From 214f09b92f2443ee7a9e10e2c682bf18d8bcf796 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Mon, 30 Sep 2024 16:09:07 +0000 Subject: [PATCH] import CS nbdkit-1.38.3-1.el9 --- .gitignore | 2 +- .nbdkit.metadata | 2 +- ...itialization-from-incompatible-point.patch | 44 --- ...inclusion-of-gnutls-socket.h-with-ol.patch | 46 +++ ...work-documentation-for-dir-parameter.patch | 58 ---- ...preserve-errno-to-log_verror-functio.patch | 151 ++++++++ ...when-referencing-dir-option-from-dir.patch | 28 -- ...readlocal_-set-get-_error-to-._errno.patch | 177 ++++++++++ ...ework-documentation-of-dir-parameter.patch | 108 ------ ...uce-threadlocal_-set-get-_last_error.patch | 95 +++++ ...arkup-for-linking-to-other-man-pages.patch | 29 -- ...read-local-copy-of-the-last-call-to-.patch | 95 +++++ ...call-nbdkit_error-twice-on-error-pat.patch | 30 -- ...end-the-last-error-to-the-NBD-client.patch | 177 ++++++++++ ...ggest-alternate-partition-sectorsize.patch | 52 --- SOURCES/copy-patches.sh | 2 +- SOURCES/nbdkit-1.36.2.tar.gz.sig | 17 - SOURCES/nbdkit-1.38.3.tar.gz.sig | 17 + SOURCES/nbdkit.fc | 3 + SOURCES/nbdkit.if | 207 +++++++++++ SOURCES/nbdkit.te | 100 ++++++ SPECS/nbdkit.spec | 326 ++++++++++++++++-- 22 files changed, 1363 insertions(+), 403 deletions(-) delete mode 100644 SOURCES/0001-configure-Fix-initialization-from-incompatible-point.patch create mode 100644 SOURCES/0001-nbdkit-1.38-Fix-inclusion-of-gnutls-socket.h-with-ol.patch delete mode 100644 SOURCES/0002-file-Rework-documentation-for-dir-parameter.patch create mode 100644 SOURCES/0002-server-log-Move-preserve-errno-to-log_verror-functio.patch delete mode 100644 SOURCES/0003-file-Fix-markup-when-referencing-dir-option-from-dir.patch create mode 100644 SOURCES/0003-server-Rename-threadlocal_-set-get-_error-to-._errno.patch delete mode 100644 SOURCES/0004-file-Further-rework-documentation-of-dir-parameter.patch create mode 100644 SOURCES/0004-server-Introduce-threadlocal_-set-get-_last_error.patch delete mode 100644 SOURCES/0005-exportname-Fix-markup-for-linking-to-other-man-pages.patch create mode 100644 SOURCES/0005-server-Take-a-thread-local-copy-of-the-last-call-to-.patch delete mode 100644 SOURCES/0006-partition-Don-t-call-nbdkit_error-twice-on-error-pat.patch create mode 100644 SOURCES/0006-server-Send-the-last-error-to-the-NBD-client.patch delete mode 100644 SOURCES/0007-partition-Suggest-alternate-partition-sectorsize.patch delete mode 100644 SOURCES/nbdkit-1.36.2.tar.gz.sig create mode 100644 SOURCES/nbdkit-1.38.3.tar.gz.sig create mode 100644 SOURCES/nbdkit.fc create mode 100644 SOURCES/nbdkit.if create mode 100644 SOURCES/nbdkit.te diff --git a/.gitignore b/.gitignore index 409e0a4..3990bd5 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ SOURCES/libguestfs.keyring -SOURCES/nbdkit-1.36.2.tar.gz +SOURCES/nbdkit-1.38.3.tar.gz diff --git a/.nbdkit.metadata b/.nbdkit.metadata index 6653ce4..c2dc5eb 100644 --- a/.nbdkit.metadata +++ b/.nbdkit.metadata @@ -1,2 +1,2 @@ cc1b37b9cfafa515aab3eefd345ecc59aac2ce7b SOURCES/libguestfs.keyring -ca7c103dc96a65bfa5f6263bb5df8478f8038948 SOURCES/nbdkit-1.36.2.tar.gz +442637a8da4527c50f9bac0762c31276c2d00796 SOURCES/nbdkit-1.38.3.tar.gz diff --git a/SOURCES/0001-configure-Fix-initialization-from-incompatible-point.patch b/SOURCES/0001-configure-Fix-initialization-from-incompatible-point.patch deleted file mode 100644 index 77863d5..0000000 --- a/SOURCES/0001-configure-Fix-initialization-from-incompatible-point.patch +++ /dev/null @@ -1,44 +0,0 @@ -From ac87babe2d1652e3f37715efe9f29ad6f16eb9df Mon Sep 17 00:00:00 2001 -From: "Richard W.M. Jones" -Date: Mon, 4 Dec 2023 10:23:29 +0000 -Subject: [PATCH] configure: Fix initialization from incompatible pointer type - -With GCC 14: - - configure:20816: checking if environ is declared in header files - configure:20833: gcc -c -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grec -ord-gcc-switches -pipe -Wall -Werror=format-security --Werror=implicit-function-declaration -Werror=implicit-int --Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS --specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong --specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic --fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection --fno-omit-frame-pointer -mno-omit-leaf-frame-pointer conftest.c >&5 - conftest.c: In function 'test': - conftest.c:62:22: error: initialization of 'const char **' from incompatible p -ointer type 'char **' - 62 | const char **env = environ; - | ^~~~~~~ - -Thanks: Florian Weimer -(cherry picked from commit 32a9ee6650654469cd591a3ae26842c54f898392) ---- - configure.ac | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index 3b12e357..beab4674 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -335,7 +335,7 @@ AC_LANG_SOURCE([[ - static int - test (void) - { -- const char **env = environ; -+ char **env = environ; - return env ? 1 : 0; // this just forces env to be used - } - ]]) --- -2.39.3 - diff --git a/SOURCES/0001-nbdkit-1.38-Fix-inclusion-of-gnutls-socket.h-with-ol.patch b/SOURCES/0001-nbdkit-1.38-Fix-inclusion-of-gnutls-socket.h-with-ol.patch new file mode 100644 index 0000000..6d5100f --- /dev/null +++ b/SOURCES/0001-nbdkit-1.38-Fix-inclusion-of-gnutls-socket.h-with-ol.patch @@ -0,0 +1,46 @@ +From 14a2646d4221d50b4b194d5dd2d6010808ea642b Mon Sep 17 00:00:00 2001 +From: "Richard W.M. Jones" +Date: Sun, 14 Jul 2024 09:50:31 +0100 +Subject: [PATCH] nbdkit 1.38: Fix inclusion of with old + gnutls + +Development branch commit 8ce65bac5a ("build: Move to minimum gnutls +>= 3.5.18") changed the way that is included. I +didn't cherry pick this commit to the stable-1.38 branch since we +don't want to force people to update gnutls. + +However when I cherry picked commit 47987e43bd ("server/crypto.c: +Check works before including it"), I missed that +there was still a place where was included (which +would have been fixed by the commit above). + +The upshot is that compilation of nbdkit 1.38.3 fails on mingw: + +In file included from ../../server/crypto.c:69: +/usr/i686-w64-mingw32/sys-root/mingw/include/gnutls/socket.h:32:10: fatal error: sys/socket.h: No such file or directory + 32 | #include + | ^~~~~~~~~~~~~~ +compilation terminated. + +Fixes: commit f889d822dd96bcf8c0427bd541d730d58b166d83 +--- + server/crypto.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/server/crypto.c b/server/crypto.c +index 83970282..86843192 100644 +--- a/server/crypto.c ++++ b/server/crypto.c +@@ -65,9 +65,6 @@ + #else + #define TRY_KTLS 0 + #endif +-#if TRY_KTLS +-#include +-#endif + + static int crypto_auth; + #define CRYPTO_AUTH_CERTIFICATES 1 +-- +2.43.0 + diff --git a/SOURCES/0002-file-Rework-documentation-for-dir-parameter.patch b/SOURCES/0002-file-Rework-documentation-for-dir-parameter.patch deleted file mode 100644 index c368250..0000000 --- a/SOURCES/0002-file-Rework-documentation-for-dir-parameter.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 054798ca11b9f0b71fbad302edf66b52519f5aa2 Mon Sep 17 00:00:00 2001 -From: "Richard W.M. Jones" -Date: Thu, 14 Dec 2023 17:47:10 +0000 -Subject: [PATCH] file: Rework documentation for dir= parameter - -The existing documentation tended towards jargon and lacked examples. - -(cherry picked from commit 7cbd49ced6414e49fcf4ff1a967929a2b83ab44e) ---- - plugins/file/nbdkit-file-plugin.pod | 23 +++++++++++++++++------ - 1 file changed, 17 insertions(+), 6 deletions(-) - -diff --git a/plugins/file/nbdkit-file-plugin.pod b/plugins/file/nbdkit-file-plugin.pod -index 857ad21e..e47eae97 100644 ---- a/plugins/file/nbdkit-file-plugin.pod -+++ b/plugins/file/nbdkit-file-plugin.pod -@@ -64,13 +64,23 @@ symbolic links. Other special files in the directory (such as - subdirectories, pipes, or Unix sockets) are ignored. - - When this mode is used, the file to be served is chosen by the export --name passed by the client, where the client can request a list of --available exports using NBD_OPT_LIST. A client that requests the --default export (C<"">) will be rejected. However, you can use --L to adjust what export names the client --sees or uses as a default. For security, when using directory mode, -+name passed by the client. For security, when using directory mode, - this plugin will not accept export names containing slash (C). - -+To list exports, use L I<--list> option, for example: -+ -+ nbdinfo --list nbd://localhost -+ -+An NBD client can request a list of available exports using -+C. -+ -+A client that requests the default export (C<"">) will be rejected. -+However, you can use L to adjust what -+export names the client sees, and which one the client uses as a -+default. For example to make F be the default export: -+ -+ nbdkit file dir=/dir --filter=exportname default-export=file -+ - =item BFILE_DESCRIPTOR - - (nbdkit E 1.34, not Windows) -@@ -262,7 +272,8 @@ L, - L, - L, - L, --L. -+L, -+L. - - =head1 AUTHORS - --- -2.39.3 - diff --git a/SOURCES/0002-server-log-Move-preserve-errno-to-log_verror-functio.patch b/SOURCES/0002-server-log-Move-preserve-errno-to-log_verror-functio.patch new file mode 100644 index 0000000..244c4ad --- /dev/null +++ b/SOURCES/0002-server-log-Move-preserve-errno-to-log_verror-functio.patch @@ -0,0 +1,151 @@ +From f39c63a79ffb888bd565eb49b0ee2590fad8fbb9 Mon Sep 17 00:00:00 2001 +From: "Richard W.M. Jones" +Date: Tue, 23 Jul 2024 14:46:41 +0100 +Subject: [PATCH] server: log: Move preserve errno to log_verror function + +This neutral code refactoring just moves the place where we preserve +errno out one layer, but should have no other effect. + +(cherry picked from commit f2c644d4495d5e75883ff729936102c90489e8d8) +--- + server/internal.h | 8 ++++---- + server/log-stderr.c | 9 ++------- + server/log-syslog.c | 13 ++++--------- + server/log.c | 12 ++++++++---- + 4 files changed, 18 insertions(+), 24 deletions(-) + +diff --git a/server/internal.h b/server/internal.h +index 7eba3bce..57e777e9 100644 +--- a/server/internal.h ++++ b/server/internal.h +@@ -339,10 +339,10 @@ extern void free_debug_flags (void); + extern void log_verror (const char *fs, va_list args); + + /* log-*.c */ +-extern void log_stderr_verror (const char *fs, va_list args) +- ATTRIBUTE_FORMAT_PRINTF (1, 0); +-extern void log_syslog_verror (const char *fs, va_list args) +- ATTRIBUTE_FORMAT_PRINTF (1, 0); ++extern void log_stderr_verror (int orig_errno, const char *fs, va_list args) ++ ATTRIBUTE_FORMAT_PRINTF (2, 0); ++extern void log_syslog_verror (int orig_errno, const char *fs, va_list args) ++ ATTRIBUTE_FORMAT_PRINTF (2, 0); + + /* vfprintf.c */ + #if !HAVE_VFPRINTF_PERCENT_M +diff --git a/server/log-stderr.c b/server/log-stderr.c +index 8a55f5df..4d8b09da 100644 +--- a/server/log-stderr.c ++++ b/server/log-stderr.c +@@ -43,12 +43,9 @@ + + #include "internal.h" + +-/* Note: preserves the previous value of errno. */ + void +-log_stderr_verror (const char *fs, va_list args) ++log_stderr_verror (int orig_errno, const char *fs, va_list args) + { +- int err = errno; /* must be first line of function */ +- + const char *name = threadlocal_get_name (); + size_t instance_num = threadlocal_get_instance_num (); + int tty; +@@ -69,7 +66,7 @@ log_stderr_verror (const char *fs, va_list args) + } + + fprintf (stderr, "error: "); +- errno = err; /* must restore in case fs contains %m */ ++ errno = orig_errno; /* must restore in case fs contains %m */ + vfprintf (stderr, fs, args); + fprintf (stderr, "\n"); + +@@ -78,6 +75,4 @@ log_stderr_verror (const char *fs, va_list args) + #ifdef HAVE_FUNLOCKFILE + funlockfile (stderr); + #endif +- +- errno = err; /* must be last line of function */ + } +diff --git a/server/log-syslog.c b/server/log-syslog.c +index 76c5035b..29a7a825 100644 +--- a/server/log-syslog.c ++++ b/server/log-syslog.c +@@ -45,11 +45,9 @@ + /* Tempted to use LOG_FTP instead of LOG_DAEMON! */ + static const int PRIORITY = LOG_DAEMON|LOG_ERR; + +-/* Note: preserves the previous value of errno. */ + void +-log_syslog_verror (const char *fs, va_list args) ++log_syslog_verror (int orig_errno, const char *fs, va_list args) + { +- int err = errno; + const char *name = threadlocal_get_name (); + size_t instance_num = threadlocal_get_instance_num (); + CLEANUP_FREE char *msg = NULL; +@@ -59,9 +57,9 @@ log_syslog_verror (const char *fs, va_list args) + fp = open_memstream (&msg, &len); + if (fp == NULL) { + /* Fallback to logging using fs, args directly. */ +- errno = err; /* Must restore in case fs contains %m */ ++ errno = orig_errno; /* must restore in case fs contains %m */ + vsyslog (PRIORITY, fs, args); +- goto out; ++ return; + } + + if (name) { +@@ -71,12 +69,9 @@ log_syslog_verror (const char *fs, va_list args) + fprintf (fp, ": "); + } + +- errno = err; /* Must restore in case fs contains %m */ ++ errno = orig_errno; /* must restore in case fs contains %m */ + vfprintf (fp, fs, args); + close_memstream (fp); + + syslog (PRIORITY, "%s", msg); +- +- out: +- errno = err; + } +diff --git a/server/log.c b/server/log.c +index 464e4f9a..9c1f667a 100644 +--- a/server/log.c ++++ b/server/log.c +@@ -46,23 +46,27 @@ + void + log_verror (const char *fs, va_list args) + { ++ int orig_errno = errno; ++ + switch (log_to) { + case LOG_TO_DEFAULT: + if (forked_into_background) +- log_syslog_verror (fs, args); ++ log_syslog_verror (orig_errno, fs, args); + else +- log_stderr_verror (fs, args); ++ log_stderr_verror (orig_errno, fs, args); + break; + case LOG_TO_SYSLOG: +- log_syslog_verror (fs, args); ++ log_syslog_verror (orig_errno, fs, args); + break; + case LOG_TO_STDERR: +- log_stderr_verror (fs, args); ++ log_stderr_verror (orig_errno, fs, args); + break; + case LOG_TO_NULL: + /* nothing */ + break; + } ++ ++ errno = orig_errno; /* Restore errno before leaving the function. */ + } + + /* Note: preserves the previous value of errno. */ +-- +2.43.0 + diff --git a/SOURCES/0003-file-Fix-markup-when-referencing-dir-option-from-dir.patch b/SOURCES/0003-file-Fix-markup-when-referencing-dir-option-from-dir.patch deleted file mode 100644 index 56610e5..0000000 --- a/SOURCES/0003-file-Fix-markup-when-referencing-dir-option-from-dir.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 596f97316e65c151741e6ee42893023f6e945c01 Mon Sep 17 00:00:00 2001 -From: "Richard W.M. Jones" -Date: Sat, 16 Dec 2023 18:08:37 +0000 -Subject: [PATCH] file: Fix markup when referencing dir= option from dirfd= - docs - -Fixes: commit dd28b005430d020ccd1825437937c317332d3007 -(cherry picked from commit 5b8c9c49cc352e9b0fba4dde9e0f57c53c9c2457) ---- - plugins/file/nbdkit-file-plugin.pod | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/plugins/file/nbdkit-file-plugin.pod b/plugins/file/nbdkit-file-plugin.pod -index e47eae97..5feb8ea9 100644 ---- a/plugins/file/nbdkit-file-plugin.pod -+++ b/plugins/file/nbdkit-file-plugin.pod -@@ -85,7 +85,7 @@ default. For example to make F be the default export: - - (nbdkit E 1.34, not Windows) - --This is like the I option, but instead of specifying the -+This is like the C option, but instead of specifying the - directory by name, the parent process should open the directory and - pass this file descriptor by inheritance to nbdkit. - --- -2.39.3 - diff --git a/SOURCES/0003-server-Rename-threadlocal_-set-get-_error-to-._errno.patch b/SOURCES/0003-server-Rename-threadlocal_-set-get-_error-to-._errno.patch new file mode 100644 index 0000000..baf80da --- /dev/null +++ b/SOURCES/0003-server-Rename-threadlocal_-set-get-_error-to-._errno.patch @@ -0,0 +1,177 @@ +From 179227c7d6b0677dcd1dced55881e0d024745424 Mon Sep 17 00:00:00 2001 +From: "Richard W.M. Jones" +Date: Wed, 24 Jul 2024 10:29:13 +0100 +Subject: [PATCH] server: Rename threadlocal_{set,get}_error to .._errno + +A simple mechanical change, to avoid confusion with +threadlocal_{set,get}_last_error introduced in the following commit. + +(cherry picked from commit 1d7f655726ad3483d0e8086741182aada7ae8595) +--- + server/internal.h | 4 ++-- + server/plugins.c | 27 +++++++++++++-------------- + server/protocol.c | 5 +++-- + server/threadlocal.c | 4 ++-- + 4 files changed, 20 insertions(+), 20 deletions(-) + +diff --git a/server/internal.h b/server/internal.h +index 57e777e9..6549c87b 100644 +--- a/server/internal.h ++++ b/server/internal.h +@@ -568,8 +568,8 @@ extern void threadlocal_set_name (const char *name) + extern const char *threadlocal_get_name (void); + extern void threadlocal_set_instance_num (size_t instance_num); + extern size_t threadlocal_get_instance_num (void); +-extern void threadlocal_set_error (int err); +-extern int threadlocal_get_error (void); ++extern void threadlocal_set_errno (int err); ++extern int threadlocal_get_errno (void); + extern void *threadlocal_buffer (size_t size); + extern void threadlocal_set_conn (struct connection *conn); + extern struct connection *threadlocal_get_conn (void); +diff --git a/server/plugins.c b/server/plugins.c +index ca89ac7a..3c7df0d2 100644 +--- a/server/plugins.c ++++ b/server/plugins.c +@@ -633,15 +633,14 @@ plugin_can_cache (struct context *c) + NBDKIT_DLL_PUBLIC void + nbdkit_set_error (int err) + { +- threadlocal_set_error (err); ++ threadlocal_set_errno (err); + } + +-/* Grab the appropriate error value. +- */ ++/* Grab the appropriate error value. */ + static int +-get_error (struct backend_plugin *p) ++get_errno (struct backend_plugin *p) + { +- int ret = threadlocal_get_error (); ++ int ret = threadlocal_get_errno (); + + if (!ret && p->plugin.errno_is_preserved != 0) + ret = errno; +@@ -664,7 +663,7 @@ plugin_pread (struct context *c, + else + r = p->plugin._pread_v1 (c->handle, buf, count, offset); + if (r == -1) +- *err = get_error (p); ++ *err = get_errno (p); + return r; + } + +@@ -685,7 +684,7 @@ plugin_flush (struct context *c, + return -1; + } + if (r == -1) +- *err = get_error (p); ++ *err = get_errno (p); + return r; + } + +@@ -715,7 +714,7 @@ plugin_pwrite (struct context *c, + if (r != -1 && need_flush) + r = plugin_flush (c, 0, err); + if (r == -1 && !*err) +- *err = get_error (p); ++ *err = get_errno (p); + return r; + } + +@@ -744,7 +743,7 @@ plugin_trim (struct context *c, + if (r != -1 && need_flush) + r = plugin_flush (c, 0, err); + if (r == -1 && !*err) +- *err = get_error (p); ++ *err = get_errno (p); + return r; + } + +@@ -782,7 +781,7 @@ plugin_zero (struct context *c, + else + emulate = true; + if (r == -1) +- *err = emulate ? EOPNOTSUPP : get_error (p); ++ *err = emulate ? EOPNOTSUPP : get_errno (p); + if (r == 0 || (*err != EOPNOTSUPP && *err != ENOTSUP)) + goto done; + } +@@ -794,7 +793,7 @@ plugin_zero (struct context *c, + } + + flags &= ~NBDKIT_FLAG_MAY_TRIM; +- threadlocal_set_error (0); ++ threadlocal_set_errno (0); + *err = 0; + + while (count) { +@@ -814,7 +813,7 @@ plugin_zero (struct context *c, + if (r != -1 && need_flush) + r = plugin_flush (c, 0, err); + if (r == -1 && !*err) +- *err = get_error (p); ++ *err = get_errno (p); + return r; + } + +@@ -839,7 +838,7 @@ plugin_extents (struct context *c, + r = -1; + } + if (r == -1) +- *err = get_error (p); ++ *err = get_errno (p); + return r; + } + +@@ -859,7 +858,7 @@ plugin_cache (struct context *c, + + r = p->plugin.cache (c->handle, count, offset, flags); + if (r == -1) +- *err = get_error (p); ++ *err = get_errno (p); + return r; + } + +diff --git a/server/protocol.c b/server/protocol.c +index 9b63f789..677da05c 100644 +--- a/server/protocol.c ++++ b/server/protocol.c +@@ -235,8 +235,9 @@ handle_request (uint16_t cmd, uint16_t flags, uint64_t offset, uint32_t count, + int err = 0; + + /* Clear the error, so that we know if the plugin calls +- * nbdkit_set_error() or relied on errno. */ +- threadlocal_set_error (0); ++ * nbdkit_set_error() or relied on errno. ++ */ ++ threadlocal_set_errno (0); + + switch (cmd) { + case NBD_CMD_READ: +diff --git a/server/threadlocal.c b/server/threadlocal.c +index 088fe55a..9bb656bc 100644 +--- a/server/threadlocal.c ++++ b/server/threadlocal.c +@@ -154,7 +154,7 @@ threadlocal_get_instance_num (void) + } + + void +-threadlocal_set_error (int err) ++threadlocal_set_errno (int err) + { + struct threadlocal *threadlocal = pthread_getspecific (threadlocal_key); + +@@ -167,7 +167,7 @@ threadlocal_set_error (int err) + /* This preserves errno, for convenience. + */ + int +-threadlocal_get_error (void) ++threadlocal_get_errno (void) + { + int err = errno; + struct threadlocal *threadlocal = pthread_getspecific (threadlocal_key); +-- +2.43.0 + diff --git a/SOURCES/0004-file-Further-rework-documentation-of-dir-parameter.patch b/SOURCES/0004-file-Further-rework-documentation-of-dir-parameter.patch deleted file mode 100644 index 88fc6e8..0000000 --- a/SOURCES/0004-file-Further-rework-documentation-of-dir-parameter.patch +++ /dev/null @@ -1,108 +0,0 @@ -From 0d080223a8567a5ef673deb6ac49152fd67dd1b7 Mon Sep 17 00:00:00 2001 -From: "Richard W.M. Jones" -Date: Sat, 16 Dec 2023 18:03:13 +0000 -Subject: [PATCH] file: Further rework documentation of dir= parameter - -Move the documentation to a new section, allowing us to expand on this -topic. This also makes the HTML documentation linkable. - -Updates: commit 7cbd49ced6414e49fcf4ff1a967929a2b83ab44e -(cherry picked from commit 74621ec608d0edd76c2d8de140e7d1d5626c8251) ---- - plugins/file/nbdkit-file-plugin.pod | 66 +++++++++++++++++++++-------- - 1 file changed, 49 insertions(+), 17 deletions(-) - -diff --git a/plugins/file/nbdkit-file-plugin.pod b/plugins/file/nbdkit-file-plugin.pod -index 5feb8ea9..de8fbeba 100644 ---- a/plugins/file/nbdkit-file-plugin.pod -+++ b/plugins/file/nbdkit-file-plugin.pod -@@ -63,23 +63,7 @@ directory named C, including those found by following - symbolic links. Other special files in the directory (such as - subdirectories, pipes, or Unix sockets) are ignored. - --When this mode is used, the file to be served is chosen by the export --name passed by the client. For security, when using directory mode, --this plugin will not accept export names containing slash (C). -- --To list exports, use L I<--list> option, for example: -- -- nbdinfo --list nbd://localhost -- --An NBD client can request a list of available exports using --C. -- --A client that requests the default export (C<"">) will be rejected. --However, you can use L to adjust what --export names the client sees, and which one the client uses as a --default. For example to make F be the default export: -- -- nbdkit file dir=/dir --filter=exportname default-export=file -+See L below. - - =item BFILE_DESCRIPTOR - -@@ -89,6 +73,8 @@ This is like the C option, but instead of specifying the - directory by name, the parent process should open the directory and - pass this file descriptor by inheritance to nbdkit. - -+See L below. -+ - =item B - - =item B -@@ -140,6 +126,52 @@ L (or C) you can serve all regular -+files and block devices located directly inside the directory named -+C, including those found by following symbolic links. -+Other special files in the directory (such as subdirectories, pipes, -+or Unix sockets) are ignored. -+ -+When this mode is used, the file to be served is chosen by the export -+name passed by the client. For security, when using directory mode, -+this plugin will not accept export names containing slash (C). -+ -+For example: -+ -+ $ ls -l /var/tmp/exports -+ total 0 -+ -rw-r--r--. 1 rjones rjones 1048576 Dec 14 15:34 disk1 -+ -rw-r--r--. 1 rjones rjones 2097152 Dec 14 15:34 disk2 -+ lrwxrwxrwx. 1 rjones rjones 9 Dec 14 15:35 sda1 -> /dev/sda1 -+ $ nbdkit file dir=/var/tmp/exports -+ -+will serve three exports called C<"disk1">, C<"disk2"> and C<"sda1">. -+The first two are regular files and the last is a block device. You -+can add or remove files or symbolic links from the directory while -+nbdkit is running. -+ -+To list exports, use L I<--list> option, for example: -+ -+ $ nbdinfo --list nbd://localhost -+ protocol: newstyle-fixed without TLS, using structured packets -+ export="disk1": -+ export-size: 1048576 (1M) -+ uri: nbd://localhost:10809/disk1 -+ [etc] -+ -+An NBD client can request a list of available exports using -+C. For libnbd clients see nbd_opt_list(3). -+ -+A client that requests the default export (C<"">) will be rejected. -+However, you can use L to adjust the -+default export as well as other transformations of export names. For -+example to make F be the default export: -+ -+ nbdkit file dir=/var/tmp/exports \ -+ --filter=exportname default-export=disk1 -+ - =head2 Optimizing for random or sequential access - - If you know in advance that the NBD client will access the file --- -2.39.3 - diff --git a/SOURCES/0004-server-Introduce-threadlocal_-set-get-_last_error.patch b/SOURCES/0004-server-Introduce-threadlocal_-set-get-_last_error.patch new file mode 100644 index 0000000..fb76302 --- /dev/null +++ b/SOURCES/0004-server-Introduce-threadlocal_-set-get-_last_error.patch @@ -0,0 +1,95 @@ +From 334ab902477a0e1db4d70a5c809eafe49ab1fc6e Mon Sep 17 00:00:00 2001 +From: "Richard W.M. Jones" +Date: Wed, 24 Jul 2024 10:37:58 +0100 +Subject: [PATCH] server: Introduce threadlocal_{set,get}_last_error + +Plus a function to clear the last_error field. + +(cherry picked from commit fa5055ae2b9f96af941d697de39198c96ee2580a) +--- + server/internal.h | 3 +++ + server/threadlocal.c | 40 ++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 43 insertions(+) + +diff --git a/server/internal.h b/server/internal.h +index 6549c87b..da19fb99 100644 +--- a/server/internal.h ++++ b/server/internal.h +@@ -570,6 +570,9 @@ extern void threadlocal_set_instance_num (size_t instance_num); + extern size_t threadlocal_get_instance_num (void); + extern void threadlocal_set_errno (int err); + extern int threadlocal_get_errno (void); ++extern void threadlocal_set_last_error (char *msg); ++extern void threadlocal_clear_last_error (void); ++extern const char *threadlocal_get_last_error (void); + extern void *threadlocal_buffer (size_t size); + extern void threadlocal_set_conn (struct connection *conn); + extern struct connection *threadlocal_get_conn (void); +diff --git a/server/threadlocal.c b/server/threadlocal.c +index 9bb656bc..74a3c4e5 100644 +--- a/server/threadlocal.c ++++ b/server/threadlocal.c +@@ -56,6 +56,7 @@ struct threadlocal { + char *name; /* Can be NULL. */ + size_t instance_num; /* Can be 0. */ + int err; ++ char *last_error; /* Can be NULL. */ + void *buffer; /* Can be NULL. */ + size_t buffer_size; + struct connection *conn; /* Can be NULL. */ +@@ -70,6 +71,7 @@ free_threadlocal (void *threadlocalv) + struct threadlocal *threadlocal = threadlocalv; + + free (threadlocal->name); ++ free (threadlocal->last_error); + free (threadlocal->buffer); + free (threadlocal); + } +@@ -176,6 +178,44 @@ threadlocal_get_errno (void) + return threadlocal ? threadlocal->err : 0; + } + ++/* Set the last_error field. The ownership of the 'msg' string is ++ * passed to the threadlocal and will be freed here. ++ */ ++void ++threadlocal_set_last_error (char *msg) ++{ ++ struct threadlocal *threadlocal = pthread_getspecific (threadlocal_key); ++ ++ if (threadlocal) { ++ free (threadlocal->last_error); ++ threadlocal->last_error = msg; ++ } ++ else { ++ /* ... otherwise throw it away, it's informational. */ ++ free (msg); ++ } ++} ++ ++void ++threadlocal_clear_last_error (void) ++{ ++ threadlocal_set_last_error (NULL); ++} ++ ++/* Get the last_error field. If successful, this returns a non-NULL ++ * string. This is valid until something calls nbdkit_error() in the ++ * same thread, so it should be used quickly. Returning NULL is not ++ * necessarily an error. The last_error is informational and may not ++ * be available. ++ */ ++const char * ++threadlocal_get_last_error (void) ++{ ++ struct threadlocal *threadlocal = pthread_getspecific (threadlocal_key); ++ ++ return threadlocal ? threadlocal->last_error : NULL; ++} ++ + /* Return the single pread/pwrite buffer for this thread. The buffer + * size is increased to ‘size’ bytes if required. + * +-- +2.43.0 + diff --git a/SOURCES/0005-exportname-Fix-markup-for-linking-to-other-man-pages.patch b/SOURCES/0005-exportname-Fix-markup-for-linking-to-other-man-pages.patch deleted file mode 100644 index 3c2c4f2..0000000 --- a/SOURCES/0005-exportname-Fix-markup-for-linking-to-other-man-pages.patch +++ /dev/null @@ -1,29 +0,0 @@ -From c155987ee521c2d6a163d2814dc869ec1e89fd90 Mon Sep 17 00:00:00 2001 -From: "Richard W.M. Jones" -Date: Sat, 16 Dec 2023 18:32:50 +0000 -Subject: [PATCH] exportname: Fix markup for linking to other man pages - -Fixes: commit 7623b2cc45078cca88fdd2d96c70c7f82a0db49d -(cherry picked from commit 6104f55f3851f3b82dc69f7e78c32e9c7a93dbc9) ---- - filters/exportname/nbdkit-exportname-filter.pod | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/filters/exportname/nbdkit-exportname-filter.pod b/filters/exportname/nbdkit-exportname-filter.pod -index 1d69f7d4..f95a37be 100644 ---- a/filters/exportname/nbdkit-exportname-filter.pod -+++ b/filters/exportname/nbdkit-exportname-filter.pod -@@ -10,8 +10,8 @@ nbdkit-exportname-filter - adjust export names between client and plugin - - =head1 DESCRIPTION - --Some plugins (such as C and filters (such as --C are able to serve different content based on -+Some plugins (such as L and filters (such as -+L are able to serve different content based on - the export name requested by the client. The NBD protocol allows a - server to advertise the set of export names it is serving. However, - the list advertised (or absent) from the plugin may not always match --- -2.39.3 - diff --git a/SOURCES/0005-server-Take-a-thread-local-copy-of-the-last-call-to-.patch b/SOURCES/0005-server-Take-a-thread-local-copy-of-the-last-call-to-.patch new file mode 100644 index 0000000..7177578 --- /dev/null +++ b/SOURCES/0005-server-Take-a-thread-local-copy-of-the-last-call-to-.patch @@ -0,0 +1,95 @@ +From a0e3f9d58142b8c5e7bcc9b73da60778e6503d0b Mon Sep 17 00:00:00 2001 +From: "Richard W.M. Jones" +Date: Tue, 23 Jul 2024 15:28:06 +0100 +Subject: [PATCH] server: Take a thread-local copy of the last call to + nbdkit_error + +nbdkit_error has traditionally been a "fancy wrapper around fprintf" +(kind of, don't take that literally). It is encouraged that plugins +and filters do something like: + + if (error) { + nbdkit_error ("oops, a bad thing happened"); + return -1; + } + +but we don't enforce this. Plugins might call nbdkit_error more than +once or not at all. + +The point where we get to sending an error back over the wire to the +NBD client is long after the plugin returned above, and after +nbdkit_error was called. + +Therefore in order to send errors back to the NBD client, we must keep +the last error message around. + +This change simply modifies nbdkit_error to make a best-effort attempt +to save the last error message in thread-local storage. + +We also clear the last error when a new request starts, to ensure that +we don't leak errors across different callbacks or connections. + +(cherry picked from commit bfa6d4064cb74f429149d14ab4025b258fc95ec4) +--- + server/log.c | 21 +++++++++++++++++++++ + server/protocol.c | 5 +++++ + 2 files changed, 26 insertions(+) + +diff --git a/server/log.c b/server/log.c +index 9c1f667a..acf14d57 100644 +--- a/server/log.c ++++ b/server/log.c +@@ -40,6 +40,25 @@ + + #include "internal.h" + ++/* Copy the error message to threadlocal. This is sent to callers ++ * which are using structured replies, but is for extra information ++ * only so don't fail if we are unable to copy it. ++ */ ++static void ++copy_error_to_threadlocal (int orig_errno, const char *fs, va_list args) ++{ ++ va_list args_copy; ++ char *msg; ++ int r; ++ ++ va_copy (args_copy, args); ++ errno = orig_errno; /* must restore in case fs contains %m */ ++ r = vasprintf (&msg, fs, args_copy); ++ va_end (args_copy); ++ if (r != -1 && msg) ++ threadlocal_set_last_error (msg); /* ownership passed to threadlocal */ ++} ++ + /* Call the right log_*_verror function depending on log_sink. + * Note: preserves the previous value of errno. + */ +@@ -48,6 +67,8 @@ log_verror (const char *fs, va_list args) + { + int orig_errno = errno; + ++ copy_error_to_threadlocal (orig_errno, fs, args); ++ + switch (log_to) { + case LOG_TO_DEFAULT: + if (forked_into_background) +diff --git a/server/protocol.c b/server/protocol.c +index 677da05c..d428bfc8 100644 +--- a/server/protocol.c ++++ b/server/protocol.c +@@ -239,6 +239,11 @@ handle_request (uint16_t cmd, uint16_t flags, uint64_t offset, uint32_t count, + */ + threadlocal_set_errno (0); + ++ /* Also clear the last error in this thread so we will only save ++ * nbdkit_error() from this request. ++ */ ++ threadlocal_clear_last_error (); ++ + switch (cmd) { + case NBD_CMD_READ: + if (backend_pread (c, buf, count, offset, 0, &err) == -1) +-- +2.43.0 + diff --git a/SOURCES/0006-partition-Don-t-call-nbdkit_error-twice-on-error-pat.patch b/SOURCES/0006-partition-Don-t-call-nbdkit_error-twice-on-error-pat.patch deleted file mode 100644 index 9127c68..0000000 --- a/SOURCES/0006-partition-Don-t-call-nbdkit_error-twice-on-error-pat.patch +++ /dev/null @@ -1,30 +0,0 @@ -From b8eb91e9102a2ae6cb96b0f2ffdb96b724cbb1b7 Mon Sep 17 00:00:00 2001 -From: "Richard W.M. Jones" -Date: Wed, 20 Dec 2023 10:38:27 +0000 -Subject: [PATCH] partition: Don't call nbdkit_error twice on error path - -Fixes: commit 7b9301a4c569456a4f96784229a2cd48e8957662 -(cherry picked from commit 036b178a4affd00b8bbdb6cb140e81b62f57a374) ---- - filters/partition/partition-gpt.c | 4 +--- - 1 file changed, 1 insertion(+), 3 deletions(-) - -diff --git a/filters/partition/partition-gpt.c b/filters/partition/partition-gpt.c -index 80acddb4..930e2081 100644 ---- a/filters/partition/partition-gpt.c -+++ b/filters/partition/partition-gpt.c -@@ -92,10 +92,8 @@ find_gpt_partition (nbdkit_next *next, - int err; - - if (get_gpt_header (header_bytes, -- &nr_partition_entries, &size_partition_entry) == -1) { -- nbdkit_error ("cannot support non-standard GPT header"); -+ &nr_partition_entries, &size_partition_entry) == -1) - return -1; -- } - - if (partnum > nr_partition_entries) { - nbdkit_error ("GPT partition number out of range"); --- -2.39.3 - diff --git a/SOURCES/0006-server-Send-the-last-error-to-the-NBD-client.patch b/SOURCES/0006-server-Send-the-last-error-to-the-NBD-client.patch new file mode 100644 index 0000000..e55d96f --- /dev/null +++ b/SOURCES/0006-server-Send-the-last-error-to-the-NBD-client.patch @@ -0,0 +1,177 @@ +From 7128144273f5355d7705e09a99aa1b2359e7e823 Mon Sep 17 00:00:00 2001 +From: "Richard W.M. Jones" +Date: Tue, 23 Jul 2024 15:45:04 +0100 +Subject: [PATCH] server: Send the last error to the NBD client + +This sends the last error saved in the connection handle back to the +NBD client. This is informational and best effort. + +qemu reports the error already, for example: + + $ nbdkit --log=null \ + eval open=' echo EPERM Go Away >&2; exit 1 ' get_size=' echo 100 ' \ + --run 'qemu-img info "$uri"' + qemu-img: Could not open 'nbd+unix://?socket=/tmp/nbdkitIDl6iy/socket': Requested export not available + server reported: /tmp/nbdkitRDAfXH/open: Go Away + +This goes back to at least qemu 2.12.0 (RHEL 7) and possibly earlier, +so we can just assume that qemu does this for the test. + +libnbd requires a patch to display this information. + +(cherry picked from commit 46484ca8e6a35c45fe96b6c972ceba8984d401e8) +--- + server/protocol-handshake-newstyle.c | 43 ++++++++++++++++------ + tests/Makefile.am | 2 + + tests/test-last-error.sh | 55 ++++++++++++++++++++++++++++ + 3 files changed, 88 insertions(+), 12 deletions(-) + create mode 100755 tests/test-last-error.sh + +diff --git a/server/protocol-handshake-newstyle.c b/server/protocol-handshake-newstyle.c +index 6b3bc76f..c18d32e5 100644 +--- a/server/protocol-handshake-newstyle.c ++++ b/server/protocol-handshake-newstyle.c +@@ -57,28 +57,47 @@ send_newstyle_option_reply (uint32_t option, uint32_t reply) + { + GET_CONN; + struct nbd_fixed_new_option_reply fixed_new_option_reply; ++ const char *last_error = NULL; ++ uint32_t replylen = 0; ++ ++ if (NBD_REP_IS_ERR (reply)) { ++ last_error = threadlocal_get_last_error (); ++ /* Note that calling nbdkit_error will invalidate last_error, so ++ * be careful below. ++ */ ++ if (last_error) { ++ size_t len = strlen (last_error); ++ if (len <= NBD_MAX_STRING) ++ replylen = len; ++ } ++ } + + fixed_new_option_reply.magic = htobe64 (NBD_REP_MAGIC); + fixed_new_option_reply.option = htobe32 (option); + fixed_new_option_reply.reply = htobe32 (reply); +- fixed_new_option_reply.replylen = htobe32 (0); ++ fixed_new_option_reply.replylen = htobe32 (replylen); + + debug ("replying to %s with %s", name_of_nbd_opt (option), + name_of_nbd_rep (reply)); + if (conn->send (&fixed_new_option_reply, +- sizeof fixed_new_option_reply, 0) == -1) { +- /* The protocol document says that the client is allowed to simply +- * drop the connection after sending NBD_OPT_ABORT, or may read +- * the reply. +- */ +- if (option == NBD_OPT_ABORT) +- debug ("write: %s: %m", name_of_nbd_opt (option)); +- else +- nbdkit_error ("write: %s: %m", name_of_nbd_opt (option)); +- return -1; +- } ++ sizeof fixed_new_option_reply, ++ replylen > 0 ? SEND_MORE : 0) == -1) ++ goto err; ++ if (replylen > 0 && conn->send (last_error, replylen, 0) == -1) ++ goto err; + + return 0; ++ ++err: ++ /* The protocol document says that the client is allowed to simply ++ * drop the connection after sending NBD_OPT_ABORT, or may read ++ * the reply. ++ */ ++ if (option == NBD_OPT_ABORT) ++ debug ("write: %s: %m", name_of_nbd_opt (option)); ++ else ++ nbdkit_error ("write: %s: %m", name_of_nbd_opt (option)); ++ return -1; + } + + /* Reply to NBD_OPT_LIST with the plugin's list of export names. +diff --git a/tests/Makefile.am b/tests/Makefile.am +index 0664e109..9c321fcb 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -276,6 +276,7 @@ TESTS += \ + test-read-password-interactive.sh \ + test-nbd-client.sh \ + test-nbd-client-tls.sh \ ++ test-last-error.sh \ + $(NULL) + if !IS_WINDOWS + TESTS += \ +@@ -301,6 +302,7 @@ EXTRA_DIST += \ + test-plugin-docs.sh \ + test-ipv4-lo.sh \ + test-ipv6-lo.sh \ ++ test-last-error.sh \ + test-long-name.sh \ + test-nbd-client.sh \ + test-nbd-client-tls.sh \ +diff --git a/tests/test-last-error.sh b/tests/test-last-error.sh +new file mode 100755 +index 00000000..fc720606 +--- /dev/null ++++ b/tests/test-last-error.sh +@@ -0,0 +1,55 @@ ++#!/usr/bin/env bash ++# nbdkit ++# Copyright Red Hat ++# ++# Redistribution and use in source and binary forms, with or without ++# modification, are permitted provided that the following conditions are ++# met: ++# ++# * Redistributions of source code must retain the above copyright ++# notice, this list of conditions and the following disclaimer. ++# ++# * Redistributions in binary form must reproduce the above copyright ++# notice, this list of conditions and the following disclaimer in the ++# documentation and/or other materials provided with the distribution. ++# ++# * Neither the name of Red Hat nor the names of its contributors may be ++# used to endorse or promote products derived from this software without ++# specific prior written permission. ++# ++# THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND ++# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, ++# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A ++# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR ++# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT ++# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF ++# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ++# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, ++# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT ++# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++# SUCH DAMAGE. ++ ++source ./functions.sh ++set -e ++set -x ++ ++# Test informational error messages sent to the NBD client. ++# qemu-img supports this since at least 2.12.0. ++ ++requires_run ++requires_plugin eval ++requires qemu-img --version ++ ++out=last-error.out ++rm -f $out ++cleanup_fn rm -f $out ++ ++export out ++ ++nbdkit eval \ ++ open=' echo EPERM Go Away >&2; exit 1 ' get_size=' echo 0 ' \ ++ --run ' qemu-img info "$uri" > $out 2>&1 ||: ' ++cat $out ++ ++grep "Go Away" $out +-- +2.43.0 + diff --git a/SOURCES/0007-partition-Suggest-alternate-partition-sectorsize.patch b/SOURCES/0007-partition-Suggest-alternate-partition-sectorsize.patch deleted file mode 100644 index 4b8a01c..0000000 --- a/SOURCES/0007-partition-Suggest-alternate-partition-sectorsize.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 3b168aa842dc80a6d95b2c1ccb52a8ef664e7aba Mon Sep 17 00:00:00 2001 -From: "Richard W.M. Jones" -Date: Wed, 20 Dec 2023 10:34:10 +0000 -Subject: [PATCH] partition: Suggest alternate partition-sectorsize - -When we reach this error it means that we have failed to detect the -"EFI PART" signature (indicating GPT) and we've fallen back to parsing -MBR, but in doing so we have discovered a GPT protective MBR which -should only happen for GPT. A possible cause for missing the -signature was because we have the wrong sector size. - -Therefore check for the current sector size (which should be either -512 or 4096) and suggest that the user sets the other sector size. - -Also avoids the case where the user already set partition-sectorsize=4k -and we were suggesting that they set it again. - -Reported-by: Ming Xie -Fixes: commit 7b9301a4c569456a4f96784229a2cd48e8957662 -Fixes: https://issues.redhat.com/browse/RHEL-19815 -(cherry picked from commit cd761c9bf770b23f678fd82f0d1c8d4cce2ed1b5) ---- - filters/partition/partition-mbr.c | 13 ++++++++++--- - 1 file changed, 10 insertions(+), 3 deletions(-) - -diff --git a/filters/partition/partition-mbr.c b/filters/partition/partition-mbr.c -index 3927c31f..6a81addb 100644 ---- a/filters/partition/partition-mbr.c -+++ b/filters/partition/partition-mbr.c -@@ -87,9 +87,16 @@ find_mbr_partition (nbdkit_next *next, - !is_extended (partition.part_type_byte) && - partnum == i+1) { - if (partition.part_type_byte == 0xEE) { -- nbdkit_error ("rejecting GPT protective entry from MBR, " -- "if the underlying storage uses 4K sectors " -- "try using partition-sectorsize=4k"); -+ if (sector_size == 512) -+ nbdkit_error ("rejecting GPT protective entry from MBR, " -+ "if the underlying storage uses 4K sectors " -+ "try using partition-sectorsize=4k"); -+ else if (sector_size == 4096) -+ nbdkit_error ("rejecting GPT protective entry from MBR, " -+ "if the underlying storage uses 512 byte sectors " -+ "try using partition-sectorsize=512"); -+ else -+ nbdkit_error ("rejecting GPT protective entry from MBR"); - return -1; - } - *offset_r = partition.start_sector * (int64_t) sector_size; --- -2.39.3 - diff --git a/SOURCES/copy-patches.sh b/SOURCES/copy-patches.sh index 5b17fc5..8cbd83a 100755 --- a/SOURCES/copy-patches.sh +++ b/SOURCES/copy-patches.sh @@ -6,7 +6,7 @@ set -e # directory. Use it like this: # ./copy-patches.sh -rhel_version=9.4 +rhel_version=9.5 # Check we're in the right directory. if [ ! -f nbdkit.spec ]; then diff --git a/SOURCES/nbdkit-1.36.2.tar.gz.sig b/SOURCES/nbdkit-1.36.2.tar.gz.sig deleted file mode 100644 index 860ae27..0000000 --- a/SOURCES/nbdkit-1.36.2.tar.gz.sig +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAmVjGrARHHJpY2hAYW5u -ZXhpYS5vcmcACgkQkXOPc+G3aKD2Kw/8CQVsyhgHBZ/73IRM7hskDVwidNJ9dgaZ -5BSsgyr8DU0W3yEgwFGAOb7wzKaFBN5vewAiftBz5sDSbddo7b5kzci4Fm+t+G/5 -fE5FRzyj9mwOWvympcfdIwK9lDC+0Kr7lBq7WM8QjS4kG67Dxa9hXFKRxaIHjkY7 -HK2WLUEF8/GU7dE+2aj77CXOo2gwfttCaNdPEv2pqq0ox8TKajWfInsCZ4t7DxUq -EoWTuDYlIMxLN8TSA71Am+8m8zmAZQ7WUr4cB3F8Y9EP8CljaFymI+sAv/EoeHTd -At9ZrT4Pjx0eO47MrSliincxlFIkFB9Bo316NHQ0c8gjQLgLq3nkjGlmr0P5S/iI -VMl4jVp8N2X0gXc78LQy1ARXGUD7IkCm2GePADZb4L8aSewXT6lT3UkONXToZuGE -yXLOPKVnvlnRE4DHQnvDYrwZns2Xm0u+na2bFTJgRu1i+dVSCa2a+ON7s+I2g9OI -jPAw/ps9PeNEi2F6shbJPskQCHZxZUKgrWPq4elPhFDFn1OPUBHeE/qwI5PhnpcC -LL94qWsqI/iXplvcJQ28ioXrbZFygDWheoErMtzt2K36kMDRmCQo4vPf6O+Z3qsb -9JfMLO0U7yjTI7+NJOrXa/aFAD+d0/twr177ox76kngbt7Bu+Thc7gEdncgC6w0B -8gBSF4OZ0w0= -=LFMp ------END PGP SIGNATURE----- diff --git a/SOURCES/nbdkit-1.38.3.tar.gz.sig b/SOURCES/nbdkit-1.38.3.tar.gz.sig new file mode 100644 index 0000000..955145d --- /dev/null +++ b/SOURCES/nbdkit-1.38.3.tar.gz.sig @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- + +iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAmaTi9oRHHJpY2hAYW5u +ZXhpYS5vcmcACgkQkXOPc+G3aKB97w/9H/Ss3V0yhUPgK6bidlCIBmZcUmw0ItTa +PoI42QL+lmJCP4FiLd4aAZRfnosTbi/KFfGC5OI/DhZs/bFvLJPX56Dq+tDfLTo8 +OlpdWkW2E6tALN5ZlA8zFXLfJ+xofpn9/F7O4XdkW04HIpXx4ly8tCPG27idV9UV +jjVzwmo/eqhJTWHJAspD1iB/oXfCVh0VVe3d4G/n32/pLfULwK6iEGMze+51IJoI +SdKPKtwFmPn5e0r34+JLyCilugJvl3crJI2CZt9Azi31joCgEEif0Mkn2aiY8Zc9 +S3/3r9US6VriKYYhilLTgpjbimeNZJGuVPqPS8lhaSmAoyOncG1CcKOk2Tewf8m+ +vrUHFTWKSP6IgdlGnXYZNQprA1zPUePyMpm3RwnaV8N3Vcy0J4lkL80laSQs5VUn +PkzwrSxaegWDnrlBjNQi5cWWVSqUMUsEpCQXu93fvbGi/V2wkVlOx5ubPIIo8ykc +dPVG3+9d2PUEVXyJLWmA5jXJW19EnZK8fttUrcshbF375CU7Vuo6Ds6QFdcTqEs/ +te1c3QxDQav4BeV7VbD5xL1xc931F6fWwa9FpzPf366AhCM/tunw91oIUP2bkw8U +B7Z83x9nAuxewQeeI+7nDLKdhdg/bpeMoiUUCYQVS1K61+4D+J6bmc2lvsvhj3Pp +gMcCwZR9wF0= +=SuJ6 +-----END PGP SIGNATURE----- diff --git a/SOURCES/nbdkit.fc b/SOURCES/nbdkit.fc new file mode 100644 index 0000000..4877736 --- /dev/null +++ b/SOURCES/nbdkit.fc @@ -0,0 +1,3 @@ +/usr/sbin/nbdkit -- gen_context(system_u:object_r:nbdkit_exec_t,s0) + +/usr/lib/systemd/system/nbdkit.* gen_context(system_u:object_r:nbdkit_unit_file_t,s0) diff --git a/SOURCES/nbdkit.if b/SOURCES/nbdkit.if new file mode 100644 index 0000000..315fead --- /dev/null +++ b/SOURCES/nbdkit.if @@ -0,0 +1,207 @@ +## policy for nbdkit + +######################################## +## +## Execute nbdkit_exec_t in the nbdkit domain. +## +## +## +## Domain allowed to transition. +## +## +# +interface(`nbdkit_domtrans',` + gen_require(` + type nbdkit_t, nbdkit_exec_t; + ') + + corecmd_search_bin($1) + domtrans_pattern($1, nbdkit_exec_t, nbdkit_t) +') + +###################################### +## +## Execute nbdkit in the caller domain. +## +## +## +## Domain allowed access. +## +## +# +interface(`nbdkit_exec',` + gen_require(` + type nbdkit_exec_t; + ') + + corecmd_search_bin($1) + can_exec($1, nbdkit_exec_t) +') + +######################################## +## +## Execute nbdkit in the nbdkit domain, and +## allow the specified role the nbdkit domain. +## +## +## +## Domain allowed to transition +## +## +## +## +## The role to be allowed the nbdkit domain. +## +## +# +interface(`nbdkit_run',` + gen_require(` + type nbdkit_t; + attribute_role nbdkit_roles; + ') + + nbdkit_domtrans($1) + roleattribute $2 nbdkit_roles; +') + +######################################## +## +## Role access for nbdkit +## +## +## +## Role allowed access +## +## +## +## +## User domain for the role +## +## +# +interface(`nbdkit_role',` + gen_require(` + type nbdkit_t; + attribute_role nbdkit_roles; + ') + + roleattribute $1 nbdkit_roles; + + nbdkit_domtrans($2) + + ps_process_pattern($2, nbdkit_t) + allow $2 nbdkit_t:process { signull signal sigkill }; +') + +######################################## +## +## Allow attempts to connect to nbdkit +## with a unix stream socket. +## +## +## +## Domain to not audit. +## +## +# +interface(`nbdkit_stream_connect',` + gen_require(` + type nbdkit_t; + ') + + allow $1 nbdkit_t:unix_stream_socket connectto; +') + +######################################## +## +## Allow nbdkit_exec_t to be an entrypoint +## of the specified domain +## +## +## +## Domain allowed access. +## +## +## +# +interface(`nbdkit_entrypoint',` + gen_require(` + type nbdkit_exec_t; + ') + allow $1 nbdkit_exec_t:file entrypoint; +') + +# ---------------------------------------------------------------------- +# RWMJ: See: +# https://issues.redhat.com/browse/RHEL-5174?focusedId=23387259&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-23387259 +# Remove this when virt.if gets updated. + +######################################## +# +# Interface compatibility blocks +# +# The following definitions ensure compatibility with distribution policy +# versions that do not contain given interfaces (epel, or older Fedora +# releases). +# Each block tests for existence of given interface and defines it if needed. +# + +######################################## +## +## Read and write to svirt_image dirs. +## +## +## +## Domain allowed access. +## +## +# +ifndef(`virt_rw_svirt_image_dirs',` + interface(`virt_rw_svirt_image_dirs',` + gen_require(` + type svirt_image_t; + ') + + allow $1 svirt_image_t:dir rw_dir_perms; + ') +') + +######################################## +## +## Create svirt_image sock_files. +## +## +## +## Domain allowed access. +## +## +# +ifndef(`virt_create_svirt_image_sock_files',` + interface(`virt_create_svirt_image_sock_files',` + gen_require(` + type svirt_image_t; + ') + + allow $1 svirt_image_t:sock_file create_sock_file_perms; + ') +') + +######################################## +## +## Read and write virtlogd pipes. +## +## +## +## Domain allowed access. +## +## +# +ifndef(`virtlogd_rw_pipes',` + interface(`virtlogd_rw_pipes',` + gen_require(` + type virtlogd_t; + ') + + allow $1 virtlogd_t:fifo_file rw_fifo_file_perms; + ') +') diff --git a/SOURCES/nbdkit.te b/SOURCES/nbdkit.te new file mode 100644 index 0000000..dbc518e --- /dev/null +++ b/SOURCES/nbdkit.te @@ -0,0 +1,100 @@ +policy_module(nbdkit, 1.0.0) + +######################################## +# +# Declarations +# + +gen_require(` + type unconfined_t; +') + +type nbdkit_t; +type nbdkit_exec_t; +application_domain(nbdkit_t, nbdkit_exec_t) +mcs_constrained(nbdkit_t) +role system_r types nbdkit_t; + +type nbdkit_home_t; +userdom_user_home_content(nbdkit_home_t) + +type nbdkit_tmp_t; +files_tmp_file(nbdkit_tmp_t) + +type nbdkit_unit_file_t; +systemd_unit_file(nbdkit_unit_file_t) + +permissive nbdkit_t; + +######################################## +# +# nbdkit local policy +# +allow nbdkit_t self:capability { setgid setuid }; +allow nbdkit_t self:fifo_file rw_fifo_file_perms; +allow nbdkit_t self:netlink_route_socket rw_netlink_socket_perms; +allow nbdkit_t self:process { fork setsockcreate signal_perms }; +allow nbdkit_t self:tcp_socket create_stream_socket_perms; +allow nbdkit_t self:udp_socket create_socket_perms; + +manage_dirs_pattern(nbdkit_t, nbdkit_tmp_t, nbdkit_tmp_t) +manage_files_pattern(nbdkit_t, nbdkit_tmp_t, nbdkit_tmp_t) +userdom_user_tmp_filetrans(nbdkit_t, nbdkit_tmp_t, { dir file }) + +manage_dirs_pattern(nbdkit_t, nbdkit_home_t, nbdkit_home_t) +manage_files_pattern(nbdkit_t, nbdkit_home_t, nbdkit_home_t) +userdom_user_home_dir_filetrans(nbdkit_t, nbdkit_home_t, { dir file }) + +corenet_tcp_connect_http_port(nbdkit_t) +corenet_tcp_connect_ssh_port(nbdkit_t) +corenet_tcp_connect_tftp_port(nbdkit_t) +corenet_tcp_bind_generic_port(nbdkit_t) +corenet_tcp_bind_generic_node(nbdkit_t) + +domain_use_interactive_fds(nbdkit_t) + +files_read_etc_files(nbdkit_t) + +init_abstract_socket_activation(nbdkit_t) +init_ioctl_stream_sockets(nbdkit_t) +init_rw_stream_sockets(nbdkit_t) + +optional_policy(` + auth_use_nsswitch(nbdkit_t) +') + +optional_policy(` + logging_send_syslog_msg(nbdkit_t) +') + +optional_policy(` + miscfiles_read_localization(nbdkit_t) + miscfiles_read_generic_certs(nbdkit_t) +') + +optional_policy(` + sysnet_dns_name_resolve(nbdkit_t) + sysnet_read_config(nbdkit_t) +') + +optional_policy(` + userdom_read_user_home_content_files(nbdkit_t) + userdom_use_inherited_user_ptys(nbdkit_t) +') + +optional_policy(` + virt_create_svirt_image_sock_files(nbdkit_t) + virt_read_qemu_pid_files(nbdkit_t) + virtlogd_rw_pipes(nbdkit_t) + virt_rw_svirt_image(nbdkit_t) + virt_rw_svirt_image_dirs(nbdkit_t) + virt_search_lib(nbdkit_t) + virt_stream_connect_svirt(nbdkit_t) +') + + +# FIXME: It would be nice to allow libvirt to transition nbdkit_exec_t to +# nbdkit_t when libvirtd was started manually from the commandline (i.e. in +# unconfined_t), but we don't want this transition to happen automatically +# when starting directly from the shell. I'm not sure how to achieve this... +#nbdkit_domtrans(unconfined_t, nbdkit_exec_t, nbdkit_t) diff --git a/SPECS/nbdkit.spec b/SPECS/nbdkit.spec index c12553a..a5fe504 100644 --- a/SPECS/nbdkit.spec +++ b/SPECS/nbdkit.spec @@ -22,8 +22,20 @@ %global have_ocaml 1 %endif +# libblkio was broken on i686: https://bugzilla.redhat.com/2229372 +# but somehow "fixed itself", keep an eye on it. %global have_blkio 1 +# Enable mingw subpackage on Fedora only. +%if 0%{?fedora} +%global have_mingw 1 +%endif + +# Enable nbdkit-selinux package. +%global with_selinux 1 +%global modulename nbdkit +%global selinuxtype targeted + # Architectures where we run the complete test suite including # the libguestfs tests. # @@ -36,25 +48,14 @@ # it as a bug and add it to this list. %global broken_test_arches NONE -%if 0%{?rhel} == 7 -# On RHEL 7, nothing in the virt stack is shipped on aarch64 and -# libguestfs was not shipped on POWER (fixed in 7.5). We could in -# theory make all of this work by having lots more conditionals, but -# for now limit this package to x86_64 on RHEL. -ExclusiveArch: x86_64 -%endif - # If we should verify tarball signature with GPGv2. %global verify_tarball_signature 1 -# If there are patches which touch autotools files, set this to 1. -%global patches_touch_autotools 1 - # The source directory. -%global source_directory 1.36-stable +%global source_directory 1.38-stable Name: nbdkit -Version: 1.36.2 +Version: 1.38.3 Release: 1%{?dist} Summary: NBD server @@ -77,27 +78,33 @@ Source2: libguestfs.keyring Source3: copy-patches.sh # Patches come from the upstream repository: -# https://gitlab.com/nbdkit/nbdkit/-/commits/rhel-9.4/ +# https://gitlab.com/nbdkit/nbdkit/-/commits/rhel-9.5/ # Patches. -Patch0001: 0001-configure-Fix-initialization-from-incompatible-point.patch -Patch0002: 0002-file-Rework-documentation-for-dir-parameter.patch -Patch0003: 0003-file-Fix-markup-when-referencing-dir-option-from-dir.patch -Patch0004: 0004-file-Further-rework-documentation-of-dir-parameter.patch -Patch0005: 0005-exportname-Fix-markup-for-linking-to-other-man-pages.patch -Patch0006: 0006-partition-Don-t-call-nbdkit_error-twice-on-error-pat.patch -Patch0007: 0007-partition-Suggest-alternate-partition-sectorsize.patch +Patch0001: 0001-nbdkit-1.38-Fix-inclusion-of-gnutls-socket.h-with-ol.patch +Patch0002: 0002-server-log-Move-preserve-errno-to-log_verror-functio.patch +Patch0003: 0003-server-Rename-threadlocal_-set-get-_error-to-._errno.patch +Patch0004: 0004-server-Introduce-threadlocal_-set-get-_last_error.patch +Patch0005: 0005-server-Take-a-thread-local-copy-of-the-last-call-to-.patch +Patch0006: 0006-server-Send-the-last-error-to-the-NBD-client.patch # For automatic RPM Provides generation. # See: https://rpm-software-management.github.io/rpm/manual/dependency_generators.html Source4: nbdkit.attr Source5: nbdkit-find-provides -BuildRequires: make -%if 0%{patches_touch_autotools} -BuildRequires: autoconf, automake, libtool -%endif +# For nbdkit-selinux package: +Source6: %{modulename}.te +Source7: %{modulename}.if +Source8: %{modulename}.fc +# For applying the patches: +BuildRequires: git + +# For rebuilding autoconf cruft: +BuildRequires: autoconf, automake, libtool + +BuildRequires: make BuildRequires: gcc, gcc-c++ BuildRequires: %{_bindir}/pod2man BuildRequires: gnutls-devel @@ -173,12 +180,38 @@ BuildRequires: %{_bindir}/stat # itself, but it's a simple noarch package so easy to install. BuildRequires: nbdkit-srpm-macros >= 1.30.0 +%if 0%{?have_mingw} +BuildRequires: mingw32-filesystem +BuildRequires: mingw64-filesystem +BuildRequires: mingw32-gcc +BuildRequires: mingw64-gcc +BuildRequires: mingw32-gcc-c++ +BuildRequires: mingw64-gcc-c++ +BuildRequires: mingw32-dlfcn +BuildRequires: mingw64-dlfcn +BuildRequires: mingw32-gnutls +BuildRequires: mingw64-gnutls +BuildRequires: mingw32-winpthreads +BuildRequires: mingw64-winpthreads +BuildRequires: mingw32-xz +BuildRequires: mingw64-xz +BuildRequires: mingw32-zlib +BuildRequires: mingw64-zlib +%endif + # nbdkit is a metapackage pulling the server and a useful subset # of the plugins and filters. Requires: nbdkit-server%{?_isa} = %{version}-%{release} Requires: nbdkit-basic-plugins%{?_isa} = %{version}-%{release} Requires: nbdkit-basic-filters%{?_isa} = %{version}-%{release} +%if 0%{?with_selinux} +# This ensures that the nbdkit-selinux package and all its +# dependencies are not pulled into containers and other systems that +# do not use SELinux. +Requires: (%{name}-selinux if selinux-policy-%{selinuxtype}) +%endif + %description NBD is a protocol for accessing block devices (hard disks and @@ -324,6 +357,22 @@ Requires: %{name}-server%{?_isa} = %{version}-%{release} This package contains cURL (HTTP/FTP) support for %{name}. +%if !0%{?rhel} +# In theory this is noarch, but because plugins are placed in _libdir +# which varies across architectures, RPM does not allow this. +%package gcs-plugin +Summary: Gooogle Cloud Storage plugin %{name} +Requires: %{name}-python-plugin%{?_isa} = %{version}-%{release} +Requires: %{name}-server%{?_isa} = %{version}-%{release} +# XXX Should not need to add this. +Requires: python3-google-cloud-storage + +%description gcs-plugin +This package lets you open disk images stored in Google +Cloud Storage using %{name}. +%endif + + %if !0%{?rhel} && 0%{?have_libguestfs} %package guestfs-plugin Summary: libguestfs plugin for %{name} @@ -441,7 +490,8 @@ This package lets you write Ruby plugins for %{name}. # which varies across architectures, RPM does not allow this. %package S3-plugin Summary: Amazon S3 and Ceph plugin for %{name} -Requires: %{name}-python-plugin >= 1.22 +Requires: %{name}-python-plugin%{?_isa} = %{version}-%{release} +Requires: %{name}-server%{?_isa} = %{version}-%{release} # XXX Should not need to add this. Requires: python3-boto3 @@ -582,6 +632,8 @@ nbdkit-rate-filter Limit bandwidth by connection or server. nbdkit-readahead-filter Prefetch data when reading sequentially. +nbdkit-readonly-filter Switch a plugin between read-only and writable. + nbdkit-retry-filter Reopen connection on error. nbdkit-retry-request-filter Retry single requests on error. @@ -671,17 +723,70 @@ Install this package if you want intelligent bash tab-completion for %{name}. +%if 0%{?with_selinux} +%package selinux +Summary: %{name} SELinux policy +BuildArch: noarch +Requires: selinux-policy-%{selinuxtype} +Requires(post):selinux-policy-%{selinuxtype} +BuildRequires: selinux-policy-devel +%{?selinux_requires} + +%description selinux +%{nbdkit} SELinux policy module. +%endif + + +%if 0%{?have_mingw} +%package -n mingw32-%{name} +Summary: nbdkit binary, plugins, filters, development files for Windows +BuildArch: noarch +Requires: mingw32-filesystem +Requires: pkgconfig + +%description -n mingw32-%{name} +NBD is a protocol for accessing block devices (hard disks and +disk-like things) over the network. + +nbdkit is a toolkit for creating NBD servers. + +This package contains the nbdkit binary, plugins, filters and +development kit for 32 bit versions of Windows. + + +%package -n mingw64-%{name} +Summary: nbdkit binary, plugins, filters, development files for Windows +BuildArch: noarch +Requires: mingw64-filesystem +Requires: pkgconfig + +%description -n mingw64-%{name} +NBD is a protocol for accessing block devices (hard disks and +disk-like things) over the network. + +nbdkit is a toolkit for creating NBD servers. + +This package contains the nbdkit binary, plugins, filters and +development kit for 64 bit versions of Windows. + + +%{?mingw_debug_package} +%endif + + %prep %if 0%{verify_tarball_signature} %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' %endif -%autosetup -p1 -%if 0%{patches_touch_autotools} +%autosetup -p1 -S git autoreconf -i -%endif %build +mkdir build_native +pushd build_native +%global _configure ../configure + # Golang bindings are not enabled in the build since they don't # need to be. Most people would use them by copying the upstream # package into their vendor/ directory. @@ -761,8 +866,64 @@ grep '^PYTHON_VERSION = 3' Makefile %make_build +%if 0%{?with_selinux} +# SELinux policy (originally from selinux-policy-contrib) +# this policy module will override the production module +mkdir selinux +cp -p %{SOURCE6} selinux/ +cp -p %{SOURCE7} selinux/ +cp -p %{SOURCE8} selinux/ + +make -f %{_datadir}/selinux/devel/Makefile %{modulename}.pp +bzip2 -9 %{modulename}.pp +%endif + +popd + +%if 0%{?have_mingw} +# MC=no is a temporary hack until this bug is fixed in binutils: +# https://sourceware.org/bugzilla/show_bug.cgi?id=31283 +%mingw_configure \ + MC=no \ + --disable-static \ + --enable-shared \ + --with-extra='%{name}-%{version}-%{release}' \ + --with-tls-priority=@NBDKIT,SYSTEM \ + --disable-golang \ + --disable-libguestfs-tests \ + --disable-linuxdisk \ + --disable-lua \ + --disable-ocaml \ + --disable-perl \ + --disable-python \ + --disable-ruby \ + --disable-rust \ + --disable-tcl \ + --disable-torrent \ + --disable-valgrind \ + --disable-vddk \ + --without-bash-completions \ + --without-curl \ + --without-ext2 \ + --with-gnutls \ + --without-iso \ + --without-libblkio \ + --without-libguestfs \ + --without-libnbd \ + --without-libvirt \ + --with-liblzma \ + --without-manpages \ + --without-selinux \ + --without-ssh \ + --with-zlib \ + %{nil} + +%mingw_make %{?_smp_mflags} +%endif + %install +pushd build_native %make_install # Delete libtool crap. @@ -778,8 +939,10 @@ for f in cc cdi ; do rm -f $RPM_BUILD_ROOT%{_libdir}/%{name}/plugins/nbdkit-$f-plugin.so rm -f $RPM_BUILD_ROOT%{_mandir}/man?/nbdkit-$f-plugin.* done -rm -f $RPM_BUILD_ROOT%{_libdir}/%{name}/plugins/nbdkit-S3-plugin -rm -f $RPM_BUILD_ROOT%{_mandir}/man1/nbdkit-S3-plugin.1* +for f in gcs S3 ; do + rm -f $RPM_BUILD_ROOT%{_libdir}/%{name}/plugins/nbdkit-$f-plugin + rm -f $RPM_BUILD_ROOT%{_mandir}/man1/nbdkit-$f-plugin.1* +done rm -f $RPM_BUILD_ROOT%{_libdir}/%{name}/filters/nbdkit-qcow2dec-filter.so rm -f $RPM_BUILD_ROOT%{_mandir}/man1/nbdkit-qcow2dec-filter.1* %endif @@ -789,9 +952,34 @@ mkdir -p $RPM_BUILD_ROOT%{_rpmconfigdir}/fileattrs/ install -m 0644 %{SOURCE4} $RPM_BUILD_ROOT%{_rpmconfigdir}/fileattrs/ install -m 0755 %{SOURCE5} $RPM_BUILD_ROOT%{_rpmconfigdir}/ +%if 0%{?with_selinux} +install -D -m 0644 %{modulename}.pp.bz2 $RPM_BUILD_ROOT%{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2 +install -D -p -m 0644 selinux/%{modulename}.if $RPM_BUILD_ROOT%{_datadir}/selinux/devel/include/distributed/%{modulename}.if +%endif +popd + +%if 0%{?have_mingw} +%mingw_make_install + +# Remove .la files +rm -f $RPM_BUILD_ROOT%{mingw32_libdir}/*.la +rm -f $RPM_BUILD_ROOT%{mingw64_libdir}/*.la + +# The .def files aren't interesting for other binaries +rm -f $RPM_BUILD_ROOT%{mingw32_bindir}/*.def +rm -f $RPM_BUILD_ROOT%{mingw64_bindir}/*.def + +# Remove man pages which duplicate stuff in Fedora already. +rm -rf $RPM_BUILD_ROOT%{mingw32_mandir} +rm -rf $RPM_BUILD_ROOT%{mingw64_mandir} + +%mingw_debug_install_post +%endif + %check %ifnarch %{broken_test_arches} +pushd build_native function skip_test () { for f in "$@"; do @@ -836,6 +1024,7 @@ export LIBGUESTFS_TRACE=1 cat tests/test-suite.log exit 1 } +popd %endif @@ -844,6 +1033,26 @@ export LIBGUESTFS_TRACE=1 %endif +%if 0%{?with_selinux} +# SELinux contexts are saved so that only affected files can be +# relabeled after the policy module installation +%pre selinux +%selinux_relabel_pre -s %{selinuxtype} + +%post selinux +%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2 + +%postun selinux +if [ $1 -eq 0 ]; then + %selinux_modules_uninstall -s %{selinuxtype} %{modulename} +fi + +%posttrans selinux +%selinux_relabel_post -s %{selinuxtype} +# if with_selinux +%endif + + %files # metapackage so empty @@ -949,6 +1158,15 @@ export LIBGUESTFS_TRACE=1 %{_mandir}/man1/nbdkit-curl-plugin.1* +%if !0%{?rhel} +%files gcs-plugin +%doc README.md +%license LICENSE +%{_libdir}/%{name}/plugins/nbdkit-gcs-plugin +%{_mandir}/man1/nbdkit-gcs-plugin.1* +%endif + + %if !0%{?rhel} && 0%{?have_libguestfs} %files guestfs-plugin %doc README.md @@ -1125,6 +1343,7 @@ export LIBGUESTFS_TRACE=1 %endif %{_libdir}/%{name}/filters/nbdkit-rate-filter.so %{_libdir}/%{name}/filters/nbdkit-readahead-filter.so +%{_libdir}/%{name}/filters/nbdkit-readonly-filter.so %{_libdir}/%{name}/filters/nbdkit-retry-filter.so %{_libdir}/%{name}/filters/nbdkit-retry-request-filter.so %{_libdir}/%{name}/filters/nbdkit-scan-filter.so @@ -1165,6 +1384,7 @@ export LIBGUESTFS_TRACE=1 %endif %{_mandir}/man1/nbdkit-rate-filter.1* %{_mandir}/man1/nbdkit-readahead-filter.1* +%{_mandir}/man1/nbdkit-readonly-filter.1* %{_mandir}/man1/nbdkit-retry-filter.1* %{_mandir}/man1/nbdkit-retry-request-filter.1* %{_mandir}/man1/nbdkit-scan-filter.1* @@ -1216,7 +1436,7 @@ export LIBGUESTFS_TRACE=1 # Include the source of the example plugins in the documentation. %doc plugins/example*/*.c %if !0%{?rhel} -%doc plugins/example4/nbdkit-example4-plugin +%doc build_native/plugins/example4/nbdkit-example4-plugin %doc plugins/lua/example.lua %endif %if !0%{?rhel} && 0%{?have_ocaml} @@ -1229,7 +1449,7 @@ export LIBGUESTFS_TRACE=1 %if !0%{?rhel} %doc plugins/ruby/example.rb %endif -%doc plugins/sh/example.sh +%doc plugins/sh/examples/*.sh %if !0%{?rhel} %doc plugins/tcl/example.tcl %endif @@ -1256,8 +1476,46 @@ export LIBGUESTFS_TRACE=1 %{_datadir}/bash-completion/completions/nbdkit +%if 0%{?with_selinux} +%files selinux +%{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.* +%{_datadir}/selinux/devel/include/distributed/%{modulename}.if +%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename} +%endif + + +%if 0%{?have_mingw} +%files -n mingw32-%{name} +%license LICENSE +%{mingw32_sbindir}/nbdkit.exe +%{mingw32_libdir}/%{name}/ +%{mingw32_libdir}/libnbdkit.a +%{mingw32_libdir}/pkgconfig/%{name}.pc +%{mingw32_includedir}/*.h + + +%files -n mingw64-%{name} +%license LICENSE +%{mingw64_sbindir}/nbdkit.exe +%{mingw64_libdir}/%{name}/ +%{mingw64_libdir}/libnbdkit.a +%{mingw64_libdir}/pkgconfig/%{name}.pc +%{mingw64_includedir}/*.h +%endif + + %changelog -* Tue Dec 20 2023 Richard W.M. Jones - 1.36.2-1 +* Fri Jul 26 2024 Richard W.M. Jones - 1.38.3-1 +- Rebase to 1.38.3 (along stable branch) +- Send the last error to the NBD client + resolves: RHEL-50664 + +* Tue Apr 09 2024 Miroslav Rezanina - 1.38.0-1 +- Rebase to 1.38.0 +- Added selinux subpackage +- resolves: RHEL-31884 + +* Wed Dec 20 2023 Richard W.M. Jones - 1.36.2-1 - Rebase to 1.36.2 resolves: RHEL-14475 - partition: Suggest alternate partition-sectorsize