import virt-manager-2.2.1-2.el8

This commit is contained in:
CentOS Sources 2019-11-05 13:48:45 -05:00 committed by Andrew Lukoshko
parent 42d2793fa4
commit 07455ea208
29 changed files with 163 additions and 2257 deletions

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/virt-manager-2.0.0.tar.gz SOURCES/virt-manager-2.2.1.tar.gz

View File

@ -1 +1 @@
a99ff5c18281357cbf136830d7babbd22a91678a SOURCES/virt-manager-2.0.0.tar.gz 9360a95515b8e2245f1bbed5769824cafdb15baa SOURCES/virt-manager-2.2.1.tar.gz

1
SOURCES/symlinks Normal file
View File

@ -0,0 +1 @@
data/hicolor icons

View File

@ -1,61 +0,0 @@
From 6ba190915ed0be80b67423003dfdf183c47a2fb8 Mon Sep 17 00:00:00 2001
Message-Id: <6ba190915ed0be80b67423003dfdf183c47a2fb8@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Wed, 15 May 2019 10:37:55 +0200
Subject: [PATCH] DomainCpu: check CPU model name only if model exists
For CPU modes other then "custom" there is no model so we should not
check the suffix of model name.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
(cherry picked from commit c1ebd6730cb25b57124fad6c4030345356703320)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
tests/xmlparse.py | 4 ++++
virtinst/domain/cpu.py | 9 +++++----
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/tests/xmlparse.py b/tests/xmlparse.py
index c9828fc8..58d3c1a6 100644
--- a/tests/xmlparse.py
+++ b/tests/xmlparse.py
@@ -335,8 +335,12 @@ class XMLParseTest(unittest.TestCase):
check = self._make_checker(guest.cpu)
check("mode", "host-passthrough", "custom")
check("mode", "custom", "host-model")
+ guest.cpu.check_security_features(guest)
+ check("secure", False)
guest.cpu.set_model(guest, "qemu64")
check("model", "qemu64")
+ guest.cpu.check_security_features(guest)
+ check("secure", False)
self._alter_compare(guest.get_xml(), outfile)
diff --git a/virtinst/domain/cpu.py b/virtinst/domain/cpu.py
index 1d468468..66fa649b 100644
--- a/virtinst/domain/cpu.py
+++ b/virtinst/domain/cpu.py
@@ -136,10 +136,11 @@ class DomainCpu(XMLBuilder):
return
guestFeatures = [f.name for f in self.features if f.policy == "require"]
- if self.model.endswith("IBRS"):
- guestFeatures.append("spec-ctrl")
- if self.model.endswith("IBPB"):
- guestFeatures.append("ibpb")
+ if self.model:
+ if self.model.endswith("IBRS"):
+ guestFeatures.append("spec-ctrl")
+ if self.model.endswith("IBPB"):
+ guestFeatures.append("ibpb")
self.secure = set(features) <= set(guestFeatures)
--
2.21.0

View File

@ -1,56 +0,0 @@
From 703abe06db1ecfadb7e5a5f877f86d41f367300d Mon Sep 17 00:00:00 2001
Message-Id: <703abe06db1ecfadb7e5a5f877f86d41f367300d@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Wed, 15 May 2019 10:37:54 +0200
Subject: [PATCH] DomainCpu: fix detection of CPU security features
VM configured with mode="host-model" will have the CPU definition
expanded once the VM is started. Libvirt will try to use the closest
CPU model with some features enabled/disabled.
The issue is that there are some models that include spec-ctrl or ibpb
features and they will not appear in the explicit list of features and
virt-manager will not correctly detect if all security features are
enabled or not. As a workaround we can check the suffix of CPU model to
figure out which security features are enabled by the model itself.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
(cherry picked from commit 291f2ef21486cb54aadd40f07052aedfebef3792)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
virtinst/domain/cpu.py | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/virtinst/domain/cpu.py b/virtinst/domain/cpu.py
index c6a411bb..1d468468 100644
--- a/virtinst/domain/cpu.py
+++ b/virtinst/domain/cpu.py
@@ -135,15 +135,13 @@ class DomainCpu(XMLBuilder):
self.secure = False
return
- for feature in features:
- exists = False
- for f in self.features:
- if f.name == feature and f.policy == "require":
- exists = True
- break
- if not exists:
- self.secure = False
- return
+ guestFeatures = [f.name for f in self.features if f.policy == "require"]
+ if self.model.endswith("IBRS"):
+ guestFeatures.append("spec-ctrl")
+ if self.model.endswith("IBPB"):
+ guestFeatures.append("ibpb")
+
+ self.secure = set(features) <= set(guestFeatures)
def _remove_security_features(self, guest):
domcaps = guest.lookup_domcaps()
--
2.21.0

View File

@ -1,45 +0,0 @@
From 8f09b85515f78b8e73e71abcd8f0a61cbab7d7ff Mon Sep 17 00:00:00 2001
Message-Id: <8f09b85515f78b8e73e71abcd8f0a61cbab7d7ff@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Wed, 15 May 2019 08:06:09 -0400
Subject: [PATCH] cli: Fix pool=default when path belongs to another pool (bz
1692489)
From: Cole Robinson <crobinso@redhat.com>
Using 'virt-install --disk size=X' implicitly uses pool=default. If
a pool named 'default' exists we use that; if not, and a pool using
the default path exists under a different name, we attempt to use
that as well, and if that doesn't exist, we create pool=default
The second case is broken, so if there's no pool=default and eg.
pool=FOO points to /var/lib/libvirt/images, we still attempt to
look up pool=default which understandably fails
https://bugzilla.redhat.com/show_bug.cgi?id=1692489
(cherry picked from commit a0ca387aad0fde19683aa8b5b5636add6455b8b4)
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1714752
---
virtinst/cli.py | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/virtinst/cli.py b/virtinst/cli.py
index 21467a4d..63acb642 100644
--- a/virtinst/cli.py
+++ b/virtinst/cli.py
@@ -2029,7 +2029,9 @@ class ParserDisk(VirtCLIParser):
poolobj = None
if poolname:
if poolname == "default":
- StoragePool.build_default_pool(self.guest.conn)
+ poolxml = StoragePool.build_default_pool(self.guest.conn)
+ if poolxml:
+ poolname = poolxml.name
poolobj = self.guest.conn.storagePoolLookupByName(poolname)
if volname:
--
2.21.0

View File

@ -1,40 +0,0 @@
From dc5ec3458d325c3824c62517d72d802b2c3caee2 Mon Sep 17 00:00:00 2001
Message-Id: <dc5ec3458d325c3824c62517d72d802b2c3caee2@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Wed, 22 May 2019 18:08:31 +0200
Subject: [PATCH] cli: fix cpu secure option to actually work
The 'secure' option is processed after the model is already set.
CPU security options are resolved while setting CPU model so we need
to know the 'secure' option value before we set the CPU model.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
(cherry picked from commit 06c2f873972fd4c60a57c8b8f07fe3cec4ddfcf4)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
virtinst/cli.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/virtinst/cli.py b/virtinst/cli.py
index 0bfa3b94..139be8f9 100644
--- a/virtinst/cli.py
+++ b/virtinst/cli.py
@@ -1493,11 +1493,11 @@ class ParserCPU(VirtCLIParser):
_register_virt_parser(ParserCPU)
+ParserCPU.add_arg("secure", "secure", is_onoff=True)
ParserCPU.add_arg(None, "model", cb=ParserCPU.set_model_cb)
ParserCPU.add_arg("mode", "mode")
ParserCPU.add_arg("match", "match")
ParserCPU.add_arg("vendor", "vendor")
-ParserCPU.add_arg("secure", "secure", is_onoff=True)
ParserCPU.add_arg(None, "force", is_list=True, cb=ParserCPU.set_feature_cb)
ParserCPU.add_arg(None, "require", is_list=True, cb=ParserCPU.set_feature_cb)
--
2.21.0

View File

@ -1,202 +0,0 @@
From 55e2f03d72ecab6bd0e42a31a07b4d3f2471fd7e Mon Sep 17 00:00:00 2001
Message-Id: <55e2f03d72ecab6bd0e42a31a07b4d3f2471fd7e@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Wed, 15 May 2019 10:37:51 +0200
Subject: [PATCH] cli: introduce CPU secure parameter
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This will allow users to override the default behavior of virt-install
which copies CPU security features available on the host to the guest
XML if specific CPU model is configured.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 22342ef7ee526f8a5b5a65266363c33c70c8be43)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
man/virt-install.pod | 11 ++-
.../compare/virt-install-cpu-disable-sec.xml | 93 +++++++++++++++++++
tests/clitest.py | 1 +
virtinst/cli.py | 1 +
virtinst/domain/cpu.py | 7 +-
5 files changed, 111 insertions(+), 2 deletions(-)
create mode 100644 tests/cli-test-xml/compare/virt-install-cpu-disable-sec.xml
diff --git a/man/virt-install.pod b/man/virt-install.pod
index 5b7a784c..1cd31fa2 100644
--- a/man/virt-install.pod
+++ b/man/virt-install.pod
@@ -216,7 +216,16 @@ required value is MODEL, which is a valid CPU model as known to libvirt.
Libvirt's feature policy values force, require, optional, disable, or forbid,
or with the shorthand '+feature' and '-feature', which equal 'force=feature'
-and 'disable=feature' respectively
+and 'disable=feature' respectively.
+
+If exact CPU model is specified virt-install will automatically copy CPU
+features available on the host to mitigate recent CPU speculative execution
+side channel security vulnerabilities. This however will have some impact
+on performance and will break migration to hosts without security patches.
+In order to control this behavior there is a B<secure> parameter. Possible
+values are I<on> and I<off>, with I<on> as the default. It is highly
+recommended to leave this enabled and ensure all virtualization hosts have
+fully up to date microcode, kernel & virtualization software installed.
Some examples:
diff --git a/tests/cli-test-xml/compare/virt-install-cpu-disable-sec.xml b/tests/cli-test-xml/compare/virt-install-cpu-disable-sec.xml
new file mode 100644
index 00000000..a86d6926
--- /dev/null
+++ b/tests/cli-test-xml/compare/virt-install-cpu-disable-sec.xml
@@ -0,0 +1,93 @@
+<domain type="kvm">
+ <name>foobar</name>
+ <uuid>00000000-1111-2222-3333-444444444444</uuid>
+ <memory>65536</memory>
+ <currentMemory>65536</currentMemory>
+ <vcpu>1</vcpu>
+ <os>
+ <type arch="x86_64" machine="pc">hvm</type>
+ <boot dev="network"/>
+ </os>
+ <features>
+ <acpi/>
+ <apic/>
+ </features>
+ <cpu mode="custom" match="exact">
+ <model>qemu64</model>
+ </cpu>
+ <clock offset="utc">
+ <timer name="rtc" tickpolicy="catchup"/>
+ <timer name="pit" tickpolicy="delay"/>
+ <timer name="hpet" present="no"/>
+ </clock>
+ <on_reboot>destroy</on_reboot>
+ <pm>
+ <suspend-to-mem enabled="no"/>
+ <suspend-to-disk enabled="no"/>
+ </pm>
+ <devices>
+ <emulator>/usr/bin/qemu-kvm</emulator>
+ <controller type="usb" index="0" model="ich9-ehci1"/>
+ <controller type="usb" index="0" model="ich9-uhci1">
+ <master startport="0"/>
+ </controller>
+ <controller type="usb" index="0" model="ich9-uhci2">
+ <master startport="2"/>
+ </controller>
+ <controller type="usb" index="0" model="ich9-uhci3">
+ <master startport="4"/>
+ </controller>
+ <interface type="bridge">
+ <source bridge="eth0"/>
+ <mac address="00:11:22:33:44:55"/>
+ <model type="e1000"/>
+ </interface>
+ <console type="pty"/>
+ </devices>
+</domain>
+<domain type="kvm">
+ <name>foobar</name>
+ <uuid>00000000-1111-2222-3333-444444444444</uuid>
+ <memory>65536</memory>
+ <currentMemory>65536</currentMemory>
+ <vcpu>1</vcpu>
+ <os>
+ <type arch="x86_64" machine="pc">hvm</type>
+ <boot dev="network"/>
+ </os>
+ <features>
+ <acpi/>
+ <apic/>
+ </features>
+ <cpu mode="custom" match="exact">
+ <model>qemu64</model>
+ </cpu>
+ <clock offset="utc">
+ <timer name="rtc" tickpolicy="catchup"/>
+ <timer name="pit" tickpolicy="delay"/>
+ <timer name="hpet" present="no"/>
+ </clock>
+ <pm>
+ <suspend-to-mem enabled="no"/>
+ <suspend-to-disk enabled="no"/>
+ </pm>
+ <devices>
+ <emulator>/usr/bin/qemu-kvm</emulator>
+ <controller type="usb" index="0" model="ich9-ehci1"/>
+ <controller type="usb" index="0" model="ich9-uhci1">
+ <master startport="0"/>
+ </controller>
+ <controller type="usb" index="0" model="ich9-uhci2">
+ <master startport="2"/>
+ </controller>
+ <controller type="usb" index="0" model="ich9-uhci3">
+ <master startport="4"/>
+ </controller>
+ <interface type="bridge">
+ <source bridge="eth0"/>
+ <mac address="00:11:22:33:44:55"/>
+ <model type="e1000"/>
+ </interface>
+ <console type="pty"/>
+ </devices>
+</domain>
diff --git a/tests/clitest.py b/tests/clitest.py
index ecdf3731..32ce66e6 100644
--- a/tests/clitest.py
+++ b/tests/clitest.py
@@ -568,6 +568,7 @@ c.add_invalid("--clock foo_tickpolicy=merge") # Unknown timer
c.add_invalid("--security foobar") # Busted --security
c.add_compare("--cpuset auto --vcpus 2", "cpuset-auto") # --cpuset=auto actually works
c.add_compare("--memory 1024,hotplugmemorymax=2048,hotplugmemoryslots=2 --cpu cell0.cpus=0,cell0.memory=1048576 --memdev dimm,access=private,target_size=512,target_node=0,source_pagesize=4,source_nodemask=1-2 --memdev nvdimm,source_path=/path/to/nvdimm,target_size=512,target_node=0,target_label_size=128", "memory-hotplug")
+c.add_compare("--connect " + utils.URIs.kvm_q35 + " --cpu qemu64,secure=off", "cpu-disable-sec") # disable security features that are added by default
diff --git a/virtinst/cli.py b/virtinst/cli.py
index b10c22aa..0bfa3b94 100644
--- a/virtinst/cli.py
+++ b/virtinst/cli.py
@@ -1497,6 +1497,7 @@ ParserCPU.add_arg(None, "model", cb=ParserCPU.set_model_cb)
ParserCPU.add_arg("mode", "mode")
ParserCPU.add_arg("match", "match")
ParserCPU.add_arg("vendor", "vendor")
+ParserCPU.add_arg("secure", "secure", is_onoff=True)
ParserCPU.add_arg(None, "force", is_list=True, cb=ParserCPU.set_feature_cb)
ParserCPU.add_arg(None, "require", is_list=True, cb=ParserCPU.set_feature_cb)
diff --git a/virtinst/domain/cpu.py b/virtinst/domain/cpu.py
index e3992cf4..ab40f788 100644
--- a/virtinst/domain/cpu.py
+++ b/virtinst/domain/cpu.py
@@ -65,6 +65,8 @@ class DomainCpu(XMLBuilder):
_XML_PROP_ORDER = ["mode", "match", "model", "vendor",
"sockets", "cores", "threads", "features"]
+ secure = True
+
special_mode_was_set = False
# These values are exposed on the command line, so are stable API
SPECIAL_MODE_HOST_MODEL_ONLY = "host-model-only"
@@ -127,7 +129,10 @@ class DomainCpu(XMLBuilder):
self.mode = "custom"
if not self.match:
self.match = "exact"
- self._add_security_features(guest)
+ if self.secure:
+ self._add_security_features(guest)
+ else:
+ self._remove_security_features(guest)
self.model = val
def add_feature(self, name, policy="require"):
--
2.21.0

View File

@ -1,63 +0,0 @@
From 533879fd8da90eba207c63e2d70472efda9dc612 Mon Sep 17 00:00:00 2001
Message-Id: <533879fd8da90eba207c63e2d70472efda9dc612@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Thu, 13 Dec 2018 16:39:43 -0500
Subject: [PATCH] cli: s390x+graphics specified, use video=virtio (bz #1654994)
From: Cole Robinson <crobinso@redhat.com>
s390x doesn't support any of the PCI graphics cards
https://bugzilla.redhat.com/show_bug.cgi?id=1654994
(cherry picked from commit b91393e6c35b0e2903dbb50bb57a64464a7a3802)
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
.../cli-test-xml/compare/virt-install-s390x-cdrom-KVMIBM.xml | 4 ++++
tests/clitest.py | 2 +-
virtinst/devices/video.py | 2 ++
3 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/tests/cli-test-xml/compare/virt-install-s390x-cdrom-KVMIBM.xml b/tests/cli-test-xml/compare/virt-install-s390x-cdrom-KVMIBM.xml
index a8038855..82fe6350 100644
--- a/tests/cli-test-xml/compare/virt-install-s390x-cdrom-KVMIBM.xml
+++ b/tests/cli-test-xml/compare/virt-install-s390x-cdrom-KVMIBM.xml
@@ -36,6 +36,10 @@
<console type="pty">
<target type="sclp"/>
</console>
+ <graphics type="vnc" port="-1"/>
+ <video>
+ <model type="virtio"/>
+ </video>
<watchdog model="diag288" action="reset"/>
<panic model="s390"/>
</devices>
diff --git a/tests/clitest.py b/tests/clitest.py
index 039938db..824293e4 100644
--- a/tests/clitest.py
+++ b/tests/clitest.py
@@ -720,7 +720,7 @@ c.add_compare("--connect %(URI-KVM-PPC64LE)s --import --disk %(EXISTIMG1)s --os-
# s390x tests
c.add_compare("--arch s390x --machine s390-ccw-virtio --connect %(URI-KVM-S390X)s --boot kernel=/kernel.img,initrd=/initrd.img --disk %(EXISTIMG1)s --disk %(EXISTIMG3)s,device=cdrom --os-variant fedora21", "s390x-cdrom", skip_check=OLD_OSINFO)
-c.add_compare("--arch s390x --machine s390-ccw-virtio --connect " + utils.URIs.kvm_s390x_KVMIBM + " --boot kernel=/kernel.img,initrd=/initrd.img --disk %(EXISTIMG1)s --disk %(EXISTIMG3)s,device=cdrom --os-variant fedora21 --watchdog diag288,action=reset --panic default", "s390x-cdrom-KVMIBM")
+c.add_compare("--arch s390x --machine s390-ccw-virtio --connect " + utils.URIs.kvm_s390x_KVMIBM + " --boot kernel=/kernel.img,initrd=/initrd.img --disk %(EXISTIMG1)s --disk %(EXISTIMG3)s,device=cdrom --os-variant fedora21 --watchdog diag288,action=reset --panic default --graphics vnc", "s390x-cdrom-KVMIBM")
# qemu:///session tests
c.add_compare("--connect " + utils.URIs.kvm_session + " --disk size=8 --os-variant fedora21 --cdrom %(EXISTIMG1)s", "kvm-session-defaults", skip_check=OLD_OSINFO)
diff --git a/virtinst/devices/video.py b/virtinst/devices/video.py
index 5978a421..276f8187 100644
--- a/virtinst/devices/video.py
+++ b/virtinst/devices/video.py
@@ -46,6 +46,8 @@ class DeviceVideo(Device):
return "vga"
if guest.os.is_arm_machvirt():
return "virtio"
+ if guest.conn.is_qemu() and guest.os.is_s390x():
+ return "virtio"
if guest.has_spice() and guest.os.is_x86():
if guest.has_gl():
return "virtio"
--
2.19.2

View File

@ -1,32 +0,0 @@
From 5ace424b75538b3a5f8b06536c6de38a91d749ff Mon Sep 17 00:00:00 2001
Message-Id: <5ace424b75538b3a5f8b06536c6de38a91d749ff@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Thu, 10 Jan 2019 12:58:43 -0500
Subject: [PATCH] diskbackend: Fix backtrace cloning with block storage (bz
#1661986)
From: Cole Robinson <crobinso@redhat.com>
https://bugzilla.redhat.com/show_bug.cgi?id=1661986
(cherry picked from commit 722886748006b880ff6a99781b2aca0751aafc55)
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
virtinst/diskbackend.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/virtinst/diskbackend.py b/virtinst/diskbackend.py
index b9340585..3366e88d 100644
--- a/virtinst/diskbackend.py
+++ b/virtinst/diskbackend.py
@@ -530,7 +530,7 @@ class CloneStorageCreator(_StorageCreator):
else:
vfs = os.statvfs(os.path.dirname(self._path))
avail = vfs.f_frsize * vfs.f_bavail
- need = int(self._size) * 1024 * 1024 * 1024
+ need = int(self._size) * 1024 * 1024 * 1024
if need > avail:
if self._sparse:
msg = _("The filesystem will not have enough free space"
--
2.20.1

View File

@ -1,180 +0,0 @@
From 9080810abab3d5679d20b3b8874d2fce2c28d522 Mon Sep 17 00:00:00 2001
Message-Id: <9080810abab3d5679d20b3b8874d2fce2c28d522@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Wed, 15 May 2019 10:37:48 +0200
Subject: [PATCH] domain: cpu: automatically add CPU security features for
"custom" mode
If user selects specific CPU model to be configured for guest we will
automatically add CPU security features to make sure that the guest is
not vulnerable to these CPU HW bugs.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1582667
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
(cherry picked from commit fb5136a6a9457894ff1e24a1f9d5f0af0a8e8bd1)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
.../compare/virt-install-qemu-plain.xml | 2 ++
.../virt-install-singleton-config-2.xml | 4 ++++
tests/xmlparse.py | 6 +++---
virtManager/domain.py | 2 +-
virtinst/cli.py | 2 +-
virtinst/domain/cpu.py | 20 +++++++++++++++----
6 files changed, 27 insertions(+), 9 deletions(-)
diff --git a/tests/cli-test-xml/compare/virt-install-qemu-plain.xml b/tests/cli-test-xml/compare/virt-install-qemu-plain.xml
index d00e0cf4..eb1542c3 100644
--- a/tests/cli-test-xml/compare/virt-install-qemu-plain.xml
+++ b/tests/cli-test-xml/compare/virt-install-qemu-plain.xml
@@ -20,6 +20,8 @@
</features>
<cpu mode="custom" match="exact">
<model>Penryn</model>
+ <feature policy="require" name="pcid"/>
+ <feature policy="require" name="pdpe1gb"/>
</cpu>
<clock offset="utc">
<timer name="rtc" tickpolicy="catchup"/>
diff --git a/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml b/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml
index 621639e1..0861f62a 100644
--- a/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml
+++ b/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml
@@ -93,6 +93,8 @@
<model>foobar</model>
<vendor>meee</vendor>
<topology sockets="2" cores="2" threads="2"/>
+ <feature policy="require" name="pcid"/>
+ <feature policy="require" name="pdpe1gb"/>
<feature policy="force" name="x2apic"/>
<feature policy="force" name="x2apicagain"/>
<feature policy="require" name="reqtest"/>
@@ -282,6 +284,8 @@
<model>foobar</model>
<vendor>meee</vendor>
<topology sockets="2" cores="2" threads="2"/>
+ <feature policy="require" name="pcid"/>
+ <feature policy="require" name="pdpe1gb"/>
<feature policy="force" name="x2apic"/>
<feature policy="force" name="x2apicagain"/>
<feature policy="require" name="reqtest"/>
diff --git a/tests/xmlparse.py b/tests/xmlparse.py
index 61552720..c9828fc8 100644
--- a/tests/xmlparse.py
+++ b/tests/xmlparse.py
@@ -176,7 +176,7 @@ class XMLParseTest(unittest.TestCase):
check = self._make_checker(guest.cpu)
check("match", "exact", "strict")
- guest.cpu.set_model("qemu64")
+ guest.cpu.set_model(guest, "qemu64")
check("model", "qemu64")
check("vendor", "Intel", "qemuvendor")
check("threads", 2, 1)
@@ -269,7 +269,7 @@ class XMLParseTest(unittest.TestCase):
check = self._make_checker(guest.cpu)
check("model", None)
- guest.cpu.set_model("foobar")
+ guest.cpu.set_model(guest, "foobar")
check("model", "foobar")
check("model_fallback", None, "allow")
check("cores", None, 4)
@@ -335,7 +335,7 @@ class XMLParseTest(unittest.TestCase):
check = self._make_checker(guest.cpu)
check("mode", "host-passthrough", "custom")
check("mode", "custom", "host-model")
- guest.cpu.set_model("qemu64")
+ guest.cpu.set_model(guest, "qemu64")
check("model", "qemu64")
self._alter_compare(guest.get_xml(), outfile)
diff --git a/virtManager/domain.py b/virtManager/domain.py
index 96469969..5b3f1e44 100644
--- a/virtManager/domain.py
+++ b/virtManager/domain.py
@@ -513,7 +513,7 @@ class vmmDomain(vmmLibvirtObject):
if model in guest.cpu.SPECIAL_MODES:
guest.cpu.set_special_mode(guest, model)
else:
- guest.cpu.set_model(model)
+ guest.cpu.set_model(guest, model)
self._redefine_xmlobj(guest)
def define_memory(self, memory=_SENTINEL, maxmem=_SENTINEL):
diff --git a/virtinst/cli.py b/virtinst/cli.py
index e384b03a..b10c22aa 100644
--- a/virtinst/cli.py
+++ b/virtinst/cli.py
@@ -1442,7 +1442,7 @@ class ParserCPU(VirtCLIParser):
if val in inst.SPECIAL_MODES:
inst.set_special_mode(self.guest, val)
else:
- inst.set_model(val)
+ inst.set_model(self.guest, val)
def set_feature_cb(self, inst, val, virtarg):
policy = virtarg.cliname
diff --git a/virtinst/domain/cpu.py b/virtinst/domain/cpu.py
index 0673324c..e3992cf4 100644
--- a/virtinst/domain/cpu.py
+++ b/virtinst/domain/cpu.py
@@ -103,19 +103,31 @@ class DomainCpu(XMLBuilder):
elif val == self.SPECIAL_MODE_HOST_MODEL_ONLY:
if self.conn.caps.host.cpu.model:
self.clear()
- self.set_model(self.conn.caps.host.cpu.model)
+ self.set_model(guest, self.conn.caps.host.cpu.model)
else:
raise RuntimeError("programming error: unknown "
"special cpu mode '%s'" % val)
self.special_mode_was_set = True
- def set_model(self, val):
+ def _add_security_features(self, guest):
+ domcaps = guest.lookup_domcaps()
+ for feature in domcaps.get_cpu_security_features():
+ exists = False
+ for f in self.features:
+ if f.name == feature:
+ exists = True
+ break
+ if not exists:
+ self.add_feature(feature)
+
+ def set_model(self, guest, val):
logging.debug("setting cpu model %s", val)
if val:
self.mode = "custom"
if not self.match:
self.match = "exact"
+ self._add_security_features(guest)
self.model = val
def add_feature(self, name, policy="require"):
@@ -147,7 +159,7 @@ class DomainCpu(XMLBuilder):
self.mode = "custom"
self.match = "exact"
- self.set_model(model)
+ self.set_model(guest, model)
if fallback:
self.model_fallback = fallback
self.vendor = cpu.vendor
@@ -271,7 +283,7 @@ class DomainCpu(XMLBuilder):
elif guest.os.is_arm64() and guest.os.is_arm_machvirt():
# -M virt defaults to a 32bit CPU, even if using aarch64
- self.set_model("cortex-a57")
+ self.set_model(guest, "cortex-a57")
elif guest.os.is_x86() and guest.type == "kvm":
self._set_cpu_x86_kvm_default(guest)
--
2.21.0

View File

@ -1,161 +0,0 @@
From 220390ebd48b33d1d1fae747dc41f1aedd7646e0 Mon Sep 17 00:00:00 2001
Message-Id: <220390ebd48b33d1d1fae747dc41f1aedd7646e0@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Wed, 15 May 2019 10:37:47 +0200
Subject: [PATCH] domain: cpu: introduce set_model function
We will need to pass another variable into the setter so we cannot use
the property setter.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
(cherry picked from commit 6423f653fd2d895d5addf37a6d504dbc9a4a0d6f)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
tests/xmlparse.py | 11 +++++++----
virtManager/domain.py | 2 +-
virtinst/cli.py | 2 +-
virtinst/domain/cpu.py | 28 +++++++++++++---------------
4 files changed, 22 insertions(+), 21 deletions(-)
diff --git a/tests/xmlparse.py b/tests/xmlparse.py
index 709bc48f..61552720 100644
--- a/tests/xmlparse.py
+++ b/tests/xmlparse.py
@@ -176,7 +176,8 @@ class XMLParseTest(unittest.TestCase):
check = self._make_checker(guest.cpu)
check("match", "exact", "strict")
- check("model", "footest", "qemu64")
+ guest.cpu.set_model("qemu64")
+ check("model", "qemu64")
check("vendor", "Intel", "qemuvendor")
check("threads", 2, 1)
check("cores", 5, 3)
@@ -267,7 +268,9 @@ class XMLParseTest(unittest.TestCase):
guest.seclabels[0].get_xml().startswith("<seclabel"))
check = self._make_checker(guest.cpu)
- check("model", None, "foobar")
+ check("model", None)
+ guest.cpu.set_model("foobar")
+ check("model", "foobar")
check("model_fallback", None, "allow")
check("cores", None, 4)
guest.cpu.add_feature("x2apic", "forbid")
@@ -332,8 +335,8 @@ class XMLParseTest(unittest.TestCase):
check = self._make_checker(guest.cpu)
check("mode", "host-passthrough", "custom")
check("mode", "custom", "host-model")
- # mode will be "custom"
- check("model", None, "qemu64")
+ guest.cpu.set_model("qemu64")
+ check("model", "qemu64")
self._alter_compare(guest.get_xml(), outfile)
diff --git a/virtManager/domain.py b/virtManager/domain.py
index 4fcc716e..96469969 100644
--- a/virtManager/domain.py
+++ b/virtManager/domain.py
@@ -513,7 +513,7 @@ class vmmDomain(vmmLibvirtObject):
if model in guest.cpu.SPECIAL_MODES:
guest.cpu.set_special_mode(guest, model)
else:
- guest.cpu.model = model
+ guest.cpu.set_model(model)
self._redefine_xmlobj(guest)
def define_memory(self, memory=_SENTINEL, maxmem=_SENTINEL):
diff --git a/virtinst/cli.py b/virtinst/cli.py
index 63acb642..e384b03a 100644
--- a/virtinst/cli.py
+++ b/virtinst/cli.py
@@ -1442,7 +1442,7 @@ class ParserCPU(VirtCLIParser):
if val in inst.SPECIAL_MODES:
inst.set_special_mode(self.guest, val)
else:
- inst.model = val
+ inst.set_model(val)
def set_feature_cb(self, inst, val, virtarg):
policy = virtarg.cliname
diff --git a/virtinst/domain/cpu.py b/virtinst/domain/cpu.py
index d66704c1..0673324c 100644
--- a/virtinst/domain/cpu.py
+++ b/virtinst/domain/cpu.py
@@ -62,7 +62,7 @@ class DomainCpu(XMLBuilder):
Class for generating <cpu> XML
"""
XML_NAME = "cpu"
- _XML_PROP_ORDER = ["mode", "match", "_model", "vendor",
+ _XML_PROP_ORDER = ["mode", "match", "model", "vendor",
"sockets", "cores", "threads", "features"]
special_mode_was_set = False
@@ -103,13 +103,21 @@ class DomainCpu(XMLBuilder):
elif val == self.SPECIAL_MODE_HOST_MODEL_ONLY:
if self.conn.caps.host.cpu.model:
self.clear()
- self.model = self.conn.caps.host.cpu.model
+ self.set_model(self.conn.caps.host.cpu.model)
else:
raise RuntimeError("programming error: unknown "
"special cpu mode '%s'" % val)
self.special_mode_was_set = True
+ def set_model(self, val):
+ logging.debug("setting cpu model %s", val)
+ if val:
+ self.mode = "custom"
+ if not self.match:
+ self.match = "exact"
+ self.model = val
+
def add_feature(self, name, policy="require"):
feature = self.features.add_new()
feature.name = name
@@ -139,7 +147,7 @@ class DomainCpu(XMLBuilder):
self.mode = "custom"
self.match = "exact"
- self.model = model
+ self.set_model(model)
if fallback:
self.model_fallback = fallback
self.vendor = cpu.vendor
@@ -201,17 +209,7 @@ class DomainCpu(XMLBuilder):
# XML properties #
##################
- def _set_model(self, val):
- if val:
- self.mode = "custom"
- if not self.match:
- self.match = "exact"
- self._model = val
- def _get_model(self):
- return self._model
- _model = XMLProperty("./model")
- model = property(_get_model, _set_model)
-
+ model = XMLProperty("./model")
model_fallback = XMLProperty("./model/@fallback")
match = XMLProperty("./@match")
@@ -273,7 +271,7 @@ class DomainCpu(XMLBuilder):
elif guest.os.is_arm64() and guest.os.is_arm_machvirt():
# -M virt defaults to a 32bit CPU, even if using aarch64
- self.model = "cortex-a57"
+ self.set_model("cortex-a57")
elif guest.os.is_x86() and guest.type == "kvm":
self._set_cpu_x86_kvm_default(guest)
--
2.21.0

View File

@ -1,64 +0,0 @@
From 0424ece6003d2a06f41f4277bb258d6f753c70c6 Mon Sep 17 00:00:00 2001
Message-Id: <0424ece6003d2a06f41f4277bb258d6f753c70c6@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Wed, 15 May 2019 10:37:52 +0200
Subject: [PATCH] domcapabilities: add caching of CPU security features
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
We will call this function multiple times so it makes sense to cache the
result so we don't have to call libvirt APIs every time we will check
what security features are available on the host.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 00f8dea370ae0874dc655d3718978a6a8e397a34)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
virtinst/domcapabilities.py | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/virtinst/domcapabilities.py b/virtinst/domcapabilities.py
index 2905aa9e..6636addf 100644
--- a/virtinst/domcapabilities.py
+++ b/virtinst/domcapabilities.py
@@ -260,6 +260,8 @@ class DomainCapabilities(XMLBuilder):
return DomainCpu(self.conn, expandedXML)
+ _features = None
+
def get_cpu_security_features(self):
sec_features = [
'spec-ctrl',
@@ -267,7 +269,10 @@ class DomainCapabilities(XMLBuilder):
'ibpb',
'virt-ssbd']
- features = []
+ if self._features:
+ return self._features
+
+ self._features = []
for m in self.cpu.modes:
if m.name != "host-model" or not m.supported:
@@ -281,9 +286,9 @@ class DomainCapabilities(XMLBuilder):
for feature in cpu.features:
if feature.name in sec_features:
- features.append(feature.name)
+ self._features.append(feature.name)
- return features
+ return self._features
XML_NAME = "domainCapabilities"
--
2.21.0

View File

@ -1,61 +0,0 @@
From 961ffb1709e7af8c394093aca94f64b4c5ffda36 Mon Sep 17 00:00:00 2001
Message-Id: <961ffb1709e7af8c394093aca94f64b4c5ffda36@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Wed, 15 May 2019 10:37:56 +0200
Subject: [PATCH] domcapabilities: detect MDS new vulnerability
There is a new security feature 'md-clear' that mitigates recent CPU
Microarchitectural Store Buffer Data vulnerability.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
(cherry picked from commit c11d6ba4d7024eaac83b6e2d6ae88172f4c01e98)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
man/virt-install.pod | 13 +++++++------
virtinst/domcapabilities.py | 3 ++-
2 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/man/virt-install.pod b/man/virt-install.pod
index 1cd31fa2..f845ccb3 100644
--- a/man/virt-install.pod
+++ b/man/virt-install.pod
@@ -220,12 +220,13 @@ and 'disable=feature' respectively.
If exact CPU model is specified virt-install will automatically copy CPU
features available on the host to mitigate recent CPU speculative execution
-side channel security vulnerabilities. This however will have some impact
-on performance and will break migration to hosts without security patches.
-In order to control this behavior there is a B<secure> parameter. Possible
-values are I<on> and I<off>, with I<on> as the default. It is highly
-recommended to leave this enabled and ensure all virtualization hosts have
-fully up to date microcode, kernel & virtualization software installed.
+side channel and Microarchitectural Store Buffer Data security vulnerabilities.
+This however will have some impact on performance and will break migration
+to hosts without security patches. In order to control this behavior there
+is a B<secure> parameter. Possible values are I<on> and I<off>, with I<on>
+as the default. It is highly recommended to leave this enabled and ensure all
+virtualization hosts have fully up to date microcode, kernel & virtualization
+software installed.
Some examples:
diff --git a/virtinst/domcapabilities.py b/virtinst/domcapabilities.py
index 6636addf..74e5c842 100644
--- a/virtinst/domcapabilities.py
+++ b/virtinst/domcapabilities.py
@@ -267,7 +267,8 @@ class DomainCapabilities(XMLBuilder):
'spec-ctrl',
'ssbd',
'ibpb',
- 'virt-ssbd']
+ 'virt-ssbd',
+ 'md-clear']
if self._features:
return self._features
--
2.21.0

View File

@ -1,45 +0,0 @@
From 7c3db309efe09e0bdf8834842525c5aa91a80387 Mon Sep 17 00:00:00 2001
Message-Id: <7c3db309efe09e0bdf8834842525c5aa91a80387@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Wed, 15 May 2019 10:37:50 +0200
Subject: [PATCH] domcapabilities: fix typo in function name
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit b711b28b1af6998f57d5610139439518545663f0)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
virtinst/domcapabilities.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/virtinst/domcapabilities.py b/virtinst/domcapabilities.py
index 42a18f1e..2905aa9e 100644
--- a/virtinst/domcapabilities.py
+++ b/virtinst/domcapabilities.py
@@ -244,7 +244,7 @@ class DomainCapabilities(XMLBuilder):
arch.text = self.arch
return ET.tostring(root, encoding="unicode")
- def _get_expandned_cpu(self, mode):
+ def _get_expanded_cpu(self, mode):
cpuXML = self._convert_mode_to_cpu(mode.get_xml())
logging.debug("CPU XML for security flag baseline: %s", cpuXML)
@@ -274,7 +274,7 @@ class DomainCapabilities(XMLBuilder):
continue
try:
- cpu = self._get_expandned_cpu(m)
+ cpu = self._get_expanded_cpu(m)
except libvirt.libvirtError as e:
logging.warning(_("Failed to get expanded CPU XML: %s"), e)
break
--
2.21.0

View File

@ -1,108 +0,0 @@
From 6088fe594a3a5d383e345029473e2dd933dc8220 Mon Sep 17 00:00:00 2001
Message-Id: <6088fe594a3a5d383e345029473e2dd933dc8220@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Wed, 15 May 2019 10:37:46 +0200
Subject: [PATCH] domcapabilities: introduce get_cpu_security_features
Get all CPU security features that we should enable for guests.
In order to do that we need to get CPU definition from domain
capabilities and modify the XML so it is in required format for
libvirt CPU baseline APIs. We will prefer the baselineHypervisorCPU
API because that considers what QEMU actually supports and we will
fallback to baselineCPU API if the better one is not supported by
libvirt.
This way we can figure out which of the security features are actually
available on that specific host for that specific QEMU binary.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
(cherry picked from commit 4a8b6363c0891e37d9532213a046c5c57aedfd8b)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
virtinst/domcapabilities.py | 57 +++++++++++++++++++++++++++++++++++++
1 file changed, 57 insertions(+)
diff --git a/virtinst/domcapabilities.py b/virtinst/domcapabilities.py
index 4cbb7f20..28ed8630 100644
--- a/virtinst/domcapabilities.py
+++ b/virtinst/domcapabilities.py
@@ -8,7 +8,11 @@
import logging
import re
+import xml.etree.ElementTree as ET
+import libvirt
+
+from .domain import DomainCpu
from .xmlbuilder import XMLBuilder, XMLChildProperty, XMLProperty
@@ -232,6 +236,59 @@ class DomainCapabilities(XMLBuilder):
return [(m.name == "host-model" and m.supported)
for m in self.cpu.modes]
+ def _convert_mode_to_cpu(self, xml):
+ root = ET.fromstring(xml)
+ root.tag = "cpu"
+ root.attrib = None
+ arch = ET.SubElement(root, "arch")
+ arch.text = self.arch
+ return ET.tostring(root, encoding="unicode")
+
+ def _get_expandned_cpu(self, mode):
+ cpuXML = self._convert_mode_to_cpu(mode.get_xml())
+ logging.debug("CPU XML for security flag baseline: %s", cpuXML)
+
+ try:
+ expandedXML = self.conn.baselineHypervisorCPU(
+ self.path, self.arch, self.machine, self.domain, [cpuXML],
+ libvirt.VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES)
+ except libvirt.libvirtError:
+ expandedXML = self.conn.baselineCPU([cpuXML],
+ libvirt.VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES)
+
+ logging.debug("Expanded CPU XML: %s", expandedXML)
+
+ return DomainCpu(self.conn, expandedXML)
+
+ def get_cpu_security_features(self):
+ sec_features = [
+ 'pcid',
+ 'spec-ctrl',
+ 'ssbd',
+ 'pdpe1gb',
+ 'ibpb',
+ 'virt-ssbd',
+ 'amd-ssbd',
+ 'amd-no-ssb']
+
+ features = []
+
+ for m in self.cpu.modes:
+ if m.name != "host-model" or not m.supported:
+ continue
+
+ try:
+ cpu = self._get_expandned_cpu(m)
+ except libvirt.libvirtError as e:
+ logging.warning(_("Failed to get expanded CPU XML: %s"), e)
+ break
+
+ for feature in cpu.features:
+ if feature.name in sec_features:
+ features.append(feature.name)
+
+ return features
+
XML_NAME = "domainCapabilities"
os = XMLChildProperty(_OS, is_single=True)
--
2.21.0

View File

@ -1,99 +0,0 @@
From 1e605c106819be56f16e6e057015d7a42600c0ba Mon Sep 17 00:00:00 2001
Message-Id: <1e605c106819be56f16e6e057015d7a42600c0ba@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Wed, 15 May 2019 10:37:49 +0200
Subject: [PATCH] domcapabilities: remove recommended CPU features from
security features
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
These features are only recommended to be enabled since they improve
performance of the VMs if security features are enabled.
pcid is a very useful perf feature, but missing in some silicon
so not portable.
pdpe1gb lets the guest use 1 GB pages which is good for perf
but again not all silicon can do it.
amd-ssbd is a security feature which fixes the same SSBD flaws as the
virt-ssbd feature does. virt-ssbd is usable across all CPU models
affected by SSBD, while amd-ssbd is only available in very new silicon.
So virt-ssbd is the bette rchoice.
amd-no-ssb just indicates that the CPU is not affected by SSBD, so not
critical to expose. I expect a future named CPU model will include that
where appropriate.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 29f815fbd23082dff79d2d716e32a644b5a15d4a)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
tests/cli-test-xml/compare/virt-install-qemu-plain.xml | 2 --
.../compare/virt-install-singleton-config-2.xml | 4 ----
virtinst/domcapabilities.py | 6 +-----
3 files changed, 1 insertion(+), 11 deletions(-)
diff --git a/tests/cli-test-xml/compare/virt-install-qemu-plain.xml b/tests/cli-test-xml/compare/virt-install-qemu-plain.xml
index eb1542c3..d00e0cf4 100644
--- a/tests/cli-test-xml/compare/virt-install-qemu-plain.xml
+++ b/tests/cli-test-xml/compare/virt-install-qemu-plain.xml
@@ -20,8 +20,6 @@
</features>
<cpu mode="custom" match="exact">
<model>Penryn</model>
- <feature policy="require" name="pcid"/>
- <feature policy="require" name="pdpe1gb"/>
</cpu>
<clock offset="utc">
<timer name="rtc" tickpolicy="catchup"/>
diff --git a/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml b/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml
index 0861f62a..621639e1 100644
--- a/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml
+++ b/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml
@@ -93,8 +93,6 @@
<model>foobar</model>
<vendor>meee</vendor>
<topology sockets="2" cores="2" threads="2"/>
- <feature policy="require" name="pcid"/>
- <feature policy="require" name="pdpe1gb"/>
<feature policy="force" name="x2apic"/>
<feature policy="force" name="x2apicagain"/>
<feature policy="require" name="reqtest"/>
@@ -284,8 +282,6 @@
<model>foobar</model>
<vendor>meee</vendor>
<topology sockets="2" cores="2" threads="2"/>
- <feature policy="require" name="pcid"/>
- <feature policy="require" name="pdpe1gb"/>
<feature policy="force" name="x2apic"/>
<feature policy="force" name="x2apicagain"/>
<feature policy="require" name="reqtest"/>
diff --git a/virtinst/domcapabilities.py b/virtinst/domcapabilities.py
index 28ed8630..42a18f1e 100644
--- a/virtinst/domcapabilities.py
+++ b/virtinst/domcapabilities.py
@@ -262,14 +262,10 @@ class DomainCapabilities(XMLBuilder):
def get_cpu_security_features(self):
sec_features = [
- 'pcid',
'spec-ctrl',
'ssbd',
- 'pdpe1gb',
'ibpb',
- 'virt-ssbd',
- 'amd-ssbd',
- 'amd-no-ssb']
+ 'virt-ssbd']
features = []
--
2.21.0

View File

@ -0,0 +1,35 @@
From 31d04f52cf61d0cc87291515d7a92d2db93b86e2 Mon Sep 17 00:00:00 2001
Message-Id: <31d04f52cf61d0cc87291515d7a92d2db93b86e2@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Mon, 8 Jul 2019 10:44:43 +0200
Subject: [PATCH] guest: fix warning message when machine type is changed for
secure boot
Introduced by commit <3586d1897>.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1727811
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
(cherry picked from commit 3c6e85375d0cd87dcf8ac70b41db0d899851338e)
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
virtinst/guest.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/virtinst/guest.py b/virtinst/guest.py
index ef227d17..41357644 100644
--- a/virtinst/guest.py
+++ b/virtinst/guest.py
@@ -586,7 +586,8 @@ class Guest(XMLBuilder):
self.os.loader_secure = True
if self.os.machine and "q35" not in self.os.machine:
log.warning("Changing machine type from '%s' to 'q35' "
- "which is required for UEFI secure boot.")
+ "which is required for UEFI secure boot.",
+ self.os.machine)
self.os.machine = "q35"
def disable_hyperv_for_uefi(self):
--
2.21.0

View File

@ -1,51 +0,0 @@
From caea48c879b0a5d292c74a4a3721d56350cf5537 Mon Sep 17 00:00:00 2001
Message-Id: <caea48c879b0a5d292c74a4a3721d56350cf5537@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Wed, 30 Jan 2019 18:28:14 +0100
Subject: [PATCH] inspection: fix check of null icon
From: Pino Toscano <ptoscano@redhat.com>
Recently the Python binding of libguestfs was adapted to properly use
bytes in APIs that return data, instead of (ab)using strings [1].
This change was done only when built for Python 3, which has this
distinct bytes and strings.
Because of that, now the 'icon == ""' (empty string) checks fail, using
whatever inspect_get_icon() returns, including empty arrays of bytes.
Hence, change the checks to use the length of the data as condition, as
also the libguestfs Python API documentation says. Leave also the
checks for None, in the remote case the API will return None in the
future for no data.
[1] https://github.com/libguestfs/libguestfs/commit/0ee02e0117527b86a31b2a88a14994ce7f15571f
(cherry picked from commit bce4cc4ef837754de81e1420905159cc2fc3d773)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1671278
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
virtManager/inspection.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/virtManager/inspection.py b/virtManager/inspection.py
index ea6123b8..fde48474 100644
--- a/virtManager/inspection.py
+++ b/virtManager/inspection.py
@@ -268,10 +268,10 @@ class vmmInspection(vmmGObject):
if filesystems_mounted:
# string containing PNG data
icon = g.inspect_get_icon(root, favicon=0, highquality=1)
- if icon == "" or icon is None:
+ if icon is None or len(icon) == 0:
# no high quality icon, try a low quality one
icon = g.inspect_get_icon(root, favicon=0, highquality=0)
- if icon == "":
+ if icon is None or len(icon) == 0:
icon = None
# Inspection applications.
--
2.20.1

View File

@ -0,0 +1,49 @@
From 6a5ca07b8dccbd87a5c896336b09ea37bf80a01a Mon Sep 17 00:00:00 2001
Message-Id: <6a5ca07b8dccbd87a5c896336b09ea37bf80a01a@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Wed, 14 Aug 2019 09:45:19 +0200
Subject: [PATCH] man: virt-install: Fix a couple of launchSecurity related
typos
From: Erik Skultety <eskultet@redhat.com>
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit 3d5a72e18afcfcdbab35429aeb89d55f48304399)
https://bugzilla.redhat.com/show_bug.cgi?id=1741846
Signed-off-by: Erik Skultety <eskultet@redhat.com>
---
man/virt-install.pod | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/man/virt-install.pod b/man/virt-install.pod
index d8bd4127..8660f843 100644
--- a/man/virt-install.pod
+++ b/man/virt-install.pod
@@ -389,11 +389,11 @@ Configure guest power management features. Example:
Use --pm=? to see a list of all available sub options. Complete details at L<https://libvirt.org/formatdomain.html#elementsPowerManagement>
-=item B<--launch-security> TYPE[,OPTS]
+=item B<--launchSecurity> TYPE[,OPTS]
Enable launch security for the guest, e.g. AMD SEV.
-Use --launch-security=? to see a list of all available sub options. Complete
+Use --launchSecurity=? to see a list of all available sub options. Complete
details at L<https://libvirt.org/formatdomain.html#launchSecurity>. Example
invocations:
# This will use a default policy 0x03
@@ -1867,7 +1867,7 @@ refer to libvirt docs for a detailed explanation.
--controller type=scsi,model=virtio-scsi,driver.iommu=on \
--controller type=virtio-serial,driver.iommu=on \
--network network=default,model=virtio,driver.iommu=on \
- --rng driver,iommu=on \
+ --rng /dev/random,driver.iommu=on \
--memballoon driver.iommu=on \
--launchSecurity sev
--
2.21.0

View File

@ -1,181 +0,0 @@
From 7af39b00d8ab930fa519a62c0d674f8f77c718b5 Mon Sep 17 00:00:00 2001
Message-Id: <7af39b00d8ab930fa519a62c0d674f8f77c718b5@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Tue, 13 Nov 2018 16:18:07 +0100
Subject: [PATCH] tests: Add some tests for virt-xml with KVM
From: Andrea Bolognani <abologna@redhat.com>
We're mostly interested in how the default bus/model for
devices are influenced by knowledge about the guest OS, but
since the whole thing requires to be connected to the QEMU
driver we might as well create a new category and leave room
for more QEMU-specific tests being added down the line.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
(cherry picked from commit b882dbde9cb192afbc9ee8d8f4972922a4b4e616)
https://bugzilla.redhat.com/show_bug.cgi?id=1649406
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
---
.../compare/virt-xml-kvm-add-disk-default.xml | 13 +++++++++++++
.../virt-xml-kvm-add-disk-os-from-cmdline.xml | 14 ++++++++++++++
.../compare/virt-xml-kvm-add-disk-os-from-xml.xml | 14 ++++++++++++++
.../compare/virt-xml-kvm-add-network-default.xml | 13 +++++++++++++
.../virt-xml-kvm-add-network-os-from-cmdline.xml | 14 ++++++++++++++
.../virt-xml-kvm-add-network-os-from-xml.xml | 14 ++++++++++++++
tests/clitest.py | 7 +++++++
7 files changed, 89 insertions(+)
create mode 100644 tests/cli-test-xml/compare/virt-xml-kvm-add-disk-default.xml
create mode 100644 tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-cmdline.xml
create mode 100644 tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-xml.xml
create mode 100644 tests/cli-test-xml/compare/virt-xml-kvm-add-network-default.xml
create mode 100644 tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-cmdline.xml
create mode 100644 tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-xml.xml
diff --git a/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-default.xml b/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-default.xml
new file mode 100644
index 00000000..4ee0f1cb
--- /dev/null
+++ b/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-default.xml
@@ -0,0 +1,13 @@
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
++ <disk type="file" device="disk">
++ <driver name="qemu" type="qcow2"/>
++ <source file="/dev/default-pool/testvol1.img"/>
++ <target dev="hda" bus="ide"/>
++ </disk>
+ </devices>
+ </domain>
+
+Domain 'test' defined successfully.
+Changes will take effect after the domain is fully powered off.
\ No newline at end of file
diff --git a/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-cmdline.xml b/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-cmdline.xml
new file mode 100644
index 00000000..e5e4bd62
--- /dev/null
+++ b/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-cmdline.xml
@@ -0,0 +1,14 @@
+ <panic model="s390"/>
+ <panic model="pseries"/>
+ <panic model="hyperv"/>
++ <disk type="file" device="disk">
++ <driver name="qemu" type="qcow2"/>
++ <source file="/dev/default-pool/testvol1.img"/>
++ <target dev="vdaf" bus="virtio"/>
++ </disk>
+ </devices>
+ <seclabel type="dynamic" model="selinux" relabel="yes"/>
+ <seclabel type="static" model="dac" relabel="yes">
+
+Domain 'test-many-devices' defined successfully.
+Changes will take effect after the domain is fully powered off.
\ No newline at end of file
diff --git a/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-xml.xml b/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-xml.xml
new file mode 100644
index 00000000..e5e4bd62
--- /dev/null
+++ b/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-xml.xml
@@ -0,0 +1,14 @@
+ <panic model="s390"/>
+ <panic model="pseries"/>
+ <panic model="hyperv"/>
++ <disk type="file" device="disk">
++ <driver name="qemu" type="qcow2"/>
++ <source file="/dev/default-pool/testvol1.img"/>
++ <target dev="vdaf" bus="virtio"/>
++ </disk>
+ </devices>
+ <seclabel type="dynamic" model="selinux" relabel="yes"/>
+ <seclabel type="static" model="dac" relabel="yes">
+
+Domain 'test-many-devices' defined successfully.
+Changes will take effect after the domain is fully powered off.
\ No newline at end of file
diff --git a/tests/cli-test-xml/compare/virt-xml-kvm-add-network-default.xml b/tests/cli-test-xml/compare/virt-xml-kvm-add-network-default.xml
new file mode 100644
index 00000000..92bf1816
--- /dev/null
+++ b/tests/cli-test-xml/compare/virt-xml-kvm-add-network-default.xml
@@ -0,0 +1,13 @@
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
++ <interface type="bridge">
++ <source bridge="eth0"/>
++ <mac address="00:11:22:33:44:55"/>
++ <model type="e1000"/>
++ </interface>
+ </devices>
+ </domain>
+
+Domain 'test' defined successfully.
+Changes will take effect after the domain is fully powered off.
\ No newline at end of file
diff --git a/tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-cmdline.xml b/tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-cmdline.xml
new file mode 100644
index 00000000..c834c936
--- /dev/null
+++ b/tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-cmdline.xml
@@ -0,0 +1,14 @@
+ <panic model="s390"/>
+ <panic model="pseries"/>
+ <panic model="hyperv"/>
++ <interface type="bridge">
++ <source bridge="eth0"/>
++ <mac address="00:11:22:33:44:55"/>
++ <model type="virtio"/>
++ </interface>
+ </devices>
+ <seclabel type="dynamic" model="selinux" relabel="yes"/>
+ <seclabel type="static" model="dac" relabel="yes">
+
+Domain 'test-many-devices' defined successfully.
+Changes will take effect after the domain is fully powered off.
\ No newline at end of file
diff --git a/tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-xml.xml b/tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-xml.xml
new file mode 100644
index 00000000..c834c936
--- /dev/null
+++ b/tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-xml.xml
@@ -0,0 +1,14 @@
+ <panic model="s390"/>
+ <panic model="pseries"/>
+ <panic model="hyperv"/>
++ <interface type="bridge">
++ <source bridge="eth0"/>
++ <mac address="00:11:22:33:44:55"/>
++ <model type="virtio"/>
++ </interface>
+ </devices>
+ <seclabel type="dynamic" model="selinux" relabel="yes"/>
+ <seclabel type="static" model="dac" relabel="yes">
+
+Domain 'test-many-devices' defined successfully.
+Changes will take effect after the domain is fully powered off.
\ No newline at end of file
diff --git a/tests/clitest.py b/tests/clitest.py
index 144eac7a..039938db 100644
--- a/tests/clitest.py
+++ b/tests/clitest.py
@@ -954,6 +954,13 @@ c.add_compare("--remove-device --disk /dev/null", "remove-disk-path")
c.add_compare("--remove-device --video all", "remove-video-all", check_version="1.3.3") # check_version=video primary= attribute
c.add_compare("--remove-device --host-device 0x04b3:0x4485", "remove-hostdev-name", check_version="1.2.11") # check_version=video ram output change
+c = vixml.add_category("add/rm devices (KVM)", "--connect %(URI-KVM)s --print-diff --define")
+c.add_compare("test --add-device --disk %(EXISTIMG1)s", "kvm-add-disk-default") # Guest OS is not known
+c.add_compare("test-many-devices --add-device --disk %(EXISTIMG1)s", "kvm-add-disk-os-from-xml") # Guest OS information taken from the guest XML
+c.add_compare("test-many-devices --add-device --disk %(EXISTIMG1)s --os-variant winme", "kvm-add-disk-os-from-cmdline") # Guest OS information provided on the command line
+c.add_compare("test --add-device --network default", "kvm-add-network-default") # Guest OS is not known
+c.add_compare("test-many-devices --add-device --network default", "kvm-add-network-os-from-xml") # Guest OS information taken from the guest XML
+c.add_compare("test-many-devices --add-device --network default --os-variant winme", "kvm-add-network-os-from-cmdline") # Guest OS information provided on the command line
--
2.19.2

View File

@ -1,102 +0,0 @@
From c4ce5e02fededc9121c181a7b20ea0e6ebd1c1de Mon Sep 17 00:00:00 2001
Message-Id: <c4ce5e02fededc9121c181a7b20ea0e6ebd1c1de@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Wed, 15 May 2019 08:06:10 -0400
Subject: [PATCH] tests: clitest: Add a test case for the last commit
From: Cole Robinson <crobinso@redhat.com>
We need a custom test driver input to reproduce the pool collision
(cherry picked from commit fcabcb7a95c9dd81fb7c1335c3c181bb08a31ad0)
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1714752
---
.../testdriver-defaultpool-collision.xml | 47 +++++++++++++++++++
tests/clitest.py | 1 +
tests/utils.py | 2 +
3 files changed, 50 insertions(+)
create mode 100644 tests/cli-test-xml/testdriver-defaultpool-collision.xml
diff --git a/tests/cli-test-xml/testdriver-defaultpool-collision.xml b/tests/cli-test-xml/testdriver-defaultpool-collision.xml
new file mode 100644
index 00000000..1343f812
--- /dev/null
+++ b/tests/cli-test-xml/testdriver-defaultpool-collision.xml
@@ -0,0 +1,47 @@
+<node>
+
+ <cpu>
+ <nodes>1</nodes>
+ <sockets>4</sockets>
+ <cores>4</cores>
+ <threads>1</threads>
+ <active>4</active>
+ <mhz>4000</mhz>
+ <model>i686</model>
+ </cpu>
+ <memory>10000000</memory>
+
+
+<network>
+ <name>default</name>
+ <uuid>715666b7-dbd4-6c78-fa55-94863da09f2d</uuid>
+ <forward mode='nat'/>
+ <bridge name='virbr0' stp='on' forwardDelay='0' />
+ <ip address='192.168.122.1' netmask='255.255.255.0'>
+ <dhcp>
+ <range start='192.168.122.2' end='192.168.122.254' />
+ </dhcp>
+ </ip>
+</network>
+
+
+
+<pool type='dir'>
+ <name>default-pool-path-collision</name>
+ <uuid>35bb2ad9-388a-cdfe-461a-b8907f6e53fe</uuid>
+ <capacity>107374182400</capacity>
+ <allocation>0</allocation>
+ <available>107374182400</available>
+ <source>
+ </source>
+ <target>
+ <path>/var/lib/libvirt/images</path>
+ <permissions>
+ <mode>0700</mode>
+ <owner>10736</owner>
+ <group>10736</group>
+ </permissions>
+ </target>
+</pool>
+
+</node>
diff --git a/tests/clitest.py b/tests/clitest.py
index 824293e4..ecdf3731 100644
--- a/tests/clitest.py
+++ b/tests/clitest.py
@@ -684,6 +684,7 @@ c.add_valid("--nodisks --pxe", grep="VM performance may suffer") # os variant w
c.add_invalid("--hvm --nodisks --pxe foobar") # Positional arguments error
c.add_invalid("--nodisks --pxe --name test") # Colliding name
c.add_compare("--cdrom %(EXISTIMG1)s --disk size=1 --disk %(EXISTIMG2)s,device=cdrom", "cdrom-double") # ensure --disk device=cdrom is ordered after --cdrom, this is important for virtio-win installs with a driver ISO
+c.add_valid("--connect %s --pxe --disk size=1" % utils.URIs.test_defaultpool_collision) # testdriver already has a pool using the 'default' path, make sure we don't error
diff --git a/tests/utils.py b/tests/utils.py
index d22933d3..ef7c613a 100644
--- a/tests/utils.py
+++ b/tests/utils.py
@@ -56,6 +56,8 @@ class _URIs(object):
self.test_full = _testtmpl % (os.getcwd() + "/tests/testdriver.xml")
self.test_suite = _testtmpl % (os.getcwd() + "/tests/testsuite.xml")
self.test_remote = self.test_full + ",remote"
+ self.test_defaultpool_collision = (_testtmpl % (os.getcwd() +
+ "/tests/cli-test-xml/testdriver-defaultpool-collision.xml"))
self.xen = self.test_full + _caps("xen-rhel5.4.xml") + ",xen"
self.lxc = self.test_full + _caps("lxc.xml") + ",lxc"
--
2.21.0

View File

@ -1,48 +0,0 @@
From 6cb52e94e35d78001060b455d02de819fd923ba7 Mon Sep 17 00:00:00 2001
Message-Id: <6cb52e94e35d78001060b455d02de819fd923ba7@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Mon, 18 Mar 2019 14:22:25 -0400
Subject: [PATCH] urldetect: Check also for 'treeinfo' (bz 1689252)
From: Cole Robinson <crobinso@redhat.com>
Trees published to akamai CDN via Red Hat Satellite can't have .dotfiles
in them. More details here:
https://bugzilla.redhat.com/show_bug.cgi?id=635065
So we also need to check for .treeinfo. Anaconda does this too so it's
a long known issue.
https://bugzilla.redhat.com/show_bug.cgi?id=1689252
(cherry picked from commit 74bbc3db15d5e9a1b4d21c276f7d3f435b83d2fd)
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
virtinst/urldetect.py | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/virtinst/urldetect.py b/virtinst/urldetect.py
index 5da15d0b..27747f91 100644
--- a/virtinst/urldetect.py
+++ b/virtinst/urldetect.py
@@ -46,7 +46,16 @@ class _DistroCache(object):
if self._treeinfo:
return self._treeinfo
- treeinfostr = self.acquire_file_content(".treeinfo")
+ # Vast majority of trees here use .treeinfo. However, trees via
+ # Red Hat satellite on akamai CDN will use treeinfo, because akamai
+ # doesn't do dotfiles apparently:
+ #
+ # https://bugzilla.redhat.com/show_bug.cgi?id=635065
+ #
+ # Anaconda is the canonical treeinfo consumer and they check for both
+ # locations, so we need to do the same
+ treeinfostr = (self.acquire_file_content(".treeinfo") or
+ self.acquire_file_content("treeinfo"))
if treeinfostr is None:
return None
--
2.20.1

View File

@ -1,107 +0,0 @@
From 876da431c26216844488b8fe11be871576b7751d Mon Sep 17 00:00:00 2001
Message-Id: <876da431c26216844488b8fe11be871576b7751d@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Tue, 13 Nov 2018 16:18:05 +0100
Subject: [PATCH] virt-install: Add "Guest OS" options group
From: Andrea Bolognani <abologna@redhat.com>
The --os-variant option doesn't quite fit perfectly into
its current "Installation method" group, plus we want to
add the same option to virt-xml which can't have that
group for obvious reasons.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
(cherry picked from commit 751fb88c58b0e1d922b11397bcfe3cd91af694f0)
https://bugzilla.redhat.com/show_bug.cgi?id=1649406
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
---
man/virt-install.pod | 38 +++++++++++++++++++++++---------------
virt-install | 10 +++++-----
2 files changed, 28 insertions(+), 20 deletions(-)
diff --git a/man/virt-install.pod b/man/virt-install.pod
index b75b7998..5b7a784c 100644
--- a/man/virt-install.pod
+++ b/man/virt-install.pod
@@ -472,21 +472,6 @@ file:
--initrd-inject=/path/to/my.ks --extra-args "ks=file:/my.ks"
-=item B<--os-variant> OS_VARIANT
-
-Optimize the guest configuration for a specific operating system (ex.
-'fedora29', 'rhel7', 'win10'). While not required, specifying this
-options is HIGHLY RECOMMENDED, as it can greatly increase performance
-by specifying virtio among other guest tweaks.
-
-By default, virt-install will attempt to auto detect this value from
-the install media (currently only supported for URL installs). Autodetection
-can be disabled with the special value 'none'. Autodetection can be
-forced with the special value 'auto'.
-
-Use the command "osinfo-query os" to get the list of the accepted OS
-variants.
-
=item B<--boot> BOOTOPTS
Optionally specify the post-install VM boot configuration. This option allows
@@ -573,6 +558,29 @@ Use --idmap=? to see a list of all available sub options. Complete details at L<
+=head1 GUEST OS OPTIONS
+
+=over 4
+
+=item B<--os-variant> OS_VARIANT
+
+Optimize the guest configuration for a specific operating system (ex.
+'fedora29', 'rhel7', 'win10'). While not required, specifying this
+options is HIGHLY RECOMMENDED, as it can greatly increase performance
+by specifying virtio among other guest tweaks.
+
+By default, virt-install will attempt to auto detect this value from
+the install media (currently only supported for URL installs). Autodetection
+can be disabled with the special value 'none'. Autodetection can be
+forced with the special value 'auto'.
+
+Use the command "osinfo-query os" to get the list of the accepted OS
+variants.
+
+=back
+
+
+
=head1 STORAGE OPTIONS
diff --git a/virt-install b/virt-install
index 2c379ed3..4e16d4c8 100755
--- a/virt-install
+++ b/virt-install
@@ -784,14 +784,14 @@ def parse_args():
insg.add_argument("--test-stub-command", action="store_true",
help=argparse.SUPPRESS)
- insg.add_argument("--os-type", dest="distro_type", help=argparse.SUPPRESS)
- insg.add_argument("--os-variant", dest="distro_variant",
- help=_("The OS variant being installed in the guest, "
- "e.g. 'fedora29', 'rhel7', 'win10 etc."))
-
cli.add_boot_options(insg)
insg.add_argument("--init", help=argparse.SUPPRESS)
+ osg = parser.add_argument_group(_("Guest OS Options"))
+ osg.add_argument("--os-type", dest="distro_type", help=argparse.SUPPRESS)
+ osg.add_argument("--os-variant", dest="distro_variant",
+ help=_("The OS variant being installed in the guest, "
+ "e.g. 'fedora29', 'rhel7', 'win10 etc."))
devg = parser.add_argument_group(_("Device Options"))
cli.add_disk_option(devg)
--
2.19.2

View File

@ -1,53 +0,0 @@
From cbb550bc8064d8219798a2de80ed71b5bd4c4735 Mon Sep 17 00:00:00 2001
Message-Id: <cbb550bc8064d8219798a2de80ed71b5bd4c4735@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Tue, 13 Nov 2018 16:18:04 +0100
Subject: [PATCH] virt-install: Fix description for --os-variant
From: Andrea Bolognani <abologna@redhat.com>
Since we're messing with it either way, might as well use
modern OS names as examples.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
(cherry picked from commit a550a957278917f6edf94ada94017feeca77b7bf)
https://bugzilla.redhat.com/show_bug.cgi?id=1649406
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
---
man/virt-install.pod | 2 +-
virt-install | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/man/virt-install.pod b/man/virt-install.pod
index 8cd56fe0..b75b7998 100644
--- a/man/virt-install.pod
+++ b/man/virt-install.pod
@@ -475,7 +475,7 @@ file:
=item B<--os-variant> OS_VARIANT
Optimize the guest configuration for a specific operating system (ex.
-'fedora18', 'rhel7', 'winxp'). While not required, specifying this
+'fedora29', 'rhel7', 'win10'). While not required, specifying this
options is HIGHLY RECOMMENDED, as it can greatly increase performance
by specifying virtio among other guest tweaks.
diff --git a/virt-install b/virt-install
index a7f247f1..2c379ed3 100755
--- a/virt-install
+++ b/virt-install
@@ -786,8 +786,8 @@ def parse_args():
insg.add_argument("--os-type", dest="distro_type", help=argparse.SUPPRESS)
insg.add_argument("--os-variant", dest="distro_variant",
- help=_("The OS variant being installed guests, "
- "e.g. 'fedora18', 'rhel6', 'winxp', etc."))
+ help=_("The OS variant being installed in the guest, "
+ "e.g. 'fedora29', 'rhel7', 'win10 etc."))
cli.add_boot_options(insg)
insg.add_argument("--init", help=argparse.SUPPRESS)
--
2.19.2

View File

@ -1,186 +0,0 @@
From c05e60de1acb174bb40257d3481267e35dc62960 Mon Sep 17 00:00:00 2001
Message-Id: <c05e60de1acb174bb40257d3481267e35dc62960@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Wed, 15 May 2019 10:37:53 +0200
Subject: [PATCH] virt-manager: add new checkbox to control CPU security
features
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
By default we copy CPU security features to the guest if specific CPU
model is selected. However, this may break migration and will affect
performance of the guest. This adds an option to disable this default
behavior.
The checkbox is clickable only on x86 and only on host where we can
detect any CPU security features, otherwise a tooltip is set to notify
users that there is nothing to copy.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 8720637cff7b0766d9e27a60b0f81740176d70c8)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
ui/details.ui | 15 +++++++++++++++
virtManager/details.py | 21 +++++++++++++++++++++
virtManager/domain.py | 5 +++--
virtinst/domain/cpu.py | 30 ++++++++++++++++++++++++++++++
4 files changed, 69 insertions(+), 2 deletions(-)
diff --git a/ui/details.ui b/ui/details.ui
index c18070c8..1e1be759 100644
--- a/ui/details.ui
+++ b/ui/details.ui
@@ -2122,6 +2122,21 @@
<property name="top_attach">1</property>
</packing>
</child>
+ <child>
+ <object class="GtkCheckButton" id="cpu-secure">
+ <property name="label" translatable="yes">Enable available CPU security flaw mitigations</property>
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">False</property>
+ <property name="draw_indicator">True</property>
+ <signal name="toggled" handler="on_cpu_secure_toggled" swapped="no"/>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">2</property>
+ <property name="width">2</property>
+ </packing>
+ </child>
</object>
</child>
</object>
diff --git a/virtManager/details.py b/virtManager/details.py
index b7e7fc14..b8899d77 100644
--- a/virtManager/details.py
+++ b/virtManager/details.py
@@ -523,6 +523,7 @@ class vmmDetails(vmmGObjectUI):
"on_cpu_maxvcpus_changed": self.config_maxvcpus_changed,
"on_cpu_model_changed": lambda *x: self.config_cpu_model_changed(x),
"on_cpu_copy_host_clicked": self.on_cpu_copy_host_clicked,
+ "on_cpu_secure_toggled": self.on_cpu_secure_toggled,
"on_cpu_cores_changed": self.config_cpu_topology_changed,
"on_cpu_sockets_changed": self.config_cpu_topology_changed,
"on_cpu_threads_changed": self.config_cpu_topology_changed,
@@ -1716,6 +1717,11 @@ class vmmDetails(vmmGObjectUI):
def on_cpu_copy_host_clicked(self, src):
uiutil.set_grid_row_visible(
self.widget("cpu-model"), not src.get_active())
+ uiutil.set_grid_row_visible(
+ self.widget("cpu-secure"), not src.get_active())
+ self.enable_apply(EDIT_CPU)
+
+ def on_cpu_secure_toggled(self, ignore):
self.enable_apply(EDIT_CPU)
def config_cpu_model_changed(self, ignore):
@@ -2014,6 +2020,7 @@ class vmmDetails(vmmGObjectUI):
if self.edited(EDIT_CPU):
kwargs["model"] = self.get_config_cpu_model()
+ kwargs["secure"] = self.widget("cpu-secure").get_active()
if self.edited(EDIT_TOPOLOGY):
do_top = self.widget("cpu-topology-enable").get_active()
@@ -2574,6 +2581,11 @@ class vmmDetails(vmmGObjectUI):
n1, n2 = self.vm.network_traffic_vectors()
self.network_traffic_graph.set_property("data_array", n1 + n2)
+ def _cpu_secure_is_available(self):
+ domcaps = self.vm.get_domain_capabilities()
+ features = domcaps.get_cpu_security_features()
+ return self.vm.get_xmlobj().os.is_x86() and len(features) > 0
+
def refresh_config_cpu(self):
# Set topology first, because it impacts maxvcpus values
cpu = self.vm.get_cpu_config()
@@ -2627,6 +2639,15 @@ class vmmDetails(vmmGObjectUI):
self.widget("cpu-copy-host").set_active(bool(is_host))
self.on_cpu_copy_host_clicked(self.widget("cpu-copy-host"))
+ if not self._cpu_secure_is_available():
+ self.widget("cpu-secure").set_sensitive(False)
+ self.widget("cpu-secure").set_tooltip_text(
+ "No security features to copy, the host is missing "
+ "security patches or the host CPU is not vulnerable.")
+
+ cpu.check_security_features(self.vm.get_xmlobj())
+ self.widget("cpu-secure").set_active(cpu.secure)
+
def refresh_config_memory(self):
host_mem_widget = self.widget("state-host-memory")
host_mem = self.vm.conn.host_memory_size() // 1024
diff --git a/virtManager/domain.py b/virtManager/domain.py
index 5b3f1e44..c8f4e822 100644
--- a/virtManager/domain.py
+++ b/virtManager/domain.py
@@ -495,7 +495,7 @@ class vmmDomain(vmmLibvirtObject):
self._redefine_xmlobj(xmlobj)
def define_cpu(self, vcpus=_SENTINEL, maxvcpus=_SENTINEL,
- model=_SENTINEL, sockets=_SENTINEL,
+ model=_SENTINEL, secure=_SENTINEL, sockets=_SENTINEL,
cores=_SENTINEL, threads=_SENTINEL):
guest = self._make_xmlobj_to_define()
@@ -509,7 +509,8 @@ class vmmDomain(vmmLibvirtObject):
guest.cpu.cores = cores
guest.cpu.threads = threads
- if model != _SENTINEL:
+ if secure != _SENTINEL or model != _SENTINEL:
+ guest.cpu.secure = secure
if model in guest.cpu.SPECIAL_MODES:
guest.cpu.set_special_mode(guest, model)
else:
diff --git a/virtinst/domain/cpu.py b/virtinst/domain/cpu.py
index ab40f788..c6a411bb 100644
--- a/virtinst/domain/cpu.py
+++ b/virtinst/domain/cpu.py
@@ -123,6 +123,36 @@ class DomainCpu(XMLBuilder):
if not exists:
self.add_feature(feature)
+ def check_security_features(self, guest):
+ """
+ Since 'secure' property is not exported into the domain XML
+ we might need to refresh its state.
+ """
+ domcaps = guest.lookup_domcaps()
+ features = domcaps.get_cpu_security_features()
+
+ if len(features) == 0:
+ self.secure = False
+ return
+
+ for feature in features:
+ exists = False
+ for f in self.features:
+ if f.name == feature and f.policy == "require":
+ exists = True
+ break
+ if not exists:
+ self.secure = False
+ return
+
+ def _remove_security_features(self, guest):
+ domcaps = guest.lookup_domcaps()
+ for feature in domcaps.get_cpu_security_features():
+ for f in self.features:
+ if f.name == feature and f.policy == "require":
+ self.remove_child(f)
+ break
+
def set_model(self, guest, val):
logging.debug("setting cpu model %s", val)
if val:
--
2.21.0

View File

@ -1,90 +0,0 @@
From 56d11ce780d8f3b01a557b12d88058daec95bff7 Mon Sep 17 00:00:00 2001
Message-Id: <56d11ce780d8f3b01a557b12d88058daec95bff7@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Tue, 13 Nov 2018 16:18:06 +0100
Subject: [PATCH] virt-xml: Accept --os-variant option
From: Andrea Bolognani <abologna@redhat.com>
We're not doing anything with it yet, but having the
parser accept it means we can write tests and see how
their output changes once we wire it up in earnest.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
(cherry picked from commit ade53764fc4e86db1d37012c3723e92b81c6b4c9)
https://bugzilla.redhat.com/show_bug.cgi?id=1649406
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
---
man/virt-xml.pod | 30 ++++++++++++++++++++++++++++++
virt-xml | 5 +++++
2 files changed, 35 insertions(+)
diff --git a/man/virt-xml.pod b/man/virt-xml.pod
index bae492ac..a24a04fa 100644
--- a/man/virt-xml.pod
+++ b/man/virt-xml.pod
@@ -160,6 +160,30 @@ Before defining or updating the domain, show the generated XML diff and interact
+=head1 GUEST OS OPTIONS
+
+=over 4
+
+=item B<--os-variant> OS_VARIANT
+
+Optimize the guest configuration for a specific operating system (ex.
+'fedora29', 'rhel7', 'win10'). While not required, specifying this
+options is HIGHLY RECOMMENDED, as it can greatly increase performance
+by specifying virtio among other guest tweaks.
+
+If the guest has been installed using virt-manager version 2.0.0 or newer,
+providing this information should not be necessary, as the OS variant will
+have been stored in the guest configuration during installation and virt-xml
+will retrieve it from there automatically.
+
+Use the command "osinfo-query os" to get the list of the accepted OS
+variants.
+
+=back
+
+
+
+
=head1 XML OPTIONS
=over 4
@@ -331,6 +355,12 @@ Create a 10G qcow2 disk image and attach it to 'fedora18' for the next VM startu
# virt-xml fedora18 --add-device \
--disk /var/lib/libvirt/images/newimage.qcow2,format=qcow2,size=10
+Same as above, but ensure the disk is attached to the most appropriate bus
+for the guest OS by providing information about it on the command line:
+
+ # virt-xml fedora18 --os-variant fedora18 --add-device \
+ --disk /var/lib/libvirt/images/newimage.qcow2,format=qcow2,size=10
+
Hotunplug the disk vdb from the running domain 'rhel7':
# virt-xml rhel7 --update --remove-device --disk target=vdb
diff --git a/virt-xml b/virt-xml
index 9bdde95d..65d9b55f 100755
--- a/virt-xml
+++ b/virt-xml
@@ -360,6 +360,11 @@ def parse_args():
outg.add_argument("--confirm", action="store_true",
help=_("Require confirmation before saving any results."))
+ osg = parser.add_argument_group(_("OS options"))
+ osg.add_argument("--os-variant", dest="distro_variant",
+ help=_("The OS variant installed in the guest, "
+ "e.g. 'fedora29', 'rhel7', 'win10 etc."))
+
g = parser.add_argument_group(_("XML options"))
cli.add_disk_option(g, editexample=True)
cli.add_net_option(g)
--
2.19.2

View File

@ -1,136 +0,0 @@
From ffa0e4e8e438319cb3c8856d1d7f48a8864afe2e Mon Sep 17 00:00:00 2001
Message-Id: <ffa0e4e8e438319cb3c8856d1d7f48a8864afe2e@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Tue, 13 Nov 2018 16:18:08 +0100
Subject: [PATCH] virt-xml: Start using --os-variant
From: Andrea Bolognani <abologna@redhat.com>
The option only works with --add-device for the time being,
so we prevent its use in all other cases.
It would be nice to have it work with --build-xml too, but
in that case the user would have to provide some extra
information that in the case of --add-device we can figure
out from the existing guest, and it's not entirely clear
whether that would even be that useful, so for now we're
not considering that case at all.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
(cherry picked from commit d2d103a334e3beeb8e108137f50adee2e5c0e5fc)
https://bugzilla.redhat.com/show_bug.cgi?id=1649406
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
---
.../virt-xml-kvm-add-disk-os-from-cmdline.xml | 11 ++++++++++-
.../virt-xml-kvm-add-network-os-from-cmdline.xml | 11 ++++++++++-
virt-xml | 14 ++++++++++++++
3 files changed, 34 insertions(+), 2 deletions(-)
diff --git a/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-cmdline.xml b/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-cmdline.xml
index e5e4bd62..cf872c1c 100644
--- a/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-cmdline.xml
+++ b/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-cmdline.xml
@@ -1,10 +1,19 @@
+ </description>
+ <metadata>
+ <libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
+- <libosinfo:os id="http://fedoraproject.org/fedora/unknown"/>
++ <libosinfo:os id="http://microsoft.com/win/me"/>
+ </libosinfo:libosinfo>
+ </metadata>
+ <memory unit="KiB">409600</memory>
+@@
<panic model="s390"/>
<panic model="pseries"/>
<panic model="hyperv"/>
+ <disk type="file" device="disk">
+ <driver name="qemu" type="qcow2"/>
+ <source file="/dev/default-pool/testvol1.img"/>
-+ <target dev="vdaf" bus="virtio"/>
++ <target dev="hdd" bus="ide"/>
+ </disk>
</devices>
<seclabel type="dynamic" model="selinux" relabel="yes"/>
diff --git a/tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-cmdline.xml b/tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-cmdline.xml
index c834c936..8d278e7a 100644
--- a/tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-cmdline.xml
+++ b/tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-cmdline.xml
@@ -1,10 +1,19 @@
+ </description>
+ <metadata>
+ <libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
+- <libosinfo:os id="http://fedoraproject.org/fedora/unknown"/>
++ <libosinfo:os id="http://microsoft.com/win/me"/>
+ </libosinfo:libosinfo>
+ </metadata>
+ <memory unit="KiB">409600</memory>
+@@
<panic model="s390"/>
<panic model="pseries"/>
<panic model="hyperv"/>
+ <interface type="bridge">
+ <source bridge="eth0"/>
+ <mac address="00:11:22:33:44:55"/>
-+ <model type="virtio"/>
++ <model type="e1000"/>
+ </interface>
</devices>
<seclabel type="dynamic" model="selinux" relabel="yes"/>
diff --git a/virt-xml b/virt-xml
index 65d9b55f..39abd297 100755
--- a/virt-xml
+++ b/virt-xml
@@ -56,6 +56,13 @@ def get_diff(origxml, newxml):
return ret
+def set_distro_variant(options, guest):
+ if options.distro_variant is None:
+ return
+
+ guest.set_os_name(options.distro_variant)
+
+
def get_domain_and_guest(conn, domstr):
try:
int(domstr)
@@ -175,6 +182,8 @@ def action_edit(guest, options, parserclass):
fail(_("'--edit %s' doesn't make sense with --%s, "
"just use empty '--edit'") %
(options.edit, parserclass.cli_arg_name))
+ if options.distro_variant is not None:
+ fail(_("--os-variant is not supported with --edit"))
return cli.parse_option_strings(options, guest, inst, update=True)
@@ -182,6 +191,7 @@ def action_edit(guest, options, parserclass):
def action_add_device(guest, options, parserclass):
if not parserclass.prop_is_list(guest):
fail(_("Cannot use --add-device with --%s") % parserclass.cli_arg_name)
+ set_distro_variant(options, guest)
devs = cli.parse_option_strings(options, guest, None)
devs = util.listify(devs)
for dev in devs:
@@ -193,6 +203,8 @@ def action_remove_device(guest, options, parserclass):
if not parserclass.prop_is_list(guest):
fail(_("Cannot use --remove-device with --%s") %
parserclass.cli_arg_name)
+ if options.distro_variant is not None:
+ fail(_("--os-variant is not supported with --remove-device"))
devs = _find_objects_to_edit(guest, "remove-device",
getattr(options, parserclass.cli_arg_name)[-1], parserclass)
@@ -207,6 +219,8 @@ def action_build_xml(conn, options, parserclass):
if not parserclass.propname:
fail(_("--build-xml not supported for --%s") %
parserclass.cli_arg_name)
+ if options.distro_variant is not None:
+ fail(_("--os-variant is not supported with --build-xml"))
guest = virtinst.Guest(conn)
inst = parserclass.lookup_prop(guest)
--
2.19.2

View File

@ -1,9 +1,14 @@
# This package depends on automagic byte compilation
# https://fedoraproject.org/wiki/Changes/No_more_automagic_Python_bytecompilation_phase_2
%global _python_bytecompile_extra 1
# -*- rpm-spec -*- # -*- rpm-spec -*-
# RPM doesn't detect that code in /usr/share is python3, this forces it # RPM doesn't detect that code in /usr/share is python3, this forces it
# https://fedoraproject.org/wiki/Changes/Avoid_usr_bin_python_in_RPM_Build#Python_bytecompilation # https://fedoraproject.org/wiki/Changes/Avoid_usr_bin_python_in_RPM_Build#Python_bytecompilation
%global __python %{__python3} %global __python %{__python3}
%bcond_with virtconvert
%global with_guestfs 0 %global with_guestfs 0
%global default_hvs "qemu,xen,lxc" %global default_hvs "qemu,xen,lxc"
@ -12,40 +17,19 @@
# End local config # End local config
Name: virt-manager Name: virt-manager
Version: 2.0.0 Version: 2.2.1
Release: 5.1%{?dist}%{?extra_release} Release: 2%{?dist}%{?extra_release}
%global verrel %{version}-%{release} %global verrel %{version}-%{release}
Summary: Desktop tool for managing virtual machines via libvirt Summary: Desktop tool for managing virtual machines via libvirt
Group: Applications/Emulators
License: GPLv2+ License: GPLv2+
BuildArch: noarch BuildArch: noarch
URL: https://virt-manager.org/ URL: https://virt-manager.org/
Source0: https://virt-manager.org/download/sources/%{name}/%{name}-%{version}.tar.gz Source0: https://virt-manager.org/download/sources/%{name}/%{name}-%{version}.tar.gz
Source1: symlinks
Patch1: virt-manager-virt-install-Fix-description-for-os-variant.patch Patch1: virt-manager-guest-fix-warning-message-when-machine-type-is-changed-for-secure-boot.patch
Patch2: virt-manager-virt-install-Add-Guest-OS-options-group.patch Patch2: virt-manager-man-virt-install-Fix-a-couple-of-launchSecurity-related-typos.patch
Patch3: virt-manager-virt-xml-Accept-os-variant-option.patch
Patch4: virt-manager-tests-Add-some-tests-for-virt-xml-with-KVM.patch
Patch5: virt-manager-virt-xml-Start-using-os-variant.patch
Patch6: virt-manager-cli-s390x-graphics-specified-use-video-virtio-bz-1654994.patch
Patch7: virt-manager-diskbackend-Fix-backtrace-cloning-with-block-storage-bz-1661986.patch
Patch8: virt-manager-inspection-fix-check-of-null-icon.patch
Patch9: virt-manager-urldetect-Check-also-for-treeinfo-bz-1689252.patch
Patch10: virt-manager-cli-Fix-pool-default-when-path-belongs-to-another-pool-bz-1692489.patch
Patch11: virt-manager-tests-clitest-Add-a-test-case-for-the-last-commit.patch
Patch12: virt-manager-domcapabilities-introduce-get_cpu_security_features.patch
Patch13: virt-manager-domain-cpu-introduce-set_model-function.patch
Patch14: virt-manager-domain-cpu-automatically-add-CPU-security-features-for-custom-mode.patch
Patch15: virt-manager-domcapabilities-remove-recommended-CPU-features-from-security-features.patch
Patch16: virt-manager-domcapabilities-fix-typo-in-function-name.patch
Patch17: virt-manager-cli-introduce-CPU-secure-parameter.patch
Patch18: virt-manager-domcapabilities-add-caching-of-CPU-security-features.patch
Patch19: virt-manager-virt-manager-add-new-checkbox-to-control-CPU-security-features.patch
Patch20: virt-manager-DomainCpu-fix-detection-of-CPU-security-features.patch
Patch21: virt-manager-DomainCpu-check-CPU-model-name-only-if-model-exists.patch
Patch22: virt-manager-domcapabilities-detect-MDS-new-vulnerability.patch
Patch23: virt-manager-cli-fix-cpu-secure-option-to-actually-work.patch
Requires: virt-manager-common = %{verrel} Requires: virt-manager-common = %{verrel}
@ -55,6 +39,9 @@ Requires: libvirt-glib >= 0.0.9
Requires: gtk-vnc2 Requires: gtk-vnc2
Requires: spice-gtk3 Requires: spice-gtk3
# We can work with gtksourceview 3 or gtksourceview4, rhel has only the older one
Requires: gtksourceview3
# virt-manager is one of those apps that people will often install onto # virt-manager is one of those apps that people will often install onto
# a headless machine for use over SSH. This means the virt-manager dep # a headless machine for use over SSH. This means the virt-manager dep
# chain needs to provide everything we need to get a usable app experience. # chain needs to provide everything we need to get a usable app experience.
@ -73,6 +60,9 @@ Requires: vte291
Recommends: (libvirt-daemon-kvm or libvirt-daemon-qemu) Recommends: (libvirt-daemon-kvm or libvirt-daemon-qemu)
Recommends: libvirt-daemon-config-network Recommends: libvirt-daemon-config-network
# Optional inspection of guests
Suggests: python3-libguestfs
BuildRequires: git BuildRequires: git
BuildRequires: intltool BuildRequires: intltool
BuildRequires: /usr/bin/pod2man BuildRequires: /usr/bin/pod2man
@ -89,8 +79,8 @@ management API.
%package common %package common
Summary: Common files used by the different Virtual Machine Manager interfaces Summary: Common files used by the different Virtual Machine Manager interfaces
Group: Applications/Emulators
Requires: python3-argcomplete
Requires: python3-libvirt Requires: python3-libvirt
Requires: python3-libxml2 Requires: python3-libxml2
Requires: python3-requests Requires: python3-requests
@ -114,8 +104,10 @@ Requires: libvirt-client
Provides: virt-install Provides: virt-install
Provides: virt-clone Provides: virt-clone
Provides: virt-convert
Provides: virt-xml Provides: virt-xml
%if %{with virtconvert}
Provides: virt-convert
%endif
%description -n virt-install %description -n virt-install
Package includes several command line utilities, including virt-install Package includes several command line utilities, including virt-install
@ -124,44 +116,24 @@ machine).
%prep %prep
%setup -q %autosetup -S git_am -N
# "make dist" replaces all symlinks with a copy of the linked files;
# Patches have to be stored in a temporary file because RPM has # we need to replace all of them with the original symlinks
# a limit on the length of the result of any macro expansion; echo "Restoring symlinks"
# if the string is longer, it's silently cropped while read lnk target; do
%{lua: if [ -e $lnk ]; then
tmp = os.tmpname(); rm -rf $lnk
f = io.open(tmp, "w+"); ln -s $target $lnk
count = 0; fi
for i, p in ipairs(patches) do done <%{_sourcedir}/symlinks || exit 1
f:write(p.."\n");
count = count + 1;
end;
f:close();
print("PATCHCOUNT="..count.."\n")
print("PATCHLIST="..tmp.."\n")
}
git init -q
git config user.name rpm-build
git config user.email rpm-build
git config gc.auto 0
git add . git add .
git commit -q -a --author 'rpm-build <rpm-build>' \ git commit -q -a --author 'rpm-build <rpm-build>' -m symlinks
-m '%{name}-%{version} base'
COUNT=$(grep '\.patch$' $PATCHLIST | wc -l)
if [ $COUNT -ne $PATCHCOUNT ]; then git config gc.auto 0
echo "Found $COUNT patches in $PATCHLIST, expected $PATCHCOUNT"
exit 1 %autopatch
fi
if [ $COUNT -gt 0 ]; then
xargs git am <$PATCHLIST || exit 1
fi
echo "Applied $COUNT patches"
rm -f $PATCHLIST
rm -rf .git
%build %build
@ -179,6 +151,11 @@ rm -rf .git
install -O1 --root=%{buildroot} install -O1 --root=%{buildroot}
%find_lang %{name} %find_lang %{name}
%if %{without virtconvert}
find %{buildroot} -name virt-convert\* -delete
rm -rf %{buildroot}/%{_datadir}/%{name}/virtconv
%endif
# Replace '#!/usr/bin/env python3' with '#!/usr/bin/python3' # Replace '#!/usr/bin/env python3' with '#!/usr/bin/python3'
# The format is ideal for upstream, but not a distro. See: # The format is ideal for upstream, but not a distro. See:
# https://fedoraproject.org/wiki/Features/SystemPythonExecutablesUseSystemPython # https://fedoraproject.org/wiki/Features/SystemPythonExecutablesUseSystemPython
@ -208,47 +185,62 @@ done
%files common -f %{name}.lang %files common -f %{name}.lang
%dir %{_datadir}/%{name} %dir %{_datadir}/%{name}
%{_datadir}/%{name}/virtcli %if %{with virtconvert}
%{_datadir}/%{name}/virtconv %{_datadir}/%{name}/virtconv
%endif
%{_datadir}/%{name}/virtinst %{_datadir}/%{name}/virtinst
%files -n virt-install %files -n virt-install
%{_mandir}/man1/virt-install.1* %{_mandir}/man1/virt-install.1*
%{_mandir}/man1/virt-clone.1* %{_mandir}/man1/virt-clone.1*
%{_mandir}/man1/virt-convert.1*
%{_mandir}/man1/virt-xml.1* %{_mandir}/man1/virt-xml.1*
%{_datadir}/%{name}/virt-install %{_datadir}/%{name}/virt-install
%{_datadir}/%{name}/virt-clone %{_datadir}/%{name}/virt-clone
%{_datadir}/%{name}/virt-convert
%{_datadir}/%{name}/virt-xml %{_datadir}/%{name}/virt-xml
%{_datadir}/bash-completion/completions/virt-install
%{_datadir}/bash-completion/completions/virt-clone
%{_datadir}/bash-completion/completions/virt-xml
%{_bindir}/virt-install %{_bindir}/virt-install
%{_bindir}/virt-clone %{_bindir}/virt-clone
%{_bindir}/virt-convert
%{_bindir}/virt-xml %{_bindir}/virt-xml
%if %{with virtconvert}
%{_bindir}/virt-convert
%{_datadir}/bash-completion/completions/virt-convert
%{_datadir}/%{name}/virt-convert
%{_mandir}/man1/virt-convert.1*
%endif
%changelog %changelog
* Mon Jun 3 2019 Pavel Hrdina <phrdina@redhat.com> - 2.0.0-5.1.el8 * Fri Aug 16 2019 Pavel Hrdina <phrdina@redhat.com> - 2.2.1-2
- cli: Fix pool=default when path belongs to another pool (bz 1692489) (rhbz#1714752) - man: virt-install: Fix a couple of launchSecurity related typos (rhbz#1741846)
- tests: clitest: Add a test case for the last commit (rhbz#1714752)
- domcapabilities: introduce get_cpu_security_features (rhbz#1716402)
- domain: cpu: introduce set_model function (rhbz#1716402)
- domain: cpu: automatically add CPU security features for "custom" mode (rhbz#1716402)
- domcapabilities: remove recommended CPU features from security features (rhbz#1716402)
- domcapabilities: fix typo in function name (rhbz#1716402)
- cli: introduce CPU secure parameter (rhbz#1716402)
- domcapabilities: add caching of CPU security features (rhbz#1716402)
- virt-manager: add new checkbox to control CPU security features (rhbz#1716402)
- DomainCpu: fix detection of CPU security features (rhbz#1716402)
- DomainCpu: check CPU model name only if model exists (rhbz#1716402)
- domcapabilities: detect MDS new vulnerability (rhbz#1716402)
- cli: fix cpu secure option to actually work (rhbz#1716402)
* Thu Mar 21 2019 Pavel Hrdina <phrdina@redhat.com> - 2.0.0-5 * Thu Jul 11 2019 Pavel Hrdina <phrdina@redhat.com> - 2.2.1-1
- urldetect: Check also for 'treeinfo' (bz 1689252) (rhbz#1689252) - Rebased to virt-manager-2.2.1 (rhbz#1726535)
- The rebase also fixes the following bugs:
rhbz#1727881, rhbz#1724287, rhbz#1727811
- spec: add gtksourceview3 dependency introduced by upstream (rhbz#1722820)
- guest: fix warning message when machine type is changed for secure boot (rhbz#1727811)
* Mon Jun 24 2019 Pavel Hrdina <phrdina@redhat.com> - 2.2.0-2
- xmleditor: Handle gtksourceview3 as well as gtksourceview4 (rhbz#1722820)
- xmleditor: Fix the gtksource version checking (rhbz#1722820)
- spec: add gtksourceview3 dependency introduced by upstream (rhbz#1722820)
* Mon Jun 17 2019 Pavel Hrdina <phrdina@redhat.com> - 2.2.0-1
- Rebased to virt-manager-2.2.0 (rhbz#1721001)
- The rebase also fixes the following bugs:
rhbz#1718065, rhbz#1714304, rhbz#1709857, rhbz#1707379, rhbz#1700354
rhbz#1692489, rhbz#1690687, rhbz#1690685, rhbz#1683609, rhbz#1679018
rhbz#1677019, rhbz#1671599, rhbz#1667025, rhbz#1666597, rhbz#1663430
rhbz#1661867, rhbz#1660467, rhbz#1660123, rhbz#1659354, rhbz#1658511
rhbz#1648939, rhbz#1599139, rhbz#1508147, rhbz#1501608
- spec: add build dependencies that are now required for build (rhbz#1721001)
* Fri Feb 8 2019 Pavel Hrdina <phrdina@redhat.com> - 2.0.0-4 * Fri Feb 8 2019 Pavel Hrdina <phrdina@redhat.com> - 2.0.0-4
- inspection: fix check of null icon (rhbz#1671278) - inspection: fix check of null icon (rhbz#1671278)