rpms/nbdkit
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import CS nbdkit-1.38.3-1.el9

Browse Source
This commit is contained in:
eabdullin 2024-09-30 16:09:07 +00:00
parent 08ddafd5a2
commit 214f09b92f
22 changed files with 1363 additions and 403 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/libguestfs.keyring
SOURCES/nbdkit-1.36.2.tar.gz
SOURCES/nbdkit-1.38.3.tar.gz

2
.nbdkit.metadata
View File

@ -1,2 +1,2 @@
cc1b37b9cfafa515aab3eefd345ecc59aac2ce7b SOURCES/libguestfs.keyring
ca7c103dc96a65bfa5f6263bb5df8478f8038948 SOURCES/nbdkit-1.36.2.tar.gz
442637a8da4527c50f9bac0762c31276c2d00796 SOURCES/nbdkit-1.38.3.tar.gz

44
SOURCES/0001-configure-Fix-initialization-from-incompatible-point.patch
View File

@ -1,44 +0,0 @@
From ac87babe2d1652e3f37715efe9f29ad6f16eb9df Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Mon, 4 Dec 2023 10:23:29 +0000
Subject: [PATCH] configure: Fix initialization from incompatible pointer type
With GCC 14:
configure:20816: checking if environ is declared in header files
configure:20833: gcc -c -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grec
ord-gcc-switches -pipe -Wall -Werror=format-security
-Werror=implicit-function-declaration -Werror=implicit-int
-Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS
-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong
-specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic
-fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection
-fno-omit-frame-pointer -mno-omit-leaf-frame-pointer conftest.c >&5
conftest.c: In function 'test':
conftest.c:62:22: error: initialization of 'const char **' from incompatible p
ointer type 'char **'
62 | const char **env = environ;
| ^~~~~~~
Thanks: Florian Weimer
(cherry picked from commit 32a9ee6650654469cd591a3ae26842c54f898392)
---
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 3b12e357..beab4674 100644
--- a/configure.ac
+++ b/configure.ac
@@ -335,7 +335,7 @@ AC_LANG_SOURCE([[
static int
test (void)
{
- const char **env = environ;
+ char **env = environ;
return env ? 1 : 0; // this just forces env to be used
}
]])
--
2.39.3

46
SOURCES/0001-nbdkit-1.38-Fix-inclusion-of-gnutls-socket.h-with-ol.patch Normal file
View File

@ -0,0 +1,46 @@
From 14a2646d4221d50b4b194d5dd2d6010808ea642b Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Sun, 14 Jul 2024 09:50:31 +0100
Subject: [PATCH] nbdkit 1.38: Fix inclusion of <gnutls/socket.h> with old
gnutls
Development branch commit 8ce65bac5a ("build: Move to minimum gnutls
>= 3.5.18") changed the way that <gnutls/socket.h> is included. I
didn't cherry pick this commit to the stable-1.38 branch since we
don't want to force people to update gnutls.
However when I cherry picked commit 47987e43bd ("server/crypto.c:
Check <gnutls/socket.h> works before including it"), I missed that
there was still a place where <gnutls/socket.h> was included (which
would have been fixed by the commit above).
The upshot is that compilation of nbdkit 1.38.3 fails on mingw:
In file included from ../../server/crypto.c:69:
/usr/i686-w64-mingw32/sys-root/mingw/include/gnutls/socket.h:32:10: fatal error: sys/socket.h: No such file or directory
32 | #include <sys/socket.h>
| ^~~~~~~~~~~~~~
compilation terminated.
Fixes: commit f889d822dd96bcf8c0427bd541d730d58b166d83
---
server/crypto.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/server/crypto.c b/server/crypto.c
index 83970282..86843192 100644
--- a/server/crypto.c
+++ b/server/crypto.c
@@ -65,9 +65,6 @@
#else
#define TRY_KTLS 0
#endif
-#if TRY_KTLS
-#include <gnutls/socket.h>
-#endif
static int crypto_auth;
#define CRYPTO_AUTH_CERTIFICATES 1
--
2.43.0

58
SOURCES/0002-file-Rework-documentation-for-dir-parameter.patch
View File

@ -1,58 +0,0 @@
From 054798ca11b9f0b71fbad302edf66b52519f5aa2 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 14 Dec 2023 17:47:10 +0000
Subject: [PATCH] file: Rework documentation for dir= parameter
The existing documentation tended towards jargon and lacked examples.
(cherry picked from commit 7cbd49ced6414e49fcf4ff1a967929a2b83ab44e)
---
plugins/file/nbdkit-file-plugin.pod | 23 +++++++++++++++++------
1 file changed, 17 insertions(+), 6 deletions(-)
diff --git a/plugins/file/nbdkit-file-plugin.pod b/plugins/file/nbdkit-file-plugin.pod
index 857ad21e..e47eae97 100644
--- a/plugins/file/nbdkit-file-plugin.pod
+++ b/plugins/file/nbdkit-file-plugin.pod
@@ -64,13 +64,23 @@ symbolic links. Other special files in the directory (such as
subdirectories, pipes, or Unix sockets) are ignored.
When this mode is used, the file to be served is chosen by the export
-name passed by the client, where the client can request a list of
-available exports using NBD_OPT_LIST. A client that requests the
-default export (C<"">) will be rejected. However, you can use
-L<nbdkit-exportname-filter(1)> to adjust what export names the client
-sees or uses as a default. For security, when using directory mode,
+name passed by the client. For security, when using directory mode,
this plugin will not accept export names containing slash (C</>).
+To list exports, use L<nbdinfo(1)> I<--list> option, for example:
+
+ nbdinfo --list nbd://localhost
+
+An NBD client can request a list of available exports using
+C<NBD_OPT_LIST>.
+
+A client that requests the default export (C<"">) will be rejected.
+However, you can use L<nbdkit-exportname-filter(1)> to adjust what
+export names the client sees, and which one the client uses as a
+default. For example to make F</dir/file> be the default export:
+
+ nbdkit file dir=/dir --filter=exportname default-export=file
+
=item B<dirfd=>FILE_DESCRIPTOR
(nbdkit E<ge> 1.34, not Windows)
@@ -262,7 +272,8 @@ L<nbdkit-tmpdisk-plugin(1)>,
L<nbdkit-exportname-filter(1)>,
L<nbdkit-fua-filter(1)>,
L<nbdkit-luks-filter(1)>,
-L<nbdkit-noextents-filter(1)>.
+L<nbdkit-noextents-filter(1)>,
+L<nbdinfo(1)>.
=head1 AUTHORS
--
2.39.3

151
SOURCES/0002-server-log-Move-preserve-errno-to-log_verror-functio.patch Normal file
View File

@ -0,0 +1,151 @@
From f39c63a79ffb888bd565eb49b0ee2590fad8fbb9 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 23 Jul 2024 14:46:41 +0100
Subject: [PATCH] server: log: Move preserve errno to log_verror function
This neutral code refactoring just moves the place where we preserve
errno out one layer, but should have no other effect.
(cherry picked from commit f2c644d4495d5e75883ff729936102c90489e8d8)
---
server/internal.h | 8 ++++----
server/log-stderr.c | 9 ++-------
server/log-syslog.c | 13 ++++---------
server/log.c | 12 ++++++++----
4 files changed, 18 insertions(+), 24 deletions(-)
diff --git a/server/internal.h b/server/internal.h
index 7eba3bce..57e777e9 100644
--- a/server/internal.h
+++ b/server/internal.h
@@ -339,10 +339,10 @@ extern void free_debug_flags (void);
extern void log_verror (const char *fs, va_list args);
/* log-*.c */
-extern void log_stderr_verror (const char *fs, va_list args)
- ATTRIBUTE_FORMAT_PRINTF (1, 0);
-extern void log_syslog_verror (const char *fs, va_list args)
- ATTRIBUTE_FORMAT_PRINTF (1, 0);
+extern void log_stderr_verror (int orig_errno, const char *fs, va_list args)
+ ATTRIBUTE_FORMAT_PRINTF (2, 0);
+extern void log_syslog_verror (int orig_errno, const char *fs, va_list args)
+ ATTRIBUTE_FORMAT_PRINTF (2, 0);
/* vfprintf.c */
#if !HAVE_VFPRINTF_PERCENT_M
diff --git a/server/log-stderr.c b/server/log-stderr.c
index 8a55f5df..4d8b09da 100644
--- a/server/log-stderr.c
+++ b/server/log-stderr.c
@@ -43,12 +43,9 @@
#include "internal.h"
-/* Note: preserves the previous value of errno. */
void
-log_stderr_verror (const char *fs, va_list args)
+log_stderr_verror (int orig_errno, const char *fs, va_list args)
{
- int err = errno; /* must be first line of function */
-
const char *name = threadlocal_get_name ();
size_t instance_num = threadlocal_get_instance_num ();
int tty;
@@ -69,7 +66,7 @@ log_stderr_verror (const char *fs, va_list args)
}
fprintf (stderr, "error: ");
- errno = err; /* must restore in case fs contains %m */
+ errno = orig_errno; /* must restore in case fs contains %m */
vfprintf (stderr, fs, args);
fprintf (stderr, "\n");
@@ -78,6 +75,4 @@ log_stderr_verror (const char *fs, va_list args)
#ifdef HAVE_FUNLOCKFILE
funlockfile (stderr);
#endif
-
- errno = err; /* must be last line of function */
}
diff --git a/server/log-syslog.c b/server/log-syslog.c
index 76c5035b..29a7a825 100644
--- a/server/log-syslog.c
+++ b/server/log-syslog.c
@@ -45,11 +45,9 @@
/* Tempted to use LOG_FTP instead of LOG_DAEMON! */
static const int PRIORITY = LOG_DAEMON|LOG_ERR;
-/* Note: preserves the previous value of errno. */
void
-log_syslog_verror (const char *fs, va_list args)
+log_syslog_verror (int orig_errno, const char *fs, va_list args)
{
- int err = errno;
const char *name = threadlocal_get_name ();
size_t instance_num = threadlocal_get_instance_num ();
CLEANUP_FREE char *msg = NULL;
@@ -59,9 +57,9 @@ log_syslog_verror (const char *fs, va_list args)
fp = open_memstream (&msg, &len);
if (fp == NULL) {
/* Fallback to logging using fs, args directly. */
- errno = err; /* Must restore in case fs contains %m */
+ errno = orig_errno; /* must restore in case fs contains %m */
vsyslog (PRIORITY, fs, args);
- goto out;
+ return;
}
if (name) {
@@ -71,12 +69,9 @@ log_syslog_verror (const char *fs, va_list args)
fprintf (fp, ": ");
}
- errno = err; /* Must restore in case fs contains %m */
+ errno = orig_errno; /* must restore in case fs contains %m */
vfprintf (fp, fs, args);
close_memstream (fp);
syslog (PRIORITY, "%s", msg);
-
- out:
- errno = err;
}
diff --git a/server/log.c b/server/log.c
index 464e4f9a..9c1f667a 100644
--- a/server/log.c
+++ b/server/log.c
@@ -46,23 +46,27 @@
void
log_verror (const char *fs, va_list args)
{
+ int orig_errno = errno;
+
switch (log_to) {
case LOG_TO_DEFAULT:
if (forked_into_background)
- log_syslog_verror (fs, args);
+ log_syslog_verror (orig_errno, fs, args);
else
- log_stderr_verror (fs, args);
+ log_stderr_verror (orig_errno, fs, args);
break;
case LOG_TO_SYSLOG:
- log_syslog_verror (fs, args);
+ log_syslog_verror (orig_errno, fs, args);
break;
case LOG_TO_STDERR:
- log_stderr_verror (fs, args);
+ log_stderr_verror (orig_errno, fs, args);
break;
case LOG_TO_NULL:
/* nothing */
break;
}
+
+ errno = orig_errno; /* Restore errno before leaving the function. */
}
/* Note: preserves the previous value of errno. */
--
2.43.0

28
SOURCES/0003-file-Fix-markup-when-referencing-dir-option-from-dir.patch
View File

@ -1,28 +0,0 @@
From 596f97316e65c151741e6ee42893023f6e945c01 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Sat, 16 Dec 2023 18:08:37 +0000
Subject: [PATCH] file: Fix markup when referencing dir= option from dirfd=
docs
Fixes: commit dd28b005430d020ccd1825437937c317332d3007
(cherry picked from commit 5b8c9c49cc352e9b0fba4dde9e0f57c53c9c2457)
---
plugins/file/nbdkit-file-plugin.pod | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/plugins/file/nbdkit-file-plugin.pod b/plugins/file/nbdkit-file-plugin.pod
index e47eae97..5feb8ea9 100644
--- a/plugins/file/nbdkit-file-plugin.pod
+++ b/plugins/file/nbdkit-file-plugin.pod
@@ -85,7 +85,7 @@ default. For example to make F</dir/file> be the default export:
(nbdkit E<ge> 1.34, not Windows)
-This is like the I<dir> option, but instead of specifying the
+This is like the C<dir=> option, but instead of specifying the
directory by name, the parent process should open the directory and
pass this file descriptor by inheritance to nbdkit.
--
2.39.3

177
SOURCES/0003-server-Rename-threadlocal_-set-get-_error-to-._errno.patch Normal file
View File

@ -0,0 +1,177 @@
From 179227c7d6b0677dcd1dced55881e0d024745424 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Wed, 24 Jul 2024 10:29:13 +0100
Subject: [PATCH] server: Rename threadlocal_{set,get}_error to .._errno
A simple mechanical change, to avoid confusion with
threadlocal_{set,get}_last_error introduced in the following commit.
(cherry picked from commit 1d7f655726ad3483d0e8086741182aada7ae8595)
---
server/internal.h | 4 ++--
server/plugins.c | 27 +++++++++++++--------------
server/protocol.c | 5 +++--
server/threadlocal.c | 4 ++--
4 files changed, 20 insertions(+), 20 deletions(-)
diff --git a/server/internal.h b/server/internal.h
index 57e777e9..6549c87b 100644
--- a/server/internal.h
+++ b/server/internal.h
@@ -568,8 +568,8 @@ extern void threadlocal_set_name (const char *name)
extern const char *threadlocal_get_name (void);
extern void threadlocal_set_instance_num (size_t instance_num);
extern size_t threadlocal_get_instance_num (void);
-extern void threadlocal_set_error (int err);
-extern int threadlocal_get_error (void);
+extern void threadlocal_set_errno (int err);
+extern int threadlocal_get_errno (void);
extern void *threadlocal_buffer (size_t size);
extern void threadlocal_set_conn (struct connection *conn);
extern struct connection *threadlocal_get_conn (void);
diff --git a/server/plugins.c b/server/plugins.c
index ca89ac7a..3c7df0d2 100644
--- a/server/plugins.c
+++ b/server/plugins.c
@@ -633,15 +633,14 @@ plugin_can_cache (struct context *c)
NBDKIT_DLL_PUBLIC void
nbdkit_set_error (int err)
{
- threadlocal_set_error (err);
+ threadlocal_set_errno (err);
}
-/* Grab the appropriate error value.
- */
+/* Grab the appropriate error value. */
static int
-get_error (struct backend_plugin *p)
+get_errno (struct backend_plugin *p)
{
- int ret = threadlocal_get_error ();
+ int ret = threadlocal_get_errno ();
if (!ret && p->plugin.errno_is_preserved != 0)
ret = errno;
@@ -664,7 +663,7 @@ plugin_pread (struct context *c,
else
r = p->plugin._pread_v1 (c->handle, buf, count, offset);
if (r == -1)
- *err = get_error (p);
+ *err = get_errno (p);
return r;
}
@@ -685,7 +684,7 @@ plugin_flush (struct context *c,
return -1;
}
if (r == -1)
- *err = get_error (p);
+ *err = get_errno (p);
return r;
}
@@ -715,7 +714,7 @@ plugin_pwrite (struct context *c,
if (r != -1 && need_flush)
r = plugin_flush (c, 0, err);
if (r == -1 && !*err)
- *err = get_error (p);
+ *err = get_errno (p);
return r;
}
@@ -744,7 +743,7 @@ plugin_trim (struct context *c,
if (r != -1 && need_flush)
r = plugin_flush (c, 0, err);
if (r == -1 && !*err)
- *err = get_error (p);
+ *err = get_errno (p);
return r;
}
@@ -782,7 +781,7 @@ plugin_zero (struct context *c,
else
emulate = true;
if (r == -1)
- *err = emulate ? EOPNOTSUPP : get_error (p);
+ *err = emulate ? EOPNOTSUPP : get_errno (p);
if (r == 0 || (*err != EOPNOTSUPP && *err != ENOTSUP))
goto done;
}
@@ -794,7 +793,7 @@ plugin_zero (struct context *c,
}
flags &= ~NBDKIT_FLAG_MAY_TRIM;
- threadlocal_set_error (0);
+ threadlocal_set_errno (0);
*err = 0;
while (count) {
@@ -814,7 +813,7 @@ plugin_zero (struct context *c,
if (r != -1 && need_flush)
r = plugin_flush (c, 0, err);
if (r == -1 && !*err)
- *err = get_error (p);
+ *err = get_errno (p);
return r;
}
@@ -839,7 +838,7 @@ plugin_extents (struct context *c,
r = -1;
}
if (r == -1)
- *err = get_error (p);
+ *err = get_errno (p);
return r;
}
@@ -859,7 +858,7 @@ plugin_cache (struct context *c,
r = p->plugin.cache (c->handle, count, offset, flags);
if (r == -1)
- *err = get_error (p);
+ *err = get_errno (p);
return r;
}
diff --git a/server/protocol.c b/server/protocol.c
index 9b63f789..677da05c 100644
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -235,8 +235,9 @@ handle_request (uint16_t cmd, uint16_t flags, uint64_t offset, uint32_t count,
int err = 0;
/* Clear the error, so that we know if the plugin calls
- * nbdkit_set_error() or relied on errno. */
- threadlocal_set_error (0);
+ * nbdkit_set_error() or relied on errno.
+ */
+ threadlocal_set_errno (0);
switch (cmd) {
case NBD_CMD_READ:
diff --git a/server/threadlocal.c b/server/threadlocal.c
index 088fe55a..9bb656bc 100644
--- a/server/threadlocal.c
+++ b/server/threadlocal.c
@@ -154,7 +154,7 @@ threadlocal_get_instance_num (void)
}
void
-threadlocal_set_error (int err)
+threadlocal_set_errno (int err)
{
struct threadlocal *threadlocal = pthread_getspecific (threadlocal_key);
@@ -167,7 +167,7 @@ threadlocal_set_error (int err)
/* This preserves errno, for convenience.
*/
int
-threadlocal_get_error (void)
+threadlocal_get_errno (void)
{
int err = errno;
struct threadlocal *threadlocal = pthread_getspecific (threadlocal_key);
--
2.43.0

108
SOURCES/0004-file-Further-rework-documentation-of-dir-parameter.patch
View File

@ -1,108 +0,0 @@
From 0d080223a8567a5ef673deb6ac49152fd67dd1b7 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Sat, 16 Dec 2023 18:03:13 +0000
Subject: [PATCH] file: Further rework documentation of dir= parameter
Move the documentation to a new section, allowing us to expand on this
topic. This also makes the HTML documentation linkable.
Updates: commit 7cbd49ced6414e49fcf4ff1a967929a2b83ab44e
(cherry picked from commit 74621ec608d0edd76c2d8de140e7d1d5626c8251)
---
plugins/file/nbdkit-file-plugin.pod | 66 +++++++++++++++++++++--------
1 file changed, 49 insertions(+), 17 deletions(-)
diff --git a/plugins/file/nbdkit-file-plugin.pod b/plugins/file/nbdkit-file-plugin.pod
index 5feb8ea9..de8fbeba 100644
--- a/plugins/file/nbdkit-file-plugin.pod
+++ b/plugins/file/nbdkit-file-plugin.pod
@@ -63,23 +63,7 @@ directory named C<DIRECTORY>, including those found by following
symbolic links. Other special files in the directory (such as
subdirectories, pipes, or Unix sockets) are ignored.
-When this mode is used, the file to be served is chosen by the export
-name passed by the client. For security, when using directory mode,
-this plugin will not accept export names containing slash (C</>).
-
-To list exports, use L<nbdinfo(1)> I<--list> option, for example:
-
- nbdinfo --list nbd://localhost
-
-An NBD client can request a list of available exports using
-C<NBD_OPT_LIST>.
-
-A client that requests the default export (C<"">) will be rejected.
-However, you can use L<nbdkit-exportname-filter(1)> to adjust what
-export names the client sees, and which one the client uses as a
-default. For example to make F</dir/file> be the default export:
-
- nbdkit file dir=/dir --filter=exportname default-export=file
+See L</Serving multiple files and block devices> below.
=item B<dirfd=>FILE_DESCRIPTOR
@@ -89,6 +73,8 @@ This is like the C<dir=> option, but instead of specifying the
directory by name, the parent process should open the directory and
pass this file descriptor by inheritance to nbdkit.
+See L</Serving multiple files and block devices> below.
+
=item B<fadvise=normal>
=item B<fadvise=random>
@@ -140,6 +126,52 @@ L<https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file#win32-devi
=head1 NOTES
+=head2 Serving multiple files and block devices
+
+Using C<dir=DIRECTORY> (or C<dirfd=DIRFD>) you can serve all regular
+files and block devices located directly inside the directory named
+C<DIRECTORY>, including those found by following symbolic links.
+Other special files in the directory (such as subdirectories, pipes,
+or Unix sockets) are ignored.
+
+When this mode is used, the file to be served is chosen by the export
+name passed by the client. For security, when using directory mode,
+this plugin will not accept export names containing slash (C</>).
+
+For example:
+
+ $ ls -l /var/tmp/exports
+ total 0
+ -rw-r--r--. 1 rjones rjones 1048576 Dec 14 15:34 disk1
+ -rw-r--r--. 1 rjones rjones 2097152 Dec 14 15:34 disk2
+ lrwxrwxrwx. 1 rjones rjones 9 Dec 14 15:35 sda1 -> /dev/sda1
+ $ nbdkit file dir=/var/tmp/exports
+
+will serve three exports called C<"disk1">, C<"disk2"> and C<"sda1">.
+The first two are regular files and the last is a block device. You
+can add or remove files or symbolic links from the directory while
+nbdkit is running.
+
+To list exports, use L<nbdinfo(1)> I<--list> option, for example:
+
+ $ nbdinfo --list nbd://localhost
+ protocol: newstyle-fixed without TLS, using structured packets
+ export="disk1":
+ export-size: 1048576 (1M)
+ uri: nbd://localhost:10809/disk1
+ [etc]
+
+An NBD client can request a list of available exports using
+C<NBD_OPT_LIST>. For libnbd clients see nbd_opt_list(3).
+
+A client that requests the default export (C<"">) will be rejected.
+However, you can use L<nbdkit-exportname-filter(1)> to adjust the
+default export as well as other transformations of export names. For
+example to make F</var/tmp/exports/disk1> be the default export:
+
+ nbdkit file dir=/var/tmp/exports \
+ --filter=exportname default-export=disk1
+
=head2 Optimizing for random or sequential access
If you know in advance that the NBD client will access the file
--
2.39.3

95
SOURCES/0004-server-Introduce-threadlocal_-set-get-_last_error.patch Normal file
View File

@ -0,0 +1,95 @@
From 334ab902477a0e1db4d70a5c809eafe49ab1fc6e Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Wed, 24 Jul 2024 10:37:58 +0100
Subject: [PATCH] server: Introduce threadlocal_{set,get}_last_error
Plus a function to clear the last_error field.
(cherry picked from commit fa5055ae2b9f96af941d697de39198c96ee2580a)
---
server/internal.h | 3 +++
server/threadlocal.c | 40 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 43 insertions(+)
diff --git a/server/internal.h b/server/internal.h
index 6549c87b..da19fb99 100644
--- a/server/internal.h
+++ b/server/internal.h
@@ -570,6 +570,9 @@ extern void threadlocal_set_instance_num (size_t instance_num);
extern size_t threadlocal_get_instance_num (void);
extern void threadlocal_set_errno (int err);
extern int threadlocal_get_errno (void);
+extern void threadlocal_set_last_error (char *msg);
+extern void threadlocal_clear_last_error (void);
+extern const char *threadlocal_get_last_error (void);
extern void *threadlocal_buffer (size_t size);
extern void threadlocal_set_conn (struct connection *conn);
extern struct connection *threadlocal_get_conn (void);
diff --git a/server/threadlocal.c b/server/threadlocal.c
index 9bb656bc..74a3c4e5 100644
--- a/server/threadlocal.c
+++ b/server/threadlocal.c
@@ -56,6 +56,7 @@ struct threadlocal {
char *name; /* Can be NULL. */
size_t instance_num; /* Can be 0. */
int err;
+ char *last_error; /* Can be NULL. */
void *buffer; /* Can be NULL. */
size_t buffer_size;
struct connection *conn; /* Can be NULL. */
@@ -70,6 +71,7 @@ free_threadlocal (void *threadlocalv)
struct threadlocal *threadlocal = threadlocalv;
free (threadlocal->name);
+ free (threadlocal->last_error);
free (threadlocal->buffer);
free (threadlocal);
}
@@ -176,6 +178,44 @@ threadlocal_get_errno (void)
return threadlocal ? threadlocal->err : 0;
}
+/* Set the last_error field. The ownership of the 'msg' string is
+ * passed to the threadlocal and will be freed here.
+ */
+void
+threadlocal_set_last_error (char *msg)
+{
+ struct threadlocal *threadlocal = pthread_getspecific (threadlocal_key);
+
+ if (threadlocal) {
+ free (threadlocal->last_error);
+ threadlocal->last_error = msg;
+ }
+ else {
+ /* ... otherwise throw it away, it's informational. */
+ free (msg);
+ }
+}
+
+void
+threadlocal_clear_last_error (void)
+{
+ threadlocal_set_last_error (NULL);
+}
+
+/* Get the last_error field. If successful, this returns a non-NULL
+ * string. This is valid until something calls nbdkit_error() in the
+ * same thread, so it should be used quickly. Returning NULL is not
+ * necessarily an error. The last_error is informational and may not
+ * be available.
+ */
+const char *
+threadlocal_get_last_error (void)
+{
+ struct threadlocal *threadlocal = pthread_getspecific (threadlocal_key);
+
+ return threadlocal ? threadlocal->last_error : NULL;
+}
+
/* Return the single pread/pwrite buffer for this thread. The buffer
* size is increased to size bytes if required.
*
--
2.43.0

29
SOURCES/0005-exportname-Fix-markup-for-linking-to-other-man-pages.patch
View File

@ -1,29 +0,0 @@
From c155987ee521c2d6a163d2814dc869ec1e89fd90 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Sat, 16 Dec 2023 18:32:50 +0000
Subject: [PATCH] exportname: Fix markup for linking to other man pages
Fixes: commit 7623b2cc45078cca88fdd2d96c70c7f82a0db49d
(cherry picked from commit 6104f55f3851f3b82dc69f7e78c32e9c7a93dbc9)
---
filters/exportname/nbdkit-exportname-filter.pod | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/filters/exportname/nbdkit-exportname-filter.pod b/filters/exportname/nbdkit-exportname-filter.pod
index 1d69f7d4..f95a37be 100644
--- a/filters/exportname/nbdkit-exportname-filter.pod
+++ b/filters/exportname/nbdkit-exportname-filter.pod
@@ -10,8 +10,8 @@ nbdkit-exportname-filter - adjust export names between client and plugin
=head1 DESCRIPTION
-Some plugins (such as C<nbdkit-file-plugin(1)> and filters (such as
-C<nbdkit-ext2-filter(1)> are able to serve different content based on
+Some plugins (such as L<nbdkit-file-plugin(1)> and filters (such as
+L<nbdkit-ext2-filter(1)> are able to serve different content based on
the export name requested by the client. The NBD protocol allows a
server to advertise the set of export names it is serving. However,
the list advertised (or absent) from the plugin may not always match
--
2.39.3

95
SOURCES/0005-server-Take-a-thread-local-copy-of-the-last-call-to-.patch Normal file
View File

@ -0,0 +1,95 @@
From a0e3f9d58142b8c5e7bcc9b73da60778e6503d0b Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 23 Jul 2024 15:28:06 +0100
Subject: [PATCH] server: Take a thread-local copy of the last call to
nbdkit_error
nbdkit_error has traditionally been a "fancy wrapper around fprintf"
(kind of, don't take that literally). It is encouraged that plugins
and filters do something like:
if (error) {
nbdkit_error ("oops, a bad thing happened");
return -1;
}
but we don't enforce this. Plugins might call nbdkit_error more than
once or not at all.
The point where we get to sending an error back over the wire to the
NBD client is long after the plugin returned above, and after
nbdkit_error was called.
Therefore in order to send errors back to the NBD client, we must keep
the last error message around.
This change simply modifies nbdkit_error to make a best-effort attempt
to save the last error message in thread-local storage.
We also clear the last error when a new request starts, to ensure that
we don't leak errors across different callbacks or connections.
(cherry picked from commit bfa6d4064cb74f429149d14ab4025b258fc95ec4)
---
server/log.c | 21 +++++++++++++++++++++
server/protocol.c | 5 +++++
2 files changed, 26 insertions(+)
diff --git a/server/log.c b/server/log.c
index 9c1f667a..acf14d57 100644
--- a/server/log.c
+++ b/server/log.c
@@ -40,6 +40,25 @@
#include "internal.h"
+/* Copy the error message to threadlocal. This is sent to callers
+ * which are using structured replies, but is for extra information
+ * only so don't fail if we are unable to copy it.
+ */
+static void
+copy_error_to_threadlocal (int orig_errno, const char *fs, va_list args)
+{
+ va_list args_copy;
+ char *msg;
+ int r;
+
+ va_copy (args_copy, args);
+ errno = orig_errno; /* must restore in case fs contains %m */
+ r = vasprintf (&msg, fs, args_copy);
+ va_end (args_copy);
+ if (r != -1 && msg)
+ threadlocal_set_last_error (msg); /* ownership passed to threadlocal */
+}
+
/* Call the right log_*_verror function depending on log_sink.
* Note: preserves the previous value of errno.
*/
@@ -48,6 +67,8 @@ log_verror (const char *fs, va_list args)
{
int orig_errno = errno;
+ copy_error_to_threadlocal (orig_errno, fs, args);
+
switch (log_to) {
case LOG_TO_DEFAULT:
if (forked_into_background)
diff --git a/server/protocol.c b/server/protocol.c
index 677da05c..d428bfc8 100644
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -239,6 +239,11 @@ handle_request (uint16_t cmd, uint16_t flags, uint64_t offset, uint32_t count,
*/
threadlocal_set_errno (0);
+ /* Also clear the last error in this thread so we will only save
+ * nbdkit_error() from this request.
+ */
+ threadlocal_clear_last_error ();
+
switch (cmd) {
case NBD_CMD_READ:
if (backend_pread (c, buf, count, offset, 0, &err) == -1)
--
2.43.0

30
SOURCES/0006-partition-Don-t-call-nbdkit_error-twice-on-error-pat.patch
View File

@ -1,30 +0,0 @@
From b8eb91e9102a2ae6cb96b0f2ffdb96b724cbb1b7 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Wed, 20 Dec 2023 10:38:27 +0000
Subject: [PATCH] partition: Don't call nbdkit_error twice on error path
Fixes: commit 7b9301a4c569456a4f96784229a2cd48e8957662
(cherry picked from commit 036b178a4affd00b8bbdb6cb140e81b62f57a374)
---
filters/partition/partition-gpt.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/filters/partition/partition-gpt.c b/filters/partition/partition-gpt.c
index 80acddb4..930e2081 100644
--- a/filters/partition/partition-gpt.c
+++ b/filters/partition/partition-gpt.c
@@ -92,10 +92,8 @@ find_gpt_partition (nbdkit_next *next,
int err;
if (get_gpt_header (header_bytes,
- &nr_partition_entries, &size_partition_entry) == -1) {
- nbdkit_error ("cannot support non-standard GPT header");
+ &nr_partition_entries, &size_partition_entry) == -1)
return -1;
- }
if (partnum > nr_partition_entries) {
nbdkit_error ("GPT partition number out of range");
--
2.39.3

177
SOURCES/0006-server-Send-the-last-error-to-the-NBD-client.patch Normal file
View File

@ -0,0 +1,177 @@
From 7128144273f5355d7705e09a99aa1b2359e7e823 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 23 Jul 2024 15:45:04 +0100
Subject: [PATCH] server: Send the last error to the NBD client
This sends the last error saved in the connection handle back to the
NBD client. This is informational and best effort.
qemu reports the error already, for example:
$ nbdkit --log=null \
eval open=' echo EPERM Go Away >&2; exit 1 ' get_size=' echo 100 ' \
--run 'qemu-img info "$uri"'
qemu-img: Could not open 'nbd+unix://?socket=/tmp/nbdkitIDl6iy/socket': Requested export not available
server reported: /tmp/nbdkitRDAfXH/open: Go Away
This goes back to at least qemu 2.12.0 (RHEL 7) and possibly earlier,
so we can just assume that qemu does this for the test.
libnbd requires a patch to display this information.
(cherry picked from commit 46484ca8e6a35c45fe96b6c972ceba8984d401e8)
---
server/protocol-handshake-newstyle.c | 43 ++++++++++++++++------
tests/Makefile.am | 2 +
tests/test-last-error.sh | 55 ++++++++++++++++++++++++++++
3 files changed, 88 insertions(+), 12 deletions(-)
create mode 100755 tests/test-last-error.sh
diff --git a/server/protocol-handshake-newstyle.c b/server/protocol-handshake-newstyle.c
index 6b3bc76f..c18d32e5 100644
--- a/server/protocol-handshake-newstyle.c
+++ b/server/protocol-handshake-newstyle.c
@@ -57,28 +57,47 @@ send_newstyle_option_reply (uint32_t option, uint32_t reply)
{
GET_CONN;
struct nbd_fixed_new_option_reply fixed_new_option_reply;
+ const char *last_error = NULL;
+ uint32_t replylen = 0;
+
+ if (NBD_REP_IS_ERR (reply)) {
+ last_error = threadlocal_get_last_error ();
+ /* Note that calling nbdkit_error will invalidate last_error, so
+ * be careful below.
+ */
+ if (last_error) {
+ size_t len = strlen (last_error);
+ if (len <= NBD_MAX_STRING)
+ replylen = len;
+ }
+ }
fixed_new_option_reply.magic = htobe64 (NBD_REP_MAGIC);
fixed_new_option_reply.option = htobe32 (option);
fixed_new_option_reply.reply = htobe32 (reply);
- fixed_new_option_reply.replylen = htobe32 (0);
+ fixed_new_option_reply.replylen = htobe32 (replylen);
debug ("replying to %s with %s", name_of_nbd_opt (option),
name_of_nbd_rep (reply));
if (conn->send (&fixed_new_option_reply,
- sizeof fixed_new_option_reply, 0) == -1) {
- /* The protocol document says that the client is allowed to simply
- * drop the connection after sending NBD_OPT_ABORT, or may read
- * the reply.
- */
- if (option == NBD_OPT_ABORT)
- debug ("write: %s: %m", name_of_nbd_opt (option));
- else
- nbdkit_error ("write: %s: %m", name_of_nbd_opt (option));
- return -1;
- }
+ sizeof fixed_new_option_reply,
+ replylen > 0 ? SEND_MORE : 0) == -1)
+ goto err;
+ if (replylen > 0 && conn->send (last_error, replylen, 0) == -1)
+ goto err;
return 0;
+
+err:
+ /* The protocol document says that the client is allowed to simply
+ * drop the connection after sending NBD_OPT_ABORT, or may read
+ * the reply.
+ */
+ if (option == NBD_OPT_ABORT)
+ debug ("write: %s: %m", name_of_nbd_opt (option));
+ else
+ nbdkit_error ("write: %s: %m", name_of_nbd_opt (option));
+ return -1;
}
/* Reply to NBD_OPT_LIST with the plugin's list of export names.
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 0664e109..9c321fcb 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -276,6 +276,7 @@ TESTS += \
test-read-password-interactive.sh \
test-nbd-client.sh \
test-nbd-client-tls.sh \
+ test-last-error.sh \
$(NULL)
if !IS_WINDOWS
TESTS += \
@@ -301,6 +302,7 @@ EXTRA_DIST += \
test-plugin-docs.sh \
test-ipv4-lo.sh \
test-ipv6-lo.sh \
+ test-last-error.sh \
test-long-name.sh \
test-nbd-client.sh \
test-nbd-client-tls.sh \
diff --git a/tests/test-last-error.sh b/tests/test-last-error.sh
new file mode 100755
index 00000000..fc720606
--- /dev/null
+++ b/tests/test-last-error.sh
@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+# nbdkit
+# Copyright Red Hat
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# * Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# * Neither the name of Red Hat nor the names of its contributors may be
+# used to endorse or promote products derived from this software without
+# specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+
+source ./functions.sh
+set -e
+set -x
+
+# Test informational error messages sent to the NBD client.
+# qemu-img supports this since at least 2.12.0.
+
+requires_run
+requires_plugin eval
+requires qemu-img --version
+
+out=last-error.out
+rm -f $out
+cleanup_fn rm -f $out
+
+export out
+
+nbdkit eval \
+ open=' echo EPERM Go Away >&2; exit 1 ' get_size=' echo 0 ' \
+ --run ' qemu-img info "$uri" > $out 2>&1 ||: '
+cat $out
+
+grep "Go Away" $out
--
2.43.0

52
SOURCES/0007-partition-Suggest-alternate-partition-sectorsize.patch
View File

@ -1,52 +0,0 @@
From 3b168aa842dc80a6d95b2c1ccb52a8ef664e7aba Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Wed, 20 Dec 2023 10:34:10 +0000
Subject: [PATCH] partition: Suggest alternate partition-sectorsize
When we reach this error it means that we have failed to detect the
"EFI PART" signature (indicating GPT) and we've fallen back to parsing
MBR, but in doing so we have discovered a GPT protective MBR which
should only happen for GPT. A possible cause for missing the
signature was because we have the wrong sector size.
Therefore check for the current sector size (which should be either
512 or 4096) and suggest that the user sets the other sector size.
Also avoids the case where the user already set partition-sectorsize=4k
and we were suggesting that they set it again.
Reported-by: Ming Xie
Fixes: commit 7b9301a4c569456a4f96784229a2cd48e8957662
Fixes: https://issues.redhat.com/browse/RHEL-19815
(cherry picked from commit cd761c9bf770b23f678fd82f0d1c8d4cce2ed1b5)
---
filters/partition/partition-mbr.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/filters/partition/partition-mbr.c b/filters/partition/partition-mbr.c
index 3927c31f..6a81addb 100644
--- a/filters/partition/partition-mbr.c
+++ b/filters/partition/partition-mbr.c
@@ -87,9 +87,16 @@ find_mbr_partition (nbdkit_next *next,
!is_extended (partition.part_type_byte) &&
partnum == i+1) {
if (partition.part_type_byte == 0xEE) {
- nbdkit_error ("rejecting GPT protective entry from MBR, "
- "if the underlying storage uses 4K sectors "
- "try using partition-sectorsize=4k");
+ if (sector_size == 512)
+ nbdkit_error ("rejecting GPT protective entry from MBR, "
+ "if the underlying storage uses 4K sectors "
+ "try using partition-sectorsize=4k");
+ else if (sector_size == 4096)
+ nbdkit_error ("rejecting GPT protective entry from MBR, "
+ "if the underlying storage uses 512 byte sectors "
+ "try using partition-sectorsize=512");
+ else
+ nbdkit_error ("rejecting GPT protective entry from MBR");
return -1;
}
*offset_r = partition.start_sector * (int64_t) sector_size;
--
2.39.3

2
SOURCES/copy-patches.sh
View File

@ -6,7 +6,7 @@ set -e
# directory. Use it like this:
# ./copy-patches.sh
rhel_version=9.4
rhel_version=9.5
# Check we're in the right directory.
if [ ! -f nbdkit.spec ]; then

17
SOURCES/nbdkit-1.36.2.tar.gz.sig
View File

@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAmVjGrARHHJpY2hAYW5u
ZXhpYS5vcmcACgkQkXOPc+G3aKD2Kw/8CQVsyhgHBZ/73IRM7hskDVwidNJ9dgaZ
5BSsgyr8DU0W3yEgwFGAOb7wzKaFBN5vewAiftBz5sDSbddo7b5kzci4Fm+t+G/5
fE5FRzyj9mwOWvympcfdIwK9lDC+0Kr7lBq7WM8QjS4kG67Dxa9hXFKRxaIHjkY7
HK2WLUEF8/GU7dE+2aj77CXOo2gwfttCaNdPEv2pqq0ox8TKajWfInsCZ4t7DxUq
EoWTuDYlIMxLN8TSA71Am+8m8zmAZQ7WUr4cB3F8Y9EP8CljaFymI+sAv/EoeHTd
At9ZrT4Pjx0eO47MrSliincxlFIkFB9Bo316NHQ0c8gjQLgLq3nkjGlmr0P5S/iI
VMl4jVp8N2X0gXc78LQy1ARXGUD7IkCm2GePADZb4L8aSewXT6lT3UkONXToZuGE
yXLOPKVnvlnRE4DHQnvDYrwZns2Xm0u+na2bFTJgRu1i+dVSCa2a+ON7s+I2g9OI
jPAw/ps9PeNEi2F6shbJPskQCHZxZUKgrWPq4elPhFDFn1OPUBHeE/qwI5PhnpcC
LL94qWsqI/iXplvcJQ28ioXrbZFygDWheoErMtzt2K36kMDRmCQo4vPf6O+Z3qsb
9JfMLO0U7yjTI7+NJOrXa/aFAD+d0/twr177ox76kngbt7Bu+Thc7gEdncgC6w0B
8gBSF4OZ0w0=
=LFMp
-----END PGP SIGNATURE-----

17
SOURCES/nbdkit-1.38.3.tar.gz.sig Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAmaTi9oRHHJpY2hAYW5u
ZXhpYS5vcmcACgkQkXOPc+G3aKB97w/9H/Ss3V0yhUPgK6bidlCIBmZcUmw0ItTa
PoI42QL+lmJCP4FiLd4aAZRfnosTbi/KFfGC5OI/DhZs/bFvLJPX56Dq+tDfLTo8
OlpdWkW2E6tALN5ZlA8zFXLfJ+xofpn9/F7O4XdkW04HIpXx4ly8tCPG27idV9UV
jjVzwmo/eqhJTWHJAspD1iB/oXfCVh0VVe3d4G/n32/pLfULwK6iEGMze+51IJoI
SdKPKtwFmPn5e0r34+JLyCilugJvl3crJI2CZt9Azi31joCgEEif0Mkn2aiY8Zc9
S3/3r9US6VriKYYhilLTgpjbimeNZJGuVPqPS8lhaSmAoyOncG1CcKOk2Tewf8m+
vrUHFTWKSP6IgdlGnXYZNQprA1zPUePyMpm3RwnaV8N3Vcy0J4lkL80laSQs5VUn
PkzwrSxaegWDnrlBjNQi5cWWVSqUMUsEpCQXu93fvbGi/V2wkVlOx5ubPIIo8ykc
dPVG3+9d2PUEVXyJLWmA5jXJW19EnZK8fttUrcshbF375CU7Vuo6Ds6QFdcTqEs/
te1c3QxDQav4BeV7VbD5xL1xc931F6fWwa9FpzPf366AhCM/tunw91oIUP2bkw8U
B7Z83x9nAuxewQeeI+7nDLKdhdg/bpeMoiUUCYQVS1K61+4D+J6bmc2lvsvhj3Pp
gMcCwZR9wF0=
=SuJ6
-----END PGP SIGNATURE-----

3
SOURCES/nbdkit.fc Normal file
View File

@ -0,0 +1,3 @@
/usr/sbin/nbdkit -- gen_context(system_u:object_r:nbdkit_exec_t,s0)
/usr/lib/systemd/system/nbdkit.* gen_context(system_u:object_r:nbdkit_unit_file_t,s0)

207
SOURCES/nbdkit.if Normal file
View File

@ -0,0 +1,207 @@
## <summary>policy for nbdkit</summary>
########################################
## <summary>
## Execute nbdkit_exec_t in the nbdkit domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`nbdkit_domtrans',`
gen_require(`
type nbdkit_t, nbdkit_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, nbdkit_exec_t, nbdkit_t)
')
######################################
## <summary>
## Execute nbdkit in the caller domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`nbdkit_exec',`
gen_require(`
type nbdkit_exec_t;
')
corecmd_search_bin($1)
can_exec($1, nbdkit_exec_t)
')
########################################
## <summary>
## Execute nbdkit in the nbdkit domain, and
## allow the specified role the nbdkit domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition
## </summary>
## </param>
## <param name="role">
## <summary>
## The role to be allowed the nbdkit domain.
## </summary>
## </param>
#
interface(`nbdkit_run',`
gen_require(`
type nbdkit_t;
attribute_role nbdkit_roles;
')
nbdkit_domtrans($1)
roleattribute $2 nbdkit_roles;
')
########################################
## <summary>
## Role access for nbdkit
## </summary>
## <param name="role">
## <summary>
## Role allowed access
## </summary>
## </param>
## <param name="domain">
## <summary>
## User domain for the role
## </summary>
## </param>
#
interface(`nbdkit_role',`
gen_require(`
type nbdkit_t;
attribute_role nbdkit_roles;
')
roleattribute $1 nbdkit_roles;
nbdkit_domtrans($2)
ps_process_pattern($2, nbdkit_t)
allow $2 nbdkit_t:process { signull signal sigkill };
')
########################################
## <summary>
## Allow attempts to connect to nbdkit
## with a unix stream socket.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`nbdkit_stream_connect',`
gen_require(`
type nbdkit_t;
')
allow $1 nbdkit_t:unix_stream_socket connectto;
')
########################################
## <summary>
## Allow nbdkit_exec_t to be an entrypoint
## of the specified domain
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`nbdkit_entrypoint',`
gen_require(`
type nbdkit_exec_t;
')
allow $1 nbdkit_exec_t:file entrypoint;
')
# ----------------------------------------------------------------------
# RWMJ: See:
# https://issues.redhat.com/browse/RHEL-5174?focusedId=23387259&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-23387259
# Remove this when virt.if gets updated.
########################################
#
# Interface compatibility blocks
#
# The following definitions ensure compatibility with distribution policy
# versions that do not contain given interfaces (epel, or older Fedora
# releases).
# Each block tests for existence of given interface and defines it if needed.
#
########################################
## <summary>
## Read and write to svirt_image dirs.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
ifndef(`virt_rw_svirt_image_dirs',`
interface(`virt_rw_svirt_image_dirs',`
gen_require(`
type svirt_image_t;
')
allow $1 svirt_image_t:dir rw_dir_perms;
')
')
########################################
## <summary>
## Create svirt_image sock_files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
ifndef(`virt_create_svirt_image_sock_files',`
interface(`virt_create_svirt_image_sock_files',`
gen_require(`
type svirt_image_t;
')
allow $1 svirt_image_t:sock_file create_sock_file_perms;
')
')
########################################
## <summary>
## Read and write virtlogd pipes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
ifndef(`virtlogd_rw_pipes',`
interface(`virtlogd_rw_pipes',`
gen_require(`
type virtlogd_t;
')
allow $1 virtlogd_t:fifo_file rw_fifo_file_perms;
')
')

100
SOURCES/nbdkit.te Normal file
View File

@ -0,0 +1,100 @@
policy_module(nbdkit, 1.0.0)
########################################
#
# Declarations
#
gen_require(`
type unconfined_t;
')
type nbdkit_t;
type nbdkit_exec_t;
application_domain(nbdkit_t, nbdkit_exec_t)
mcs_constrained(nbdkit_t)
role system_r types nbdkit_t;
type nbdkit_home_t;
userdom_user_home_content(nbdkit_home_t)
type nbdkit_tmp_t;
files_tmp_file(nbdkit_tmp_t)
type nbdkit_unit_file_t;
systemd_unit_file(nbdkit_unit_file_t)
permissive nbdkit_t;
########################################
#
# nbdkit local policy
#
allow nbdkit_t self:capability { setgid setuid };
allow nbdkit_t self:fifo_file rw_fifo_file_perms;
allow nbdkit_t self:netlink_route_socket rw_netlink_socket_perms;
allow nbdkit_t self:process { fork setsockcreate signal_perms };
allow nbdkit_t self:tcp_socket create_stream_socket_perms;
allow nbdkit_t self:udp_socket create_socket_perms;
manage_dirs_pattern(nbdkit_t, nbdkit_tmp_t, nbdkit_tmp_t)
manage_files_pattern(nbdkit_t, nbdkit_tmp_t, nbdkit_tmp_t)
userdom_user_tmp_filetrans(nbdkit_t, nbdkit_tmp_t, { dir file })
manage_dirs_pattern(nbdkit_t, nbdkit_home_t, nbdkit_home_t)
manage_files_pattern(nbdkit_t, nbdkit_home_t, nbdkit_home_t)
userdom_user_home_dir_filetrans(nbdkit_t, nbdkit_home_t, { dir file })
corenet_tcp_connect_http_port(nbdkit_t)
corenet_tcp_connect_ssh_port(nbdkit_t)
corenet_tcp_connect_tftp_port(nbdkit_t)
corenet_tcp_bind_generic_port(nbdkit_t)
corenet_tcp_bind_generic_node(nbdkit_t)
domain_use_interactive_fds(nbdkit_t)
files_read_etc_files(nbdkit_t)
init_abstract_socket_activation(nbdkit_t)
init_ioctl_stream_sockets(nbdkit_t)
init_rw_stream_sockets(nbdkit_t)
optional_policy(`
auth_use_nsswitch(nbdkit_t)
')
optional_policy(`
logging_send_syslog_msg(nbdkit_t)
')
optional_policy(`
miscfiles_read_localization(nbdkit_t)
miscfiles_read_generic_certs(nbdkit_t)
')
optional_policy(`
sysnet_dns_name_resolve(nbdkit_t)
sysnet_read_config(nbdkit_t)
')
optional_policy(`
userdom_read_user_home_content_files(nbdkit_t)
userdom_use_inherited_user_ptys(nbdkit_t)
')
optional_policy(`
virt_create_svirt_image_sock_files(nbdkit_t)
virt_read_qemu_pid_files(nbdkit_t)
virtlogd_rw_pipes(nbdkit_t)
virt_rw_svirt_image(nbdkit_t)
virt_rw_svirt_image_dirs(nbdkit_t)
virt_search_lib(nbdkit_t)
virt_stream_connect_svirt(nbdkit_t)
')
# FIXME: It would be nice to allow libvirt to transition nbdkit_exec_t to
# nbdkit_t when libvirtd was started manually from the commandline (i.e. in
# unconfined_t), but we don't want this transition to happen automatically
# when starting directly from the shell. I'm not sure how to achieve this...
#nbdkit_domtrans(unconfined_t, nbdkit_exec_t, nbdkit_t)

326
SPECS/nbdkit.spec
View File

@ -22,8 +22,20 @@
%global have_ocaml 1
%endif
# libblkio was broken on i686: https://bugzilla.redhat.com/2229372
# but somehow "fixed itself", keep an eye on it.
%global have_blkio 1
# Enable mingw subpackage on Fedora only.
%if 0%{?fedora}
%global have_mingw 1
%endif
# Enable nbdkit-selinux package.
%global with_selinux 1
%global modulename nbdkit
%global selinuxtype targeted
# Architectures where we run the complete test suite including
# the libguestfs tests.
#
@ -36,25 +48,14 @@
# it as a bug and add it to this list.
%global broken_test_arches NONE
%if 0%{?rhel} == 7
# On RHEL 7, nothing in the virt stack is shipped on aarch64 and
# libguestfs was not shipped on POWER (fixed in 7.5). We could in
# theory make all of this work by having lots more conditionals, but
# for now limit this package to x86_64 on RHEL.
ExclusiveArch: x86_64
%endif
# If we should verify tarball signature with GPGv2.
%global verify_tarball_signature 1
# If there are patches which touch autotools files, set this to 1.
%global patches_touch_autotools 1
# The source directory.
%global source_directory 1.36-stable
%global source_directory 1.38-stable
Name: nbdkit
Version: 1.36.2
Version: 1.38.3
Release: 1%{?dist}
Summary: NBD server
@ -77,27 +78,33 @@ Source2: libguestfs.keyring
Source3: copy-patches.sh
# Patches come from the upstream repository:
# https://gitlab.com/nbdkit/nbdkit/-/commits/rhel-9.4/
# https://gitlab.com/nbdkit/nbdkit/-/commits/rhel-9.5/
# Patches.
Patch0001: 0001-configure-Fix-initialization-from-incompatible-point.patch
Patch0002: 0002-file-Rework-documentation-for-dir-parameter.patch
Patch0003: 0003-file-Fix-markup-when-referencing-dir-option-from-dir.patch
Patch0004: 0004-file-Further-rework-documentation-of-dir-parameter.patch
Patch0005: 0005-exportname-Fix-markup-for-linking-to-other-man-pages.patch
Patch0006: 0006-partition-Don-t-call-nbdkit_error-twice-on-error-pat.patch
Patch0007: 0007-partition-Suggest-alternate-partition-sectorsize.patch
Patch0001: 0001-nbdkit-1.38-Fix-inclusion-of-gnutls-socket.h-with-ol.patch
Patch0002: 0002-server-log-Move-preserve-errno-to-log_verror-functio.patch
Patch0003: 0003-server-Rename-threadlocal_-set-get-_error-to-._errno.patch
Patch0004: 0004-server-Introduce-threadlocal_-set-get-_last_error.patch
Patch0005: 0005-server-Take-a-thread-local-copy-of-the-last-call-to-.patch
Patch0006: 0006-server-Send-the-last-error-to-the-NBD-client.patch
# For automatic RPM Provides generation.
# See: https://rpm-software-management.github.io/rpm/manual/dependency_generators.html
Source4: nbdkit.attr
Source5: nbdkit-find-provides
BuildRequires: make
%if 0%{patches_touch_autotools}
BuildRequires: autoconf, automake, libtool
%endif
# For nbdkit-selinux package:
Source6: %{modulename}.te
Source7: %{modulename}.if
Source8: %{modulename}.fc
# For applying the patches:
BuildRequires: git
# For rebuilding autoconf cruft:
BuildRequires: autoconf, automake, libtool
BuildRequires: make
BuildRequires: gcc, gcc-c++
BuildRequires: %{_bindir}/pod2man
BuildRequires: gnutls-devel
@ -173,12 +180,38 @@ BuildRequires: %{_bindir}/stat
# itself, but it's a simple noarch package so easy to install.
BuildRequires: nbdkit-srpm-macros >= 1.30.0
%if 0%{?have_mingw}
BuildRequires: mingw32-filesystem
BuildRequires: mingw64-filesystem
BuildRequires: mingw32-gcc
BuildRequires: mingw64-gcc
BuildRequires: mingw32-gcc-c++
BuildRequires: mingw64-gcc-c++
BuildRequires: mingw32-dlfcn
BuildRequires: mingw64-dlfcn
BuildRequires: mingw32-gnutls
BuildRequires: mingw64-gnutls
BuildRequires: mingw32-winpthreads
BuildRequires: mingw64-winpthreads
BuildRequires: mingw32-xz
BuildRequires: mingw64-xz
BuildRequires: mingw32-zlib
BuildRequires: mingw64-zlib
%endif
# nbdkit is a metapackage pulling the server and a useful subset
# of the plugins and filters.
Requires: nbdkit-server%{?_isa} = %{version}-%{release}
Requires: nbdkit-basic-plugins%{?_isa} = %{version}-%{release}
Requires: nbdkit-basic-filters%{?_isa} = %{version}-%{release}
%if 0%{?with_selinux}
# This ensures that the nbdkit-selinux package and all its
# dependencies are not pulled into containers and other systems that
# do not use SELinux.
Requires: (%{name}-selinux if selinux-policy-%{selinuxtype})
%endif
%description
NBD is a protocol for accessing block devices (hard disks and
@ -324,6 +357,22 @@ Requires: %{name}-server%{?_isa} = %{version}-%{release}
This package contains cURL (HTTP/FTP) support for %{name}.
%if !0%{?rhel}
# In theory this is noarch, but because plugins are placed in _libdir
# which varies across architectures, RPM does not allow this.
%package gcs-plugin
Summary: Gooogle Cloud Storage plugin %{name}
Requires: %{name}-python-plugin%{?_isa} = %{version}-%{release}
Requires: %{name}-server%{?_isa} = %{version}-%{release}
# XXX Should not need to add this.
Requires: python3-google-cloud-storage
%description gcs-plugin
This package lets you open disk images stored in Google
Cloud Storage using %{name}.
%endif
%if !0%{?rhel} && 0%{?have_libguestfs}
%package guestfs-plugin
Summary: libguestfs plugin for %{name}
@ -441,7 +490,8 @@ This package lets you write Ruby plugins for %{name}.
# which varies across architectures, RPM does not allow this.
%package S3-plugin
Summary: Amazon S3 and Ceph plugin for %{name}
Requires: %{name}-python-plugin >= 1.22
Requires: %{name}-python-plugin%{?_isa} = %{version}-%{release}
Requires: %{name}-server%{?_isa} = %{version}-%{release}
# XXX Should not need to add this.
Requires: python3-boto3
@ -582,6 +632,8 @@ nbdkit-rate-filter Limit bandwidth by connection or server.
nbdkit-readahead-filter Prefetch data when reading sequentially.
nbdkit-readonly-filter Switch a plugin between read-only and writable.
nbdkit-retry-filter Reopen connection on error.
nbdkit-retry-request-filter Retry single requests on error.
@ -671,17 +723,70 @@ Install this package if you want intelligent bash tab-completion
for %{name}.
%if 0%{?with_selinux}
%package selinux
Summary: %{name} SELinux policy
BuildArch: noarch
Requires: selinux-policy-%{selinuxtype}
Requires(post):selinux-policy-%{selinuxtype}
BuildRequires: selinux-policy-devel
%{?selinux_requires}
%description selinux
%{nbdkit} SELinux policy module.
%endif
%if 0%{?have_mingw}
%package -n mingw32-%{name}
Summary: nbdkit binary, plugins, filters, development files for Windows
BuildArch: noarch
Requires: mingw32-filesystem
Requires: pkgconfig
%description -n mingw32-%{name}
NBD is a protocol for accessing block devices (hard disks and
disk-like things) over the network.
nbdkit is a toolkit for creating NBD servers.
This package contains the nbdkit binary, plugins, filters and
development kit for 32 bit versions of Windows.
%package -n mingw64-%{name}
Summary: nbdkit binary, plugins, filters, development files for Windows
BuildArch: noarch
Requires: mingw64-filesystem
Requires: pkgconfig
%description -n mingw64-%{name}
NBD is a protocol for accessing block devices (hard disks and
disk-like things) over the network.
nbdkit is a toolkit for creating NBD servers.
This package contains the nbdkit binary, plugins, filters and
development kit for 64 bit versions of Windows.
%{?mingw_debug_package}
%endif
%prep
%if 0%{verify_tarball_signature}
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%endif
%autosetup -p1
%if 0%{patches_touch_autotools}
%autosetup -p1 -S git
autoreconf -i
%endif
%build
mkdir build_native
pushd build_native
%global _configure ../configure
# Golang bindings are not enabled in the build since they don't
# need to be. Most people would use them by copying the upstream
# package into their vendor/ directory.
@ -761,8 +866,64 @@ grep '^PYTHON_VERSION = 3' Makefile
%make_build
%if 0%{?with_selinux}
# SELinux policy (originally from selinux-policy-contrib)
# this policy module will override the production module
mkdir selinux
cp -p %{SOURCE6} selinux/
cp -p %{SOURCE7} selinux/
cp -p %{SOURCE8} selinux/
make -f %{_datadir}/selinux/devel/Makefile %{modulename}.pp
bzip2 -9 %{modulename}.pp
%endif
popd
%if 0%{?have_mingw}
# MC=no is a temporary hack until this bug is fixed in binutils:
# https://sourceware.org/bugzilla/show_bug.cgi?id=31283
%mingw_configure \
MC=no \
--disable-static \
--enable-shared \
--with-extra='%{name}-%{version}-%{release}' \
--with-tls-priority=@NBDKIT,SYSTEM \
--disable-golang \
--disable-libguestfs-tests \
--disable-linuxdisk \
--disable-lua \
--disable-ocaml \
--disable-perl \
--disable-python \
--disable-ruby \
--disable-rust \
--disable-tcl \
--disable-torrent \
--disable-valgrind \
--disable-vddk \
--without-bash-completions \
--without-curl \
--without-ext2 \
--with-gnutls \
--without-iso \
--without-libblkio \
--without-libguestfs \
--without-libnbd \
--without-libvirt \
--with-liblzma \
--without-manpages \
--without-selinux \
--without-ssh \
--with-zlib \
%{nil}
%mingw_make %{?_smp_mflags}
%endif
%install
pushd build_native
%make_install
# Delete libtool crap.
@ -778,8 +939,10 @@ for f in cc cdi ; do
rm -f $RPM_BUILD_ROOT%{_libdir}/%{name}/plugins/nbdkit-$f-plugin.so
rm -f $RPM_BUILD_ROOT%{_mandir}/man?/nbdkit-$f-plugin.*
done
rm -f $RPM_BUILD_ROOT%{_libdir}/%{name}/plugins/nbdkit-S3-plugin
rm -f $RPM_BUILD_ROOT%{_mandir}/man1/nbdkit-S3-plugin.1*
for f in gcs S3 ; do
rm -f $RPM_BUILD_ROOT%{_libdir}/%{name}/plugins/nbdkit-$f-plugin
rm -f $RPM_BUILD_ROOT%{_mandir}/man1/nbdkit-$f-plugin.1*
done
rm -f $RPM_BUILD_ROOT%{_libdir}/%{name}/filters/nbdkit-qcow2dec-filter.so
rm -f $RPM_BUILD_ROOT%{_mandir}/man1/nbdkit-qcow2dec-filter.1*
%endif
@ -789,9 +952,34 @@ mkdir -p $RPM_BUILD_ROOT%{_rpmconfigdir}/fileattrs/
install -m 0644 %{SOURCE4} $RPM_BUILD_ROOT%{_rpmconfigdir}/fileattrs/
install -m 0755 %{SOURCE5} $RPM_BUILD_ROOT%{_rpmconfigdir}/
%if 0%{?with_selinux}
install -D -m 0644 %{modulename}.pp.bz2 $RPM_BUILD_ROOT%{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2
install -D -p -m 0644 selinux/%{modulename}.if $RPM_BUILD_ROOT%{_datadir}/selinux/devel/include/distributed/%{modulename}.if
%endif
popd
%if 0%{?have_mingw}
%mingw_make_install
# Remove .la files
rm -f $RPM_BUILD_ROOT%{mingw32_libdir}/*.la
rm -f $RPM_BUILD_ROOT%{mingw64_libdir}/*.la
# The .def files aren't interesting for other binaries
rm -f $RPM_BUILD_ROOT%{mingw32_bindir}/*.def
rm -f $RPM_BUILD_ROOT%{mingw64_bindir}/*.def
# Remove man pages which duplicate stuff in Fedora already.
rm -rf $RPM_BUILD_ROOT%{mingw32_mandir}
rm -rf $RPM_BUILD_ROOT%{mingw64_mandir}
%mingw_debug_install_post
%endif
%check
%ifnarch %{broken_test_arches}
pushd build_native
function skip_test ()
{
for f in "$@"; do
@ -836,6 +1024,7 @@ export LIBGUESTFS_TRACE=1
cat tests/test-suite.log
exit 1
}
popd
%endif
@ -844,6 +1033,26 @@ export LIBGUESTFS_TRACE=1
%endif
%if 0%{?with_selinux}
# SELinux contexts are saved so that only affected files can be
# relabeled after the policy module installation
%pre selinux
%selinux_relabel_pre -s %{selinuxtype}
%post selinux
%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2
%postun selinux
if [ $1 -eq 0 ]; then
%selinux_modules_uninstall -s %{selinuxtype} %{modulename}
fi
%posttrans selinux
%selinux_relabel_post -s %{selinuxtype}
# if with_selinux
%endif
%files
# metapackage so empty
@ -949,6 +1158,15 @@ export LIBGUESTFS_TRACE=1
%{_mandir}/man1/nbdkit-curl-plugin.1*
%if !0%{?rhel}
%files gcs-plugin
%doc README.md
%license LICENSE
%{_libdir}/%{name}/plugins/nbdkit-gcs-plugin
%{_mandir}/man1/nbdkit-gcs-plugin.1*
%endif
%if !0%{?rhel} && 0%{?have_libguestfs}
%files guestfs-plugin
%doc README.md
@ -1125,6 +1343,7 @@ export LIBGUESTFS_TRACE=1
%endif
%{_libdir}/%{name}/filters/nbdkit-rate-filter.so
%{_libdir}/%{name}/filters/nbdkit-readahead-filter.so
%{_libdir}/%{name}/filters/nbdkit-readonly-filter.so
%{_libdir}/%{name}/filters/nbdkit-retry-filter.so
%{_libdir}/%{name}/filters/nbdkit-retry-request-filter.so
%{_libdir}/%{name}/filters/nbdkit-scan-filter.so
@ -1165,6 +1384,7 @@ export LIBGUESTFS_TRACE=1
%endif
%{_mandir}/man1/nbdkit-rate-filter.1*
%{_mandir}/man1/nbdkit-readahead-filter.1*
%{_mandir}/man1/nbdkit-readonly-filter.1*
%{_mandir}/man1/nbdkit-retry-filter.1*
%{_mandir}/man1/nbdkit-retry-request-filter.1*
%{_mandir}/man1/nbdkit-scan-filter.1*
@ -1216,7 +1436,7 @@ export LIBGUESTFS_TRACE=1
# Include the source of the example plugins in the documentation.
%doc plugins/example*/*.c
%if !0%{?rhel}
%doc plugins/example4/nbdkit-example4-plugin
%doc build_native/plugins/example4/nbdkit-example4-plugin
%doc plugins/lua/example.lua
%endif
%if !0%{?rhel} && 0%{?have_ocaml}
@ -1229,7 +1449,7 @@ export LIBGUESTFS_TRACE=1
%if !0%{?rhel}
%doc plugins/ruby/example.rb
%endif
%doc plugins/sh/example.sh
%doc plugins/sh/examples/*.sh
%if !0%{?rhel}
%doc plugins/tcl/example.tcl
%endif
@ -1256,8 +1476,46 @@ export LIBGUESTFS_TRACE=1
%{_datadir}/bash-completion/completions/nbdkit
%if 0%{?with_selinux}
%files selinux
%{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.*
%{_datadir}/selinux/devel/include/distributed/%{modulename}.if
%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
%endif
%if 0%{?have_mingw}
%files -n mingw32-%{name}
%license LICENSE
%{mingw32_sbindir}/nbdkit.exe
%{mingw32_libdir}/%{name}/
%{mingw32_libdir}/libnbdkit.a
%{mingw32_libdir}/pkgconfig/%{name}.pc
%{mingw32_includedir}/*.h
%files -n mingw64-%{name}
%license LICENSE
%{mingw64_sbindir}/nbdkit.exe
%{mingw64_libdir}/%{name}/
%{mingw64_libdir}/libnbdkit.a
%{mingw64_libdir}/pkgconfig/%{name}.pc
%{mingw64_includedir}/*.h
%endif
%changelog
* Tue Dec 20 2023 Richard W.M. Jones <rjones@redhat.com> - 1.36.2-1
* Fri Jul 26 2024 Richard W.M. Jones <rjones@redhat.com> - 1.38.3-1
- Rebase to 1.38.3 (along stable branch)
- Send the last error to the NBD client
resolves: RHEL-50664
* Tue Apr 09 2024 Miroslav Rezanina <mrezanin@redhat.com> - 1.38.0-1
- Rebase to 1.38.0
- Added selinux subpackage
- resolves: RHEL-31884
* Wed Dec 20 2023 Richard W.M. Jones <rjones@redhat.com> - 1.36.2-1
- Rebase to 1.36.2
resolves: RHEL-14475
- partition: Suggest alternate partition-sectorsize