From 07455ea208cf48aa1774b468403e7587ca20707f Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 5 Nov 2019 13:48:45 -0500 Subject: [PATCH] import virt-manager-2.2.1-2.el8 --- .gitignore | 2 +- .virt-manager.metadata | 2 +- SOURCES/symlinks | 1 + ...-CPU-model-name-only-if-model-exists.patch | 61 ------ ...x-detection-of-CPU-security-features.patch | 56 ----- ...h-belongs-to-another-pool-bz-1692489.patch | 45 ---- ...x-cpu-secure-option-to-actually-work.patch | 40 ---- ...r-cli-introduce-CPU-secure-parameter.patch | 202 ------------------ ...pecified-use-video-virtio-bz-1654994.patch | 63 ------ ...loning-with-block-storage-bz-1661986.patch | 32 --- ...PU-security-features-for-custom-mode.patch | 180 ---------------- ...ain-cpu-introduce-set_model-function.patch | 161 -------------- ...add-caching-of-CPU-security-features.patch | 64 ------ ...ilities-detect-MDS-new-vulnerability.patch | 61 ------ ...pabilities-fix-typo-in-function-name.patch | 45 ---- ...-introduce-get_cpu_security_features.patch | 108 ---------- ...-CPU-features-from-security-features.patch | 99 --------- ...hine-type-is-changed-for-secure-boot.patch | 35 +++ ...er-inspection-fix-check-of-null-icon.patch | 51 ----- ...uple-of-launchSecurity-related-typos.patch | 49 +++++ ...Add-some-tests-for-virt-xml-with-KVM.patch | 181 ---------------- ...-Add-a-test-case-for-the-last-commit.patch | 102 --------- ...t-Check-also-for-treeinfo-bz-1689252.patch | 48 ----- ...t-install-Add-Guest-OS-options-group.patch | 107 ---------- ...stall-Fix-description-for-os-variant.patch | 53 ----- ...box-to-control-CPU-security-features.patch | 186 ---------------- ...er-virt-xml-Accept-os-variant-option.patch | 90 -------- ...ager-virt-xml-Start-using-os-variant.patch | 136 ------------ SPECS/virt-manager.spec | 160 +++++++------- 29 files changed, 163 insertions(+), 2257 deletions(-) create mode 100644 SOURCES/symlinks delete mode 100644 SOURCES/virt-manager-DomainCpu-check-CPU-model-name-only-if-model-exists.patch delete mode 100644 SOURCES/virt-manager-DomainCpu-fix-detection-of-CPU-security-features.patch delete mode 100644 SOURCES/virt-manager-cli-Fix-pool-default-when-path-belongs-to-another-pool-bz-1692489.patch delete mode 100644 SOURCES/virt-manager-cli-fix-cpu-secure-option-to-actually-work.patch delete mode 100644 SOURCES/virt-manager-cli-introduce-CPU-secure-parameter.patch delete mode 100644 SOURCES/virt-manager-cli-s390x-graphics-specified-use-video-virtio-bz-1654994.patch delete mode 100644 SOURCES/virt-manager-diskbackend-Fix-backtrace-cloning-with-block-storage-bz-1661986.patch delete mode 100644 SOURCES/virt-manager-domain-cpu-automatically-add-CPU-security-features-for-custom-mode.patch delete mode 100644 SOURCES/virt-manager-domain-cpu-introduce-set_model-function.patch delete mode 100644 SOURCES/virt-manager-domcapabilities-add-caching-of-CPU-security-features.patch delete mode 100644 SOURCES/virt-manager-domcapabilities-detect-MDS-new-vulnerability.patch delete mode 100644 SOURCES/virt-manager-domcapabilities-fix-typo-in-function-name.patch delete mode 100644 SOURCES/virt-manager-domcapabilities-introduce-get_cpu_security_features.patch delete mode 100644 SOURCES/virt-manager-domcapabilities-remove-recommended-CPU-features-from-security-features.patch create mode 100644 SOURCES/virt-manager-guest-fix-warning-message-when-machine-type-is-changed-for-secure-boot.patch delete mode 100644 SOURCES/virt-manager-inspection-fix-check-of-null-icon.patch create mode 100644 SOURCES/virt-manager-man-virt-install-Fix-a-couple-of-launchSecurity-related-typos.patch delete mode 100644 SOURCES/virt-manager-tests-Add-some-tests-for-virt-xml-with-KVM.patch delete mode 100644 SOURCES/virt-manager-tests-clitest-Add-a-test-case-for-the-last-commit.patch delete mode 100644 SOURCES/virt-manager-urldetect-Check-also-for-treeinfo-bz-1689252.patch delete mode 100644 SOURCES/virt-manager-virt-install-Add-Guest-OS-options-group.patch delete mode 100644 SOURCES/virt-manager-virt-install-Fix-description-for-os-variant.patch delete mode 100644 SOURCES/virt-manager-virt-manager-add-new-checkbox-to-control-CPU-security-features.patch delete mode 100644 SOURCES/virt-manager-virt-xml-Accept-os-variant-option.patch delete mode 100644 SOURCES/virt-manager-virt-xml-Start-using-os-variant.patch diff --git a/.gitignore b/.gitignore index 6096114..2664ecc 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/virt-manager-2.0.0.tar.gz +SOURCES/virt-manager-2.2.1.tar.gz diff --git a/.virt-manager.metadata b/.virt-manager.metadata index 6d3c5d0..3e18287 100644 --- a/.virt-manager.metadata +++ b/.virt-manager.metadata @@ -1 +1 @@ -a99ff5c18281357cbf136830d7babbd22a91678a SOURCES/virt-manager-2.0.0.tar.gz +9360a95515b8e2245f1bbed5769824cafdb15baa SOURCES/virt-manager-2.2.1.tar.gz diff --git a/SOURCES/symlinks b/SOURCES/symlinks new file mode 100644 index 0000000..a862339 --- /dev/null +++ b/SOURCES/symlinks @@ -0,0 +1 @@ +data/hicolor icons diff --git a/SOURCES/virt-manager-DomainCpu-check-CPU-model-name-only-if-model-exists.patch b/SOURCES/virt-manager-DomainCpu-check-CPU-model-name-only-if-model-exists.patch deleted file mode 100644 index db4a432..0000000 --- a/SOURCES/virt-manager-DomainCpu-check-CPU-model-name-only-if-model-exists.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 6ba190915ed0be80b67423003dfdf183c47a2fb8 Mon Sep 17 00:00:00 2001 -Message-Id: <6ba190915ed0be80b67423003dfdf183c47a2fb8@dist-git> -From: Pavel Hrdina -Date: Wed, 15 May 2019 10:37:55 +0200 -Subject: [PATCH] DomainCpu: check CPU model name only if model exists - -For CPU modes other then "custom" there is no model so we should not -check the suffix of model name. - -Signed-off-by: Pavel Hrdina -Reviewed-by: Cole Robinson -(cherry picked from commit c1ebd6730cb25b57124fad6c4030345356703320) - -Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402 - -Signed-off-by: Pavel Hrdina ---- - tests/xmlparse.py | 4 ++++ - virtinst/domain/cpu.py | 9 +++++---- - 2 files changed, 9 insertions(+), 4 deletions(-) - -diff --git a/tests/xmlparse.py b/tests/xmlparse.py -index c9828fc8..58d3c1a6 100644 ---- a/tests/xmlparse.py -+++ b/tests/xmlparse.py -@@ -335,8 +335,12 @@ class XMLParseTest(unittest.TestCase): - check = self._make_checker(guest.cpu) - check("mode", "host-passthrough", "custom") - check("mode", "custom", "host-model") -+ guest.cpu.check_security_features(guest) -+ check("secure", False) - guest.cpu.set_model(guest, "qemu64") - check("model", "qemu64") -+ guest.cpu.check_security_features(guest) -+ check("secure", False) - - self._alter_compare(guest.get_xml(), outfile) - -diff --git a/virtinst/domain/cpu.py b/virtinst/domain/cpu.py -index 1d468468..66fa649b 100644 ---- a/virtinst/domain/cpu.py -+++ b/virtinst/domain/cpu.py -@@ -136,10 +136,11 @@ class DomainCpu(XMLBuilder): - return - - guestFeatures = [f.name for f in self.features if f.policy == "require"] -- if self.model.endswith("IBRS"): -- guestFeatures.append("spec-ctrl") -- if self.model.endswith("IBPB"): -- guestFeatures.append("ibpb") -+ if self.model: -+ if self.model.endswith("IBRS"): -+ guestFeatures.append("spec-ctrl") -+ if self.model.endswith("IBPB"): -+ guestFeatures.append("ibpb") - - self.secure = set(features) <= set(guestFeatures) - --- -2.21.0 - diff --git a/SOURCES/virt-manager-DomainCpu-fix-detection-of-CPU-security-features.patch b/SOURCES/virt-manager-DomainCpu-fix-detection-of-CPU-security-features.patch deleted file mode 100644 index 580e683..0000000 --- a/SOURCES/virt-manager-DomainCpu-fix-detection-of-CPU-security-features.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 703abe06db1ecfadb7e5a5f877f86d41f367300d Mon Sep 17 00:00:00 2001 -Message-Id: <703abe06db1ecfadb7e5a5f877f86d41f367300d@dist-git> -From: Pavel Hrdina -Date: Wed, 15 May 2019 10:37:54 +0200 -Subject: [PATCH] DomainCpu: fix detection of CPU security features - -VM configured with mode="host-model" will have the CPU definition -expanded once the VM is started. Libvirt will try to use the closest -CPU model with some features enabled/disabled. - -The issue is that there are some models that include spec-ctrl or ibpb -features and they will not appear in the explicit list of features and -virt-manager will not correctly detect if all security features are -enabled or not. As a workaround we can check the suffix of CPU model to -figure out which security features are enabled by the model itself. - -Signed-off-by: Pavel Hrdina -(cherry picked from commit 291f2ef21486cb54aadd40f07052aedfebef3792) - -Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402 - -Signed-off-by: Pavel Hrdina ---- - virtinst/domain/cpu.py | 16 +++++++--------- - 1 file changed, 7 insertions(+), 9 deletions(-) - -diff --git a/virtinst/domain/cpu.py b/virtinst/domain/cpu.py -index c6a411bb..1d468468 100644 ---- a/virtinst/domain/cpu.py -+++ b/virtinst/domain/cpu.py -@@ -135,15 +135,13 @@ class DomainCpu(XMLBuilder): - self.secure = False - return - -- for feature in features: -- exists = False -- for f in self.features: -- if f.name == feature and f.policy == "require": -- exists = True -- break -- if not exists: -- self.secure = False -- return -+ guestFeatures = [f.name for f in self.features if f.policy == "require"] -+ if self.model.endswith("IBRS"): -+ guestFeatures.append("spec-ctrl") -+ if self.model.endswith("IBPB"): -+ guestFeatures.append("ibpb") -+ -+ self.secure = set(features) <= set(guestFeatures) - - def _remove_security_features(self, guest): - domcaps = guest.lookup_domcaps() --- -2.21.0 - diff --git a/SOURCES/virt-manager-cli-Fix-pool-default-when-path-belongs-to-another-pool-bz-1692489.patch b/SOURCES/virt-manager-cli-Fix-pool-default-when-path-belongs-to-another-pool-bz-1692489.patch deleted file mode 100644 index ce5241e..0000000 --- a/SOURCES/virt-manager-cli-Fix-pool-default-when-path-belongs-to-another-pool-bz-1692489.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 8f09b85515f78b8e73e71abcd8f0a61cbab7d7ff Mon Sep 17 00:00:00 2001 -Message-Id: <8f09b85515f78b8e73e71abcd8f0a61cbab7d7ff@dist-git> -From: Pavel Hrdina -Date: Wed, 15 May 2019 08:06:09 -0400 -Subject: [PATCH] cli: Fix pool=default when path belongs to another pool (bz - 1692489) - -From: Cole Robinson - -Using 'virt-install --disk size=X' implicitly uses pool=default. If -a pool named 'default' exists we use that; if not, and a pool using -the default path exists under a different name, we attempt to use -that as well, and if that doesn't exist, we create pool=default - -The second case is broken, so if there's no pool=default and eg. -pool=FOO points to /var/lib/libvirt/images, we still attempt to -look up pool=default which understandably fails - -https://bugzilla.redhat.com/show_bug.cgi?id=1692489 -(cherry picked from commit a0ca387aad0fde19683aa8b5b5636add6455b8b4) -Signed-off-by: Cole Robinson - -Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1714752 ---- - virtinst/cli.py | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/virtinst/cli.py b/virtinst/cli.py -index 21467a4d..63acb642 100644 ---- a/virtinst/cli.py -+++ b/virtinst/cli.py -@@ -2029,7 +2029,9 @@ class ParserDisk(VirtCLIParser): - poolobj = None - if poolname: - if poolname == "default": -- StoragePool.build_default_pool(self.guest.conn) -+ poolxml = StoragePool.build_default_pool(self.guest.conn) -+ if poolxml: -+ poolname = poolxml.name - poolobj = self.guest.conn.storagePoolLookupByName(poolname) - - if volname: --- -2.21.0 - diff --git a/SOURCES/virt-manager-cli-fix-cpu-secure-option-to-actually-work.patch b/SOURCES/virt-manager-cli-fix-cpu-secure-option-to-actually-work.patch deleted file mode 100644 index c86e925..0000000 --- a/SOURCES/virt-manager-cli-fix-cpu-secure-option-to-actually-work.patch +++ /dev/null @@ -1,40 +0,0 @@ -From dc5ec3458d325c3824c62517d72d802b2c3caee2 Mon Sep 17 00:00:00 2001 -Message-Id: -From: Pavel Hrdina -Date: Wed, 22 May 2019 18:08:31 +0200 -Subject: [PATCH] cli: fix cpu secure option to actually work - -The 'secure' option is processed after the model is already set. -CPU security options are resolved while setting CPU model so we need -to know the 'secure' option value before we set the CPU model. - -Signed-off-by: Pavel Hrdina -(cherry picked from commit 06c2f873972fd4c60a57c8b8f07fe3cec4ddfcf4) - -Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402 - -Signed-off-by: Pavel Hrdina ---- - virtinst/cli.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/virtinst/cli.py b/virtinst/cli.py -index 0bfa3b94..139be8f9 100644 ---- a/virtinst/cli.py -+++ b/virtinst/cli.py -@@ -1493,11 +1493,11 @@ class ParserCPU(VirtCLIParser): - - - _register_virt_parser(ParserCPU) -+ParserCPU.add_arg("secure", "secure", is_onoff=True) - ParserCPU.add_arg(None, "model", cb=ParserCPU.set_model_cb) - ParserCPU.add_arg("mode", "mode") - ParserCPU.add_arg("match", "match") - ParserCPU.add_arg("vendor", "vendor") --ParserCPU.add_arg("secure", "secure", is_onoff=True) - - ParserCPU.add_arg(None, "force", is_list=True, cb=ParserCPU.set_feature_cb) - ParserCPU.add_arg(None, "require", is_list=True, cb=ParserCPU.set_feature_cb) --- -2.21.0 - diff --git a/SOURCES/virt-manager-cli-introduce-CPU-secure-parameter.patch b/SOURCES/virt-manager-cli-introduce-CPU-secure-parameter.patch deleted file mode 100644 index bd17080..0000000 --- a/SOURCES/virt-manager-cli-introduce-CPU-secure-parameter.patch +++ /dev/null @@ -1,202 +0,0 @@ -From 55e2f03d72ecab6bd0e42a31a07b4d3f2471fd7e Mon Sep 17 00:00:00 2001 -Message-Id: <55e2f03d72ecab6bd0e42a31a07b4d3f2471fd7e@dist-git> -From: Pavel Hrdina -Date: Wed, 15 May 2019 10:37:51 +0200 -Subject: [PATCH] cli: introduce CPU secure parameter -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This will allow users to override the default behavior of virt-install -which copies CPU security features available on the host to the guest -XML if specific CPU model is configured. - -Signed-off-by: Pavel Hrdina -Reviewed-by: Daniel P. Berrangé -(cherry picked from commit 22342ef7ee526f8a5b5a65266363c33c70c8be43) - -Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402 - -Signed-off-by: Pavel Hrdina ---- - man/virt-install.pod | 11 ++- - .../compare/virt-install-cpu-disable-sec.xml | 93 +++++++++++++++++++ - tests/clitest.py | 1 + - virtinst/cli.py | 1 + - virtinst/domain/cpu.py | 7 +- - 5 files changed, 111 insertions(+), 2 deletions(-) - create mode 100644 tests/cli-test-xml/compare/virt-install-cpu-disable-sec.xml - -diff --git a/man/virt-install.pod b/man/virt-install.pod -index 5b7a784c..1cd31fa2 100644 ---- a/man/virt-install.pod -+++ b/man/virt-install.pod -@@ -216,7 +216,16 @@ required value is MODEL, which is a valid CPU model as known to libvirt. - - Libvirt's feature policy values force, require, optional, disable, or forbid, - or with the shorthand '+feature' and '-feature', which equal 'force=feature' --and 'disable=feature' respectively -+and 'disable=feature' respectively. -+ -+If exact CPU model is specified virt-install will automatically copy CPU -+features available on the host to mitigate recent CPU speculative execution -+side channel security vulnerabilities. This however will have some impact -+on performance and will break migration to hosts without security patches. -+In order to control this behavior there is a B parameter. Possible -+values are I and I, with I as the default. It is highly -+recommended to leave this enabled and ensure all virtualization hosts have -+fully up to date microcode, kernel & virtualization software installed. - - Some examples: - -diff --git a/tests/cli-test-xml/compare/virt-install-cpu-disable-sec.xml b/tests/cli-test-xml/compare/virt-install-cpu-disable-sec.xml -new file mode 100644 -index 00000000..a86d6926 ---- /dev/null -+++ b/tests/cli-test-xml/compare/virt-install-cpu-disable-sec.xml -@@ -0,0 +1,93 @@ -+ -+ foobar -+ 00000000-1111-2222-3333-444444444444 -+ 65536 -+ 65536 -+ 1 -+ -+ hvm -+ -+ -+ -+ -+ -+ -+ -+ qemu64 -+ -+ -+ -+ -+ -+ -+ destroy -+ -+ -+ -+ -+ -+ /usr/bin/qemu-kvm -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ foobar -+ 00000000-1111-2222-3333-444444444444 -+ 65536 -+ 65536 -+ 1 -+ -+ hvm -+ -+ -+ -+ -+ -+ -+ -+ qemu64 -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ /usr/bin/qemu-kvm -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -diff --git a/tests/clitest.py b/tests/clitest.py -index ecdf3731..32ce66e6 100644 ---- a/tests/clitest.py -+++ b/tests/clitest.py -@@ -568,6 +568,7 @@ c.add_invalid("--clock foo_tickpolicy=merge") # Unknown timer - c.add_invalid("--security foobar") # Busted --security - c.add_compare("--cpuset auto --vcpus 2", "cpuset-auto") # --cpuset=auto actually works - c.add_compare("--memory 1024,hotplugmemorymax=2048,hotplugmemoryslots=2 --cpu cell0.cpus=0,cell0.memory=1048576 --memdev dimm,access=private,target_size=512,target_node=0,source_pagesize=4,source_nodemask=1-2 --memdev nvdimm,source_path=/path/to/nvdimm,target_size=512,target_node=0,target_label_size=128", "memory-hotplug") -+c.add_compare("--connect " + utils.URIs.kvm_q35 + " --cpu qemu64,secure=off", "cpu-disable-sec") # disable security features that are added by default - - - -diff --git a/virtinst/cli.py b/virtinst/cli.py -index b10c22aa..0bfa3b94 100644 ---- a/virtinst/cli.py -+++ b/virtinst/cli.py -@@ -1497,6 +1497,7 @@ ParserCPU.add_arg(None, "model", cb=ParserCPU.set_model_cb) - ParserCPU.add_arg("mode", "mode") - ParserCPU.add_arg("match", "match") - ParserCPU.add_arg("vendor", "vendor") -+ParserCPU.add_arg("secure", "secure", is_onoff=True) - - ParserCPU.add_arg(None, "force", is_list=True, cb=ParserCPU.set_feature_cb) - ParserCPU.add_arg(None, "require", is_list=True, cb=ParserCPU.set_feature_cb) -diff --git a/virtinst/domain/cpu.py b/virtinst/domain/cpu.py -index e3992cf4..ab40f788 100644 ---- a/virtinst/domain/cpu.py -+++ b/virtinst/domain/cpu.py -@@ -65,6 +65,8 @@ class DomainCpu(XMLBuilder): - _XML_PROP_ORDER = ["mode", "match", "model", "vendor", - "sockets", "cores", "threads", "features"] - -+ secure = True -+ - special_mode_was_set = False - # These values are exposed on the command line, so are stable API - SPECIAL_MODE_HOST_MODEL_ONLY = "host-model-only" -@@ -127,7 +129,10 @@ class DomainCpu(XMLBuilder): - self.mode = "custom" - if not self.match: - self.match = "exact" -- self._add_security_features(guest) -+ if self.secure: -+ self._add_security_features(guest) -+ else: -+ self._remove_security_features(guest) - self.model = val - - def add_feature(self, name, policy="require"): --- -2.21.0 - diff --git a/SOURCES/virt-manager-cli-s390x-graphics-specified-use-video-virtio-bz-1654994.patch b/SOURCES/virt-manager-cli-s390x-graphics-specified-use-video-virtio-bz-1654994.patch deleted file mode 100644 index 1e28831..0000000 --- a/SOURCES/virt-manager-cli-s390x-graphics-specified-use-video-virtio-bz-1654994.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 533879fd8da90eba207c63e2d70472efda9dc612 Mon Sep 17 00:00:00 2001 -Message-Id: <533879fd8da90eba207c63e2d70472efda9dc612@dist-git> -From: Pavel Hrdina -Date: Thu, 13 Dec 2018 16:39:43 -0500 -Subject: [PATCH] cli: s390x+graphics specified, use video=virtio (bz #1654994) - -From: Cole Robinson - -s390x doesn't support any of the PCI graphics cards - -https://bugzilla.redhat.com/show_bug.cgi?id=1654994 -(cherry picked from commit b91393e6c35b0e2903dbb50bb57a64464a7a3802) -Signed-off-by: Pavel Hrdina ---- - .../cli-test-xml/compare/virt-install-s390x-cdrom-KVMIBM.xml | 4 ++++ - tests/clitest.py | 2 +- - virtinst/devices/video.py | 2 ++ - 3 files changed, 7 insertions(+), 1 deletion(-) - -diff --git a/tests/cli-test-xml/compare/virt-install-s390x-cdrom-KVMIBM.xml b/tests/cli-test-xml/compare/virt-install-s390x-cdrom-KVMIBM.xml -index a8038855..82fe6350 100644 ---- a/tests/cli-test-xml/compare/virt-install-s390x-cdrom-KVMIBM.xml -+++ b/tests/cli-test-xml/compare/virt-install-s390x-cdrom-KVMIBM.xml -@@ -36,6 +36,10 @@ - - - -+ -+ - - - -diff --git a/tests/clitest.py b/tests/clitest.py -index 039938db..824293e4 100644 ---- a/tests/clitest.py -+++ b/tests/clitest.py -@@ -720,7 +720,7 @@ c.add_compare("--connect %(URI-KVM-PPC64LE)s --import --disk %(EXISTIMG1)s --os- - - # s390x tests - c.add_compare("--arch s390x --machine s390-ccw-virtio --connect %(URI-KVM-S390X)s --boot kernel=/kernel.img,initrd=/initrd.img --disk %(EXISTIMG1)s --disk %(EXISTIMG3)s,device=cdrom --os-variant fedora21", "s390x-cdrom", skip_check=OLD_OSINFO) --c.add_compare("--arch s390x --machine s390-ccw-virtio --connect " + utils.URIs.kvm_s390x_KVMIBM + " --boot kernel=/kernel.img,initrd=/initrd.img --disk %(EXISTIMG1)s --disk %(EXISTIMG3)s,device=cdrom --os-variant fedora21 --watchdog diag288,action=reset --panic default", "s390x-cdrom-KVMIBM") -+c.add_compare("--arch s390x --machine s390-ccw-virtio --connect " + utils.URIs.kvm_s390x_KVMIBM + " --boot kernel=/kernel.img,initrd=/initrd.img --disk %(EXISTIMG1)s --disk %(EXISTIMG3)s,device=cdrom --os-variant fedora21 --watchdog diag288,action=reset --panic default --graphics vnc", "s390x-cdrom-KVMIBM") - - # qemu:///session tests - c.add_compare("--connect " + utils.URIs.kvm_session + " --disk size=8 --os-variant fedora21 --cdrom %(EXISTIMG1)s", "kvm-session-defaults", skip_check=OLD_OSINFO) -diff --git a/virtinst/devices/video.py b/virtinst/devices/video.py -index 5978a421..276f8187 100644 ---- a/virtinst/devices/video.py -+++ b/virtinst/devices/video.py -@@ -46,6 +46,8 @@ class DeviceVideo(Device): - return "vga" - if guest.os.is_arm_machvirt(): - return "virtio" -+ if guest.conn.is_qemu() and guest.os.is_s390x(): -+ return "virtio" - if guest.has_spice() and guest.os.is_x86(): - if guest.has_gl(): - return "virtio" --- -2.19.2 - diff --git a/SOURCES/virt-manager-diskbackend-Fix-backtrace-cloning-with-block-storage-bz-1661986.patch b/SOURCES/virt-manager-diskbackend-Fix-backtrace-cloning-with-block-storage-bz-1661986.patch deleted file mode 100644 index 4c59ae5..0000000 --- a/SOURCES/virt-manager-diskbackend-Fix-backtrace-cloning-with-block-storage-bz-1661986.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 5ace424b75538b3a5f8b06536c6de38a91d749ff Mon Sep 17 00:00:00 2001 -Message-Id: <5ace424b75538b3a5f8b06536c6de38a91d749ff@dist-git> -From: Pavel Hrdina -Date: Thu, 10 Jan 2019 12:58:43 -0500 -Subject: [PATCH] diskbackend: Fix backtrace cloning with block storage (bz - #1661986) - -From: Cole Robinson - -https://bugzilla.redhat.com/show_bug.cgi?id=1661986 -(cherry picked from commit 722886748006b880ff6a99781b2aca0751aafc55) -Signed-off-by: Pavel Hrdina ---- - virtinst/diskbackend.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/virtinst/diskbackend.py b/virtinst/diskbackend.py -index b9340585..3366e88d 100644 ---- a/virtinst/diskbackend.py -+++ b/virtinst/diskbackend.py -@@ -530,7 +530,7 @@ class CloneStorageCreator(_StorageCreator): - else: - vfs = os.statvfs(os.path.dirname(self._path)) - avail = vfs.f_frsize * vfs.f_bavail -- need = int(self._size) * 1024 * 1024 * 1024 -+ need = int(self._size) * 1024 * 1024 * 1024 - if need > avail: - if self._sparse: - msg = _("The filesystem will not have enough free space" --- -2.20.1 - diff --git a/SOURCES/virt-manager-domain-cpu-automatically-add-CPU-security-features-for-custom-mode.patch b/SOURCES/virt-manager-domain-cpu-automatically-add-CPU-security-features-for-custom-mode.patch deleted file mode 100644 index 543db20..0000000 --- a/SOURCES/virt-manager-domain-cpu-automatically-add-CPU-security-features-for-custom-mode.patch +++ /dev/null @@ -1,180 +0,0 @@ -From 9080810abab3d5679d20b3b8874d2fce2c28d522 Mon Sep 17 00:00:00 2001 -Message-Id: <9080810abab3d5679d20b3b8874d2fce2c28d522@dist-git> -From: Pavel Hrdina -Date: Wed, 15 May 2019 10:37:48 +0200 -Subject: [PATCH] domain: cpu: automatically add CPU security features for - "custom" mode - -If user selects specific CPU model to be configured for guest we will -automatically add CPU security features to make sure that the guest is -not vulnerable to these CPU HW bugs. - -Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1582667 - -Signed-off-by: Pavel Hrdina -Reviewed-by: Cole Robinson -(cherry picked from commit fb5136a6a9457894ff1e24a1f9d5f0af0a8e8bd1) - -Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402 - -Signed-off-by: Pavel Hrdina ---- - .../compare/virt-install-qemu-plain.xml | 2 ++ - .../virt-install-singleton-config-2.xml | 4 ++++ - tests/xmlparse.py | 6 +++--- - virtManager/domain.py | 2 +- - virtinst/cli.py | 2 +- - virtinst/domain/cpu.py | 20 +++++++++++++++---- - 6 files changed, 27 insertions(+), 9 deletions(-) - -diff --git a/tests/cli-test-xml/compare/virt-install-qemu-plain.xml b/tests/cli-test-xml/compare/virt-install-qemu-plain.xml -index d00e0cf4..eb1542c3 100644 ---- a/tests/cli-test-xml/compare/virt-install-qemu-plain.xml -+++ b/tests/cli-test-xml/compare/virt-install-qemu-plain.xml -@@ -20,6 +20,8 @@ - - - Penryn -+ -+ - - - -diff --git a/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml b/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml -index 621639e1..0861f62a 100644 ---- a/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml -+++ b/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml -@@ -93,6 +93,8 @@ - foobar - meee - -+ -+ - - - -@@ -282,6 +284,8 @@ - foobar - meee - -+ -+ - - - -diff --git a/tests/xmlparse.py b/tests/xmlparse.py -index 61552720..c9828fc8 100644 ---- a/tests/xmlparse.py -+++ b/tests/xmlparse.py -@@ -176,7 +176,7 @@ class XMLParseTest(unittest.TestCase): - - check = self._make_checker(guest.cpu) - check("match", "exact", "strict") -- guest.cpu.set_model("qemu64") -+ guest.cpu.set_model(guest, "qemu64") - check("model", "qemu64") - check("vendor", "Intel", "qemuvendor") - check("threads", 2, 1) -@@ -269,7 +269,7 @@ class XMLParseTest(unittest.TestCase): - - check = self._make_checker(guest.cpu) - check("model", None) -- guest.cpu.set_model("foobar") -+ guest.cpu.set_model(guest, "foobar") - check("model", "foobar") - check("model_fallback", None, "allow") - check("cores", None, 4) -@@ -335,7 +335,7 @@ class XMLParseTest(unittest.TestCase): - check = self._make_checker(guest.cpu) - check("mode", "host-passthrough", "custom") - check("mode", "custom", "host-model") -- guest.cpu.set_model("qemu64") -+ guest.cpu.set_model(guest, "qemu64") - check("model", "qemu64") - - self._alter_compare(guest.get_xml(), outfile) -diff --git a/virtManager/domain.py b/virtManager/domain.py -index 96469969..5b3f1e44 100644 ---- a/virtManager/domain.py -+++ b/virtManager/domain.py -@@ -513,7 +513,7 @@ class vmmDomain(vmmLibvirtObject): - if model in guest.cpu.SPECIAL_MODES: - guest.cpu.set_special_mode(guest, model) - else: -- guest.cpu.set_model(model) -+ guest.cpu.set_model(guest, model) - self._redefine_xmlobj(guest) - - def define_memory(self, memory=_SENTINEL, maxmem=_SENTINEL): -diff --git a/virtinst/cli.py b/virtinst/cli.py -index e384b03a..b10c22aa 100644 ---- a/virtinst/cli.py -+++ b/virtinst/cli.py -@@ -1442,7 +1442,7 @@ class ParserCPU(VirtCLIParser): - if val in inst.SPECIAL_MODES: - inst.set_special_mode(self.guest, val) - else: -- inst.set_model(val) -+ inst.set_model(self.guest, val) - - def set_feature_cb(self, inst, val, virtarg): - policy = virtarg.cliname -diff --git a/virtinst/domain/cpu.py b/virtinst/domain/cpu.py -index 0673324c..e3992cf4 100644 ---- a/virtinst/domain/cpu.py -+++ b/virtinst/domain/cpu.py -@@ -103,19 +103,31 @@ class DomainCpu(XMLBuilder): - elif val == self.SPECIAL_MODE_HOST_MODEL_ONLY: - if self.conn.caps.host.cpu.model: - self.clear() -- self.set_model(self.conn.caps.host.cpu.model) -+ self.set_model(guest, self.conn.caps.host.cpu.model) - else: - raise RuntimeError("programming error: unknown " - "special cpu mode '%s'" % val) - - self.special_mode_was_set = True - -- def set_model(self, val): -+ def _add_security_features(self, guest): -+ domcaps = guest.lookup_domcaps() -+ for feature in domcaps.get_cpu_security_features(): -+ exists = False -+ for f in self.features: -+ if f.name == feature: -+ exists = True -+ break -+ if not exists: -+ self.add_feature(feature) -+ -+ def set_model(self, guest, val): - logging.debug("setting cpu model %s", val) - if val: - self.mode = "custom" - if not self.match: - self.match = "exact" -+ self._add_security_features(guest) - self.model = val - - def add_feature(self, name, policy="require"): -@@ -147,7 +159,7 @@ class DomainCpu(XMLBuilder): - - self.mode = "custom" - self.match = "exact" -- self.set_model(model) -+ self.set_model(guest, model) - if fallback: - self.model_fallback = fallback - self.vendor = cpu.vendor -@@ -271,7 +283,7 @@ class DomainCpu(XMLBuilder): - - elif guest.os.is_arm64() and guest.os.is_arm_machvirt(): - # -M virt defaults to a 32bit CPU, even if using aarch64 -- self.set_model("cortex-a57") -+ self.set_model(guest, "cortex-a57") - - elif guest.os.is_x86() and guest.type == "kvm": - self._set_cpu_x86_kvm_default(guest) --- -2.21.0 - diff --git a/SOURCES/virt-manager-domain-cpu-introduce-set_model-function.patch b/SOURCES/virt-manager-domain-cpu-introduce-set_model-function.patch deleted file mode 100644 index fbc3871..0000000 --- a/SOURCES/virt-manager-domain-cpu-introduce-set_model-function.patch +++ /dev/null @@ -1,161 +0,0 @@ -From 220390ebd48b33d1d1fae747dc41f1aedd7646e0 Mon Sep 17 00:00:00 2001 -Message-Id: <220390ebd48b33d1d1fae747dc41f1aedd7646e0@dist-git> -From: Pavel Hrdina -Date: Wed, 15 May 2019 10:37:47 +0200 -Subject: [PATCH] domain: cpu: introduce set_model function - -We will need to pass another variable into the setter so we cannot use -the property setter. - -Signed-off-by: Pavel Hrdina -Reviewed-by: Cole Robinson -(cherry picked from commit 6423f653fd2d895d5addf37a6d504dbc9a4a0d6f) - -Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402 - -Signed-off-by: Pavel Hrdina ---- - tests/xmlparse.py | 11 +++++++---- - virtManager/domain.py | 2 +- - virtinst/cli.py | 2 +- - virtinst/domain/cpu.py | 28 +++++++++++++--------------- - 4 files changed, 22 insertions(+), 21 deletions(-) - -diff --git a/tests/xmlparse.py b/tests/xmlparse.py -index 709bc48f..61552720 100644 ---- a/tests/xmlparse.py -+++ b/tests/xmlparse.py -@@ -176,7 +176,8 @@ class XMLParseTest(unittest.TestCase): - - check = self._make_checker(guest.cpu) - check("match", "exact", "strict") -- check("model", "footest", "qemu64") -+ guest.cpu.set_model("qemu64") -+ check("model", "qemu64") - check("vendor", "Intel", "qemuvendor") - check("threads", 2, 1) - check("cores", 5, 3) -@@ -267,7 +268,9 @@ class XMLParseTest(unittest.TestCase): - guest.seclabels[0].get_xml().startswith(" XML - """ - XML_NAME = "cpu" -- _XML_PROP_ORDER = ["mode", "match", "_model", "vendor", -+ _XML_PROP_ORDER = ["mode", "match", "model", "vendor", - "sockets", "cores", "threads", "features"] - - special_mode_was_set = False -@@ -103,13 +103,21 @@ class DomainCpu(XMLBuilder): - elif val == self.SPECIAL_MODE_HOST_MODEL_ONLY: - if self.conn.caps.host.cpu.model: - self.clear() -- self.model = self.conn.caps.host.cpu.model -+ self.set_model(self.conn.caps.host.cpu.model) - else: - raise RuntimeError("programming error: unknown " - "special cpu mode '%s'" % val) - - self.special_mode_was_set = True - -+ def set_model(self, val): -+ logging.debug("setting cpu model %s", val) -+ if val: -+ self.mode = "custom" -+ if not self.match: -+ self.match = "exact" -+ self.model = val -+ - def add_feature(self, name, policy="require"): - feature = self.features.add_new() - feature.name = name -@@ -139,7 +147,7 @@ class DomainCpu(XMLBuilder): - - self.mode = "custom" - self.match = "exact" -- self.model = model -+ self.set_model(model) - if fallback: - self.model_fallback = fallback - self.vendor = cpu.vendor -@@ -201,17 +209,7 @@ class DomainCpu(XMLBuilder): - # XML properties # - ################## - -- def _set_model(self, val): -- if val: -- self.mode = "custom" -- if not self.match: -- self.match = "exact" -- self._model = val -- def _get_model(self): -- return self._model -- _model = XMLProperty("./model") -- model = property(_get_model, _set_model) -- -+ model = XMLProperty("./model") - model_fallback = XMLProperty("./model/@fallback") - - match = XMLProperty("./@match") -@@ -273,7 +271,7 @@ class DomainCpu(XMLBuilder): - - elif guest.os.is_arm64() and guest.os.is_arm_machvirt(): - # -M virt defaults to a 32bit CPU, even if using aarch64 -- self.model = "cortex-a57" -+ self.set_model("cortex-a57") - - elif guest.os.is_x86() and guest.type == "kvm": - self._set_cpu_x86_kvm_default(guest) --- -2.21.0 - diff --git a/SOURCES/virt-manager-domcapabilities-add-caching-of-CPU-security-features.patch b/SOURCES/virt-manager-domcapabilities-add-caching-of-CPU-security-features.patch deleted file mode 100644 index 7a84422..0000000 --- a/SOURCES/virt-manager-domcapabilities-add-caching-of-CPU-security-features.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 0424ece6003d2a06f41f4277bb258d6f753c70c6 Mon Sep 17 00:00:00 2001 -Message-Id: <0424ece6003d2a06f41f4277bb258d6f753c70c6@dist-git> -From: Pavel Hrdina -Date: Wed, 15 May 2019 10:37:52 +0200 -Subject: [PATCH] domcapabilities: add caching of CPU security features -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -We will call this function multiple times so it makes sense to cache the -result so we don't have to call libvirt APIs every time we will check -what security features are available on the host. - -Signed-off-by: Pavel Hrdina -Reviewed-by: Daniel P. Berrangé -(cherry picked from commit 00f8dea370ae0874dc655d3718978a6a8e397a34) - -Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402 - -Signed-off-by: Pavel Hrdina ---- - virtinst/domcapabilities.py | 11 ++++++++--- - 1 file changed, 8 insertions(+), 3 deletions(-) - -diff --git a/virtinst/domcapabilities.py b/virtinst/domcapabilities.py -index 2905aa9e..6636addf 100644 ---- a/virtinst/domcapabilities.py -+++ b/virtinst/domcapabilities.py -@@ -260,6 +260,8 @@ class DomainCapabilities(XMLBuilder): - - return DomainCpu(self.conn, expandedXML) - -+ _features = None -+ - def get_cpu_security_features(self): - sec_features = [ - 'spec-ctrl', -@@ -267,7 +269,10 @@ class DomainCapabilities(XMLBuilder): - 'ibpb', - 'virt-ssbd'] - -- features = [] -+ if self._features: -+ return self._features -+ -+ self._features = [] - - for m in self.cpu.modes: - if m.name != "host-model" or not m.supported: -@@ -281,9 +286,9 @@ class DomainCapabilities(XMLBuilder): - - for feature in cpu.features: - if feature.name in sec_features: -- features.append(feature.name) -+ self._features.append(feature.name) - -- return features -+ return self._features - - - XML_NAME = "domainCapabilities" --- -2.21.0 - diff --git a/SOURCES/virt-manager-domcapabilities-detect-MDS-new-vulnerability.patch b/SOURCES/virt-manager-domcapabilities-detect-MDS-new-vulnerability.patch deleted file mode 100644 index ded1bf9..0000000 --- a/SOURCES/virt-manager-domcapabilities-detect-MDS-new-vulnerability.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 961ffb1709e7af8c394093aca94f64b4c5ffda36 Mon Sep 17 00:00:00 2001 -Message-Id: <961ffb1709e7af8c394093aca94f64b4c5ffda36@dist-git> -From: Pavel Hrdina -Date: Wed, 15 May 2019 10:37:56 +0200 -Subject: [PATCH] domcapabilities: detect MDS new vulnerability - -There is a new security feature 'md-clear' that mitigates recent CPU -Microarchitectural Store Buffer Data vulnerability. - -Signed-off-by: Pavel Hrdina -(cherry picked from commit c11d6ba4d7024eaac83b6e2d6ae88172f4c01e98) - -Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402 - -Signed-off-by: Pavel Hrdina ---- - man/virt-install.pod | 13 +++++++------ - virtinst/domcapabilities.py | 3 ++- - 2 files changed, 9 insertions(+), 7 deletions(-) - -diff --git a/man/virt-install.pod b/man/virt-install.pod -index 1cd31fa2..f845ccb3 100644 ---- a/man/virt-install.pod -+++ b/man/virt-install.pod -@@ -220,12 +220,13 @@ and 'disable=feature' respectively. - - If exact CPU model is specified virt-install will automatically copy CPU - features available on the host to mitigate recent CPU speculative execution --side channel security vulnerabilities. This however will have some impact --on performance and will break migration to hosts without security patches. --In order to control this behavior there is a B parameter. Possible --values are I and I, with I as the default. It is highly --recommended to leave this enabled and ensure all virtualization hosts have --fully up to date microcode, kernel & virtualization software installed. -+side channel and Microarchitectural Store Buffer Data security vulnerabilities. -+This however will have some impact on performance and will break migration -+to hosts without security patches. In order to control this behavior there -+is a B parameter. Possible values are I and I, with I -+as the default. It is highly recommended to leave this enabled and ensure all -+virtualization hosts have fully up to date microcode, kernel & virtualization -+software installed. - - Some examples: - -diff --git a/virtinst/domcapabilities.py b/virtinst/domcapabilities.py -index 6636addf..74e5c842 100644 ---- a/virtinst/domcapabilities.py -+++ b/virtinst/domcapabilities.py -@@ -267,7 +267,8 @@ class DomainCapabilities(XMLBuilder): - 'spec-ctrl', - 'ssbd', - 'ibpb', -- 'virt-ssbd'] -+ 'virt-ssbd', -+ 'md-clear'] - - if self._features: - return self._features --- -2.21.0 - diff --git a/SOURCES/virt-manager-domcapabilities-fix-typo-in-function-name.patch b/SOURCES/virt-manager-domcapabilities-fix-typo-in-function-name.patch deleted file mode 100644 index cab17ba..0000000 --- a/SOURCES/virt-manager-domcapabilities-fix-typo-in-function-name.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 7c3db309efe09e0bdf8834842525c5aa91a80387 Mon Sep 17 00:00:00 2001 -Message-Id: <7c3db309efe09e0bdf8834842525c5aa91a80387@dist-git> -From: Pavel Hrdina -Date: Wed, 15 May 2019 10:37:50 +0200 -Subject: [PATCH] domcapabilities: fix typo in function name -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Pavel Hrdina -Reviewed-by: Daniel P. Berrangé -(cherry picked from commit b711b28b1af6998f57d5610139439518545663f0) - -Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402 - -Signed-off-by: Pavel Hrdina ---- - virtinst/domcapabilities.py | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/virtinst/domcapabilities.py b/virtinst/domcapabilities.py -index 42a18f1e..2905aa9e 100644 ---- a/virtinst/domcapabilities.py -+++ b/virtinst/domcapabilities.py -@@ -244,7 +244,7 @@ class DomainCapabilities(XMLBuilder): - arch.text = self.arch - return ET.tostring(root, encoding="unicode") - -- def _get_expandned_cpu(self, mode): -+ def _get_expanded_cpu(self, mode): - cpuXML = self._convert_mode_to_cpu(mode.get_xml()) - logging.debug("CPU XML for security flag baseline: %s", cpuXML) - -@@ -274,7 +274,7 @@ class DomainCapabilities(XMLBuilder): - continue - - try: -- cpu = self._get_expandned_cpu(m) -+ cpu = self._get_expanded_cpu(m) - except libvirt.libvirtError as e: - logging.warning(_("Failed to get expanded CPU XML: %s"), e) - break --- -2.21.0 - diff --git a/SOURCES/virt-manager-domcapabilities-introduce-get_cpu_security_features.patch b/SOURCES/virt-manager-domcapabilities-introduce-get_cpu_security_features.patch deleted file mode 100644 index 8abb577..0000000 --- a/SOURCES/virt-manager-domcapabilities-introduce-get_cpu_security_features.patch +++ /dev/null @@ -1,108 +0,0 @@ -From 6088fe594a3a5d383e345029473e2dd933dc8220 Mon Sep 17 00:00:00 2001 -Message-Id: <6088fe594a3a5d383e345029473e2dd933dc8220@dist-git> -From: Pavel Hrdina -Date: Wed, 15 May 2019 10:37:46 +0200 -Subject: [PATCH] domcapabilities: introduce get_cpu_security_features - -Get all CPU security features that we should enable for guests. - -In order to do that we need to get CPU definition from domain -capabilities and modify the XML so it is in required format for -libvirt CPU baseline APIs. We will prefer the baselineHypervisorCPU -API because that considers what QEMU actually supports and we will -fallback to baselineCPU API if the better one is not supported by -libvirt. - -This way we can figure out which of the security features are actually -available on that specific host for that specific QEMU binary. - -Signed-off-by: Pavel Hrdina -Reviewed-by: Cole Robinson -(cherry picked from commit 4a8b6363c0891e37d9532213a046c5c57aedfd8b) - -Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402 - -Signed-off-by: Pavel Hrdina ---- - virtinst/domcapabilities.py | 57 +++++++++++++++++++++++++++++++++++++ - 1 file changed, 57 insertions(+) - -diff --git a/virtinst/domcapabilities.py b/virtinst/domcapabilities.py -index 4cbb7f20..28ed8630 100644 ---- a/virtinst/domcapabilities.py -+++ b/virtinst/domcapabilities.py -@@ -8,7 +8,11 @@ - - import logging - import re -+import xml.etree.ElementTree as ET - -+import libvirt -+ -+from .domain import DomainCpu - from .xmlbuilder import XMLBuilder, XMLChildProperty, XMLProperty - - -@@ -232,6 +236,59 @@ class DomainCapabilities(XMLBuilder): - return [(m.name == "host-model" and m.supported) - for m in self.cpu.modes] - -+ def _convert_mode_to_cpu(self, xml): -+ root = ET.fromstring(xml) -+ root.tag = "cpu" -+ root.attrib = None -+ arch = ET.SubElement(root, "arch") -+ arch.text = self.arch -+ return ET.tostring(root, encoding="unicode") -+ -+ def _get_expandned_cpu(self, mode): -+ cpuXML = self._convert_mode_to_cpu(mode.get_xml()) -+ logging.debug("CPU XML for security flag baseline: %s", cpuXML) -+ -+ try: -+ expandedXML = self.conn.baselineHypervisorCPU( -+ self.path, self.arch, self.machine, self.domain, [cpuXML], -+ libvirt.VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES) -+ except libvirt.libvirtError: -+ expandedXML = self.conn.baselineCPU([cpuXML], -+ libvirt.VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES) -+ -+ logging.debug("Expanded CPU XML: %s", expandedXML) -+ -+ return DomainCpu(self.conn, expandedXML) -+ -+ def get_cpu_security_features(self): -+ sec_features = [ -+ 'pcid', -+ 'spec-ctrl', -+ 'ssbd', -+ 'pdpe1gb', -+ 'ibpb', -+ 'virt-ssbd', -+ 'amd-ssbd', -+ 'amd-no-ssb'] -+ -+ features = [] -+ -+ for m in self.cpu.modes: -+ if m.name != "host-model" or not m.supported: -+ continue -+ -+ try: -+ cpu = self._get_expandned_cpu(m) -+ except libvirt.libvirtError as e: -+ logging.warning(_("Failed to get expanded CPU XML: %s"), e) -+ break -+ -+ for feature in cpu.features: -+ if feature.name in sec_features: -+ features.append(feature.name) -+ -+ return features -+ - - XML_NAME = "domainCapabilities" - os = XMLChildProperty(_OS, is_single=True) --- -2.21.0 - diff --git a/SOURCES/virt-manager-domcapabilities-remove-recommended-CPU-features-from-security-features.patch b/SOURCES/virt-manager-domcapabilities-remove-recommended-CPU-features-from-security-features.patch deleted file mode 100644 index e81c786..0000000 --- a/SOURCES/virt-manager-domcapabilities-remove-recommended-CPU-features-from-security-features.patch +++ /dev/null @@ -1,99 +0,0 @@ -From 1e605c106819be56f16e6e057015d7a42600c0ba Mon Sep 17 00:00:00 2001 -Message-Id: <1e605c106819be56f16e6e057015d7a42600c0ba@dist-git> -From: Pavel Hrdina -Date: Wed, 15 May 2019 10:37:49 +0200 -Subject: [PATCH] domcapabilities: remove recommended CPU features from - security features -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -These features are only recommended to be enabled since they improve -performance of the VMs if security features are enabled. - -pcid is a very useful perf feature, but missing in some silicon -so not portable. - -pdpe1gb lets the guest use 1 GB pages which is good for perf -but again not all silicon can do it. - -amd-ssbd is a security feature which fixes the same SSBD flaws as the -virt-ssbd feature does. virt-ssbd is usable across all CPU models -affected by SSBD, while amd-ssbd is only available in very new silicon. -So virt-ssbd is the bette rchoice. - -amd-no-ssb just indicates that the CPU is not affected by SSBD, so not -critical to expose. I expect a future named CPU model will include that -where appropriate. - -Signed-off-by: Pavel Hrdina -Reviewed-by: Daniel P. Berrangé -(cherry picked from commit 29f815fbd23082dff79d2d716e32a644b5a15d4a) - -Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402 - -Signed-off-by: Pavel Hrdina ---- - tests/cli-test-xml/compare/virt-install-qemu-plain.xml | 2 -- - .../compare/virt-install-singleton-config-2.xml | 4 ---- - virtinst/domcapabilities.py | 6 +----- - 3 files changed, 1 insertion(+), 11 deletions(-) - -diff --git a/tests/cli-test-xml/compare/virt-install-qemu-plain.xml b/tests/cli-test-xml/compare/virt-install-qemu-plain.xml -index eb1542c3..d00e0cf4 100644 ---- a/tests/cli-test-xml/compare/virt-install-qemu-plain.xml -+++ b/tests/cli-test-xml/compare/virt-install-qemu-plain.xml -@@ -20,8 +20,6 @@ - - - Penryn -- -- - - - -diff --git a/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml b/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml -index 0861f62a..621639e1 100644 ---- a/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml -+++ b/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml -@@ -93,8 +93,6 @@ - foobar - meee - -- -- - - - -@@ -284,8 +282,6 @@ - foobar - meee - -- -- - - - -diff --git a/virtinst/domcapabilities.py b/virtinst/domcapabilities.py -index 28ed8630..42a18f1e 100644 ---- a/virtinst/domcapabilities.py -+++ b/virtinst/domcapabilities.py -@@ -262,14 +262,10 @@ class DomainCapabilities(XMLBuilder): - - def get_cpu_security_features(self): - sec_features = [ -- 'pcid', - 'spec-ctrl', - 'ssbd', -- 'pdpe1gb', - 'ibpb', -- 'virt-ssbd', -- 'amd-ssbd', -- 'amd-no-ssb'] -+ 'virt-ssbd'] - - features = [] - --- -2.21.0 - diff --git a/SOURCES/virt-manager-guest-fix-warning-message-when-machine-type-is-changed-for-secure-boot.patch b/SOURCES/virt-manager-guest-fix-warning-message-when-machine-type-is-changed-for-secure-boot.patch new file mode 100644 index 0000000..fc1b344 --- /dev/null +++ b/SOURCES/virt-manager-guest-fix-warning-message-when-machine-type-is-changed-for-secure-boot.patch @@ -0,0 +1,35 @@ +From 31d04f52cf61d0cc87291515d7a92d2db93b86e2 Mon Sep 17 00:00:00 2001 +Message-Id: <31d04f52cf61d0cc87291515d7a92d2db93b86e2@dist-git> +From: Pavel Hrdina +Date: Mon, 8 Jul 2019 10:44:43 +0200 +Subject: [PATCH] guest: fix warning message when machine type is changed for + secure boot + +Introduced by commit <3586d1897>. + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1727811 + +Signed-off-by: Pavel Hrdina +(cherry picked from commit 3c6e85375d0cd87dcf8ac70b41db0d899851338e) +Signed-off-by: Pavel Hrdina +--- + virtinst/guest.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/virtinst/guest.py b/virtinst/guest.py +index ef227d17..41357644 100644 +--- a/virtinst/guest.py ++++ b/virtinst/guest.py +@@ -586,7 +586,8 @@ class Guest(XMLBuilder): + self.os.loader_secure = True + if self.os.machine and "q35" not in self.os.machine: + log.warning("Changing machine type from '%s' to 'q35' " +- "which is required for UEFI secure boot.") ++ "which is required for UEFI secure boot.", ++ self.os.machine) + self.os.machine = "q35" + + def disable_hyperv_for_uefi(self): +-- +2.21.0 + diff --git a/SOURCES/virt-manager-inspection-fix-check-of-null-icon.patch b/SOURCES/virt-manager-inspection-fix-check-of-null-icon.patch deleted file mode 100644 index ba0349e..0000000 --- a/SOURCES/virt-manager-inspection-fix-check-of-null-icon.patch +++ /dev/null @@ -1,51 +0,0 @@ -From caea48c879b0a5d292c74a4a3721d56350cf5537 Mon Sep 17 00:00:00 2001 -Message-Id: -From: Pavel Hrdina -Date: Wed, 30 Jan 2019 18:28:14 +0100 -Subject: [PATCH] inspection: fix check of null icon - -From: Pino Toscano - -Recently the Python binding of libguestfs was adapted to properly use -bytes in APIs that return data, instead of (ab)using strings [1]. -This change was done only when built for Python 3, which has this -distinct bytes and strings. - -Because of that, now the 'icon == ""' (empty string) checks fail, using -whatever inspect_get_icon() returns, including empty arrays of bytes. -Hence, change the checks to use the length of the data as condition, as -also the libguestfs Python API documentation says. Leave also the -checks for None, in the remote case the API will return None in the -future for no data. - -[1] https://github.com/libguestfs/libguestfs/commit/0ee02e0117527b86a31b2a88a14994ce7f15571f - -(cherry picked from commit bce4cc4ef837754de81e1420905159cc2fc3d773) - -Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1671278 - -Signed-off-by: Pavel Hrdina ---- - virtManager/inspection.py | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/virtManager/inspection.py b/virtManager/inspection.py -index ea6123b8..fde48474 100644 ---- a/virtManager/inspection.py -+++ b/virtManager/inspection.py -@@ -268,10 +268,10 @@ class vmmInspection(vmmGObject): - if filesystems_mounted: - # string containing PNG data - icon = g.inspect_get_icon(root, favicon=0, highquality=1) -- if icon == "" or icon is None: -+ if icon is None or len(icon) == 0: - # no high quality icon, try a low quality one - icon = g.inspect_get_icon(root, favicon=0, highquality=0) -- if icon == "": -+ if icon is None or len(icon) == 0: - icon = None - - # Inspection applications. --- -2.20.1 - diff --git a/SOURCES/virt-manager-man-virt-install-Fix-a-couple-of-launchSecurity-related-typos.patch b/SOURCES/virt-manager-man-virt-install-Fix-a-couple-of-launchSecurity-related-typos.patch new file mode 100644 index 0000000..a0fa88c --- /dev/null +++ b/SOURCES/virt-manager-man-virt-install-Fix-a-couple-of-launchSecurity-related-typos.patch @@ -0,0 +1,49 @@ +From 6a5ca07b8dccbd87a5c896336b09ea37bf80a01a Mon Sep 17 00:00:00 2001 +Message-Id: <6a5ca07b8dccbd87a5c896336b09ea37bf80a01a@dist-git> +From: Pavel Hrdina +Date: Wed, 14 Aug 2019 09:45:19 +0200 +Subject: [PATCH] man: virt-install: Fix a couple of launchSecurity related + typos + +From: Erik Skultety + +Signed-off-by: Erik Skultety +Reviewed-by: Martin Kletzander +(cherry picked from commit 3d5a72e18afcfcdbab35429aeb89d55f48304399) + +https://bugzilla.redhat.com/show_bug.cgi?id=1741846 +Signed-off-by: Erik Skultety +--- + man/virt-install.pod | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/man/virt-install.pod b/man/virt-install.pod +index d8bd4127..8660f843 100644 +--- a/man/virt-install.pod ++++ b/man/virt-install.pod +@@ -389,11 +389,11 @@ Configure guest power management features. Example: + + Use --pm=? to see a list of all available sub options. Complete details at L + +-=item B<--launch-security> TYPE[,OPTS] ++=item B<--launchSecurity> TYPE[,OPTS] + + Enable launch security for the guest, e.g. AMD SEV. + +-Use --launch-security=? to see a list of all available sub options. Complete ++Use --launchSecurity=? to see a list of all available sub options. Complete + details at L. Example + invocations: + # This will use a default policy 0x03 +@@ -1867,7 +1867,7 @@ refer to libvirt docs for a detailed explanation. + --controller type=scsi,model=virtio-scsi,driver.iommu=on \ + --controller type=virtio-serial,driver.iommu=on \ + --network network=default,model=virtio,driver.iommu=on \ +- --rng driver,iommu=on \ ++ --rng /dev/random,driver.iommu=on \ + --memballoon driver.iommu=on \ + --launchSecurity sev + +-- +2.21.0 + diff --git a/SOURCES/virt-manager-tests-Add-some-tests-for-virt-xml-with-KVM.patch b/SOURCES/virt-manager-tests-Add-some-tests-for-virt-xml-with-KVM.patch deleted file mode 100644 index 33e1832..0000000 --- a/SOURCES/virt-manager-tests-Add-some-tests-for-virt-xml-with-KVM.patch +++ /dev/null @@ -1,181 +0,0 @@ -From 7af39b00d8ab930fa519a62c0d674f8f77c718b5 Mon Sep 17 00:00:00 2001 -Message-Id: <7af39b00d8ab930fa519a62c0d674f8f77c718b5@dist-git> -From: Pavel Hrdina -Date: Tue, 13 Nov 2018 16:18:07 +0100 -Subject: [PATCH] tests: Add some tests for virt-xml with KVM - -From: Andrea Bolognani - -We're mostly interested in how the default bus/model for -devices are influenced by knowledge about the guest OS, but -since the whole thing requires to be connected to the QEMU -driver we might as well create a new category and leave room -for more QEMU-specific tests being added down the line. - -Signed-off-by: Andrea Bolognani -(cherry picked from commit b882dbde9cb192afbc9ee8d8f4972922a4b4e616) - -https://bugzilla.redhat.com/show_bug.cgi?id=1649406 - -Signed-off-by: Andrea Bolognani ---- - .../compare/virt-xml-kvm-add-disk-default.xml | 13 +++++++++++++ - .../virt-xml-kvm-add-disk-os-from-cmdline.xml | 14 ++++++++++++++ - .../compare/virt-xml-kvm-add-disk-os-from-xml.xml | 14 ++++++++++++++ - .../compare/virt-xml-kvm-add-network-default.xml | 13 +++++++++++++ - .../virt-xml-kvm-add-network-os-from-cmdline.xml | 14 ++++++++++++++ - .../virt-xml-kvm-add-network-os-from-xml.xml | 14 ++++++++++++++ - tests/clitest.py | 7 +++++++ - 7 files changed, 89 insertions(+) - create mode 100644 tests/cli-test-xml/compare/virt-xml-kvm-add-disk-default.xml - create mode 100644 tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-cmdline.xml - create mode 100644 tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-xml.xml - create mode 100644 tests/cli-test-xml/compare/virt-xml-kvm-add-network-default.xml - create mode 100644 tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-cmdline.xml - create mode 100644 tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-xml.xml - -diff --git a/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-default.xml b/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-default.xml -new file mode 100644 -index 00000000..4ee0f1cb ---- /dev/null -+++ b/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-default.xml -@@ -0,0 +1,13 @@ -+ restart -+ destroy -+ -++ -++ -++ -++ -++ -+ -+ -+ -+Domain 'test' defined successfully. -+Changes will take effect after the domain is fully powered off. -\ No newline at end of file -diff --git a/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-cmdline.xml b/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-cmdline.xml -new file mode 100644 -index 00000000..e5e4bd62 ---- /dev/null -+++ b/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-cmdline.xml -@@ -0,0 +1,14 @@ -+ -+ -+ -++ -++ -++ -++ -++ -+ -+ -+ -+ -+Domain 'test-many-devices' defined successfully. -+Changes will take effect after the domain is fully powered off. -\ No newline at end of file -diff --git a/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-xml.xml b/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-xml.xml -new file mode 100644 -index 00000000..e5e4bd62 ---- /dev/null -+++ b/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-xml.xml -@@ -0,0 +1,14 @@ -+ -+ -+ -++ -++ -++ -++ -++ -+ -+ -+ -+ -+Domain 'test-many-devices' defined successfully. -+Changes will take effect after the domain is fully powered off. -\ No newline at end of file -diff --git a/tests/cli-test-xml/compare/virt-xml-kvm-add-network-default.xml b/tests/cli-test-xml/compare/virt-xml-kvm-add-network-default.xml -new file mode 100644 -index 00000000..92bf1816 ---- /dev/null -+++ b/tests/cli-test-xml/compare/virt-xml-kvm-add-network-default.xml -@@ -0,0 +1,13 @@ -+ restart -+ destroy -+ -++ -++ -++ -++ -++ -+ -+ -+ -+Domain 'test' defined successfully. -+Changes will take effect after the domain is fully powered off. -\ No newline at end of file -diff --git a/tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-cmdline.xml b/tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-cmdline.xml -new file mode 100644 -index 00000000..c834c936 ---- /dev/null -+++ b/tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-cmdline.xml -@@ -0,0 +1,14 @@ -+ -+ -+ -++ -++ -++ -++ -++ -+ -+ -+ -+ -+Domain 'test-many-devices' defined successfully. -+Changes will take effect after the domain is fully powered off. -\ No newline at end of file -diff --git a/tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-xml.xml b/tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-xml.xml -new file mode 100644 -index 00000000..c834c936 ---- /dev/null -+++ b/tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-xml.xml -@@ -0,0 +1,14 @@ -+ -+ -+ -++ -++ -++ -++ -++ -+ -+ -+ -+ -+Domain 'test-many-devices' defined successfully. -+Changes will take effect after the domain is fully powered off. -\ No newline at end of file -diff --git a/tests/clitest.py b/tests/clitest.py -index 144eac7a..039938db 100644 ---- a/tests/clitest.py -+++ b/tests/clitest.py -@@ -954,6 +954,13 @@ c.add_compare("--remove-device --disk /dev/null", "remove-disk-path") - c.add_compare("--remove-device --video all", "remove-video-all", check_version="1.3.3") # check_version=video primary= attribute - c.add_compare("--remove-device --host-device 0x04b3:0x4485", "remove-hostdev-name", check_version="1.2.11") # check_version=video ram output change - -+c = vixml.add_category("add/rm devices (KVM)", "--connect %(URI-KVM)s --print-diff --define") -+c.add_compare("test --add-device --disk %(EXISTIMG1)s", "kvm-add-disk-default") # Guest OS is not known -+c.add_compare("test-many-devices --add-device --disk %(EXISTIMG1)s", "kvm-add-disk-os-from-xml") # Guest OS information taken from the guest XML -+c.add_compare("test-many-devices --add-device --disk %(EXISTIMG1)s --os-variant winme", "kvm-add-disk-os-from-cmdline") # Guest OS information provided on the command line -+c.add_compare("test --add-device --network default", "kvm-add-network-default") # Guest OS is not known -+c.add_compare("test-many-devices --add-device --network default", "kvm-add-network-os-from-xml") # Guest OS information taken from the guest XML -+c.add_compare("test-many-devices --add-device --network default --os-variant winme", "kvm-add-network-os-from-cmdline") # Guest OS information provided on the command line - - - --- -2.19.2 - diff --git a/SOURCES/virt-manager-tests-clitest-Add-a-test-case-for-the-last-commit.patch b/SOURCES/virt-manager-tests-clitest-Add-a-test-case-for-the-last-commit.patch deleted file mode 100644 index 1386b10..0000000 --- a/SOURCES/virt-manager-tests-clitest-Add-a-test-case-for-the-last-commit.patch +++ /dev/null @@ -1,102 +0,0 @@ -From c4ce5e02fededc9121c181a7b20ea0e6ebd1c1de Mon Sep 17 00:00:00 2001 -Message-Id: -From: Pavel Hrdina -Date: Wed, 15 May 2019 08:06:10 -0400 -Subject: [PATCH] tests: clitest: Add a test case for the last commit - -From: Cole Robinson - -We need a custom test driver input to reproduce the pool collision - -(cherry picked from commit fcabcb7a95c9dd81fb7c1335c3c181bb08a31ad0) -Signed-off-by: Cole Robinson - -Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1714752 ---- - .../testdriver-defaultpool-collision.xml | 47 +++++++++++++++++++ - tests/clitest.py | 1 + - tests/utils.py | 2 + - 3 files changed, 50 insertions(+) - create mode 100644 tests/cli-test-xml/testdriver-defaultpool-collision.xml - -diff --git a/tests/cli-test-xml/testdriver-defaultpool-collision.xml b/tests/cli-test-xml/testdriver-defaultpool-collision.xml -new file mode 100644 -index 00000000..1343f812 ---- /dev/null -+++ b/tests/cli-test-xml/testdriver-defaultpool-collision.xml -@@ -0,0 +1,47 @@ -+ -+ -+ -+ 1 -+ 4 -+ 4 -+ 1 -+ 4 -+ 4000 -+ i686 -+ -+ 10000000 -+ -+ -+ -+ default -+ 715666b7-dbd4-6c78-fa55-94863da09f2d -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ default-pool-path-collision -+ 35bb2ad9-388a-cdfe-461a-b8907f6e53fe -+ 107374182400 -+ 0 -+ 107374182400 -+ -+ -+ -+ /var/lib/libvirt/images -+ -+ 0700 -+ 10736 -+ 10736 -+ -+ -+ -+ -+ -diff --git a/tests/clitest.py b/tests/clitest.py -index 824293e4..ecdf3731 100644 ---- a/tests/clitest.py -+++ b/tests/clitest.py -@@ -684,6 +684,7 @@ c.add_valid("--nodisks --pxe", grep="VM performance may suffer") # os variant w - c.add_invalid("--hvm --nodisks --pxe foobar") # Positional arguments error - c.add_invalid("--nodisks --pxe --name test") # Colliding name - c.add_compare("--cdrom %(EXISTIMG1)s --disk size=1 --disk %(EXISTIMG2)s,device=cdrom", "cdrom-double") # ensure --disk device=cdrom is ordered after --cdrom, this is important for virtio-win installs with a driver ISO -+c.add_valid("--connect %s --pxe --disk size=1" % utils.URIs.test_defaultpool_collision) # testdriver already has a pool using the 'default' path, make sure we don't error - - - -diff --git a/tests/utils.py b/tests/utils.py -index d22933d3..ef7c613a 100644 ---- a/tests/utils.py -+++ b/tests/utils.py -@@ -56,6 +56,8 @@ class _URIs(object): - self.test_full = _testtmpl % (os.getcwd() + "/tests/testdriver.xml") - self.test_suite = _testtmpl % (os.getcwd() + "/tests/testsuite.xml") - self.test_remote = self.test_full + ",remote" -+ self.test_defaultpool_collision = (_testtmpl % (os.getcwd() + -+ "/tests/cli-test-xml/testdriver-defaultpool-collision.xml")) - - self.xen = self.test_full + _caps("xen-rhel5.4.xml") + ",xen" - self.lxc = self.test_full + _caps("lxc.xml") + ",lxc" --- -2.21.0 - diff --git a/SOURCES/virt-manager-urldetect-Check-also-for-treeinfo-bz-1689252.patch b/SOURCES/virt-manager-urldetect-Check-also-for-treeinfo-bz-1689252.patch deleted file mode 100644 index bbd5391..0000000 --- a/SOURCES/virt-manager-urldetect-Check-also-for-treeinfo-bz-1689252.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 6cb52e94e35d78001060b455d02de819fd923ba7 Mon Sep 17 00:00:00 2001 -Message-Id: <6cb52e94e35d78001060b455d02de819fd923ba7@dist-git> -From: Pavel Hrdina -Date: Mon, 18 Mar 2019 14:22:25 -0400 -Subject: [PATCH] urldetect: Check also for 'treeinfo' (bz 1689252) - -From: Cole Robinson - -Trees published to akamai CDN via Red Hat Satellite can't have .dotfiles -in them. More details here: - - https://bugzilla.redhat.com/show_bug.cgi?id=635065 - -So we also need to check for .treeinfo. Anaconda does this too so it's -a long known issue. - -https://bugzilla.redhat.com/show_bug.cgi?id=1689252 -(cherry picked from commit 74bbc3db15d5e9a1b4d21c276f7d3f435b83d2fd) -Signed-off-by: Pavel Hrdina ---- - virtinst/urldetect.py | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - -diff --git a/virtinst/urldetect.py b/virtinst/urldetect.py -index 5da15d0b..27747f91 100644 ---- a/virtinst/urldetect.py -+++ b/virtinst/urldetect.py -@@ -46,7 +46,16 @@ class _DistroCache(object): - if self._treeinfo: - return self._treeinfo - -- treeinfostr = self.acquire_file_content(".treeinfo") -+ # Vast majority of trees here use .treeinfo. However, trees via -+ # Red Hat satellite on akamai CDN will use treeinfo, because akamai -+ # doesn't do dotfiles apparently: -+ # -+ # https://bugzilla.redhat.com/show_bug.cgi?id=635065 -+ # -+ # Anaconda is the canonical treeinfo consumer and they check for both -+ # locations, so we need to do the same -+ treeinfostr = (self.acquire_file_content(".treeinfo") or -+ self.acquire_file_content("treeinfo")) - if treeinfostr is None: - return None - --- -2.20.1 - diff --git a/SOURCES/virt-manager-virt-install-Add-Guest-OS-options-group.patch b/SOURCES/virt-manager-virt-install-Add-Guest-OS-options-group.patch deleted file mode 100644 index 54becba..0000000 --- a/SOURCES/virt-manager-virt-install-Add-Guest-OS-options-group.patch +++ /dev/null @@ -1,107 +0,0 @@ -From 876da431c26216844488b8fe11be871576b7751d Mon Sep 17 00:00:00 2001 -Message-Id: <876da431c26216844488b8fe11be871576b7751d@dist-git> -From: Pavel Hrdina -Date: Tue, 13 Nov 2018 16:18:05 +0100 -Subject: [PATCH] virt-install: Add "Guest OS" options group - -From: Andrea Bolognani - -The --os-variant option doesn't quite fit perfectly into -its current "Installation method" group, plus we want to -add the same option to virt-xml which can't have that -group for obvious reasons. - -Signed-off-by: Andrea Bolognani -(cherry picked from commit 751fb88c58b0e1d922b11397bcfe3cd91af694f0) - -https://bugzilla.redhat.com/show_bug.cgi?id=1649406 - -Signed-off-by: Andrea Bolognani ---- - man/virt-install.pod | 38 +++++++++++++++++++++++--------------- - virt-install | 10 +++++----- - 2 files changed, 28 insertions(+), 20 deletions(-) - -diff --git a/man/virt-install.pod b/man/virt-install.pod -index b75b7998..5b7a784c 100644 ---- a/man/virt-install.pod -+++ b/man/virt-install.pod -@@ -472,21 +472,6 @@ file: - - --initrd-inject=/path/to/my.ks --extra-args "ks=file:/my.ks" - --=item B<--os-variant> OS_VARIANT -- --Optimize the guest configuration for a specific operating system (ex. --'fedora29', 'rhel7', 'win10'). While not required, specifying this --options is HIGHLY RECOMMENDED, as it can greatly increase performance --by specifying virtio among other guest tweaks. -- --By default, virt-install will attempt to auto detect this value from --the install media (currently only supported for URL installs). Autodetection --can be disabled with the special value 'none'. Autodetection can be --forced with the special value 'auto'. -- --Use the command "osinfo-query os" to get the list of the accepted OS --variants. -- - =item B<--boot> BOOTOPTS - - Optionally specify the post-install VM boot configuration. This option allows -@@ -573,6 +558,29 @@ Use --idmap=? to see a list of all available sub options. Complete details at L< - - - -+=head1 GUEST OS OPTIONS -+ -+=over 4 -+ -+=item B<--os-variant> OS_VARIANT -+ -+Optimize the guest configuration for a specific operating system (ex. -+'fedora29', 'rhel7', 'win10'). While not required, specifying this -+options is HIGHLY RECOMMENDED, as it can greatly increase performance -+by specifying virtio among other guest tweaks. -+ -+By default, virt-install will attempt to auto detect this value from -+the install media (currently only supported for URL installs). Autodetection -+can be disabled with the special value 'none'. Autodetection can be -+forced with the special value 'auto'. -+ -+Use the command "osinfo-query os" to get the list of the accepted OS -+variants. -+ -+=back -+ -+ -+ - - =head1 STORAGE OPTIONS - -diff --git a/virt-install b/virt-install -index 2c379ed3..4e16d4c8 100755 ---- a/virt-install -+++ b/virt-install -@@ -784,14 +784,14 @@ def parse_args(): - insg.add_argument("--test-stub-command", action="store_true", - help=argparse.SUPPRESS) - -- insg.add_argument("--os-type", dest="distro_type", help=argparse.SUPPRESS) -- insg.add_argument("--os-variant", dest="distro_variant", -- help=_("The OS variant being installed in the guest, " -- "e.g. 'fedora29', 'rhel7', 'win10 etc.")) -- - cli.add_boot_options(insg) - insg.add_argument("--init", help=argparse.SUPPRESS) - -+ osg = parser.add_argument_group(_("Guest OS Options")) -+ osg.add_argument("--os-type", dest="distro_type", help=argparse.SUPPRESS) -+ osg.add_argument("--os-variant", dest="distro_variant", -+ help=_("The OS variant being installed in the guest, " -+ "e.g. 'fedora29', 'rhel7', 'win10 etc.")) - - devg = parser.add_argument_group(_("Device Options")) - cli.add_disk_option(devg) --- -2.19.2 - diff --git a/SOURCES/virt-manager-virt-install-Fix-description-for-os-variant.patch b/SOURCES/virt-manager-virt-install-Fix-description-for-os-variant.patch deleted file mode 100644 index e0fcd30..0000000 --- a/SOURCES/virt-manager-virt-install-Fix-description-for-os-variant.patch +++ /dev/null @@ -1,53 +0,0 @@ -From cbb550bc8064d8219798a2de80ed71b5bd4c4735 Mon Sep 17 00:00:00 2001 -Message-Id: -From: Pavel Hrdina -Date: Tue, 13 Nov 2018 16:18:04 +0100 -Subject: [PATCH] virt-install: Fix description for --os-variant - -From: Andrea Bolognani - -Since we're messing with it either way, might as well use -modern OS names as examples. - -Signed-off-by: Andrea Bolognani -(cherry picked from commit a550a957278917f6edf94ada94017feeca77b7bf) - -https://bugzilla.redhat.com/show_bug.cgi?id=1649406 - -Signed-off-by: Andrea Bolognani ---- - man/virt-install.pod | 2 +- - virt-install | 4 ++-- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/man/virt-install.pod b/man/virt-install.pod -index 8cd56fe0..b75b7998 100644 ---- a/man/virt-install.pod -+++ b/man/virt-install.pod -@@ -475,7 +475,7 @@ file: - =item B<--os-variant> OS_VARIANT - - Optimize the guest configuration for a specific operating system (ex. --'fedora18', 'rhel7', 'winxp'). While not required, specifying this -+'fedora29', 'rhel7', 'win10'). While not required, specifying this - options is HIGHLY RECOMMENDED, as it can greatly increase performance - by specifying virtio among other guest tweaks. - -diff --git a/virt-install b/virt-install -index a7f247f1..2c379ed3 100755 ---- a/virt-install -+++ b/virt-install -@@ -786,8 +786,8 @@ def parse_args(): - - insg.add_argument("--os-type", dest="distro_type", help=argparse.SUPPRESS) - insg.add_argument("--os-variant", dest="distro_variant", -- help=_("The OS variant being installed guests, " -- "e.g. 'fedora18', 'rhel6', 'winxp', etc.")) -+ help=_("The OS variant being installed in the guest, " -+ "e.g. 'fedora29', 'rhel7', 'win10 etc.")) - - cli.add_boot_options(insg) - insg.add_argument("--init", help=argparse.SUPPRESS) --- -2.19.2 - diff --git a/SOURCES/virt-manager-virt-manager-add-new-checkbox-to-control-CPU-security-features.patch b/SOURCES/virt-manager-virt-manager-add-new-checkbox-to-control-CPU-security-features.patch deleted file mode 100644 index 903944b..0000000 --- a/SOURCES/virt-manager-virt-manager-add-new-checkbox-to-control-CPU-security-features.patch +++ /dev/null @@ -1,186 +0,0 @@ -From c05e60de1acb174bb40257d3481267e35dc62960 Mon Sep 17 00:00:00 2001 -Message-Id: -From: Pavel Hrdina -Date: Wed, 15 May 2019 10:37:53 +0200 -Subject: [PATCH] virt-manager: add new checkbox to control CPU security - features -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -By default we copy CPU security features to the guest if specific CPU -model is selected. However, this may break migration and will affect -performance of the guest. This adds an option to disable this default -behavior. - -The checkbox is clickable only on x86 and only on host where we can -detect any CPU security features, otherwise a tooltip is set to notify -users that there is nothing to copy. - -Signed-off-by: Pavel Hrdina -Reviewed-by: Daniel P. Berrangé -(cherry picked from commit 8720637cff7b0766d9e27a60b0f81740176d70c8) - -Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402 - -Signed-off-by: Pavel Hrdina ---- - ui/details.ui | 15 +++++++++++++++ - virtManager/details.py | 21 +++++++++++++++++++++ - virtManager/domain.py | 5 +++-- - virtinst/domain/cpu.py | 30 ++++++++++++++++++++++++++++++ - 4 files changed, 69 insertions(+), 2 deletions(-) - -diff --git a/ui/details.ui b/ui/details.ui -index c18070c8..1e1be759 100644 ---- a/ui/details.ui -+++ b/ui/details.ui -@@ -2122,6 +2122,21 @@ - 1 - - -+ -+ -+ Enable available CPU security flaw mitigations -+ True -+ True -+ False -+ True -+ -+ -+ -+ 0 -+ 2 -+ 2 -+ -+ - - - -diff --git a/virtManager/details.py b/virtManager/details.py -index b7e7fc14..b8899d77 100644 ---- a/virtManager/details.py -+++ b/virtManager/details.py -@@ -523,6 +523,7 @@ class vmmDetails(vmmGObjectUI): - "on_cpu_maxvcpus_changed": self.config_maxvcpus_changed, - "on_cpu_model_changed": lambda *x: self.config_cpu_model_changed(x), - "on_cpu_copy_host_clicked": self.on_cpu_copy_host_clicked, -+ "on_cpu_secure_toggled": self.on_cpu_secure_toggled, - "on_cpu_cores_changed": self.config_cpu_topology_changed, - "on_cpu_sockets_changed": self.config_cpu_topology_changed, - "on_cpu_threads_changed": self.config_cpu_topology_changed, -@@ -1716,6 +1717,11 @@ class vmmDetails(vmmGObjectUI): - def on_cpu_copy_host_clicked(self, src): - uiutil.set_grid_row_visible( - self.widget("cpu-model"), not src.get_active()) -+ uiutil.set_grid_row_visible( -+ self.widget("cpu-secure"), not src.get_active()) -+ self.enable_apply(EDIT_CPU) -+ -+ def on_cpu_secure_toggled(self, ignore): - self.enable_apply(EDIT_CPU) - - def config_cpu_model_changed(self, ignore): -@@ -2014,6 +2020,7 @@ class vmmDetails(vmmGObjectUI): - - if self.edited(EDIT_CPU): - kwargs["model"] = self.get_config_cpu_model() -+ kwargs["secure"] = self.widget("cpu-secure").get_active() - - if self.edited(EDIT_TOPOLOGY): - do_top = self.widget("cpu-topology-enable").get_active() -@@ -2574,6 +2581,11 @@ class vmmDetails(vmmGObjectUI): - n1, n2 = self.vm.network_traffic_vectors() - self.network_traffic_graph.set_property("data_array", n1 + n2) - -+ def _cpu_secure_is_available(self): -+ domcaps = self.vm.get_domain_capabilities() -+ features = domcaps.get_cpu_security_features() -+ return self.vm.get_xmlobj().os.is_x86() and len(features) > 0 -+ - def refresh_config_cpu(self): - # Set topology first, because it impacts maxvcpus values - cpu = self.vm.get_cpu_config() -@@ -2627,6 +2639,15 @@ class vmmDetails(vmmGObjectUI): - self.widget("cpu-copy-host").set_active(bool(is_host)) - self.on_cpu_copy_host_clicked(self.widget("cpu-copy-host")) - -+ if not self._cpu_secure_is_available(): -+ self.widget("cpu-secure").set_sensitive(False) -+ self.widget("cpu-secure").set_tooltip_text( -+ "No security features to copy, the host is missing " -+ "security patches or the host CPU is not vulnerable.") -+ -+ cpu.check_security_features(self.vm.get_xmlobj()) -+ self.widget("cpu-secure").set_active(cpu.secure) -+ - def refresh_config_memory(self): - host_mem_widget = self.widget("state-host-memory") - host_mem = self.vm.conn.host_memory_size() // 1024 -diff --git a/virtManager/domain.py b/virtManager/domain.py -index 5b3f1e44..c8f4e822 100644 ---- a/virtManager/domain.py -+++ b/virtManager/domain.py -@@ -495,7 +495,7 @@ class vmmDomain(vmmLibvirtObject): - self._redefine_xmlobj(xmlobj) - - def define_cpu(self, vcpus=_SENTINEL, maxvcpus=_SENTINEL, -- model=_SENTINEL, sockets=_SENTINEL, -+ model=_SENTINEL, secure=_SENTINEL, sockets=_SENTINEL, - cores=_SENTINEL, threads=_SENTINEL): - guest = self._make_xmlobj_to_define() - -@@ -509,7 +509,8 @@ class vmmDomain(vmmLibvirtObject): - guest.cpu.cores = cores - guest.cpu.threads = threads - -- if model != _SENTINEL: -+ if secure != _SENTINEL or model != _SENTINEL: -+ guest.cpu.secure = secure - if model in guest.cpu.SPECIAL_MODES: - guest.cpu.set_special_mode(guest, model) - else: -diff --git a/virtinst/domain/cpu.py b/virtinst/domain/cpu.py -index ab40f788..c6a411bb 100644 ---- a/virtinst/domain/cpu.py -+++ b/virtinst/domain/cpu.py -@@ -123,6 +123,36 @@ class DomainCpu(XMLBuilder): - if not exists: - self.add_feature(feature) - -+ def check_security_features(self, guest): -+ """ -+ Since 'secure' property is not exported into the domain XML -+ we might need to refresh its state. -+ """ -+ domcaps = guest.lookup_domcaps() -+ features = domcaps.get_cpu_security_features() -+ -+ if len(features) == 0: -+ self.secure = False -+ return -+ -+ for feature in features: -+ exists = False -+ for f in self.features: -+ if f.name == feature and f.policy == "require": -+ exists = True -+ break -+ if not exists: -+ self.secure = False -+ return -+ -+ def _remove_security_features(self, guest): -+ domcaps = guest.lookup_domcaps() -+ for feature in domcaps.get_cpu_security_features(): -+ for f in self.features: -+ if f.name == feature and f.policy == "require": -+ self.remove_child(f) -+ break -+ - def set_model(self, guest, val): - logging.debug("setting cpu model %s", val) - if val: --- -2.21.0 - diff --git a/SOURCES/virt-manager-virt-xml-Accept-os-variant-option.patch b/SOURCES/virt-manager-virt-xml-Accept-os-variant-option.patch deleted file mode 100644 index 6e8acc9..0000000 --- a/SOURCES/virt-manager-virt-xml-Accept-os-variant-option.patch +++ /dev/null @@ -1,90 +0,0 @@ -From 56d11ce780d8f3b01a557b12d88058daec95bff7 Mon Sep 17 00:00:00 2001 -Message-Id: <56d11ce780d8f3b01a557b12d88058daec95bff7@dist-git> -From: Pavel Hrdina -Date: Tue, 13 Nov 2018 16:18:06 +0100 -Subject: [PATCH] virt-xml: Accept --os-variant option - -From: Andrea Bolognani - -We're not doing anything with it yet, but having the -parser accept it means we can write tests and see how -their output changes once we wire it up in earnest. - -Signed-off-by: Andrea Bolognani -(cherry picked from commit ade53764fc4e86db1d37012c3723e92b81c6b4c9) - -https://bugzilla.redhat.com/show_bug.cgi?id=1649406 - -Signed-off-by: Andrea Bolognani ---- - man/virt-xml.pod | 30 ++++++++++++++++++++++++++++++ - virt-xml | 5 +++++ - 2 files changed, 35 insertions(+) - -diff --git a/man/virt-xml.pod b/man/virt-xml.pod -index bae492ac..a24a04fa 100644 ---- a/man/virt-xml.pod -+++ b/man/virt-xml.pod -@@ -160,6 +160,30 @@ Before defining or updating the domain, show the generated XML diff and interact - - - -+=head1 GUEST OS OPTIONS -+ -+=over 4 -+ -+=item B<--os-variant> OS_VARIANT -+ -+Optimize the guest configuration for a specific operating system (ex. -+'fedora29', 'rhel7', 'win10'). While not required, specifying this -+options is HIGHLY RECOMMENDED, as it can greatly increase performance -+by specifying virtio among other guest tweaks. -+ -+If the guest has been installed using virt-manager version 2.0.0 or newer, -+providing this information should not be necessary, as the OS variant will -+have been stored in the guest configuration during installation and virt-xml -+will retrieve it from there automatically. -+ -+Use the command "osinfo-query os" to get the list of the accepted OS -+variants. -+ -+=back -+ -+ -+ -+ - =head1 XML OPTIONS - - =over 4 -@@ -331,6 +355,12 @@ Create a 10G qcow2 disk image and attach it to 'fedora18' for the next VM startu - # virt-xml fedora18 --add-device \ - --disk /var/lib/libvirt/images/newimage.qcow2,format=qcow2,size=10 - -+Same as above, but ensure the disk is attached to the most appropriate bus -+for the guest OS by providing information about it on the command line: -+ -+ # virt-xml fedora18 --os-variant fedora18 --add-device \ -+ --disk /var/lib/libvirt/images/newimage.qcow2,format=qcow2,size=10 -+ - Hotunplug the disk vdb from the running domain 'rhel7': - - # virt-xml rhel7 --update --remove-device --disk target=vdb -diff --git a/virt-xml b/virt-xml -index 9bdde95d..65d9b55f 100755 ---- a/virt-xml -+++ b/virt-xml -@@ -360,6 +360,11 @@ def parse_args(): - outg.add_argument("--confirm", action="store_true", - help=_("Require confirmation before saving any results.")) - -+ osg = parser.add_argument_group(_("OS options")) -+ osg.add_argument("--os-variant", dest="distro_variant", -+ help=_("The OS variant installed in the guest, " -+ "e.g. 'fedora29', 'rhel7', 'win10 etc.")) -+ - g = parser.add_argument_group(_("XML options")) - cli.add_disk_option(g, editexample=True) - cli.add_net_option(g) --- -2.19.2 - diff --git a/SOURCES/virt-manager-virt-xml-Start-using-os-variant.patch b/SOURCES/virt-manager-virt-xml-Start-using-os-variant.patch deleted file mode 100644 index 1538fdf..0000000 --- a/SOURCES/virt-manager-virt-xml-Start-using-os-variant.patch +++ /dev/null @@ -1,136 +0,0 @@ -From ffa0e4e8e438319cb3c8856d1d7f48a8864afe2e Mon Sep 17 00:00:00 2001 -Message-Id: -From: Pavel Hrdina -Date: Tue, 13 Nov 2018 16:18:08 +0100 -Subject: [PATCH] virt-xml: Start using --os-variant - -From: Andrea Bolognani - -The option only works with --add-device for the time being, -so we prevent its use in all other cases. - -It would be nice to have it work with --build-xml too, but -in that case the user would have to provide some extra -information that in the case of --add-device we can figure -out from the existing guest, and it's not entirely clear -whether that would even be that useful, so for now we're -not considering that case at all. - -Signed-off-by: Andrea Bolognani -(cherry picked from commit d2d103a334e3beeb8e108137f50adee2e5c0e5fc) - -https://bugzilla.redhat.com/show_bug.cgi?id=1649406 - -Signed-off-by: Andrea Bolognani ---- - .../virt-xml-kvm-add-disk-os-from-cmdline.xml | 11 ++++++++++- - .../virt-xml-kvm-add-network-os-from-cmdline.xml | 11 ++++++++++- - virt-xml | 14 ++++++++++++++ - 3 files changed, 34 insertions(+), 2 deletions(-) - -diff --git a/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-cmdline.xml b/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-cmdline.xml -index e5e4bd62..cf872c1c 100644 ---- a/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-cmdline.xml -+++ b/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-cmdline.xml -@@ -1,10 +1,19 @@ -+ -+ -+ -+- -++ -+ -+ -+ 409600 -+@@ - - - - + - + - + --+ -++ - + - - -diff --git a/tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-cmdline.xml b/tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-cmdline.xml -index c834c936..8d278e7a 100644 ---- a/tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-cmdline.xml -+++ b/tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-cmdline.xml -@@ -1,10 +1,19 @@ -+ -+ -+ -+- -++ -+ -+ -+ 409600 -+@@ - - - - + - + - + --+ -++ - + - - -diff --git a/virt-xml b/virt-xml -index 65d9b55f..39abd297 100755 ---- a/virt-xml -+++ b/virt-xml -@@ -56,6 +56,13 @@ def get_diff(origxml, newxml): - return ret - - -+def set_distro_variant(options, guest): -+ if options.distro_variant is None: -+ return -+ -+ guest.set_os_name(options.distro_variant) -+ -+ - def get_domain_and_guest(conn, domstr): - try: - int(domstr) -@@ -175,6 +182,8 @@ def action_edit(guest, options, parserclass): - fail(_("'--edit %s' doesn't make sense with --%s, " - "just use empty '--edit'") % - (options.edit, parserclass.cli_arg_name)) -+ if options.distro_variant is not None: -+ fail(_("--os-variant is not supported with --edit")) - - return cli.parse_option_strings(options, guest, inst, update=True) - -@@ -182,6 +191,7 @@ def action_edit(guest, options, parserclass): - def action_add_device(guest, options, parserclass): - if not parserclass.prop_is_list(guest): - fail(_("Cannot use --add-device with --%s") % parserclass.cli_arg_name) -+ set_distro_variant(options, guest) - devs = cli.parse_option_strings(options, guest, None) - devs = util.listify(devs) - for dev in devs: -@@ -193,6 +203,8 @@ def action_remove_device(guest, options, parserclass): - if not parserclass.prop_is_list(guest): - fail(_("Cannot use --remove-device with --%s") % - parserclass.cli_arg_name) -+ if options.distro_variant is not None: -+ fail(_("--os-variant is not supported with --remove-device")) - - devs = _find_objects_to_edit(guest, "remove-device", - getattr(options, parserclass.cli_arg_name)[-1], parserclass) -@@ -207,6 +219,8 @@ def action_build_xml(conn, options, parserclass): - if not parserclass.propname: - fail(_("--build-xml not supported for --%s") % - parserclass.cli_arg_name) -+ if options.distro_variant is not None: -+ fail(_("--os-variant is not supported with --build-xml")) - - guest = virtinst.Guest(conn) - inst = parserclass.lookup_prop(guest) --- -2.19.2 - diff --git a/SPECS/virt-manager.spec b/SPECS/virt-manager.spec index e7dec3d..4dea8cf 100644 --- a/SPECS/virt-manager.spec +++ b/SPECS/virt-manager.spec @@ -1,9 +1,14 @@ +# This package depends on automagic byte compilation +# https://fedoraproject.org/wiki/Changes/No_more_automagic_Python_bytecompilation_phase_2 +%global _python_bytecompile_extra 1 + # -*- rpm-spec -*- # RPM doesn't detect that code in /usr/share is python3, this forces it # https://fedoraproject.org/wiki/Changes/Avoid_usr_bin_python_in_RPM_Build#Python_bytecompilation %global __python %{__python3} +%bcond_with virtconvert %global with_guestfs 0 %global default_hvs "qemu,xen,lxc" @@ -12,40 +17,19 @@ # End local config Name: virt-manager -Version: 2.0.0 -Release: 5.1%{?dist}%{?extra_release} +Version: 2.2.1 +Release: 2%{?dist}%{?extra_release} %global verrel %{version}-%{release} Summary: Desktop tool for managing virtual machines via libvirt -Group: Applications/Emulators License: GPLv2+ BuildArch: noarch URL: https://virt-manager.org/ Source0: https://virt-manager.org/download/sources/%{name}/%{name}-%{version}.tar.gz +Source1: symlinks -Patch1: virt-manager-virt-install-Fix-description-for-os-variant.patch -Patch2: virt-manager-virt-install-Add-Guest-OS-options-group.patch -Patch3: virt-manager-virt-xml-Accept-os-variant-option.patch -Patch4: virt-manager-tests-Add-some-tests-for-virt-xml-with-KVM.patch -Patch5: virt-manager-virt-xml-Start-using-os-variant.patch -Patch6: virt-manager-cli-s390x-graphics-specified-use-video-virtio-bz-1654994.patch -Patch7: virt-manager-diskbackend-Fix-backtrace-cloning-with-block-storage-bz-1661986.patch -Patch8: virt-manager-inspection-fix-check-of-null-icon.patch -Patch9: virt-manager-urldetect-Check-also-for-treeinfo-bz-1689252.patch -Patch10: virt-manager-cli-Fix-pool-default-when-path-belongs-to-another-pool-bz-1692489.patch -Patch11: virt-manager-tests-clitest-Add-a-test-case-for-the-last-commit.patch -Patch12: virt-manager-domcapabilities-introduce-get_cpu_security_features.patch -Patch13: virt-manager-domain-cpu-introduce-set_model-function.patch -Patch14: virt-manager-domain-cpu-automatically-add-CPU-security-features-for-custom-mode.patch -Patch15: virt-manager-domcapabilities-remove-recommended-CPU-features-from-security-features.patch -Patch16: virt-manager-domcapabilities-fix-typo-in-function-name.patch -Patch17: virt-manager-cli-introduce-CPU-secure-parameter.patch -Patch18: virt-manager-domcapabilities-add-caching-of-CPU-security-features.patch -Patch19: virt-manager-virt-manager-add-new-checkbox-to-control-CPU-security-features.patch -Patch20: virt-manager-DomainCpu-fix-detection-of-CPU-security-features.patch -Patch21: virt-manager-DomainCpu-check-CPU-model-name-only-if-model-exists.patch -Patch22: virt-manager-domcapabilities-detect-MDS-new-vulnerability.patch -Patch23: virt-manager-cli-fix-cpu-secure-option-to-actually-work.patch +Patch1: virt-manager-guest-fix-warning-message-when-machine-type-is-changed-for-secure-boot.patch +Patch2: virt-manager-man-virt-install-Fix-a-couple-of-launchSecurity-related-typos.patch Requires: virt-manager-common = %{verrel} @@ -55,6 +39,9 @@ Requires: libvirt-glib >= 0.0.9 Requires: gtk-vnc2 Requires: spice-gtk3 +# We can work with gtksourceview 3 or gtksourceview4, rhel has only the older one +Requires: gtksourceview3 + # virt-manager is one of those apps that people will often install onto # a headless machine for use over SSH. This means the virt-manager dep # chain needs to provide everything we need to get a usable app experience. @@ -73,6 +60,9 @@ Requires: vte291 Recommends: (libvirt-daemon-kvm or libvirt-daemon-qemu) Recommends: libvirt-daemon-config-network +# Optional inspection of guests +Suggests: python3-libguestfs + BuildRequires: git BuildRequires: intltool BuildRequires: /usr/bin/pod2man @@ -89,8 +79,8 @@ management API. %package common Summary: Common files used by the different Virtual Machine Manager interfaces -Group: Applications/Emulators +Requires: python3-argcomplete Requires: python3-libvirt Requires: python3-libxml2 Requires: python3-requests @@ -114,8 +104,10 @@ Requires: libvirt-client Provides: virt-install Provides: virt-clone -Provides: virt-convert Provides: virt-xml +%if %{with virtconvert} +Provides: virt-convert +%endif %description -n virt-install Package includes several command line utilities, including virt-install @@ -124,44 +116,24 @@ machine). %prep -%setup -q +%autosetup -S git_am -N - -# Patches have to be stored in a temporary file because RPM has -# a limit on the length of the result of any macro expansion; -# if the string is longer, it's silently cropped -%{lua: - tmp = os.tmpname(); - f = io.open(tmp, "w+"); - count = 0; - for i, p in ipairs(patches) do - f:write(p.."\n"); - count = count + 1; - end; - f:close(); - print("PATCHCOUNT="..count.."\n") - print("PATCHLIST="..tmp.."\n") -} - -git init -q -git config user.name rpm-build -git config user.email rpm-build -git config gc.auto 0 +# "make dist" replaces all symlinks with a copy of the linked files; +# we need to replace all of them with the original symlinks +echo "Restoring symlinks" +while read lnk target; do + if [ -e $lnk ]; then + rm -rf $lnk + ln -s $target $lnk + fi +done <%{_sourcedir}/symlinks || exit 1 git add . -git commit -q -a --author 'rpm-build ' \ - -m '%{name}-%{version} base' +git commit -q -a --author 'rpm-build ' -m symlinks -COUNT=$(grep '\.patch$' $PATCHLIST | wc -l) -if [ $COUNT -ne $PATCHCOUNT ]; then - echo "Found $COUNT patches in $PATCHLIST, expected $PATCHCOUNT" - exit 1 -fi -if [ $COUNT -gt 0 ]; then - xargs git am <$PATCHLIST || exit 1 -fi -echo "Applied $COUNT patches" -rm -f $PATCHLIST -rm -rf .git + +git config gc.auto 0 + +%autopatch %build @@ -179,6 +151,11 @@ rm -rf .git install -O1 --root=%{buildroot} %find_lang %{name} +%if %{without virtconvert} +find %{buildroot} -name virt-convert\* -delete +rm -rf %{buildroot}/%{_datadir}/%{name}/virtconv +%endif + # Replace '#!/usr/bin/env python3' with '#!/usr/bin/python3' # The format is ideal for upstream, but not a distro. See: # https://fedoraproject.org/wiki/Features/SystemPythonExecutablesUseSystemPython @@ -208,47 +185,62 @@ done %files common -f %{name}.lang %dir %{_datadir}/%{name} -%{_datadir}/%{name}/virtcli +%if %{with virtconvert} %{_datadir}/%{name}/virtconv +%endif %{_datadir}/%{name}/virtinst %files -n virt-install %{_mandir}/man1/virt-install.1* %{_mandir}/man1/virt-clone.1* -%{_mandir}/man1/virt-convert.1* %{_mandir}/man1/virt-xml.1* %{_datadir}/%{name}/virt-install %{_datadir}/%{name}/virt-clone -%{_datadir}/%{name}/virt-convert %{_datadir}/%{name}/virt-xml +%{_datadir}/bash-completion/completions/virt-install +%{_datadir}/bash-completion/completions/virt-clone +%{_datadir}/bash-completion/completions/virt-xml + %{_bindir}/virt-install %{_bindir}/virt-clone -%{_bindir}/virt-convert %{_bindir}/virt-xml +%if %{with virtconvert} +%{_bindir}/virt-convert +%{_datadir}/bash-completion/completions/virt-convert +%{_datadir}/%{name}/virt-convert +%{_mandir}/man1/virt-convert.1* +%endif + %changelog -* Mon Jun 3 2019 Pavel Hrdina - 2.0.0-5.1.el8 -- cli: Fix pool=default when path belongs to another pool (bz 1692489) (rhbz#1714752) -- tests: clitest: Add a test case for the last commit (rhbz#1714752) -- domcapabilities: introduce get_cpu_security_features (rhbz#1716402) -- domain: cpu: introduce set_model function (rhbz#1716402) -- domain: cpu: automatically add CPU security features for "custom" mode (rhbz#1716402) -- domcapabilities: remove recommended CPU features from security features (rhbz#1716402) -- domcapabilities: fix typo in function name (rhbz#1716402) -- cli: introduce CPU secure parameter (rhbz#1716402) -- domcapabilities: add caching of CPU security features (rhbz#1716402) -- virt-manager: add new checkbox to control CPU security features (rhbz#1716402) -- DomainCpu: fix detection of CPU security features (rhbz#1716402) -- DomainCpu: check CPU model name only if model exists (rhbz#1716402) -- domcapabilities: detect MDS new vulnerability (rhbz#1716402) -- cli: fix cpu secure option to actually work (rhbz#1716402) +* Fri Aug 16 2019 Pavel Hrdina - 2.2.1-2 +- man: virt-install: Fix a couple of launchSecurity related typos (rhbz#1741846) -* Thu Mar 21 2019 Pavel Hrdina - 2.0.0-5 -- urldetect: Check also for 'treeinfo' (bz 1689252) (rhbz#1689252) +* Thu Jul 11 2019 Pavel Hrdina - 2.2.1-1 +- Rebased to virt-manager-2.2.1 (rhbz#1726535) +- The rebase also fixes the following bugs: + rhbz#1727881, rhbz#1724287, rhbz#1727811 +- spec: add gtksourceview3 dependency introduced by upstream (rhbz#1722820) +- guest: fix warning message when machine type is changed for secure boot (rhbz#1727811) + +* Mon Jun 24 2019 Pavel Hrdina - 2.2.0-2 +- xmleditor: Handle gtksourceview3 as well as gtksourceview4 (rhbz#1722820) +- xmleditor: Fix the gtksource version checking (rhbz#1722820) +- spec: add gtksourceview3 dependency introduced by upstream (rhbz#1722820) + +* Mon Jun 17 2019 Pavel Hrdina - 2.2.0-1 +- Rebased to virt-manager-2.2.0 (rhbz#1721001) +- The rebase also fixes the following bugs: + rhbz#1718065, rhbz#1714304, rhbz#1709857, rhbz#1707379, rhbz#1700354 + rhbz#1692489, rhbz#1690687, rhbz#1690685, rhbz#1683609, rhbz#1679018 + rhbz#1677019, rhbz#1671599, rhbz#1667025, rhbz#1666597, rhbz#1663430 + rhbz#1661867, rhbz#1660467, rhbz#1660123, rhbz#1659354, rhbz#1658511 + rhbz#1648939, rhbz#1599139, rhbz#1508147, rhbz#1501608 +- spec: add build dependencies that are now required for build (rhbz#1721001) * Fri Feb 8 2019 Pavel Hrdina - 2.0.0-4 - inspection: fix check of null icon (rhbz#1671278)