diff --git a/libvirt-cgroup-Plumb-the-daemonDomainShutdown-parameter-of-virSystemdCreateMachine-to-drivers.patch b/libvirt-cgroup-Plumb-the-daemonDomainShutdown-parameter-of-virSystemdCreateMachine-to-drivers.patch deleted file mode 100644 index 4a31b99..0000000 --- a/libvirt-cgroup-Plumb-the-daemonDomainShutdown-parameter-of-virSystemdCreateMachine-to-drivers.patch +++ /dev/null @@ -1,176 +0,0 @@ -From 5ef229b0035c34fd9b67183d6f0a2b810cc47907 Mon Sep 17 00:00:00 2001 -Message-ID: <5ef229b0035c34fd9b67183d6f0a2b810cc47907.1752837271.git.jdenemar@redhat.com> -From: Peter Krempa -Date: Fri, 27 Jun 2025 14:47:10 +0200 -Subject: [PATCH] cgroup: Plumb the 'daemonDomainShutdown' parameter of - 'virSystemdCreateMachine' to drivers - -Plumb the new argument across the cgroup helpers up to the domain driver -code. - -Signed-off-by: Peter Krempa -Reviewed-by: Pavel Hrdina -(cherry picked from commit fe57a6deaa8ab83ffdb8ed73104196e4b1421893) - -https://issues.redhat.com/browse/RHEL-95361 ---- - src/ch/ch_process.c | 2 ++ - src/hypervisor/domain_cgroup.c | 4 ++++ - src/hypervisor/domain_cgroup.h | 1 + - src/lxc/lxc_cgroup.c | 1 + - src/qemu/qemu_cgroup.c | 1 + - src/util/vircgroup.c | 6 +++++- - src/util/vircgroup.h | 1 + - 7 files changed, 15 insertions(+), 1 deletion(-) - -diff --git a/src/ch/ch_process.c b/src/ch/ch_process.c -index 95c808cb41..cc84823fdc 100644 ---- a/src/ch/ch_process.c -+++ b/src/ch/ch_process.c -@@ -973,6 +973,7 @@ virCHProcessStart(virCHDriver *driver, - cfg->cgroupControllers, - 0, /*maxThreadsPerProc*/ - priv->driver->privileged, -+ false, - priv->machineName) < 0) - goto cleanup; - -@@ -1147,6 +1148,7 @@ virCHProcessStartRestore(virCHDriver *driver, virDomainObj *vm, const char *from - cfg->cgroupControllers, - 0, /*maxThreadsPerProc*/ - priv->driver->privileged, -+ false, - priv->machineName) < 0) - goto cleanup; - -diff --git a/src/hypervisor/domain_cgroup.c b/src/hypervisor/domain_cgroup.c -index fecc0f7966..8787165f48 100644 ---- a/src/hypervisor/domain_cgroup.c -+++ b/src/hypervisor/domain_cgroup.c -@@ -351,6 +351,7 @@ virDomainCgroupInitCgroup(const char *prefix, - int cgroupControllers, - unsigned int maxThreadsPerProc, - bool privileged, -+ bool daemonDomainShutdown, - char *machineName) - { - if (!privileged) -@@ -384,6 +385,7 @@ virDomainCgroupInitCgroup(const char *prefix, - vm->def->resource->partition, - cgroupControllers, - maxThreadsPerProc, -+ daemonDomainShutdown, - cgroup) < 0) { - if (virCgroupNewIgnoreError()) - return 0; -@@ -513,6 +515,7 @@ virDomainCgroupSetupCgroup(const char *prefix, - int cgroupControllers, - unsigned int maxThreadsPerProc, - bool privileged, -+ bool daemonDomainShutdown, - char *machineName) - { - if (vm->pid == 0) { -@@ -529,6 +532,7 @@ virDomainCgroupSetupCgroup(const char *prefix, - cgroupControllers, - maxThreadsPerProc, - privileged, -+ daemonDomainShutdown, - machineName) < 0) - return -1; - -diff --git a/src/hypervisor/domain_cgroup.h b/src/hypervisor/domain_cgroup.h -index 6e5c98004e..7769572a2c 100644 ---- a/src/hypervisor/domain_cgroup.h -+++ b/src/hypervisor/domain_cgroup.h -@@ -71,6 +71,7 @@ virDomainCgroupSetupCgroup(const char *prefix, - int cgroupControllers, - unsigned int maxThreadsPerProc, - bool privileged, -+ bool daemonDomainShutdown, - char *machineName); - void - virDomainCgroupEmulatorAllNodesDataFree(virCgroupEmulatorAllNodesData *data); -diff --git a/src/lxc/lxc_cgroup.c b/src/lxc/lxc_cgroup.c -index 7c889667ba..f566a5468e 100644 ---- a/src/lxc/lxc_cgroup.c -+++ b/src/lxc/lxc_cgroup.c -@@ -400,6 +400,7 @@ virCgroup *virLXCCgroupCreate(virDomainDef *def, - def->resource->partition, - -1, - 0, -+ false, - &cgroup) < 0) - return NULL; - -diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c -index 48af467bf9..04d6370011 100644 ---- a/src/qemu/qemu_cgroup.c -+++ b/src/qemu/qemu_cgroup.c -@@ -919,6 +919,7 @@ qemuSetupCgroup(virDomainObj *vm, - cfg->cgroupControllers, - cfg->maxThreadsPerProc, - priv->driver->privileged, -+ false, - priv->machineName) < 0) - - return -1; -diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c -index fc5dca4858..532a7e5690 100644 ---- a/src/util/vircgroup.c -+++ b/src/util/vircgroup.c -@@ -1274,6 +1274,7 @@ virCgroupNewMachineSystemd(const char *name, - const char *partition, - int controllers, - unsigned int maxthreads, -+ bool daemonDomainShutdown, - virCgroup **group) - { - int rv; -@@ -1294,7 +1295,7 @@ virCgroupNewMachineSystemd(const char *name, - nicindexes, - partition, - maxthreads, -- false)) < 0) -+ daemonDomainShutdown)) < 0) - return rv; - - if (controllers != -1) -@@ -1407,6 +1408,7 @@ virCgroupNewMachine(const char *name, - const char *partition, - int controllers, - unsigned int maxthreads, -+ bool daemonDomainShutdown, - virCgroup **group) - { - int rv; -@@ -1424,6 +1426,7 @@ virCgroupNewMachine(const char *name, - partition, - controllers, - maxthreads, -+ daemonDomainShutdown, - group)) == 0) - return 0; - -@@ -3144,6 +3147,7 @@ virCgroupNewMachine(const char *name G_GNUC_UNUSED, - const char *partition G_GNUC_UNUSED, - int controllers G_GNUC_UNUSED, - unsigned int maxthreads G_GNUC_UNUSED, -+ bool daemonDomainShutdown G_GNUC_UNUSED, - virCgroup **group G_GNUC_UNUSED) - { - virReportSystemError(ENXIO, "%s", -diff --git a/src/util/vircgroup.h b/src/util/vircgroup.h -index adf3850b22..2a7aa3306c 100644 ---- a/src/util/vircgroup.h -+++ b/src/util/vircgroup.h -@@ -101,6 +101,7 @@ int virCgroupNewMachine(const char *name, - const char *partition, - int controllers, - unsigned int maxthreads, -+ bool daemonDomainShutdown, - virCgroup **group) - ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) - ATTRIBUTE_NONNULL(3); --- -2.50.1 diff --git a/libvirt-cgroup-Unexport-virDomainCgroupInitCgroup.patch b/libvirt-cgroup-Unexport-virDomainCgroupInitCgroup.patch deleted file mode 100644 index 9be80de..0000000 --- a/libvirt-cgroup-Unexport-virDomainCgroupInitCgroup.patch +++ /dev/null @@ -1,68 +0,0 @@ -From c7889487359bff14c6d4b236055acfee68da66ae Mon Sep 17 00:00:00 2001 -Message-ID: -From: Peter Krempa -Date: Thu, 26 Jun 2025 18:24:06 +0200 -Subject: [PATCH] cgroup: Unexport 'virDomainCgroupInitCgroup' - -The function is called just from one place within the module where it's -defined. - -Signed-off-by: Peter Krempa -Reviewed-by: Pavel Hrdina -(cherry picked from commit 3e0859566a164f640e75889d08241844b5e61bf8) - -https://issues.redhat.com/browse/RHEL-95361 ---- - src/hypervisor/domain_cgroup.c | 2 +- - src/hypervisor/domain_cgroup.h | 10 ---------- - src/libvirt_private.syms | 1 - - 3 files changed, 1 insertion(+), 12 deletions(-) - -diff --git a/src/hypervisor/domain_cgroup.c b/src/hypervisor/domain_cgroup.c -index fda495faf5..fecc0f7966 100644 ---- a/src/hypervisor/domain_cgroup.c -+++ b/src/hypervisor/domain_cgroup.c -@@ -342,7 +342,7 @@ virDomainCgroupSetupCpuCgroup(virDomainObj *vm, - } - - --int -+static int - virDomainCgroupInitCgroup(const char *prefix, - virDomainObj *vm, - size_t nnicindexes, -diff --git a/src/hypervisor/domain_cgroup.h b/src/hypervisor/domain_cgroup.h -index f8d261a080..6e5c98004e 100644 ---- a/src/hypervisor/domain_cgroup.h -+++ b/src/hypervisor/domain_cgroup.h -@@ -52,16 +52,6 @@ virDomainCgroupSetupCpusetCgroup(virCgroup *cgroup); - int - virDomainCgroupSetupCpuCgroup(virDomainObj *vm, - virCgroup *cgroup); --int --virDomainCgroupInitCgroup(const char *prefix, -- virDomainObj *vm, -- size_t nnicindexes, -- int *nicindexes, -- virCgroup **cgroup, -- int cgroupControllers, -- unsigned int maxThreadsPerProc, -- bool privileged, -- char *machineName); - void - virDomainCgroupRestoreCgroupState(virDomainObj *vm, - virCgroup *cgroup); -diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms -index a8ebf9efd8..8f1489ecc8 100644 ---- a/src/libvirt_private.syms -+++ b/src/libvirt_private.syms -@@ -1641,7 +1641,6 @@ virSetConnectStorage; - virDomainCgroupConnectCgroup; - virDomainCgroupEmulatorAllNodesAllow; - virDomainCgroupEmulatorAllNodesRestore; --virDomainCgroupInitCgroup; - virDomainCgroupRemoveCgroup; - virDomainCgroupSetMemoryLimitParameters; - virDomainCgroupSetupBlkio; --- -2.50.1 diff --git a/libvirt-hypervisor-Split-out-individual-steps-out-of-virDomainDriverAutoShutdown.patch b/libvirt-hypervisor-Split-out-individual-steps-out-of-virDomainDriverAutoShutdown.patch deleted file mode 100644 index 04f8f50..0000000 --- a/libvirt-hypervisor-Split-out-individual-steps-out-of-virDomainDriverAutoShutdown.patch +++ /dev/null @@ -1,325 +0,0 @@ -From bbb7dceccc95c5329fed28d71b35264a0cdf2b3c Mon Sep 17 00:00:00 2001 -Message-ID: -From: Peter Krempa -Date: Tue, 1 Jul 2025 16:11:12 +0200 -Subject: [PATCH] hypervisor: Split out individual steps out of - virDomainDriverAutoShutdown - -'virDomainDriverAutoShutdown' grew into an unwieldy function. Extract -the code for each of the save/shutdown/poweroff steps into helpers and -call them. - -Signed-off-by: Peter Krempa -Reviewed-by: Pavel Hrdina -(cherry picked from commit e13e9b46f62d4d9f0aad33983fda39c5f3f7e645) - -https://issues.redhat.com/browse/RHEL-95196 ---- - src/hypervisor/domain_driver.c | 285 +++++++++++++++++++-------------- - 1 file changed, 161 insertions(+), 124 deletions(-) - -diff --git a/src/hypervisor/domain_driver.c b/src/hypervisor/domain_driver.c -index 353b8875ec..cce6c64d1b 100644 ---- a/src/hypervisor/domain_driver.c -+++ b/src/hypervisor/domain_driver.c -@@ -738,6 +738,164 @@ virDomainDriverAutoShutdownActive(virDomainDriverAutoShutdownConfig *cfg) - } - - -+static void -+virDomainDriverAutoShutdownDoSave(virDomainPtr *domains, -+ bool *transient, -+ size_t numDomains, -+ virDomainDriverAutoShutdownConfig *cfg) -+{ -+ g_autofree unsigned int *flags = g_new0(unsigned int, numDomains); -+ size_t i; -+ -+ if (cfg->trySave == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_NONE) -+ return; -+ -+ for (i = 0; i < numDomains; i++) { -+ int state; -+ -+ if ((transient[i] && cfg->trySave == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_PERSISTENT) || -+ (!transient[i] && cfg->trySave == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_TRANSIENT)) -+ continue; -+ -+ virSystemdNotifyStatus("Suspending '%s' (%zu of %zu)", -+ virDomainGetName(domains[i]), i + 1, numDomains); -+ VIR_INFO("Suspending '%s'", virDomainGetName(domains[i])); -+ -+ /* -+ * Pause all VMs to make them stop dirtying pages, -+ * so save is quicker. We remember if any VMs were -+ * paused so we can restore that on resume. -+ */ -+ flags[i] = VIR_DOMAIN_SAVE_RUNNING; -+ if (virDomainGetState(domains[i], &state, NULL, 0) == 0) { -+ if (state == VIR_DOMAIN_PAUSED) -+ flags[i] = VIR_DOMAIN_SAVE_PAUSED; -+ } -+ if (cfg->saveBypassCache) -+ flags[i] |= VIR_DOMAIN_SAVE_BYPASS_CACHE; -+ -+ if (flags[i] & VIR_DOMAIN_SAVE_RUNNING) -+ virDomainSuspend(domains[i]); -+ } -+ -+ for (i = 0; i < numDomains; i++) { -+ virSystemdNotifyStatus("Saving '%s' (%zu of %zu)", -+ virDomainGetName(domains[i]), i + 1, numDomains); -+ VIR_INFO("Saving '%s'", virDomainGetName(domains[i])); -+ -+ if (virDomainManagedSave(domains[i], flags[i]) < 0) { -+ VIR_WARN("auto-shutdown: unable to perform managed save of '%s': %s", -+ domains[i]->name, -+ virGetLastErrorMessage()); -+ if (flags[i] & VIR_DOMAIN_SAVE_RUNNING) -+ virDomainResume(domains[i]); -+ continue; -+ } -+ virObjectUnref(domains[i]); -+ domains[i] = NULL; -+ } -+} -+ -+ -+static void -+virDomainDriverAutoShutdownDoShutdown(virDomainPtr *domains, -+ bool *transient, -+ size_t numDomains, -+ virDomainDriverAutoShutdownConfig *cfg) -+{ -+ GTimer *timer = NULL; -+ size_t i; -+ -+ if (cfg->tryShutdown == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_NONE) -+ return; -+ -+ for (i = 0; i < numDomains; i++) { -+ if (domains[i] == NULL) -+ continue; -+ -+ if ((transient[i] && cfg->tryShutdown == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_PERSISTENT) || -+ (!transient[i] && cfg->tryShutdown == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_TRANSIENT)) -+ continue; -+ -+ virSystemdNotifyStatus("Shutting down '%s' (%zu of %zu)", -+ virDomainGetName(domains[i]), i + 1, numDomains); -+ VIR_INFO("Shutting down '%s'", virDomainGetName(domains[i])); -+ -+ if (virDomainShutdown(domains[i]) < 0) { -+ VIR_WARN("auto-shutdown: unable to request graceful shutdown of '%s': %s", -+ domains[i]->name, -+ virGetLastErrorMessage()); -+ break; -+ } -+ } -+ -+ timer = g_timer_new(); -+ virSystemdNotifyStatus("Waiting %u secs for VM shutdown completion", -+ cfg->waitShutdownSecs); -+ VIR_INFO("Waiting %u secs for VM shutdown completion", cfg->waitShutdownSecs); -+ while (1) { -+ bool anyRunning = false; -+ for (i = 0; i < numDomains; i++) { -+ if (!domains[i]) -+ continue; -+ -+ if ((transient[i] && cfg->tryShutdown == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_PERSISTENT) || -+ (!transient[i] && cfg->tryShutdown == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_TRANSIENT)) -+ continue; -+ -+ if (virDomainIsActive(domains[i]) == 1) { -+ anyRunning = true; -+ } else { -+ virObjectUnref(domains[i]); -+ domains[i] = NULL; -+ } -+ } -+ -+ if (!anyRunning) -+ break; -+ if (g_timer_elapsed(timer, NULL) > cfg->waitShutdownSecs) -+ break; -+ g_usleep(1000*500); -+ } -+ g_timer_destroy(timer); -+} -+ -+ -+static void -+virDomainDriverAutoShutdownDoPoweroff(virDomainPtr *domains, -+ bool *transient, -+ size_t numDomains, -+ virDomainDriverAutoShutdownConfig *cfg) -+{ -+ size_t i; -+ -+ if (cfg->poweroff == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_NONE) -+ return; -+ -+ for (i = 0; i < numDomains; i++) { -+ if (domains[i] == NULL) -+ continue; -+ -+ if ((transient[i] && cfg->poweroff == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_PERSISTENT) || -+ (!transient[i] && cfg->poweroff == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_TRANSIENT)) -+ continue; -+ -+ virSystemdNotifyStatus("Destroying '%s' (%zu of %zu)", -+ virDomainGetName(domains[i]), i + 1, numDomains); -+ VIR_INFO("Destroying '%s'", virDomainGetName(domains[i])); -+ /* -+ * NB might fail if we gave up on waiting for -+ * virDomainShutdown, but it then completed anyway, -+ * hence we're not checking for failure -+ */ -+ virDomainDestroy(domains[i]); -+ -+ virObjectUnref(domains[i]); -+ domains[i] = NULL; -+ } -+} -+ -+ - void - virDomainDriverAutoShutdown(virDomainDriverAutoShutdownConfig *cfg) - { -@@ -816,130 +974,9 @@ virDomainDriverAutoShutdown(virDomainDriverAutoShutdownConfig *cfg) - } - } - -- if (cfg->trySave != VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_NONE) { -- g_autofree unsigned int *flags = g_new0(unsigned int, numDomains); -- for (i = 0; i < numDomains; i++) { -- int state; -- -- if ((transient[i] && cfg->trySave == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_PERSISTENT) || -- (!transient[i] && cfg->trySave == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_TRANSIENT)) -- continue; -- -- virSystemdNotifyStatus("Suspending '%s' (%zu of %d)", -- virDomainGetName(domains[i]), i + 1, numDomains); -- VIR_INFO("Suspending '%s'", virDomainGetName(domains[i])); -- -- /* -- * Pause all VMs to make them stop dirtying pages, -- * so save is quicker. We remember if any VMs were -- * paused so we can restore that on resume. -- */ -- flags[i] = VIR_DOMAIN_SAVE_RUNNING; -- if (virDomainGetState(domains[i], &state, NULL, 0) == 0) { -- if (state == VIR_DOMAIN_PAUSED) -- flags[i] = VIR_DOMAIN_SAVE_PAUSED; -- } -- if (cfg->saveBypassCache) -- flags[i] |= VIR_DOMAIN_SAVE_BYPASS_CACHE; -- -- if (flags[i] & VIR_DOMAIN_SAVE_RUNNING) -- virDomainSuspend(domains[i]); -- } -- -- for (i = 0; i < numDomains; i++) { -- virSystemdNotifyStatus("Saving '%s' (%zu of %d)", -- virDomainGetName(domains[i]), i + 1, numDomains); -- VIR_INFO("Saving '%s'", virDomainGetName(domains[i])); -- -- if (virDomainManagedSave(domains[i], flags[i]) < 0) { -- VIR_WARN("auto-shutdown: unable to perform managed save of '%s': %s", -- domains[i]->name, -- virGetLastErrorMessage()); -- if (flags[i] & VIR_DOMAIN_SAVE_RUNNING) -- virDomainResume(domains[i]); -- continue; -- } -- virObjectUnref(domains[i]); -- domains[i] = NULL; -- } -- } -- -- if (cfg->tryShutdown != VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_NONE) { -- GTimer *timer = NULL; -- for (i = 0; i < numDomains; i++) { -- if (domains[i] == NULL) -- continue; -- -- if ((transient[i] && cfg->tryShutdown == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_PERSISTENT) || -- (!transient[i] && cfg->tryShutdown == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_TRANSIENT)) -- continue; -- -- virSystemdNotifyStatus("Shutting down '%s' (%zu of %d)", -- virDomainGetName(domains[i]), i + 1, numDomains); -- VIR_INFO("Shutting down '%s'", virDomainGetName(domains[i])); -- -- if (virDomainShutdown(domains[i]) < 0) { -- VIR_WARN("auto-shutdown: unable to request graceful shutdown of '%s': %s", -- domains[i]->name, -- virGetLastErrorMessage()); -- break; -- } -- } -- -- timer = g_timer_new(); -- virSystemdNotifyStatus("Waiting %u secs for VM shutdown completion", -- cfg->waitShutdownSecs); -- VIR_INFO("Waiting %u secs for VM shutdown completion", cfg->waitShutdownSecs); -- while (1) { -- bool anyRunning = false; -- for (i = 0; i < numDomains; i++) { -- if (!domains[i]) -- continue; -- -- if ((transient[i] && cfg->tryShutdown == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_PERSISTENT) || -- (!transient[i] && cfg->tryShutdown == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_TRANSIENT)) -- continue; -- -- if (virDomainIsActive(domains[i]) == 1) { -- anyRunning = true; -- } else { -- virObjectUnref(domains[i]); -- domains[i] = NULL; -- } -- } -- -- if (!anyRunning) -- break; -- if (g_timer_elapsed(timer, NULL) > cfg->waitShutdownSecs) -- break; -- g_usleep(1000*500); -- } -- g_timer_destroy(timer); -- } -- -- if (cfg->poweroff != VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_NONE) { -- for (i = 0; i < numDomains; i++) { -- if (domains[i] == NULL) -- continue; -- -- if ((transient[i] && cfg->poweroff == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_PERSISTENT) || -- (!transient[i] && cfg->poweroff == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_TRANSIENT)) -- continue; -- -- virSystemdNotifyStatus("Destroying '%s' (%zu of %d)", -- virDomainGetName(domains[i]), i + 1, numDomains); -- VIR_INFO("Destroying '%s'", virDomainGetName(domains[i])); -- /* -- * NB might fail if we gave up on waiting for -- * virDomainShutdown, but it then completed anyway, -- * hence we're not checking for failure -- */ -- virDomainDestroy(domains[i]); -- -- virObjectUnref(domains[i]); -- domains[i] = NULL; -- } -- } -+ virDomainDriverAutoShutdownDoSave(domains, transient, numDomains, cfg); -+ virDomainDriverAutoShutdownDoShutdown(domains, transient, numDomains, cfg); -+ virDomainDriverAutoShutdownDoPoweroff(domains, transient, numDomains, cfg); - - virSystemdNotifyStatus("Processed %d domains", numDomains); - VIR_INFO("Processed %d domains", numDomains); --- -2.50.1 diff --git a/libvirt-hypervisor-domain-Extract-logic-for-auto-shutdown-to-virDomainDriverAutoShutdownActive.patch b/libvirt-hypervisor-domain-Extract-logic-for-auto-shutdown-to-virDomainDriverAutoShutdownActive.patch deleted file mode 100644 index c8e0eb1..0000000 --- a/libvirt-hypervisor-domain-Extract-logic-for-auto-shutdown-to-virDomainDriverAutoShutdownActive.patch +++ /dev/null @@ -1,77 +0,0 @@ -From 8ebd4e7c38291929f8a6c481b768a4d8355ea19c Mon Sep 17 00:00:00 2001 -Message-ID: <8ebd4e7c38291929f8a6c481b768a4d8355ea19c.1752837271.git.jdenemar@redhat.com> -From: Peter Krempa -Date: Fri, 27 Jun 2025 15:22:22 +0200 -Subject: [PATCH] hypervisor: domain: Extract logic for auto shutdown to - virDomainDriverAutoShutdownActive - -Extract the checker that determines whether the daemon auto shutdown -functionality is active to a separate helper -'virDomainDriverAutoShutdownActive'. - -Signed-off-by: Peter Krempa -Reviewed-by: Pavel Hrdina -(cherry picked from commit bb51963bb173b28dacb6a1374712b1344e9a61c2) - -https://issues.redhat.com/browse/RHEL-95361 ---- - src/hypervisor/domain_driver.c | 13 ++++++++++--- - src/hypervisor/domain_driver.h | 1 + - src/libvirt_private.syms | 1 + - 3 files changed, 12 insertions(+), 3 deletions(-) - -diff --git a/src/hypervisor/domain_driver.c b/src/hypervisor/domain_driver.c -index 62bbe176ae..353b8875ec 100644 ---- a/src/hypervisor/domain_driver.c -+++ b/src/hypervisor/domain_driver.c -@@ -729,6 +729,15 @@ virDomainDriverAutoStart(virDomainObjList *domains, - } - - -+bool -+virDomainDriverAutoShutdownActive(virDomainDriverAutoShutdownConfig *cfg) -+{ -+ return cfg->trySave != VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_NONE || -+ cfg->tryShutdown != VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_NONE || -+ cfg->poweroff != VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_NONE; -+} -+ -+ - void - virDomainDriverAutoShutdown(virDomainDriverAutoShutdownConfig *cfg) - { -@@ -773,9 +782,7 @@ virDomainDriverAutoShutdown(virDomainDriverAutoShutdownConfig *cfg) - } - - /* Short-circuit if all actions are disabled */ -- if (cfg->trySave == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_NONE && -- cfg->tryShutdown == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_NONE && -- cfg->poweroff == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_NONE) -+ if (!virDomainDriverAutoShutdownActive(cfg)) - return; - - if (!(conn = virConnectOpen(cfg->uri))) -diff --git a/src/hypervisor/domain_driver.h b/src/hypervisor/domain_driver.h -index d90466b942..af1c4eaed6 100644 ---- a/src/hypervisor/domain_driver.h -+++ b/src/hypervisor/domain_driver.h -@@ -116,4 +116,5 @@ typedef struct _virDomainDriverAutoShutdownConfig { - bool autoRestore; - } virDomainDriverAutoShutdownConfig; - -+bool virDomainDriverAutoShutdownActive(virDomainDriverAutoShutdownConfig *cfg); - void virDomainDriverAutoShutdown(virDomainDriverAutoShutdownConfig *cfg); -diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms -index 8f1489ecc8..1b9be478e4 100644 ---- a/src/libvirt_private.syms -+++ b/src/libvirt_private.syms -@@ -1658,6 +1658,7 @@ virDomainCgroupSetupVcpuBW; - # hypervisor/domain_driver.h - virDomainDriverAddIOThreadCheck; - virDomainDriverAutoShutdown; -+virDomainDriverAutoShutdownActive; - virDomainDriverAutoShutdownScopeTypeFromString; - virDomainDriverAutoShutdownScopeTypeToString; - virDomainDriverAutoStart; --- -2.50.1 diff --git a/libvirt-kbase-tlscerts-Drop-encryption_key-feature-request.patch b/libvirt-kbase-tlscerts-Drop-encryption_key-feature-request.patch deleted file mode 100644 index 7b2785f..0000000 --- a/libvirt-kbase-tlscerts-Drop-encryption_key-feature-request.patch +++ /dev/null @@ -1,44 +0,0 @@ -From c50a7108b0090fdce43c7f9d0cef9c905c989cc5 Mon Sep 17 00:00:00 2001 -Message-ID: -From: Peter Krempa -Date: Tue, 1 Jul 2025 13:46:59 +0200 -Subject: [PATCH] kbase: tlscerts: Drop 'encryption_key' feature request -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -As TLS 1.3 performs key exchange separately from the algorithm used to -verify authenticity, the certificates for libvirt's use of TLS don't -need to require the 'encryption_key' feature any more. - -Signed-off-by: Peter Krempa -Reviewed-by: Ján Tomko -(cherry picked from commit 3da460236968be1c67a38a01711d46cb257a7125) - -https://issues.redhat.com/browse/RHEL-100711 ---- - docs/kbase/tlscerts.rst | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/docs/kbase/tlscerts.rst b/docs/kbase/tlscerts.rst -index e4aa5bb3c9..215d454998 100644 ---- a/docs/kbase/tlscerts.rst -+++ b/docs/kbase/tlscerts.rst -@@ -204,7 +204,6 @@ define the server as follows: - ip_address = 2001:cafe::74 - ip_address = fe20::24 - tls_www_server -- encryption_key - signing_key - - The 'cn' field should refer to the fully qualified public hostname of the -@@ -298,7 +297,6 @@ briefly cover the steps. - organization = Libvirt Project - cn = client1 - tls_www_client -- encryption_key - signing_key - - and sign by doing: --- -2.50.1 diff --git a/libvirt-qemu-Fix-auto-shutdown-of-qemu-VMs-by-the-qemu-driver.patch b/libvirt-qemu-Fix-auto-shutdown-of-qemu-VMs-by-the-qemu-driver.patch deleted file mode 100644 index 4fe9362..0000000 --- a/libvirt-qemu-Fix-auto-shutdown-of-qemu-VMs-by-the-qemu-driver.patch +++ /dev/null @@ -1,93 +0,0 @@ -From 79f9281a8d3dcd15b2332e2e4f599617d47b5fd0 Mon Sep 17 00:00:00 2001 -Message-ID: <79f9281a8d3dcd15b2332e2e4f599617d47b5fd0.1752837271.git.jdenemar@redhat.com> -From: Peter Krempa -Date: Fri, 27 Jun 2025 16:10:03 +0200 -Subject: [PATCH] qemu: Fix auto-shutdown of qemu VMs by the qemu driver - -When auto-shutdown via the qemu driver is requested (rather than via -libvirt guests) we need to start the VMs in a way that they will be kept -around for libvirt to terminate them. This involves inverting the -dependancy relationship for the machined unit file. - -Since the setup is done at startup of the VM, add a disclaimer to -qemu.conf that switching between the two modes with VMs running will not -work properly. - -Signed-off-by: Peter Krempa -Reviewed-by: Pavel Hrdina -(cherry picked from commit 82963fdcb67742fad3066d31f2bd9b14c8153574) - -https://issues.redhat.com/browse/RHEL-95361 ---- - src/qemu/qemu.conf.in | 15 ++++++++++++++- - src/qemu/qemu_cgroup.c | 8 +++++++- - 2 files changed, 21 insertions(+), 2 deletions(-) - -diff --git a/src/qemu/qemu.conf.in b/src/qemu/qemu.conf.in -index 221bfa8095..6358a45ae2 100644 ---- a/src/qemu/qemu.conf.in -+++ b/src/qemu/qemu.conf.in -@@ -663,7 +663,10 @@ - # implemented for transient VMs. - # - # If 'libvirt-guests.service' is enabled, then this must be --# set to 'none' for system daemons to avoid dueling actions -+# set to 'none' for system daemons to avoid dueling actions. -+# Warning: Switching between 'libvirt-guests.service' and this option -+# causes VMs running at that point to misbehave on host shutdown unless -+# they are restarted, or saved and restored. - #auto_shutdown_try_save = "persistent" - - # As above, but with a graceful shutdown action instead of -@@ -675,6 +678,9 @@ - # - # If 'libvirt-guests.service' is enabled, then this must be - # set to 'none' for system daemons to avoid dueling actions -+# Warning: Switching between 'libvirt-guests.service' and this option -+# causes VMs running at that point to misbehave on host shutdown unless -+# they are restarted, or saved and restored. - #auto_shutdown_try_shutdown = "all" - - # As above, but with a forced poweroff instead of managed -@@ -687,6 +693,13 @@ - # - # If 'libvirt-guests.service' is enabled, then this must be - # set to 'none' for system daemons to avoid dueling actions -+# -+# Warning: Switching between 'libvirt-guests.service' and this option -+# causes VMs running at that point to misbehave on host shutdown unless -+# they are restarted, or saved and restored. -+# -+# When using any 'auto_shutdown_try_save', 'auto_shutdown_try_shutdown' this -+# feature should to be enabled as well to ensure proper cleanup of the VMs. - #auto_shutdown_poweroff = "all" - - # How may seconds to wait for running VMs to gracefully shutdown -diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c -index 04d6370011..25e42ebfc6 100644 ---- a/src/qemu/qemu_cgroup.c -+++ b/src/qemu/qemu_cgroup.c -@@ -910,6 +910,12 @@ qemuSetupCgroup(virDomainObj *vm, - { - qemuDomainObjPrivate *priv = vm->privateData; - g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(priv->driver); -+ /* When users wants to auto-shutdown the VMs via the qemu daemon itself -+ * we need to instruct machined to create dependencies for the units -+ * in such way that the VMs will not be killed before the auto shutdown -+ * code is reached. -+ */ -+ bool daemonAutoShutdown = virDomainDriverAutoShutdownActive(&cfg->autoShutdown); - - if (virDomainCgroupSetupCgroup("qemu", - vm, -@@ -919,7 +925,7 @@ qemuSetupCgroup(virDomainObj *vm, - cfg->cgroupControllers, - cfg->maxThreadsPerProc, - priv->driver->privileged, -- false, -+ daemonAutoShutdown, - priv->machineName) < 0) - - return -1; --- -2.50.1 diff --git a/libvirt-qemu-add-ability-to-set-TLS-priority-string-with-QEMU.patch b/libvirt-qemu-add-ability-to-set-TLS-priority-string-with-QEMU.patch deleted file mode 100644 index bc2f431..0000000 --- a/libvirt-qemu-add-ability-to-set-TLS-priority-string-with-QEMU.patch +++ /dev/null @@ -1,667 +0,0 @@ -From 5daae8778ba7b7232faf4788ef49891820e2510f Mon Sep 17 00:00:00 2001 -Message-ID: <5daae8778ba7b7232faf4788ef49891820e2510f.1754404628.git.jdenemar@redhat.com> -From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= -Date: Wed, 16 Jul 2025 16:40:01 +0100 -Subject: [PATCH] qemu: add ability to set TLS priority string with QEMU -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -QEMU will either use the GNUTLS default priority string of "NORMAL", -or on Fedora/RHEL related distros, "@QEMU,SYSTEM", which resolves to -a configuration in /etc/crypto-policies/back-ends/gnutls.config. - -The latter gives the sysadmin the ability to change the priority -string used for GNUTLS at deployment time, either system side, or -exclusively for QEMU, avoiding the hardcoded GNUTLS defaults. - -There are still some limitations to this: - - * Priorities cannot be set for different areas of QEMU - functionality (migration, vnc, nbd, etc) - - * Priorities are fixed at the time when QEMU first - triggers GNUTLS to load its config file, often - immediately at startup. - -We recently uncovered a QEMU bug that causes crashes in live -migration with TLS-1.3, where the easiest workaround is to -change the TLS priorities. We can't change this on the running -QEMU, but fortunately it is possible to change it on the target -QEMU and the TLS handshake will make it take effect on both -src and dst. - -The problem is, while fixing the immediate incoming and outgoing -live migration problems, the workaround will apply to everything -else that QEMU does for the rest of the time that process exists. - -We want to make it possible to set the TLS priorities only for -the current migrations, such that if the target QEMU has a fixed -GNUTLS, it will not have its TLS priorities hobbled for the next -live migration. - -To achieve this we need libvirt to be able to (optionally) set -the TLS priority string with QEMU. While live migration is the -most pressing need, the new qemu.conf parameters are wired up -for every subsystem for greater selectivity in future. - -With this we can activate the GNUTLS workaround for running -QEMU processes by editting qemu.conf and restarting virtqemud, -and later undo this the same way. - -Reviewed-by: Peter Krempa -Signed-off-by: Daniel P. Berrangé -(cherry picked from commit 14e41ac9f365b148e69088c5ffeb565a0f9ba326) - -Resolves: https://issues.redhat.com/browse/RHEL-104382 -Signed-off-by: Daniel P. Berrangé ---- - src/conf/storage_source_conf.c | 2 + - src/conf/storage_source_conf.h | 1 + - src/qemu/libvirtd_qemu.aug | 6 +++ - src/qemu/qemu.conf.in | 37 +++++++++++++++++++ - src/qemu/qemu_backup.c | 5 ++- - src/qemu/qemu_blockjob.c | 1 + - src/qemu/qemu_command.c | 15 ++++++-- - src/qemu/qemu_command.h | 1 + - src/qemu/qemu_conf.c | 22 +++++++++++ - src/qemu/qemu_conf.h | 6 +++ - src/qemu/qemu_domain.c | 3 ++ - src/qemu/qemu_domain.h | 1 + - src/qemu/qemu_hotplug.c | 4 +- - src/qemu/qemu_hotplug.h | 1 + - src/qemu/qemu_migration_params.c | 1 + - src/qemu/test_libvirtd_qemu.aug.in | 6 +++ - ...rk-tlsx509-nbd-hostname.x86_64-latest.args | 2 +- - ...graphics-vnc-tls-secret.x86_64-latest.args | 2 +- - ...-tlsx509-secret-chardev.x86_64-latest.args | 2 +- - tests/qemuxmlconftest.c | 6 +++ - 20 files changed, 114 insertions(+), 10 deletions(-) - -diff --git a/src/conf/storage_source_conf.c b/src/conf/storage_source_conf.c -index 8a063be244..8bab116d89 100644 ---- a/src/conf/storage_source_conf.c -+++ b/src/conf/storage_source_conf.c -@@ -832,6 +832,7 @@ virStorageSourceCopy(const virStorageSource *src, - def->compat = g_strdup(src->compat); - def->tlsAlias = g_strdup(src->tlsAlias); - def->tlsCertdir = g_strdup(src->tlsCertdir); -+ def->tlsPriority = g_strdup(src->tlsPriority); - def->tlsHostname = g_strdup(src->tlsHostname); - def->query = g_strdup(src->query); - def->vdpadev = g_strdup(src->vdpadev); -@@ -1185,6 +1186,7 @@ virStorageSourceClear(virStorageSource *def) - - VIR_FREE(def->tlsAlias); - VIR_FREE(def->tlsCertdir); -+ VIR_FREE(def->tlsPriority); - VIR_FREE(def->tlsHostname); - - VIR_FREE(def->ssh_user); -diff --git a/src/conf/storage_source_conf.h b/src/conf/storage_source_conf.h -index ebddf28cd6..a0d5acdb09 100644 ---- a/src/conf/storage_source_conf.h -+++ b/src/conf/storage_source_conf.h -@@ -396,6 +396,7 @@ struct _virStorageSource { - * certificate directory with listen and verify bools. */ - char *tlsAlias; - char *tlsCertdir; -+ char *tlsPriority; - - /* TLS hostname override */ - char *tlsHostname; -diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug -index d36baed6fc..772d4dcabe 100644 ---- a/src/qemu/libvirtd_qemu.aug -+++ b/src/qemu/libvirtd_qemu.aug -@@ -30,6 +30,7 @@ module Libvirtd_qemu = - let default_tls_entry = str_entry "default_tls_x509_cert_dir" - | bool_entry "default_tls_x509_verify" - | str_entry "default_tls_x509_secret_uuid" -+ | str_entry "default_tls_priority" - - let vnc_entry = str_entry "vnc_listen" - | bool_entry "vnc_auto_unix_socket" -@@ -37,6 +38,7 @@ module Libvirtd_qemu = - | str_entry "vnc_tls_x509_cert_dir" - | bool_entry "vnc_tls_x509_verify" - | str_entry "vnc_tls_x509_secret_uuid" -+ | str_entry "vnc_tls_priority" - | str_entry "vnc_password" - | bool_entry "vnc_sasl" - | str_entry "vnc_sasl_dir" -@@ -59,15 +61,18 @@ module Libvirtd_qemu = - | str_entry "chardev_tls_x509_cert_dir" - | bool_entry "chardev_tls_x509_verify" - | str_entry "chardev_tls_x509_secret_uuid" -+ | str_entry "chardev_tls_priority" - - let migrate_entry = str_entry "migrate_tls_x509_cert_dir" - | bool_entry "migrate_tls_x509_verify" - | str_entry "migrate_tls_x509_secret_uuid" -+ | str_entry "migrate_tls_priority" - | bool_entry "migrate_tls_force" - - let backup_entry = str_entry "backup_tls_x509_cert_dir" - | bool_entry "backup_tls_x509_verify" - | str_entry "backup_tls_x509_secret_uuid" -+ | str_entry "backup_tls_priority" - - (* support for vxhs was removed from qemu and the examples were dopped from *) - (* qemu.conf but these need to stay *) -@@ -78,6 +83,7 @@ module Libvirtd_qemu = - let nbd_entry = bool_entry "nbd_tls" - | str_entry "nbd_tls_x509_cert_dir" - | str_entry "nbd_tls_x509_secret_uuid" -+ | str_entry "nbd_tls_priority" - - let nogfx_entry = bool_entry "nographics_allow_host_audio" - -diff --git a/src/qemu/qemu.conf.in b/src/qemu/qemu.conf.in -index 76cbe1a72d..b0fb30d74f 100644 ---- a/src/qemu/qemu.conf.in -+++ b/src/qemu/qemu.conf.in -@@ -62,6 +62,18 @@ - #default_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000" - - -+# Libvirt allows QEMU to use its built-in TLS priority by default, -+# however, this allows overriding it at runtime. This is especially -+# useful if TLS priority needs to be changed for an operation run -+# against an existing running QEMU. -+# -+# This must be a valid GNUTLS priority string: -+# -+# https://gnutls.org/manual/html_node/Priority-Strings.html -+# -+#default_tls_priority = "@SYSTEM" -+ -+ - # VNC is configured to listen on 127.0.0.1 by default. - # To make it listen on all public interfaces, uncomment - # this next option. -@@ -127,6 +139,11 @@ - #vnc_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000" - - -+# Override QEMU default GNUTLS priority string for VNC -+# -+#vnc_tls_priority = "@SYSTEM" -+ -+ - # The default VNC password. Only 8 bytes are significant for - # VNC passwords. This parameter is only used if the per-domain - # XML config does not already provide a password. To allow -@@ -306,6 +323,11 @@ - #chardev_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000" - - -+# Override QEMU default GNUTLS priority string for character devices -+# -+#chardev_tls_priority = "@SYSTEM" -+ -+ - # The support for VxHS network block protocol was removed in qemu-5.2 and - # thus also dropped from libvirt's qemu driver. The following options which - # were used to configure the TLS certificates for VxHS are thus ignored. -@@ -358,6 +380,11 @@ - #nbd_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000" - - -+# Override QEMU default GNUTLS priority string for NBD -+# -+#nbd_tls_priority = "@SYSTEM" -+ -+ - # In order to override the default TLS certificate location for migration - # certificates, supply a valid path to the certificate directory. If the - # provided path does not exist, libvirtd will fail to start. If the path is -@@ -397,6 +424,11 @@ - #migrate_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000" - - -+# Override QEMU default GNUTLS priority string for live migration -+# -+#migrate_tls_priority = "@SYSTEM" -+ -+ - # By default TLS is requested using the VIR_MIGRATE_TLS flag, thus not requested - # automatically. Setting 'migate_tls_force' to "1" will prevent any migration - # which is not using VIR_MIGRATE_TLS to ensure higher level of security in -@@ -442,6 +474,11 @@ - #backup_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000" - - -+# Override QEMU default GNUTLS priority string for NBD backups -+# -+#backup_tls_priority = "@SYSTEM" -+ -+ - # By default, if no graphical front end is configured, libvirt will disable - # QEMU audio output since directly talking to alsa/pulseaudio may not work - # with various security settings. If you know what you're doing, enable -diff --git a/src/qemu/qemu_backup.c b/src/qemu/qemu_backup.c -index fb3558d280..1f43479b5e 100644 ---- a/src/qemu/qemu_backup.c -+++ b/src/qemu/qemu_backup.c -@@ -728,8 +728,9 @@ qemuBackupBeginPrepareTLS(virDomainObj *vm, - } - - if (qemuBuildTLSx509BackendProps(cfg->backupTLSx509certdir, true, -- cfg->backupTLSx509verify, tlsObjAlias, -- tlsKeySecretAlias, -+ cfg->backupTLSx509verify, -+ cfg->backupTLSpriority, -+ tlsObjAlias, tlsKeySecretAlias, - tlsProps) < 0) - return -1; - -diff --git a/src/qemu/qemu_blockjob.c b/src/qemu/qemu_blockjob.c -index c7462e2838..315b742053 100644 ---- a/src/qemu/qemu_blockjob.c -+++ b/src/qemu/qemu_blockjob.c -@@ -624,6 +624,7 @@ qemuBlockJobCleanStorageSourceRuntime(virStorageSource *src) - VIR_FREE(src->nodenameformat); - VIR_FREE(src->tlsAlias); - VIR_FREE(src->tlsCertdir); -+ VIR_FREE(src->tlsPriority); - } - - -diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c -index 202f2dfaca..662d6299f8 100644 ---- a/src/qemu/qemu_command.c -+++ b/src/qemu/qemu_command.c -@@ -1263,6 +1263,7 @@ qemuBuildObjectSecretCommandLine(virCommand *cmd, - * @tlspath: path to the TLS credentials - * @listen: boolean listen for client or server setting - * @verifypeer: boolean to enable peer verification (form of authorization) -+ * @priority: GNUTLS priority string override (optional) - * @alias: alias for the TLS credentials object - * @secalias: if one exists, the alias of the security object for passwordid - * @propsret: json properties to return -@@ -1275,6 +1276,7 @@ int - qemuBuildTLSx509BackendProps(const char *tlspath, - bool isListen, - bool verifypeer, -+ const char *priority, - const char *alias, - const char *secalias, - virJSONValue **propsret) -@@ -1283,6 +1285,7 @@ qemuBuildTLSx509BackendProps(const char *tlspath, - "s:dir", tlspath, - "s:endpoint", (isListen ? "server": "client"), - "b:verify-peer", (isListen ? verifypeer : true), -+ "S:priority", priority, - "S:passwordid", secalias, - NULL) < 0) - return -1; -@@ -1296,6 +1299,7 @@ qemuBuildTLSx509BackendProps(const char *tlspath, - * @tlspath: path to the TLS credentials - * @listen: boolean listen for client or server setting - * @verifypeer: boolean to enable peer verification (form of authorization) -+ * @priority: GNUTLS priority string override (optional) - * @certEncSecretAlias: alias of a 'secret' object for decrypting TLS private key - * (optional) - * @alias: TLS object alias -@@ -1309,13 +1313,14 @@ qemuBuildTLSx509CommandLine(virCommand *cmd, - const char *tlspath, - bool isListen, - bool verifypeer, -+ const char *priority, - const char *certEncSecretAlias, - const char *alias) - { - g_autoptr(virJSONValue) props = NULL; - -- if (qemuBuildTLSx509BackendProps(tlspath, isListen, verifypeer, alias, -- certEncSecretAlias, &props) < 0) -+ if (qemuBuildTLSx509BackendProps(tlspath, isListen, verifypeer, priority, -+ alias, certEncSecretAlias, &props) < 0) - return -1; - - if (qemuBuildObjectCommandlineFromJSON(cmd, props) < 0) -@@ -1357,6 +1362,7 @@ qemuBuildChardevCommand(virCommand *cmd, - if (qemuBuildTLSx509CommandLine(cmd, chrSourcePriv->tlsCertPath, - dev->data.tcp.listen, - chrSourcePriv->tlsVerify, -+ chrSourcePriv->tlsPriority, - tlsCertEncSecAlias, - objalias) < 0) { - return -1; -@@ -8347,6 +8353,7 @@ qemuBuildGraphicsVNCCommandLine(virQEMUDriverConfig *cfg, - cfg->vncTLSx509certdir, - true, - cfg->vncTLSx509verify, -+ cfg->vncTLSpriority, - secretAlias, - gfxPriv->tlsAlias) < 0) - return -1; -@@ -11188,8 +11195,8 @@ qemuBuildStorageSourceAttachPrepareCommon(virStorageSource *src, - } - - if (src->haveTLS == VIR_TRISTATE_BOOL_YES && -- qemuBuildTLSx509BackendProps(src->tlsCertdir, false, true, src->tlsAlias, -- tlsKeySecretAlias, &data->tlsProps) < 0) -+ qemuBuildTLSx509BackendProps(src->tlsCertdir, false, true, src->tlsPriority, -+ src->tlsAlias, tlsKeySecretAlias, &data->tlsProps) < 0) - return -1; - - return 0; -diff --git a/src/qemu/qemu_command.h b/src/qemu/qemu_command.h -index 574dffdc96..ad068f1f16 100644 ---- a/src/qemu/qemu_command.h -+++ b/src/qemu/qemu_command.h -@@ -67,6 +67,7 @@ int - qemuBuildTLSx509BackendProps(const char *tlspath, - bool isListen, - bool verifypeer, -+ const char *priority, - const char *alias, - const char *secalias, - virJSONValue **propsret); -diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c -index 482e19b502..088904eb12 100644 ---- a/src/qemu/qemu_conf.c -+++ b/src/qemu/qemu_conf.c -@@ -454,6 +454,9 @@ virQEMUDriverConfigLoadDefaultTLSEntry(virQEMUDriverConfig *cfg, - if (virConfGetValueString(conf, "default_tls_x509_secret_uuid", - &cfg->defaultTLSx509secretUUID) < 0) - return -1; -+ if (virConfGetValueString(conf, "default_tls_priority", -+ &cfg->defaultTLSpriority) < 0) -+ return -1; - - return 0; - } -@@ -566,6 +569,9 @@ virQEMUDriverConfigLoadSpecificTLSEntry(virQEMUDriverConfig *cfg, - #val "_tls_x509_secret_uuid", \ - &cfg->val## TLSx509secretUUID) < 0) \ - return -1; \ -+ if ((rv = virConfGetValueString(conf, #val "_tls_priority", \ -+ &cfg->val## TLSpriority)) < 0) \ -+ return -1; \ - } while (0) - - #define GET_CONFIG_TLS_CERTINFO_SERVER(val) \ -@@ -1441,6 +1447,22 @@ virQEMUDriverConfigSetDefaults(virQEMUDriverConfig *cfg) - - #undef SET_TLS_SECRET_UUID_DEFAULT - -+#define SET_TLS_PRIORITY_DEFAULT(val) \ -+ do { \ -+ if (!cfg->val## TLSpriority && \ -+ cfg->defaultTLSpriority) { \ -+ cfg->val## TLSpriority = g_strdup(cfg->defaultTLSpriority); \ -+ } \ -+ } while (0) -+ -+ SET_TLS_PRIORITY_DEFAULT(vnc); -+ SET_TLS_PRIORITY_DEFAULT(chardev); -+ SET_TLS_PRIORITY_DEFAULT(migrate); -+ SET_TLS_PRIORITY_DEFAULT(backup); -+ SET_TLS_PRIORITY_DEFAULT(nbd); -+ -+#undef SET_TLS_PRIORITY_DEFAULT -+ - /* - * If a "SYSCONFDIR" + "pki/libvirt-" exists, then assume someone - * has created a val specific area to place service specific certificates. -diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h -index ff376aed4d..192ddd0cbd 100644 ---- a/src/qemu/qemu_conf.h -+++ b/src/qemu/qemu_conf.h -@@ -117,6 +117,7 @@ struct _virQEMUDriverConfig { - bool defaultTLSx509verify; - bool defaultTLSx509verifyPresent; - char *defaultTLSx509secretUUID; -+ char *defaultTLSpriority; - - bool vncAutoUnixSocket; - bool vncTLS; -@@ -125,6 +126,7 @@ struct _virQEMUDriverConfig { - bool vncSASL; - char *vncTLSx509certdir; - char *vncTLSx509secretUUID; -+ char *vncTLSpriority; - char *vncListen; - char *vncPassword; - char *vncSASLdir; -@@ -147,21 +149,25 @@ struct _virQEMUDriverConfig { - bool chardevTLSx509verify; - bool chardevTLSx509verifyPresent; - char *chardevTLSx509secretUUID; -+ char *chardevTLSpriority; - - char *migrateTLSx509certdir; - bool migrateTLSx509verify; - bool migrateTLSx509verifyPresent; - char *migrateTLSx509secretUUID; -+ char *migrateTLSpriority; - bool migrateTLSForce; - - char *backupTLSx509certdir; - bool backupTLSx509verify; - bool backupTLSx509verifyPresent; - char *backupTLSx509secretUUID; -+ char *backupTLSpriority; - - bool nbdTLS; - char *nbdTLSx509certdir; - char *nbdTLSx509secretUUID; -+ char *nbdTLSpriority; - - unsigned int remotePortMin; - unsigned int remotePortMax; -diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c -index 0d2548d8d4..ddc065d8f4 100644 ---- a/src/qemu/qemu_domain.c -+++ b/src/qemu/qemu_domain.c -@@ -955,6 +955,7 @@ qemuDomainChrSourcePrivateDispose(void *obj) - qemuDomainChrSourcePrivateClearFDPass(priv); - - g_free(priv->tlsCertPath); -+ g_free(priv->tlsPriority); - - g_free(priv->tlsCredsAlias); - -@@ -8777,6 +8778,7 @@ qemuDomainPrepareChardevSourceOne(virDomainDeviceDef *dev, - - if (charsrc->data.tcp.haveTLS == VIR_TRISTATE_BOOL_YES) { - charpriv->tlsCertPath = g_strdup(data->cfg->chardevTLSx509certdir); -+ charpriv->tlsPriority = g_strdup(data->cfg->chardevTLSpriority); - charpriv->tlsVerify = data->cfg->chardevTLSx509verify; - } - } -@@ -8842,6 +8844,7 @@ qemuProcessPrepareStorageSourceTLSNBD(virStorageSource *src, - - src->tlsAlias = qemuAliasTLSObjFromSrcAlias(parentAlias); - src->tlsCertdir = g_strdup(cfg->nbdTLSx509certdir); -+ src->tlsPriority = g_strdup(cfg->nbdTLSpriority); - - if (cfg->nbdTLSx509secretUUID) { - qemuDomainStorageSourcePrivate *srcpriv = qemuDomainStorageSourcePrivateFetch(src); -diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h -index c7287eb669..22cad50f55 100644 ---- a/src/qemu/qemu_domain.h -+++ b/src/qemu/qemu_domain.h -@@ -384,6 +384,7 @@ struct _qemuDomainChrSourcePrivate { - - char *tlsCertPath; /* path to certificates if TLS is requested */ - bool tlsVerify; /* whether server should verify client certificates */ -+ char *tlsPriority; /* optional GNUTLS priority string */ - - char *tlsCredsAlias; /* alias of the x509 tls credentials object */ - }; -diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c -index 67a2464ce4..79922f27c7 100644 ---- a/src/qemu/qemu_hotplug.c -+++ b/src/qemu/qemu_hotplug.c -@@ -1744,6 +1744,7 @@ qemuDomainGetTLSObjects(qemuDomainSecretInfo *secinfo, - const char *tlsCertdir, - bool tlsListen, - bool tlsVerify, -+ const char *tlsPriority, - const char *alias, - virJSONValue **tlsProps, - virJSONValue **secProps) -@@ -1757,7 +1758,7 @@ qemuDomainGetTLSObjects(qemuDomainSecretInfo *secinfo, - secAlias = secinfo->alias; - } - -- if (qemuBuildTLSx509BackendProps(tlsCertdir, tlsListen, tlsVerify, -+ if (qemuBuildTLSx509BackendProps(tlsCertdir, tlsListen, tlsVerify, tlsPriority, - alias, secAlias, tlsProps) < 0) - return -1; - -@@ -1801,6 +1802,7 @@ qemuDomainAddChardevTLSObjects(virQEMUDriver *driver, - cfg->chardevTLSx509certdir, - dev->data.tcp.listen, - cfg->chardevTLSx509verify, -+ cfg->chardevTLSpriority, - *tlsAlias, &tlsProps, &secProps) < 0) - return -1; - -diff --git a/src/qemu/qemu_hotplug.h b/src/qemu/qemu_hotplug.h -index de75bf9225..fb0b5b6cd7 100644 ---- a/src/qemu/qemu_hotplug.h -+++ b/src/qemu/qemu_hotplug.h -@@ -41,6 +41,7 @@ qemuDomainGetTLSObjects(qemuDomainSecretInfo *secinfo, - const char *tlsCertdir, - bool tlsListen, - bool tlsVerify, -+ const char *tlsPriority, - const char *alias, - virJSONValue **tlsProps, - virJSONValue **secProps); -diff --git a/src/qemu/qemu_migration_params.c b/src/qemu/qemu_migration_params.c -index 17d08f4aa5..b79bbad5c2 100644 ---- a/src/qemu/qemu_migration_params.c -+++ b/src/qemu/qemu_migration_params.c -@@ -1208,6 +1208,7 @@ qemuMigrationParamsEnableTLS(virQEMUDriver *driver, - if (qemuDomainGetTLSObjects(priv->migSecinfo, - cfg->migrateTLSx509certdir, tlsListen, - cfg->migrateTLSx509verify, -+ cfg->migrateTLSpriority, - *tlsAlias, &tlsProps, &secProps) < 0) - return -1; - -diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qemu.aug.in -index e461fcc9df..1fa0e2206e 100644 ---- a/src/qemu/test_libvirtd_qemu.aug.in -+++ b/src/qemu/test_libvirtd_qemu.aug.in -@@ -5,12 +5,14 @@ module Test_libvirtd_qemu = - { "default_tls_x509_cert_dir" = "/etc/pki/qemu" } - { "default_tls_x509_verify" = "1" } - { "default_tls_x509_secret_uuid" = "00000000-0000-0000-0000-000000000000" } -+{ "default_tls_priority" = "@SYSTEM" } - { "vnc_listen" = "0.0.0.0" } - { "vnc_auto_unix_socket" = "1" } - { "vnc_tls" = "1" } - { "vnc_tls_x509_cert_dir" = "/etc/pki/libvirt-vnc" } - { "vnc_tls_x509_verify" = "1" } - { "vnc_tls_x509_secret_uuid" = "00000000-0000-0000-0000-000000000000" } -+{ "vnc_tls_priority" = "@SYSTEM" } - { "vnc_password" = "XYZ12345" } - { "vnc_sasl" = "1" } - { "vnc_sasl_dir" = "/some/directory/sasl2" } -@@ -30,19 +32,23 @@ module Test_libvirtd_qemu = - { "chardev_tls_x509_cert_dir" = "/etc/pki/libvirt-chardev" } - { "chardev_tls_x509_verify" = "1" } - { "chardev_tls_x509_secret_uuid" = "00000000-0000-0000-0000-000000000000" } -+{ "chardev_tls_priority" = "@SYSTEM" } - { "vxhs_tls" = "1" } - { "vxhs_tls_x509_cert_dir" = "/etc/pki/libvirt-vxhs" } - { "vxhs_tls_x509_secret_uuid" = "00000000-0000-0000-0000-000000000000" } - { "nbd_tls" = "1" } - { "nbd_tls_x509_cert_dir" = "/etc/pki/libvirt-nbd" } - { "nbd_tls_x509_secret_uuid" = "00000000-0000-0000-0000-000000000000" } -+{ "nbd_tls_priority" = "@SYSTEM" } - { "migrate_tls_x509_cert_dir" = "/etc/pki/libvirt-migrate" } - { "migrate_tls_x509_verify" = "1" } - { "migrate_tls_x509_secret_uuid" = "00000000-0000-0000-0000-000000000000" } -+{ "migrate_tls_priority" = "@SYSTEM" } - { "migrate_tls_force" = "0" } - { "backup_tls_x509_cert_dir" = "/etc/pki/libvirt-backup" } - { "backup_tls_x509_verify" = "1" } - { "backup_tls_x509_secret_uuid" = "00000000-0000-0000-0000-000000000000" } -+{ "backup_tls_priority" = "@SYSTEM" } - { "nographics_allow_host_audio" = "1" } - { "remote_display_port_min" = "5900" } - { "remote_display_port_max" = "65535" } -diff --git a/tests/qemuxmlconfdata/disk-network-tlsx509-nbd-hostname.x86_64-latest.args b/tests/qemuxmlconfdata/disk-network-tlsx509-nbd-hostname.x86_64-latest.args -index 4ee9a0631b..77d38c3020 100644 ---- a/tests/qemuxmlconfdata/disk-network-tlsx509-nbd-hostname.x86_64-latest.args -+++ b/tests/qemuxmlconfdata/disk-network-tlsx509-nbd-hostname.x86_64-latest.args -@@ -28,7 +28,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \ - -boot strict=on \ - -device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0x2"}' \ - -object '{"qom-type":"secret","id":"objlibvirt-1-storage_tls0-secret0","data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","keyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw==","format":"base64"}' \ ---object '{"qom-type":"tls-creds-x509","id":"objlibvirt-1-storage_tls0","dir":"/etc/pki/libvirt-nbd","endpoint":"client","verify-peer":true,"passwordid":"objlibvirt-1-storage_tls0-secret0"}' \ -+-object '{"qom-type":"tls-creds-x509","id":"objlibvirt-1-storage_tls0","dir":"/etc/pki/libvirt-nbd","endpoint":"client","verify-peer":true,"priority":"@SYSTEM:-VERS-TLS1.3","passwordid":"objlibvirt-1-storage_tls0-secret0"}' \ - -blockdev '{"driver":"nbd","server":{"type":"inet","host":"example.com","port":"1234"},"tls-creds":"objlibvirt-1-storage_tls0","tls-hostname":"test-hostname","node-name":"libvirt-1-storage","read-only":false,"cache":{"direct":true,"no-flush":false}}' \ - -device '{"driver":"virtio-blk-pci","bus":"pci.0","addr":"0x7","drive":"libvirt-1-storage","id":"virtio-disk3","bootindex":1,"write-cache":"on"}' \ - -audiodev '{"id":"audio1","driver":"none"}' \ -diff --git a/tests/qemuxmlconfdata/graphics-vnc-tls-secret.x86_64-latest.args b/tests/qemuxmlconfdata/graphics-vnc-tls-secret.x86_64-latest.args -index 50cc8532d1..32d7be1d3b 100644 ---- a/tests/qemuxmlconfdata/graphics-vnc-tls-secret.x86_64-latest.args -+++ b/tests/qemuxmlconfdata/graphics-vnc-tls-secret.x86_64-latest.args -@@ -29,7 +29,7 @@ SASL_CONF_PATH=/etc/sasl2 \ - -device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0x2"}' \ - -audiodev '{"id":"audio1","driver":"none"}' \ - -object '{"qom-type":"secret","id":"vnc-tls-creds0-secret0","data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","keyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw==","format":"base64"}' \ ---object '{"qom-type":"tls-creds-x509","id":"vnc-tls-creds0","dir":"/etc/pki/libvirt-vnc","endpoint":"server","verify-peer":true,"passwordid":"vnc-tls-creds0-secret0"}' \ -+-object '{"qom-type":"tls-creds-x509","id":"vnc-tls-creds0","dir":"/etc/pki/libvirt-vnc","endpoint":"server","verify-peer":true,"priority":"@SYSTEM:-VERS-TLS1.3","passwordid":"vnc-tls-creds0-secret0"}' \ - -vnc 127.0.0.1:3,tls-creds=vnc-tls-creds0,sasl=on,audiodev=audio1 \ - -device '{"driver":"cirrus-vga","id":"video0","bus":"pci.0","addr":"0x2"}' \ - -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \ -diff --git a/tests/qemuxmlconfdata/serial-tcp-tlsx509-secret-chardev.x86_64-latest.args b/tests/qemuxmlconfdata/serial-tcp-tlsx509-secret-chardev.x86_64-latest.args -index c227a04112..492d1be626 100644 ---- a/tests/qemuxmlconfdata/serial-tcp-tlsx509-secret-chardev.x86_64-latest.args -+++ b/tests/qemuxmlconfdata/serial-tcp-tlsx509-secret-chardev.x86_64-latest.args -@@ -32,7 +32,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \ - -chardev udp,id=charserial0,host=127.0.0.1,port=2222,localaddr=127.0.0.1,localport=1111 \ - -device '{"driver":"isa-serial","chardev":"charserial0","id":"serial0","index":0}' \ - -object '{"qom-type":"secret","id":"charserial1-secret0","data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","keyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw==","format":"base64"}' \ ---object '{"qom-type":"tls-creds-x509","id":"objcharserial1_tls0","dir":"/etc/pki/libvirt-chardev","endpoint":"client","verify-peer":true,"passwordid":"charserial1-secret0"}' \ -+-object '{"qom-type":"tls-creds-x509","id":"objcharserial1_tls0","dir":"/etc/pki/libvirt-chardev","endpoint":"client","verify-peer":true,"priority":"@SYSTEM:-VERS-TLS1.3","passwordid":"charserial1-secret0"}' \ - -chardev socket,id=charserial1,host=127.0.0.1,port=5555,tls-creds=objcharserial1_tls0 \ - -device '{"driver":"isa-serial","chardev":"charserial1","id":"serial1","index":1}' \ - -audiodev '{"id":"audio1","driver":"none"}' \ -diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c -index 6ad4d90934..1fbfd25e83 100644 ---- a/tests/qemuxmlconftest.c -+++ b/tests/qemuxmlconftest.c -@@ -1596,7 +1596,9 @@ mymain(void) - driver.config->nbdTLSx509secretUUID = g_strdup("6fd3f62d-9fe7-4a4e-a869-7acd6376d8ea"); - DO_TEST_CAPS_LATEST("disk-network-tlsx509-nbd"); - DO_TEST_CAPS_VER_PARSE_ERROR("disk-network-tlsx509-nbd-hostname", "6.2.0"); -+ driver.config->nbdTLSpriority = g_strdup("@SYSTEM:-VERS-TLS1.3"); - DO_TEST_CAPS_LATEST("disk-network-tlsx509-nbd-hostname"); -+ VIR_FREE(driver.config->nbdTLSpriority); - DO_TEST_CAPS_LATEST("disk-network-http"); - VIR_FREE(driver.config->nbdTLSx509secretUUID); - DO_TEST_CAPS_LATEST("disk-network-ssh"); -@@ -1723,8 +1725,10 @@ mymain(void) - driver.config->vncTLS = 1; - driver.config->vncTLSx509verify = 1; - DO_TEST_CAPS_LATEST("graphics-vnc-tls"); -+ driver.config->vncTLSpriority = g_strdup("@SYSTEM:-VERS-TLS1.3"); - driver.config->vncTLSx509secretUUID = g_strdup("6fd3f62d-9fe7-4a4e-a869-7acd6376d8ea"); - DO_TEST_CAPS_LATEST("graphics-vnc-tls-secret"); -+ VIR_FREE(driver.config->vncTLSpriority); - VIR_FREE(driver.config->vncTLSx509secretUUID); - driver.config->vncSASL = driver.config->vncTLSx509verify = driver.config->vncTLS = 0; - DO_TEST_CAPS_LATEST("graphics-vnc-egl-headless"); -@@ -1874,7 +1878,9 @@ mymain(void) - driver.config->chardevTLSx509verify = 0; - DO_TEST_CAPS_LATEST("serial-tcp-tlsx509-chardev-notls"); - driver.config->chardevTLSx509secretUUID = g_strdup("6fd3f62d-9fe7-4a4e-a869-7acd6376d8ea"); -+ driver.config->chardevTLSpriority = g_strdup("@SYSTEM:-VERS-TLS1.3"); - DO_TEST_CAPS_LATEST("serial-tcp-tlsx509-secret-chardev"); -+ VIR_FREE(driver.config->chardevTLSpriority); - VIR_FREE(driver.config->chardevTLSx509secretUUID); - driver.config->chardevTLS = 0; - DO_TEST_CAPS_LATEST("serial-many-chardev"); --- -2.50.1 diff --git a/libvirt-qemu-conf-Store-autoShutdown-config-in-virDomainDriverAutoShutdownConfig.patch b/libvirt-qemu-conf-Store-autoShutdown-config-in-virDomainDriverAutoShutdownConfig.patch deleted file mode 100644 index 12d456d..0000000 --- a/libvirt-qemu-conf-Store-autoShutdown-config-in-virDomainDriverAutoShutdownConfig.patch +++ /dev/null @@ -1,137 +0,0 @@ -From 44d1e39ed66596dfb8d2d4046aa5b0aa91d6dc88 Mon Sep 17 00:00:00 2001 -Message-ID: <44d1e39ed66596dfb8d2d4046aa5b0aa91d6dc88.1752837271.git.jdenemar@redhat.com> -From: Peter Krempa -Date: Fri, 27 Jun 2025 15:13:35 +0200 -Subject: [PATCH] qemu: conf: Store 'autoShutdown' config in - virDomainDriverAutoShutdownConfig - -Rather than having a bunch of extra variables save the configuration of -the daemon auto shutdown in virDomainDriverAutoShutdownConfig which is -also used when initiating the shutdown. - -Signed-off-by: Peter Krempa -Reviewed-by: Pavel Hrdina -(cherry picked from commit c8adb8537b947f76a0be85e9c28de85e351d6b51) - -https://issues.redhat.com/browse/RHEL-95361 ---- - src/qemu/qemu_conf.c | 30 +++++++++++++++--------------- - src/qemu/qemu_conf.h | 7 +------ - src/qemu/qemu_driver.c | 12 +++--------- - 3 files changed, 19 insertions(+), 30 deletions(-) - -diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c -index 9bf12fc179..482e19b502 100644 ---- a/src/qemu/qemu_conf.c -+++ b/src/qemu/qemu_conf.c -@@ -320,15 +320,15 @@ virQEMUDriverConfig *virQEMUDriverConfigNew(bool privileged, - * - * XXX, or query if libvirt-guests.service is enabled perhaps ? - */ -- cfg->autoShutdownTrySave = VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_NONE; -- cfg->autoShutdownTryShutdown = VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_NONE; -- cfg->autoShutdownPoweroff = VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_NONE; -+ cfg->autoShutdown.trySave = VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_NONE; -+ cfg->autoShutdown.tryShutdown = VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_NONE; -+ cfg->autoShutdown.poweroff = VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_NONE; - } else { -- cfg->autoShutdownTrySave = VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_PERSISTENT; -- cfg->autoShutdownTryShutdown = VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_ALL; -- cfg->autoShutdownPoweroff = VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_ALL; -+ cfg->autoShutdown.trySave = VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_PERSISTENT; -+ cfg->autoShutdown.tryShutdown = VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_ALL; -+ cfg->autoShutdown.poweroff = VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_ALL; - } -- cfg->autoShutdownRestore = true; -+ cfg->autoShutdown.autoRestore = true; - - return g_steal_pointer(&cfg); - } -@@ -719,11 +719,11 @@ virQEMUDriverConfigLoadSaveEntry(virQEMUDriverConfig *cfg, - autoShutdownTrySave); - return -1; - } -- cfg->autoShutdownTrySave = autoShutdownVal; -+ cfg->autoShutdown.trySave = autoShutdownVal; - } - -- if (cfg->autoShutdownTrySave == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_ALL || -- cfg->autoShutdownTrySave == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_TRANSIENT) { -+ if (cfg->autoShutdown.trySave == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_ALL || -+ cfg->autoShutdown.trySave == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_TRANSIENT) { - virReportError(VIR_ERR_INVALID_ARG, "%s", - _("managed save cannot be requested for transient domains")); - return -1; -@@ -740,7 +740,7 @@ virQEMUDriverConfigLoadSaveEntry(virQEMUDriverConfig *cfg, - autoShutdownTryShutdown); - return -1; - } -- cfg->autoShutdownTryShutdown = autoShutdownVal; -+ cfg->autoShutdown.tryShutdown = autoShutdownVal; - } - - if (virConfGetValueString(conf, "auto_shutdown_poweroff", &autoShutdownPoweroff) < 0) -@@ -754,16 +754,16 @@ virQEMUDriverConfigLoadSaveEntry(virQEMUDriverConfig *cfg, - autoShutdownPoweroff); - return -1; - } -- cfg->autoShutdownPoweroff = autoShutdownVal; -+ cfg->autoShutdown.poweroff = autoShutdownVal; - } - - if (virConfGetValueUInt(conf, "auto_shutdown_wait", -- &cfg->autoShutdownWait) < 0) -+ &cfg->autoShutdown.waitShutdownSecs) < 0) - return -1; -- if (virConfGetValueBool(conf, "auto_shutdown_restore", &cfg->autoShutdownRestore) < 0) -+ if (virConfGetValueBool(conf, "auto_shutdown_restore", &cfg->autoShutdown.autoRestore) < 0) - return -1; - if (virConfGetValueBool(conf, "auto_save_bypass_cache", -- &cfg->autoSaveBypassCache) < 0) -+ &cfg->autoShutdown.saveBypassCache) < 0) - return -1; - - return 0; -diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h -index 1ce9dbe4a8..ff376aed4d 100644 ---- a/src/qemu/qemu_conf.h -+++ b/src/qemu/qemu_conf.h -@@ -208,12 +208,7 @@ struct _virQEMUDriverConfig { - bool autoDumpBypassCache; - bool autoStartBypassCache; - unsigned int autoStartDelayMS; -- virDomainDriverAutoShutdownScope autoShutdownTrySave; -- virDomainDriverAutoShutdownScope autoShutdownTryShutdown; -- virDomainDriverAutoShutdownScope autoShutdownPoweroff; -- unsigned int autoShutdownWait; -- bool autoShutdownRestore; -- bool autoSaveBypassCache; -+ virDomainDriverAutoShutdownConfig autoShutdown; - - char *lockManagerName; - -diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c -index 9b583ad7aa..4dbd5ec2fc 100644 ---- a/src/qemu/qemu_driver.c -+++ b/src/qemu/qemu_driver.c -@@ -964,15 +964,9 @@ static int - qemuStateStop(void) - { - g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(qemu_driver); -- virDomainDriverAutoShutdownConfig ascfg = { -- .uri = cfg->uri, -- .trySave = cfg->autoShutdownTrySave, -- .tryShutdown = cfg->autoShutdownTryShutdown, -- .poweroff = cfg->autoShutdownPoweroff, -- .waitShutdownSecs = cfg->autoShutdownWait, -- .saveBypassCache = cfg->autoSaveBypassCache, -- .autoRestore = cfg->autoShutdownRestore, -- }; -+ virDomainDriverAutoShutdownConfig ascfg = cfg->autoShutdown; -+ -+ ascfg.uri = cfg->uri; - - virDomainDriverAutoShutdown(&ascfg); - --- -2.50.1 diff --git a/libvirt-qemu-fix-order-of-VNC-TLS-config-entries.patch b/libvirt-qemu-fix-order-of-VNC-TLS-config-entries.patch deleted file mode 100644 index 43649c6..0000000 --- a/libvirt-qemu-fix-order-of-VNC-TLS-config-entries.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 18e04d47dc99d44eb6e1e81f820f1634694a51e9 Mon Sep 17 00:00:00 2001 -Message-ID: <18e04d47dc99d44eb6e1e81f820f1634694a51e9.1754404628.git.jdenemar@redhat.com> -From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= -Date: Wed, 16 Jul 2025 16:32:05 +0100 -Subject: [PATCH] qemu: fix order of VNC TLS config entries -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -For TLS config parameters, the 'verify' option always comes before the -'secret_uuid' option, except in the VNC case which has them reversed. - -Reviewed-by: Peter Krempa -Signed-off-by: Daniel P. Berrangé -(cherry picked from commit 845e1b5138f37dbf91e5b08b7d54d963a6ec0452) - -Resolves: https://issues.redhat.com/browse/RHEL-104382 -Signed-off-by: Daniel P. Berrangé ---- - src/qemu/libvirtd_qemu.aug | 2 +- - src/qemu/qemu.conf.in | 12 ++++++------ - src/qemu/test_libvirtd_qemu.aug.in | 2 +- - 3 files changed, 8 insertions(+), 8 deletions(-) - -diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug -index e1e479d72c..d36baed6fc 100644 ---- a/src/qemu/libvirtd_qemu.aug -+++ b/src/qemu/libvirtd_qemu.aug -@@ -35,8 +35,8 @@ module Libvirtd_qemu = - | bool_entry "vnc_auto_unix_socket" - | bool_entry "vnc_tls" - | str_entry "vnc_tls_x509_cert_dir" -- | str_entry "vnc_tls_x509_secret_uuid" - | bool_entry "vnc_tls_x509_verify" -+ | str_entry "vnc_tls_x509_secret_uuid" - | str_entry "vnc_password" - | bool_entry "vnc_sasl" - | str_entry "vnc_sasl_dir" -diff --git a/src/qemu/qemu.conf.in b/src/qemu/qemu.conf.in -index 6358a45ae2..9bb52b5927 100644 ---- a/src/qemu/qemu.conf.in -+++ b/src/qemu/qemu.conf.in -@@ -101,12 +101,6 @@ - #vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc" - - --# Uncomment and use the following option to override the default secret --# UUID provided in the default_tls_x509_secret_uuid parameter. --# --#vnc_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000" -- -- - # The default TLS configuration only uses certificates for the server - # allowing the client to verify the server's identity and establish - # an encrypted channel. -@@ -125,6 +119,12 @@ - #vnc_tls_x509_verify = 1 - - -+# Uncomment and use the following option to override the default secret -+# UUID provided in the default_tls_x509_secret_uuid parameter. -+# -+#vnc_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000" -+ -+ - # The default VNC password. Only 8 bytes are significant for - # VNC passwords. This parameter is only used if the per-domain - # XML config does not already provide a password. To allow -diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qemu.aug.in -index 88d1a6aca1..e461fcc9df 100644 ---- a/src/qemu/test_libvirtd_qemu.aug.in -+++ b/src/qemu/test_libvirtd_qemu.aug.in -@@ -9,8 +9,8 @@ module Test_libvirtd_qemu = - { "vnc_auto_unix_socket" = "1" } - { "vnc_tls" = "1" } - { "vnc_tls_x509_cert_dir" = "/etc/pki/libvirt-vnc" } --{ "vnc_tls_x509_secret_uuid" = "00000000-0000-0000-0000-000000000000" } - { "vnc_tls_x509_verify" = "1" } -+{ "vnc_tls_x509_secret_uuid" = "00000000-0000-0000-0000-000000000000" } - { "vnc_password" = "XYZ12345" } - { "vnc_sasl" = "1" } - { "vnc_sasl_dir" = "/some/directory/sasl2" } --- -2.50.1 diff --git a/libvirt-qemu-sanitize-blank-lines-in-config-file.patch b/libvirt-qemu-sanitize-blank-lines-in-config-file.patch deleted file mode 100644 index f555fe9..0000000 --- a/libvirt-qemu-sanitize-blank-lines-in-config-file.patch +++ /dev/null @@ -1,404 +0,0 @@ -From f8d6bc01e680b8c226270d100230a92a611f771d Mon Sep 17 00:00:00 2001 -Message-ID: -From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= -Date: Wed, 16 Jul 2025 16:30:52 +0100 -Subject: [PATCH] qemu: sanitize blank lines in config file -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -We mostly use 2 blank lines between config file entries to -improve readability. Fix where we don't do that. - -Reviewed-by: Peter Krempa -Signed-off-by: Daniel P. Berrangé -(cherry picked from commit 0b9cfa791f2bd135ea36fe03fd1a8d6c8bf5e3d6) - -Resolves: https://issues.redhat.com/browse/RHEL-104382 -Signed-off-by: Daniel P. Berrangé ---- - src/qemu/qemu.conf.in | 51 ++++++++++++++++++++++++++++++++++++++++--- - 1 file changed, 48 insertions(+), 3 deletions(-) - -diff --git a/src/qemu/qemu.conf.in b/src/qemu/qemu.conf.in -index 9bb52b5927..76cbe1a72d 100644 ---- a/src/qemu/qemu.conf.in -+++ b/src/qemu/qemu.conf.in -@@ -48,7 +48,7 @@ - # - #default_tls_x509_verify = 1 - --# -+ - # Libvirt assumes the server-key.pem file is unencrypted by default. - # To use an encrypted server-key.pem file, the password to decrypt - # the PEM file is required. This can be provided by creating a secret -@@ -71,6 +71,7 @@ - # - #vnc_listen = "0.0.0.0" - -+ - # Enable this option to have VNC served over an automatically created - # unix socket. This prevents unprivileged access from users on the - # host machine, though most VNC clients do not support it. -@@ -81,6 +82,7 @@ - # - #vnc_auto_unix_socket = 1 - -+ - # Enable use of TLS encryption on the VNC server. This requires - # a VNC client which supports the VeNCrypt protocol extension. - # Examples include vinagre, virt-viewer, virt-manager and vencrypt -@@ -222,6 +224,7 @@ - # - #spice_sasl = 1 - -+ - # The default SASL configuration file is located in /etc/sasl2/ - # When running libvirtd unprivileged, it may be desirable to - # override the configs in this location. Set this parameter to -@@ -229,6 +232,7 @@ - # - #spice_sasl_dir = "/some/directory/sasl2" - -+ - # RDP is configured to listen on 127.0.0.1 by default. - # To make it listen on all public interfaces, uncomment - # this next option. -@@ -242,11 +246,13 @@ - # - #rdp_tls_x509_cert_dir = "/etc/pki/libvirt-rdp" - -+ - # The default RDP username. This parameter is only used if the - # per-domain XML config does not already provide a username. - # - #rdp_username = "user" - -+ - # The default RDP password. This parameter is only used if the - # per-domain XML config does not already provide a password. - # By default, RDP server will not allow password-less connections. -@@ -254,6 +260,7 @@ - # - #rdp_password = "RDP12345" - -+ - # Enable use of TLS encryption on the chardev TCP transports. - # - # It is necessary to setup CA and issue a server certificate -@@ -457,6 +464,7 @@ - #remote_display_port_min = 5900 - #remote_display_port_max = 65535 - -+ - # VNC WebSocket port policies, same rules apply as with remote display - # ports. VNC WebSockets use similar display <-> port mappings, with - # the exception being that ports start from 5700 instead of 5900. -@@ -464,6 +472,7 @@ - #remote_websocket_port_min = 5700 - #remote_websocket_port_max = 65535 - -+ - # The default security driver is SELinux. If SELinux is disabled - # on the host, then the security driver will automatically disable - # itself. If you wish to disable QEMU SELinux security driver while -@@ -481,15 +490,18 @@ - # - #security_driver = "selinux" - -+ - # If set to non-zero, then the default security labeling - # will make guests confined. If set to zero, then guests - # will be unconfined by default. Defaults to 1. - #security_default_confined = 1 - -+ - # If set to non-zero, then attempts to create unconfined - # guests will be blocked. Defaults to 0. - #security_require_confined = 1 - -+ - # The user for QEMU processes run by the system instance. It can be - # specified as a user name or as a user id. The qemu driver will try to - # parse this value first as a name and then, if the name doesn't exist, -@@ -507,10 +519,12 @@ - # - #user = "@QEMU_USER@" - -+ - # The group for QEMU processes run by the system instance. It can be - # specified in a similar way to user. - #group = "@QEMU_GROUP@" - -+ - # Whether libvirt should dynamically change file ownership - # to match the configured user/group above. Defaults to 1. - # -@@ -526,11 +540,13 @@ - # Set to 0 to disable file ownership changes globally in the qemu driver. - #dynamic_ownership = 1 - -+ - # Whether libvirt should remember and restore the original - # ownership over files it is relabeling. Defaults to 1, set - # to 0 to disable the feature. - #remember_owner = 1 - -+ - # What cgroup controllers to make use of with QEMU guests - # - # - 'cpu' - use for scheduler tunables -@@ -552,6 +568,7 @@ - # - #cgroup_controllers = [ "cpu", "devices", "memory", "blkio", "cpuset", "cpuacct" ] - -+ - # This is the basic set of devices allowed / required by - # all virtual machines. - # -@@ -618,12 +635,14 @@ - #dump_image_format = "raw" - #snapshot_image_format = "raw" - -+ - # When a domain is configured to be auto-dumped when libvirtd receives a - # watchdog event from qemu guest, libvirtd will save dump files in directory - # specified by auto_dump_path. Default value is /var/lib/libvirt/qemu/dump - # - #auto_dump_path = "/var/lib/libvirt/qemu/dump" - -+ - # When a domain is configured to be auto-dumped, enabling this flag - # has the same effect as using the VIR_DUMP_BYPASS_CACHE flag with the - # virDomainCoreDump API. That is, the system will avoid using the -@@ -632,6 +651,7 @@ - # - #auto_dump_bypass_cache = 0 - -+ - # When a domain is configured to be auto-started, enabling this flag - # has the same effect as using the VIR_DOMAIN_START_BYPASS_CACHE flag - # with the virDomainCreateWithFlags API. That is, the system will -@@ -640,11 +660,13 @@ - # - #auto_start_bypass_cache = 0 - -+ - # Delay in milliseconds between initiating the startup for - # each VM, during autostart - # - #auto_start_delay = 0 - -+ - # The settings for auto shutdown actions accept one of - # four possible options: - # -@@ -669,6 +691,7 @@ - # they are restarted, or saved and restored. - #auto_shutdown_try_save = "persistent" - -+ - # As above, but with a graceful shutdown action instead of - # managed save. If managed save is enabled, shutdown will - # be tried only on failure to perform managed save. -@@ -683,6 +706,7 @@ - # they are restarted, or saved and restored. - #auto_shutdown_try_shutdown = "all" - -+ - # As above, but with a forced poweroff instead of managed - # save. If managed save or graceful shutdown are enabled, - # forced poweroff will be tried only on failure of the -@@ -702,16 +726,19 @@ - # feature should to be enabled as well to ensure proper cleanup of the VMs. - #auto_shutdown_poweroff = "all" - -+ - # How may seconds to wait for running VMs to gracefully shutdown - # when 'auto_shutdown_try_shutdown' is enabled. If set to 0 - # then an arbitrary built-in default value will be used (which - # is currently 30 secs) - #auto_shutdown_wait = 30 - -+ - # Whether VMs that are automatically powered off or saved during - # host shutdown, should be set to restore on next boot - #auto_shutdown_restore = 1 - -+ - # When a domain is configured to be auto-saved on shutdown, enabling - # this flag has the same effect as using the VIR_DOMAIN_SAVE_BYPASS_CACHE - # flag with the virDomainManagedSave API. That is, the system will -@@ -720,6 +747,7 @@ - # - #auto_save_bypass_cache = 0 - -+ - # If provided by the host and a hugetlbfs mount point is configured, - # a guest may request huge page backing. When this mount point is - # unspecified here, determination of a host mount point in /proc/mounts -@@ -768,6 +796,7 @@ - #max_processes = 0 - #max_files = 0 - -+ - # If max_threads_per_process is set to a positive integer, libvirt - # will use it to set the maximum number of threads that can be - # created by a qemu process. Some VM configurations can result in -@@ -778,6 +807,7 @@ - # - #max_threads_per_process = 0 - -+ - # If max_core is set to a non-zero integer, then QEMU will be - # permitted to create core dumps when it crashes, provided its - # RAM size is smaller than the limit set. -@@ -804,6 +834,7 @@ - # - #max_core = "unlimited" - -+ - # Determine if guest RAM is included in QEMU core dumps. By - # default guest RAM will be excluded on Linux platforms, - # and included on all other patforms. Setting this to '1' will -@@ -814,6 +845,7 @@ - # - #dump_guest_core = 1 - -+ - # mac_filter enables MAC addressed based filtering on bridge ports. - # This currently requires ebtables to be installed. - # -@@ -843,6 +875,7 @@ - # - #max_queued = 0 - -+ - ################################################################### - # Keepalive protocol: - # This allows qemu driver to detect broken connections to remote -@@ -866,7 +899,6 @@ - #keepalive_count = 5 - - -- - # Use seccomp syscall filtering sandbox in QEMU. - # 1 == filter enabled, 0 == filter disabled - # -@@ -901,7 +933,6 @@ - #migration_port_max = 49215 - - -- - # Timestamp QEMU's log messages (if QEMU supports it) - # - # Defaults to 1. -@@ -941,6 +972,7 @@ - # "/usr/share/AAVMF/AAVMF32_CODE.fd:/usr/share/AAVMF/AAVMF32_VARS.fd" - #] - -+ - # The backend to use for handling stdout/stderr output from - # QEMU processes. - # -@@ -956,6 +988,7 @@ - # - #stdio_handler = "logd" - -+ - # QEMU gluster libgfapi log level, debug levels are 0-9, with 9 being the - # most verbose, and 0 representing no debugging output. - # -@@ -976,6 +1009,7 @@ - # - #gluster_debug_level = 9 - -+ - # virtiofsd debug - # - # Whether to enable the debugging output of the virtiofsd daemon. -@@ -983,6 +1017,7 @@ - # - #virtiofsd_debug = 1 - -+ - # To enhance security, QEMU driver is capable of creating private namespaces - # for each domain started. Well, so far only "mount" namespace is supported. If - # enabled it means qemu process is unable to see all the devices on the system, -@@ -991,16 +1026,19 @@ - # by default. - #namespaces = [ "mount" ] - -+ - # This directory is used for memoryBacking source if configured as file. - # NOTE: big files will be stored here - #memory_backing_dir = "/var/lib/libvirt/qemu/ram" - -+ - # Path to the SCSI persistent reservations helper. This helper is - # used whenever are enabled for SCSI LUN devices. - # If this is not an absolute path, the program will be searched for - # in $PATH as well as a few additional directories. - #pr_helper = "qemu-pr-helper" - -+ - # Path to the SLIRP networking helper. - #slirp_helper = "/usr/bin/slirp-helper" - -@@ -1010,11 +1048,13 @@ - # in $PATH. - #qemu_rdp = "qemu-rdp" - -+ - # Path to the dbus-daemon - # If this is not an absolute path, the program will be searched for - # in $PATH. - #dbus_daemon = "dbus-daemon" - -+ - # User for the swtpm TPM Emulator - # - # Default is 'tss'; this is the same user that tcsd (TrouSerS) installs -@@ -1023,6 +1063,7 @@ - #swtpm_user = "tss" - #swtpm_group = "tss" - -+ - # For debugging and testing purposes it's sometimes useful to be able to disable - # libvirt behaviour based on the capabilities of the qemu process. This option - # allows to do so. DO _NOT_ use in production and beaware that the behaviour -@@ -1030,6 +1071,7 @@ - # - #capability_filters = [ "capname" ] - -+ - # 'deprecation_behavior' setting controls how the qemu process behaves towards - # deprecated commands and arguments used by libvirt. - # -@@ -1061,6 +1103,7 @@ - # - #deprecation_behavior = "none" - -+ - # If this is set then QEMU and its threads will run in a separate scheduling - # group meaning no other process will share Hyper Threads of a single core with - # QEMU. Each QEMU has its own group. -@@ -1077,6 +1120,7 @@ - # scheduling group - #sched_core = "none" - -+ - # Using nbdkit to access remote disk sources - # - # If this is set then libvirt will use nbdkit to access remote disk sources -@@ -1088,6 +1132,7 @@ - # - #storage_use_nbdkit = @USE_NBDKIT_DEFAULT@ - -+ - # libvirt will normally prevent migration if the storage backing the VM is not - # on a shared filesystems. Sometimes, however, the storage *is* shared despite - # not being detected as such: for example, this is the case when one of the --- -2.50.1 diff --git a/libvirt-qemu_tpm-Do-not-use-persistent-definition-during-pre-start-checks.patch b/libvirt-qemu_tpm-Do-not-use-persistent-definition-during-pre-start-checks.patch deleted file mode 100644 index c12f838..0000000 --- a/libvirt-qemu_tpm-Do-not-use-persistent-definition-during-pre-start-checks.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 49a0c4d4d371eb030090e0172144bce00b6e1044 Mon Sep 17 00:00:00 2001 -Message-ID: <49a0c4d4d371eb030090e0172144bce00b6e1044.1753438163.git.jdenemar@redhat.com> -From: Martin Kletzander -Date: Fri, 18 Jul 2025 14:47:58 +0200 -Subject: [PATCH] qemu_tpm: Do not use persistent definition during pre-start - checks - -Commit 3451987fca7c used the persistent TPM Definition in both calls to -qemuTPMVirCommandSwtpmAddTPMState() but in one of the two cases it -might've been NULL and what's more, it is not the right definition which -should've been used. Change that to @tpm which is the current -definition. The other call does not have access to the current -definition and is only called during updating the profile. But for the -sake of fewer future mistakes, keep the other one as is because there is -no issue with calling it that way and adding logic that just skips the -extra check on NULL could mistake someone in the future. - -Signed-off-by: Martin Kletzander -Reviewed-by: Pavel Hrdina -(cherry picked from commit 3a39cfacc36b26be559ab6217fce2a44a2b15159) - -Resolves: https://issues.redhat.com/browse/RHEL-80155 - -Signed-off-by: Martin Kletzander ---- - src/qemu/qemu_tpm.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c -index cdbd6e3993..2e5ec823b2 100644 ---- a/src/qemu/qemu_tpm.c -+++ b/src/qemu/qemu_tpm.c -@@ -852,7 +852,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, - virCommandAddArgFormat(cmd, "type=unixio,path=%s,mode=0600", - tpm->data.emulator.source->data.nix.path); - -- qemuTPMVirCommandSwtpmAddTPMState(cmd, &tpm->data.emulator, persistentTPMDef, cfg); -+ qemuTPMVirCommandSwtpmAddTPMState(cmd, &tpm->data.emulator, tpm, cfg); - - virCommandAddArg(cmd, "--log"); - if (tpm->data.emulator.debug != 0) --- -2.50.1 diff --git a/libvirt-qemu_tpm-Extract-per-TPM-functionality-from-qemuTPMDomainHasSharedStorage.patch b/libvirt-qemu_tpm-Extract-per-TPM-functionality-from-qemuTPMDomainHasSharedStorage.patch deleted file mode 100644 index 93d0d55..0000000 --- a/libvirt-qemu_tpm-Extract-per-TPM-functionality-from-qemuTPMDomainHasSharedStorage.patch +++ /dev/null @@ -1,108 +0,0 @@ -From 6361cb03d2bada54287e20b979e26e3b3a7c793d Mon Sep 17 00:00:00 2001 -Message-ID: <6361cb03d2bada54287e20b979e26e3b3a7c793d.1752837271.git.jdenemar@redhat.com> -From: Martin Kletzander -Date: Thu, 17 Jul 2025 11:54:22 +0200 -Subject: [PATCH] qemu_tpm: Extract per-TPM functionality from - qemuTPMDomainHasSharedStorage -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This way we can do the check for a particular TPM also elsewhere in the -code, especially in places where we're dealing with only one TPM. The -semantics is changed a little bit in a way that the function will check -all the TPMs as opposed to stopping on the first one which is of the -emulator type, but since a domain can currently only have one of these -it was not an issue. - -Signed-off-by: Martin Kletzander -Reviewed-by: Ján Tomko -Reviewed-by: Peter Krempa -(cherry picked from commit 6c6b6b2b4133f3d6be643416cc3756d940d22ddc) - -Resolves: https://issues.redhat.com/browse/RHEL-80155 - -Signed-off-by: Martin Kletzander ---- - src/qemu/qemu_tpm.c | 59 ++++++++++++++++++++++++++------------------- - 1 file changed, 34 insertions(+), 25 deletions(-) - -diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c -index 8c104ab1b3..855d732e60 100644 ---- a/src/qemu/qemu_tpm.c -+++ b/src/qemu/qemu_tpm.c -@@ -205,6 +205,40 @@ qemuTPMEmulatorCreateStorage(virDomainTPMDef *tpm, - } - - -+static bool -+qemuTPMHasSharedStorage(const virQEMUDriverConfig *cfg, -+ const virDomainTPMDef *tpm) -+{ -+ switch (tpm->type) { -+ case VIR_DOMAIN_TPM_TYPE_EMULATOR: -+ return virFileIsSharedFS(tpm->data.emulator.source_path, -+ cfg->sharedFilesystems) == 1; -+ case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: -+ case VIR_DOMAIN_TPM_TYPE_EXTERNAL: -+ case VIR_DOMAIN_TPM_TYPE_LAST: -+ break; -+ } -+ -+ return false; -+} -+ -+ -+bool -+qemuTPMDomainHasSharedStorage(virQEMUDriver *driver, -+ virDomainDef *def) -+{ -+ g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver); -+ size_t i; -+ -+ for (i = 0; i < def->ntpms; i++) { -+ if (qemuTPMHasSharedStorage(cfg, def->tpms[i])) -+ return true; -+ } -+ -+ return false; -+} -+ -+ - /** - * qemuTPMEmulatorDeleteStorage: - * @tpm: TPM definition -@@ -1218,31 +1252,6 @@ qemuTPMEmulatorStart(virQEMUDriver *driver, - } - - --bool --qemuTPMDomainHasSharedStorage(virQEMUDriver *driver, -- virDomainDef *def) --{ -- g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver); -- size_t i; -- -- for (i = 0; i < def->ntpms; i++) { -- virDomainTPMDef *tpm = def->tpms[i]; -- -- switch (tpm->type) { -- case VIR_DOMAIN_TPM_TYPE_EMULATOR: -- return virFileIsSharedFS(tpm->data.emulator.source_path, -- cfg->sharedFilesystems) == 1; -- case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: -- case VIR_DOMAIN_TPM_TYPE_EXTERNAL: -- case VIR_DOMAIN_TPM_TYPE_LAST: -- break; -- } -- } -- -- return false; --} -- -- - bool - qemuTPMCanMigrateSharedStorage(virDomainDef *def) - { --- -2.50.1 diff --git a/libvirt-qemu_tpm-Only-warn-about-missing-locking-feature-on-shared-filesystems.patch b/libvirt-qemu_tpm-Only-warn-about-missing-locking-feature-on-shared-filesystems.patch deleted file mode 100644 index 88bd625..0000000 --- a/libvirt-qemu_tpm-Only-warn-about-missing-locking-feature-on-shared-filesystems.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 0a38abe57db307e11f28710fd33b10b7dd2988b2 Mon Sep 17 00:00:00 2001 -Message-ID: <0a38abe57db307e11f28710fd33b10b7dd2988b2.1752837271.git.jdenemar@redhat.com> -From: Martin Kletzander -Date: Thu, 17 Jul 2025 11:58:32 +0200 -Subject: [PATCH] qemu_tpm: Only warn about missing locking feature on shared - filesystems -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The warning pollutes the logs and might give a bad impression on someone -reading them even though the locking is not always needed. This way we -at least limit the logging in unnecessary cases. - -Resolves: https://issues.redhat.com/browse/RHEL-80155 -Signed-off-by: Martin Kletzander -Reviewed-by: Ján Tomko -Reviewed-by: Peter Krempa -(cherry picked from commit 3451987fca7c89a1aa9c5b0701471b6bc23dda3d) -Signed-off-by: Martin Kletzander ---- - src/qemu/qemu_tpm.c | 12 ++++++++---- - 1 file changed, 8 insertions(+), 4 deletions(-) - -diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c -index 855d732e60..cdbd6e3993 100644 ---- a/src/qemu/qemu_tpm.c -+++ b/src/qemu/qemu_tpm.c -@@ -660,12 +660,16 @@ qemuTPMVirCommandSwtpmAddEncryption(virCommand *cmd, - - static void - qemuTPMVirCommandSwtpmAddTPMState(virCommand *cmd, -- const virDomainTPMEmulatorDef *emulator) -+ const virDomainTPMEmulatorDef *emulator, -+ const virDomainTPMDef *tpmDef, -+ const virQEMUDriverConfig *cfg) - { - const char *lock = ",lock"; - - if (!virTPMSwtpmCapsGet(VIR_TPM_SWTPM_FEATURE_TPMSTATE_OPT_LOCK)) { -- VIR_WARN("This swtpm version doesn't support explicit locking"); -+ if (qemuTPMHasSharedStorage(cfg, tpmDef)) -+ VIR_WARN("This swtpm version doesn't support explicit locking"); -+ - lock = ""; - } - -@@ -721,7 +725,7 @@ qemuTPMEmulatorUpdateProfileName(virDomainTPMEmulatorDef *emulator, - - virCommandAddArgList(cmd, "socket", "--print-info", "0x20", "--tpm2", NULL); - -- qemuTPMVirCommandSwtpmAddTPMState(cmd, emulator); -+ qemuTPMVirCommandSwtpmAddTPMState(cmd, emulator, persistentTPMDef, cfg); - - if (qemuTPMVirCommandSwtpmAddEncryption(cmd, emulator, swtpm) < 0) - return -1; -@@ -848,7 +852,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, - virCommandAddArgFormat(cmd, "type=unixio,path=%s,mode=0600", - tpm->data.emulator.source->data.nix.path); - -- qemuTPMVirCommandSwtpmAddTPMState(cmd, &tpm->data.emulator); -+ qemuTPMVirCommandSwtpmAddTPMState(cmd, &tpm->data.emulator, persistentTPMDef, cfg); - - virCommandAddArg(cmd, "--log"); - if (tpm->data.emulator.debug != 0) --- -2.50.1 diff --git a/libvirt-qemu_tpm-Rename-qemuTPMHasSharedStorage-qemuTPMDomainHasSharedStorage.patch b/libvirt-qemu_tpm-Rename-qemuTPMHasSharedStorage-qemuTPMDomainHasSharedStorage.patch deleted file mode 100644 index 13687f6..0000000 --- a/libvirt-qemu_tpm-Rename-qemuTPMHasSharedStorage-qemuTPMDomainHasSharedStorage.patch +++ /dev/null @@ -1,92 +0,0 @@ -From d8c8f0d4f82ddbb3f3a59b11b9bd1373e8d82c3d Mon Sep 17 00:00:00 2001 -Message-ID: -From: Martin Kletzander -Date: Thu, 17 Jul 2025 11:51:39 +0200 -Subject: [PATCH] qemu_tpm: Rename qemuTPMHasSharedStorage -> - qemuTPMDomainHasSharedStorage -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The function deals with the whole domain and the part that handles one -TPM will be useful elsewhere and hence extracted later. This rename -makes it possible for the new function to use the original name of this -renamed one. - -Signed-off-by: Martin Kletzander -Reviewed-by: Ján Tomko -Reviewed-by: Peter Krempa -(cherry picked from commit 05c5aabb475595249ed1eeca1b6f65b21edc0041) - -Resolves: https://issues.redhat.com/browse/RHEL-80155 - -Signed-off-by: Martin Kletzander ---- - src/qemu/qemu_migration.c | 2 +- - src/qemu/qemu_tpm.c | 8 ++++---- - src/qemu/qemu_tpm.h | 4 ++-- - 3 files changed, 7 insertions(+), 7 deletions(-) - -diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c -index 2400750ee4..090ac8ae1e 100644 ---- a/src/qemu/qemu_migration.c -+++ b/src/qemu/qemu_migration.c -@@ -1721,7 +1721,7 @@ qemuMigrationSrcIsAllowed(virDomainObj *vm, - } - } - -- if (qemuTPMHasSharedStorage(driver, vm->def) && -+ if (qemuTPMDomainHasSharedStorage(driver, vm->def) && - !qemuTPMCanMigrateSharedStorage(vm->def)) { - virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", - _("the running swtpm does not support migration with shared storage")); -diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c -index b2f76e6b8b..8c104ab1b3 100644 ---- a/src/qemu/qemu_tpm.c -+++ b/src/qemu/qemu_tpm.c -@@ -1150,7 +1150,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver, - virCommandSetPidFile(cmd, pidfile); - virCommandSetErrorFD(cmd, &errfd); - -- if (incomingMigration && qemuTPMHasSharedStorage(driver, vm->def)) { -+ if (incomingMigration && qemuTPMDomainHasSharedStorage(driver, vm->def)) { - /* If the TPM is being migrated over shared storage, we can't - * lock all files before labeling them: the source swtpm - * process is still holding on to the lock file, and it will -@@ -1219,8 +1219,8 @@ qemuTPMEmulatorStart(virQEMUDriver *driver, - - - bool --qemuTPMHasSharedStorage(virQEMUDriver *driver, -- virDomainDef *def) -+qemuTPMDomainHasSharedStorage(virQEMUDriver *driver, -+ virDomainDef *def) - { - g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver); - size_t i; -@@ -1346,7 +1346,7 @@ qemuExtTPMStop(virQEMUDriver *driver, - return; - - qemuTPMEmulatorStop(cfg->swtpmStateDir, shortName); -- if (migration && qemuTPMHasSharedStorage(driver, vm->def)) -+ if (migration && qemuTPMDomainHasSharedStorage(driver, vm->def)) - restoreTPMStateLabel = false; - - if (qemuSecurityRestoreTPMLabels(driver, vm, restoreTPMStateLabel, false) < 0) -diff --git a/src/qemu/qemu_tpm.h b/src/qemu/qemu_tpm.h -index f0f16392a1..2d633fe36b 100644 ---- a/src/qemu/qemu_tpm.h -+++ b/src/qemu/qemu_tpm.h -@@ -61,8 +61,8 @@ int qemuExtTPMSetupCgroup(virQEMUDriver *driver, - ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3) - G_GNUC_WARN_UNUSED_RESULT; - --bool qemuTPMHasSharedStorage(virQEMUDriver *driver, -- virDomainDef *def) -+bool qemuTPMDomainHasSharedStorage(virQEMUDriver *driver, -+ virDomainDef *def) - ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) - G_GNUC_WARN_UNUSED_RESULT; - --- -2.50.1 diff --git a/libvirt-tests-virnettls-test-Drop-use-of-GNUTLS_KEY_KEY_ENCIPHERMENT.patch b/libvirt-tests-virnettls-test-Drop-use-of-GNUTLS_KEY_KEY_ENCIPHERMENT.patch deleted file mode 100644 index e8dcaae..0000000 --- a/libvirt-tests-virnettls-test-Drop-use-of-GNUTLS_KEY_KEY_ENCIPHERMENT.patch +++ /dev/null @@ -1,239 +0,0 @@ -From a926ee49aeab039d02bffd27034b1410f37f323b Mon Sep 17 00:00:00 2001 -Message-ID: -From: Peter Krempa -Date: Tue, 1 Jul 2025 13:48:00 +0200 -Subject: [PATCH] tests: virnettls*test: Drop use of - GNUTLS_KEY_KEY_ENCIPHERMENT -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -It's not needed with TLS 1.3 any more. - -Signed-off-by: Peter Krempa -Reviewed-by: Ján Tomko -(cherry picked from commit e67952b0e612c9ad3c3eec8bb692589602953ee8) - -https://issues.redhat.com/browse/RHEL-100711 ---- - tests/virnettlscontexttest.c | 36 ++++++++++++++++++------------------ - tests/virnettlssessiontest.c | 14 +++++++------- - 2 files changed, 25 insertions(+), 25 deletions(-) - -diff --git a/tests/virnettlscontexttest.c b/tests/virnettlscontexttest.c -index 2311524db8..48bdefdd76 100644 ---- a/tests/virnettlscontexttest.c -+++ b/tests/virnettlscontexttest.c -@@ -156,13 +156,13 @@ mymain(void) - TLS_CERT_REQ(servercertreq, cacertreq, - "UK", "libvirt.org", NULL, NULL, NULL, NULL, - true, true, false, -- true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, -+ true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, - true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL, - 0, 0); - TLS_CERT_REQ(clientcertreq, cacertreq, - "UK", "libvirt", NULL, NULL, NULL, NULL, - true, true, false, -- true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, -+ true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, - true, true, GNUTLS_KP_TLS_WWW_CLIENT, NULL, - 0, 0); - -@@ -182,7 +182,7 @@ mymain(void) - TLS_CERT_REQ(servercert1req, cacert1req, - "UK", "libvirt.org", NULL, NULL, NULL, NULL, - true, true, false, -- true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, -+ true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, - true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL, - 0, 0); - -@@ -196,7 +196,7 @@ mymain(void) - TLS_CERT_REQ(servercert2req, cacert2req, - "UK", "libvirt.org", NULL, NULL, NULL, NULL, - true, true, false, -- true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, -+ true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, - true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL, - 0, 0); - -@@ -210,7 +210,7 @@ mymain(void) - TLS_CERT_REQ(servercert3req, cacert3req, - "UK", "libvirt.org", NULL, NULL, NULL, NULL, - true, true, false, -- true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, -+ true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, - true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL, - 0, 0); - -@@ -230,7 +230,7 @@ mymain(void) - TLS_CERT_REQ(servercert4req, cacert4req, - "UK", "libvirt.org", NULL, NULL, NULL, NULL, - true, true, false, -- true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, -+ true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, - true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL, - 0, 0); - /* no-basic */ -@@ -243,7 +243,7 @@ mymain(void) - TLS_CERT_REQ(servercert5req, cacert5req, - "UK", "libvirt.org", NULL, NULL, NULL, NULL, - true, true, false, -- true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, -+ true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, - true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL, - 0, 0); - /* Key usage:dig-sig:critical */ -@@ -256,7 +256,7 @@ mymain(void) - TLS_CERT_REQ(servercert6req, cacert6req, - "UK", "libvirt.org", NULL, NULL, NULL, NULL, - true, true, false, -- true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, -+ true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, - true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL, - 0, 0); - -@@ -284,7 +284,7 @@ mymain(void) - TLS_CERT_REQ(servercert8req, cacertreq, - "UK", "libvirt", NULL, NULL, NULL, NULL, - true, true, false, -- true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT | GNUTLS_KEY_KEY_CERT_SIGN, -+ true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_CERT_SIGN, - false, false, NULL, NULL, - 0, 0); - /* usage:cert-sign:not-critical */ -@@ -372,7 +372,7 @@ mymain(void) - TLS_CERT_REQ(clientcert2req, cacertreq, - "UK", "libvirt", NULL, NULL, NULL, NULL, - true, true, false, -- true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT | GNUTLS_KEY_KEY_CERT_SIGN, -+ true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_CERT_SIGN, - false, false, NULL, NULL, - 0, 0); - /* usage:cert-sign:not-critical */ -@@ -459,19 +459,19 @@ mymain(void) - TLS_CERT_REQ(servercertexpreq, cacertexpreq, - "UK", "libvirt.org", NULL, NULL, NULL, NULL, - true, true, false, -- true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, -+ true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, - true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL, - 0, 0); - TLS_CERT_REQ(servercertexp1req, cacertreq, - "UK", "libvirt", NULL, NULL, NULL, NULL, - true, true, false, -- true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, -+ true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, - true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL, - 0, -1); - TLS_CERT_REQ(clientcertexp1req, cacertreq, - "UK", "libvirt", NULL, NULL, NULL, NULL, - true, true, false, -- true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, -+ true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, - true, true, GNUTLS_KP_TLS_WWW_CLIENT, NULL, - 0, -1); - -@@ -491,19 +491,19 @@ mymain(void) - TLS_CERT_REQ(servercertnewreq, cacertnewreq, - "UK", "libvirt", NULL, NULL, NULL, NULL, - true, true, false, -- true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, -+ true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, - true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL, - 0, 0); - TLS_CERT_REQ(servercertnew1req, cacertreq, - "UK", "libvirt", NULL, NULL, NULL, NULL, - true, true, false, -- true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, -+ true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, - true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL, - 1, 2); - TLS_CERT_REQ(clientcertnew1req, cacertreq, - "UK", "libvirt", NULL, NULL, NULL, NULL, - true, true, false, -- true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, -+ true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, - true, true, GNUTLS_KP_TLS_WWW_CLIENT, NULL, - 1, 2); - -@@ -538,13 +538,13 @@ mymain(void) - TLS_CERT_REQ(servercertlevel3areq, cacertlevel2areq, - "UK", "libvirt.org", NULL, NULL, NULL, NULL, - true, true, false, -- true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, -+ true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, - true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL, - 0, 0); - TLS_CERT_REQ(clientcertlevel2breq, cacertlevel1breq, - "UK", "libvirt client level 2b", NULL, NULL, NULL, NULL, - true, true, false, -- true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, -+ true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, - true, true, GNUTLS_KP_TLS_WWW_CLIENT, NULL, - 0, 0); - -diff --git a/tests/virnettlssessiontest.c b/tests/virnettlssessiontest.c -index 285cde57d8..459e17c52c 100644 ---- a/tests/virnettlssessiontest.c -+++ b/tests/virnettlssessiontest.c -@@ -314,20 +314,20 @@ mymain(void) - TLS_CERT_REQ(servercertreq, cacertreq, - "UK", "libvirt.org", NULL, NULL, NULL, NULL, - true, true, false, -- true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, -+ true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, - true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL, - 0, 0); - TLS_CERT_REQ(clientcertreq, cacertreq, - "UK", "libvirt", NULL, NULL, NULL, NULL, - true, true, false, -- true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, -+ true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, - true, true, GNUTLS_KP_TLS_WWW_CLIENT, NULL, - 0, 0); - - TLS_CERT_REQ(clientcertaltreq, altcacertreq, - "UK", "libvirt", NULL, NULL, NULL, NULL, - true, true, false, -- true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, -+ true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, - true, true, GNUTLS_KP_TLS_WWW_CLIENT, NULL, - 0, 0); - -@@ -342,14 +342,14 @@ mymain(void) - TLS_CERT_REQ(servercertalt1req, cacertreq, - "UK", "libvirt.org", "www.libvirt.org", "libvirt.org", "192.168.122.1", "fec0::dead:beaf", - true, true, false, -- true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, -+ true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, - true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL, - 0, 0); - /* This intentionally doesn't replicate */ - TLS_CERT_REQ(servercertalt2req, cacertreq, - "UK", "libvirt.org", "www.libvirt.org", "wiki.libvirt.org", "192.168.122.1", "fec0::dead:beaf", - true, true, false, -- true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, -+ true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, - true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL, - 0, 0); - -@@ -433,13 +433,13 @@ mymain(void) - TLS_CERT_REQ(servercertlevel3areq, cacertlevel2areq, - "UK", "libvirt.org", NULL, NULL, NULL, NULL, - true, true, false, -- true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, -+ true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, - true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL, - 0, 0); - TLS_CERT_REQ(clientcertlevel2breq, cacertlevel1breq, - "UK", "libvirt client level 2b", NULL, NULL, NULL, NULL, - true, true, false, -- true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, -+ true, true, GNUTLS_KEY_DIGITAL_SIGNATURE, - true, true, GNUTLS_KP_TLS_WWW_CLIENT, NULL, - 0, 0); - --- -2.50.1 diff --git a/libvirt-tls-Don-t-require-keyEncipherment-to-be-enabled-altoghther.patch b/libvirt-tls-Don-t-require-keyEncipherment-to-be-enabled-altoghther.patch deleted file mode 100644 index e8a004b..0000000 --- a/libvirt-tls-Don-t-require-keyEncipherment-to-be-enabled-altoghther.patch +++ /dev/null @@ -1,85 +0,0 @@ -From 5e7f9ff3044baee5c4528dd68b4e74c852abcf04 Mon Sep 17 00:00:00 2001 -Message-ID: <5e7f9ff3044baee5c4528dd68b4e74c852abcf04.1752837271.git.jdenemar@redhat.com> -From: Peter Krempa -Date: Mon, 30 Jun 2025 19:19:42 +0200 -Subject: [PATCH] tls: Don't require 'keyEncipherment' to be enabled altoghther -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Key encipherment is required only for RSA key exchange algorithm. With -TLS 1.3 this is not even used as RSA is used only for authentication. - -Since we can't really check when it's required ahead of time drop the -check completely. GnuTLS will moan if it will not be able to use RSA -key exchange. - -In commit 11867b0224a2 I tried to relax the check for some eliptic -curve algorithm that explicitly forbid it. Based on the above the proper -solution is to completely remove it. - -Resolves: https://issues.redhat.com/browse/RHEL-100711 -Fixes: 11867b0224a2b8dc34755ff0ace446b6842df1c1 -Signed-off-by: Peter Krempa -Reviewed-by: Ján Tomko -(cherry picked from commit 8cecd3249e5fa5478a7c53567971b4d969274ea3) - -https://issues.redhat.com/browse/RHEL-100711 ---- - src/rpc/virnettlscert.c | 34 ++++------------------------------ - 1 file changed, 4 insertions(+), 30 deletions(-) - -diff --git a/src/rpc/virnettlscert.c b/src/rpc/virnettlscert.c -index f197995633..6a723c1ed4 100644 ---- a/src/rpc/virnettlscert.c -+++ b/src/rpc/virnettlscert.c -@@ -128,8 +128,10 @@ static int virNetTLSCertCheckKeyUsage(gnutls_x509_crt_t cert, - VIR_DEBUG("Cert %s key usage status %d usage %d critical %u", certFile, status, usage, critical); - if (status < 0) { - if (status == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { -- usage = isCA ? GNUTLS_KEY_KEY_CERT_SIGN : -- GNUTLS_KEY_DIGITAL_SIGNATURE|GNUTLS_KEY_KEY_ENCIPHERMENT; -+ if (isCA) -+ usage = GNUTLS_KEY_KEY_CERT_SIGN; -+ else -+ usage = GNUTLS_KEY_DIGITAL_SIGNATURE; - } else { - virReportError(VIR_ERR_SYSTEM_ERROR, - _("Unable to query certificate %1$s key usage %2$s"), -@@ -162,34 +164,6 @@ static int virNetTLSCertCheckKeyUsage(gnutls_x509_crt_t cert, - certFile); - } - } -- if (!(usage & GNUTLS_KEY_KEY_ENCIPHERMENT)) { -- int alg = gnutls_x509_crt_get_pk_algorithm(cert, NULL); -- -- /* Per RFC8813 [1] which amends RFC5580 [2] ECDSA, ECDH, and ECMQV -- * algorithms must not have 'keyEncipherment' present. -- * -- * [1] https://datatracker.ietf.org/doc/rfc8813/ -- * [2] https://datatracker.ietf.org/doc/rfc5480 -- */ -- -- switch (alg) { -- case GNUTLS_PK_ECDSA: -- case GNUTLS_PK_ECDH_X25519: -- case GNUTLS_PK_ECDH_X448: -- break; -- -- default: -- if (critical) { -- virReportError(VIR_ERR_SYSTEM_ERROR, -- _("Certificate %1$s usage does not permit key encipherment"), -- certFile); -- return -1; -- } else { -- VIR_WARN("Certificate %s usage does not permit key encipherment", -- certFile); -- } -- } -- } - } - - return 0; --- -2.50.1 diff --git a/libvirt-virDomainDriverAutoShutdown-Refactor-selection-logic-for-VMs.patch b/libvirt-virDomainDriverAutoShutdown-Refactor-selection-logic-for-VMs.patch deleted file mode 100644 index fccd697..0000000 --- a/libvirt-virDomainDriverAutoShutdown-Refactor-selection-logic-for-VMs.patch +++ /dev/null @@ -1,332 +0,0 @@ -From 518d76ea990261580c502657e4bf7b9dea22b21e Mon Sep 17 00:00:00 2001 -Message-ID: <518d76ea990261580c502657e4bf7b9dea22b21e.1752837271.git.jdenemar@redhat.com> -From: Peter Krempa -Date: Tue, 1 Jul 2025 17:19:46 +0200 -Subject: [PATCH] virDomainDriverAutoShutdown: Refactor selection logic for VMs - -Decide separately and record what shutdown modes are to be applied on -given VM object rather than spreading out the logic through the code. - -This centralization simplifies the conditions in the worker functions -and also: - - provides easy way to check if the auto-shutdown code will be acting - on domain object (will be used to fix attempt to auto-restore of - VMs which were not selected to be acted on - - will simplify further work where the desired shutdown action will be - picked per-VM - -This refactor also fixes a bug where if restoring of the state is -applied also on VMs that are not selected for action based on current -logic. - -Signed-off-by: Peter Krempa -Reviewed-by: Pavel Hrdina -(cherry picked from commit 1c2295fbafab12cb3f943aab8bd015e167cad533) - -https://issues.redhat.com/browse/RHEL-95196 ---- - src/hypervisor/domain_driver.c | 178 +++++++++++++++++++-------------- - 1 file changed, 101 insertions(+), 77 deletions(-) - -diff --git a/src/hypervisor/domain_driver.c b/src/hypervisor/domain_driver.c -index d8ccee40d5..88fb87023a 100644 ---- a/src/hypervisor/domain_driver.c -+++ b/src/hypervisor/domain_driver.c -@@ -738,25 +738,32 @@ virDomainDriverAutoShutdownActive(virDomainDriverAutoShutdownConfig *cfg) - } - - -+enum { -+ VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_MODE_SAVE = 1 << 1, -+ VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_MODE_SHUTDOWN = 1 << 2, -+ VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_MODE_POWEROFF = 1 << 3, -+ VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_MODE_RESTORE = 1 << 4, -+} virDomainDriverAutoShutdownModeFlag; -+ -+ - static void - virDomainDriverAutoShutdownDoSave(virDomainPtr *domains, -- bool *transient, -+ unsigned int *modes, - size_t numDomains, - virDomainDriverAutoShutdownConfig *cfg) - { - g_autofree unsigned int *flags = g_new0(unsigned int, numDomains); -+ bool hasSave = false; - size_t i; - -- if (cfg->trySave == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_NONE) -- return; -- - for (i = 0; i < numDomains; i++) { - int state; - -- if ((transient[i] && cfg->trySave == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_PERSISTENT) || -- (!transient[i] && cfg->trySave == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_TRANSIENT)) -+ if (!(modes[i] & VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_MODE_SAVE)) - continue; - -+ hasSave = true; -+ - virSystemdNotifyStatus("Suspending '%s' (%zu of %zu)", - virDomainGetName(domains[i]), i + 1, numDomains); - VIR_INFO("Suspending '%s'", virDomainGetName(domains[i])); -@@ -778,9 +785,11 @@ virDomainDriverAutoShutdownDoSave(virDomainPtr *domains, - virDomainSuspend(domains[i]); - } - -+ if (!hasSave) -+ return; -+ - for (i = 0; i < numDomains; i++) { -- if ((transient[i] && cfg->trySave == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_PERSISTENT) || -- (!transient[i] && cfg->trySave == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_TRANSIENT)) -+ if (!(modes[i] & VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_MODE_SAVE)) - continue; - - virSystemdNotifyStatus("Saving '%s' (%zu of %zu)", -@@ -795,31 +804,27 @@ virDomainDriverAutoShutdownDoSave(virDomainPtr *domains, - virDomainResume(domains[i]); - continue; - } -- virObjectUnref(domains[i]); -- domains[i] = NULL; -+ -+ modes[i] = 0; - } - } - - - static void - virDomainDriverAutoShutdownDoShutdown(virDomainPtr *domains, -- bool *transient, -+ unsigned int *modes, - size_t numDomains, - virDomainDriverAutoShutdownConfig *cfg) - { - GTimer *timer = NULL; -+ bool hasShutdown = false; - size_t i; - -- if (cfg->tryShutdown == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_NONE) -- return; -- - for (i = 0; i < numDomains; i++) { -- if (domains[i] == NULL) -+ if (!(modes[i] & VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_MODE_SHUTDOWN)) - continue; - -- if ((transient[i] && cfg->tryShutdown == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_PERSISTENT) || -- (!transient[i] && cfg->tryShutdown == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_TRANSIENT)) -- continue; -+ hasShutdown = true; - - virSystemdNotifyStatus("Shutting down '%s' (%zu of %zu)", - virDomainGetName(domains[i]), i + 1, numDomains); -@@ -833,25 +838,24 @@ virDomainDriverAutoShutdownDoShutdown(virDomainPtr *domains, - } - } - -+ if (!hasShutdown) -+ return; -+ - timer = g_timer_new(); - virSystemdNotifyStatus("Waiting %u secs for VM shutdown completion", - cfg->waitShutdownSecs); - VIR_INFO("Waiting %u secs for VM shutdown completion", cfg->waitShutdownSecs); -+ - while (1) { - bool anyRunning = false; - for (i = 0; i < numDomains; i++) { -- if (!domains[i]) -- continue; -- -- if ((transient[i] && cfg->tryShutdown == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_PERSISTENT) || -- (!transient[i] && cfg->tryShutdown == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_TRANSIENT)) -+ if (!(modes[i] & VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_MODE_SHUTDOWN)) - continue; - - if (virDomainIsActive(domains[i]) == 1) { - anyRunning = true; - } else { -- virObjectUnref(domains[i]); -- domains[i] = NULL; -+ modes[i] = 0; - } - } - -@@ -867,21 +871,13 @@ virDomainDriverAutoShutdownDoShutdown(virDomainPtr *domains, - - static void - virDomainDriverAutoShutdownDoPoweroff(virDomainPtr *domains, -- bool *transient, -- size_t numDomains, -- virDomainDriverAutoShutdownConfig *cfg) -+ unsigned int *modes, -+ size_t numDomains) - { - size_t i; - -- if (cfg->poweroff == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_NONE) -- return; -- - for (i = 0; i < numDomains; i++) { -- if (domains[i] == NULL) -- continue; -- -- if ((transient[i] && cfg->poweroff == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_PERSISTENT) || -- (!transient[i] && cfg->poweroff == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_TRANSIENT)) -+ if (!(modes[i] & VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_MODE_POWEROFF)) - continue; - - virSystemdNotifyStatus("Destroying '%s' (%zu of %zu)", -@@ -894,11 +890,49 @@ virDomainDriverAutoShutdownDoPoweroff(virDomainPtr *domains, - */ - virDomainDestroy(domains[i]); - -- virObjectUnref(domains[i]); -- domains[i] = NULL; -+ modes[i] = 0; - } - } - -+static unsigned int -+virDomainDriverAutoShutdownGetMode(virDomainPtr domain, -+ virDomainDriverAutoShutdownConfig *cfg) -+{ -+ unsigned int mode = 0; -+ -+ if (virDomainIsPersistent(domain) != 0) { -+ if (cfg->trySave == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_ALL || -+ cfg->trySave == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_PERSISTENT) -+ mode |= VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_MODE_SAVE; -+ -+ if (cfg->tryShutdown == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_ALL || -+ cfg->tryShutdown == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_PERSISTENT) -+ mode |= VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_MODE_SHUTDOWN; -+ -+ if (cfg->poweroff == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_ALL || -+ cfg->poweroff == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_PERSISTENT) -+ mode |= VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_MODE_POWEROFF; -+ -+ /* Don't restore VMs which weren't selected for auto-shutdown */ -+ if (mode != 0 && cfg->autoRestore) -+ mode |= VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_MODE_RESTORE; -+ } else { -+ if (cfg->tryShutdown == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_ALL || -+ cfg->tryShutdown == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_TRANSIENT) -+ mode |= VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_MODE_SHUTDOWN; -+ -+ if (cfg->poweroff == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_ALL || -+ cfg->poweroff == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_TRANSIENT) -+ mode |= VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_MODE_POWEROFF; -+ -+ if (cfg->autoRestore) -+ VIR_DEBUG("Cannot auto-restore transient VM '%s'", -+ virDomainGetName(domain)); -+ } -+ -+ return mode; -+} -+ - - void - virDomainDriverAutoShutdown(virDomainDriverAutoShutdownConfig *cfg) -@@ -907,7 +941,7 @@ virDomainDriverAutoShutdown(virDomainDriverAutoShutdownConfig *cfg) - int numDomains = 0; - size_t i; - virDomainPtr *domains = NULL; -- g_autofree bool *transient = NULL; -+ g_autofree unsigned int *modes = NULL; - - VIR_DEBUG("Run autoshutdown uri=%s trySave=%s tryShutdown=%s poweroff=%s waitShutdownSecs=%u saveBypassCache=%d autoRestore=%d", - cfg->uri, -@@ -948,58 +982,48 @@ virDomainDriverAutoShutdown(virDomainDriverAutoShutdownConfig *cfg) - return; - - if (!(conn = virConnectOpen(cfg->uri))) -- goto cleanup; -+ return; - - if ((numDomains = virConnectListAllDomains(conn, - &domains, - VIR_CONNECT_LIST_DOMAINS_ACTIVE)) < 0) -- goto cleanup; -+ return; - - VIR_DEBUG("Auto shutdown with %d running domains", numDomains); - -- transient = g_new0(bool, numDomains); -- for (i = 0; i < numDomains; i++) { -- if (virDomainIsPersistent(domains[i]) == 0) -- transient[i] = true; -+ modes = g_new0(unsigned int, numDomains); - -- if (cfg->autoRestore) { -- if (transient[i]) { -- VIR_DEBUG("Cannot auto-restore transient VM %s", -- virDomainGetName(domains[i])); -- } else { -- VIR_DEBUG("Mark %s for autostart on next boot", -- virDomainGetName(domains[i])); -- if (virDomainSetAutostartOnce(domains[i], 1) < 0) { -- VIR_WARN("Unable to mark domain '%s' for auto restore: %s", -- virDomainGetName(domains[i]), -- virGetLastErrorMessage()); -- } -+ for (i = 0; i < numDomains; i++) { -+ modes[i] = virDomainDriverAutoShutdownGetMode(domains[i], cfg); -+ -+ if (modes[i] == 0) { -+ /* VM wasn't selected for any of the shutdown modes. There's not -+ * much we can do about that as the host is powering off, logging -+ * at least lets admins know */ -+ VIR_WARN("auto-shutdown: domain '%s' not successfully shut off by any action", -+ domains[i]->name); -+ } -+ -+ if (modes[i] & VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_MODE_RESTORE) { -+ VIR_DEBUG("Mark '%s' for autostart on next boot", -+ virDomainGetName(domains[i])); -+ if (virDomainSetAutostartOnce(domains[i], 1) < 0) { -+ VIR_WARN("Unable to mark domain '%s' for auto restore: %s", -+ virDomainGetName(domains[i]), -+ virGetLastErrorMessage()); - } - } - } - -- virDomainDriverAutoShutdownDoSave(domains, transient, numDomains, cfg); -- virDomainDriverAutoShutdownDoShutdown(domains, transient, numDomains, cfg); -- virDomainDriverAutoShutdownDoPoweroff(domains, transient, numDomains, cfg); -+ virDomainDriverAutoShutdownDoSave(domains, modes, numDomains, cfg); -+ virDomainDriverAutoShutdownDoShutdown(domains, modes, numDomains, cfg); -+ virDomainDriverAutoShutdownDoPoweroff(domains, modes, numDomains); - - virSystemdNotifyStatus("Processed %d domains", numDomains); - VIR_INFO("Processed %d domains", numDomains); - -- cleanup: -- if (domains) { -- /* Anything non-NULL in this list indicates none of -- * the configured ations were successful in processing -- * the domain. There's not much we can do about that -- * as the host is powering off, logging at least lets -- * admins know -- */ -- for (i = 0; i < numDomains; i++) { -- if (domains[i] == NULL) -- continue; -- VIR_WARN("auto-shutdown: domain '%s' not successfully shut off by any action", -- domains[i]->name); -- virObjectUnref(domains[i]); -- } -- VIR_FREE(domains); -- } -+ for (i = 0; i < numDomains; i++) -+ virObjectUnref(domains[i]); -+ -+ VIR_FREE(domains); - } --- -2.50.1 diff --git a/libvirt-virDomainDriverAutoShutdownDoSave-Don-t-attempt-to-save-transient-VMs.patch b/libvirt-virDomainDriverAutoShutdownDoSave-Don-t-attempt-to-save-transient-VMs.patch deleted file mode 100644 index 3e51016..0000000 --- a/libvirt-virDomainDriverAutoShutdownDoSave-Don-t-attempt-to-save-transient-VMs.patch +++ /dev/null @@ -1,41 +0,0 @@ -From ec623715d2716db078a0248925506d4d75d7fd57 Mon Sep 17 00:00:00 2001 -Message-ID: -From: Peter Krempa -Date: Thu, 3 Jul 2025 14:18:46 +0200 -Subject: [PATCH] virDomainDriverAutoShutdownDoSave: Don't attempt to save - transient VMs - -Commit 84bb136c31e added code that intended to skip the save of -transient domains but did so only in the setup part where we pause the -VMS. The second loop that actually attempts to save the VM was not -modified so we'd still try saving them: - - Jul 03 14:15:13 andariel virtqemud[247210]: auto-shutdown: unable to perform managed save of 'cd3': Requested operation is not valid: cannot do managed save for transient domain - -Fixes: 84bb136c31e -Signed-off-by: Peter Krempa -Reviewed-by: Pavel Hrdina -(cherry picked from commit e1f84ca87e20c64999d3e6e1daccbd86dda743ef) - -https://issues.redhat.com/browse/RHEL-95196 ---- - src/hypervisor/domain_driver.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/hypervisor/domain_driver.c b/src/hypervisor/domain_driver.c -index cce6c64d1b..d8ccee40d5 100644 ---- a/src/hypervisor/domain_driver.c -+++ b/src/hypervisor/domain_driver.c -@@ -779,6 +779,10 @@ virDomainDriverAutoShutdownDoSave(virDomainPtr *domains, - } - - for (i = 0; i < numDomains; i++) { -+ if ((transient[i] && cfg->trySave == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_PERSISTENT) || -+ (!transient[i] && cfg->trySave == VIR_DOMAIN_DRIVER_AUTO_SHUTDOWN_SCOPE_TRANSIENT)) -+ continue; -+ - virSystemdNotifyStatus("Saving '%s' (%zu of %zu)", - virDomainGetName(domains[i]), i + 1, numDomains); - VIR_INFO("Saving '%s'", virDomainGetName(domains[i])); --- -2.50.1 diff --git a/libvirt-virSystemdCreateMachine-Add-flag-to-invert-machined-unit-dependencies.patch b/libvirt-virSystemdCreateMachine-Add-flag-to-invert-machined-unit-dependencies.patch deleted file mode 100644 index 945229f..0000000 --- a/libvirt-virSystemdCreateMachine-Add-flag-to-invert-machined-unit-dependencies.patch +++ /dev/null @@ -1,178 +0,0 @@ -From aa234d4ed710432af8aac8fbe79d5cf80ae2b1f6 Mon Sep 17 00:00:00 2001 -Message-ID: -From: Peter Krempa -Date: Thu, 26 Jun 2025 17:35:17 +0200 -Subject: [PATCH] virSystemdCreateMachine: Add flag to invert machined unit - dependencies - -The existing dependency order of the 'machined' unit file for the domain -we're starting ("After libvirtd/virtqemud"->thus shuts down *before* the -daemon) is intended to work with 'libvirt-guests.service' which requires -the daemon to be around to shut down the VMs. - -If we want to use the integrated auto shutdown done by the daemon itself -we need to be able to instruct the domains (thus the corresponding -machined units to shut down *after* virtqemud/libvirt. - -This means that we need to be able to invert the ordering relationship -to "Before". - -This patch adds a parameter to virSystemdCreateMachine so that when -starting the VM we'll be able to tell the daemon to use the proper -relationship. - -Signed-off-by: Peter Krempa -Reviewed-by: Pavel Hrdina -(cherry picked from commit 9b12b7e85914dd3d0874dfcd0f6abc0925e3325f) - -https://issues.redhat.com/browse/RHEL-95361 ---- - src/util/vircgroup.c | 3 ++- - src/util/virsystemd.c | 27 +++++++++++++++++++++------ - src/util/virsystemd.h | 3 ++- - tests/virsystemdtest.c | 15 +++++++++------ - 4 files changed, 34 insertions(+), 14 deletions(-) - -diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c -index 1daa95e178..fc5dca4858 100644 ---- a/src/util/vircgroup.c -+++ b/src/util/vircgroup.c -@@ -1293,7 +1293,8 @@ virCgroupNewMachineSystemd(const char *name, - nnicindexes, - nicindexes, - partition, -- maxthreads)) < 0) -+ maxthreads, -+ false)) < 0) - return rv; - - if (controllers != -1) -diff --git a/src/util/virsystemd.c b/src/util/virsystemd.c -index 4f8424ae32..bd174c683e 100644 ---- a/src/util/virsystemd.c -+++ b/src/util/virsystemd.c -@@ -358,6 +358,8 @@ virSystemdGetMachineUnitByPID(pid_t pid) - * @nicindexes: list of network interface indexes - * @partition: name of the slice to place the machine in - * @maxthreads: maximum number of threads the VM process can use -+ * @daemonDomainShutdown: shutdown of domains on host shutdown is done by the -+ * daemon instead of the libvirt-guests script - * - * Returns 0 on success, -1 on fatal error, or -2 if systemd-machine is not available - */ -@@ -370,7 +372,8 @@ int virSystemdCreateMachine(const char *name, - size_t nnicindexes, - int *nicindexes, - const char *partition, -- unsigned int maxthreads) -+ unsigned int maxthreads, -+ bool daemonDomainShutdown) - { - int rc; - GDBusConnection *conn; -@@ -462,11 +465,23 @@ int virSystemdCreateMachine(const char *name, - uuid, 16, sizeof(unsigned char)); - gnicindexes = g_variant_new_fixed_array(G_VARIANT_TYPE("i"), - nicindexes, nnicindexes, sizeof(int)); -- gprops = g_variant_new_parsed("[('Slice', <%s>)," -- " ('After', <['libvirtd.service', %s]>)," -- " ('Before', <['virt-guest-shutdown.target']>)]", -- slicename, -- servicename); -+ -+ if (daemonDomainShutdown) { -+ /* When domains are shut down by the daemon rather than the -+ * "libvirt-guests" script we need ensure that their unit -+ * is ordered so that it's shutdown after the libvirt daemon itself */ -+ gprops = g_variant_new_parsed("[('Slice', <%s>)," -+ " ('Before', <['libvirtd.service', %s]>)]", -+ slicename, -+ servicename); -+ } else { -+ gprops = g_variant_new_parsed("[('Slice', <%s>)," -+ " ('After', <['libvirtd.service', %s]>)," -+ " ('Before', <['virt-guest-shutdown.target']>)]", -+ slicename, -+ servicename); -+ } -+ - message = g_variant_new("(s@ayssus@ai@a(sv))", - name, - guuid, -diff --git a/src/util/virsystemd.h b/src/util/virsystemd.h -index 98460dbc3a..620d9a9645 100644 ---- a/src/util/virsystemd.h -+++ b/src/util/virsystemd.h -@@ -40,7 +40,8 @@ int virSystemdCreateMachine(const char *name, - size_t nnicindexes, - int *nicindexes, - const char *partition, -- unsigned int maxthreads); -+ unsigned int maxthreads, -+ bool daemonDomainShutdown); - - int virSystemdTerminateMachine(const char *name); - -diff --git a/tests/virsystemdtest.c b/tests/virsystemdtest.c -index 004b0549ce..24c118a409 100644 ---- a/tests/virsystemdtest.c -+++ b/tests/virsystemdtest.c -@@ -170,7 +170,8 @@ static int testCreateContainer(const void *opaque G_GNUC_UNUSED) - 123, - true, - 0, NULL, -- "highpriority.slice", 0) < 0) { -+ "highpriority.slice", 0, -+ false) < 0) { - fprintf(stderr, "%s", "Failed to create LXC machine\n"); - return -1; - } -@@ -203,7 +204,9 @@ static int testCreateMachine(const void *opaque G_GNUC_UNUSED) - 123, - false, - 0, NULL, -- NULL, 0) < 0) { -+ NULL, -+ 0, -+ true) < 0) { - fprintf(stderr, "%s", "Failed to create KVM machine\n"); - return -1; - } -@@ -240,7 +243,7 @@ static int testCreateNoSystemd(const void *opaque G_GNUC_UNUSED) - 123, - false, - 0, NULL, -- NULL, 0)) == 0) { -+ NULL, 0, false)) == 0) { - g_unsetenv("FAIL_NO_SERVICE"); - fprintf(stderr, "%s", "Unexpected create machine success\n"); - return -1; -@@ -274,7 +277,7 @@ static int testCreateSystemdNotRunning(const void *opaque G_GNUC_UNUSED) - 123, - false, - 0, NULL, -- NULL, 0)) == 0) { -+ NULL, 0, false)) == 0) { - g_unsetenv("FAIL_NOT_REGISTERED"); - fprintf(stderr, "%s", "Unexpected create machine success\n"); - return -1; -@@ -308,7 +311,7 @@ static int testCreateBadSystemd(const void *opaque G_GNUC_UNUSED) - 123, - false, - 0, NULL, -- NULL, 0)) == 0) { -+ NULL, 0, false)) == 0) { - g_unsetenv("FAIL_BAD_SERVICE"); - fprintf(stderr, "%s", "Unexpected create machine success\n"); - return -1; -@@ -343,7 +346,7 @@ static int testCreateNetwork(const void *opaque G_GNUC_UNUSED) - 123, - true, - nnicindexes, nicindexes, -- "highpriority.slice", 2) < 0) { -+ "highpriority.slice", 2, false) < 0) { - fprintf(stderr, "%s", "Failed to create LXC machine\n"); - return -1; - } --- -2.50.1 diff --git a/libvirt-virSystemdCreateMachine-Document-maxthreds.patch b/libvirt-virSystemdCreateMachine-Document-maxthreds.patch deleted file mode 100644 index 18e3dce..0000000 --- a/libvirt-virSystemdCreateMachine-Document-maxthreds.patch +++ /dev/null @@ -1,32 +0,0 @@ -From a979205ad19aafc0cea99f66debff32704882fa4 Mon Sep 17 00:00:00 2001 -Message-ID: -From: Peter Krempa -Date: Thu, 26 Jun 2025 17:20:21 +0200 -Subject: [PATCH] virSystemdCreateMachine: Document @maxthreds - -The parameter overrides the maximum number of threads for the machine. - -Fixes: d5572f62e32 -Signed-off-by: Peter Krempa -Reviewed-by: Pavel Hrdina -(cherry picked from commit 0df20b69c8c235946a307ee9b031002d69137852) - -https://issues.redhat.com/browse/RHEL-95361 ---- - src/util/virsystemd.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/util/virsystemd.c b/src/util/virsystemd.c -index 92d2890360..4f8424ae32 100644 ---- a/src/util/virsystemd.c -+++ b/src/util/virsystemd.c -@@ -357,6 +357,7 @@ virSystemdGetMachineUnitByPID(pid_t pid) - * @nnicindexes: number of network interface indexes in list - * @nicindexes: list of network interface indexes - * @partition: name of the slice to place the machine in -+ * @maxthreads: maximum number of threads the VM process can use - * - * Returns 0 on success, -1 on fatal error, or -2 if systemd-machine is not available - */ --- -2.50.1 diff --git a/libvirt.spec b/libvirt.spec index edff979..b4b90eb 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -292,8 +292,8 @@ Summary: Library providing a simple virtualization API Name: libvirt -Version: 11.5.0 -Release: 4%{?dist}%{?extra_release}.alma.1 +Version: 11.7.0 +Release: 1%{?dist}%{?extra_release}.alma.1 License: GPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND OFL-1.1 URL: https://libvirt.org/ @@ -301,27 +301,6 @@ URL: https://libvirt.org/ %define mainturl stable_updates/ %endif Source: https://download.libvirt.org/%{?mainturl}libvirt-%{version}.tar.xz -Patch1: libvirt-virSystemdCreateMachine-Document-maxthreds.patch -Patch2: libvirt-cgroup-Unexport-virDomainCgroupInitCgroup.patch -Patch3: libvirt-qemu-conf-Store-autoShutdown-config-in-virDomainDriverAutoShutdownConfig.patch -Patch4: libvirt-hypervisor-domain-Extract-logic-for-auto-shutdown-to-virDomainDriverAutoShutdownActive.patch -Patch5: libvirt-virSystemdCreateMachine-Add-flag-to-invert-machined-unit-dependencies.patch -Patch6: libvirt-cgroup-Plumb-the-daemonDomainShutdown-parameter-of-virSystemdCreateMachine-to-drivers.patch -Patch7: libvirt-qemu-Fix-auto-shutdown-of-qemu-VMs-by-the-qemu-driver.patch -Patch8: libvirt-hypervisor-Split-out-individual-steps-out-of-virDomainDriverAutoShutdown.patch -Patch9: libvirt-virDomainDriverAutoShutdownDoSave-Don-t-attempt-to-save-transient-VMs.patch -Patch10: libvirt-virDomainDriverAutoShutdown-Refactor-selection-logic-for-VMs.patch -Patch11: libvirt-tls-Don-t-require-keyEncipherment-to-be-enabled-altoghther.patch -Patch12: libvirt-kbase-tlscerts-Drop-encryption_key-feature-request.patch -Patch13: libvirt-tests-virnettls-test-Drop-use-of-GNUTLS_KEY_KEY_ENCIPHERMENT.patch -Patch14: libvirt-qemu_tpm-Rename-qemuTPMHasSharedStorage-qemuTPMDomainHasSharedStorage.patch -Patch15: libvirt-qemu_tpm-Extract-per-TPM-functionality-from-qemuTPMDomainHasSharedStorage.patch -Patch16: libvirt-qemu_tpm-Only-warn-about-missing-locking-feature-on-shared-filesystems.patch -Patch17: libvirt-qemu_tpm-Do-not-use-persistent-definition-during-pre-start-checks.patch -Patch18: libvirt-qemu-fix-order-of-VNC-TLS-config-entries.patch -Patch19: libvirt-qemu-sanitize-blank-lines-in-config-file.patch -Patch20: libvirt-qemu-add-ability-to-set-TLS-priority-string-with-QEMU.patch - Requires: libvirt-daemon = %{version}-%{release} Requires: libvirt-daemon-config-network = %{version}-%{release} @@ -1184,9 +1163,6 @@ MinGW Windows libvirt virtualization library. %prep %autosetup -S git_am -N -%autopatch - - %build %if 0%{?fedora} >= %{min_fedora} || 0%{?rhel} >= %{min_rhel} %define supported_platform 1 @@ -2496,6 +2472,9 @@ exit 0 %{_unitdir}/virtchd.service %{_unitdir}/virtchd.socket %{_libdir}/libvirt/connection-driver/libvirt_driver_ch.so +%config(noreplace) %{_sysconfdir}/libvirt/ch.conf +%{_datadir}/augeas/lenses/libvirtd_ch.aug +%{_datadir}/augeas/lenses/tests/test_libvirtd_ch.aug %endif %files client @@ -2716,9 +2695,14 @@ exit 0 %endif %changelog -* Wed Aug 06 2025 Eduard Abdullin - 11.5.0-4.alma.1 +* Wed Sep 03 2025 Eduard Abdullin - 11.7.0-1.alma.1 - Enable building for ppc64le +* Tue Sep 2 2025 Jiri Denemark - 11.7.0-1 +- Rebased to libvirt-11.7.0 (RHEL-104238) +- The rebase also fixes the following bugs: + RHEL-72006, RHEL-110191 + * Tue Aug 5 2025 Jiri Denemark - 11.5.0-4 - qemu: fix order of VNC TLS config entries (RHEL-104382) - qemu: sanitize blank lines in config file (RHEL-104382) diff --git a/sources b/sources index 0785e24..aa868ac 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (libvirt-11.5.0.tar.xz) = 76faa65ca747cb1f302847edecb76eb1cf53fd608779ccd96c8b1f909f56a709ff8f2a6c286ac1f29433adf5b11f3175bdbf3d98033fd512f139e915a6939d7e +SHA512 (libvirt-11.7.0.tar.xz) = 69b5ad14aeabe28dd265dc83dfb63ac4d9956bfa9c67fa1d9cf7ebd4e13354cd3266bbb8941efe7347962bad432c84d10d4c48f70f74a18087ba5dfe17d6365f