, NULL, CAN_OPTION },
{ "cannot", required_argument, NULL, CANNOT_OPTION },
{ "can-not", required_argument, NULL, CANNOT_OPTION },
- { "cant", required_argument, NULL, CANNOT_OPTION },
+ { "can""t", required_argument, NULL, CANNOT_OPTION },
{ "color", no_argument, NULL, COLOUR_OPTION },
{ "colors", no_argument, NULL, COLOUR_OPTION },
{ "colour", no_argument, NULL, COLOUR_OPTION },
@@ -144,15 +144,15 @@ main (int argc, char *argv[])
{ "has", required_argument, NULL, CAN_OPTION },
{ "hasnot", required_argument, NULL, CANNOT_OPTION },
{ "has-not", required_argument, NULL, CANNOT_OPTION },
- { "hasnt", required_argument, NULL, CANNOT_OPTION },
+ { "hasn""t", required_argument, NULL, CANNOT_OPTION },
{ "have", required_argument, NULL, CAN_OPTION },
- { "havent", required_argument, NULL, CANNOT_OPTION },
+ { "haven""t", required_argument, NULL, CANNOT_OPTION },
{ "havenot", required_argument, NULL, CANNOT_OPTION },
{ "have-not", required_argument, NULL, CANNOT_OPTION },
{ "is", required_argument, NULL, CAN_OPTION },
{ "isnot", required_argument, NULL, CANNOT_OPTION },
{ "is-not", required_argument, NULL, CANNOT_OPTION },
- { "isnt", required_argument, NULL, CANNOT_OPTION },
+ { "isn""t", required_argument, NULL, CANNOT_OPTION },
{ "json", no_argument, NULL, JSON_OPTION },
{ "list", no_argument, NULL, 'L' },
{ "long-options", no_argument, NULL, LONG_OPTIONS },
diff --git a/interop/interop.c b/interop/interop.c
index 1ea0216e..841b7c9d 100644
--- a/interop/interop.c
+++ b/interop/interop.c
@@ -131,7 +131,7 @@ main (int argc, char *argv[])
* need to have our own log handler.
*
* Also the log levels are quite random. Level 2 doesn't show the
- * negotiated cyphersuite, but level 3+ shows excessive detail.
+ * negotiated ciphersuite, but level 3+ shows excessive detail.
*/
gnutls_global_set_log_level (2);
gnutls_global_set_log_function (tls_log);
diff --git a/ocaml/examples/asynch_copy.ml b/ocaml/examples/asynch_copy.ml
index 7132f573..8962a09e 100644
--- a/ocaml/examples/asynch_copy.ml
+++ b/ocaml/examples/asynch_copy.ml
@@ -10,7 +10,7 @@ let max_reads_in_flight = 16
let dir_is_read dir = dir land (Int32.to_int NBD.aio_direction_read) <> 0
let dir_is_write dir = dir land (Int32.to_int NBD.aio_direction_write) <> 0
-(* Copy between two libnbd handles using aynchronous I/O (AIO). *)
+(* Copy between two libnbd handles using asynchronous I/O (AIO). *)
let asynch_copy src dst =
let size = NBD.get_size dst in
diff --git a/ocaml/tests/test_590_aio_copy.ml b/ocaml/tests/test_590_aio_copy.ml
index 25105e07..b5fb5cd6 100644
--- a/ocaml/tests/test_590_aio_copy.ml
+++ b/ocaml/tests/test_590_aio_copy.ml
@@ -34,7 +34,7 @@ let bytes_written = ref 0
let dir_is_read dir = dir land (Int32.to_int NBD.aio_direction_read) <> 0
let dir_is_write dir = dir land (Int32.to_int NBD.aio_direction_write) <> 0
-(* Copy between two libnbd handles using aynchronous I/O (AIO). *)
+(* Copy between two libnbd handles using asynchronous I/O (AIO). *)
let asynch_copy src dst =
let size = NBD.get_size dst in
diff --git a/rust/cargo_test/README.md b/rust/cargo_test/README.md
index f80646b9..039cdb3e 100644
--- a/rust/cargo_test/README.md
+++ b/rust/cargo_test/README.md
@@ -1,3 +1,3 @@
-The solely purpose of this directory is to serve as a test crate for checking if Cargo is useable.
-`cargo test`, `cargo doc` and `cargo fmt` are run in the Autoconf script in this directory. If any of the commands failes,
-Cargo is assumed not to be useable and the Rust bindings will be disabled.
+The sole purpose of this directory is to serve as a test crate for checking if Cargo is usable.
+`cargo test`, `cargo doc` and `cargo fmt` are run in the Autoconf script in this directory. If any of the commands fails,
+Cargo is assumed not to be usable and the Rust bindings will be disabled.
diff --git a/rust/tests/test_log/mod.rs b/rust/tests/test_log/mod.rs
index 8dbcd79f..d3fe98eb 100644
--- a/rust/tests/test_log/mod.rs
+++ b/rust/tests/test_log/mod.rs
@@ -49,7 +49,7 @@ impl DebugLogger {
}
}
- /// Check wether a specific message has been logged.
+ /// Check whether a specific message has been logged.
pub fn contains(&self, msg: &str) -> bool {
self.entries.lock().unwrap().iter().any(|(_, x)| x == msg)
}
diff --git a/tests/closure-lifetimes.c b/tests/closure-lifetimes.c
index b9d9ce14..d6625095 100644
--- a/tests/closure-lifetimes.c
+++ b/tests/closure-lifetimes.c
@@ -156,7 +156,7 @@ main (int argc, char *argv[])
completion_callback, 0);
if (cookie == -1) NBD_ERROR;
/* read_cb_called is indeterminate at this point, as state machine
- * progress may vary based on task schduling and network speed factors.
+ * progress may vary based on task scheduling and network speed factors.
*/
assert (completion_cb_called == 0);
assert (read_cb_freed == 0);
--
2.47.3

89
0004-generator-Avoid-const-correctness-warnings-in-golang.patch Normal file
View File

@ -0,0 +1,89 @@
From 3d7cc461d78451cda566d6994a30ae8e1e789575 Mon Sep 17 00:00:00 2001
From: Eric Blake <eblake@redhat.com>
Date: Sat, 31 May 2025 07:37:28 -0500
Subject: [PATCH] generator: Avoid const-correctness warnings in golang
Hack the generator to add the necessary casts to discard const in a
way that shuts up the warnings from compiling wrappers.go.
Signed-off-by: Eric Blake <eblake@redhat.com>
(cherry picked from commit a909e74f902bb9d1e8a4ab87ae5ccf76d4675787)
---
generator/C.ml | 10 ++++++----
generator/C.mli | 2 +-
generator/GoLang.ml | 4 ++--
3 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/generator/C.ml b/generator/C.ml
index ad08437c..50d22306 100644
--- a/generator/C.ml
+++ b/generator/C.ml
@@ -286,16 +286,16 @@ let print_fndecl ?wrap ?closure_style name args optargs ret =
pr "\n LIBNBD_ATTRIBUTE_NONNULL (%s);\n" (String.concat ", " nns)
let rec print_cbarg_list ?(wrap = false) ?maxcol ?types ?(parens = true)
- cbargs =
+ ?(noconst = false) cbargs =
if parens then pr "(";
if wrap then
pr_wrap ?maxcol ','
- (fun () -> print_cbarg_list' ?types cbargs)
+ (fun () -> print_cbarg_list' ?types noconst cbargs)
else
- print_cbarg_list' ?types cbargs;
+ print_cbarg_list' ?types noconst cbargs;
if parens then pr ")"
-and print_cbarg_list' ?(types = true) cbargs =
+and print_cbarg_list' ?(types = true) noconst cbargs =
if types then pr "void *";
pr "user_data";
@@ -316,6 +316,7 @@ and print_cbarg_list' ?(types = true) cbargs =
| CBArrayAndLen _ -> assert false
| CBBytesIn (n, len) ->
if types then pr "const void *";
+ if noconst then pr "(void *)";
pr "%s, " n;
if types then pr "size_t ";
pr "%s" len
@@ -331,6 +332,7 @@ and print_cbarg_list' ?(types = true) cbargs =
| CBMutable arg -> assert false
| CBString n ->
if types then pr "const char *";
+ if noconst then pr "(char *)";
pr "%s" n
| CBUInt n ->
if types then pr "unsigned ";
diff --git a/generator/C.mli b/generator/C.mli
index a4b31351..75d77276 100644
--- a/generator/C.mli
+++ b/generator/C.mli
@@ -34,7 +34,7 @@ val print_arg_list : ?wrap:bool -> ?maxcol:int ->
?closure_style:closure_style ->
API.arg list -> API.optarg list -> unit
val print_cbarg_list : ?wrap:bool -> ?maxcol:int ->
- ?types:bool -> ?parens:bool ->
+ ?types:bool -> ?parens:bool -> ?noconst:bool ->
API.cbarg list -> unit
val print_call : ?wrap:bool -> ?maxcol:int ->
?closure_style:closure_style ->
diff --git a/generator/GoLang.ml b/generator/GoLang.ml
index 3fe7cd53..1505a598 100644
--- a/generator/GoLang.ml
+++ b/generator/GoLang.ml
@@ -159,9 +159,9 @@ let print_callback_wrapper { cbname; cbargs } =
C.print_cbarg_list ~wrap:true cbargs;
pr "\n";
pr "{\n";
- pr " // golang isn't const-correct, there will be warnings here:\n";
+ pr " // golang isn't const-correct, casts avoid warnings here:\n";
pr " return %s_callback ((long *)" cbname;
- C.print_cbarg_list ~types:false ~parens:false cbargs;
+ C.print_cbarg_list ~types:false ~parens:false ~noconst:true cbargs;
pr ");\n";
pr "}\n";
pr "\n";
--
2.47.3

114
0005-info-Tolerate-nbdkit-slop-on-large-extents.patch Normal file
View File

@ -0,0 +1,114 @@
From 5fef22179c1ce7e032a773733073349d90aab155 Mon Sep 17 00:00:00 2001
From: Eric Blake <eblake@redhat.com>
Date: Sat, 31 May 2025 08:24:37 -0500
Subject: [PATCH] info: Tolerate nbdkit slop on large extents
The NBD spec currently requires servers to send aligned block extents
back if the client and server agreed to a minimum block size; but
nbdkit 1.42 has an issue where the server recognizes that a plugin
reporting an aligned extent of exactly 4G is too large for a 32-bit
block status response, and truncates it early but to an unaligned
offset (such a truncation is to an offset larger than the client's
request size). Although I'm also submitting a parallel patch to the
NBD spec to relax things on this front, and to nbdkit 1.44 to report
aligned offsets in the first place, it is still worth teaching nbdinfo
to work around this shortcoming of existing nbdkit releases. The
added test fails when applied in isolation without the corresponding
map.c changes and run against nbdkit 1.42.
Signed-off-by: Eric Blake <eblake@redhat.com>
(cherry picked from commit 7dc75f2542a003c7429f1af93b7ecbaef00b567c)
---
info/Makefile.am | 1 +
info/info-map-large-extent.sh | 42 +++++++++++++++++++++++++++++++++++
info/map.c | 12 +++++++++-
3 files changed, 54 insertions(+), 1 deletion(-)
create mode 100755 info/info-map-large-extent.sh
diff --git a/info/Makefile.am b/info/Makefile.am
index 21cf3f46..697bb2b6 100644
--- a/info/Makefile.am
+++ b/info/Makefile.am
@@ -49,6 +49,7 @@ info_sh_files = \
info-map-base-allocation-large.sh \
info-map-base-allocation-weird.sh \
info-map-base-allocation-zero.sh \
+ info-map-large-extent.sh \
info-map-qemu-dirty-bitmap.sh \
info-map-qemu-allocation-depth.sh \
info-map-totals.sh \
diff --git a/info/info-map-large-extent.sh b/info/info-map-large-extent.sh
new file mode 100755
index 00000000..91867275
--- /dev/null
+++ b/info/info-map-large-extent.sh
@@ -0,0 +1,42 @@
+#!/usr/bin/env bash
+# nbd client library in userspace
+# Copyright Red Hat
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+. ../tests/functions.sh
+
+set -e
+set -x
+
+requires $NBDKIT --version
+requires $NBDKIT -U - --filter=blocksize-policy data 1 --run 'test "$uri" != ""'
+
+out=info-map-large-extent.out
+cleanup_fn rm -f $out
+rm -f $out
+
+# nbdkit < 1.44 had a bug where 4G large extents would truncate larger than
+# the aligned request; whether or not nbdkit is fixed, we can work around it.
+$NBDKIT -U - data data='@4294967296 1 @^512' \
+ --filter=blocksize-policy blocksize-minimum=512 \
+ --run '$VG nbdinfo --map "$uri"' > $out
+
+cat $out
+
+diff -u - $out <<EOF
+ 0 4294967296 3 hole,zero
+4294967296 512 0 data
+EOF
diff --git a/info/map.c b/info/map.c
index 38b60c39..dfc8e911 100644
--- a/info/map.c
+++ b/info/map.c
@@ -95,8 +95,18 @@ do_map (void)
progname);
exit (EXIT_FAILURE);
}
- for (i = prev_entries_size; i < entries.len; i++)
+ for (i = prev_entries_size; i < entries.len; i++) {
+ /* nbdkit < 1.44 has a bug where even though we requested an
+ * aligned request at 4G-alignment, the result can be unaligned
+ * if it is larger than the request. The easiest workaround is
+ * to ignore the slop.
+ */
+ if (entries.ptr[i].length > max_len) {
+ entries.ptr[i].length = max_len;
+ entries.len = i + 1;
+ }
offset += entries.ptr[i].length;
+ }
}
if (!totals)
--
2.47.3

42
0006-todo-Remove-a-couple-of-minor-features-that-have-bee.patch Normal file
View File

@ -0,0 +1,42 @@
From 2a8dbd3840c7b01e7c544035749d3fde893923ed Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Sat, 12 Jul 2025 18:12:42 +0100
Subject: [PATCH] todo: Remove a couple of minor features that have been
implemented
Rust was implemented in 2023.
nbdcopy implemented page cache efficient operations.
(cherry picked from commit fe284d59fa0e5a85a4abac418efb8b79d81cdbb5)
---
TODO | 6 ------
1 file changed, 6 deletions(-)
diff --git a/TODO b/TODO
index e140b4fd..426b0384 100644
--- a/TODO
+++ b/TODO
@@ -1,10 +1,6 @@
Explore if nbd_aio_notify_error is needed for faster response if
server goes away.
-Bindings in other languages.
- - Latest attempt at adding Rust:
- https://www.redhat.com/archives/libguestfs/2019-August/msg00416.html
-
Example code integrating with ppoll, pollfd, APR pollset (and others?).
NBD resize extension.
@@ -32,8 +28,6 @@ nbdcopy:
- Synchronous loop should be adjusted to take into account
the NBD preferred block size, as was done for multi-thread loop.
- Benchmark.
- - Better page cache usage, see nbdkit-file-plugin options
- fadvise=sequential cache=none.
- Consider io_uring if there are performance bottlenecks.
- Configurable retries in response to read or write failures.
--
2.47.3

28
0007-ublk-Remove-unused-EXPECTED_VERSION.patch Normal file
View File

@ -0,0 +1,28 @@
From 5717b3a12ed7df158abf89fc79d030c415c1a113 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Wed, 16 Jul 2025 12:31:33 +0100
Subject: [PATCH] ublk: Remove unused EXPECTED_VERSION
Probably we should test nbdublk --version. As we do not, this
variable was not used.
(cherry picked from commit 01f5d93d43f7eab0444c87d9d99e2ecea9bf9d44)
---
ublk/Makefile.am | 1 -
1 file changed, 1 deletion(-)
diff --git a/ublk/Makefile.am b/ublk/Makefile.am
index 667d7d0c..e06e4396 100644
--- a/ublk/Makefile.am
+++ b/ublk/Makefile.am
@@ -24,7 +24,6 @@ EXTRA_DIST = \
TESTS_ENVIRONMENT = \
LIBNBD_DEBUG=1 \
$(MALLOC_CHECKS) \
- EXPECTED_VERSION=$(VERSION) \
$(NULL)
LOG_COMPILER = $(top_builddir)/run
TESTS =
--
2.47.3

1111
0008-copy-Add-blkhash-option.patch Normal file
View File

File diff suppressed because it is too large Load Diff

33
0009-copy-Fix-crash-when-blkhash-size-is-not-a-power-of-2.patch Normal file
View File

@ -0,0 +1,33 @@
From d19e6eb145d93c827c5acf1b4c009ff27749a205 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Mon, 7 Apr 2025 11:35:25 +0100
Subject: [PATCH] copy: Fix crash when blkhash size is not a power of 2
nbdcopy: blkhash.c:105: init_blkhash: Assertion `is_power_of_2 (blkhash_size)' failed.
The check for this was wrong, resulting in a later assertion failure
instead of an error message.
Reported-by: Vera Wu
Fixes: https://issues.redhat.com/browse/RHEL-85513
(cherry picked from commit 6c6e0822c854e423d79bef87caf1c20c5bdb5eb5)
---
copy/main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/copy/main.c b/copy/main.c
index 8f943b30..9afb627c 100644
--- a/copy/main.c
+++ b/copy/main.c
@@ -220,7 +220,7 @@ main (int argc, char *argv[])
prog, "--blkhash", error, pstr);
exit (EXIT_FAILURE);
}
- if (! is_power_of_2 (blkhash_size)) {
+ if (! is_power_of_2 (i64)) {
fprintf (stderr, "%s: %s is not a power of two: %s\n",
prog, "--blkhash", &optarg[i+1]);
exit (EXIT_FAILURE);
--
2.47.3

66
0010-copy-Define-block_type-outside-of-block-struct.patch Normal file
View File

@ -0,0 +1,66 @@
From f48db2429c5aa5f56018baa18c2aa37f756975ef Mon Sep 17 00:00:00 2001
From: Nir Soffer <nsoffer@redhat.com>
Date: Sun, 13 Apr 2025 14:51:09 +0000
Subject: [PATCH] copy: Define block_type outside of block struct
This make the code easier to follow and maintain.
(cherry picked from commit dc5f0e6c79e7aa03ba634b71d4780f6d7d039cdd)
---
copy/blkhash.c | 38 ++++++++++++++++++++------------------
1 file changed, 20 insertions(+), 18 deletions(-)
diff --git a/copy/blkhash.c b/copy/blkhash.c
index 622d8a39..526db4d2 100644
--- a/copy/blkhash.c
+++ b/copy/blkhash.c
@@ -43,26 +43,28 @@
#ifdef HAVE_GNUTLS
+/* unknown => We haven't seen this block yet. 'ptr' is NULL.
+ *
+ * zero => The block is all zeroes. 'ptr' is NULL.
+ *
+ * data => The block is all data, and we have seen the whole block,
+ * and the hash has been computed. 'ptr' points to the computed
+ * hash. 'n' is unused.
+ *
+ * incomplete => Part of the block was seen. 'ptr' points to the
+ * data block, waiting to be completed. 'n' is the number of bytes
+ * seen so far. We will compute the hash and turn this into a
+ * 'data' or 'zero' block, either when we have seen all bytes of
+ * this block, or at the end.
+ *
+ * Note that this code assumes that we are called exactly once for a
+ * range in the disk image.
+ */
+enum block_type { block_unknown = 0, block_zero, block_data, block_incomplete };
+
/* We will have one of these structs per blkhash block. */
struct block {
- /* unknown => We haven't seen this block yet. 'ptr' is NULL.
- *
- * zero => The block is all zeroes. 'ptr' is NULL.
- *
- * data => The block is all data, and we have seen the whole block,
- * and the hash has been computed. 'ptr' points to the computed
- * hash. 'n' is unused.
- *
- * incomplete => Part of the block was seen. 'ptr' points to the
- * data block, waiting to be completed. 'n' is the number of bytes
- * seen so far. We will compute the hash and turn this into a
- * 'data' or 'zero' block, either when we have seen all bytes of
- * this block, or at the end.
- *
- * Note that this code assumes that we are called exactly once for a
- * range in the disk image.
- */
- enum { block_unknown = 0, block_zero, block_data, block_incomplete } type;
+ enum block_type type;
void *ptr;
size_t n;
};
--
2.47.3

78
0011-copy-Shrink-struct-block.patch Normal file
View File

@ -0,0 +1,78 @@
From 361ae3810398d0d5c3550267b0470ba235d94c32 Mon Sep 17 00:00:00 2001
From: Nir Soffer <nsoffer@redhat.com>
Date: Sun, 13 Apr 2025 14:54:31 +0000
Subject: [PATCH] copy: Shrink struct block
Change n to uint32_t since block size bigger than 4g does not make
sense. Move the type field to the end to shrink struct size from 24
bytes to 16.
This minimizes memory usage and improves locality. For example we can
have 4 blocks in a single cache line instead of 2.5.
Testing shows up to 8% improvement in time and 33% in maximum resident
set size with 1000g empty image. With images full of zeros or images
full of non-zero bytes we see lower memory usage but no difference in
time.
| size | content | tool | source | version | memory | time |
|--------|---------|------------|--------|---------|----------|----------|
| 1000g | hole | nbdcopy | file | before | 644716k | 3.33s |
| 1000g | hole | nbdcopy | file | after | 516716k | 3.10s |
| 1000g | hole | nbdcopy | nbd | before | 388844k | 1.13s |
| 1000g | hole | nbdcopy | nbd | after | 260716k | 1.04s |
| 1000g | hole | blksum | nbd | - | 10792k | 0.29s |
| 1000g | hole | sha256sum | file | - | *2796k | *445.00s |
|--------|---------|------------|--------|---------|----------|----------|
| 10g | zero | nbdcopy | file | before | 20236k | 1.33s |
| 10g | zero | nbdcopy | file | after | 18796k | 1.32s |
| 10g | zero | nbdcopy | nbd | before | 32648k | 8.21s |
| 10g | zero | nbdcopy | nbd | after | 31416k | 8.23s |
| 10g | zero | nbdcopy | pipe | before | 19052k | 4.56s |
| 10g | zero | nbdcopy | pipe | after | 17772k | 4.56s |
| 10g | zero | blksum | nbd | - | 13948k | 3.90s |
| 10g | zero | blksum | pipe | - | 10340k | 0.55s |
| 10g | zero | sha256sum | file | - | 2796k | 4.45s |
|--------|---------|------------|--------|---------|----------|----------|
| 10g | data | nbdcopy | file | before | 20224k | 1.28s |
| 10g | data | nbdcopy | file | after | 19036k | 1.26s |
| 10g | data | nbdcopy | nbd | before | 32792k | 8.02s |
| 10g | data | nbdcopy | nbd | after | 31512k | 8.02s |
| 10g | data | nbdcopy | pipe | before | 19052k | 4.56s |
| 10g | data | nbdcopy | pipe | after | 17772k | 4.57s |
| 10g | data | blksum | nbd | - | 13888k | 3.88s |
| 10g | data | blksum | pipe | - | 12512k | 1.10s |
| 10g | data | sha256sum | file | - | 2788k | 4.49s |
* estimated based on 10g image
Measured using:
/usr/bin/time -f "memory=%Mk time=%es" ./nbdcopy --blkhash ...
Tested on Fedora 41 VM on MacBook Pro M2 Max.
(cherry picked from commit f3e1b5fe8423558b49a2b829c0fe13f601b475f2)
---
copy/blkhash.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/copy/blkhash.c b/copy/blkhash.c
index 526db4d2..41253ec8 100644
--- a/copy/blkhash.c
+++ b/copy/blkhash.c
@@ -64,9 +64,9 @@ enum block_type { block_unknown = 0, block_zero, block_data, block_incomplete };
/* We will have one of these structs per blkhash block. */
struct block {
- enum block_type type;
void *ptr;
- size_t n;
+ uint32_t n;
+ enum block_type type;
};
DEFINE_VECTOR_TYPE(blocks, struct block);
--
2.47.3

65
0012-copy-Enable-zero-optimization-for-allocated-extents.patch Normal file
View File

@ -0,0 +1,65 @@
From d57d58ba193674bef225f0e7094b0efbaa47f680 Mon Sep 17 00:00:00 2001
From: Nir Soffer <nsoffer@redhat.com>
Date: Sun, 13 Apr 2025 23:39:15 +0000
Subject: [PATCH] copy: Enable zero optimization for allocated extents
We optimized zero extents but computed the hash for all data blocks,
including data blocks full of zeros. Detecting a zero block is 20-100
times faster than computing a hash, depending on the machine and the
hash algorithm.
When adding a completed block, detect zero blocks and mark the block as
zero block, saving the computation of the hash and the allocation of the
digest buffer.
This optimization is already implemented for incomplete blocks.
Testing shows that computing a hash for image full of zeros is up to 7.4
times faster, and memory usage is up to 40% lower.
| size | content | tool | source | version | memory | time |
|--------|---------|------------|--------|---------|----------|----------|
| 10g | zero | nbdcopy | file | before | 20236k | 1.33s |
| 10g | zero | nbdcopy | file | after | 13212k | 0.33s |
| 10g | zero | nbdcopy | nbd | before | 32648k | 8.21s |
| 10g | zero | nbdcopy | nbd | after | 24996k | 3.32s |
| 10g | zero | nbdcopy | pipe | before | 19052k | 4.56s |
| 10g | zero | nbdcopy | pipe | after | 11244k | 0.61s |
| 10g | zero | blksum | nbd | - | 13948k | 3.90s |
| 10g | zero | blksum | pipe | - | 10340k | 0.55s |
| 10g | zero | sha256sum | file | - | 2796k | 4.45s |
|--------|---------|------------|--------|---------|----------|----------|
| 10g | data | nbdcopy | file | before | 20224k | 1.28s |
| 10g | data | nbdcopy | file | after | 20400k | 1.28s |
| 10g | data | nbdcopy | nbd | before | 32792k | 8.02s |
| 10g | data | nbdcopy | nbd | after | 32536k | 8.01s |
| 10g | data | nbdcopy | pipe | before | 19052k | 4.56s |
| 10g | data | nbdcopy | pipe | after | 19048k | 4.55s |
| 10g | data | blksum | nbd | - | 13888k | 3.88s |
| 10g | data | blksum | pipe | - | 12512k | 1.10s |
| 10g | data | sha256sum | file | - | 2788k | 4.49s |
(cherry picked from commit efbe283f9fcfc8b4e57370f71356b1bfe7ffd0a4)
---
copy/blkhash.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/copy/blkhash.c b/copy/blkhash.c
index 41253ec8..92ffafbd 100644
--- a/copy/blkhash.c
+++ b/copy/blkhash.c
@@ -213,7 +213,10 @@ set_complete_block (uint64_t blknum, const char *buf)
/* Assert that we haven't seen this block before. */
assert (b.type == block_unknown);
- if (buf) {
+ /* Detecting a zero block is 20-100 times faster than computing a hash
+ * depending on the machine and the algorithm.
+ */
+ if (buf && !is_zero (buf, blkhash_size)) {
b.type = block_data;
/* Compute the hash of the whole block now. */
--
2.47.3

39
0013-copy-Fix-corrupted-hash-on-incomplete-read.patch Normal file
View File

@ -0,0 +1,39 @@
From 4db52aea6b2c92e7dd199d5ce00f74d107f7f2f3 Mon Sep 17 00:00:00 2001
From: Nir Soffer <nsoffer@redhat.com>
Date: Mon, 14 Apr 2025 21:40:16 +0000
Subject: [PATCH] copy: Fix corrupted hash on incomplete read
When using synchronous read with unknown file size, if the read was
shorter than request size, we updated the hash with the complete buffer,
inserting leftover bytes from the previous read into the hash.
I'm not sure if there is validation for source size and number of blocks
in the blocks vector, so this can generate a corrupted hash silently.
We probably need to validate later that the image size matches the size
of the hashed data.
I could not reproduce a corrupted hash, the issue discovered by reading
the code.
(cherry picked from commit 49cd9fbc0022c0ae5bc5d0b9dd48219dfb92b2f7)
---
copy/synch-copying.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/copy/synch-copying.c b/copy/synch-copying.c
index 09f05be2..2aa67df6 100644
--- a/copy/synch-copying.c
+++ b/copy/synch-copying.c
@@ -83,7 +83,7 @@ synch_copying (void)
size_t r;
while ((r = src->ops->synch_read (src, buf, request_size, offset)) > 0) {
- update_blkhash ((const char *) buf, offset, request_size);
+ update_blkhash ((const char *) buf, offset, r);
dst->ops->synch_write (dst, buf, r, offset);
offset += r;
progress_bar (offset, src->size);
--
2.47.3

76
0014-build-Add-.-configure-with-extra.patch Normal file
View File

@ -0,0 +1,76 @@
From 327d819d8e8161c31da903e8171a89db97862951 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Wed, 16 Jul 2025 12:24:12 +0100
Subject: [PATCH] build: Add ./configure --with-extra="..."
This is intended for downstream packagers to use, to provide extra
information about the version of the downstream package (such as the
RPM ENVR). This helps when identifying bugs, especially in packges
which have extensive backports (such as the RHEL packages). This is
the same as the equivalent option in nbdkit.
In Fedora we intend to use this in the spec file:
./configure --with-extra='%{name}-%{version}-%{release}'
resulting in an extra version string something like "libnbd-1.23.4-1.fc43".
(cherry picked from commit a04cda6938a9f60b26cb9aa6d55a0b4ef4d0fe76)
---
README.md | 13 +++++++++++++
configure.ac | 15 +++++++++++++++
2 files changed, 28 insertions(+)
diff --git a/README.md b/README.md
index 0f6bcdd4..385c0e58 100644
--- a/README.md
+++ b/README.md
@@ -163,6 +163,19 @@ ### Download tarballs
http://libguestfs.org/download/libnbd
+### Downstream packagers
+
+If you are packaging libnbd, use:
+
+```
+./configure --with-extra='...'
+```
+
+providing extra information about the distribution, and/or
+distro-specific versions. It helps us with troubleshooting bug
+reports. (Also, talk to us!)
+
+
## Developers
Install the valgrind program and development headers.
diff --git a/configure.ac b/configure.ac
index 40d4f79f..6fc4342e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -18,6 +18,21 @@
AC_INIT([libnbd],[1.22.2])
AC_CONFIG_MACRO_DIR([m4])
+
+dnl Extra string, a freeform string defined by downstream packagers.
+dnl eg. If you are packaging libnbd for Linux distro X 1.1, you could
+dnl ./configure --with-extra="X release 1.1"
+AC_ARG_WITH([extra],
+ [AS_HELP_STRING([--with-extra=...],
+ [extra version information (for use by packagers)])],
+ [LIBNBD_VERSION_EXTRA="$withval"],
+ [LIBNBD_VERSION_EXTRA=]
+)
+AC_DEFINE_UNQUOTED([LIBNBD_VERSION_EXTRA], ["$LIBNBD_VERSION_EXTRA"],
+ [Extra version information (for use by packagers)])
+
+AC_MSG_NOTICE([libnbd version $PACKAGE_VERSION ($LIBNBD_VERSION_EXTRA)])
+
m4_ifdef([AC_USE_SYSTEM_EXTENSIONS],[],
[m4_define([AC_USE_SYSTEM_EXTENSIONS],[])])
AC_USE_SYSTEM_EXTENSIONS
--
2.47.3

107
0015-lib-New-API-nbd_get_version_extra.patch Normal file
View File

@ -0,0 +1,107 @@
From e17980b7bc91eb74d2cccfcc4dc89e4dcead5609 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Wed, 16 Jul 2025 12:26:29 +0100
Subject: [PATCH] lib: New API: nbd_get_version_extra
This new API gets the ./configure --with-extra="..." string, usually
the empty string (for upstream builds) or the package NVR (for
downstream builds).
This commit also adds a test.
(cherry picked from commit 0b7e0831912c9efcd601b4738756a0aeb948df79)
---
generator/API.ml | 26 ++++++++++++++++++++++++--
lib/handle.c | 6 ++++++
tests/get-version.c | 7 +++++++
3 files changed, 37 insertions(+), 2 deletions(-)
diff --git a/generator/API.ml b/generator/API.ml
index 8ee1843a..b1932dfa 100644
--- a/generator/API.ml
+++ b/generator/API.ml
@@ -4172,7 +4172,7 @@ versions.";
longdesc = "\
Returns the name of the library, always C<\"libnbd\"> unless
the library was modified with another name at compile time.";
- see_also = [Link "get_version"];
+ see_also = [Link "get_version"; Link "get_version_extra"];
};
"get_version", {
@@ -4220,7 +4220,26 @@ The release number is incremented for each release along a particular
branch.
=back";
- see_also = [Link "get_package_name"];
+ see_also = [Link "get_package_name"; Link "get_version_extra"];
+ };
+
+ "get_version_extra", {
+ default_call with
+ args = []; ret = RStaticString; is_locked = false; may_set_error = false;
+ shortdesc = "return the extra version of the library";
+ longdesc = "\
+Return the extra version of libnbd. This is a freeform string
+which is set at package build time using:
+
+ ./configure --with-extra=\"...\"
+
+and it intended to be used by downstream packagers (eg. Linux distributions)
+to convey extra version information, such as the precise version of
+the libnbd RPM, C<.deb> etc.
+
+The string may be C<\"\">, indicating that no extra version information
+is available, or that this is an upstream build of libnbd.";
+ see_also = [Link "get_package_name"; Link "get_version_extra"];
};
"kill_subprocess", {
@@ -4515,6 +4534,9 @@ let first_version = [
"is_uri", (1, 22);
"get_subprocess_pid", (1, 22);
+ (* Added in 1.23.x development cycle, will be stable and supported in 1.24 *)
+ "get_version_extra", (1, 24);
+
(* These calls are proposed for a future version of libnbd, but
* have not been added to any released version so far.
"get_tls_certificates", (1, ??);
diff --git a/lib/handle.c b/lib/handle.c
index a263cc4c..ec64d601 100644
--- a/lib/handle.c
+++ b/lib/handle.c
@@ -566,6 +566,12 @@ nbd_unlocked_get_version (struct nbd_handle *h)
return PACKAGE_VERSION;
}
+const char *
+nbd_unlocked_get_version_extra (struct nbd_handle *h)
+{
+ return LIBNBD_VERSION_EXTRA;
+}
+
int
nbd_unlocked_kill_subprocess (struct nbd_handle *h, int signum)
{
diff --git a/tests/get-version.c b/tests/get-version.c
index b8dc5338..c195e5f5 100644
--- a/tests/get-version.c
+++ b/tests/get-version.c
@@ -53,6 +53,13 @@ main (int argc, char *argv[])
}
assert (strcmp (s, PACKAGE_VERSION) == 0);
+ s = nbd_get_version_extra (nbd);
+ if (s == NULL) {
+ fprintf (stderr, "%s\n", nbd_get_error ());
+ exit (EXIT_FAILURE);
+ }
+ assert (strcmp (s, LIBNBD_VERSION_EXTRA) == 0);
+
nbd_close (nbd);
exit (EXIT_SUCCESS);
}
--
2.47.3

268
0016-tools-Add-extra-version-information-in-the-output-of.patch Normal file
View File

@ -0,0 +1,268 @@
From 625a79d4eea074d8f83dc590118605d88bd9676a Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Wed, 16 Jul 2025 12:27:21 +0100
Subject: [PATCH] tools: Add extra version information in the output of
--version
In tools like nbdcopy, add the extra version information, if present
to the output of commands like 'nbdcopy --version'.
For example in a downstream build you might see:
$ nbdcopy --version
nbdcopy 1.23.4 (libnbd-1.23.4-1.fc43)
libnbd 1.23.4 (libnbd-1.23.4-1.fc43)
In upstream builds or builds not using the new ./configure --with-extra
option, the output is unchanged.
(cherry picked from commit 441eadf352e387aaba687bf424cc46424507bf18)
---
common/utils/version.c | 13 +++++++++++--
copy/test-version.sh | 31 ++++++++++++++++---------------
dump/test-version.sh | 31 ++++++++++++++++---------------
fuse/test-version.sh | 31 ++++++++++++++++---------------
info/test-version.sh | 31 ++++++++++++++++---------------
sh/test-version.sh | 31 ++++++++++++++++---------------
6 files changed, 91 insertions(+), 77 deletions(-)
diff --git a/common/utils/version.c b/common/utils/version.c
index 554d3056..135c0c75 100644
--- a/common/utils/version.c
+++ b/common/utils/version.c
@@ -20,6 +20,7 @@
#include <stdio.h>
#include <stdlib.h>
+#include <string.h>
#include "libnbd.h"
#include "version.h"
@@ -30,9 +31,13 @@ display_version (const char *program_name)
struct nbd_handle *nbd;
const char *package_name = NULL;
const char *version = NULL;
+ const char *version_extra = NULL;
/* The program name and the version of the binary. */
- printf ("%s %s\n", program_name, PACKAGE_VERSION);
+ printf ("%s %s", program_name, PACKAGE_VERSION);
+ if (strcmp (LIBNBD_VERSION_EXTRA, "") != 0)
+ printf (" (%s)", LIBNBD_VERSION_EXTRA);
+ printf ("\n");
/* Flush to make sure it is printed, even if the code below crashes
* for any reason.
@@ -46,9 +51,13 @@ display_version (const char *program_name)
if (nbd) {
package_name = nbd_get_package_name (nbd);
version = nbd_get_version (nbd);
+ version_extra = nbd_get_version_extra (nbd);
}
if (version) {
- printf ("%s %s\n", package_name ? package_name : PACKAGE_NAME, version);
+ printf ("%s %s", package_name ? package_name : PACKAGE_NAME, version);
+ if (strcmp (version_extra, "") != 0)
+ printf (" (%s)", version_extra);
+ printf ("\n");
fflush (stdout);
}
nbd_close (nbd);
diff --git a/copy/test-version.sh b/copy/test-version.sh
index f3bd30d4..0738f109 100755
--- a/copy/test-version.sh
+++ b/copy/test-version.sh
@@ -16,18 +16,19 @@
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-# Test that nbdcopy --version looks sane.
-
-fail=0
-output=$($VG nbdcopy --version)
-if [ $? != 0 ]; then
- echo "$0: unexpected exit status"
- fail=1
-fi
-if [ "$output" != "nbdcopy $EXPECTED_VERSION
-libnbd $EXPECTED_VERSION" ]; then
- echo "$0: unexpected output"
- fail=1
-fi
-echo "$output"
-exit $fail
+# Test that --version looks sane.
+
+. ../tests/functions.sh
+set -e
+set -x
+
+tool=nbdcopy
+
+output=test-$tool.out
+cleanup_fn rm -f $output
+
+$VG $tool --version > $output
+cat $output
+
+grep "$tool $EXPECTED_VERSION" $output
+grep "libnbd $EXPECTED_VERSION" $output
diff --git a/dump/test-version.sh b/dump/test-version.sh
index 2ef32e05..8adc0e19 100755
--- a/dump/test-version.sh
+++ b/dump/test-version.sh
@@ -16,18 +16,19 @@
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-# Test that nbddump --version looks sane.
-
-fail=0
-output=$($VG nbddump --version)
-if [ $? != 0 ]; then
- echo "$0: unexpected exit status"
- fail=1
-fi
-if [ "$output" != "nbddump $EXPECTED_VERSION
-libnbd $EXPECTED_VERSION" ]; then
- echo "$0: unexpected output"
- fail=1
-fi
-echo "$output"
-exit $fail
+# Test that --version looks sane.
+
+. ../tests/functions.sh
+set -e
+set -x
+
+tool=nbddump
+
+output=test-$tool.out
+cleanup_fn rm -f $output
+
+$VG $tool --version > $output
+cat $output
+
+grep "$tool $EXPECTED_VERSION" $output
+grep "libnbd $EXPECTED_VERSION" $output
diff --git a/fuse/test-version.sh b/fuse/test-version.sh
index 7b3e9929..18924b1f 100755
--- a/fuse/test-version.sh
+++ b/fuse/test-version.sh
@@ -16,18 +16,19 @@
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-# Test that nbdfuse --version looks sane.
-
-fail=0
-output=$($VG nbdfuse --version)
-if [ $? != 0 ]; then
- echo "$0: unexpected exit status"
- fail=1
-fi
-if [ "$output" != "nbdfuse $EXPECTED_VERSION
-libnbd $EXPECTED_VERSION" ]; then
- echo "$0: unexpected output"
- fail=1
-fi
-echo "$output"
-exit $fail
+# Test that --version looks sane.
+
+. ../tests/functions.sh
+set -e
+set -x
+
+tool=nbdfuse
+
+output=test-$tool.out
+cleanup_fn rm -f $output
+
+$VG $tool --version > $output
+cat $output
+
+grep "$tool $EXPECTED_VERSION" $output
+grep "libnbd $EXPECTED_VERSION" $output
diff --git a/info/test-version.sh b/info/test-version.sh
index 0125479e..35b1eec7 100755
--- a/info/test-version.sh
+++ b/info/test-version.sh
@@ -16,18 +16,19 @@
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-# Test that nbdinfo --version looks sane.
-
-fail=0
-output=$($VG nbdinfo --version)
-if [ $? != 0 ]; then
- echo "$0: unexpected exit status"
- fail=1
-fi
-if [ "$output" != "nbdinfo $EXPECTED_VERSION
-libnbd $EXPECTED_VERSION" ]; then
- echo "$0: unexpected output"
- fail=1
-fi
-echo "$output"
-exit $fail
+# Test that --version looks sane.
+
+. ../tests/functions.sh
+set -e
+set -x
+
+tool=nbdinfo
+
+output=test-$tool.out
+cleanup_fn rm -f $output
+
+$VG $tool --version > $output
+cat $output
+
+grep "$tool $EXPECTED_VERSION" $output
+grep "libnbd $EXPECTED_VERSION" $output
diff --git a/sh/test-version.sh b/sh/test-version.sh
index ef730ea2..5caba42c 100755
--- a/sh/test-version.sh
+++ b/sh/test-version.sh
@@ -16,18 +16,19 @@
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-# Test that nbdsh --version looks sane.
-
-fail=0
-output=$($VG nbdsh --version)
-if [ $? != 0 ]; then
- echo "$0: unexpected exit status"
- fail=1
-fi
-if [ "$output" != "nbdsh $EXPECTED_VERSION
-libnbd $EXPECTED_VERSION" ]; then
- echo "$0: unexpected output"
- fail=1
-fi
-echo "$output"
-exit $fail
+# Test that --version looks sane.
+
+. ../tests/functions.sh
+set -e
+set -x
+
+tool=nbdsh
+
+output=test-$tool.out
+cleanup_fn rm -f $output
+
+$VG $tool --version > $output
+cat $output
+
+grep "$tool $EXPECTED_VERSION" $output
+grep "libnbd $EXPECTED_VERSION" $output
--
2.47.3

78
0017-uri-Sanitize-user-provided-hostnames.patch Normal file
View File

@ -0,0 +1,78 @@
From fc92e8bd6c6edaeb65b985ea1948b27c61fb68d4 Mon Sep 17 00:00:00 2001
From: Eric Blake <eblake@redhat.com>
Date: Mon, 13 Oct 2025 10:01:21 -0500
Subject: [PATCH] uri: Sanitize user-provided hostnames
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Dan Berrangé ran a free trial of zeropath (http://zeropath.com/) AI
analysis on libnbd, and it highlighted the following:
"When using nbd+ssh:// URIs the library constructs an argv array for
ssh from parsed URI parts (server, port, user, unix socket, nbd-port)
and execs it. The server component is used directly as an ssh
argument; if it begins with '-' an attacker can inject ssh options
(e.g. -oProxyCommand=...) that cause ssh to run local commands. There
is no protection (such as rejecting leading '-' in server or inserting
a '--' to stop option parsing), so an attacker who can supply the URI
can cause local command execution in the client process."
eg with this.... "nbdinfo nbd+ssh://-oProxyCommand=rm%20run.in"
you'll get a failure to start the NBD connection, but it none the less
deletes the file 'run.in' in the local working directory
The RFCs are vague enough that it is not immediately obvious whether
there is any possibility of a valid hostname with a leading - (see
https://www.netmeister.org/blog/hostnames.html). Still, it is better
to pass the user's string on to ssh's determination of a valid
hostname (which does appear to reject leading -) rather than trying to
teach libnbd what patterns to allow, and thereby avoid risking any
pattern written in libnbd accidentally being too restrictive. Do this
by using "--" to end ssh options before the hostname, but that in turn
must come after any use of -oUser=. With this in place, we now get a
sane error rather than spawning a calculator with:
$ nbdinfo nbd+ssh://-oProxyCommand=gnome-calculator
hostname contains invalid characters
/home/eblake/libnbd/info/.libs/nbdinfo: nbd_connect_uri: recv: server disconnected unexpectedly
See also Libvirt commit e4cb8500 (Aug 2017), which in turn was
inspired by GIT security flaws
(http://blog.recurity-labs.com/2017-08-10/scm-vulns). We have put out
a request to Red Hat security on whether this warrants a CVE in
libnbd; however, as the problem was easy to identify using only free
AI resources, and the problem itself is relatively low priority (to
exploit it, an attacker has to convince an admin to run a program that
will use libnbd on an untrusted URI), so we are publishing this now
rather than waiting for any embargo. If a CVE is assigned, it will be
announced to the mailing list in a followup post.
Signed-off-by: Eric Blake <eblake@redhat.com>
CC: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit fffd87a3ba216cf2f9c212e5db96b13b98985edf)
Conflicts:
lib/uri.c - no username override, backport looks different
Signed-off-by: Eric Blake <eblake@redhat.com>
(cherry picked from commit f461fe64d21fe8a6d32b56ccb50d06489d2e2698)
---
lib/uri.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/uri.c b/lib/uri.c
index 2e96c056..5afd0f49 100644
--- a/lib/uri.c
+++ b/lib/uri.c
@@ -446,7 +446,7 @@ nbd_unlocked_aio_connect_uri (struct nbd_handle *h, const char *raw_uri)
case ssh: { /* SSH */
char port_str[32];
const char *ssh_command[] = {
- "ssh", "-p", port_str, uri->server,
+ "ssh", "-p", port_str, "--", uri->server,
"nc",
NULL, /* [5] "-U" or "localhost" */
NULL, /* [6] socket or "10809" */
--
2.47.3

59
0018-lib-uri.c-Fix-indices-in-SSH-command-array.patch Normal file
View File

@ -0,0 +1,59 @@
From f130e5f9554d669791555f330b63353a1a181ca1 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 23 Oct 2025 11:58:53 +0100
Subject: [PATCH] lib/uri.c: Fix indices in SSH command array
Commit f461fe64d2 ("uri: Sanitize user-provided hostnames") didn't
update the fixed indices that we use to access the SSH command array
(this is no longer a problem in upstream code).
'tests/connect-uri-nbd-ssh' failed with:
libnbd: debug: nbd1: nbd_connect_uri: poll start: events=1
bash: -U: invalid option
Usage: bash [GNU long option] [option] ...
bash [GNU long option] [option] script-file ...
[...]
Fixes: commit f461fe64d21fe8a6d32b56ccb50d06489d2e2698
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 00181d26a4d891e2d7acdd0a309fbf2af01eb55e)
---
lib/uri.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/lib/uri.c b/lib/uri.c
index 5afd0f49..9cbec2df 100644
--- a/lib/uri.c
+++ b/lib/uri.c
@@ -448,8 +448,8 @@ nbd_unlocked_aio_connect_uri (struct nbd_handle *h, const char *raw_uri)
const char *ssh_command[] = {
"ssh", "-p", port_str, "--", uri->server,
"nc",
- NULL, /* [5] "-U" or "localhost" */
- NULL, /* [6] socket or "10809" */
+ NULL, /* [6] "-U" or "localhost" */
+ NULL, /* [7] socket or "10809" */
NULL,
};
@@ -461,12 +461,12 @@ nbd_unlocked_aio_connect_uri (struct nbd_handle *h, const char *raw_uri)
"%d", uri->port > 0 ? uri->port : 22);
if (unixsocket) {
- ssh_command[5] = "-U";
- ssh_command[6] = unixsocket;
+ ssh_command[6] = "-U";
+ ssh_command[7] = unixsocket;
}
else {
- ssh_command[5] = "localhost";
- ssh_command[6] = "10809"; /* XXX provide a way to configure this */
+ ssh_command[6] = "localhost";
+ ssh_command[7] = "10809"; /* XXX provide a way to configure this */
}
if (nbd_unlocked_aio_connect_command (h, (char **) ssh_command) == -1)
--
2.47.3

30
SOURCES/0001-copy-copy-nbd-to-sparse-file.sh-Skip-test-unless-nbd.patch
View File

@ -1,30 +0,0 @@
From 486799e853aa9df034366303230a1785087a507a Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Fri, 8 Jan 2021 12:14:18 +0000
Subject: [PATCH] copy/copy-nbd-to-sparse-file.sh: Skip test unless nbdkit
available.
This test used nbdkit without checking it is available, which broke
the test on RHEL 8 i686.
Fixes: commit 28fe8d9d8d1ecb491070d20f22e2f34bb147f19f
(cherry picked from commit 781cb44b63a87f2d5f40590ab8c446ad2e7b6702)
---
copy/copy-nbd-to-sparse-file.sh | 1 +
1 file changed, 1 insertion(+)
diff --git a/copy/copy-nbd-to-sparse-file.sh b/copy/copy-nbd-to-sparse-file.sh
index aa2cb1b9..47ff09ae 100755
--- a/copy/copy-nbd-to-sparse-file.sh
+++ b/copy/copy-nbd-to-sparse-file.sh
@@ -24,6 +24,7 @@ set -x
requires cmp --version
requires dd --version
requires dd oflag=seek_bytes </dev/null
+requires nbdkit --version
requires test -r /dev/urandom
requires test -r /dev/zero
--
2.43.0

57
SOURCES/0002-generator-Refactor-CONNECT.START-state.patch
View File

@ -1,57 +0,0 @@
From 5dc2d2261224c9533d2b5ec4df6ed822de4cfc3b Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 4 Feb 2021 17:57:06 +0000
Subject: [PATCH] generator: Refactor CONNECT.START state.
Small, neutral refactoring to the CONNECT.START to make the subsequent
commit easier.
(cherry picked from commit cd231fd94bbfaacdd9b89e7d355ba2bbc83c2aeb)
---
generator/states-connect.c | 21 ++++++++++-----------
1 file changed, 10 insertions(+), 11 deletions(-)
diff --git a/generator/states-connect.c b/generator/states-connect.c
index 392879d4..03b34c7d 100644
--- a/generator/states-connect.c
+++ b/generator/states-connect.c
@@ -47,11 +47,12 @@ disable_nagle (int sock)
STATE_MACHINE {
CONNECT.START:
- int fd;
+ sa_family_t family;
+ int fd, r;
assert (!h->sock);
- fd = socket (h->connaddr.ss_family,
- SOCK_STREAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0);
+ family = h->connaddr.ss_family;
+ fd = socket (family, SOCK_STREAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0);
if (fd == -1) {
SET_NEXT_STATE (%.DEAD);
set_error (errno, "socket");
@@ -65,14 +66,12 @@ STATE_MACHINE {
disable_nagle (fd);
- if (connect (fd, (struct sockaddr *) &h->connaddr,
- h->connaddrlen) == -1) {
- if (errno != EINPROGRESS) {
- SET_NEXT_STATE (%.DEAD);
- set_error (errno, "connect");
- return 0;
- }
- }
+ r = connect (fd, (struct sockaddr *) &h->connaddr, h->connaddrlen);
+ if (r == 0 || (r == -1 && errno == EINPROGRESS))
+ return 0;
+ assert (r == -1);
+ SET_NEXT_STATE (%.DEAD);
+ set_error (errno, "connect");
return 0;
CONNECT.CONNECTING:
--
2.43.0

48
SOURCES/0003-generator-Print-a-better-error-message-if-connect-2-.patch
View File

@ -1,48 +0,0 @@
From f094472efcf34cea8bf1f02a1c5c9442ffc4ca53 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 4 Feb 2021 18:02:46 +0000
Subject: [PATCH] generator: Print a better error message if connect(2) returns
EAGAIN.
The new error message is:
nbd_connect_unix: connect: server backlog overflowed, see https://bugzilla.redhat.com/1925045: Resource temporarily unavailable
Fixes: https://bugzilla.redhat.com/1925045
Thanks: Xin Long, Lukas Doktor, Eric Blake
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit 85ed74960a658a82d7b61b0be07f43d1b2dcede9)
---
generator/states-connect.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/generator/states-connect.c b/generator/states-connect.c
index 03b34c7d..98c26e54 100644
--- a/generator/states-connect.c
+++ b/generator/states-connect.c
@@ -70,6 +70,22 @@ STATE_MACHINE {
if (r == 0 || (r == -1 && errno == EINPROGRESS))
return 0;
assert (r == -1);
+#ifdef __linux__
+ if (errno == EAGAIN && family == AF_UNIX) {
+ /* This can happen on Linux when connecting to a Unix domain
+ * socket, if the server's backlog is full. Unfortunately there
+ * is nothing good we can do on the client side when this happens
+ * since any solution would involve sleeping or busy-waiting. The
+ * only solution is on the server side, increasing the backlog.
+ * But at least improve the error message.
+ * https://bugzilla.redhat.com/1925045
+ */
+ SET_NEXT_STATE (%.DEAD);
+ set_error (errno, "connect: server backlog overflowed, "
+ "see https://bugzilla.redhat.com/1925045");
+ return 0;
+ }
+#endif
SET_NEXT_STATE (%.DEAD);
set_error (errno, "connect");
return 0;
--
2.43.0

59
SOURCES/0004-opt_go-Tolerate-unplanned-server-death.patch
View File

@ -1,59 +0,0 @@
From ffe8f0a994c1f2656aa011353b386663d32db69e Mon Sep 17 00:00:00 2001
From: Eric Blake <eblake@redhat.com>
Date: Mon, 1 Mar 2021 15:25:31 -0600
Subject: [PATCH] opt_go: Tolerate unplanned server death
While debugging some experimental nbdkit code that was triggering an
assertion failure in nbdkit, I noticed a secondary failure of nbdsh
also dying from an assertion:
libnbd: debug: nbdsh: nbd_opt_go: transition: NEWSTYLE.OPT_GO.SEND -> DEAD
libnbd: debug: nbdsh: nbd_opt_go: option queued, ignoring state machine failure
nbdsh: opt.c:86: nbd_unlocked_opt_go: Assertion `nbd_internal_is_state_negotiating (get_next_state (h))' failed.
Although my trigger was from non-production nbdkit code, libnbd should
never die from an assertion failure merely because a server
disappeared at the wrong moment during an incomplete reply to
NBD_OPT_GO or NBD_OPT_INFO. If this is assigned a CVE, a followup
patch will add mention of it in docs/libnbd-security.pod.
Fixes: bbf1c51392 (api: Give aio_opt_go a completion callback)
(cherry picked from commit fb4440de9cc76e9c14bd3ddf3333e78621f40ad0)
---
lib/opt.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/lib/opt.c b/lib/opt.c
index 2317b72a..e5802f4d 100644
--- a/lib/opt.c
+++ b/lib/opt.c
@@ -1,5 +1,5 @@
/* NBD client library in userspace
- * Copyright (C) 2020 Red Hat Inc.
+ * Copyright (C) 2020-2021 Red Hat Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -83,7 +83,8 @@ nbd_unlocked_opt_go (struct nbd_handle *h)
r = wait_for_option (h);
if (r == 0 && err) {
- assert (nbd_internal_is_state_negotiating (get_next_state (h)));
+ assert (nbd_internal_is_state_negotiating (get_next_state (h)) ||
+ nbd_internal_is_state_dead (get_next_state (h)));
set_error (err, "server replied with error to opt_go request");
return -1;
}
@@ -105,7 +106,8 @@ nbd_unlocked_opt_info (struct nbd_handle *h)
r = wait_for_option (h);
if (r == 0 && err) {
- assert (nbd_internal_is_state_negotiating (get_next_state (h)));
+ assert (nbd_internal_is_state_negotiating (get_next_state (h)) ||
+ nbd_internal_is_state_dead (get_next_state (h)));
set_error (err, "server replied with error to opt_info request");
return -1;
}
--
2.43.0

40
SOURCES/0005-security-Document-assignment-of-CVE-2021-20286.patch
View File

@ -1,40 +0,0 @@
From 171ffdde8be590f784086a021a7e6f36c4ecdb4b Mon Sep 17 00:00:00 2001
From: Eric Blake <eblake@redhat.com>
Date: Fri, 12 Mar 2021 17:00:58 -0600
Subject: [PATCH] security: Document assignment of CVE-2021-20286
Now that we finally have a CVE number, it's time to document
the problem (it's low severity, but still a denial of service).
Fixes: fb4440de9cc7 (opt_go: Tolerate unplanned server death)
(cherry picked from commit 40308a005eaa6b2e8f98da8952d0c0cacc51efde)
---
docs/libnbd-security.pod | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/docs/libnbd-security.pod b/docs/libnbd-security.pod
index d8ead875..0cae8462 100644
--- a/docs/libnbd-security.pod
+++ b/docs/libnbd-security.pod
@@ -22,6 +22,12 @@ L<https://www.redhat.com/archives/libguestfs/2019-September/msg00128.html>
See the full announcement here:
L<https://www.redhat.com/archives/libguestfs/2019-October/msg00060.html>
+=head2 CVE-2021-20286
+denial of service when using L<nbd_set_opt_mode(3)>
+
+See the full announcement here:
+L<https://listman.redhat.com/archives/libguestfs/2021-March/msg00092.html>
+
=head1 SEE ALSO
L<libnbd(3)>.
@@ -34,4 +40,4 @@ Richard W.M. Jones
=head1 COPYRIGHT
-Copyright (C) 2019 Red Hat Inc.
+Copyright (C) 2019-2021 Red Hat Inc.
--
2.43.0

163
SOURCES/0006-copy-Pass-in-dummy-variable-rather-than-errno-to-cal.patch
View File

@ -1,163 +0,0 @@
From 22572f8ac13e2e8daf91d227eac2f384303fb5b4 Mon Sep 17 00:00:00 2001
From: Eric Blake <eblake@redhat.com>
Date: Thu, 3 Feb 2022 14:25:57 -0600
Subject: [PATCH] copy: Pass in dummy variable rather than &errno to callback
In several places where asynch handlers manually call the provided
nbd_completion_callback, the value of errno is indeterminate (for
example, in file-ops.c:file_asynch_read(), the previous call to
file_synch_read() already triggered exit() on error, but does not
guarantee what is left in errno on success). As the callback should
be paying attention to the value of *error (to be fixed in the next
patch), we are better off ensuring that we pass in a pointer to a
known-zero value. Besides, passing in &errno carries a risk that if
the callback uses any other library function that alters errno prior
to dereferncing *error, it will no longer see the value we passed in.
Thus, it is easier to use a dummy variable on the stack than to mess
around with errno and it's magic macro expansion into a thread-local
storage location.
Note that several callsites then check if the callback returned -1,
and if so assume that the callback has caused errno to now have a sane
value to pass on to perror. In theory, the fact that we are no longer
passing in &errno means that if the callback assigns into *error but
did not otherwise affect errno (a tenuous assumption, given our
argument above that we could not even guarantee that the callback does
not accidentally alter errno prior to reading *error), our perror call
would no longer reflect the intended error value from the callback.
But in practice, since the callback never actually returned -1, nor
even assigned into *error, the call to perror is dead code; although I
have chosen to defer that additional cleanup to the next patch.
Message-Id: <20220203202558.203013-5-eblake@redhat.com>
Acked-by: Richard W.M. Jones <rjones@redhat.com>
Acked-by: Nir Soffer <nsoffer@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 794c8ce06e995ebd282e8f2b9465a06140572112)
Conflicts:
copy/file-ops.c - no backport of d5f65e56 ("copy: Do not use trim
for zeroing"), so asynch_trim needed same treatment
copy/multi-thread-copying.c - context due to missing refactoring
copy/null-ops.c - no backport of 0b16205e "copy: Implement "null:"
destination."
(cherry picked from commit 26e3dcf80815fe2db320d3046aabc2580c2f7a0d)
---
copy/file-ops.c | 22 +++++++++++++---------
copy/multi-thread-copying.c | 8 +++++---
2 files changed, 18 insertions(+), 12 deletions(-)
diff --git a/copy/file-ops.c b/copy/file-ops.c
index 086348a2..cc312b48 100644
--- a/copy/file-ops.c
+++ b/copy/file-ops.c
@@ -1,5 +1,5 @@
/* NBD client library in userspace.
- * Copyright (C) 2020 Red Hat Inc.
+ * Copyright (C) 2020-2022 Red Hat Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -158,10 +158,11 @@ file_asynch_read (struct rw *rw,
struct command *command,
nbd_completion_callback cb)
{
+ int dummy = 0;
+
file_synch_read (rw, slice_ptr (command->slice),
command->slice.len, command->offset);
- errno = 0;
- if (cb.callback (cb.user_data, &errno) == -1) {
+ if (cb.callback (cb.user_data, &dummy) == -1) {
perror (rw->name);
exit (EXIT_FAILURE);
}
@@ -172,10 +173,11 @@ file_asynch_write (struct rw *rw,
struct command *command,
nbd_completion_callback cb)
{
+ int dummy = 0;
+
file_synch_write (rw, slice_ptr (command->slice),
command->slice.len, command->offset);
- errno = 0;
- if (cb.callback (cb.user_data, &errno) == -1) {
+ if (cb.callback (cb.user_data, &dummy) == -1) {
perror (rw->name);
exit (EXIT_FAILURE);
}
@@ -185,10 +187,11 @@ static bool
file_asynch_trim (struct rw *rw, struct command *command,
nbd_completion_callback cb)
{
+ int dummy = 0;
+
if (!file_synch_trim (rw, command->offset, command->slice.len))
return false;
- errno = 0;
- if (cb.callback (cb.user_data, &errno) == -1) {
+ if (cb.callback (cb.user_data, &dummy) == -1) {
perror (rw->name);
exit (EXIT_FAILURE);
}
@@ -199,10 +202,11 @@ static bool
file_asynch_zero (struct rw *rw, struct command *command,
nbd_completion_callback cb)
{
+ int dummy = 0;
+
if (!file_synch_zero (rw, command->offset, command->slice.len))
return false;
- errno = 0;
- if (cb.callback (cb.user_data, &errno) == -1) {
+ if (cb.callback (cb.user_data, &dummy) == -1) {
perror (rw->name);
exit (EXIT_FAILURE);
}
diff --git a/copy/multi-thread-copying.c b/copy/multi-thread-copying.c
index a7aaa7de..2593ff76 100644
--- a/copy/multi-thread-copying.c
+++ b/copy/multi-thread-copying.c
@@ -1,5 +1,5 @@
/* NBD client library in userspace.
- * Copyright (C) 2020 Red Hat Inc.
+ * Copyright (C) 2020-2022 Red Hat Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -391,6 +391,7 @@ finished_read (void *vp, int *error)
bool last_is_hole = false;
uint64_t i;
struct command *newcommand;
+ int dummy = 0;
/* Iterate over whole blocks in the command, starting on a block
* boundary.
@@ -473,7 +474,7 @@ finished_read (void *vp, int *error)
/* Free the original command since it has been split into
* subcommands and the original is no longer needed.
*/
- free_command (command, &errno);
+ free_command (command, &dummy);
}
return 1; /* auto-retires the command */
@@ -498,6 +499,7 @@ static void
fill_dst_range_with_zeroes (struct command *command)
{
char *data;
+ int dummy = 0;
if (destination_is_zero)
goto free_and_return;
@@ -541,7 +543,7 @@ fill_dst_range_with_zeroes (struct command *command)
free (data);
free_and_return:
- free_command (command, &errno);
+ free_command (command, &dummy);
}
static int
--
2.43.0

318
SOURCES/0007-copy-CVE-2022-0485-Fail-nbdcopy-if-NBD-read-or-write.patch
View File

@ -1,318 +0,0 @@
From 1b0b732e6a9b4979fccf6a09eb6704264edf675d Mon Sep 17 00:00:00 2001
From: Eric Blake <eblake@redhat.com>
Date: Thu, 3 Feb 2022 14:25:58 -0600
Subject: [PATCH] copy: CVE-2022-0485: Fail nbdcopy if NBD read or write fails
nbdcopy has a nasty bug when performing multi-threaded copies using
asynchronous nbd calls - it was blindly treating the completion of an
asynchronous command as successful, rather than checking the *error
parameter. This can result in the silent creation of a corrupted
image in two different ways: when a read fails, we blindly wrote
garbage to the destination; when a write fails, we did not flag that
the destination was not written.
Since nbdcopy already calls exit() on a synchronous read or write
failure to a file, doing the same for an asynchronous op to an NBD
server is the simplest solution. A nicer solution, but more invasive
to code and thus not done here, might be to allow up to N retries of
the transaction (in case the read or write failure was transient), or
even having a mode where as much data is copied as possible (portions
of the copy that failed would be logged on stderr, and nbdcopy would
still fail with a non-zero exit status, but this would copy more than
just stopping at the first error, as can be done with rsync or
ddrescue).
Note that since we rely on auto-retiring and do NOT call
nbd_aio_command_completed, our completion callbacks must always return
1 (if they do not exit() first), even when acting on *error, so as not
leave the command allocated until nbd_close. As such, there is no
sane way to return an error to a manual caller of the callback, and
therefore we can drop dead code that calls perror() and exit() if the
callback "failed". It is also worth documenting the contract on when
we must manually call the callback during the asynch_zero callback, so
that we do not leak or double-free the command; thankfully, all the
existing code paths were correct.
The added testsuite script demonstrates several scenarios, some of
which fail without the rest of this patch in place, and others which
showcase ways in which sparse images can bypass errors.
Once backports are complete, a followup patch on the main branch will
edit docs/libnbd-security.pod with the mailing list announcement of
the stable branch commit ids and release versions that incorporate
this fix.
Reported-by: Nir Soffer <nsoffer@redhat.com>
Fixes: bc896eec4d ("copy: Implement multi-conn, multiple threads, multiple requests in flight.", v1.5.6)
Fixes: https://bugzilla.redhat.com/2046194
Message-Id: <20220203202558.203013-6-eblake@redhat.com>
Acked-by: Richard W.M. Jones <rjones@redhat.com>
Acked-by: Nir Soffer <nsoffer@redhat.com>
[eblake: fix error message per Nir, tweak requires lines in unit test per Rich]
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 8d444b41d09a700c7ee6f9182a649f3f2d325abb)
Conflicts:
copy/nbdcopy.h - copyright context
copy/null-ops.c - no backport of 0b16205e "copy: Implement "null:"
destination."
copy/copy-nbd-error.sh - no backport of d5f65e56 ("copy: Do not use
trim for zeroing"), so one test needed an additional error-trim-rate;
no backport of 4ff9e62d (copy: Add --request-size option") and friends, so
this version uses larger transactions, so change error rate of 0.5 to 1;
no backport of 0b16205e "copy: Implement "null:" destination.", so use
nbdkit null instead
Note that while the use of NBD_CMD_TRIM can create data corruption, it is
not as severe as what this patch fixes, since trim corruption will only
expose what had previously been on the disk, compared to this patch fixing
a potential leak of nbdcopy heap contents into the destination.
(cherry picked from commit 6c8f2f859926b82094fb5e85c446ea099700fa10)
---
TODO | 1 +
copy/Makefile.am | 4 +-
copy/copy-nbd-error.sh | 81 +++++++++++++++++++++++++++++++++++++
copy/file-ops.c | 17 +++-----
copy/multi-thread-copying.c | 13 ++++++
copy/nbdcopy.h | 7 ++--
6 files changed, 107 insertions(+), 16 deletions(-)
create mode 100755 copy/copy-nbd-error.sh
diff --git a/TODO b/TODO
index 510c219a..19c21d44 100644
--- a/TODO
+++ b/TODO
@@ -35,6 +35,7 @@ nbdcopy:
- Better page cache usage, see nbdkit-file-plugin options
fadvise=sequential cache=none.
- Consider io_uring if there are performance bottlenecks.
+ - Configurable retries in response to read or write failures.
nbdfuse:
- If you write beyond the end of the virtual file, it returns EIO.
diff --git a/copy/Makefile.am b/copy/Makefile.am
index d318388f..3406cd85 100644
--- a/copy/Makefile.am
+++ b/copy/Makefile.am
@@ -1,5 +1,5 @@
# nbd client library in userspace
-# Copyright (C) 2020 Red Hat Inc.
+# Copyright (C) 2020-2022 Red Hat Inc.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
@@ -30,6 +30,7 @@ EXTRA_DIST = \
copy-nbd-to-small-nbd-error.sh \
copy-nbd-to-sparse-file.sh \
copy-nbd-to-stdout.sh \
+ copy-nbd-error.sh \
copy-progress-bar.sh \
copy-sparse.sh \
copy-sparse-allocated.sh \
@@ -105,6 +106,7 @@ TESTS += \
copy-nbd-to-sparse-file.sh \
copy-stdin-to-nbd.sh \
copy-nbd-to-stdout.sh \
+ copy-nbd-error.sh \
copy-progress-bar.sh \
copy-sparse.sh \
copy-sparse-allocated.sh \
diff --git a/copy/copy-nbd-error.sh b/copy/copy-nbd-error.sh
new file mode 100755
index 00000000..bba71db5
--- /dev/null
+++ b/copy/copy-nbd-error.sh
@@ -0,0 +1,81 @@
+#!/usr/bin/env bash
+# nbd client library in userspace
+# Copyright (C) 2022 Red Hat Inc.
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+# Tests several scenarios of handling NBD server errors
+# Serves as a regression test for the CVE-2022-0485 fix.
+
+. ../tests/functions.sh
+
+set -e
+set -x
+
+requires nbdkit --exit-with-parent --version
+requires nbdkit --filter=noextents null --version
+requires nbdkit --filter=error pattern --version
+requires nbdkit --filter=nozero memory --version
+
+fail=0
+
+# Failure to get block status should not be fatal, but merely downgrade to
+# reading the entire image as if data
+echo "Testing extents failures on source"
+$VG nbdcopy -- [ nbdkit --exit-with-parent -v --filter=error pattern 5M \
+ error-extents-rate=1 ] [ nbdkit --exit-with-parent -v null 5M ] || fail=1
+
+# Failure to read should be fatal
+echo "Testing read failures on non-sparse source"
+$VG nbdcopy -- [ nbdkit --exit-with-parent -v --filter=error pattern 5M \
+ error-pread-rate=1 ] [ nbdkit --exit-with-parent -v null 5M ] && fail=1
+
+# However, reliable block status on a sparse image can avoid the need to read
+echo "Testing read failures on sparse source"
+$VG nbdcopy -- [ nbdkit --exit-with-parent -v --filter=error null 5M \
+ error-pread-rate=1 ] [ nbdkit --exit-with-parent -v null 5M ] || fail=1
+
+# Failure to write data should be fatal
+echo "Testing write data failures on arbitrary destination"
+$VG nbdcopy -- [ nbdkit --exit-with-parent -v pattern 5M ] \
+ [ nbdkit --exit-with-parent -v --filter=error --filter=noextents \
+ memory 5M error-pwrite-rate=1 ] && fail=1
+
+# However, writing zeroes can bypass the need for normal writes
+echo "Testing write data failures from sparse source"
+$VG nbdcopy -- [ nbdkit --exit-with-parent -v null 5M ] \
+ [ nbdkit --exit-with-parent -v --filter=error --filter=noextents \
+ memory 5M error-pwrite-rate=1 ] || fail=1
+
+# Failure to write zeroes should be fatal
+echo "Testing write zero failures on arbitrary destination"
+$VG nbdcopy -- [ nbdkit --exit-with-parent -v null 5M ] \
+ [ nbdkit --exit-with-parent -v --filter=error memory 5M \
+ error-trim-rate=1 error-zero-rate=1 ] && fail=1
+
+# However, assuming/learning destination is zero can skip need to write
+echo "Testing write failures on pre-zeroed destination"
+$VG nbdcopy --destination-is-zero -- \
+ [ nbdkit --exit-with-parent -v null 5M ] \
+ [ nbdkit --exit-with-parent -v --filter=error memory 5M \
+ error-pwrite-rate=1 error-zero-rate=1 ] || fail=1
+
+# Likewise, when write zero is not advertised, fallback to normal write works
+echo "Testing write zeroes to destination without zero support"
+$VG nbdcopy -- [ nbdkit --exit-with-parent -v null 5M ] \
+ [ nbdkit --exit-with-parent -v --filter=nozero --filter=error memory 5M \
+ error-zero-rate=1 ] || fail=1
+
+exit $fail
diff --git a/copy/file-ops.c b/copy/file-ops.c
index cc312b48..b19af04c 100644
--- a/copy/file-ops.c
+++ b/copy/file-ops.c
@@ -162,10 +162,8 @@ file_asynch_read (struct rw *rw,
file_synch_read (rw, slice_ptr (command->slice),
command->slice.len, command->offset);
- if (cb.callback (cb.user_data, &dummy) == -1) {
- perror (rw->name);
- exit (EXIT_FAILURE);
- }
+ /* file_synch_read called exit() on error */
+ cb.callback (cb.user_data, &dummy);
}
static void
@@ -177,10 +175,8 @@ file_asynch_write (struct rw *rw,
file_synch_write (rw, slice_ptr (command->slice),
command->slice.len, command->offset);
- if (cb.callback (cb.user_data, &dummy) == -1) {
- perror (rw->name);
- exit (EXIT_FAILURE);
- }
+ /* file_synch_write called exit() on error */
+ cb.callback (cb.user_data, &dummy);
}
static bool
@@ -206,10 +202,7 @@ file_asynch_zero (struct rw *rw, struct command *command,
if (!file_synch_zero (rw, command->offset, command->slice.len))
return false;
- if (cb.callback (cb.user_data, &dummy) == -1) {
- perror (rw->name);
- exit (EXIT_FAILURE);
- }
+ cb.callback (cb.user_data, &dummy);
return true;
}
diff --git a/copy/multi-thread-copying.c b/copy/multi-thread-copying.c
index 2593ff76..28749ae7 100644
--- a/copy/multi-thread-copying.c
+++ b/copy/multi-thread-copying.c
@@ -28,6 +28,7 @@
#include <errno.h>
#include <assert.h>
#include <sys/stat.h>
+#include <inttypes.h>
#include <pthread.h>
@@ -374,6 +375,12 @@ finished_read (void *vp, int *error)
{
struct command *command = vp;
+ if (*error) {
+ fprintf (stderr, "read at offset %" PRId64 " failed: %s\n",
+ command->offset, strerror (*error));
+ exit (EXIT_FAILURE);
+ }
+
if (allocated || sparse_size == 0) {
/* If sparseness detection (see below) is turned off then we write
* the whole command.
@@ -552,6 +559,12 @@ free_command (void *vp, int *error)
struct command *command = vp;
struct buffer *buffer = command->slice.buffer;
+ if (*error) {
+ fprintf (stderr, "write at offset %" PRId64 " failed: %s\n",
+ command->offset, strerror (*error));
+ exit (EXIT_FAILURE);
+ }
+
if (buffer != NULL) {
if (--buffer->refs == 0) {
free (buffer->data);
diff --git a/copy/nbdcopy.h b/copy/nbdcopy.h
index 3dcc6dfe..9626a52c 100644
--- a/copy/nbdcopy.h
+++ b/copy/nbdcopy.h
@@ -1,5 +1,5 @@
/* NBD client library in userspace.
- * Copyright (C) 2020 Red Hat Inc.
+ * Copyright (C) 2020-2022 Red Hat Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -134,7 +134,8 @@ struct rw_ops {
bool (*synch_zero) (struct rw *rw, uint64_t offset, uint64_t count);
/* Asynchronous I/O operations. These start the operation and call
- * 'cb' on completion.
+ * 'cb' on completion. 'cb' will return 1, for auto-retiring with
+ * asynchronous libnbd calls.
*
* The file_ops versions are actually implemented synchronously, but
* still call 'cb'.
@@ -156,7 +157,7 @@ struct rw_ops {
nbd_completion_callback cb);
/* Asynchronously zero. command->slice.buffer is not used. If not possible,
- * returns false.
+ * returns false. 'cb' must be called only if returning true.
*/
bool (*asynch_zero) (struct rw *rw, struct command *command,
nbd_completion_callback cb);
--
2.43.0

94
SOURCES/0008-build-Move-to-minimum-gnutls-3.5.18.patch
View File

@ -1,94 +0,0 @@
From cd4f3bed33d5ffdba6846d270c0e11713bc1caf6 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 25 Jun 2024 10:55:54 +0100
Subject: [PATCH] build: Move to minimum gnutls >= 3.5.18
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This version matches current qemu.
RHEL 7 gnutls is too old (lacks gnutls_session_set_verify_cert), which
means TLS will be disabled on this platform. RHEL 8 has gnutls 3.6.14.
I also unconditionally enabled the gnutls/socket.h header. This
header was added in 2016 (gnutls 3.5.3), so it's not present in RHEL 7.
On RHEL 7 the configure-time test now prints:
checking for GNUTLS... no
configure: WARNING: gnutls not found or < 3.5.18, TLS support will be disabled.
...
Optional library features:
TLS support ............................ no
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 5ff09cdbbd19226dd2d5015d76134f88dee9321e)
(cherry picked from commit cb6df4f81a97d5d58385d89b0135039f1eddee15)
---
configure.ac | 12 +++---------
lib/crypto.c | 5 +----
2 files changed, 4 insertions(+), 13 deletions(-)
diff --git a/configure.ac b/configure.ac
index da3dc38a..29e3b47a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -94,12 +94,13 @@ AC_ARG_WITH([gnutls],
[],
[with_gnutls=check])
AS_IF([test "$with_gnutls" != "no"],[
- PKG_CHECK_MODULES([GNUTLS], [gnutls >= 3.3.0], [
+ PKG_CHECK_MODULES([GNUTLS], [gnutls >= 3.5.18], [
+ printf "gnutls version is "; $PKG_CONFIG --modversion gnutls
AC_SUBST([GNUTLS_CFLAGS])
AC_SUBST([GNUTLS_LIBS])
AC_DEFINE([HAVE_GNUTLS],[1],[gnutls found at compile time.])
], [
- AC_MSG_WARN([gnutls not found or < 3.3.0, TLS support will be disabled.])
+ AC_MSG_WARN([gnutls not found or < 3.5.18, TLS support will be disabled.])
])
])
AM_CONDITIONAL([HAVE_GNUTLS], [test "x$GNUTLS_LIBS" != "x"])
@@ -114,13 +115,6 @@ AS_IF([test "$GNUTLS_LIBS" != ""],[
AC_MSG_RESULT([$tls_priority])
AC_DEFINE_UNQUOTED([TLS_PRIORITY],["$tls_priority"],
[Default TLS session priority string])
-
- # Check for APIs which may not be present.
- old_LIBS="$LIBS"
- LIBS="$GNUTLS_LIBS $LIBS"
- AC_CHECK_FUNCS([\
- gnutls_session_set_verify_cert])
- LIBS="$old_LIBS"
])
dnl certtool (part of GnuTLS) for testing TLS with certificates.
diff --git a/lib/crypto.c b/lib/crypto.c
index a9b3789c..705e114a 100644
--- a/lib/crypto.c
+++ b/lib/crypto.c
@@ -28,6 +28,7 @@
#ifdef HAVE_GNUTLS
#include <gnutls/gnutls.h>
+#include <gnutls/socket.h>
#endif
#include "internal.h"
@@ -512,12 +513,8 @@ set_up_certificate_credentials (struct nbd_handle *h,
return NULL;
found_certificates:
-#ifdef HAVE_GNUTLS_SESSION_SET_VERIFY_CERT
if (h->hostname && h->tls_verify_peer)
gnutls_session_set_verify_cert (session, h->hostname, 0);
-#else
- debug (h, "ignoring nbd_set_tls_verify_peer, this requires GnuTLS >= 3.4.6");
-#endif
err = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, ret);
if (err < 0) {
--
2.43.0

727
SOURCES/0009-tests-Factor-out-some-common-Makefile-flags.patch
View File

@ -1,727 +0,0 @@
From a852cec30a6540b5c1ea2947195454eef6269944 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Fri, 27 Aug 2021 15:12:12 +0100
Subject: [PATCH] tests: Factor out some common Makefile flags
We can use AM_CPPFLAGS, AM_CFLAGS etc to factor out some common flags
in the tests. Note the rules here are complicated, see:
https://www.gnu.org/software/automake/manual/html_node/Flag-Variables-Ordering.html
and for unclear reasons there is no AM_LDADD nor any workaround:
https://stackoverflow.com/questions/29252969/automake-am-ldadd-workaround
This commit is mostly pure refactoring but it also tries to make the
flags usage more consistent across tests so it may have side-effects
like enabling more warnings.
(cherry picked from commit 5fd648f821e9ab3ee08bf360348d1fb01537a267)
(cherry picked from commit 6cb1f74b09beca1ddaef794136f221bfb7bb4faa)
---
interop/Makefile.am | 57 ++++++-------
tests/Makefile.am | 190 ++++++++++++++++++--------------------------
2 files changed, 104 insertions(+), 143 deletions(-)
diff --git a/interop/Makefile.am b/interop/Makefile.am
index 9787c26e..9432ad43 100644
--- a/interop/Makefile.am
+++ b/interop/Makefile.am
@@ -28,6 +28,16 @@ LOG_COMPILER = $(top_builddir)/run
check_PROGRAMS =
TESTS =
+# Common flags.
+# Note there is no such thing as "AM_LDADD".
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/include \
+ -I$(top_srcdir)/tests \
+ $(NULL)
+AM_CFLAGS = \
+ $(WARNINGS_CFLAGS) \
+ $(NULL)
+
if HAVE_NBD_SERVER
check_PROGRAMS += \
@@ -41,22 +51,20 @@ TESTS += \
interop_nbd_server_SOURCES = interop.c
interop_nbd_server_CPPFLAGS = \
- -I$(top_srcdir)/include \
+ $(AM_CPPFLAGS) \
-DSERVER=\"$(NBD_SERVER)\" \
-DSERVER_PARAMS='"-d", "-C", "/dev/null", "0", tmpfile' \
-DEXPORT_NAME='""'
-interop_nbd_server_CFLAGS = $(WARNINGS_CFLAGS)
interop_nbd_server_LDADD = $(top_builddir)/lib/libnbd.la
list_exports_nbd_server_SOURCES = list-exports.c
list_exports_nbd_server_CPPFLAGS = \
- -I$(top_srcdir)/include \
+ $(AM_CPPFLAGS) \
-DSERVER=\"$(NBD_SERVER)\" \
-DSERVER_PARAMS='"-C", "$(srcdir)/list-exports-nbd-config", "-d", "0"' \
-DEXPORTS='"disk1", "disk2"' \
-DDESCRIPTIONS='"", ""' \
$(NULL)
-list_exports_nbd_server_CFLAGS = $(WARNINGS_CFLAGS)
list_exports_nbd_server_LDADD = $(top_builddir)/lib/libnbd.la
endif HAVE_NBD_SERVER
@@ -104,19 +112,18 @@ endif
interop_qemu_nbd_SOURCES = interop.c
interop_qemu_nbd_CPPFLAGS = \
- -I$(top_srcdir)/include \
+ $(AM_CPPFLAGS) \
-DSOCKET_ACTIVATION=1 \
-DSERVER=\"$(QEMU_NBD)\" \
-DSERVER_PARAMS='"-f", "raw", "-x", "/", tmpfile' \
-DEXPORT_NAME='"/"' \
$(NULL)
-interop_qemu_nbd_CFLAGS = $(WARNINGS_CFLAGS)
interop_qemu_nbd_LDADD = $(top_builddir)/lib/libnbd.la
# qemu-nbd requires absolute path to dir
interop_qemu_nbd_tls_certs_SOURCES = interop.c
interop_qemu_nbd_tls_certs_CPPFLAGS = \
- -I$(top_srcdir)/include \
+ $(AM_CPPFLAGS) \
-DSOCKET_ACTIVATION=1 \
-DSERVER=\"$(QEMU_NBD)\" \
-DSERVER_PARAMS='"--object", "tls-creds-x509,id=tls0,endpoint=server,dir=$(abs_top_builddir)/tests/pki", "--tls-creds", "tls0", "-f", "raw", "-x", "/", tmpfile' \
@@ -124,13 +131,12 @@ interop_qemu_nbd_tls_certs_CPPFLAGS = \
-DCERTS=1 \
-DTLS_MODE=LIBNBD_TLS_REQUIRE \
$(NULL)
-interop_qemu_nbd_tls_certs_CFLAGS = $(WARNINGS_CFLAGS)
interop_qemu_nbd_tls_certs_LDADD = $(top_builddir)/lib/libnbd.la
# qemu-nbd requires absolute path to dir
interop_qemu_nbd_tls_psk_SOURCES = interop.c
interop_qemu_nbd_tls_psk_CPPFLAGS = \
- -I$(top_srcdir)/include \
+ $(AM_CPPFLAGS) \
-DSOCKET_ACTIVATION=1 \
-DSERVER=\"$(QEMU_NBD)\" \
-DSERVER_PARAMS='"--object", "tls-creds-psk,id=tls0,endpoint=server,dir=$(abs_top_builddir)/tests", "--tls-creds", "tls0", "-f", "raw", "-x", "/", tmpfile' \
@@ -138,7 +144,6 @@ interop_qemu_nbd_tls_psk_CPPFLAGS = \
-DPSK=1 \
-DTLS_MODE=LIBNBD_TLS_REQUIRE \
$(NULL)
-interop_qemu_nbd_tls_psk_CFLAGS = $(WARNINGS_CFLAGS)
interop_qemu_nbd_tls_psk_LDADD = $(top_builddir)/lib/libnbd.la
dirty_bitmap_SOURCES = dirty-bitmap.c
@@ -148,28 +153,24 @@ dirty_bitmap_LDADD = $(top_builddir)/lib/libnbd.la
list_exports_qemu_nbd_SOURCES = list-exports.c
list_exports_qemu_nbd_CPPFLAGS = \
- -I$(top_srcdir)/include \
+ $(AM_CPPFLAGS) \
-DSOCKET_ACTIVATION=1 \
-DSERVER=\"$(QEMU_NBD)\" \
-DSERVER_PARAMS='"-f", "raw", "-x", "testing", "-D", "data", tmpfile' \
-DEXPORTS='"testing"' \
-DDESCRIPTIONS='"data"' \
$(NULL)
-list_exports_qemu_nbd_CFLAGS = $(WARNINGS_CFLAGS)
list_exports_qemu_nbd_LDADD = $(top_builddir)/lib/libnbd.la
socket_activation_qemu_nbd_SOURCES = socket-activation.c
socket_activation_qemu_nbd_CPPFLAGS = \
- -I$(top_srcdir)/include \
+ $(AM_CPPFLAGS) \
-DSERVER=\"$(QEMU_NBD)\" \
-DSERVER_PARAMS='"-f", "raw", "-x", "", tmpfile' \
$(NULL)
-socket_activation_qemu_nbd_CFLAGS = $(WARNINGS_CFLAGS)
socket_activation_qemu_nbd_LDADD = $(top_builddir)/lib/libnbd.la
structured_read_SOURCES = structured-read.c
-structured_read_CPPFLAGS = -I$(top_srcdir)/include
-structured_read_CFLAGS = $(WARNINGS_CFLAGS)
structured_read_LDADD = $(top_builddir)/lib/libnbd.la
endif HAVE_QEMU_NBD
@@ -215,88 +216,80 @@ endif
interop_nbdkit_SOURCES = interop.c
interop_nbdkit_CPPFLAGS = \
- -I$(top_srcdir)/include \
+ $(AM_CPPFLAGS) \
-DSERVER=\"$(NBDKIT)\" \
-DSERVER_PARAMS='"-s", "--exit-with-parent", "file", tmpfile' \
$(NULL)
-interop_nbdkit_CFLAGS = $(WARNINGS_CFLAGS)
interop_nbdkit_LDADD = $(top_builddir)/lib/libnbd.la
interop_nbdkit_tls_certs_SOURCES = interop.c
interop_nbdkit_tls_certs_CPPFLAGS = \
- -I$(top_srcdir)/include \
+ $(AM_CPPFLAGS) \
-DSERVER=\"$(NBDKIT)\" \
-DSERVER_PARAMS='"--tls=require", "--tls-certificates=../tests/pki", "-s", "--exit-with-parent", "file", tmpfile' \
-DCERTS=1 \
-DTLS_MODE=LIBNBD_TLS_REQUIRE \
$(NULL)
-interop_nbdkit_tls_certs_CFLAGS = $(WARNINGS_CFLAGS)
interop_nbdkit_tls_certs_LDADD = $(top_builddir)/lib/libnbd.la
interop_nbdkit_tls_certs_allow_enabled_SOURCES = interop.c
interop_nbdkit_tls_certs_allow_enabled_CPPFLAGS = \
- -I$(top_srcdir)/include \
+ $(AM_CPPFLAGS) \
-DSERVER=\"$(NBDKIT)\" \
-DSERVER_PARAMS='"--tls=require", "--tls-certificates=../tests/pki", "-s", "--exit-with-parent", "file", tmpfile' \
-DCERTS=1 \
-DTLS_MODE=LIBNBD_TLS_ALLOW \
$(NULL)
-interop_nbdkit_tls_certs_allow_enabled_CFLAGS = $(WARNINGS_CFLAGS)
interop_nbdkit_tls_certs_allow_enabled_LDADD = $(top_builddir)/lib/libnbd.la
interop_nbdkit_tls_certs_allow_fallback_SOURCES = interop.c
interop_nbdkit_tls_certs_allow_fallback_CPPFLAGS = \
- -I$(top_srcdir)/include \
+ $(AM_CPPFLAGS) \
-DSERVER=\"$(NBDKIT)\" \
-DSERVER_PARAMS='"--tls=off", "-s", "--exit-with-parent", "file", tmpfile' \
-DCERTS=1 \
-DTLS_MODE=LIBNBD_TLS_ALLOW \
-DTLS_FALLBACK=1 \
$(NULL)
-interop_nbdkit_tls_certs_allow_fallback_CFLAGS = $(WARNINGS_CFLAGS)
interop_nbdkit_tls_certs_allow_fallback_LDADD = $(top_builddir)/lib/libnbd.la
interop_nbdkit_tls_psk_SOURCES = interop.c
interop_nbdkit_tls_psk_CPPFLAGS = \
- -I$(top_srcdir)/include \
+ $(AM_CPPFLAGS) \
-DSERVER=\"$(NBDKIT)\" \
-DSERVER_PARAMS='"--tls=require", "--tls-psk=../tests/keys.psk", "-s", "--exit-with-parent", "file", tmpfile' \
-DPSK=1 \
-DTLS_MODE=LIBNBD_TLS_REQUIRE \
$(NULL)
-interop_nbdkit_tls_psk_CFLAGS = $(WARNINGS_CFLAGS)
interop_nbdkit_tls_psk_LDADD = $(top_builddir)/lib/libnbd.la
interop_nbdkit_tls_psk_allow_enabled_SOURCES = interop.c
interop_nbdkit_tls_psk_allow_enabled_CPPFLAGS = \
- -I$(top_srcdir)/include \
+ $(AM_CPPFLAGS) \
-DSERVER=\"$(NBDKIT)\" \
-DSERVER_PARAMS='"--tls=require", "--tls-psk=../tests/keys.psk", "-s", "--exit-with-parent", "file", tmpfile' \
-DPSK=1 \
-DTLS_MODE=LIBNBD_TLS_ALLOW \
$(NULL)
-interop_nbdkit_tls_psk_allow_enabled_CFLAGS = $(WARNINGS_CFLAGS)
interop_nbdkit_tls_psk_allow_enabled_LDADD = $(top_builddir)/lib/libnbd.la
interop_nbdkit_tls_psk_allow_fallback_SOURCES = interop.c
interop_nbdkit_tls_psk_allow_fallback_CPPFLAGS = \
- -I$(top_srcdir)/include \
+ $(AM_CPPFLAGS) \
-DSERVER=\"$(NBDKIT)\" \
-DSERVER_PARAMS='"--tls=off", "-s", "--exit-with-parent", "file", tmpfile' \
-DPSK=1 \
-DTLS_MODE=LIBNBD_TLS_ALLOW \
-DTLS_FALLBACK=1 \
$(NULL)
-interop_nbdkit_tls_psk_allow_fallback_CFLAGS = $(WARNINGS_CFLAGS)
interop_nbdkit_tls_psk_allow_fallback_LDADD = $(top_builddir)/lib/libnbd.la
socket_activation_nbdkit_SOURCES = socket-activation.c
socket_activation_nbdkit_CPPFLAGS = \
- -I$(top_srcdir)/include \
+ $(AM_CPPFLAGS) \
-DSERVER=\"$(NBDKIT)\" \
-DSERVER_PARAMS='"file", tmpfile' \
$(NULL)
-socket_activation_nbdkit_CFLAGS = $(WARNINGS_CFLAGS)
socket_activation_nbdkit_LDADD = $(top_builddir)/lib/libnbd.la
endif HAVE_NBDKIT
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 64320cad..436e1c10 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -52,6 +52,18 @@ TESTS_ENVIRONMENT = srcdir=$(srcdir) LIBNBD_DEBUG=1
# Use the ./run script so we're always using the local library and tools.
LOG_COMPILER = $(top_builddir)/run
+# Common flags.
+# Note there is no such thing as "AM_LDADD".
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/include \
+ $(NULL)
+AM_CFLAGS = \
+ $(WARNINGS_CFLAGS) \
+ $(NULL)
+AM_CXXFLAGS = \
+ $(WARNINGS_CFLAGS) \
+ $(NULL)
+
#----------------------------------------------------------------------
# The following tests do not need an NBD server.
@@ -81,45 +93,30 @@ TESTS += \
.PHONY: compile
compile_header_only_SOURCES = compile-header-only.c
-compile_header_only_CPPFLAGS = -I$(top_srcdir)/include
-compile_header_only_CFLAGS = $(WARNINGS_CFLAGS)
compile_header_only_LDADD = $(top_builddir)/lib/libnbd.la
compile_c_SOURCES = compile.c
-compile_c_CPPFLAGS = -I$(top_srcdir)/include
-compile_c_CFLAGS = $(WARNINGS_CFLAGS)
compile_c_LDADD = $(top_builddir)/lib/libnbd.la
compile_ansi_c_SOURCES = compile-ansi-c.c
compile_ansi_c_CPPFLAGS = \
- -I$(top_srcdir)/include \
+ $(AM_CPPFLAGS) \
-std=c90 -pedantic
-compile_ansi_c_CFLAGS = $(WARNINGS_CFLAGS)
compile_ansi_c_LDADD = $(top_builddir)/lib/libnbd.la
close_null_SOURCES = close-null.c
-close_null_CPPFLAGS = -I$(top_srcdir)/include
-close_null_CFLAGS = $(WARNINGS_CFLAGS)
close_null_LDADD = $(top_builddir)/lib/libnbd.la
debug_SOURCES = debug.c
-debug_CPPFLAGS = -I$(top_srcdir)/include
-debug_CFLAGS = $(WARNINGS_CFLAGS)
debug_LDADD = $(top_builddir)/lib/libnbd.la
debug_environment_SOURCES = debug-environment.c
-debug_environment_CPPFLAGS = -I$(top_srcdir)/include
-debug_environment_CFLAGS = $(WARNINGS_CFLAGS)
debug_environment_LDADD = $(top_builddir)/lib/libnbd.la
version_SOURCES = version.c
-version_CPPFLAGS = -I$(top_srcdir)/include
-version_CFLAGS = $(WARNINGS_CFLAGS)
version_LDADD = $(top_builddir)/lib/libnbd.la
export_name_SOURCES = export-name.c
-export_name_CPPFLAGS = -I$(top_srcdir)/include
-export_name_CFLAGS = $(WARNINGS_CFLAGS)
export_name_LDADD = $(top_builddir)/lib/libnbd.la
if HAVE_CXX
@@ -128,8 +125,6 @@ check_PROGRAMS += compile-cxx
TESTS += compile-cxx
compile_cxx_SOURCES = compile-cxx.cpp
-compile_cxx_CPPFLAGS = -I$(top_srcdir)/include
-compile_cxx_CXXFLAGS = $(WARNINGS_CFLAGS)
compile_cxx_LDADD = $(top_builddir)/lib/libnbd.la
endif HAVE_CXX
@@ -220,243 +215,208 @@ TESTS += \
$(NULL)
errors_SOURCES = errors.c
-errors_CPPFLAGS = -I$(top_srcdir)/include
-errors_CFLAGS = $(WARNINGS_CFLAGS)
errors_LDADD = $(top_builddir)/lib/libnbd.la
server_death_SOURCES = server-death.c
-server_death_CPPFLAGS = -I$(top_srcdir)/include
-server_death_CFLAGS = $(WARNINGS_CFLAGS)
server_death_LDADD = $(top_builddir)/lib/libnbd.la
shutdown_flags_SOURCES = shutdown-flags.c
-shutdown_flags_CPPFLAGS = -I$(top_srcdir)/include
-shutdown_flags_CFLAGS = $(WARNINGS_CFLAGS)
shutdown_flags_LDADD = $(top_builddir)/lib/libnbd.la
get_size_SOURCES = get-size.c
-get_size_CPPFLAGS = -I$(top_srcdir)/include
-get_size_CFLAGS = $(WARNINGS_CFLAGS)
get_size_LDADD = $(top_builddir)/lib/libnbd.la
read_only_flag_SOURCES = read-only-flag.c
-read_only_flag_CPPFLAGS = -I$(top_srcdir)/include
-read_only_flag_CFLAGS = $(WARNINGS_CFLAGS)
read_only_flag_LDADD = $(top_builddir)/lib/libnbd.la
read_write_flag_SOURCES = read-write-flag.c
-read_write_flag_CPPFLAGS = -I$(top_srcdir)/include
-read_write_flag_CFLAGS = $(WARNINGS_CFLAGS)
read_write_flag_LDADD = $(top_builddir)/lib/libnbd.la
can_flush_flag_SOURCES = eflags.c
can_flush_flag_CPPFLAGS = \
- -I$(top_srcdir)/include -Dflag=can_flush \
+ $(AM_CPPFLAGS) \
+ -Dflag=can_flush \
$(NULL)
-can_flush_flag_CFLAGS = $(WARNINGS_CFLAGS)
can_flush_flag_LDADD = $(top_builddir)/lib/libnbd.la
can_not_flush_flag_SOURCES = eflags.c
can_not_flush_flag_CPPFLAGS = \
- -I$(top_srcdir)/include -Dflag=can_flush -Dvalue=false \
+ $(AM_CPPFLAGS) \
+ -Dflag=can_flush -Dvalue=false \
$(NULL)
-can_not_flush_flag_CFLAGS = $(WARNINGS_CFLAGS)
can_not_flush_flag_LDADD = $(top_builddir)/lib/libnbd.la
can_fua_flag_SOURCES = eflags.c
can_fua_flag_CPPFLAGS = \
- -I$(top_srcdir)/include -Dflag=can_fua -Dvalue=native \
+ $(AM_CPPFLAGS) \
+ -Dflag=can_fua -Dvalue=native \
$(NULL)
-can_fua_flag_CFLAGS = $(WARNINGS_CFLAGS)
can_fua_flag_LDADD = $(top_builddir)/lib/libnbd.la
can_not_fua_flag_SOURCES = eflags.c
can_not_fua_flag_CPPFLAGS = \
- -I$(top_srcdir)/include -Dflag=can_fua -Dvalue=none \
+ $(AM_CPPFLAGS) \
+ -Dflag=can_fua -Dvalue=none \
$(NULL)
-can_not_fua_flag_CFLAGS = $(WARNINGS_CFLAGS)
can_not_fua_flag_LDADD = $(top_builddir)/lib/libnbd.la
is_rotational_flag_SOURCES = eflags.c
is_rotational_flag_CPPFLAGS = \
- -I$(top_srcdir)/include -Dflag=is_rotational \
+ $(AM_CPPFLAGS) \
+ -Dflag=is_rotational \
$(NULL)
-is_rotational_flag_CFLAGS = $(WARNINGS_CFLAGS)
is_rotational_flag_LDADD = $(top_builddir)/lib/libnbd.la
is_not_rotational_flag_SOURCES = eflags.c
is_not_rotational_flag_CPPFLAGS = \
- -I$(top_srcdir)/include -Dflag=is_rotational -Dvalue=false \
+ $(AM_CPPFLAGS) \
+ -Dflag=is_rotational -Dvalue=false \
$(NULL)
-is_not_rotational_flag_CFLAGS = $(WARNINGS_CFLAGS)
is_not_rotational_flag_LDADD = $(top_builddir)/lib/libnbd.la
can_trim_flag_SOURCES = eflags.c
can_trim_flag_CPPFLAGS = \
- -I$(top_srcdir)/include -Dflag=can_trim \
+ $(AM_CPPFLAGS) \
+ -Dflag=can_trim \
$(NULL)
-can_trim_flag_CFLAGS = $(WARNINGS_CFLAGS)
can_trim_flag_LDADD = $(top_builddir)/lib/libnbd.la
can_not_trim_flag_SOURCES = eflags.c
can_not_trim_flag_CPPFLAGS = \
- -I$(top_srcdir)/include -Dflag=can_trim -Dvalue=false \
+ $(AM_CPPFLAGS) \
+ -Dflag=can_trim -Dvalue=false \
$(NULL)
-can_not_trim_flag_CFLAGS = $(WARNINGS_CFLAGS)
can_not_trim_flag_LDADD = $(top_builddir)/lib/libnbd.la
can_zero_flag_SOURCES = eflags.c
can_zero_flag_CPPFLAGS = \
- -I$(top_srcdir)/include -Dflag=can_zero \
+ $(AM_CPPFLAGS) \
+ -Dflag=can_zero \
$(NULL)
-can_zero_flag_CFLAGS = $(WARNINGS_CFLAGS)
can_zero_flag_LDADD = $(top_builddir)/lib/libnbd.la
can_not_zero_flag_SOURCES = eflags.c
can_not_zero_flag_CPPFLAGS = \
- -I$(top_srcdir)/include -Dflag=can_zero -Dvalue=false \
+ $(AM_CPPFLAGS) \
+ -Dflag=can_zero -Dvalue=false \
-Dfilter='"--filter=nozero"' \
$(NULL)
-can_not_zero_flag_CFLAGS = $(WARNINGS_CFLAGS)
can_not_zero_flag_LDADD = $(top_builddir)/lib/libnbd.la
can_fast_zero_flag_SOURCES = eflags.c
can_fast_zero_flag_CPPFLAGS = \
+ $(AM_CPPFLAGS) \
-I$(top_srcdir)/include -Dflag=can_fast_zero \
-Drequire='"has_can_fast_zero=1"' \
$(NULL)
-can_fast_zero_flag_CFLAGS = $(WARNINGS_CFLAGS)
can_fast_zero_flag_LDADD = $(top_builddir)/lib/libnbd.la
can_not_fast_zero_flag_SOURCES = eflags.c
can_not_fast_zero_flag_CPPFLAGS = \
+ $(AM_CPPFLAGS) \
-I$(top_srcdir)/include -Dflag=can_fast_zero -Dvalue=false \
-Drequire='"has_can_fast_zero=1"' \
$(NULL)
-can_not_fast_zero_flag_CFLAGS = $(WARNINGS_CFLAGS)
can_not_fast_zero_flag_LDADD = $(top_builddir)/lib/libnbd.la
can_df_flag_SOURCES = eflags.c
can_df_flag_CPPFLAGS = \
- -I$(top_srcdir)/include -Dflag=can_df \
+ $(AM_CPPFLAGS) \
+ -Dflag=can_df \
$(NULL)
-can_df_flag_CFLAGS = $(WARNINGS_CFLAGS)
can_df_flag_LDADD = $(top_builddir)/lib/libnbd.la
can_not_df_flag_SOURCES = eflags.c
can_not_df_flag_CPPFLAGS = \
- -I$(top_srcdir)/include -Dflag=can_df -Dvalue=false -Dno_sr \
+ $(AM_CPPFLAGS) \
+ -Dflag=can_df -Dvalue=false -Dno_sr \
$(NULL)
-can_not_df_flag_CFLAGS = $(WARNINGS_CFLAGS)
can_not_df_flag_LDADD = $(top_builddir)/lib/libnbd.la
can_multi_conn_flag_SOURCES = eflags.c
can_multi_conn_flag_CPPFLAGS = \
- -I$(top_srcdir)/include -Dflag=can_multi_conn \
+ $(AM_CPPFLAGS) \
+ -Dflag=can_multi_conn \
$(NULL)
-can_multi_conn_flag_CFLAGS = $(WARNINGS_CFLAGS)
can_multi_conn_flag_LDADD = $(top_builddir)/lib/libnbd.la
can_not_multi_conn_flag_SOURCES = eflags.c
can_not_multi_conn_flag_CPPFLAGS = \
- -I$(top_srcdir)/include -Dflag=can_multi_conn -Dvalue=false \
+ $(AM_CPPFLAGS) \
+ -Dflag=can_multi_conn -Dvalue=false \
$(NULL)
-can_not_multi_conn_flag_CFLAGS = $(WARNINGS_CFLAGS)
can_not_multi_conn_flag_LDADD = $(top_builddir)/lib/libnbd.la
can_cache_flag_SOURCES = eflags.c
can_cache_flag_CPPFLAGS = \
+ $(AM_CPPFLAGS) \
-I$(top_srcdir)/include -Dflag=can_cache -Dvalue=native \
-Drequire='"has_can_cache=1"' \
$(NULL)
-can_cache_flag_CFLAGS = $(WARNINGS_CFLAGS)
can_cache_flag_LDADD = $(top_builddir)/lib/libnbd.la
can_not_cache_flag_SOURCES = eflags.c
can_not_cache_flag_CPPFLAGS = \
+ $(AM_CPPFLAGS) \
-I$(top_srcdir)/include -Dflag=can_cache -Dvalue=none \
-Drequire='"has_can_cache=1"' \
$(NULL)
-can_not_cache_flag_CFLAGS = $(WARNINGS_CFLAGS)
can_not_cache_flag_LDADD = $(top_builddir)/lib/libnbd.la
oldstyle_SOURCES = oldstyle.c
-oldstyle_CPPFLAGS = -I$(top_srcdir)/include
-oldstyle_CFLAGS = $(WARNINGS_CFLAGS)
oldstyle_LDADD = $(top_builddir)/lib/libnbd.la
newstyle_limited_SOURCES = newstyle-limited.c
-newstyle_limited_CPPFLAGS = -I$(top_srcdir)/include
-newstyle_limited_CFLAGS = $(WARNINGS_CFLAGS)
newstyle_limited_LDADD = $(top_builddir)/lib/libnbd.la
opt_abort_SOURCES = opt-abort.c
-opt_abort_CPPFLAGS = -I$(top_srcdir)/include
-opt_abort_CFLAGS = $(WARNINGS_CFLAGS)
opt_abort_LDADD = $(top_builddir)/lib/libnbd.la
opt_list_SOURCES = opt-list.c
opt_list_CPPFLAGS = \
- -I$(top_srcdir)/include \
+ $(AM_CPPFLAGS) \
-DSCRIPT='"$(abs_srcdir)/opt-list.sh"' \
$(NULL)
-opt_list_CFLAGS = $(WARNINGS_CFLAGS)
opt_list_LDADD = $(top_builddir)/lib/libnbd.la
opt_info_SOURCES = opt-info.c
opt_info_CPPFLAGS = \
- -I$(top_srcdir)/include \
+ $(AM_CPPFLAGS) \
-DSCRIPT='"$(abs_srcdir)/opt-info.sh"' \
$(NULL)
-opt_info_CFLAGS = $(WARNINGS_CFLAGS)
opt_info_LDADD = $(top_builddir)/lib/libnbd.la
opt_list_meta_SOURCES = opt-list-meta.c
-opt_list_meta_CPPFLAGS = \
- -I$(top_srcdir)/include \
- $(NULL)
-opt_list_meta_CFLAGS = $(WARNINGS_CFLAGS)
opt_list_meta_LDADD = $(top_builddir)/lib/libnbd.la
connect_unix_SOURCES = connect-unix.c
-connect_unix_CPPFLAGS = -I$(top_srcdir)/include
-connect_unix_CFLAGS = $(WARNINGS_CFLAGS)
connect_unix_LDADD = $(top_builddir)/lib/libnbd.la
connect_tcp_SOURCES = connect-tcp.c
-connect_tcp_CPPFLAGS = -I$(top_srcdir)/include
-connect_tcp_CFLAGS = $(WARNINGS_CFLAGS)
connect_tcp_LDADD = $(top_builddir)/lib/libnbd.la
aio_parallel_SOURCES = aio-parallel.c
aio_parallel_CPPFLAGS = \
- -I$(top_srcdir)/include \
+ $(AM_CPPFLAGS) \
-I$(top_srcdir)/common/include \
$(NULL)
-aio_parallel_CFLAGS = $(WARNINGS_CFLAGS) $(PTHREAD_CFLAGS)
aio_parallel_LDADD = $(top_builddir)/lib/libnbd.la $(PTHREAD_LIBS)
aio_parallel_load_SOURCES = aio-parallel-load.c
-aio_parallel_load_CPPFLAGS = -I$(top_srcdir)/include
-aio_parallel_load_CFLAGS = $(WARNINGS_CFLAGS) $(PTHREAD_CFLAGS)
aio_parallel_load_LDADD = $(top_builddir)/lib/libnbd.la $(PTHREAD_LIBS)
synch_parallel_SOURCES = synch-parallel.c
synch_parallel_CPPFLAGS = \
- -I$(top_srcdir)/include \
+ $(AM_CPPFLAGS) \
-I$(top_srcdir)/common/include \
$(NULL)
-synch_parallel_CFLAGS = $(WARNINGS_CFLAGS) $(PTHREAD_CFLAGS)
+synch_parallel_CFLAGS = $(AM_CFLAGS) $(PTHREAD_CFLAGS)
synch_parallel_LDADD = $(top_builddir)/lib/libnbd.la $(PTHREAD_LIBS)
meta_base_allocation_SOURCES = meta-base-allocation.c
-meta_base_allocation_CPPFLAGS = -I$(top_srcdir)/include
-meta_base_allocation_CFLAGS = $(WARNINGS_CFLAGS)
meta_base_allocation_LDADD = $(top_builddir)/lib/libnbd.la
closure_lifetimes_SOURCES = closure-lifetimes.c
-closure_lifetimes_CPPFLAGS = -I$(top_srcdir)/include
-closure_lifetimes_CFLAGS = $(WARNINGS_CFLAGS)
closure_lifetimes_LDADD = $(top_builddir)/lib/libnbd.la
#----------------------------------------------------------------------
@@ -470,8 +430,10 @@ check_DATA += pki/stamp-pki
TESTS += connect-tls-certs
connect_tls_certs_SOURCES = connect-tls.c
-connect_tls_certs_CPPFLAGS = -I$(top_srcdir)/include -DCERTS=1
-connect_tls_certs_CFLAGS = $(WARNINGS_CFLAGS)
+connect_tls_certs_CPPFLAGS = \
+ $(AM_CPPFLAGS) \
+ -DCERTS=1 \
+ $(NULL)
connect_tls_certs_LDADD = $(top_builddir)/lib/libnbd.la
pki/stamp-pki: $(srcdir)/make-pki.sh
@@ -499,31 +461,36 @@ TESTS += \
check_DATA += keys.psk
connect_tls_psk_SOURCES = connect-tls.c
-connect_tls_psk_CPPFLAGS = -I$(top_srcdir)/include -DPSK=1
-connect_tls_psk_CFLAGS = $(WARNINGS_CFLAGS)
+connect_tls_psk_CPPFLAGS = \
+ $(AM_CPPFLAGS) \
+ -DPSK=1 \
+ $(NULL)
connect_tls_psk_LDADD = $(top_builddir)/lib/libnbd.la
aio_parallel_tls_SOURCES = aio-parallel.c
aio_parallel_tls_CPPFLAGS = \
- -I$(top_srcdir)/include \
+ $(AM_CPPFLAGS) \
-I$(top_srcdir)/common/include \
-DTLS=1 \
$(NULL)
-aio_parallel_tls_CFLAGS = $(WARNINGS_CFLAGS) $(PTHREAD_CFLAGS)
+aio_parallel_tls_CFLAGS = $(AM_CFLAGS) $(PTHREAD_CFLAGS)
aio_parallel_tls_LDADD = $(top_builddir)/lib/libnbd.la $(PTHREAD_LIBS)
aio_parallel_load_tls_SOURCES = aio-parallel-load.c
-aio_parallel_load_tls_CPPFLAGS = -I$(top_srcdir)/include -DTLS=1
-aio_parallel_load_tls_CFLAGS = $(WARNINGS_CFLAGS) $(PTHREAD_CFLAGS)
+aio_parallel_load_tls_CPPFLAGS = \
+ $(AM_CPPFLAGS) \
+ -DTLS=1 \
+ $(NULL)
+aio_parallel_load_tls_CFLAGS = $(AM_CFLAGS) $(PTHREAD_CFLAGS)
aio_parallel_load_tls_LDADD = $(top_builddir)/lib/libnbd.la $(PTHREAD_LIBS)
synch_parallel_tls_SOURCES = synch-parallel.c
synch_parallel_tls_CPPFLAGS = \
- -I$(top_srcdir)/include \
+ $(AM_CPPFLAGS) \
-I$(top_srcdir)/common/include \
-DTLS=1 \
$(NULL)
-synch_parallel_tls_CFLAGS = $(WARNINGS_CFLAGS) $(PTHREAD_CFLAGS)
+synch_parallel_tls_CFLAGS = $(AM_CFLAGS) $(PTHREAD_CFLAGS)
synch_parallel_tls_LDADD = $(top_builddir)/lib/libnbd.la $(PTHREAD_LIBS)
keys.psk:
@@ -550,18 +517,19 @@ TESTS += \
RANDOM1 := $(shell bash -c "echo $$(( 32768 + (RANDOM & 16383) ))")
connect_uri_nbd_SOURCES = connect-uri.c
connect_uri_nbd_CPPFLAGS = \
- -I$(top_srcdir)/include \
+ $(AM_CPPFLAGS) \
-DSERVER_PARAMS='"-p", "$(RANDOM1)"' \
-DPIDFILE='"connect-uri-nbd.pid"' \
- -DURI='"nbd://localhost:$(RANDOM1)/"'
-connect_uri_nbd_CFLAGS = $(WARNINGS_CFLAGS)
+ -DURI='"nbd://localhost:$(RANDOM1)/"' \
+ $(NULL)
+connect_uri_nbd_CFLAGS = $(AM_CFLAGS)
connect_uri_nbd_LDADD = $(top_builddir)/lib/libnbd.la
CONNECT_URI_NBD_UNIX_SOCKET := \
$(shell mktemp /tmp/connect-uri-nbd-unix-socket-XXXXXX)
connect_uri_nbd_unix_SOURCES = connect-uri.c
connect_uri_nbd_unix_CPPFLAGS = \
- -I$(top_srcdir)/include \
+ $(AM_CPPFLAGS) \
-DSERVER_PARAMS='"-U", SOCKET' \
-DSOCKET='"$(CONNECT_URI_NBD_UNIX_SOCKET)"' \
-DPIDFILE='"connect-uri-nbd-unix.pid"' \
@@ -584,18 +552,18 @@ TESTS += \
RANDOM2 := $(shell bash -c "echo $$(( 32768 + (RANDOM & 16383) ))")
connect_uri_nbds_SOURCES = connect-uri.c
connect_uri_nbds_CPPFLAGS = \
- -I$(top_srcdir)/include \
+ $(AM_CPPFLAGS) \
-DSERVER_PARAMS='"-p", "$(RANDOM2)", "--tls=require", "--tls-certificates=pki"' \
-DPIDFILE='"connect-uri-nbds.pid"' \
- -DURI='"nbds://localhost:$(RANDOM2)/"'
-connect_uri_nbds_CFLAGS = $(WARNINGS_CFLAGS)
+ -DURI='"nbds://localhost:$(RANDOM2)/"' \
+ $(NULL)
connect_uri_nbds_LDADD = $(top_builddir)/lib/libnbd.la
CONNECT_URI_NBDS_UNIX_SOCKET := \
$(shell mktemp /tmp/connect-uri-nbds-unix-socket-XXXXXX)
connect_uri_nbds_unix_SOURCES = connect-uri.c
connect_uri_nbds_unix_CPPFLAGS = \
- -I$(top_srcdir)/include \
+ $(AM_CPPFLAGS) \
-DSERVER_PARAMS='"-U", SOCKET, "--tls=require", "--tls-certificates=pki"' \
-DSOCKET='"$(CONNECT_URI_NBDS_UNIX_SOCKET)"' \
-DPIDFILE='"connect-uri-nbds-unix.pid"' \
@@ -617,11 +585,11 @@ TESTS += \
RANDOM3 := $(shell bash -c "echo $$(( 32768 + (RANDOM & 16383) ))")
connect_uri_nbds_psk_SOURCES = connect-uri.c
connect_uri_nbds_psk_CPPFLAGS = \
- -I$(top_srcdir)/include \
+ $(AM_CPPFLAGS) \
-DSERVER_PARAMS='"-p", "$(RANDOM3)", "--tls=require", "--tls-psk=keys.psk"' \
-DPIDFILE='"connect-uri-nbds-psk.pid"' \
- -DURI='"nbds://alice@localhost:$(RANDOM3)/?tls-psk-file=keys.psk"'
-connect_uri_nbds_psk_CFLAGS = $(WARNINGS_CFLAGS)
+ -DURI='"nbds://alice@localhost:$(RANDOM3)/?tls-psk-file=keys.psk"' \
+ $(NULL)
connect_uri_nbds_psk_LDADD = $(top_builddir)/lib/libnbd.la
endif HAVE_PSKTOOL
--
2.43.0

149
SOURCES/0010-tests-connect-uri.c-Ensure-Unix-domain-socket-is-cle.patch
View File

@ -1,149 +0,0 @@
From da628792ddf7a3d3cb8f8b770c7dbb9b9d67444b Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Sat, 24 Apr 2021 21:40:58 +0100
Subject: [PATCH] tests/connect-uri.c: Ensure Unix domain socket is cleaned up
on exit
Commit 70f83fed13 ("tests: Create test sockets in /tmp instead of
local directory.") aimed to create sockets with short path names in
/tmp. However it never cleaned them up. Worse still, every time the
Makefile was evaluated at all a temporary file was created.
Fix this properly in the C file.
Fixes: commit 70f83fed131c7e52b1a31a28d9acaf19f6c11d57
(cherry picked from commit f5955c4c5bb0269e192b906a3ef98601aa63ad59)
(cherry picked from commit 502f0b59ec1dbd64c6c64279316e03540258a54c)
---
tests/Makefile.am | 16 ++++++----------
tests/connect-uri.c | 45 +++++++++++++++++++++++++++++++++++++++------
2 files changed, 45 insertions(+), 16 deletions(-)
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 436e1c10..ed5585a5 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -525,15 +525,13 @@ connect_uri_nbd_CPPFLAGS = \
connect_uri_nbd_CFLAGS = $(AM_CFLAGS)
connect_uri_nbd_LDADD = $(top_builddir)/lib/libnbd.la
-CONNECT_URI_NBD_UNIX_SOCKET := \
- $(shell mktemp /tmp/connect-uri-nbd-unix-socket-XXXXXX)
connect_uri_nbd_unix_SOURCES = connect-uri.c
connect_uri_nbd_unix_CPPFLAGS = \
$(AM_CPPFLAGS) \
- -DSERVER_PARAMS='"-U", SOCKET' \
- -DSOCKET='"$(CONNECT_URI_NBD_UNIX_SOCKET)"' \
+ -DNEEDS_UNIX_SOCKET=1 \
+ -DSERVER_PARAMS='"-U", UNIX_SOCKET' \
-DPIDFILE='"connect-uri-nbd-unix.pid"' \
- -DURI='"nbd+unix:///?socket=" SOCKET'
+ -DURI='"nbd+unix:///?socket="' # UNIX_SOCKET appended
connect_uri_nbd_unix_CFLAGS = $(WARNINGS_CFLAGS)
connect_uri_nbd_unix_LDADD = $(top_builddir)/lib/libnbd.la
@@ -559,15 +557,13 @@ connect_uri_nbds_CPPFLAGS = \
$(NULL)
connect_uri_nbds_LDADD = $(top_builddir)/lib/libnbd.la
-CONNECT_URI_NBDS_UNIX_SOCKET := \
- $(shell mktemp /tmp/connect-uri-nbds-unix-socket-XXXXXX)
connect_uri_nbds_unix_SOURCES = connect-uri.c
connect_uri_nbds_unix_CPPFLAGS = \
$(AM_CPPFLAGS) \
- -DSERVER_PARAMS='"-U", SOCKET, "--tls=require", "--tls-certificates=pki"' \
- -DSOCKET='"$(CONNECT_URI_NBDS_UNIX_SOCKET)"' \
+ -DNEEDS_UNIX_SOCKET=1 \
+ -DSERVER_PARAMS='"-U", UNIX_SOCKET, "--tls=require", "--tls-certificates=pki"' \
-DPIDFILE='"connect-uri-nbds-unix.pid"' \
- -DURI='"nbds+unix:///?socket=" SOCKET'
+ -DURI='"nbds+unix:///?socket="' # UNIX_SOCKET appended
connect_uri_nbds_unix_CFLAGS = $(WARNINGS_CFLAGS)
connect_uri_nbds_unix_LDADD = $(top_builddir)/lib/libnbd.la
diff --git a/tests/connect-uri.c b/tests/connect-uri.c
index 6e7d1685..ce9e4d9b 100644
--- a/tests/connect-uri.c
+++ b/tests/connect-uri.c
@@ -29,16 +29,49 @@
#include <libnbd.h>
+#ifdef NEEDS_UNIX_SOCKET
+#define UNIX_SOCKET tmp
+static char tmp[] = "/tmp/nbdXXXXXX";
+
+static void
+unlink_unix_socket (void)
+{
+ unlink (UNIX_SOCKET);
+}
+#endif /* NEEDS_UNIX_SOCKET */
+
int
main (int argc, char *argv[])
{
struct nbd_handle *nbd;
pid_t pid;
size_t i;
+#ifdef NEEDS_UNIX_SOCKET
+ char *uri;
+#else
+ const char *uri = URI;
+#endif
+
+#ifdef NEEDS_UNIX_SOCKET
+ int fd = mkstemp (UNIX_SOCKET);
+ if (fd == -1 ||
+ close (fd) == -1) {
+ perror (UNIX_SOCKET);
+ exit (EXIT_FAILURE);
+ }
+ /* We have to remove the temporary file first, since we will create
+ * a socket in its place, and ensure the socket is removed on exit.
+ */
+ unlink_unix_socket ();
+ atexit (unlink_unix_socket);
-#ifdef SOCKET
- unlink (SOCKET);
+ /* uri = URI + UNIX_SOCKET */
+ if (asprintf (&uri, "%s%s", URI, UNIX_SOCKET) == -1) {
+ perror ("asprintf");
+ exit (EXIT_FAILURE);
+ }
#endif
+
unlink (PIDFILE);
pid = fork ();
@@ -75,13 +108,13 @@ main (int argc, char *argv[])
nbd_set_uri_allow_local_file (nbd, true);
- if (nbd_connect_uri (nbd, URI) == -1) {
+ if (nbd_connect_uri (nbd, uri) == -1) {
fprintf (stderr, "%s\n", nbd_get_error ());
exit (EXIT_FAILURE);
}
/* Check we negotiated the right kind of connection. */
- if (strncmp (URI, "nbds", 4) == 0) {
+ if (strncmp (uri, "nbds", 4) == 0) {
if (! nbd_get_tls_negotiated (nbd)) {
fprintf (stderr, "%s: failed to negotiate a TLS connection\n",
argv[0]);
@@ -95,8 +128,8 @@ main (int argc, char *argv[])
}
nbd_close (nbd);
-#ifdef SOCKET
- unlink (SOCKET);
+#ifdef NEEDS_UNIX_SOCKET
+ free (uri);
#endif
exit (EXIT_SUCCESS);
}
--
2.43.0

194
SOURCES/0011-lib-Allow-tls-certificates-DIR-query-parameter-in-UR.patch
View File

@ -1,194 +0,0 @@
From ee3f88640062372d04406da321270a775377eb6c Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Fri, 3 Sep 2021 08:42:31 +0100
Subject: [PATCH] lib: Allow tls-certificates=<DIR> query parameter in URIs
For nbd_connect_uri, this allows a non-default path to a certificates
directory to be specified. For example:
nbds+unix://user@/?socket=/tmp/sock&tls-certificates=tests/pki
nbd_get_uri is also extended to produce the tls-certificates query
field if nbd_set_tls_certificates was called.
The main work here is extending the test suite so it actually tests
TLS URIs properly. Firstly we need to add --tls-verify-peer to the
nbdkit command line so it checks TLS client credentials at all
(previously it enabled TLS but didn't verify the client). Then we
need to add tests which use TLS certificates (previously only PSK was
being tested). And finally I loosened the rules for comparing URIs
since the order that query strings are returned by nbd_get_uri is not
necessarily the same as the query strings in nbd_connect_uri.
(cherry picked from commit 847e0b9830f6a9f07b4c242e1a500cd2b90cca5a)
(cherry picked from commit 5e85582ec79460c95552f06c6d6c41d15dae092f)
---
.gitignore | 5 +++--
generator/API.ml | 10 ++++++++++
lib/uri.c | 14 ++++++++++++--
tests/Makefile.am | 47 +++++++++++++++++++++++++++++------------------
4 files changed, 54 insertions(+), 22 deletions(-)
diff --git a/.gitignore b/.gitignore
index 4935b81b..c974e27b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -167,9 +167,10 @@ Makefile.in
/tests/connect-unix
/tests/connect-uri-nbd
/tests/connect-uri-nbd-unix
-/tests/connect-uri-nbds
+/tests/connect-uri-nbds-certs
/tests/connect-uri-nbds-psk
-/tests/connect-uri-nbds-unix
+/tests/connect-uri-nbds-unix-certs
+/tests/connect-uri-nbds-unix-psk
/tests/debug
/tests/debug-environment
/tests/errors
diff --git a/generator/API.ml b/generator/API.ml
index a46c6407..4b2a62e8 100644
--- a/generator/API.ml
+++ b/generator/API.ml
@@ -1231,6 +1231,11 @@ Connect over the Unix domain socket F</tmp/nbd.sock> to
an NBD server running locally. The export name is set to C<foo>
(note without any leading C</> character).
+=item C<nbds+unix://alice@/?socket=/tmp/nbd.sock&tls-certificates=certs>
+
+Connect over a Unix domain socket, enabling TLS and setting the
+path to a directory containing certificates and keys.
+
=item C<nbd+vsock:///>
In this scenario libnbd is running in a virtual machine. Connect
@@ -1291,6 +1296,11 @@ Specifies the Unix domain socket to connect on.
Must be present for the C<+unix> transport and must not
be present for the other transports.
+=item B<tls-certificates=>F<DIR>
+
+Set the certificates directory. See L<nbd_set_tls_certificates(3)>.
+Note this is not allowed by default - see next section.
+
=item B<tls-psk-file=>F<PSKFILE>
Set the PSK file. See L<nbd_set_tls_psk_file(3)>. Note
diff --git a/lib/uri.c b/lib/uri.c
index 9f5a2901..c8d9041e 100644
--- a/lib/uri.c
+++ b/lib/uri.c
@@ -249,9 +249,19 @@ nbd_unlocked_aio_connect_uri (struct nbd_handle *h, const char *raw_uri)
if (tls && nbd_unlocked_set_tls (h, LIBNBD_TLS_REQUIRE) == -1)
goto cleanup;
- /* Look for some tls-* parameters. XXX More to come. */
+ /* Look for some tls-* parameters. */
for (i = 0; i < queries.size; i++) {
- if (strcmp (queries.ptr[i].name, "tls-psk-file") == 0) {
+ if (strcmp (queries.ptr[i].name, "tls-certificates") == 0) {
+ if (! h->uri_allow_local_file) {
+ set_error (EPERM,
+ "local file access (tls-certificates) is not allowed, "
+ "call nbd_set_uri_allow_local_file to enable this");
+ goto cleanup;
+ }
+ if (nbd_unlocked_set_tls_certificates (h, queries.ptr[i].value) == -1)
+ goto cleanup;
+ }
+ else if (strcmp (queries.ptr[i].name, "tls-psk-file") == 0) {
if (! h->uri_allow_local_file) {
set_error (EPERM,
"local file access (tls-psk-file) is not allowed, "
diff --git a/tests/Makefile.am b/tests/Makefile.am
index ed5585a5..3c33b747 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -539,33 +539,32 @@ if HAVE_GNUTLS
if HAVE_CERTTOOL
check_PROGRAMS += \
- connect-uri-nbds \
- connect-uri-nbds-unix \
+ connect-uri-nbds-certs \
+ connect-uri-nbds-unix-certs \
$(NULL)
TESTS += \
- connect-uri-nbds \
- connect-uri-nbds-unix \
+ connect-uri-nbds-certs \
+ connect-uri-nbds-unix-certs \
$(NULL)
RANDOM2 := $(shell bash -c "echo $$(( 32768 + (RANDOM & 16383) ))")
-connect_uri_nbds_SOURCES = connect-uri.c
-connect_uri_nbds_CPPFLAGS = \
+connect_uri_nbds_certs_SOURCES = connect-uri.c
+connect_uri_nbds_certs_CPPFLAGS = \
$(AM_CPPFLAGS) \
- -DSERVER_PARAMS='"-p", "$(RANDOM2)", "--tls=require", "--tls-certificates=pki"' \
- -DPIDFILE='"connect-uri-nbds.pid"' \
- -DURI='"nbds://localhost:$(RANDOM2)/"' \
+ -DSERVER_PARAMS='"-p", "$(RANDOM2)", "--tls=require", "--tls-verify-peer", "--tls-certificates=pki"' \
+ -DPIDFILE='"connect-uri-nbds-certs.pid"' \
+ -DURI='"nbds://localhost:$(RANDOM2)/?tls-certificates=pki"' \
$(NULL)
-connect_uri_nbds_LDADD = $(top_builddir)/lib/libnbd.la
+connect_uri_nbds_certs_LDADD = $(top_builddir)/lib/libnbd.la
-connect_uri_nbds_unix_SOURCES = connect-uri.c
-connect_uri_nbds_unix_CPPFLAGS = \
+connect_uri_nbds_unix_certs_SOURCES = connect-uri.c
+connect_uri_nbds_unix_certs_CPPFLAGS = \
$(AM_CPPFLAGS) \
-DNEEDS_UNIX_SOCKET=1 \
- -DSERVER_PARAMS='"-U", UNIX_SOCKET, "--tls=require", "--tls-certificates=pki"' \
- -DPIDFILE='"connect-uri-nbds-unix.pid"' \
- -DURI='"nbds+unix:///?socket="' # UNIX_SOCKET appended
-connect_uri_nbds_unix_CFLAGS = $(WARNINGS_CFLAGS)
-connect_uri_nbds_unix_LDADD = $(top_builddir)/lib/libnbd.la
+ -DSERVER_PARAMS='"-U", UNIX_SOCKET, "--tls=require", "--tls-verify-peer", "--tls-certificates=pki"' \
+ -DPIDFILE='"connect-uri-nbds-unix-certs.pid"' \
+ -DURI='"nbds+unix://alice@/?tls-certificates=pki&socket="' # UNIX_SOCKET appended
+connect_uri_nbds_unix_certs_LDADD = $(top_builddir)/lib/libnbd.la
endif HAVE_CERTTOOL
@@ -573,21 +572,33 @@ if HAVE_PSKTOOL
check_PROGRAMS += \
connect-uri-nbds-psk \
+ connect-uri-nbds-unix-psk \
$(NULL)
TESTS += \
connect-uri-nbds-psk \
+ connect-uri-nbds-unix-psk \
$(NULL)
RANDOM3 := $(shell bash -c "echo $$(( 32768 + (RANDOM & 16383) ))")
connect_uri_nbds_psk_SOURCES = connect-uri.c
connect_uri_nbds_psk_CPPFLAGS = \
$(AM_CPPFLAGS) \
- -DSERVER_PARAMS='"-p", "$(RANDOM3)", "--tls=require", "--tls-psk=keys.psk"' \
+ -DSERVER_PARAMS='"-p", "$(RANDOM3)", "--tls=require", "--tls-verify-peer", "--tls-psk=keys.psk"' \
-DPIDFILE='"connect-uri-nbds-psk.pid"' \
-DURI='"nbds://alice@localhost:$(RANDOM3)/?tls-psk-file=keys.psk"' \
$(NULL)
connect_uri_nbds_psk_LDADD = $(top_builddir)/lib/libnbd.la
+connect_uri_nbds_unix_psk_SOURCES = connect-uri.c
+connect_uri_nbds_unix_psk_CPPFLAGS = \
+ $(AM_CPPFLAGS) \
+ -DNEEDS_UNIX_SOCKET=1 \
+ -DSERVER_PARAMS='"-U", UNIX_SOCKET, "--tls=require", "--tls-verify-peer", "--tls-psk=keys.psk"' \
+ -DPIDFILE='"connect-uri-nbds-unix-psk.pid"' \
+ -DURI='"nbds+unix://alice@/?tls-psk-file=keys.psk&socket="' # UNIX_SOCKET appended \
+ $(NULL)
+connect_uri_nbds_unix_psk_LDADD = $(top_builddir)/lib/libnbd.la
+
endif HAVE_PSKTOOL
endif HAVE_GNUTLS
--
2.43.0

33
SOURCES/0012-tests-make-pki.sh-Use-Subject-Alternative-Name-for-s.patch
View File

@ -1,33 +0,0 @@
From 10ca0d72932092b09475893de233f17d3eff8a72 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 4 Aug 2022 13:28:25 +0100
Subject: [PATCH] tests/make-pki.sh: Use Subject Alternative Name for server
certificate
This allows us to test this feature.
(cherry picked from nbdkit commit 0c50bef16f9d6705add8db85c7ea7b4523770fba)
(cherry picked from commit 38eabf6df05fae109212a4ce9afc9c0fe63c2f0e)
(cherry picked from commit b07898e1ee70b0641ec5233d6e8f7fa16b63c287)
---
tests/make-pki.sh | 3 +++
1 file changed, 3 insertions(+)
diff --git a/tests/make-pki.sh b/tests/make-pki.sh
index d4f61204..03f4faa1 100755
--- a/tests/make-pki.sh
+++ b/tests/make-pki.sh
@@ -75,6 +75,9 @@ chmod 0600 $1/server-key.pem
cat > $1/server.info <<EOF
organization = Test
cn = localhost
+dns_name = localhost
+ip_address = 127.0.0.1
+ip_address = ::1
tls_www_server
encryption_key
signing_key
--
2.43.0

57
SOURCES/0013-lib-crypto.c-Check-server-certificate-even-when-usin.patch
View File

@ -1,57 +0,0 @@
From dab43717f183cf96fcda6a0be22c39801dcfda83 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Mon, 24 Jun 2024 10:48:12 +0100
Subject: [PATCH] lib/crypto.c: Check server certificate even when using system
CA
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The previous code checked the server certificate only when a custom
certificate directory was set (ie. nbd_set_tls_certificates /
?tls-certificates=DIR). In the fallback case where we use the system
CA, we never called gnutls_session_set_verify_cert and so the server
certificate was never checked.
Move the call to gnutls_session_set_verify_cert later so it is called
on both paths.
If the server certificate does not match the hostname you will see:
nbdinfo: nbd_connect_uri: gnutls_handshake: Error in the certificate verification. (15/1)
Reported-by: Jon Szymaniak <jon.szymaniak@gmail.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 87ef41b69929d5d293390ec36b1c10aba2c9a57a)
(cherry picked from commit 81bd57bb8ab0b142207efb9f69a233418fbb4f8f)
---
lib/crypto.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lib/crypto.c b/lib/crypto.c
index 705e114a..4c398b03 100644
--- a/lib/crypto.c
+++ b/lib/crypto.c
@@ -513,9 +513,6 @@ set_up_certificate_credentials (struct nbd_handle *h,
return NULL;
found_certificates:
- if (h->hostname && h->tls_verify_peer)
- gnutls_session_set_verify_cert (session, h->hostname, 0);
-
err = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, ret);
if (err < 0) {
set_error (0, "gnutls_credentials_set: %s", gnutls_strerror (err));
@@ -625,6 +622,9 @@ nbd_internal_crypto_create_session (struct nbd_handle *h,
gnutls_deinit (session);
return NULL;
}
+
+ if (h->hostname && h->tls_verify_peer)
+ gnutls_session_set_verify_cert (session, h->hostname, 0);
}
/* Wrap the underlying socket with GnuTLS. */
--
2.43.0

76
SOURCES/0014-lib-crypto.c-Allow-CA-verification-even-if-h-hostnam.patch
View File

@ -1,76 +0,0 @@
From 17dc75c8235af7126b3820d5e0be3488efe74671 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Mon, 24 Jun 2024 10:31:10 +0100
Subject: [PATCH] lib/crypto.c: Allow CA verification even if h->hostname is
not set
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Calling gnutls_session_set_verify_cert with the hostname parameter set
to NULL is permitted:
https://www.gnutls.org/manual/html_node/Core-TLS-API.html#gnutls_005fsession_005fset_005fverify_005fcert
It means that the server's hostname in the certificate will not be
verified but we can at least check that the certificate was signed by
the CA. This allows the CA to be checked even for connections over
Unix domain sockets.
Example:
$ rm -f /tmp/sock
$ nbdkit -U /tmp/sock -f --tls=require --tls-certificates=$HOME/d/nbdkit/tests/pki memory 1G &
Before this change:
$ nbdinfo 'nbds+unix://?socket=/tmp/sock'
protocol: newstyle-fixed with TLS, using structured packets
export="":
export-size: 1073741824 (1G)
content: data
uri: nbds+unix:///?socket=/tmp/sock
[etc]
(works because it never called gnutls_session_set_verify_cert).
After this change:
$ nbdinfo 'nbds+unix://?socket=/tmp/sock'
nbdinfo: nbd_connect_uri: gnutls_handshake: Error in the certificate verification. (15/1)
(fails because system CA does not know about nbdkit's certificate
which is signed by the CA from the nbdkit/tests/pki directory)
$ nbdinfo 'nbds+unix://?socket=/tmp/sock&tls-certificates=/home/rjones/d/nbdkit/tests/pki'
protocol: newstyle-fixed with TLS, using structured packets
export="":
export-size: 1073741824 (1G)
content: data
uri: nbds+unix:///?socket=/tmp/sock&tls-certificates=/home/rjones/d/nbdkit/tests/pki
[etc]
(works because we supplied the correct CA)
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 6ed47a27d14f6f11946bb096d94e5bf21d97083d)
(cherry picked from commit 42ee6d8dd919b241b1f1510f5759673b26fc9731)
---
lib/crypto.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/crypto.c b/lib/crypto.c
index 4c398b03..a5177bbb 100644
--- a/lib/crypto.c
+++ b/lib/crypto.c
@@ -623,7 +623,7 @@ nbd_internal_crypto_create_session (struct nbd_handle *h,
return NULL;
}
- if (h->hostname && h->tls_verify_peer)
+ if (h->tls_verify_peer)
gnutls_session_set_verify_cert (session, h->hostname, 0);
}
--
2.43.0

90
SOURCES/0015-lib-uri.c-Allow-tls-verify-peer-to-be-overridden-in-.patch
View File

@ -1,90 +0,0 @@
From 1f82b6d2d894bf567926f4ae52f4362654db8f38 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 25 Jun 2024 11:12:56 +0100
Subject: [PATCH] lib/uri.c: Allow tls-verify-peer to be overridden in URIs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Older versions of libnbd didn't always check the server certificate.
Since some clients might be depending on this, allow
?tls-verify-peer=false in URIs to skip this check.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 75641c6b30155abce272f60cf3518a65654aa401)
(cherry picked from commit caad9cfb5dda0957c4b15cc85738a4c6ac856e8b)
(cherry picked from commit 4bfc3176de535350f884732b8793574e37714d2a)
---
generator/API.ml | 5 +++++
lib/uri.c | 32 ++++++++++++++++++++++++++++++++
2 files changed, 37 insertions(+)
diff --git a/generator/API.ml b/generator/API.ml
index 4b2a62e8..69ee428d 100644
--- a/generator/API.ml
+++ b/generator/API.ml
@@ -1306,6 +1306,11 @@ Note this is not allowed by default - see next section.
Set the PSK file. See L<nbd_set_tls_psk_file(3)>. Note
this is not allowed by default - see next section.
+=item B<tls-verify-peer=false>
+
+Do not verify the server certificate. See L<nbd_set_tls_verify_peer(3)>.
+The default is C<true>.
+
=back
=head2 Disable URI features
diff --git a/lib/uri.c b/lib/uri.c
index c8d9041e..8dfefd00 100644
--- a/lib/uri.c
+++ b/lib/uri.c
@@ -140,6 +140,31 @@ error:
return -1;
}
+/* Similar to nbdkit_parse_bool */
+int
+parse_bool (const char *param, const char *value)
+{
+ if (!strcmp (value, "1") ||
+ !strcasecmp (value, "true") ||
+ !strcasecmp (value, "t") ||
+ !strcasecmp (value, "yes") ||
+ !strcasecmp (value, "y") ||
+ !strcasecmp (value, "on"))
+ return 1;
+
+ if (!strcmp (value, "0") ||
+ !strcasecmp (value, "false") ||
+ !strcasecmp (value, "f") ||
+ !strcasecmp (value, "no") ||
+ !strcasecmp (value, "n") ||
+ !strcasecmp (value, "off"))
+ return 0;
+
+ set_error (EINVAL, "could not parse %s parameter, expecting %s=true|false",
+ param, param);
+ return -1;
+}
+
int
nbd_unlocked_aio_connect_uri (struct nbd_handle *h, const char *raw_uri)
{
@@ -271,6 +296,13 @@ nbd_unlocked_aio_connect_uri (struct nbd_handle *h, const char *raw_uri)
if (nbd_unlocked_set_tls_psk_file (h, queries.ptr[i].value) == -1)
goto cleanup;
}
+ else if (strcasecmp (queries.ptr[i].name, "tls-verify-peer") == 0) {
+ int v = parse_bool ("tls-verify-peer", queries.ptr[i].value);
+ if (v == -1)
+ goto cleanup;
+ if (nbd_unlocked_set_tls_verify_peer (h, v) == -1)
+ goto cleanup;
+ }
}
/* Username. */
--
2.43.0

32
SOURCES/0016-docs-security-Add-link-to-TLS-server-certificate-che.patch
View File

@ -1,32 +0,0 @@
From 437d3aedd5ecbcb8d5234665015c5813a6ca1712 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 25 Jun 2024 17:53:47 +0100
Subject: [PATCH] docs: security: Add link to TLS server certificate checking
announcement
(cherry picked from commit 9c723aa660c6ee7d224afbfc16eb7450d21fb9cf)
(cherry picked from commit 9b77d853d82c291f74b51305d58e9db7f555a254)
(cherry picked from commit b477be4ed47daa6ba73c176ae8b0288ec8e84f23)
---
docs/libnbd-security.pod | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/docs/libnbd-security.pod b/docs/libnbd-security.pod
index 0cae8462..b31f3f8b 100644
--- a/docs/libnbd-security.pod
+++ b/docs/libnbd-security.pod
@@ -28,6 +28,11 @@ denial of service when using L<nbd_set_opt_mode(3)>
See the full announcement here:
L<https://listman.redhat.com/archives/libguestfs/2021-March/msg00092.html>
+=head2 multiple flaws in TLS server certificate checking
+
+See the full announcement here:
+L<https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/thread/LHR3BW6RJ7K4BJBQIYV3GTZLSY27VZO2/>
+
=head1 SEE ALSO
L<libnbd(3)>.
--
2.43.0

34
SOURCES/0017-docs-libnbd-security.pod-Assign-CVE-2024-7383.patch
View File

@ -1,34 +0,0 @@
From 626331d88fdf8ed87dc066faeb836fc5926f5420 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 1 Aug 2024 15:17:29 +0100
Subject: [PATCH] docs/libnbd-security.pod: Assign CVE-2024-7383
CVE-2024-7383 was assigned to the (already published & fixed) flaws
found in libnbd certificate checking.
Reported-by: Jon Szymaniak
Thanks: Mauro Matteo Cascella
(cherry picked from commit 81a22ac6697ccdeb13509aba3072609251d1378b)
(cherry picked from commit 599281af594db8414d856db409846b04fce03824)
(cherry picked from commit 8f7dce2b6d6716f9eec0f352a3c420ae84a84be9)
---
docs/libnbd-security.pod | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/docs/libnbd-security.pod b/docs/libnbd-security.pod
index b31f3f8b..4c3b5bbd 100644
--- a/docs/libnbd-security.pod
+++ b/docs/libnbd-security.pod
@@ -28,7 +28,8 @@ denial of service when using L<nbd_set_opt_mode(3)>
See the full announcement here:
L<https://listman.redhat.com/archives/libguestfs/2021-March/msg00092.html>
-=head2 multiple flaws in TLS server certificate checking
+=head2 CVE-2024-7383
+multiple flaws in TLS server certificate checking
See the full announcement here:
L<https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/thread/LHR3BW6RJ7K4BJBQIYV3GTZLSY27VZO2/>
--
2.43.0

17
SOURCES/libnbd-1.6.0.tar.gz.sig
View File

@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAl/3RFQRHHJpY2hAYW5u
ZXhpYS5vcmcACgkQkXOPc+G3aKD9aw/+Pfg3owjJmhTcCyFvuH2lgiiBb+qL2An+
hsoax6dM5JxzV6x1Ikgn3C8z2+dLRMowo2FrRgpzTwfaS+ngLDipSC04hKl9MhFN
7OPLCm+L7wcP7KUk4cC0qTSHpHkApo2SP3/bD7vVBYZMYSjgUVFcRoqZlRl3N9RF
7XNsxA2YG9bV4Ln3KbB+k2uxIKNUZIVjmEpretVbb+NTKW9C23ZHicSHYB+Eok1M
iTN6j66rYFn0Xb+L2v7jty19tSdYOMbkdSn0KpniURAWevjjVWGqcojMqW4YuAZ5
h2MpRfyKFyusbsbtX5bjICTu6+AgFFUALKH7ReDs1RY1cEph9XdBLVulXTggxY05
E3I1Nns1YmjRlV6ky2Abl2e+Doc44mycINRlwL2q8+Q3TqlVVPFXoVTWxIJ6/Uae
tqnEwWIa2wGv3KU1KLNbWTn1z6I8NM/Nj+7pMKDNnxJzFmHEjL94tmG+iNmHsF34
vWBZ1q7h9EezxHLOPFYDjlpS+IxeuXakbpuTX2jXvi3zSAbr5WmRR1uO8dAiwu9b
RwOHRmVQOFLAAICYTZDmxl42DpWs5Z2aP7eRwpe8/MOSRiAVepjhUD/bsdaFwmBR
8Z7CGNzyTtt+sy5l7cPBYZ+4RdxWgFEBceBbHs06zdlD/Pui288UQVB/0e9AXYOc
wluyWT1v7sA=
=BaN1
-----END PGP SIGNATURE-----

441
SPECS/libnbd.spec
View File

@ -1,441 +0,0 @@
# If we should verify tarball signature with GPGv2.
%global verify_tarball_signature 1
# If there are patches which touch autotools files, set this to 1.
%global patches_touch_autotools 1
# The source directory.
%global source_directory 1.6-stable
Name: libnbd
Version: 1.6.0
Release: 6%{?dist}
Summary: NBD client library in userspace
License: LGPLv2+
URL: https://github.com/libguestfs/libnbd
Source0: http://libguestfs.org/download/libnbd/%{source_directory}/%{name}-%{version}.tar.gz
Source1: http://libguestfs.org/download/libnbd/%{source_directory}/%{name}-%{version}.tar.gz.sig
# Keyring used to verify tarball signature. This contains the single
# key from here:
# https://pgp.key-server.io/pks/lookup?search=rjones%40redhat.com&fingerprint=on&op=vindex
Source2: libguestfs.keyring
# Maintainer script which helps with handling patches.
Source3: copy-patches.sh
# Patches come from this upstream branch:
# https://github.com/libguestfs/libnbd/tree/rhel-8.10
# Patches.
Patch0001: 0001-copy-copy-nbd-to-sparse-file.sh-Skip-test-unless-nbd.patch
Patch0002: 0002-generator-Refactor-CONNECT.START-state.patch
Patch0003: 0003-generator-Print-a-better-error-message-if-connect-2-.patch
Patch0004: 0004-opt_go-Tolerate-unplanned-server-death.patch
Patch0005: 0005-security-Document-assignment-of-CVE-2021-20286.patch
Patch0006: 0006-copy-Pass-in-dummy-variable-rather-than-errno-to-cal.patch
Patch0007: 0007-copy-CVE-2022-0485-Fail-nbdcopy-if-NBD-read-or-write.patch
Patch0008: 0008-build-Move-to-minimum-gnutls-3.5.18.patch
Patch0009: 0009-tests-Factor-out-some-common-Makefile-flags.patch
Patch0010: 0010-tests-connect-uri.c-Ensure-Unix-domain-socket-is-cle.patch
Patch0011: 0011-lib-Allow-tls-certificates-DIR-query-parameter-in-UR.patch
Patch0012: 0012-tests-make-pki.sh-Use-Subject-Alternative-Name-for-s.patch
Patch0013: 0013-lib-crypto.c-Check-server-certificate-even-when-usin.patch
Patch0014: 0014-lib-crypto.c-Allow-CA-verification-even-if-h-hostnam.patch
Patch0015: 0015-lib-uri.c-Allow-tls-verify-peer-to-be-overridden-in-.patch
Patch0016: 0016-docs-security-Add-link-to-TLS-server-certificate-che.patch
Patch0017: 0017-docs-libnbd-security.pod-Assign-CVE-2024-7383.patch
%if 0%{patches_touch_autotools}
BuildRequires: autoconf, automake, libtool
%endif
%if 0%{verify_tarball_signature}
BuildRequires: gnupg2
%endif
# For the core library.
BuildRequires: gcc
BuildRequires: /usr/bin/pod2man
BuildRequires: gnutls-devel
BuildRequires: libxml2-devel
# For nbdfuse.
BuildRequires: fuse, fuse-devel
# For the Python 3 bindings.
BuildRequires: python3-devel
# For the OCaml bindings.
BuildRequires: ocaml
BuildRequires: ocaml-findlib-devel
BuildRequires: ocaml-ocamldoc
# Only for building the examples.
BuildRequires: glib2-devel
# For bash-completion.
BuildRequires: bash-completion
# Only for running the test suite.
BuildRequires: coreutils
BuildRequires: gcc-c++
BuildRequires: gnutls-utils
#BuildRequires: jq
%ifnarch %{ix86}
BuildRequires: nbdkit
BuildRequires: nbdkit-data-plugin
#BuildRequires: nbdkit-eval-plugin
BuildRequires: nbdkit-memory-plugin
BuildRequires: nbdkit-null-plugin
BuildRequires: nbdkit-pattern-plugin
BuildRequires: nbdkit-sh-plugin
#BuildRequires: nbdkit-sparse-random-plugin
#BuildRequires: nbd
BuildRequires: qemu-img
%endif
BuildRequires: util-linux
%description
NBD Network Block Device is a protocol for accessing Block Devices
(hard disks and disk-like things) over a Network.
This is the NBD client library in userspace, a simple library for
writing NBD clients.
The key features are:
* Synchronous and asynchronous APIs, both for ease of use and for
writing non-blocking, multithreaded clients.
* High performance.
* Minimal dependencies for the basic library.
* Well-documented, stable API.
* Bindings in several programming languages.
%package devel
Summary: Development headers for %{name}
License: LGPLv2+ and BSD
Requires: %{name}%{?_isa} = %{version}-%{release}
%description devel
This package contains development headers for %{name}.
%package -n ocaml-%{name}
Summary: OCaml language bindings for %{name}
Requires: %{name}%{?_isa} = %{version}-%{release}
%description -n ocaml-%{name}
This package contains OCaml language bindings for %{name}.
%package -n ocaml-%{name}-devel
Summary: OCaml language development package for %{name}
Requires: ocaml-%{name}%{?_isa} = %{version}-%{release}
%description -n ocaml-%{name}-devel
This package contains OCaml language development package for
%{name}. Install this if you want to compile OCaml software which
uses %{name}.
%package -n python3-%{name}
Summary: Python 3 bindings for %{name}
Requires: %{name}%{?_isa} = %{version}-%{release}
%{?python_provide:%python_provide python3-%{name}}
# The Python module happens to be called lib*.so. Don't scan it and
# have a bogus "Provides: libnbdmod.*".
%global __provides_exclude_from ^%{python3_sitearch}/lib.*\\.so
%description -n python3-%{name}
python3-%{name} contains Python 3 bindings for %{name}.
%package -n nbdfuse
Summary: FUSE support for %{name}
License: LGPLv2+ and BSD
Requires: %{name}%{?_isa} = %{version}-%{release}
%description -n nbdfuse
This package contains FUSE support for %{name}.
%package bash-completion
Summary: Bash tab-completion for %{name}
BuildArch: noarch
Requires: bash-completion >= 2.0
# Don't use _isa here because it's a noarch package. This dependency
# is just to ensure that the subpackage is updated along with libnbd.
Requires: %{name} = %{version}-%{release}
%description bash-completion
Install this package if you want intelligent bash tab-completion
for %{name}.
%prep
%if 0%{verify_tarball_signature}
tmphome="$(mktemp -d)"
gpgv2 --homedir "$tmphome" --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
%endif
%autosetup -p1
%if 0%{patches_touch_autotools}
autoreconf -i
%endif
%build
%configure \
--disable-static \
--with-tls-priority=@LIBNBD,SYSTEM \
PYTHON=%{__python3} \
--enable-python \
--enable-ocaml \
--enable-fuse \
--disable-golang
make %{?_smp_mflags}
%install
%make_install
# Delete libtool crap.
find $RPM_BUILD_ROOT -name '*.la' -delete
# Delete the golang man page since we're not distributing the bindings.
rm $RPM_BUILD_ROOT%{_mandir}/man3/libnbd-golang.3*
%check
# interop/structured-read.sh fails with the old qemu-nbd in Fedora 29,
# so disable it there.
%if 0%{?fedora} <= 29
rm interop/structured-read.sh
touch interop/structured-read.sh
chmod +x interop/structured-read.sh
%endif
# All fuse tests fail in Koji with:
# fusermount: entry for fuse/test-*.d not found in /etc/mtab
# for unknown reasons but probably related to the Koji environment.
for f in fuse/test-*.sh; do
rm $f
touch $f
chmod +x $f
done
# info/info-map-base-allocation-json.sh fails because of a bug in
# jq 1.5 in RHEL 8 (fixed in later versions).
rm info/info-map-base-allocation-json.sh
touch info/info-map-base-allocation-json.sh
chmod +x info/info-map-base-allocation-json.sh
make %{?_smp_mflags} check || {
for f in $(find -name test-suite.log); do
echo
echo "==== $f ===="
cat $f
done
exit 1
}
%files
%doc README
%license COPYING.LIB
%{_bindir}/nbdcopy
%{_bindir}/nbdinfo
%{_libdir}/libnbd.so.*
%{_mandir}/man1/nbdcopy.1*
%{_mandir}/man1/nbdinfo.1*
%files devel
%doc TODO examples/*.c
%license examples/LICENSE-FOR-EXAMPLES
%{_includedir}/libnbd.h
%{_libdir}/libnbd.so
%{_libdir}/pkgconfig/libnbd.pc
%{_mandir}/man3/libnbd.3*
%{_mandir}/man1/libnbd-release-notes-1.*.1*
%{_mandir}/man3/libnbd-security.3*
%{_mandir}/man3/nbd_*.3*
%files -n ocaml-%{name}
%{_libdir}/ocaml/nbd
%exclude %{_libdir}/ocaml/nbd/*.a
%exclude %{_libdir}/ocaml/nbd/*.cmxa
%exclude %{_libdir}/ocaml/nbd/*.cmx
%exclude %{_libdir}/ocaml/nbd/*.mli
%{_libdir}/ocaml/stublibs/dllmlnbd.so
%{_libdir}/ocaml/stublibs/dllmlnbd.so.owner
%files -n ocaml-%{name}-devel
%doc ocaml/examples/*.ml
%license ocaml/examples/LICENSE-FOR-EXAMPLES
%{_libdir}/ocaml/nbd/*.a
%{_libdir}/ocaml/nbd/*.cmxa
%{_libdir}/ocaml/nbd/*.cmx
%{_libdir}/ocaml/nbd/*.mli
%{_mandir}/man3/libnbd-ocaml.3*
%{_mandir}/man3/NBD.3*
%{_mandir}/man3/NBD.*.3*
%files -n python3-%{name}
%{python3_sitearch}/libnbdmod*.so
%{python3_sitearch}/nbd.py
%{python3_sitearch}/nbdsh.py
%{python3_sitearch}/__pycache__/nbd*.py*
%{_bindir}/nbdsh
%{_mandir}/man1/nbdsh.1*
%files -n nbdfuse
%{_bindir}/nbdfuse
%{_mandir}/man1/nbdfuse.1*
%files bash-completion
%dir %{_datadir}/bash-completion/completions
%{_datadir}/bash-completion/completions/nbdcopy
%{_datadir}/bash-completion/completions/nbdfuse
%{_datadir}/bash-completion/completions/nbdinfo
%{_datadir}/bash-completion/completions/nbdsh
%changelog
* Tue Aug 27 2024 Richard W.M. Jones <rjones@redhat.com> - 1.6.0-6.el8
- Fix CVE-2024-7383 NBD server improper certificate validation
resolves: RHEL-52728
* Mon Feb 7 2022 Richard W.M. Jones <rjones@redhat.com> - 1.6.0-5.el8
- Fix CVE-2022-0485: Fail nbdcopy if NBD read or write fails
resolves: rhbz#2045718
* Thu Sep 2 2021 Danilo C. L. de Paula <ddepaula@redhat.com> - 1.6.0-4.el8
- Resolves: bz#2000225
(Rebase virt:rhel module:stream based on AV-8.6)
* Mon Jul 13 2020 Danilo C. L. de Paula <ddepaula@redhat.com> - 1.2.2
- Resolves: bz#1844296
(Upgrade components in virt:rhel module:stream for RHEL-8.3 release)
* Wed Feb 5 2020 Richard W.M. Jones <rjones@redhat.com> - 1.2.2-1
- New stable release 1.2.2.
* Tue Dec 3 2019 Richard W.M. Jones <rjones@redhat.com> - 1.2.1-1
- New stable release 1.2.1.
* Thu Nov 14 2019 Richard W.M. Jones <rjones@redhat.com> - 1.2.0-1
- New stable release 1.2.0.
* Wed Oct 9 2019 Richard W.M. Jones <rjones@redhat.com> - 1.0.3-1
- New upstream version 1.0.3.
- Contains fix for remote code execution vulnerability.
- Add new libnbd-security(3) man page.
* Tue Sep 17 2019 Richard W.M. Jones <rjones@redhat.com> - 1.0.2-1
- New upstream version 1.0.2.
- Remove patches which are upstream.
- Contains fix for NBD Protocol Downgrade Attack (CVE-2019-14842).
- Fix previous commit message.
* Thu Sep 12 2019 Richard W.M. Jones <rjones@redhat.com> - 1.0.1-2
- Add upstream patch to fix nbdsh (for nbdkit tests).
- Fix interop tests on slow machines.
* Sun Sep 08 2019 Richard W.M. Jones <rjones@redhat.com> - 1.0.1-1
- New stable version 1.0.1.
* Wed Aug 28 2019 Richard W.M. Jones <rjones@redhat.com> - 1.0.0-1
- New upstream version 1.0.0.
* Wed Aug 21 2019 Miro Hrončok <mhroncok@redhat.com> - 0.9.9-2
- Rebuilt for Python 3.8
* Wed Aug 21 2019 Richard W.M. Jones <rjones@redhat.com> - 0.9.9-1
- New upstream version 0.9.9.
* Wed Aug 21 2019 Richard W.M. Jones <rjones@redhat.com> - 0.9.8-4
- Fix nbdkit dependencies so we're actually running the tests.
- Add glib2-devel BR so we build the glib main loop example.
- Add upstream patch to fix test error:
nbd_connect_unix: getlogin: No such device or address
- Fix test failure on 32 bit.
* Tue Aug 20 2019 Richard W.M. Jones <rjones@redhat.com> - 0.9.8-3
- Bump and rebuild to fix releng brokenness.
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/2LIDI33G3IEIPYSCCIP6WWKNHY7XZJGQ/
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 0.9.8-2
- Rebuilt for Python 3.8
* Thu Aug 15 2019 Richard W.M. Jones <rjones@redhat.com> - 0.9.8-1
- New upstream version 0.9.8.
- Package the new nbd_*(3) man pages.
* Mon Aug 5 2019 Richard W.M. Jones <rjones@redhat.com> - 0.9.7-1
- New upstream version 0.9.7.
- Add libnbd-ocaml(3) man page.
* Sat Aug 3 2019 Richard W.M. Jones <rjones@redhat.com> - 0.9.6-2
- Add all upstream patches since 0.9.6 was released.
- Package the ocaml bindings into a subpackage.
* Tue Jul 30 2019 Richard W.M. Jones <rjones@redhat.com> - 0.9.6-1
- New upstream verison 0.9.6.
* Fri Jul 26 2019 Richard W.M. Jones <rjones@redhat.com> - 0.1.9-1
- New upstream version 0.1.9.
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Wed Jul 17 2019 Richard W.M. Jones <rjones@redhat.com> - 0.1.8-1
- New upstream version 0.1.8.
* Tue Jul 16 2019 Richard W.M. Jones <rjones@redhat.com> - 0.1.7-1
- New upstream version 0.1.7.
* Wed Jul 3 2019 Richard W.M. Jones <rjones@redhat.com> - 0.1.6-1
- New upstream version 0.1.6.
* Thu Jun 27 2019 Richard W.M. Jones <rjones@redhat.com> - 0.1.5-1
- New upstream version 0.1.5.
* Sun Jun 09 2019 Richard W.M. Jones <rjones@redhat.com> - 0.1.4-1
- New upstream version 0.1.4.
* Sun Jun 2 2019 Richard W.M. Jones <rjones@redhat.com> - 0.1.2-2
- Enable libxml2 for NBD URI support.
* Thu May 30 2019 Richard W.M. Jones <rjones@redhat.com> - 0.1.2-1
- New upstream version 0.1.2.
* Tue May 28 2019 Richard W.M. Jones <rjones@redhat.com> - 0.1.1-1
- Fix license in man pages and examples.
- Add nbdsh(1) man page.
- Include the signature and keyring even if validation is disabled.
- Update devel subpackage license.
- Fix old FSF address in Python tests.
- Filter Python provides.
- Remove executable permission on the tar.gz.sig file.
- Initial release.

2
SOURCES/copy-patches.sh → copy-patches.sh Executable file → Normal file
View File

@ -6,7 +6,7 @@ set -e
# directory. Use it like this:
# ./copy-patches.sh
rhel_version=8.10
rhel_version=10.1
# Check we're in the right directory.
if [ ! -f libnbd.spec ]; then

17
libnbd-1.22.2.tar.gz.sig Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
iQJFBAABCgAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAmgHrdkRHHJpY2hAYW5u
ZXhpYS5vcmcACgkQkXOPc+G3aKClxRAAmO7p5j46ou9J2CyC+iefWIoBo+tgZIyz
wi/qwDrkVrpNx36T8XJj4DDC3NZrWsq72CdVrtMydVI22+gF9hA2tCIYwO+wMbc4
tZ11HCj4g6wacPwXdzAnXHteajpzngnXC041Q4JczwvhgPcyGVeswGXOe++cfBx7
bXX5S4bGVCb3fZiGQIASStX4vQgO2X7L5557ELIrRR0w3LIM7eVvr5YM+2cmiAx8
ihnnf9bK7VR2r6VJjczBd+AyLRhYFX+rCfHe2eO00amPn+J+wACy+04eoHfhH/gt
V7oIW4q2cwqFlr9hZxvkm6nC3xt1zOVgQL6Sft38zRQoYBjIyE3FRwl5Pu3pPtnT
Iw7CNyKUJgIvDZq9hsXbqD2AqNSaxO04y/SPeUs3i+uNCscBOYEDsB9YTYXw28Xb
zayDK2HVL1QRXHgrefh6HgBUAL97qHjxLS1PClqDNaSGgfWpDPPUoRhyUl+3PcsS
M+VRmRvglNpkFPP0IAXJoBJqd+Vvc+8xAAotBFNxTVe8tP1QizqH0bLVNAv5d+Az
lq0qqTBz3AzH4JH/ULg45uwU9Z0BIJFce1FS3EzdcZJRD9g/zeqmnjZ64gWFWJG3
01lmYBWI18PtaZkvXE5IipRjGGc/8aM8MFtrD4VSEAIJ+2fRYysaW8Qr5znfp4XF
Uj+AqVPXp+M=
=PPy1
-----END PGP SIGNATURE-----

1041
libnbd.spec Normal file
View File

File diff suppressed because it is too large Load Diff

2
sources Normal file
View File

@ -0,0 +1,2 @@
SHA512 (libguestfs.keyring) = 69663d5dd3edb47af6f18119c0748211c1cecf230c2dd8baaf349f44df1f893730ca6bb8b1f60a55ea42f8ff04fd48c3e5954501bb57952950032012a42c9f19
SHA512 (libnbd-1.22.2.tar.gz) = 5ece4cdc41cafefbe27ddaeafc2b6b390b0cf25f38f80c1b10ec2e17ee1dcda92964891faf4abca4c8aa5827c9eec6e0b38162871e8c72b2af8e769287cd603d