Rebase to 1.33.11

resolves: rhbz#2168629
This commit is contained in:
Richard W.M. Jones 2023-03-09 13:01:46 +00:00
parent 23bbe5bb33
commit ccb30ca5b4
7 changed files with 69 additions and 254 deletions

View File

@ -1,31 +0,0 @@
From e0e592775911ebe2178b04b4b20f95fea2f2fe9c Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 5 Jan 2023 16:05:33 +0000
Subject: [PATCH] ssh: Remove left over comment
This comment was left over from when I copied the libssh example code.
It adds no value so remove it.
(cherry picked from commit c93a8957efcc26652b31f5bc359dfd3c4019b4f8)
---
plugins/ssh/ssh.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/plugins/ssh/ssh.c b/plugins/ssh/ssh.c
index 6cf40c26..aaa7c2b9 100644
--- a/plugins/ssh/ssh.c
+++ b/plugins/ssh/ssh.c
@@ -356,10 +356,6 @@ authenticate (struct ssh_handle *h)
if (rc == SSH_AUTH_SUCCESS) return 0;
}
- /* Example code tries keyboard-interactive here, but we cannot use
- * that method from a server.
- */
-
if (password != NULL && (method & SSH_AUTH_METHOD_PASSWORD)) {
rc = authenticate_password (h->session, password);
if (rc == SSH_AUTH_SUCCESS) return 0;
--
2.31.1

View File

@ -1,68 +0,0 @@
From 916f90972af60576591dea4a4f1d07e4dae6d9cf Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 5 Jan 2023 11:29:32 +0000
Subject: [PATCH] ssh: Improve the error message when all authentication
methods fail
The current error message:
nbdkit: ssh[1]: error: all possible authentication methods failed
is confusing and non-actionable. It's hard even for experts to
understand the relationship between the authentication methods offered
by a server and what we require.
Try to improve the error message in some common situations, especially
where password authentication on the server side is disabled but the
client supplied a password=... parameter. After this change, you will
see an actionable error:
nbdkit: ssh[1]: error: the server does not offer password
authentication but you tried to use a password; if you have root
access to the server, try editing 'sshd_config' and setting
'PasswordAuthentication yes'; otherwise try setting up public key
authentication
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2158300
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit bea88cff5ac9c42f1a068ad24d43d5ed0506edaa)
---
plugins/ssh/ssh.c | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/plugins/ssh/ssh.c b/plugins/ssh/ssh.c
index aaa7c2b9..5a132d8f 100644
--- a/plugins/ssh/ssh.c
+++ b/plugins/ssh/ssh.c
@@ -361,6 +361,28 @@ authenticate (struct ssh_handle *h)
if (rc == SSH_AUTH_SUCCESS) return 0;
}
+ /* All compatible methods were tried and none worked. Come up with
+ * an actionable diagnostic message if we recognise the problem.
+ */
+ if (!(method & SSH_AUTH_METHOD_PUBLICKEY) && password == NULL) {
+ nbdkit_error ("the server does not offer public key authentication; "
+ "try using the password=... parameter");
+ return -1;
+ }
+ if ((method & SSH_AUTH_METHOD_PASSWORD) && password != NULL) {
+ nbdkit_error ("password authentication failed, "
+ "is the username and password correct?");
+ return -1;
+ }
+ if (!(method & SSH_AUTH_METHOD_PASSWORD) && password != NULL) {
+ nbdkit_error ("the server does not offer password authentication "
+ "but you tried to use a password; if you have root access "
+ "to the server, try editing 'sshd_config' and setting "
+ "'PasswordAuthentication yes'; otherwise try setting up "
+ "public key authentication");
+ return -1;
+ }
+
nbdkit_error ("all possible authentication methods failed");
return -1;
}
--
2.31.1

View File

@ -1,44 +0,0 @@
From dc86950fff020688a17b6ff0dbfea7bdb0d8f1b9 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 10 Jan 2023 08:39:11 +0000
Subject: [PATCH] luks: Avoid crash when image does not contain a LUKS header
We attempt to load the LUKS header in the prepare() callback. If this
fails, h->h will be NULL and we'll crash in close() when we attempt to
access and free h->h->masterkey.
This crash could have been triggered another way: if open() followed
by close() was called, without prepare() or other callbacks.
Reported-by: Ming Xie
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2159581
(cherry picked from commit cad4b96b17ed4ad7882100efa0d9073ac9d8b11c)
---
filters/luks/luks-encryption.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/filters/luks/luks-encryption.c b/filters/luks/luks-encryption.c
index 26f81e7b..6f33e76e 100644
--- a/filters/luks/luks-encryption.c
+++ b/filters/luks/luks-encryption.c
@@ -856,11 +856,13 @@ load_header (nbdkit_next *next, const char *passphrase)
void
free_luks_data (struct luks_data *h)
{
- if (h->masterkey) {
- memset (h->masterkey, 0, h->phdr.master_key_len);
- free (h->masterkey);
+ if (h) {
+ if (h->masterkey) {
+ memset (h->masterkey, 0, h->phdr.master_key_len);
+ free (h->masterkey);
+ }
+ free (h);
}
- free (h);
}
uint64_t
--
2.31.1

View File

@ -1,95 +0,0 @@
From 3f74004478d3590840d7eba97a590b7ec954957f Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 2 Feb 2023 13:59:32 +0000
Subject: [PATCH] curl: Enable multi-conn for read-only connections
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Comparing before and after this commit shows approximately double the
performance. In other tests this allowed us to download files from
web servers at line speed.
Benchmark 1: nbdkit -r curl file:/var/tmp/jammy-server-cloudimg-amd64.raw --run "nbdcopy -p \$uri null:"
Time (mean ± σ): 943.8 ms ± 18.8 ms [User: 316.2 ms, System: 1029.7 ms]
Range (min … max): 923.7 ms … 989.2 ms 10 runs
Benchmark 2: ~/d/nbdkit/nbdkit -r curl file:/var/tmp/jammy-server-cloudimg-amd64.raw --run "nbdcopy -p \$uri null:"
Time (mean ± σ): 455.0 ms ± 6.2 ms [User: 542.2 ms, System: 1824.7 ms]
Range (min … max): 449.1 ms … 471.6 ms 10 runs
Summary
' ~/d/nbdkit/nbdkit -r curl file:/var/tmp/jammy-server-cloudimg-amd64.raw --run "nbdcopy -p \$uri null:" ' ran
2.07 ± 0.05 times faster than ' nbdkit -r curl file:/var/tmp/jammy-server-cloudimg-amd64.raw --run "nbdcopy -p \$uri null:" '
Multi-conn is enabled only when we know the connection is read-only:
$ ./nbdkit -r curl file:/var/tmp/jammy-server-cloudimg-amd64.raw --run ' nbdinfo $uri ' | grep can_multi_conn
can_multi_conn: true
$ ./nbdkit curl file:/var/tmp/jammy-server-cloudimg-amd64.raw --run ' nbdinfo $uri ' | grep can_multi_conn
can_multi_conn: false
See also:
https://listman.redhat.com/archives/libguestfs/2023-February/030581.html
Reviewed-by: Eric Blake <eblake@redhat.com>
(cherry picked from commit bb0f93ad7b9de451874d0c54188bf69cd37c5409)
---
plugins/curl/curl.c | 14 ++++++++++++++
plugins/curl/curldefs.h | 1 +
2 files changed, 15 insertions(+)
diff --git a/plugins/curl/curl.c b/plugins/curl/curl.c
index e89bea99..eeba5aa4 100644
--- a/plugins/curl/curl.c
+++ b/plugins/curl/curl.c
@@ -455,6 +455,7 @@ curl_open (int readonly)
nbdkit_error ("calloc: %m");
return NULL;
}
+ h->readonly = readonly;
h->c = curl_easy_init ();
if (h->c == NULL) {
@@ -764,6 +765,18 @@ curl_get_size (void *handle)
return h->exportsize;
}
+/* Multi-conn is safe for read-only connections, but HTTP does not
+ * have any concept of flushing so we cannot use it for read-write
+ * connections.
+ */
+static int
+curl_can_multi_conn (void *handle)
+{
+ struct curl_handle *h = handle;
+
+ return !! h->readonly;
+}
+
/* NB: The terminology used by libcurl is confusing!
*
* WRITEFUNCTION / write_cb is used when reading from the remote server
@@ -907,6 +920,7 @@ static struct nbdkit_plugin plugin = {
.open = curl_open,
.close = curl_close,
.get_size = curl_get_size,
+ .can_multi_conn = curl_can_multi_conn,
.pread = curl_pread,
.pwrite = curl_pwrite,
};
diff --git a/plugins/curl/curldefs.h b/plugins/curl/curldefs.h
index f3095f92..9d4949f3 100644
--- a/plugins/curl/curldefs.h
+++ b/plugins/curl/curldefs.h
@@ -64,6 +64,7 @@ extern const char *user_agent;
/* The per-connection handle. */
struct curl_handle {
CURL *c;
+ int readonly;
bool accept_range;
int64_t exportsize;
char errbuf[CURL_ERROR_SIZE];
--
2.31.1

View File

@ -6,7 +6,7 @@ set -e
# directory. Use it like this: # directory. Use it like this:
# ./copy-patches.sh # ./copy-patches.sh
rhel_version=9.2 rhel_version=9.3
# Check we're in the right directory. # Check we're in the right directory.
if [ ! -f nbdkit.spec ]; then if [ ! -f nbdkit.spec ]; then

View File

@ -49,11 +49,11 @@ ExclusiveArch: x86_64
%global patches_touch_autotools %{nil} %global patches_touch_autotools %{nil}
# The source directory. # The source directory.
%global source_directory 1.32-stable %global source_directory 1.33-development
Name: nbdkit Name: nbdkit
Version: 1.32.5 Version: 1.33.11
Release: 4%{?dist} Release: 1%{?dist}
Summary: NBD server Summary: NBD server
License: BSD License: BSD
@ -75,13 +75,10 @@ Source2: libguestfs.keyring
Source3: copy-patches.sh Source3: copy-patches.sh
# Patches come from the upstream repository: # Patches come from the upstream repository:
# https://gitlab.com/nbdkit/nbdkit/-/commits/rhel-9.2/ # https://gitlab.com/nbdkit/nbdkit/-/commits/rhel-9.3/
# Patches. # Patches.
Patch0001: 0001-ssh-Remove-left-over-comment.patch # (nothing)
Patch0002: 0002-ssh-Improve-the-error-message-when-all-authenticatio.patch
Patch0003: 0003-luks-Avoid-crash-when-image-does-not-contain-a-LUKS-.patch
Patch0004: 0004-curl-Enable-multi-conn-for-read-only-connections.patch
# For automatic RPM Provides generation. # For automatic RPM Provides generation.
# See: https://rpm-software-management.github.io/rpm/manual/dependency_generators.html # See: https://rpm-software-management.github.io/rpm/manual/dependency_generators.html
@ -111,6 +108,7 @@ BuildRequires: e2fsprogs, e2fsprogs-devel
%if !0%{?rhel} %if !0%{?rhel}
BuildRequires: xorriso BuildRequires: xorriso
BuildRequires: rb_libtorrent-devel BuildRequires: rb_libtorrent-devel
BuildRequires: libblkio-devel
%endif %endif
BuildRequires: bash-completion BuildRequires: bash-completion
BuildRequires: perl-devel BuildRequires: perl-devel
@ -269,6 +267,18 @@ This package contains example plugins for %{name}.
# The plugins below have non-trivial dependencies are so are # The plugins below have non-trivial dependencies are so are
# packaged separately. # packaged separately.
%if !0%{?rhel}
%package blkio-plugin
Summary: libblkio NVMe, vhost-user, vDPA, VFIO plugin for %{name}
License: BSD
Requires: %{name}-server%{?_isa} = %{version}-%{release}
%description blkio-plugin
This package contains libblkio (NVMe, vhost-user, vDPA, VFIO) support
for %{name}.
%endif
%if !0%{?rhel} %if !0%{?rhel}
%package cc-plugin %package cc-plugin
Summary: Write small inline C plugins and scripts for %{name} Summary: Write small inline C plugins and scripts for %{name}
@ -689,35 +699,65 @@ autoreconf -i
# package into their vendor/ directory. # package into their vendor/ directory.
export PYTHON=%{__python3} export PYTHON=%{__python3}
%configure \ %configure \
--with-extra='%{name}-%{version}-%{release}' \
--disable-static \ --disable-static \
--with-extra='%{name}-%{version}-%{release}' \
--with-tls-priority=@NBDKIT,SYSTEM \
--with-bash-completions \
--with-curl \
--with-gnutls \
--with-liblzma \
--with-libnbd \
--with-manpages \
--with-selinux \
--with-ssh \
--with-zlib \
--enable-linuxdisk \
--enable-python \
--disable-golang \ --disable-golang \
--disable-rust \ --disable-rust \
--disable-valgrind \
%if !0%{?rhel} && 0%{?have_ocaml} %if !0%{?rhel} && 0%{?have_ocaml}
--enable-ocaml \ --enable-ocaml \
%else %else
--disable-ocaml \ --disable-ocaml \
%endif %endif
%if 0%{?rhel} %if !0%{?rhel}
--enable-lua \
--enable-perl \
--enable-ruby \
--enable-tcl \
--enable-torrent \
--with-libblkio \
--with-ext2 \
--with-iso \
--with-libvirt \
%else
--disable-lua \ --disable-lua \
--disable-perl \ --disable-perl \
--disable-ruby \ --disable-ruby \
--disable-tcl \ --disable-tcl \
--disable-torrent \
--without-libblkio \
--without-ext2 \ --without-ext2 \
--without-iso \ --without-iso \
--without-libvirt \ --without-libvirt \
%endif %endif
%ifarch x86_64
--enable-vddk \
%else
--disable-vddk \
%endif
%if !0%{?rhel} && 0%{?have_libguestfs} %if !0%{?rhel} && 0%{?have_libguestfs}
--with-libguestfs \ --with-libguestfs \
%else %else
--without-libguestfs \ --without-libguestfs \
%endif %endif
%ifarch %{complete_test_arches} %ifarch !0%{?rhel} && 0%{?have_libguestfs} && %{complete_test_arches}
--enable-libguestfs-tests \ --enable-libguestfs-tests \
%else %else
--disable-libguestfs-tests \ --disable-libguestfs-tests \
%endif %endif
--with-tls-priority=@NBDKIT,SYSTEM %{nil}
# Verify that it picked the correct version of Python # Verify that it picked the correct version of Python
# to avoid RHBZ#1404631 happening again silently. # to avoid RHBZ#1404631 happening again silently.
@ -738,7 +778,7 @@ rm -f $RPM_BUILD_ROOT%{_mandir}/man3/nbdkit-rust-plugin.3*
%if 0%{?rhel} %if 0%{?rhel}
# In RHEL, remove some plugins we cannot --disable. # In RHEL, remove some plugins we cannot --disable.
for f in cc cdi torrent; do for f in cc cdi ; do
rm -f $RPM_BUILD_ROOT%{_libdir}/%{name}/plugins/nbdkit-$f-plugin.so rm -f $RPM_BUILD_ROOT%{_libdir}/%{name}/plugins/nbdkit-$f-plugin.so
rm -f $RPM_BUILD_ROOT%{_mandir}/man?/nbdkit-$f-plugin.* rm -f $RPM_BUILD_ROOT%{_mandir}/man?/nbdkit-$f-plugin.*
done done
@ -875,6 +915,15 @@ export LIBGUESTFS_TRACE=1
%{_mandir}/man1/nbdkit-example*-plugin.1* %{_mandir}/man1/nbdkit-example*-plugin.1*
%if !0%{?rhel}
%files blkio-plugin
%doc README.md
%license LICENSE
%{_libdir}/%{name}/plugins/nbdkit-blkio-plugin.so
%{_mandir}/man1/nbdkit-blkio-plugin.1*
%endif
%if !0%{?rhel} %if !0%{?rhel}
%files cc-plugin %files cc-plugin
%doc README.md %doc README.md
@ -1200,6 +1249,10 @@ export LIBGUESTFS_TRACE=1
%changelog %changelog
* Thu Mar 09 2023 Richard W.M. Jones <rjones@redhat.com> - 1.33.11-1
- Rebase to 1.33.11
resolves: rhbz#2168629
* Fri Feb 03 2023 Richard W.M. Jones <rjones@redhat.com> - 1.32.5-4 * Fri Feb 03 2023 Richard W.M. Jones <rjones@redhat.com> - 1.32.5-4
- Rebase to new stable branch version 1.32.5 - Rebase to new stable branch version 1.32.5
resolves: rhbz#2135765 resolves: rhbz#2135765

View File

@ -1,2 +1,2 @@
SHA512 (nbdkit-1.32.5.tar.gz) = 9fe9b2ca52b855f1015eec2d1482f372f4dbc366d8297deccd98be1805fc259b685aec41ca5a1323be451e1602dd9cb0262d47b54226bcebf1f98d358fb245fe SHA512 (nbdkit-1.33.11.tar.gz) = 6101563f7f7e9d60658b19f07a661eec5efe4d60d5c840c651988dc15a6199e0064ffa9f679f2f59cc687a87c203ebc6b2c9fbb0f72274dfd03c5ec34005e544
SHA512 (nbdkit-1.32.5.tar.gz.sig) = 48afa42d9d6012886e67595f07fa14e02a5d0bc33aaef11896fb76c03d90788bcf0f143bddf698a26a3f7deaa0a019efd18e0fc9541c22f96cf81a6eed536b4d SHA512 (nbdkit-1.33.11.tar.gz.sig) = 0f947660d684b024539f8cfb8c42ea0158d005ce972eaf3dc1c94c7c4260fb353d6fbd9ecfaf64f7b2630f726f75e5632bab4c3c6bf0e8eba8059a54ee95cd13