import virt-manager-2.2.1-2.el8
This commit is contained in:
parent
42d2793fa4
commit
07455ea208
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/virt-manager-2.0.0.tar.gz
|
SOURCES/virt-manager-2.2.1.tar.gz
|
||||||
|
@ -1 +1 @@
|
|||||||
a99ff5c18281357cbf136830d7babbd22a91678a SOURCES/virt-manager-2.0.0.tar.gz
|
9360a95515b8e2245f1bbed5769824cafdb15baa SOURCES/virt-manager-2.2.1.tar.gz
|
||||||
|
1
SOURCES/symlinks
Normal file
1
SOURCES/symlinks
Normal file
@ -0,0 +1 @@
|
|||||||
|
data/hicolor icons
|
@ -1,61 +0,0 @@
|
|||||||
From 6ba190915ed0be80b67423003dfdf183c47a2fb8 Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <6ba190915ed0be80b67423003dfdf183c47a2fb8@dist-git>
|
|
||||||
From: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
Date: Wed, 15 May 2019 10:37:55 +0200
|
|
||||||
Subject: [PATCH] DomainCpu: check CPU model name only if model exists
|
|
||||||
|
|
||||||
For CPU modes other then "custom" there is no model so we should not
|
|
||||||
check the suffix of model name.
|
|
||||||
|
|
||||||
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
Reviewed-by: Cole Robinson <crobinso@redhat.com>
|
|
||||||
(cherry picked from commit c1ebd6730cb25b57124fad6c4030345356703320)
|
|
||||||
|
|
||||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
|
|
||||||
|
|
||||||
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
---
|
|
||||||
tests/xmlparse.py | 4 ++++
|
|
||||||
virtinst/domain/cpu.py | 9 +++++----
|
|
||||||
2 files changed, 9 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/tests/xmlparse.py b/tests/xmlparse.py
|
|
||||||
index c9828fc8..58d3c1a6 100644
|
|
||||||
--- a/tests/xmlparse.py
|
|
||||||
+++ b/tests/xmlparse.py
|
|
||||||
@@ -335,8 +335,12 @@ class XMLParseTest(unittest.TestCase):
|
|
||||||
check = self._make_checker(guest.cpu)
|
|
||||||
check("mode", "host-passthrough", "custom")
|
|
||||||
check("mode", "custom", "host-model")
|
|
||||||
+ guest.cpu.check_security_features(guest)
|
|
||||||
+ check("secure", False)
|
|
||||||
guest.cpu.set_model(guest, "qemu64")
|
|
||||||
check("model", "qemu64")
|
|
||||||
+ guest.cpu.check_security_features(guest)
|
|
||||||
+ check("secure", False)
|
|
||||||
|
|
||||||
self._alter_compare(guest.get_xml(), outfile)
|
|
||||||
|
|
||||||
diff --git a/virtinst/domain/cpu.py b/virtinst/domain/cpu.py
|
|
||||||
index 1d468468..66fa649b 100644
|
|
||||||
--- a/virtinst/domain/cpu.py
|
|
||||||
+++ b/virtinst/domain/cpu.py
|
|
||||||
@@ -136,10 +136,11 @@ class DomainCpu(XMLBuilder):
|
|
||||||
return
|
|
||||||
|
|
||||||
guestFeatures = [f.name for f in self.features if f.policy == "require"]
|
|
||||||
- if self.model.endswith("IBRS"):
|
|
||||||
- guestFeatures.append("spec-ctrl")
|
|
||||||
- if self.model.endswith("IBPB"):
|
|
||||||
- guestFeatures.append("ibpb")
|
|
||||||
+ if self.model:
|
|
||||||
+ if self.model.endswith("IBRS"):
|
|
||||||
+ guestFeatures.append("spec-ctrl")
|
|
||||||
+ if self.model.endswith("IBPB"):
|
|
||||||
+ guestFeatures.append("ibpb")
|
|
||||||
|
|
||||||
self.secure = set(features) <= set(guestFeatures)
|
|
||||||
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,56 +0,0 @@
|
|||||||
From 703abe06db1ecfadb7e5a5f877f86d41f367300d Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <703abe06db1ecfadb7e5a5f877f86d41f367300d@dist-git>
|
|
||||||
From: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
Date: Wed, 15 May 2019 10:37:54 +0200
|
|
||||||
Subject: [PATCH] DomainCpu: fix detection of CPU security features
|
|
||||||
|
|
||||||
VM configured with mode="host-model" will have the CPU definition
|
|
||||||
expanded once the VM is started. Libvirt will try to use the closest
|
|
||||||
CPU model with some features enabled/disabled.
|
|
||||||
|
|
||||||
The issue is that there are some models that include spec-ctrl or ibpb
|
|
||||||
features and they will not appear in the explicit list of features and
|
|
||||||
virt-manager will not correctly detect if all security features are
|
|
||||||
enabled or not. As a workaround we can check the suffix of CPU model to
|
|
||||||
figure out which security features are enabled by the model itself.
|
|
||||||
|
|
||||||
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
(cherry picked from commit 291f2ef21486cb54aadd40f07052aedfebef3792)
|
|
||||||
|
|
||||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
|
|
||||||
|
|
||||||
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
---
|
|
||||||
virtinst/domain/cpu.py | 16 +++++++---------
|
|
||||||
1 file changed, 7 insertions(+), 9 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/virtinst/domain/cpu.py b/virtinst/domain/cpu.py
|
|
||||||
index c6a411bb..1d468468 100644
|
|
||||||
--- a/virtinst/domain/cpu.py
|
|
||||||
+++ b/virtinst/domain/cpu.py
|
|
||||||
@@ -135,15 +135,13 @@ class DomainCpu(XMLBuilder):
|
|
||||||
self.secure = False
|
|
||||||
return
|
|
||||||
|
|
||||||
- for feature in features:
|
|
||||||
- exists = False
|
|
||||||
- for f in self.features:
|
|
||||||
- if f.name == feature and f.policy == "require":
|
|
||||||
- exists = True
|
|
||||||
- break
|
|
||||||
- if not exists:
|
|
||||||
- self.secure = False
|
|
||||||
- return
|
|
||||||
+ guestFeatures = [f.name for f in self.features if f.policy == "require"]
|
|
||||||
+ if self.model.endswith("IBRS"):
|
|
||||||
+ guestFeatures.append("spec-ctrl")
|
|
||||||
+ if self.model.endswith("IBPB"):
|
|
||||||
+ guestFeatures.append("ibpb")
|
|
||||||
+
|
|
||||||
+ self.secure = set(features) <= set(guestFeatures)
|
|
||||||
|
|
||||||
def _remove_security_features(self, guest):
|
|
||||||
domcaps = guest.lookup_domcaps()
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,45 +0,0 @@
|
|||||||
From 8f09b85515f78b8e73e71abcd8f0a61cbab7d7ff Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <8f09b85515f78b8e73e71abcd8f0a61cbab7d7ff@dist-git>
|
|
||||||
From: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
Date: Wed, 15 May 2019 08:06:09 -0400
|
|
||||||
Subject: [PATCH] cli: Fix pool=default when path belongs to another pool (bz
|
|
||||||
1692489)
|
|
||||||
|
|
||||||
From: Cole Robinson <crobinso@redhat.com>
|
|
||||||
|
|
||||||
Using 'virt-install --disk size=X' implicitly uses pool=default. If
|
|
||||||
a pool named 'default' exists we use that; if not, and a pool using
|
|
||||||
the default path exists under a different name, we attempt to use
|
|
||||||
that as well, and if that doesn't exist, we create pool=default
|
|
||||||
|
|
||||||
The second case is broken, so if there's no pool=default and eg.
|
|
||||||
pool=FOO points to /var/lib/libvirt/images, we still attempt to
|
|
||||||
look up pool=default which understandably fails
|
|
||||||
|
|
||||||
https://bugzilla.redhat.com/show_bug.cgi?id=1692489
|
|
||||||
(cherry picked from commit a0ca387aad0fde19683aa8b5b5636add6455b8b4)
|
|
||||||
Signed-off-by: Cole Robinson <crobinso@redhat.com>
|
|
||||||
|
|
||||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1714752
|
|
||||||
---
|
|
||||||
virtinst/cli.py | 4 +++-
|
|
||||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/virtinst/cli.py b/virtinst/cli.py
|
|
||||||
index 21467a4d..63acb642 100644
|
|
||||||
--- a/virtinst/cli.py
|
|
||||||
+++ b/virtinst/cli.py
|
|
||||||
@@ -2029,7 +2029,9 @@ class ParserDisk(VirtCLIParser):
|
|
||||||
poolobj = None
|
|
||||||
if poolname:
|
|
||||||
if poolname == "default":
|
|
||||||
- StoragePool.build_default_pool(self.guest.conn)
|
|
||||||
+ poolxml = StoragePool.build_default_pool(self.guest.conn)
|
|
||||||
+ if poolxml:
|
|
||||||
+ poolname = poolxml.name
|
|
||||||
poolobj = self.guest.conn.storagePoolLookupByName(poolname)
|
|
||||||
|
|
||||||
if volname:
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,40 +0,0 @@
|
|||||||
From dc5ec3458d325c3824c62517d72d802b2c3caee2 Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <dc5ec3458d325c3824c62517d72d802b2c3caee2@dist-git>
|
|
||||||
From: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
Date: Wed, 22 May 2019 18:08:31 +0200
|
|
||||||
Subject: [PATCH] cli: fix cpu secure option to actually work
|
|
||||||
|
|
||||||
The 'secure' option is processed after the model is already set.
|
|
||||||
CPU security options are resolved while setting CPU model so we need
|
|
||||||
to know the 'secure' option value before we set the CPU model.
|
|
||||||
|
|
||||||
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
(cherry picked from commit 06c2f873972fd4c60a57c8b8f07fe3cec4ddfcf4)
|
|
||||||
|
|
||||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
|
|
||||||
|
|
||||||
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
---
|
|
||||||
virtinst/cli.py | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/virtinst/cli.py b/virtinst/cli.py
|
|
||||||
index 0bfa3b94..139be8f9 100644
|
|
||||||
--- a/virtinst/cli.py
|
|
||||||
+++ b/virtinst/cli.py
|
|
||||||
@@ -1493,11 +1493,11 @@ class ParserCPU(VirtCLIParser):
|
|
||||||
|
|
||||||
|
|
||||||
_register_virt_parser(ParserCPU)
|
|
||||||
+ParserCPU.add_arg("secure", "secure", is_onoff=True)
|
|
||||||
ParserCPU.add_arg(None, "model", cb=ParserCPU.set_model_cb)
|
|
||||||
ParserCPU.add_arg("mode", "mode")
|
|
||||||
ParserCPU.add_arg("match", "match")
|
|
||||||
ParserCPU.add_arg("vendor", "vendor")
|
|
||||||
-ParserCPU.add_arg("secure", "secure", is_onoff=True)
|
|
||||||
|
|
||||||
ParserCPU.add_arg(None, "force", is_list=True, cb=ParserCPU.set_feature_cb)
|
|
||||||
ParserCPU.add_arg(None, "require", is_list=True, cb=ParserCPU.set_feature_cb)
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,202 +0,0 @@
|
|||||||
From 55e2f03d72ecab6bd0e42a31a07b4d3f2471fd7e Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <55e2f03d72ecab6bd0e42a31a07b4d3f2471fd7e@dist-git>
|
|
||||||
From: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
Date: Wed, 15 May 2019 10:37:51 +0200
|
|
||||||
Subject: [PATCH] cli: introduce CPU secure parameter
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
This will allow users to override the default behavior of virt-install
|
|
||||||
which copies CPU security features available on the host to the guest
|
|
||||||
XML if specific CPU model is configured.
|
|
||||||
|
|
||||||
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
||||||
(cherry picked from commit 22342ef7ee526f8a5b5a65266363c33c70c8be43)
|
|
||||||
|
|
||||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
|
|
||||||
|
|
||||||
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
---
|
|
||||||
man/virt-install.pod | 11 ++-
|
|
||||||
.../compare/virt-install-cpu-disable-sec.xml | 93 +++++++++++++++++++
|
|
||||||
tests/clitest.py | 1 +
|
|
||||||
virtinst/cli.py | 1 +
|
|
||||||
virtinst/domain/cpu.py | 7 +-
|
|
||||||
5 files changed, 111 insertions(+), 2 deletions(-)
|
|
||||||
create mode 100644 tests/cli-test-xml/compare/virt-install-cpu-disable-sec.xml
|
|
||||||
|
|
||||||
diff --git a/man/virt-install.pod b/man/virt-install.pod
|
|
||||||
index 5b7a784c..1cd31fa2 100644
|
|
||||||
--- a/man/virt-install.pod
|
|
||||||
+++ b/man/virt-install.pod
|
|
||||||
@@ -216,7 +216,16 @@ required value is MODEL, which is a valid CPU model as known to libvirt.
|
|
||||||
|
|
||||||
Libvirt's feature policy values force, require, optional, disable, or forbid,
|
|
||||||
or with the shorthand '+feature' and '-feature', which equal 'force=feature'
|
|
||||||
-and 'disable=feature' respectively
|
|
||||||
+and 'disable=feature' respectively.
|
|
||||||
+
|
|
||||||
+If exact CPU model is specified virt-install will automatically copy CPU
|
|
||||||
+features available on the host to mitigate recent CPU speculative execution
|
|
||||||
+side channel security vulnerabilities. This however will have some impact
|
|
||||||
+on performance and will break migration to hosts without security patches.
|
|
||||||
+In order to control this behavior there is a B<secure> parameter. Possible
|
|
||||||
+values are I<on> and I<off>, with I<on> as the default. It is highly
|
|
||||||
+recommended to leave this enabled and ensure all virtualization hosts have
|
|
||||||
+fully up to date microcode, kernel & virtualization software installed.
|
|
||||||
|
|
||||||
Some examples:
|
|
||||||
|
|
||||||
diff --git a/tests/cli-test-xml/compare/virt-install-cpu-disable-sec.xml b/tests/cli-test-xml/compare/virt-install-cpu-disable-sec.xml
|
|
||||||
new file mode 100644
|
|
||||||
index 00000000..a86d6926
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/tests/cli-test-xml/compare/virt-install-cpu-disable-sec.xml
|
|
||||||
@@ -0,0 +1,93 @@
|
|
||||||
+<domain type="kvm">
|
|
||||||
+ <name>foobar</name>
|
|
||||||
+ <uuid>00000000-1111-2222-3333-444444444444</uuid>
|
|
||||||
+ <memory>65536</memory>
|
|
||||||
+ <currentMemory>65536</currentMemory>
|
|
||||||
+ <vcpu>1</vcpu>
|
|
||||||
+ <os>
|
|
||||||
+ <type arch="x86_64" machine="pc">hvm</type>
|
|
||||||
+ <boot dev="network"/>
|
|
||||||
+ </os>
|
|
||||||
+ <features>
|
|
||||||
+ <acpi/>
|
|
||||||
+ <apic/>
|
|
||||||
+ </features>
|
|
||||||
+ <cpu mode="custom" match="exact">
|
|
||||||
+ <model>qemu64</model>
|
|
||||||
+ </cpu>
|
|
||||||
+ <clock offset="utc">
|
|
||||||
+ <timer name="rtc" tickpolicy="catchup"/>
|
|
||||||
+ <timer name="pit" tickpolicy="delay"/>
|
|
||||||
+ <timer name="hpet" present="no"/>
|
|
||||||
+ </clock>
|
|
||||||
+ <on_reboot>destroy</on_reboot>
|
|
||||||
+ <pm>
|
|
||||||
+ <suspend-to-mem enabled="no"/>
|
|
||||||
+ <suspend-to-disk enabled="no"/>
|
|
||||||
+ </pm>
|
|
||||||
+ <devices>
|
|
||||||
+ <emulator>/usr/bin/qemu-kvm</emulator>
|
|
||||||
+ <controller type="usb" index="0" model="ich9-ehci1"/>
|
|
||||||
+ <controller type="usb" index="0" model="ich9-uhci1">
|
|
||||||
+ <master startport="0"/>
|
|
||||||
+ </controller>
|
|
||||||
+ <controller type="usb" index="0" model="ich9-uhci2">
|
|
||||||
+ <master startport="2"/>
|
|
||||||
+ </controller>
|
|
||||||
+ <controller type="usb" index="0" model="ich9-uhci3">
|
|
||||||
+ <master startport="4"/>
|
|
||||||
+ </controller>
|
|
||||||
+ <interface type="bridge">
|
|
||||||
+ <source bridge="eth0"/>
|
|
||||||
+ <mac address="00:11:22:33:44:55"/>
|
|
||||||
+ <model type="e1000"/>
|
|
||||||
+ </interface>
|
|
||||||
+ <console type="pty"/>
|
|
||||||
+ </devices>
|
|
||||||
+</domain>
|
|
||||||
+<domain type="kvm">
|
|
||||||
+ <name>foobar</name>
|
|
||||||
+ <uuid>00000000-1111-2222-3333-444444444444</uuid>
|
|
||||||
+ <memory>65536</memory>
|
|
||||||
+ <currentMemory>65536</currentMemory>
|
|
||||||
+ <vcpu>1</vcpu>
|
|
||||||
+ <os>
|
|
||||||
+ <type arch="x86_64" machine="pc">hvm</type>
|
|
||||||
+ <boot dev="network"/>
|
|
||||||
+ </os>
|
|
||||||
+ <features>
|
|
||||||
+ <acpi/>
|
|
||||||
+ <apic/>
|
|
||||||
+ </features>
|
|
||||||
+ <cpu mode="custom" match="exact">
|
|
||||||
+ <model>qemu64</model>
|
|
||||||
+ </cpu>
|
|
||||||
+ <clock offset="utc">
|
|
||||||
+ <timer name="rtc" tickpolicy="catchup"/>
|
|
||||||
+ <timer name="pit" tickpolicy="delay"/>
|
|
||||||
+ <timer name="hpet" present="no"/>
|
|
||||||
+ </clock>
|
|
||||||
+ <pm>
|
|
||||||
+ <suspend-to-mem enabled="no"/>
|
|
||||||
+ <suspend-to-disk enabled="no"/>
|
|
||||||
+ </pm>
|
|
||||||
+ <devices>
|
|
||||||
+ <emulator>/usr/bin/qemu-kvm</emulator>
|
|
||||||
+ <controller type="usb" index="0" model="ich9-ehci1"/>
|
|
||||||
+ <controller type="usb" index="0" model="ich9-uhci1">
|
|
||||||
+ <master startport="0"/>
|
|
||||||
+ </controller>
|
|
||||||
+ <controller type="usb" index="0" model="ich9-uhci2">
|
|
||||||
+ <master startport="2"/>
|
|
||||||
+ </controller>
|
|
||||||
+ <controller type="usb" index="0" model="ich9-uhci3">
|
|
||||||
+ <master startport="4"/>
|
|
||||||
+ </controller>
|
|
||||||
+ <interface type="bridge">
|
|
||||||
+ <source bridge="eth0"/>
|
|
||||||
+ <mac address="00:11:22:33:44:55"/>
|
|
||||||
+ <model type="e1000"/>
|
|
||||||
+ </interface>
|
|
||||||
+ <console type="pty"/>
|
|
||||||
+ </devices>
|
|
||||||
+</domain>
|
|
||||||
diff --git a/tests/clitest.py b/tests/clitest.py
|
|
||||||
index ecdf3731..32ce66e6 100644
|
|
||||||
--- a/tests/clitest.py
|
|
||||||
+++ b/tests/clitest.py
|
|
||||||
@@ -568,6 +568,7 @@ c.add_invalid("--clock foo_tickpolicy=merge") # Unknown timer
|
|
||||||
c.add_invalid("--security foobar") # Busted --security
|
|
||||||
c.add_compare("--cpuset auto --vcpus 2", "cpuset-auto") # --cpuset=auto actually works
|
|
||||||
c.add_compare("--memory 1024,hotplugmemorymax=2048,hotplugmemoryslots=2 --cpu cell0.cpus=0,cell0.memory=1048576 --memdev dimm,access=private,target_size=512,target_node=0,source_pagesize=4,source_nodemask=1-2 --memdev nvdimm,source_path=/path/to/nvdimm,target_size=512,target_node=0,target_label_size=128", "memory-hotplug")
|
|
||||||
+c.add_compare("--connect " + utils.URIs.kvm_q35 + " --cpu qemu64,secure=off", "cpu-disable-sec") # disable security features that are added by default
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
diff --git a/virtinst/cli.py b/virtinst/cli.py
|
|
||||||
index b10c22aa..0bfa3b94 100644
|
|
||||||
--- a/virtinst/cli.py
|
|
||||||
+++ b/virtinst/cli.py
|
|
||||||
@@ -1497,6 +1497,7 @@ ParserCPU.add_arg(None, "model", cb=ParserCPU.set_model_cb)
|
|
||||||
ParserCPU.add_arg("mode", "mode")
|
|
||||||
ParserCPU.add_arg("match", "match")
|
|
||||||
ParserCPU.add_arg("vendor", "vendor")
|
|
||||||
+ParserCPU.add_arg("secure", "secure", is_onoff=True)
|
|
||||||
|
|
||||||
ParserCPU.add_arg(None, "force", is_list=True, cb=ParserCPU.set_feature_cb)
|
|
||||||
ParserCPU.add_arg(None, "require", is_list=True, cb=ParserCPU.set_feature_cb)
|
|
||||||
diff --git a/virtinst/domain/cpu.py b/virtinst/domain/cpu.py
|
|
||||||
index e3992cf4..ab40f788 100644
|
|
||||||
--- a/virtinst/domain/cpu.py
|
|
||||||
+++ b/virtinst/domain/cpu.py
|
|
||||||
@@ -65,6 +65,8 @@ class DomainCpu(XMLBuilder):
|
|
||||||
_XML_PROP_ORDER = ["mode", "match", "model", "vendor",
|
|
||||||
"sockets", "cores", "threads", "features"]
|
|
||||||
|
|
||||||
+ secure = True
|
|
||||||
+
|
|
||||||
special_mode_was_set = False
|
|
||||||
# These values are exposed on the command line, so are stable API
|
|
||||||
SPECIAL_MODE_HOST_MODEL_ONLY = "host-model-only"
|
|
||||||
@@ -127,7 +129,10 @@ class DomainCpu(XMLBuilder):
|
|
||||||
self.mode = "custom"
|
|
||||||
if not self.match:
|
|
||||||
self.match = "exact"
|
|
||||||
- self._add_security_features(guest)
|
|
||||||
+ if self.secure:
|
|
||||||
+ self._add_security_features(guest)
|
|
||||||
+ else:
|
|
||||||
+ self._remove_security_features(guest)
|
|
||||||
self.model = val
|
|
||||||
|
|
||||||
def add_feature(self, name, policy="require"):
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,63 +0,0 @@
|
|||||||
From 533879fd8da90eba207c63e2d70472efda9dc612 Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <533879fd8da90eba207c63e2d70472efda9dc612@dist-git>
|
|
||||||
From: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
Date: Thu, 13 Dec 2018 16:39:43 -0500
|
|
||||||
Subject: [PATCH] cli: s390x+graphics specified, use video=virtio (bz #1654994)
|
|
||||||
|
|
||||||
From: Cole Robinson <crobinso@redhat.com>
|
|
||||||
|
|
||||||
s390x doesn't support any of the PCI graphics cards
|
|
||||||
|
|
||||||
https://bugzilla.redhat.com/show_bug.cgi?id=1654994
|
|
||||||
(cherry picked from commit b91393e6c35b0e2903dbb50bb57a64464a7a3802)
|
|
||||||
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
---
|
|
||||||
.../cli-test-xml/compare/virt-install-s390x-cdrom-KVMIBM.xml | 4 ++++
|
|
||||||
tests/clitest.py | 2 +-
|
|
||||||
virtinst/devices/video.py | 2 ++
|
|
||||||
3 files changed, 7 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/tests/cli-test-xml/compare/virt-install-s390x-cdrom-KVMIBM.xml b/tests/cli-test-xml/compare/virt-install-s390x-cdrom-KVMIBM.xml
|
|
||||||
index a8038855..82fe6350 100644
|
|
||||||
--- a/tests/cli-test-xml/compare/virt-install-s390x-cdrom-KVMIBM.xml
|
|
||||||
+++ b/tests/cli-test-xml/compare/virt-install-s390x-cdrom-KVMIBM.xml
|
|
||||||
@@ -36,6 +36,10 @@
|
|
||||||
<console type="pty">
|
|
||||||
<target type="sclp"/>
|
|
||||||
</console>
|
|
||||||
+ <graphics type="vnc" port="-1"/>
|
|
||||||
+ <video>
|
|
||||||
+ <model type="virtio"/>
|
|
||||||
+ </video>
|
|
||||||
<watchdog model="diag288" action="reset"/>
|
|
||||||
<panic model="s390"/>
|
|
||||||
</devices>
|
|
||||||
diff --git a/tests/clitest.py b/tests/clitest.py
|
|
||||||
index 039938db..824293e4 100644
|
|
||||||
--- a/tests/clitest.py
|
|
||||||
+++ b/tests/clitest.py
|
|
||||||
@@ -720,7 +720,7 @@ c.add_compare("--connect %(URI-KVM-PPC64LE)s --import --disk %(EXISTIMG1)s --os-
|
|
||||||
|
|
||||||
# s390x tests
|
|
||||||
c.add_compare("--arch s390x --machine s390-ccw-virtio --connect %(URI-KVM-S390X)s --boot kernel=/kernel.img,initrd=/initrd.img --disk %(EXISTIMG1)s --disk %(EXISTIMG3)s,device=cdrom --os-variant fedora21", "s390x-cdrom", skip_check=OLD_OSINFO)
|
|
||||||
-c.add_compare("--arch s390x --machine s390-ccw-virtio --connect " + utils.URIs.kvm_s390x_KVMIBM + " --boot kernel=/kernel.img,initrd=/initrd.img --disk %(EXISTIMG1)s --disk %(EXISTIMG3)s,device=cdrom --os-variant fedora21 --watchdog diag288,action=reset --panic default", "s390x-cdrom-KVMIBM")
|
|
||||||
+c.add_compare("--arch s390x --machine s390-ccw-virtio --connect " + utils.URIs.kvm_s390x_KVMIBM + " --boot kernel=/kernel.img,initrd=/initrd.img --disk %(EXISTIMG1)s --disk %(EXISTIMG3)s,device=cdrom --os-variant fedora21 --watchdog diag288,action=reset --panic default --graphics vnc", "s390x-cdrom-KVMIBM")
|
|
||||||
|
|
||||||
# qemu:///session tests
|
|
||||||
c.add_compare("--connect " + utils.URIs.kvm_session + " --disk size=8 --os-variant fedora21 --cdrom %(EXISTIMG1)s", "kvm-session-defaults", skip_check=OLD_OSINFO)
|
|
||||||
diff --git a/virtinst/devices/video.py b/virtinst/devices/video.py
|
|
||||||
index 5978a421..276f8187 100644
|
|
||||||
--- a/virtinst/devices/video.py
|
|
||||||
+++ b/virtinst/devices/video.py
|
|
||||||
@@ -46,6 +46,8 @@ class DeviceVideo(Device):
|
|
||||||
return "vga"
|
|
||||||
if guest.os.is_arm_machvirt():
|
|
||||||
return "virtio"
|
|
||||||
+ if guest.conn.is_qemu() and guest.os.is_s390x():
|
|
||||||
+ return "virtio"
|
|
||||||
if guest.has_spice() and guest.os.is_x86():
|
|
||||||
if guest.has_gl():
|
|
||||||
return "virtio"
|
|
||||||
--
|
|
||||||
2.19.2
|
|
||||||
|
|
@ -1,32 +0,0 @@
|
|||||||
From 5ace424b75538b3a5f8b06536c6de38a91d749ff Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <5ace424b75538b3a5f8b06536c6de38a91d749ff@dist-git>
|
|
||||||
From: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
Date: Thu, 10 Jan 2019 12:58:43 -0500
|
|
||||||
Subject: [PATCH] diskbackend: Fix backtrace cloning with block storage (bz
|
|
||||||
#1661986)
|
|
||||||
|
|
||||||
From: Cole Robinson <crobinso@redhat.com>
|
|
||||||
|
|
||||||
https://bugzilla.redhat.com/show_bug.cgi?id=1661986
|
|
||||||
(cherry picked from commit 722886748006b880ff6a99781b2aca0751aafc55)
|
|
||||||
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
---
|
|
||||||
virtinst/diskbackend.py | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/virtinst/diskbackend.py b/virtinst/diskbackend.py
|
|
||||||
index b9340585..3366e88d 100644
|
|
||||||
--- a/virtinst/diskbackend.py
|
|
||||||
+++ b/virtinst/diskbackend.py
|
|
||||||
@@ -530,7 +530,7 @@ class CloneStorageCreator(_StorageCreator):
|
|
||||||
else:
|
|
||||||
vfs = os.statvfs(os.path.dirname(self._path))
|
|
||||||
avail = vfs.f_frsize * vfs.f_bavail
|
|
||||||
- need = int(self._size) * 1024 * 1024 * 1024
|
|
||||||
+ need = int(self._size) * 1024 * 1024 * 1024
|
|
||||||
if need > avail:
|
|
||||||
if self._sparse:
|
|
||||||
msg = _("The filesystem will not have enough free space"
|
|
||||||
--
|
|
||||||
2.20.1
|
|
||||||
|
|
@ -1,180 +0,0 @@
|
|||||||
From 9080810abab3d5679d20b3b8874d2fce2c28d522 Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <9080810abab3d5679d20b3b8874d2fce2c28d522@dist-git>
|
|
||||||
From: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
Date: Wed, 15 May 2019 10:37:48 +0200
|
|
||||||
Subject: [PATCH] domain: cpu: automatically add CPU security features for
|
|
||||||
"custom" mode
|
|
||||||
|
|
||||||
If user selects specific CPU model to be configured for guest we will
|
|
||||||
automatically add CPU security features to make sure that the guest is
|
|
||||||
not vulnerable to these CPU HW bugs.
|
|
||||||
|
|
||||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1582667
|
|
||||||
|
|
||||||
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
Reviewed-by: Cole Robinson <crobinso@redhat.com>
|
|
||||||
(cherry picked from commit fb5136a6a9457894ff1e24a1f9d5f0af0a8e8bd1)
|
|
||||||
|
|
||||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
|
|
||||||
|
|
||||||
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
---
|
|
||||||
.../compare/virt-install-qemu-plain.xml | 2 ++
|
|
||||||
.../virt-install-singleton-config-2.xml | 4 ++++
|
|
||||||
tests/xmlparse.py | 6 +++---
|
|
||||||
virtManager/domain.py | 2 +-
|
|
||||||
virtinst/cli.py | 2 +-
|
|
||||||
virtinst/domain/cpu.py | 20 +++++++++++++++----
|
|
||||||
6 files changed, 27 insertions(+), 9 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/tests/cli-test-xml/compare/virt-install-qemu-plain.xml b/tests/cli-test-xml/compare/virt-install-qemu-plain.xml
|
|
||||||
index d00e0cf4..eb1542c3 100644
|
|
||||||
--- a/tests/cli-test-xml/compare/virt-install-qemu-plain.xml
|
|
||||||
+++ b/tests/cli-test-xml/compare/virt-install-qemu-plain.xml
|
|
||||||
@@ -20,6 +20,8 @@
|
|
||||||
</features>
|
|
||||||
<cpu mode="custom" match="exact">
|
|
||||||
<model>Penryn</model>
|
|
||||||
+ <feature policy="require" name="pcid"/>
|
|
||||||
+ <feature policy="require" name="pdpe1gb"/>
|
|
||||||
</cpu>
|
|
||||||
<clock offset="utc">
|
|
||||||
<timer name="rtc" tickpolicy="catchup"/>
|
|
||||||
diff --git a/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml b/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml
|
|
||||||
index 621639e1..0861f62a 100644
|
|
||||||
--- a/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml
|
|
||||||
+++ b/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml
|
|
||||||
@@ -93,6 +93,8 @@
|
|
||||||
<model>foobar</model>
|
|
||||||
<vendor>meee</vendor>
|
|
||||||
<topology sockets="2" cores="2" threads="2"/>
|
|
||||||
+ <feature policy="require" name="pcid"/>
|
|
||||||
+ <feature policy="require" name="pdpe1gb"/>
|
|
||||||
<feature policy="force" name="x2apic"/>
|
|
||||||
<feature policy="force" name="x2apicagain"/>
|
|
||||||
<feature policy="require" name="reqtest"/>
|
|
||||||
@@ -282,6 +284,8 @@
|
|
||||||
<model>foobar</model>
|
|
||||||
<vendor>meee</vendor>
|
|
||||||
<topology sockets="2" cores="2" threads="2"/>
|
|
||||||
+ <feature policy="require" name="pcid"/>
|
|
||||||
+ <feature policy="require" name="pdpe1gb"/>
|
|
||||||
<feature policy="force" name="x2apic"/>
|
|
||||||
<feature policy="force" name="x2apicagain"/>
|
|
||||||
<feature policy="require" name="reqtest"/>
|
|
||||||
diff --git a/tests/xmlparse.py b/tests/xmlparse.py
|
|
||||||
index 61552720..c9828fc8 100644
|
|
||||||
--- a/tests/xmlparse.py
|
|
||||||
+++ b/tests/xmlparse.py
|
|
||||||
@@ -176,7 +176,7 @@ class XMLParseTest(unittest.TestCase):
|
|
||||||
|
|
||||||
check = self._make_checker(guest.cpu)
|
|
||||||
check("match", "exact", "strict")
|
|
||||||
- guest.cpu.set_model("qemu64")
|
|
||||||
+ guest.cpu.set_model(guest, "qemu64")
|
|
||||||
check("model", "qemu64")
|
|
||||||
check("vendor", "Intel", "qemuvendor")
|
|
||||||
check("threads", 2, 1)
|
|
||||||
@@ -269,7 +269,7 @@ class XMLParseTest(unittest.TestCase):
|
|
||||||
|
|
||||||
check = self._make_checker(guest.cpu)
|
|
||||||
check("model", None)
|
|
||||||
- guest.cpu.set_model("foobar")
|
|
||||||
+ guest.cpu.set_model(guest, "foobar")
|
|
||||||
check("model", "foobar")
|
|
||||||
check("model_fallback", None, "allow")
|
|
||||||
check("cores", None, 4)
|
|
||||||
@@ -335,7 +335,7 @@ class XMLParseTest(unittest.TestCase):
|
|
||||||
check = self._make_checker(guest.cpu)
|
|
||||||
check("mode", "host-passthrough", "custom")
|
|
||||||
check("mode", "custom", "host-model")
|
|
||||||
- guest.cpu.set_model("qemu64")
|
|
||||||
+ guest.cpu.set_model(guest, "qemu64")
|
|
||||||
check("model", "qemu64")
|
|
||||||
|
|
||||||
self._alter_compare(guest.get_xml(), outfile)
|
|
||||||
diff --git a/virtManager/domain.py b/virtManager/domain.py
|
|
||||||
index 96469969..5b3f1e44 100644
|
|
||||||
--- a/virtManager/domain.py
|
|
||||||
+++ b/virtManager/domain.py
|
|
||||||
@@ -513,7 +513,7 @@ class vmmDomain(vmmLibvirtObject):
|
|
||||||
if model in guest.cpu.SPECIAL_MODES:
|
|
||||||
guest.cpu.set_special_mode(guest, model)
|
|
||||||
else:
|
|
||||||
- guest.cpu.set_model(model)
|
|
||||||
+ guest.cpu.set_model(guest, model)
|
|
||||||
self._redefine_xmlobj(guest)
|
|
||||||
|
|
||||||
def define_memory(self, memory=_SENTINEL, maxmem=_SENTINEL):
|
|
||||||
diff --git a/virtinst/cli.py b/virtinst/cli.py
|
|
||||||
index e384b03a..b10c22aa 100644
|
|
||||||
--- a/virtinst/cli.py
|
|
||||||
+++ b/virtinst/cli.py
|
|
||||||
@@ -1442,7 +1442,7 @@ class ParserCPU(VirtCLIParser):
|
|
||||||
if val in inst.SPECIAL_MODES:
|
|
||||||
inst.set_special_mode(self.guest, val)
|
|
||||||
else:
|
|
||||||
- inst.set_model(val)
|
|
||||||
+ inst.set_model(self.guest, val)
|
|
||||||
|
|
||||||
def set_feature_cb(self, inst, val, virtarg):
|
|
||||||
policy = virtarg.cliname
|
|
||||||
diff --git a/virtinst/domain/cpu.py b/virtinst/domain/cpu.py
|
|
||||||
index 0673324c..e3992cf4 100644
|
|
||||||
--- a/virtinst/domain/cpu.py
|
|
||||||
+++ b/virtinst/domain/cpu.py
|
|
||||||
@@ -103,19 +103,31 @@ class DomainCpu(XMLBuilder):
|
|
||||||
elif val == self.SPECIAL_MODE_HOST_MODEL_ONLY:
|
|
||||||
if self.conn.caps.host.cpu.model:
|
|
||||||
self.clear()
|
|
||||||
- self.set_model(self.conn.caps.host.cpu.model)
|
|
||||||
+ self.set_model(guest, self.conn.caps.host.cpu.model)
|
|
||||||
else:
|
|
||||||
raise RuntimeError("programming error: unknown "
|
|
||||||
"special cpu mode '%s'" % val)
|
|
||||||
|
|
||||||
self.special_mode_was_set = True
|
|
||||||
|
|
||||||
- def set_model(self, val):
|
|
||||||
+ def _add_security_features(self, guest):
|
|
||||||
+ domcaps = guest.lookup_domcaps()
|
|
||||||
+ for feature in domcaps.get_cpu_security_features():
|
|
||||||
+ exists = False
|
|
||||||
+ for f in self.features:
|
|
||||||
+ if f.name == feature:
|
|
||||||
+ exists = True
|
|
||||||
+ break
|
|
||||||
+ if not exists:
|
|
||||||
+ self.add_feature(feature)
|
|
||||||
+
|
|
||||||
+ def set_model(self, guest, val):
|
|
||||||
logging.debug("setting cpu model %s", val)
|
|
||||||
if val:
|
|
||||||
self.mode = "custom"
|
|
||||||
if not self.match:
|
|
||||||
self.match = "exact"
|
|
||||||
+ self._add_security_features(guest)
|
|
||||||
self.model = val
|
|
||||||
|
|
||||||
def add_feature(self, name, policy="require"):
|
|
||||||
@@ -147,7 +159,7 @@ class DomainCpu(XMLBuilder):
|
|
||||||
|
|
||||||
self.mode = "custom"
|
|
||||||
self.match = "exact"
|
|
||||||
- self.set_model(model)
|
|
||||||
+ self.set_model(guest, model)
|
|
||||||
if fallback:
|
|
||||||
self.model_fallback = fallback
|
|
||||||
self.vendor = cpu.vendor
|
|
||||||
@@ -271,7 +283,7 @@ class DomainCpu(XMLBuilder):
|
|
||||||
|
|
||||||
elif guest.os.is_arm64() and guest.os.is_arm_machvirt():
|
|
||||||
# -M virt defaults to a 32bit CPU, even if using aarch64
|
|
||||||
- self.set_model("cortex-a57")
|
|
||||||
+ self.set_model(guest, "cortex-a57")
|
|
||||||
|
|
||||||
elif guest.os.is_x86() and guest.type == "kvm":
|
|
||||||
self._set_cpu_x86_kvm_default(guest)
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,161 +0,0 @@
|
|||||||
From 220390ebd48b33d1d1fae747dc41f1aedd7646e0 Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <220390ebd48b33d1d1fae747dc41f1aedd7646e0@dist-git>
|
|
||||||
From: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
Date: Wed, 15 May 2019 10:37:47 +0200
|
|
||||||
Subject: [PATCH] domain: cpu: introduce set_model function
|
|
||||||
|
|
||||||
We will need to pass another variable into the setter so we cannot use
|
|
||||||
the property setter.
|
|
||||||
|
|
||||||
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
Reviewed-by: Cole Robinson <crobinso@redhat.com>
|
|
||||||
(cherry picked from commit 6423f653fd2d895d5addf37a6d504dbc9a4a0d6f)
|
|
||||||
|
|
||||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
|
|
||||||
|
|
||||||
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
---
|
|
||||||
tests/xmlparse.py | 11 +++++++----
|
|
||||||
virtManager/domain.py | 2 +-
|
|
||||||
virtinst/cli.py | 2 +-
|
|
||||||
virtinst/domain/cpu.py | 28 +++++++++++++---------------
|
|
||||||
4 files changed, 22 insertions(+), 21 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/tests/xmlparse.py b/tests/xmlparse.py
|
|
||||||
index 709bc48f..61552720 100644
|
|
||||||
--- a/tests/xmlparse.py
|
|
||||||
+++ b/tests/xmlparse.py
|
|
||||||
@@ -176,7 +176,8 @@ class XMLParseTest(unittest.TestCase):
|
|
||||||
|
|
||||||
check = self._make_checker(guest.cpu)
|
|
||||||
check("match", "exact", "strict")
|
|
||||||
- check("model", "footest", "qemu64")
|
|
||||||
+ guest.cpu.set_model("qemu64")
|
|
||||||
+ check("model", "qemu64")
|
|
||||||
check("vendor", "Intel", "qemuvendor")
|
|
||||||
check("threads", 2, 1)
|
|
||||||
check("cores", 5, 3)
|
|
||||||
@@ -267,7 +268,9 @@ class XMLParseTest(unittest.TestCase):
|
|
||||||
guest.seclabels[0].get_xml().startswith("<seclabel"))
|
|
||||||
|
|
||||||
check = self._make_checker(guest.cpu)
|
|
||||||
- check("model", None, "foobar")
|
|
||||||
+ check("model", None)
|
|
||||||
+ guest.cpu.set_model("foobar")
|
|
||||||
+ check("model", "foobar")
|
|
||||||
check("model_fallback", None, "allow")
|
|
||||||
check("cores", None, 4)
|
|
||||||
guest.cpu.add_feature("x2apic", "forbid")
|
|
||||||
@@ -332,8 +335,8 @@ class XMLParseTest(unittest.TestCase):
|
|
||||||
check = self._make_checker(guest.cpu)
|
|
||||||
check("mode", "host-passthrough", "custom")
|
|
||||||
check("mode", "custom", "host-model")
|
|
||||||
- # mode will be "custom"
|
|
||||||
- check("model", None, "qemu64")
|
|
||||||
+ guest.cpu.set_model("qemu64")
|
|
||||||
+ check("model", "qemu64")
|
|
||||||
|
|
||||||
self._alter_compare(guest.get_xml(), outfile)
|
|
||||||
|
|
||||||
diff --git a/virtManager/domain.py b/virtManager/domain.py
|
|
||||||
index 4fcc716e..96469969 100644
|
|
||||||
--- a/virtManager/domain.py
|
|
||||||
+++ b/virtManager/domain.py
|
|
||||||
@@ -513,7 +513,7 @@ class vmmDomain(vmmLibvirtObject):
|
|
||||||
if model in guest.cpu.SPECIAL_MODES:
|
|
||||||
guest.cpu.set_special_mode(guest, model)
|
|
||||||
else:
|
|
||||||
- guest.cpu.model = model
|
|
||||||
+ guest.cpu.set_model(model)
|
|
||||||
self._redefine_xmlobj(guest)
|
|
||||||
|
|
||||||
def define_memory(self, memory=_SENTINEL, maxmem=_SENTINEL):
|
|
||||||
diff --git a/virtinst/cli.py b/virtinst/cli.py
|
|
||||||
index 63acb642..e384b03a 100644
|
|
||||||
--- a/virtinst/cli.py
|
|
||||||
+++ b/virtinst/cli.py
|
|
||||||
@@ -1442,7 +1442,7 @@ class ParserCPU(VirtCLIParser):
|
|
||||||
if val in inst.SPECIAL_MODES:
|
|
||||||
inst.set_special_mode(self.guest, val)
|
|
||||||
else:
|
|
||||||
- inst.model = val
|
|
||||||
+ inst.set_model(val)
|
|
||||||
|
|
||||||
def set_feature_cb(self, inst, val, virtarg):
|
|
||||||
policy = virtarg.cliname
|
|
||||||
diff --git a/virtinst/domain/cpu.py b/virtinst/domain/cpu.py
|
|
||||||
index d66704c1..0673324c 100644
|
|
||||||
--- a/virtinst/domain/cpu.py
|
|
||||||
+++ b/virtinst/domain/cpu.py
|
|
||||||
@@ -62,7 +62,7 @@ class DomainCpu(XMLBuilder):
|
|
||||||
Class for generating <cpu> XML
|
|
||||||
"""
|
|
||||||
XML_NAME = "cpu"
|
|
||||||
- _XML_PROP_ORDER = ["mode", "match", "_model", "vendor",
|
|
||||||
+ _XML_PROP_ORDER = ["mode", "match", "model", "vendor",
|
|
||||||
"sockets", "cores", "threads", "features"]
|
|
||||||
|
|
||||||
special_mode_was_set = False
|
|
||||||
@@ -103,13 +103,21 @@ class DomainCpu(XMLBuilder):
|
|
||||||
elif val == self.SPECIAL_MODE_HOST_MODEL_ONLY:
|
|
||||||
if self.conn.caps.host.cpu.model:
|
|
||||||
self.clear()
|
|
||||||
- self.model = self.conn.caps.host.cpu.model
|
|
||||||
+ self.set_model(self.conn.caps.host.cpu.model)
|
|
||||||
else:
|
|
||||||
raise RuntimeError("programming error: unknown "
|
|
||||||
"special cpu mode '%s'" % val)
|
|
||||||
|
|
||||||
self.special_mode_was_set = True
|
|
||||||
|
|
||||||
+ def set_model(self, val):
|
|
||||||
+ logging.debug("setting cpu model %s", val)
|
|
||||||
+ if val:
|
|
||||||
+ self.mode = "custom"
|
|
||||||
+ if not self.match:
|
|
||||||
+ self.match = "exact"
|
|
||||||
+ self.model = val
|
|
||||||
+
|
|
||||||
def add_feature(self, name, policy="require"):
|
|
||||||
feature = self.features.add_new()
|
|
||||||
feature.name = name
|
|
||||||
@@ -139,7 +147,7 @@ class DomainCpu(XMLBuilder):
|
|
||||||
|
|
||||||
self.mode = "custom"
|
|
||||||
self.match = "exact"
|
|
||||||
- self.model = model
|
|
||||||
+ self.set_model(model)
|
|
||||||
if fallback:
|
|
||||||
self.model_fallback = fallback
|
|
||||||
self.vendor = cpu.vendor
|
|
||||||
@@ -201,17 +209,7 @@ class DomainCpu(XMLBuilder):
|
|
||||||
# XML properties #
|
|
||||||
##################
|
|
||||||
|
|
||||||
- def _set_model(self, val):
|
|
||||||
- if val:
|
|
||||||
- self.mode = "custom"
|
|
||||||
- if not self.match:
|
|
||||||
- self.match = "exact"
|
|
||||||
- self._model = val
|
|
||||||
- def _get_model(self):
|
|
||||||
- return self._model
|
|
||||||
- _model = XMLProperty("./model")
|
|
||||||
- model = property(_get_model, _set_model)
|
|
||||||
-
|
|
||||||
+ model = XMLProperty("./model")
|
|
||||||
model_fallback = XMLProperty("./model/@fallback")
|
|
||||||
|
|
||||||
match = XMLProperty("./@match")
|
|
||||||
@@ -273,7 +271,7 @@ class DomainCpu(XMLBuilder):
|
|
||||||
|
|
||||||
elif guest.os.is_arm64() and guest.os.is_arm_machvirt():
|
|
||||||
# -M virt defaults to a 32bit CPU, even if using aarch64
|
|
||||||
- self.model = "cortex-a57"
|
|
||||||
+ self.set_model("cortex-a57")
|
|
||||||
|
|
||||||
elif guest.os.is_x86() and guest.type == "kvm":
|
|
||||||
self._set_cpu_x86_kvm_default(guest)
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,64 +0,0 @@
|
|||||||
From 0424ece6003d2a06f41f4277bb258d6f753c70c6 Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <0424ece6003d2a06f41f4277bb258d6f753c70c6@dist-git>
|
|
||||||
From: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
Date: Wed, 15 May 2019 10:37:52 +0200
|
|
||||||
Subject: [PATCH] domcapabilities: add caching of CPU security features
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
We will call this function multiple times so it makes sense to cache the
|
|
||||||
result so we don't have to call libvirt APIs every time we will check
|
|
||||||
what security features are available on the host.
|
|
||||||
|
|
||||||
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
||||||
(cherry picked from commit 00f8dea370ae0874dc655d3718978a6a8e397a34)
|
|
||||||
|
|
||||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
|
|
||||||
|
|
||||||
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
---
|
|
||||||
virtinst/domcapabilities.py | 11 ++++++++---
|
|
||||||
1 file changed, 8 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/virtinst/domcapabilities.py b/virtinst/domcapabilities.py
|
|
||||||
index 2905aa9e..6636addf 100644
|
|
||||||
--- a/virtinst/domcapabilities.py
|
|
||||||
+++ b/virtinst/domcapabilities.py
|
|
||||||
@@ -260,6 +260,8 @@ class DomainCapabilities(XMLBuilder):
|
|
||||||
|
|
||||||
return DomainCpu(self.conn, expandedXML)
|
|
||||||
|
|
||||||
+ _features = None
|
|
||||||
+
|
|
||||||
def get_cpu_security_features(self):
|
|
||||||
sec_features = [
|
|
||||||
'spec-ctrl',
|
|
||||||
@@ -267,7 +269,10 @@ class DomainCapabilities(XMLBuilder):
|
|
||||||
'ibpb',
|
|
||||||
'virt-ssbd']
|
|
||||||
|
|
||||||
- features = []
|
|
||||||
+ if self._features:
|
|
||||||
+ return self._features
|
|
||||||
+
|
|
||||||
+ self._features = []
|
|
||||||
|
|
||||||
for m in self.cpu.modes:
|
|
||||||
if m.name != "host-model" or not m.supported:
|
|
||||||
@@ -281,9 +286,9 @@ class DomainCapabilities(XMLBuilder):
|
|
||||||
|
|
||||||
for feature in cpu.features:
|
|
||||||
if feature.name in sec_features:
|
|
||||||
- features.append(feature.name)
|
|
||||||
+ self._features.append(feature.name)
|
|
||||||
|
|
||||||
- return features
|
|
||||||
+ return self._features
|
|
||||||
|
|
||||||
|
|
||||||
XML_NAME = "domainCapabilities"
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,61 +0,0 @@
|
|||||||
From 961ffb1709e7af8c394093aca94f64b4c5ffda36 Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <961ffb1709e7af8c394093aca94f64b4c5ffda36@dist-git>
|
|
||||||
From: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
Date: Wed, 15 May 2019 10:37:56 +0200
|
|
||||||
Subject: [PATCH] domcapabilities: detect MDS new vulnerability
|
|
||||||
|
|
||||||
There is a new security feature 'md-clear' that mitigates recent CPU
|
|
||||||
Microarchitectural Store Buffer Data vulnerability.
|
|
||||||
|
|
||||||
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
(cherry picked from commit c11d6ba4d7024eaac83b6e2d6ae88172f4c01e98)
|
|
||||||
|
|
||||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
|
|
||||||
|
|
||||||
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
---
|
|
||||||
man/virt-install.pod | 13 +++++++------
|
|
||||||
virtinst/domcapabilities.py | 3 ++-
|
|
||||||
2 files changed, 9 insertions(+), 7 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/man/virt-install.pod b/man/virt-install.pod
|
|
||||||
index 1cd31fa2..f845ccb3 100644
|
|
||||||
--- a/man/virt-install.pod
|
|
||||||
+++ b/man/virt-install.pod
|
|
||||||
@@ -220,12 +220,13 @@ and 'disable=feature' respectively.
|
|
||||||
|
|
||||||
If exact CPU model is specified virt-install will automatically copy CPU
|
|
||||||
features available on the host to mitigate recent CPU speculative execution
|
|
||||||
-side channel security vulnerabilities. This however will have some impact
|
|
||||||
-on performance and will break migration to hosts without security patches.
|
|
||||||
-In order to control this behavior there is a B<secure> parameter. Possible
|
|
||||||
-values are I<on> and I<off>, with I<on> as the default. It is highly
|
|
||||||
-recommended to leave this enabled and ensure all virtualization hosts have
|
|
||||||
-fully up to date microcode, kernel & virtualization software installed.
|
|
||||||
+side channel and Microarchitectural Store Buffer Data security vulnerabilities.
|
|
||||||
+This however will have some impact on performance and will break migration
|
|
||||||
+to hosts without security patches. In order to control this behavior there
|
|
||||||
+is a B<secure> parameter. Possible values are I<on> and I<off>, with I<on>
|
|
||||||
+as the default. It is highly recommended to leave this enabled and ensure all
|
|
||||||
+virtualization hosts have fully up to date microcode, kernel & virtualization
|
|
||||||
+software installed.
|
|
||||||
|
|
||||||
Some examples:
|
|
||||||
|
|
||||||
diff --git a/virtinst/domcapabilities.py b/virtinst/domcapabilities.py
|
|
||||||
index 6636addf..74e5c842 100644
|
|
||||||
--- a/virtinst/domcapabilities.py
|
|
||||||
+++ b/virtinst/domcapabilities.py
|
|
||||||
@@ -267,7 +267,8 @@ class DomainCapabilities(XMLBuilder):
|
|
||||||
'spec-ctrl',
|
|
||||||
'ssbd',
|
|
||||||
'ibpb',
|
|
||||||
- 'virt-ssbd']
|
|
||||||
+ 'virt-ssbd',
|
|
||||||
+ 'md-clear']
|
|
||||||
|
|
||||||
if self._features:
|
|
||||||
return self._features
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,45 +0,0 @@
|
|||||||
From 7c3db309efe09e0bdf8834842525c5aa91a80387 Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <7c3db309efe09e0bdf8834842525c5aa91a80387@dist-git>
|
|
||||||
From: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
Date: Wed, 15 May 2019 10:37:50 +0200
|
|
||||||
Subject: [PATCH] domcapabilities: fix typo in function name
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
||||||
(cherry picked from commit b711b28b1af6998f57d5610139439518545663f0)
|
|
||||||
|
|
||||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
|
|
||||||
|
|
||||||
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
---
|
|
||||||
virtinst/domcapabilities.py | 4 ++--
|
|
||||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/virtinst/domcapabilities.py b/virtinst/domcapabilities.py
|
|
||||||
index 42a18f1e..2905aa9e 100644
|
|
||||||
--- a/virtinst/domcapabilities.py
|
|
||||||
+++ b/virtinst/domcapabilities.py
|
|
||||||
@@ -244,7 +244,7 @@ class DomainCapabilities(XMLBuilder):
|
|
||||||
arch.text = self.arch
|
|
||||||
return ET.tostring(root, encoding="unicode")
|
|
||||||
|
|
||||||
- def _get_expandned_cpu(self, mode):
|
|
||||||
+ def _get_expanded_cpu(self, mode):
|
|
||||||
cpuXML = self._convert_mode_to_cpu(mode.get_xml())
|
|
||||||
logging.debug("CPU XML for security flag baseline: %s", cpuXML)
|
|
||||||
|
|
||||||
@@ -274,7 +274,7 @@ class DomainCapabilities(XMLBuilder):
|
|
||||||
continue
|
|
||||||
|
|
||||||
try:
|
|
||||||
- cpu = self._get_expandned_cpu(m)
|
|
||||||
+ cpu = self._get_expanded_cpu(m)
|
|
||||||
except libvirt.libvirtError as e:
|
|
||||||
logging.warning(_("Failed to get expanded CPU XML: %s"), e)
|
|
||||||
break
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,108 +0,0 @@
|
|||||||
From 6088fe594a3a5d383e345029473e2dd933dc8220 Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <6088fe594a3a5d383e345029473e2dd933dc8220@dist-git>
|
|
||||||
From: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
Date: Wed, 15 May 2019 10:37:46 +0200
|
|
||||||
Subject: [PATCH] domcapabilities: introduce get_cpu_security_features
|
|
||||||
|
|
||||||
Get all CPU security features that we should enable for guests.
|
|
||||||
|
|
||||||
In order to do that we need to get CPU definition from domain
|
|
||||||
capabilities and modify the XML so it is in required format for
|
|
||||||
libvirt CPU baseline APIs. We will prefer the baselineHypervisorCPU
|
|
||||||
API because that considers what QEMU actually supports and we will
|
|
||||||
fallback to baselineCPU API if the better one is not supported by
|
|
||||||
libvirt.
|
|
||||||
|
|
||||||
This way we can figure out which of the security features are actually
|
|
||||||
available on that specific host for that specific QEMU binary.
|
|
||||||
|
|
||||||
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
Reviewed-by: Cole Robinson <crobinso@redhat.com>
|
|
||||||
(cherry picked from commit 4a8b6363c0891e37d9532213a046c5c57aedfd8b)
|
|
||||||
|
|
||||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
|
|
||||||
|
|
||||||
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
---
|
|
||||||
virtinst/domcapabilities.py | 57 +++++++++++++++++++++++++++++++++++++
|
|
||||||
1 file changed, 57 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/virtinst/domcapabilities.py b/virtinst/domcapabilities.py
|
|
||||||
index 4cbb7f20..28ed8630 100644
|
|
||||||
--- a/virtinst/domcapabilities.py
|
|
||||||
+++ b/virtinst/domcapabilities.py
|
|
||||||
@@ -8,7 +8,11 @@
|
|
||||||
|
|
||||||
import logging
|
|
||||||
import re
|
|
||||||
+import xml.etree.ElementTree as ET
|
|
||||||
|
|
||||||
+import libvirt
|
|
||||||
+
|
|
||||||
+from .domain import DomainCpu
|
|
||||||
from .xmlbuilder import XMLBuilder, XMLChildProperty, XMLProperty
|
|
||||||
|
|
||||||
|
|
||||||
@@ -232,6 +236,59 @@ class DomainCapabilities(XMLBuilder):
|
|
||||||
return [(m.name == "host-model" and m.supported)
|
|
||||||
for m in self.cpu.modes]
|
|
||||||
|
|
||||||
+ def _convert_mode_to_cpu(self, xml):
|
|
||||||
+ root = ET.fromstring(xml)
|
|
||||||
+ root.tag = "cpu"
|
|
||||||
+ root.attrib = None
|
|
||||||
+ arch = ET.SubElement(root, "arch")
|
|
||||||
+ arch.text = self.arch
|
|
||||||
+ return ET.tostring(root, encoding="unicode")
|
|
||||||
+
|
|
||||||
+ def _get_expandned_cpu(self, mode):
|
|
||||||
+ cpuXML = self._convert_mode_to_cpu(mode.get_xml())
|
|
||||||
+ logging.debug("CPU XML for security flag baseline: %s", cpuXML)
|
|
||||||
+
|
|
||||||
+ try:
|
|
||||||
+ expandedXML = self.conn.baselineHypervisorCPU(
|
|
||||||
+ self.path, self.arch, self.machine, self.domain, [cpuXML],
|
|
||||||
+ libvirt.VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES)
|
|
||||||
+ except libvirt.libvirtError:
|
|
||||||
+ expandedXML = self.conn.baselineCPU([cpuXML],
|
|
||||||
+ libvirt.VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES)
|
|
||||||
+
|
|
||||||
+ logging.debug("Expanded CPU XML: %s", expandedXML)
|
|
||||||
+
|
|
||||||
+ return DomainCpu(self.conn, expandedXML)
|
|
||||||
+
|
|
||||||
+ def get_cpu_security_features(self):
|
|
||||||
+ sec_features = [
|
|
||||||
+ 'pcid',
|
|
||||||
+ 'spec-ctrl',
|
|
||||||
+ 'ssbd',
|
|
||||||
+ 'pdpe1gb',
|
|
||||||
+ 'ibpb',
|
|
||||||
+ 'virt-ssbd',
|
|
||||||
+ 'amd-ssbd',
|
|
||||||
+ 'amd-no-ssb']
|
|
||||||
+
|
|
||||||
+ features = []
|
|
||||||
+
|
|
||||||
+ for m in self.cpu.modes:
|
|
||||||
+ if m.name != "host-model" or not m.supported:
|
|
||||||
+ continue
|
|
||||||
+
|
|
||||||
+ try:
|
|
||||||
+ cpu = self._get_expandned_cpu(m)
|
|
||||||
+ except libvirt.libvirtError as e:
|
|
||||||
+ logging.warning(_("Failed to get expanded CPU XML: %s"), e)
|
|
||||||
+ break
|
|
||||||
+
|
|
||||||
+ for feature in cpu.features:
|
|
||||||
+ if feature.name in sec_features:
|
|
||||||
+ features.append(feature.name)
|
|
||||||
+
|
|
||||||
+ return features
|
|
||||||
+
|
|
||||||
|
|
||||||
XML_NAME = "domainCapabilities"
|
|
||||||
os = XMLChildProperty(_OS, is_single=True)
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,99 +0,0 @@
|
|||||||
From 1e605c106819be56f16e6e057015d7a42600c0ba Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <1e605c106819be56f16e6e057015d7a42600c0ba@dist-git>
|
|
||||||
From: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
Date: Wed, 15 May 2019 10:37:49 +0200
|
|
||||||
Subject: [PATCH] domcapabilities: remove recommended CPU features from
|
|
||||||
security features
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
These features are only recommended to be enabled since they improve
|
|
||||||
performance of the VMs if security features are enabled.
|
|
||||||
|
|
||||||
pcid is a very useful perf feature, but missing in some silicon
|
|
||||||
so not portable.
|
|
||||||
|
|
||||||
pdpe1gb lets the guest use 1 GB pages which is good for perf
|
|
||||||
but again not all silicon can do it.
|
|
||||||
|
|
||||||
amd-ssbd is a security feature which fixes the same SSBD flaws as the
|
|
||||||
virt-ssbd feature does. virt-ssbd is usable across all CPU models
|
|
||||||
affected by SSBD, while amd-ssbd is only available in very new silicon.
|
|
||||||
So virt-ssbd is the bette rchoice.
|
|
||||||
|
|
||||||
amd-no-ssb just indicates that the CPU is not affected by SSBD, so not
|
|
||||||
critical to expose. I expect a future named CPU model will include that
|
|
||||||
where appropriate.
|
|
||||||
|
|
||||||
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
||||||
(cherry picked from commit 29f815fbd23082dff79d2d716e32a644b5a15d4a)
|
|
||||||
|
|
||||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
|
|
||||||
|
|
||||||
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
---
|
|
||||||
tests/cli-test-xml/compare/virt-install-qemu-plain.xml | 2 --
|
|
||||||
.../compare/virt-install-singleton-config-2.xml | 4 ----
|
|
||||||
virtinst/domcapabilities.py | 6 +-----
|
|
||||||
3 files changed, 1 insertion(+), 11 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/tests/cli-test-xml/compare/virt-install-qemu-plain.xml b/tests/cli-test-xml/compare/virt-install-qemu-plain.xml
|
|
||||||
index eb1542c3..d00e0cf4 100644
|
|
||||||
--- a/tests/cli-test-xml/compare/virt-install-qemu-plain.xml
|
|
||||||
+++ b/tests/cli-test-xml/compare/virt-install-qemu-plain.xml
|
|
||||||
@@ -20,8 +20,6 @@
|
|
||||||
</features>
|
|
||||||
<cpu mode="custom" match="exact">
|
|
||||||
<model>Penryn</model>
|
|
||||||
- <feature policy="require" name="pcid"/>
|
|
||||||
- <feature policy="require" name="pdpe1gb"/>
|
|
||||||
</cpu>
|
|
||||||
<clock offset="utc">
|
|
||||||
<timer name="rtc" tickpolicy="catchup"/>
|
|
||||||
diff --git a/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml b/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml
|
|
||||||
index 0861f62a..621639e1 100644
|
|
||||||
--- a/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml
|
|
||||||
+++ b/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml
|
|
||||||
@@ -93,8 +93,6 @@
|
|
||||||
<model>foobar</model>
|
|
||||||
<vendor>meee</vendor>
|
|
||||||
<topology sockets="2" cores="2" threads="2"/>
|
|
||||||
- <feature policy="require" name="pcid"/>
|
|
||||||
- <feature policy="require" name="pdpe1gb"/>
|
|
||||||
<feature policy="force" name="x2apic"/>
|
|
||||||
<feature policy="force" name="x2apicagain"/>
|
|
||||||
<feature policy="require" name="reqtest"/>
|
|
||||||
@@ -284,8 +282,6 @@
|
|
||||||
<model>foobar</model>
|
|
||||||
<vendor>meee</vendor>
|
|
||||||
<topology sockets="2" cores="2" threads="2"/>
|
|
||||||
- <feature policy="require" name="pcid"/>
|
|
||||||
- <feature policy="require" name="pdpe1gb"/>
|
|
||||||
<feature policy="force" name="x2apic"/>
|
|
||||||
<feature policy="force" name="x2apicagain"/>
|
|
||||||
<feature policy="require" name="reqtest"/>
|
|
||||||
diff --git a/virtinst/domcapabilities.py b/virtinst/domcapabilities.py
|
|
||||||
index 28ed8630..42a18f1e 100644
|
|
||||||
--- a/virtinst/domcapabilities.py
|
|
||||||
+++ b/virtinst/domcapabilities.py
|
|
||||||
@@ -262,14 +262,10 @@ class DomainCapabilities(XMLBuilder):
|
|
||||||
|
|
||||||
def get_cpu_security_features(self):
|
|
||||||
sec_features = [
|
|
||||||
- 'pcid',
|
|
||||||
'spec-ctrl',
|
|
||||||
'ssbd',
|
|
||||||
- 'pdpe1gb',
|
|
||||||
'ibpb',
|
|
||||||
- 'virt-ssbd',
|
|
||||||
- 'amd-ssbd',
|
|
||||||
- 'amd-no-ssb']
|
|
||||||
+ 'virt-ssbd']
|
|
||||||
|
|
||||||
features = []
|
|
||||||
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -0,0 +1,35 @@
|
|||||||
|
From 31d04f52cf61d0cc87291515d7a92d2db93b86e2 Mon Sep 17 00:00:00 2001
|
||||||
|
Message-Id: <31d04f52cf61d0cc87291515d7a92d2db93b86e2@dist-git>
|
||||||
|
From: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
Date: Mon, 8 Jul 2019 10:44:43 +0200
|
||||||
|
Subject: [PATCH] guest: fix warning message when machine type is changed for
|
||||||
|
secure boot
|
||||||
|
|
||||||
|
Introduced by commit <3586d1897>.
|
||||||
|
|
||||||
|
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1727811
|
||||||
|
|
||||||
|
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
(cherry picked from commit 3c6e85375d0cd87dcf8ac70b41db0d899851338e)
|
||||||
|
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
---
|
||||||
|
virtinst/guest.py | 3 ++-
|
||||||
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/virtinst/guest.py b/virtinst/guest.py
|
||||||
|
index ef227d17..41357644 100644
|
||||||
|
--- a/virtinst/guest.py
|
||||||
|
+++ b/virtinst/guest.py
|
||||||
|
@@ -586,7 +586,8 @@ class Guest(XMLBuilder):
|
||||||
|
self.os.loader_secure = True
|
||||||
|
if self.os.machine and "q35" not in self.os.machine:
|
||||||
|
log.warning("Changing machine type from '%s' to 'q35' "
|
||||||
|
- "which is required for UEFI secure boot.")
|
||||||
|
+ "which is required for UEFI secure boot.",
|
||||||
|
+ self.os.machine)
|
||||||
|
self.os.machine = "q35"
|
||||||
|
|
||||||
|
def disable_hyperv_for_uefi(self):
|
||||||
|
--
|
||||||
|
2.21.0
|
||||||
|
|
@ -1,51 +0,0 @@
|
|||||||
From caea48c879b0a5d292c74a4a3721d56350cf5537 Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <caea48c879b0a5d292c74a4a3721d56350cf5537@dist-git>
|
|
||||||
From: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
Date: Wed, 30 Jan 2019 18:28:14 +0100
|
|
||||||
Subject: [PATCH] inspection: fix check of null icon
|
|
||||||
|
|
||||||
From: Pino Toscano <ptoscano@redhat.com>
|
|
||||||
|
|
||||||
Recently the Python binding of libguestfs was adapted to properly use
|
|
||||||
bytes in APIs that return data, instead of (ab)using strings [1].
|
|
||||||
This change was done only when built for Python 3, which has this
|
|
||||||
distinct bytes and strings.
|
|
||||||
|
|
||||||
Because of that, now the 'icon == ""' (empty string) checks fail, using
|
|
||||||
whatever inspect_get_icon() returns, including empty arrays of bytes.
|
|
||||||
Hence, change the checks to use the length of the data as condition, as
|
|
||||||
also the libguestfs Python API documentation says. Leave also the
|
|
||||||
checks for None, in the remote case the API will return None in the
|
|
||||||
future for no data.
|
|
||||||
|
|
||||||
[1] https://github.com/libguestfs/libguestfs/commit/0ee02e0117527b86a31b2a88a14994ce7f15571f
|
|
||||||
|
|
||||||
(cherry picked from commit bce4cc4ef837754de81e1420905159cc2fc3d773)
|
|
||||||
|
|
||||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1671278
|
|
||||||
|
|
||||||
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
---
|
|
||||||
virtManager/inspection.py | 4 ++--
|
|
||||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/virtManager/inspection.py b/virtManager/inspection.py
|
|
||||||
index ea6123b8..fde48474 100644
|
|
||||||
--- a/virtManager/inspection.py
|
|
||||||
+++ b/virtManager/inspection.py
|
|
||||||
@@ -268,10 +268,10 @@ class vmmInspection(vmmGObject):
|
|
||||||
if filesystems_mounted:
|
|
||||||
# string containing PNG data
|
|
||||||
icon = g.inspect_get_icon(root, favicon=0, highquality=1)
|
|
||||||
- if icon == "" or icon is None:
|
|
||||||
+ if icon is None or len(icon) == 0:
|
|
||||||
# no high quality icon, try a low quality one
|
|
||||||
icon = g.inspect_get_icon(root, favicon=0, highquality=0)
|
|
||||||
- if icon == "":
|
|
||||||
+ if icon is None or len(icon) == 0:
|
|
||||||
icon = None
|
|
||||||
|
|
||||||
# Inspection applications.
|
|
||||||
--
|
|
||||||
2.20.1
|
|
||||||
|
|
@ -0,0 +1,49 @@
|
|||||||
|
From 6a5ca07b8dccbd87a5c896336b09ea37bf80a01a Mon Sep 17 00:00:00 2001
|
||||||
|
Message-Id: <6a5ca07b8dccbd87a5c896336b09ea37bf80a01a@dist-git>
|
||||||
|
From: Pavel Hrdina <phrdina@redhat.com>
|
||||||
|
Date: Wed, 14 Aug 2019 09:45:19 +0200
|
||||||
|
Subject: [PATCH] man: virt-install: Fix a couple of launchSecurity related
|
||||||
|
typos
|
||||||
|
|
||||||
|
From: Erik Skultety <eskultet@redhat.com>
|
||||||
|
|
||||||
|
Signed-off-by: Erik Skultety <eskultet@redhat.com>
|
||||||
|
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
|
||||||
|
(cherry picked from commit 3d5a72e18afcfcdbab35429aeb89d55f48304399)
|
||||||
|
|
||||||
|
https://bugzilla.redhat.com/show_bug.cgi?id=1741846
|
||||||
|
Signed-off-by: Erik Skultety <eskultet@redhat.com>
|
||||||
|
---
|
||||||
|
man/virt-install.pod | 6 +++---
|
||||||
|
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/man/virt-install.pod b/man/virt-install.pod
|
||||||
|
index d8bd4127..8660f843 100644
|
||||||
|
--- a/man/virt-install.pod
|
||||||
|
+++ b/man/virt-install.pod
|
||||||
|
@@ -389,11 +389,11 @@ Configure guest power management features. Example:
|
||||||
|
|
||||||
|
Use --pm=? to see a list of all available sub options. Complete details at L<https://libvirt.org/formatdomain.html#elementsPowerManagement>
|
||||||
|
|
||||||
|
-=item B<--launch-security> TYPE[,OPTS]
|
||||||
|
+=item B<--launchSecurity> TYPE[,OPTS]
|
||||||
|
|
||||||
|
Enable launch security for the guest, e.g. AMD SEV.
|
||||||
|
|
||||||
|
-Use --launch-security=? to see a list of all available sub options. Complete
|
||||||
|
+Use --launchSecurity=? to see a list of all available sub options. Complete
|
||||||
|
details at L<https://libvirt.org/formatdomain.html#launchSecurity>. Example
|
||||||
|
invocations:
|
||||||
|
# This will use a default policy 0x03
|
||||||
|
@@ -1867,7 +1867,7 @@ refer to libvirt docs for a detailed explanation.
|
||||||
|
--controller type=scsi,model=virtio-scsi,driver.iommu=on \
|
||||||
|
--controller type=virtio-serial,driver.iommu=on \
|
||||||
|
--network network=default,model=virtio,driver.iommu=on \
|
||||||
|
- --rng driver,iommu=on \
|
||||||
|
+ --rng /dev/random,driver.iommu=on \
|
||||||
|
--memballoon driver.iommu=on \
|
||||||
|
--launchSecurity sev
|
||||||
|
|
||||||
|
--
|
||||||
|
2.21.0
|
||||||
|
|
@ -1,181 +0,0 @@
|
|||||||
From 7af39b00d8ab930fa519a62c0d674f8f77c718b5 Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <7af39b00d8ab930fa519a62c0d674f8f77c718b5@dist-git>
|
|
||||||
From: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
Date: Tue, 13 Nov 2018 16:18:07 +0100
|
|
||||||
Subject: [PATCH] tests: Add some tests for virt-xml with KVM
|
|
||||||
|
|
||||||
From: Andrea Bolognani <abologna@redhat.com>
|
|
||||||
|
|
||||||
We're mostly interested in how the default bus/model for
|
|
||||||
devices are influenced by knowledge about the guest OS, but
|
|
||||||
since the whole thing requires to be connected to the QEMU
|
|
||||||
driver we might as well create a new category and leave room
|
|
||||||
for more QEMU-specific tests being added down the line.
|
|
||||||
|
|
||||||
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
|
|
||||||
(cherry picked from commit b882dbde9cb192afbc9ee8d8f4972922a4b4e616)
|
|
||||||
|
|
||||||
https://bugzilla.redhat.com/show_bug.cgi?id=1649406
|
|
||||||
|
|
||||||
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
|
|
||||||
---
|
|
||||||
.../compare/virt-xml-kvm-add-disk-default.xml | 13 +++++++++++++
|
|
||||||
.../virt-xml-kvm-add-disk-os-from-cmdline.xml | 14 ++++++++++++++
|
|
||||||
.../compare/virt-xml-kvm-add-disk-os-from-xml.xml | 14 ++++++++++++++
|
|
||||||
.../compare/virt-xml-kvm-add-network-default.xml | 13 +++++++++++++
|
|
||||||
.../virt-xml-kvm-add-network-os-from-cmdline.xml | 14 ++++++++++++++
|
|
||||||
.../virt-xml-kvm-add-network-os-from-xml.xml | 14 ++++++++++++++
|
|
||||||
tests/clitest.py | 7 +++++++
|
|
||||||
7 files changed, 89 insertions(+)
|
|
||||||
create mode 100644 tests/cli-test-xml/compare/virt-xml-kvm-add-disk-default.xml
|
|
||||||
create mode 100644 tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-cmdline.xml
|
|
||||||
create mode 100644 tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-xml.xml
|
|
||||||
create mode 100644 tests/cli-test-xml/compare/virt-xml-kvm-add-network-default.xml
|
|
||||||
create mode 100644 tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-cmdline.xml
|
|
||||||
create mode 100644 tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-xml.xml
|
|
||||||
|
|
||||||
diff --git a/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-default.xml b/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-default.xml
|
|
||||||
new file mode 100644
|
|
||||||
index 00000000..4ee0f1cb
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-default.xml
|
|
||||||
@@ -0,0 +1,13 @@
|
|
||||||
+ <on_reboot>restart</on_reboot>
|
|
||||||
+ <on_crash>destroy</on_crash>
|
|
||||||
+ <devices>
|
|
||||||
++ <disk type="file" device="disk">
|
|
||||||
++ <driver name="qemu" type="qcow2"/>
|
|
||||||
++ <source file="/dev/default-pool/testvol1.img"/>
|
|
||||||
++ <target dev="hda" bus="ide"/>
|
|
||||||
++ </disk>
|
|
||||||
+ </devices>
|
|
||||||
+ </domain>
|
|
||||||
+
|
|
||||||
+Domain 'test' defined successfully.
|
|
||||||
+Changes will take effect after the domain is fully powered off.
|
|
||||||
\ No newline at end of file
|
|
||||||
diff --git a/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-cmdline.xml b/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-cmdline.xml
|
|
||||||
new file mode 100644
|
|
||||||
index 00000000..e5e4bd62
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-cmdline.xml
|
|
||||||
@@ -0,0 +1,14 @@
|
|
||||||
+ <panic model="s390"/>
|
|
||||||
+ <panic model="pseries"/>
|
|
||||||
+ <panic model="hyperv"/>
|
|
||||||
++ <disk type="file" device="disk">
|
|
||||||
++ <driver name="qemu" type="qcow2"/>
|
|
||||||
++ <source file="/dev/default-pool/testvol1.img"/>
|
|
||||||
++ <target dev="vdaf" bus="virtio"/>
|
|
||||||
++ </disk>
|
|
||||||
+ </devices>
|
|
||||||
+ <seclabel type="dynamic" model="selinux" relabel="yes"/>
|
|
||||||
+ <seclabel type="static" model="dac" relabel="yes">
|
|
||||||
+
|
|
||||||
+Domain 'test-many-devices' defined successfully.
|
|
||||||
+Changes will take effect after the domain is fully powered off.
|
|
||||||
\ No newline at end of file
|
|
||||||
diff --git a/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-xml.xml b/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-xml.xml
|
|
||||||
new file mode 100644
|
|
||||||
index 00000000..e5e4bd62
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-xml.xml
|
|
||||||
@@ -0,0 +1,14 @@
|
|
||||||
+ <panic model="s390"/>
|
|
||||||
+ <panic model="pseries"/>
|
|
||||||
+ <panic model="hyperv"/>
|
|
||||||
++ <disk type="file" device="disk">
|
|
||||||
++ <driver name="qemu" type="qcow2"/>
|
|
||||||
++ <source file="/dev/default-pool/testvol1.img"/>
|
|
||||||
++ <target dev="vdaf" bus="virtio"/>
|
|
||||||
++ </disk>
|
|
||||||
+ </devices>
|
|
||||||
+ <seclabel type="dynamic" model="selinux" relabel="yes"/>
|
|
||||||
+ <seclabel type="static" model="dac" relabel="yes">
|
|
||||||
+
|
|
||||||
+Domain 'test-many-devices' defined successfully.
|
|
||||||
+Changes will take effect after the domain is fully powered off.
|
|
||||||
\ No newline at end of file
|
|
||||||
diff --git a/tests/cli-test-xml/compare/virt-xml-kvm-add-network-default.xml b/tests/cli-test-xml/compare/virt-xml-kvm-add-network-default.xml
|
|
||||||
new file mode 100644
|
|
||||||
index 00000000..92bf1816
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/tests/cli-test-xml/compare/virt-xml-kvm-add-network-default.xml
|
|
||||||
@@ -0,0 +1,13 @@
|
|
||||||
+ <on_reboot>restart</on_reboot>
|
|
||||||
+ <on_crash>destroy</on_crash>
|
|
||||||
+ <devices>
|
|
||||||
++ <interface type="bridge">
|
|
||||||
++ <source bridge="eth0"/>
|
|
||||||
++ <mac address="00:11:22:33:44:55"/>
|
|
||||||
++ <model type="e1000"/>
|
|
||||||
++ </interface>
|
|
||||||
+ </devices>
|
|
||||||
+ </domain>
|
|
||||||
+
|
|
||||||
+Domain 'test' defined successfully.
|
|
||||||
+Changes will take effect after the domain is fully powered off.
|
|
||||||
\ No newline at end of file
|
|
||||||
diff --git a/tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-cmdline.xml b/tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-cmdline.xml
|
|
||||||
new file mode 100644
|
|
||||||
index 00000000..c834c936
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-cmdline.xml
|
|
||||||
@@ -0,0 +1,14 @@
|
|
||||||
+ <panic model="s390"/>
|
|
||||||
+ <panic model="pseries"/>
|
|
||||||
+ <panic model="hyperv"/>
|
|
||||||
++ <interface type="bridge">
|
|
||||||
++ <source bridge="eth0"/>
|
|
||||||
++ <mac address="00:11:22:33:44:55"/>
|
|
||||||
++ <model type="virtio"/>
|
|
||||||
++ </interface>
|
|
||||||
+ </devices>
|
|
||||||
+ <seclabel type="dynamic" model="selinux" relabel="yes"/>
|
|
||||||
+ <seclabel type="static" model="dac" relabel="yes">
|
|
||||||
+
|
|
||||||
+Domain 'test-many-devices' defined successfully.
|
|
||||||
+Changes will take effect after the domain is fully powered off.
|
|
||||||
\ No newline at end of file
|
|
||||||
diff --git a/tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-xml.xml b/tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-xml.xml
|
|
||||||
new file mode 100644
|
|
||||||
index 00000000..c834c936
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-xml.xml
|
|
||||||
@@ -0,0 +1,14 @@
|
|
||||||
+ <panic model="s390"/>
|
|
||||||
+ <panic model="pseries"/>
|
|
||||||
+ <panic model="hyperv"/>
|
|
||||||
++ <interface type="bridge">
|
|
||||||
++ <source bridge="eth0"/>
|
|
||||||
++ <mac address="00:11:22:33:44:55"/>
|
|
||||||
++ <model type="virtio"/>
|
|
||||||
++ </interface>
|
|
||||||
+ </devices>
|
|
||||||
+ <seclabel type="dynamic" model="selinux" relabel="yes"/>
|
|
||||||
+ <seclabel type="static" model="dac" relabel="yes">
|
|
||||||
+
|
|
||||||
+Domain 'test-many-devices' defined successfully.
|
|
||||||
+Changes will take effect after the domain is fully powered off.
|
|
||||||
\ No newline at end of file
|
|
||||||
diff --git a/tests/clitest.py b/tests/clitest.py
|
|
||||||
index 144eac7a..039938db 100644
|
|
||||||
--- a/tests/clitest.py
|
|
||||||
+++ b/tests/clitest.py
|
|
||||||
@@ -954,6 +954,13 @@ c.add_compare("--remove-device --disk /dev/null", "remove-disk-path")
|
|
||||||
c.add_compare("--remove-device --video all", "remove-video-all", check_version="1.3.3") # check_version=video primary= attribute
|
|
||||||
c.add_compare("--remove-device --host-device 0x04b3:0x4485", "remove-hostdev-name", check_version="1.2.11") # check_version=video ram output change
|
|
||||||
|
|
||||||
+c = vixml.add_category("add/rm devices (KVM)", "--connect %(URI-KVM)s --print-diff --define")
|
|
||||||
+c.add_compare("test --add-device --disk %(EXISTIMG1)s", "kvm-add-disk-default") # Guest OS is not known
|
|
||||||
+c.add_compare("test-many-devices --add-device --disk %(EXISTIMG1)s", "kvm-add-disk-os-from-xml") # Guest OS information taken from the guest XML
|
|
||||||
+c.add_compare("test-many-devices --add-device --disk %(EXISTIMG1)s --os-variant winme", "kvm-add-disk-os-from-cmdline") # Guest OS information provided on the command line
|
|
||||||
+c.add_compare("test --add-device --network default", "kvm-add-network-default") # Guest OS is not known
|
|
||||||
+c.add_compare("test-many-devices --add-device --network default", "kvm-add-network-os-from-xml") # Guest OS information taken from the guest XML
|
|
||||||
+c.add_compare("test-many-devices --add-device --network default --os-variant winme", "kvm-add-network-os-from-cmdline") # Guest OS information provided on the command line
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
--
|
|
||||||
2.19.2
|
|
||||||
|
|
@ -1,102 +0,0 @@
|
|||||||
From c4ce5e02fededc9121c181a7b20ea0e6ebd1c1de Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <c4ce5e02fededc9121c181a7b20ea0e6ebd1c1de@dist-git>
|
|
||||||
From: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
Date: Wed, 15 May 2019 08:06:10 -0400
|
|
||||||
Subject: [PATCH] tests: clitest: Add a test case for the last commit
|
|
||||||
|
|
||||||
From: Cole Robinson <crobinso@redhat.com>
|
|
||||||
|
|
||||||
We need a custom test driver input to reproduce the pool collision
|
|
||||||
|
|
||||||
(cherry picked from commit fcabcb7a95c9dd81fb7c1335c3c181bb08a31ad0)
|
|
||||||
Signed-off-by: Cole Robinson <crobinso@redhat.com>
|
|
||||||
|
|
||||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1714752
|
|
||||||
---
|
|
||||||
.../testdriver-defaultpool-collision.xml | 47 +++++++++++++++++++
|
|
||||||
tests/clitest.py | 1 +
|
|
||||||
tests/utils.py | 2 +
|
|
||||||
3 files changed, 50 insertions(+)
|
|
||||||
create mode 100644 tests/cli-test-xml/testdriver-defaultpool-collision.xml
|
|
||||||
|
|
||||||
diff --git a/tests/cli-test-xml/testdriver-defaultpool-collision.xml b/tests/cli-test-xml/testdriver-defaultpool-collision.xml
|
|
||||||
new file mode 100644
|
|
||||||
index 00000000..1343f812
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/tests/cli-test-xml/testdriver-defaultpool-collision.xml
|
|
||||||
@@ -0,0 +1,47 @@
|
|
||||||
+<node>
|
|
||||||
+
|
|
||||||
+ <cpu>
|
|
||||||
+ <nodes>1</nodes>
|
|
||||||
+ <sockets>4</sockets>
|
|
||||||
+ <cores>4</cores>
|
|
||||||
+ <threads>1</threads>
|
|
||||||
+ <active>4</active>
|
|
||||||
+ <mhz>4000</mhz>
|
|
||||||
+ <model>i686</model>
|
|
||||||
+ </cpu>
|
|
||||||
+ <memory>10000000</memory>
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+<network>
|
|
||||||
+ <name>default</name>
|
|
||||||
+ <uuid>715666b7-dbd4-6c78-fa55-94863da09f2d</uuid>
|
|
||||||
+ <forward mode='nat'/>
|
|
||||||
+ <bridge name='virbr0' stp='on' forwardDelay='0' />
|
|
||||||
+ <ip address='192.168.122.1' netmask='255.255.255.0'>
|
|
||||||
+ <dhcp>
|
|
||||||
+ <range start='192.168.122.2' end='192.168.122.254' />
|
|
||||||
+ </dhcp>
|
|
||||||
+ </ip>
|
|
||||||
+</network>
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+<pool type='dir'>
|
|
||||||
+ <name>default-pool-path-collision</name>
|
|
||||||
+ <uuid>35bb2ad9-388a-cdfe-461a-b8907f6e53fe</uuid>
|
|
||||||
+ <capacity>107374182400</capacity>
|
|
||||||
+ <allocation>0</allocation>
|
|
||||||
+ <available>107374182400</available>
|
|
||||||
+ <source>
|
|
||||||
+ </source>
|
|
||||||
+ <target>
|
|
||||||
+ <path>/var/lib/libvirt/images</path>
|
|
||||||
+ <permissions>
|
|
||||||
+ <mode>0700</mode>
|
|
||||||
+ <owner>10736</owner>
|
|
||||||
+ <group>10736</group>
|
|
||||||
+ </permissions>
|
|
||||||
+ </target>
|
|
||||||
+</pool>
|
|
||||||
+
|
|
||||||
+</node>
|
|
||||||
diff --git a/tests/clitest.py b/tests/clitest.py
|
|
||||||
index 824293e4..ecdf3731 100644
|
|
||||||
--- a/tests/clitest.py
|
|
||||||
+++ b/tests/clitest.py
|
|
||||||
@@ -684,6 +684,7 @@ c.add_valid("--nodisks --pxe", grep="VM performance may suffer") # os variant w
|
|
||||||
c.add_invalid("--hvm --nodisks --pxe foobar") # Positional arguments error
|
|
||||||
c.add_invalid("--nodisks --pxe --name test") # Colliding name
|
|
||||||
c.add_compare("--cdrom %(EXISTIMG1)s --disk size=1 --disk %(EXISTIMG2)s,device=cdrom", "cdrom-double") # ensure --disk device=cdrom is ordered after --cdrom, this is important for virtio-win installs with a driver ISO
|
|
||||||
+c.add_valid("--connect %s --pxe --disk size=1" % utils.URIs.test_defaultpool_collision) # testdriver already has a pool using the 'default' path, make sure we don't error
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
diff --git a/tests/utils.py b/tests/utils.py
|
|
||||||
index d22933d3..ef7c613a 100644
|
|
||||||
--- a/tests/utils.py
|
|
||||||
+++ b/tests/utils.py
|
|
||||||
@@ -56,6 +56,8 @@ class _URIs(object):
|
|
||||||
self.test_full = _testtmpl % (os.getcwd() + "/tests/testdriver.xml")
|
|
||||||
self.test_suite = _testtmpl % (os.getcwd() + "/tests/testsuite.xml")
|
|
||||||
self.test_remote = self.test_full + ",remote"
|
|
||||||
+ self.test_defaultpool_collision = (_testtmpl % (os.getcwd() +
|
|
||||||
+ "/tests/cli-test-xml/testdriver-defaultpool-collision.xml"))
|
|
||||||
|
|
||||||
self.xen = self.test_full + _caps("xen-rhel5.4.xml") + ",xen"
|
|
||||||
self.lxc = self.test_full + _caps("lxc.xml") + ",lxc"
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,48 +0,0 @@
|
|||||||
From 6cb52e94e35d78001060b455d02de819fd923ba7 Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <6cb52e94e35d78001060b455d02de819fd923ba7@dist-git>
|
|
||||||
From: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
Date: Mon, 18 Mar 2019 14:22:25 -0400
|
|
||||||
Subject: [PATCH] urldetect: Check also for 'treeinfo' (bz 1689252)
|
|
||||||
|
|
||||||
From: Cole Robinson <crobinso@redhat.com>
|
|
||||||
|
|
||||||
Trees published to akamai CDN via Red Hat Satellite can't have .dotfiles
|
|
||||||
in them. More details here:
|
|
||||||
|
|
||||||
https://bugzilla.redhat.com/show_bug.cgi?id=635065
|
|
||||||
|
|
||||||
So we also need to check for .treeinfo. Anaconda does this too so it's
|
|
||||||
a long known issue.
|
|
||||||
|
|
||||||
https://bugzilla.redhat.com/show_bug.cgi?id=1689252
|
|
||||||
(cherry picked from commit 74bbc3db15d5e9a1b4d21c276f7d3f435b83d2fd)
|
|
||||||
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
---
|
|
||||||
virtinst/urldetect.py | 11 ++++++++++-
|
|
||||||
1 file changed, 10 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/virtinst/urldetect.py b/virtinst/urldetect.py
|
|
||||||
index 5da15d0b..27747f91 100644
|
|
||||||
--- a/virtinst/urldetect.py
|
|
||||||
+++ b/virtinst/urldetect.py
|
|
||||||
@@ -46,7 +46,16 @@ class _DistroCache(object):
|
|
||||||
if self._treeinfo:
|
|
||||||
return self._treeinfo
|
|
||||||
|
|
||||||
- treeinfostr = self.acquire_file_content(".treeinfo")
|
|
||||||
+ # Vast majority of trees here use .treeinfo. However, trees via
|
|
||||||
+ # Red Hat satellite on akamai CDN will use treeinfo, because akamai
|
|
||||||
+ # doesn't do dotfiles apparently:
|
|
||||||
+ #
|
|
||||||
+ # https://bugzilla.redhat.com/show_bug.cgi?id=635065
|
|
||||||
+ #
|
|
||||||
+ # Anaconda is the canonical treeinfo consumer and they check for both
|
|
||||||
+ # locations, so we need to do the same
|
|
||||||
+ treeinfostr = (self.acquire_file_content(".treeinfo") or
|
|
||||||
+ self.acquire_file_content("treeinfo"))
|
|
||||||
if treeinfostr is None:
|
|
||||||
return None
|
|
||||||
|
|
||||||
--
|
|
||||||
2.20.1
|
|
||||||
|
|
@ -1,107 +0,0 @@
|
|||||||
From 876da431c26216844488b8fe11be871576b7751d Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <876da431c26216844488b8fe11be871576b7751d@dist-git>
|
|
||||||
From: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
Date: Tue, 13 Nov 2018 16:18:05 +0100
|
|
||||||
Subject: [PATCH] virt-install: Add "Guest OS" options group
|
|
||||||
|
|
||||||
From: Andrea Bolognani <abologna@redhat.com>
|
|
||||||
|
|
||||||
The --os-variant option doesn't quite fit perfectly into
|
|
||||||
its current "Installation method" group, plus we want to
|
|
||||||
add the same option to virt-xml which can't have that
|
|
||||||
group for obvious reasons.
|
|
||||||
|
|
||||||
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
|
|
||||||
(cherry picked from commit 751fb88c58b0e1d922b11397bcfe3cd91af694f0)
|
|
||||||
|
|
||||||
https://bugzilla.redhat.com/show_bug.cgi?id=1649406
|
|
||||||
|
|
||||||
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
|
|
||||||
---
|
|
||||||
man/virt-install.pod | 38 +++++++++++++++++++++++---------------
|
|
||||||
virt-install | 10 +++++-----
|
|
||||||
2 files changed, 28 insertions(+), 20 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/man/virt-install.pod b/man/virt-install.pod
|
|
||||||
index b75b7998..5b7a784c 100644
|
|
||||||
--- a/man/virt-install.pod
|
|
||||||
+++ b/man/virt-install.pod
|
|
||||||
@@ -472,21 +472,6 @@ file:
|
|
||||||
|
|
||||||
--initrd-inject=/path/to/my.ks --extra-args "ks=file:/my.ks"
|
|
||||||
|
|
||||||
-=item B<--os-variant> OS_VARIANT
|
|
||||||
-
|
|
||||||
-Optimize the guest configuration for a specific operating system (ex.
|
|
||||||
-'fedora29', 'rhel7', 'win10'). While not required, specifying this
|
|
||||||
-options is HIGHLY RECOMMENDED, as it can greatly increase performance
|
|
||||||
-by specifying virtio among other guest tweaks.
|
|
||||||
-
|
|
||||||
-By default, virt-install will attempt to auto detect this value from
|
|
||||||
-the install media (currently only supported for URL installs). Autodetection
|
|
||||||
-can be disabled with the special value 'none'. Autodetection can be
|
|
||||||
-forced with the special value 'auto'.
|
|
||||||
-
|
|
||||||
-Use the command "osinfo-query os" to get the list of the accepted OS
|
|
||||||
-variants.
|
|
||||||
-
|
|
||||||
=item B<--boot> BOOTOPTS
|
|
||||||
|
|
||||||
Optionally specify the post-install VM boot configuration. This option allows
|
|
||||||
@@ -573,6 +558,29 @@ Use --idmap=? to see a list of all available sub options. Complete details at L<
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
+=head1 GUEST OS OPTIONS
|
|
||||||
+
|
|
||||||
+=over 4
|
|
||||||
+
|
|
||||||
+=item B<--os-variant> OS_VARIANT
|
|
||||||
+
|
|
||||||
+Optimize the guest configuration for a specific operating system (ex.
|
|
||||||
+'fedora29', 'rhel7', 'win10'). While not required, specifying this
|
|
||||||
+options is HIGHLY RECOMMENDED, as it can greatly increase performance
|
|
||||||
+by specifying virtio among other guest tweaks.
|
|
||||||
+
|
|
||||||
+By default, virt-install will attempt to auto detect this value from
|
|
||||||
+the install media (currently only supported for URL installs). Autodetection
|
|
||||||
+can be disabled with the special value 'none'. Autodetection can be
|
|
||||||
+forced with the special value 'auto'.
|
|
||||||
+
|
|
||||||
+Use the command "osinfo-query os" to get the list of the accepted OS
|
|
||||||
+variants.
|
|
||||||
+
|
|
||||||
+=back
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+
|
|
||||||
|
|
||||||
=head1 STORAGE OPTIONS
|
|
||||||
|
|
||||||
diff --git a/virt-install b/virt-install
|
|
||||||
index 2c379ed3..4e16d4c8 100755
|
|
||||||
--- a/virt-install
|
|
||||||
+++ b/virt-install
|
|
||||||
@@ -784,14 +784,14 @@ def parse_args():
|
|
||||||
insg.add_argument("--test-stub-command", action="store_true",
|
|
||||||
help=argparse.SUPPRESS)
|
|
||||||
|
|
||||||
- insg.add_argument("--os-type", dest="distro_type", help=argparse.SUPPRESS)
|
|
||||||
- insg.add_argument("--os-variant", dest="distro_variant",
|
|
||||||
- help=_("The OS variant being installed in the guest, "
|
|
||||||
- "e.g. 'fedora29', 'rhel7', 'win10 etc."))
|
|
||||||
-
|
|
||||||
cli.add_boot_options(insg)
|
|
||||||
insg.add_argument("--init", help=argparse.SUPPRESS)
|
|
||||||
|
|
||||||
+ osg = parser.add_argument_group(_("Guest OS Options"))
|
|
||||||
+ osg.add_argument("--os-type", dest="distro_type", help=argparse.SUPPRESS)
|
|
||||||
+ osg.add_argument("--os-variant", dest="distro_variant",
|
|
||||||
+ help=_("The OS variant being installed in the guest, "
|
|
||||||
+ "e.g. 'fedora29', 'rhel7', 'win10 etc."))
|
|
||||||
|
|
||||||
devg = parser.add_argument_group(_("Device Options"))
|
|
||||||
cli.add_disk_option(devg)
|
|
||||||
--
|
|
||||||
2.19.2
|
|
||||||
|
|
@ -1,53 +0,0 @@
|
|||||||
From cbb550bc8064d8219798a2de80ed71b5bd4c4735 Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <cbb550bc8064d8219798a2de80ed71b5bd4c4735@dist-git>
|
|
||||||
From: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
Date: Tue, 13 Nov 2018 16:18:04 +0100
|
|
||||||
Subject: [PATCH] virt-install: Fix description for --os-variant
|
|
||||||
|
|
||||||
From: Andrea Bolognani <abologna@redhat.com>
|
|
||||||
|
|
||||||
Since we're messing with it either way, might as well use
|
|
||||||
modern OS names as examples.
|
|
||||||
|
|
||||||
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
|
|
||||||
(cherry picked from commit a550a957278917f6edf94ada94017feeca77b7bf)
|
|
||||||
|
|
||||||
https://bugzilla.redhat.com/show_bug.cgi?id=1649406
|
|
||||||
|
|
||||||
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
|
|
||||||
---
|
|
||||||
man/virt-install.pod | 2 +-
|
|
||||||
virt-install | 4 ++--
|
|
||||||
2 files changed, 3 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/man/virt-install.pod b/man/virt-install.pod
|
|
||||||
index 8cd56fe0..b75b7998 100644
|
|
||||||
--- a/man/virt-install.pod
|
|
||||||
+++ b/man/virt-install.pod
|
|
||||||
@@ -475,7 +475,7 @@ file:
|
|
||||||
=item B<--os-variant> OS_VARIANT
|
|
||||||
|
|
||||||
Optimize the guest configuration for a specific operating system (ex.
|
|
||||||
-'fedora18', 'rhel7', 'winxp'). While not required, specifying this
|
|
||||||
+'fedora29', 'rhel7', 'win10'). While not required, specifying this
|
|
||||||
options is HIGHLY RECOMMENDED, as it can greatly increase performance
|
|
||||||
by specifying virtio among other guest tweaks.
|
|
||||||
|
|
||||||
diff --git a/virt-install b/virt-install
|
|
||||||
index a7f247f1..2c379ed3 100755
|
|
||||||
--- a/virt-install
|
|
||||||
+++ b/virt-install
|
|
||||||
@@ -786,8 +786,8 @@ def parse_args():
|
|
||||||
|
|
||||||
insg.add_argument("--os-type", dest="distro_type", help=argparse.SUPPRESS)
|
|
||||||
insg.add_argument("--os-variant", dest="distro_variant",
|
|
||||||
- help=_("The OS variant being installed guests, "
|
|
||||||
- "e.g. 'fedora18', 'rhel6', 'winxp', etc."))
|
|
||||||
+ help=_("The OS variant being installed in the guest, "
|
|
||||||
+ "e.g. 'fedora29', 'rhel7', 'win10 etc."))
|
|
||||||
|
|
||||||
cli.add_boot_options(insg)
|
|
||||||
insg.add_argument("--init", help=argparse.SUPPRESS)
|
|
||||||
--
|
|
||||||
2.19.2
|
|
||||||
|
|
@ -1,186 +0,0 @@
|
|||||||
From c05e60de1acb174bb40257d3481267e35dc62960 Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <c05e60de1acb174bb40257d3481267e35dc62960@dist-git>
|
|
||||||
From: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
Date: Wed, 15 May 2019 10:37:53 +0200
|
|
||||||
Subject: [PATCH] virt-manager: add new checkbox to control CPU security
|
|
||||||
features
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
By default we copy CPU security features to the guest if specific CPU
|
|
||||||
model is selected. However, this may break migration and will affect
|
|
||||||
performance of the guest. This adds an option to disable this default
|
|
||||||
behavior.
|
|
||||||
|
|
||||||
The checkbox is clickable only on x86 and only on host where we can
|
|
||||||
detect any CPU security features, otherwise a tooltip is set to notify
|
|
||||||
users that there is nothing to copy.
|
|
||||||
|
|
||||||
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
||||||
(cherry picked from commit 8720637cff7b0766d9e27a60b0f81740176d70c8)
|
|
||||||
|
|
||||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
|
|
||||||
|
|
||||||
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
---
|
|
||||||
ui/details.ui | 15 +++++++++++++++
|
|
||||||
virtManager/details.py | 21 +++++++++++++++++++++
|
|
||||||
virtManager/domain.py | 5 +++--
|
|
||||||
virtinst/domain/cpu.py | 30 ++++++++++++++++++++++++++++++
|
|
||||||
4 files changed, 69 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/ui/details.ui b/ui/details.ui
|
|
||||||
index c18070c8..1e1be759 100644
|
|
||||||
--- a/ui/details.ui
|
|
||||||
+++ b/ui/details.ui
|
|
||||||
@@ -2122,6 +2122,21 @@
|
|
||||||
<property name="top_attach">1</property>
|
|
||||||
</packing>
|
|
||||||
</child>
|
|
||||||
+ <child>
|
|
||||||
+ <object class="GtkCheckButton" id="cpu-secure">
|
|
||||||
+ <property name="label" translatable="yes">Enable available CPU security flaw mitigations</property>
|
|
||||||
+ <property name="visible">True</property>
|
|
||||||
+ <property name="can_focus">True</property>
|
|
||||||
+ <property name="receives_default">False</property>
|
|
||||||
+ <property name="draw_indicator">True</property>
|
|
||||||
+ <signal name="toggled" handler="on_cpu_secure_toggled" swapped="no"/>
|
|
||||||
+ </object>
|
|
||||||
+ <packing>
|
|
||||||
+ <property name="left_attach">0</property>
|
|
||||||
+ <property name="top_attach">2</property>
|
|
||||||
+ <property name="width">2</property>
|
|
||||||
+ </packing>
|
|
||||||
+ </child>
|
|
||||||
</object>
|
|
||||||
</child>
|
|
||||||
</object>
|
|
||||||
diff --git a/virtManager/details.py b/virtManager/details.py
|
|
||||||
index b7e7fc14..b8899d77 100644
|
|
||||||
--- a/virtManager/details.py
|
|
||||||
+++ b/virtManager/details.py
|
|
||||||
@@ -523,6 +523,7 @@ class vmmDetails(vmmGObjectUI):
|
|
||||||
"on_cpu_maxvcpus_changed": self.config_maxvcpus_changed,
|
|
||||||
"on_cpu_model_changed": lambda *x: self.config_cpu_model_changed(x),
|
|
||||||
"on_cpu_copy_host_clicked": self.on_cpu_copy_host_clicked,
|
|
||||||
+ "on_cpu_secure_toggled": self.on_cpu_secure_toggled,
|
|
||||||
"on_cpu_cores_changed": self.config_cpu_topology_changed,
|
|
||||||
"on_cpu_sockets_changed": self.config_cpu_topology_changed,
|
|
||||||
"on_cpu_threads_changed": self.config_cpu_topology_changed,
|
|
||||||
@@ -1716,6 +1717,11 @@ class vmmDetails(vmmGObjectUI):
|
|
||||||
def on_cpu_copy_host_clicked(self, src):
|
|
||||||
uiutil.set_grid_row_visible(
|
|
||||||
self.widget("cpu-model"), not src.get_active())
|
|
||||||
+ uiutil.set_grid_row_visible(
|
|
||||||
+ self.widget("cpu-secure"), not src.get_active())
|
|
||||||
+ self.enable_apply(EDIT_CPU)
|
|
||||||
+
|
|
||||||
+ def on_cpu_secure_toggled(self, ignore):
|
|
||||||
self.enable_apply(EDIT_CPU)
|
|
||||||
|
|
||||||
def config_cpu_model_changed(self, ignore):
|
|
||||||
@@ -2014,6 +2020,7 @@ class vmmDetails(vmmGObjectUI):
|
|
||||||
|
|
||||||
if self.edited(EDIT_CPU):
|
|
||||||
kwargs["model"] = self.get_config_cpu_model()
|
|
||||||
+ kwargs["secure"] = self.widget("cpu-secure").get_active()
|
|
||||||
|
|
||||||
if self.edited(EDIT_TOPOLOGY):
|
|
||||||
do_top = self.widget("cpu-topology-enable").get_active()
|
|
||||||
@@ -2574,6 +2581,11 @@ class vmmDetails(vmmGObjectUI):
|
|
||||||
n1, n2 = self.vm.network_traffic_vectors()
|
|
||||||
self.network_traffic_graph.set_property("data_array", n1 + n2)
|
|
||||||
|
|
||||||
+ def _cpu_secure_is_available(self):
|
|
||||||
+ domcaps = self.vm.get_domain_capabilities()
|
|
||||||
+ features = domcaps.get_cpu_security_features()
|
|
||||||
+ return self.vm.get_xmlobj().os.is_x86() and len(features) > 0
|
|
||||||
+
|
|
||||||
def refresh_config_cpu(self):
|
|
||||||
# Set topology first, because it impacts maxvcpus values
|
|
||||||
cpu = self.vm.get_cpu_config()
|
|
||||||
@@ -2627,6 +2639,15 @@ class vmmDetails(vmmGObjectUI):
|
|
||||||
self.widget("cpu-copy-host").set_active(bool(is_host))
|
|
||||||
self.on_cpu_copy_host_clicked(self.widget("cpu-copy-host"))
|
|
||||||
|
|
||||||
+ if not self._cpu_secure_is_available():
|
|
||||||
+ self.widget("cpu-secure").set_sensitive(False)
|
|
||||||
+ self.widget("cpu-secure").set_tooltip_text(
|
|
||||||
+ "No security features to copy, the host is missing "
|
|
||||||
+ "security patches or the host CPU is not vulnerable.")
|
|
||||||
+
|
|
||||||
+ cpu.check_security_features(self.vm.get_xmlobj())
|
|
||||||
+ self.widget("cpu-secure").set_active(cpu.secure)
|
|
||||||
+
|
|
||||||
def refresh_config_memory(self):
|
|
||||||
host_mem_widget = self.widget("state-host-memory")
|
|
||||||
host_mem = self.vm.conn.host_memory_size() // 1024
|
|
||||||
diff --git a/virtManager/domain.py b/virtManager/domain.py
|
|
||||||
index 5b3f1e44..c8f4e822 100644
|
|
||||||
--- a/virtManager/domain.py
|
|
||||||
+++ b/virtManager/domain.py
|
|
||||||
@@ -495,7 +495,7 @@ class vmmDomain(vmmLibvirtObject):
|
|
||||||
self._redefine_xmlobj(xmlobj)
|
|
||||||
|
|
||||||
def define_cpu(self, vcpus=_SENTINEL, maxvcpus=_SENTINEL,
|
|
||||||
- model=_SENTINEL, sockets=_SENTINEL,
|
|
||||||
+ model=_SENTINEL, secure=_SENTINEL, sockets=_SENTINEL,
|
|
||||||
cores=_SENTINEL, threads=_SENTINEL):
|
|
||||||
guest = self._make_xmlobj_to_define()
|
|
||||||
|
|
||||||
@@ -509,7 +509,8 @@ class vmmDomain(vmmLibvirtObject):
|
|
||||||
guest.cpu.cores = cores
|
|
||||||
guest.cpu.threads = threads
|
|
||||||
|
|
||||||
- if model != _SENTINEL:
|
|
||||||
+ if secure != _SENTINEL or model != _SENTINEL:
|
|
||||||
+ guest.cpu.secure = secure
|
|
||||||
if model in guest.cpu.SPECIAL_MODES:
|
|
||||||
guest.cpu.set_special_mode(guest, model)
|
|
||||||
else:
|
|
||||||
diff --git a/virtinst/domain/cpu.py b/virtinst/domain/cpu.py
|
|
||||||
index ab40f788..c6a411bb 100644
|
|
||||||
--- a/virtinst/domain/cpu.py
|
|
||||||
+++ b/virtinst/domain/cpu.py
|
|
||||||
@@ -123,6 +123,36 @@ class DomainCpu(XMLBuilder):
|
|
||||||
if not exists:
|
|
||||||
self.add_feature(feature)
|
|
||||||
|
|
||||||
+ def check_security_features(self, guest):
|
|
||||||
+ """
|
|
||||||
+ Since 'secure' property is not exported into the domain XML
|
|
||||||
+ we might need to refresh its state.
|
|
||||||
+ """
|
|
||||||
+ domcaps = guest.lookup_domcaps()
|
|
||||||
+ features = domcaps.get_cpu_security_features()
|
|
||||||
+
|
|
||||||
+ if len(features) == 0:
|
|
||||||
+ self.secure = False
|
|
||||||
+ return
|
|
||||||
+
|
|
||||||
+ for feature in features:
|
|
||||||
+ exists = False
|
|
||||||
+ for f in self.features:
|
|
||||||
+ if f.name == feature and f.policy == "require":
|
|
||||||
+ exists = True
|
|
||||||
+ break
|
|
||||||
+ if not exists:
|
|
||||||
+ self.secure = False
|
|
||||||
+ return
|
|
||||||
+
|
|
||||||
+ def _remove_security_features(self, guest):
|
|
||||||
+ domcaps = guest.lookup_domcaps()
|
|
||||||
+ for feature in domcaps.get_cpu_security_features():
|
|
||||||
+ for f in self.features:
|
|
||||||
+ if f.name == feature and f.policy == "require":
|
|
||||||
+ self.remove_child(f)
|
|
||||||
+ break
|
|
||||||
+
|
|
||||||
def set_model(self, guest, val):
|
|
||||||
logging.debug("setting cpu model %s", val)
|
|
||||||
if val:
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,90 +0,0 @@
|
|||||||
From 56d11ce780d8f3b01a557b12d88058daec95bff7 Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <56d11ce780d8f3b01a557b12d88058daec95bff7@dist-git>
|
|
||||||
From: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
Date: Tue, 13 Nov 2018 16:18:06 +0100
|
|
||||||
Subject: [PATCH] virt-xml: Accept --os-variant option
|
|
||||||
|
|
||||||
From: Andrea Bolognani <abologna@redhat.com>
|
|
||||||
|
|
||||||
We're not doing anything with it yet, but having the
|
|
||||||
parser accept it means we can write tests and see how
|
|
||||||
their output changes once we wire it up in earnest.
|
|
||||||
|
|
||||||
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
|
|
||||||
(cherry picked from commit ade53764fc4e86db1d37012c3723e92b81c6b4c9)
|
|
||||||
|
|
||||||
https://bugzilla.redhat.com/show_bug.cgi?id=1649406
|
|
||||||
|
|
||||||
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
|
|
||||||
---
|
|
||||||
man/virt-xml.pod | 30 ++++++++++++++++++++++++++++++
|
|
||||||
virt-xml | 5 +++++
|
|
||||||
2 files changed, 35 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/man/virt-xml.pod b/man/virt-xml.pod
|
|
||||||
index bae492ac..a24a04fa 100644
|
|
||||||
--- a/man/virt-xml.pod
|
|
||||||
+++ b/man/virt-xml.pod
|
|
||||||
@@ -160,6 +160,30 @@ Before defining or updating the domain, show the generated XML diff and interact
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
+=head1 GUEST OS OPTIONS
|
|
||||||
+
|
|
||||||
+=over 4
|
|
||||||
+
|
|
||||||
+=item B<--os-variant> OS_VARIANT
|
|
||||||
+
|
|
||||||
+Optimize the guest configuration for a specific operating system (ex.
|
|
||||||
+'fedora29', 'rhel7', 'win10'). While not required, specifying this
|
|
||||||
+options is HIGHLY RECOMMENDED, as it can greatly increase performance
|
|
||||||
+by specifying virtio among other guest tweaks.
|
|
||||||
+
|
|
||||||
+If the guest has been installed using virt-manager version 2.0.0 or newer,
|
|
||||||
+providing this information should not be necessary, as the OS variant will
|
|
||||||
+have been stored in the guest configuration during installation and virt-xml
|
|
||||||
+will retrieve it from there automatically.
|
|
||||||
+
|
|
||||||
+Use the command "osinfo-query os" to get the list of the accepted OS
|
|
||||||
+variants.
|
|
||||||
+
|
|
||||||
+=back
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+
|
|
||||||
=head1 XML OPTIONS
|
|
||||||
|
|
||||||
=over 4
|
|
||||||
@@ -331,6 +355,12 @@ Create a 10G qcow2 disk image and attach it to 'fedora18' for the next VM startu
|
|
||||||
# virt-xml fedora18 --add-device \
|
|
||||||
--disk /var/lib/libvirt/images/newimage.qcow2,format=qcow2,size=10
|
|
||||||
|
|
||||||
+Same as above, but ensure the disk is attached to the most appropriate bus
|
|
||||||
+for the guest OS by providing information about it on the command line:
|
|
||||||
+
|
|
||||||
+ # virt-xml fedora18 --os-variant fedora18 --add-device \
|
|
||||||
+ --disk /var/lib/libvirt/images/newimage.qcow2,format=qcow2,size=10
|
|
||||||
+
|
|
||||||
Hotunplug the disk vdb from the running domain 'rhel7':
|
|
||||||
|
|
||||||
# virt-xml rhel7 --update --remove-device --disk target=vdb
|
|
||||||
diff --git a/virt-xml b/virt-xml
|
|
||||||
index 9bdde95d..65d9b55f 100755
|
|
||||||
--- a/virt-xml
|
|
||||||
+++ b/virt-xml
|
|
||||||
@@ -360,6 +360,11 @@ def parse_args():
|
|
||||||
outg.add_argument("--confirm", action="store_true",
|
|
||||||
help=_("Require confirmation before saving any results."))
|
|
||||||
|
|
||||||
+ osg = parser.add_argument_group(_("OS options"))
|
|
||||||
+ osg.add_argument("--os-variant", dest="distro_variant",
|
|
||||||
+ help=_("The OS variant installed in the guest, "
|
|
||||||
+ "e.g. 'fedora29', 'rhel7', 'win10 etc."))
|
|
||||||
+
|
|
||||||
g = parser.add_argument_group(_("XML options"))
|
|
||||||
cli.add_disk_option(g, editexample=True)
|
|
||||||
cli.add_net_option(g)
|
|
||||||
--
|
|
||||||
2.19.2
|
|
||||||
|
|
@ -1,136 +0,0 @@
|
|||||||
From ffa0e4e8e438319cb3c8856d1d7f48a8864afe2e Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <ffa0e4e8e438319cb3c8856d1d7f48a8864afe2e@dist-git>
|
|
||||||
From: Pavel Hrdina <phrdina@redhat.com>
|
|
||||||
Date: Tue, 13 Nov 2018 16:18:08 +0100
|
|
||||||
Subject: [PATCH] virt-xml: Start using --os-variant
|
|
||||||
|
|
||||||
From: Andrea Bolognani <abologna@redhat.com>
|
|
||||||
|
|
||||||
The option only works with --add-device for the time being,
|
|
||||||
so we prevent its use in all other cases.
|
|
||||||
|
|
||||||
It would be nice to have it work with --build-xml too, but
|
|
||||||
in that case the user would have to provide some extra
|
|
||||||
information that in the case of --add-device we can figure
|
|
||||||
out from the existing guest, and it's not entirely clear
|
|
||||||
whether that would even be that useful, so for now we're
|
|
||||||
not considering that case at all.
|
|
||||||
|
|
||||||
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
|
|
||||||
(cherry picked from commit d2d103a334e3beeb8e108137f50adee2e5c0e5fc)
|
|
||||||
|
|
||||||
https://bugzilla.redhat.com/show_bug.cgi?id=1649406
|
|
||||||
|
|
||||||
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
|
|
||||||
---
|
|
||||||
.../virt-xml-kvm-add-disk-os-from-cmdline.xml | 11 ++++++++++-
|
|
||||||
.../virt-xml-kvm-add-network-os-from-cmdline.xml | 11 ++++++++++-
|
|
||||||
virt-xml | 14 ++++++++++++++
|
|
||||||
3 files changed, 34 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-cmdline.xml b/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-cmdline.xml
|
|
||||||
index e5e4bd62..cf872c1c 100644
|
|
||||||
--- a/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-cmdline.xml
|
|
||||||
+++ b/tests/cli-test-xml/compare/virt-xml-kvm-add-disk-os-from-cmdline.xml
|
|
||||||
@@ -1,10 +1,19 @@
|
|
||||||
+ </description>
|
|
||||||
+ <metadata>
|
|
||||||
+ <libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
|
|
||||||
+- <libosinfo:os id="http://fedoraproject.org/fedora/unknown"/>
|
|
||||||
++ <libosinfo:os id="http://microsoft.com/win/me"/>
|
|
||||||
+ </libosinfo:libosinfo>
|
|
||||||
+ </metadata>
|
|
||||||
+ <memory unit="KiB">409600</memory>
|
|
||||||
+@@
|
|
||||||
<panic model="s390"/>
|
|
||||||
<panic model="pseries"/>
|
|
||||||
<panic model="hyperv"/>
|
|
||||||
+ <disk type="file" device="disk">
|
|
||||||
+ <driver name="qemu" type="qcow2"/>
|
|
||||||
+ <source file="/dev/default-pool/testvol1.img"/>
|
|
||||||
-+ <target dev="vdaf" bus="virtio"/>
|
|
||||||
++ <target dev="hdd" bus="ide"/>
|
|
||||||
+ </disk>
|
|
||||||
</devices>
|
|
||||||
<seclabel type="dynamic" model="selinux" relabel="yes"/>
|
|
||||||
diff --git a/tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-cmdline.xml b/tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-cmdline.xml
|
|
||||||
index c834c936..8d278e7a 100644
|
|
||||||
--- a/tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-cmdline.xml
|
|
||||||
+++ b/tests/cli-test-xml/compare/virt-xml-kvm-add-network-os-from-cmdline.xml
|
|
||||||
@@ -1,10 +1,19 @@
|
|
||||||
+ </description>
|
|
||||||
+ <metadata>
|
|
||||||
+ <libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
|
|
||||||
+- <libosinfo:os id="http://fedoraproject.org/fedora/unknown"/>
|
|
||||||
++ <libosinfo:os id="http://microsoft.com/win/me"/>
|
|
||||||
+ </libosinfo:libosinfo>
|
|
||||||
+ </metadata>
|
|
||||||
+ <memory unit="KiB">409600</memory>
|
|
||||||
+@@
|
|
||||||
<panic model="s390"/>
|
|
||||||
<panic model="pseries"/>
|
|
||||||
<panic model="hyperv"/>
|
|
||||||
+ <interface type="bridge">
|
|
||||||
+ <source bridge="eth0"/>
|
|
||||||
+ <mac address="00:11:22:33:44:55"/>
|
|
||||||
-+ <model type="virtio"/>
|
|
||||||
++ <model type="e1000"/>
|
|
||||||
+ </interface>
|
|
||||||
</devices>
|
|
||||||
<seclabel type="dynamic" model="selinux" relabel="yes"/>
|
|
||||||
diff --git a/virt-xml b/virt-xml
|
|
||||||
index 65d9b55f..39abd297 100755
|
|
||||||
--- a/virt-xml
|
|
||||||
+++ b/virt-xml
|
|
||||||
@@ -56,6 +56,13 @@ def get_diff(origxml, newxml):
|
|
||||||
return ret
|
|
||||||
|
|
||||||
|
|
||||||
+def set_distro_variant(options, guest):
|
|
||||||
+ if options.distro_variant is None:
|
|
||||||
+ return
|
|
||||||
+
|
|
||||||
+ guest.set_os_name(options.distro_variant)
|
|
||||||
+
|
|
||||||
+
|
|
||||||
def get_domain_and_guest(conn, domstr):
|
|
||||||
try:
|
|
||||||
int(domstr)
|
|
||||||
@@ -175,6 +182,8 @@ def action_edit(guest, options, parserclass):
|
|
||||||
fail(_("'--edit %s' doesn't make sense with --%s, "
|
|
||||||
"just use empty '--edit'") %
|
|
||||||
(options.edit, parserclass.cli_arg_name))
|
|
||||||
+ if options.distro_variant is not None:
|
|
||||||
+ fail(_("--os-variant is not supported with --edit"))
|
|
||||||
|
|
||||||
return cli.parse_option_strings(options, guest, inst, update=True)
|
|
||||||
|
|
||||||
@@ -182,6 +191,7 @@ def action_edit(guest, options, parserclass):
|
|
||||||
def action_add_device(guest, options, parserclass):
|
|
||||||
if not parserclass.prop_is_list(guest):
|
|
||||||
fail(_("Cannot use --add-device with --%s") % parserclass.cli_arg_name)
|
|
||||||
+ set_distro_variant(options, guest)
|
|
||||||
devs = cli.parse_option_strings(options, guest, None)
|
|
||||||
devs = util.listify(devs)
|
|
||||||
for dev in devs:
|
|
||||||
@@ -193,6 +203,8 @@ def action_remove_device(guest, options, parserclass):
|
|
||||||
if not parserclass.prop_is_list(guest):
|
|
||||||
fail(_("Cannot use --remove-device with --%s") %
|
|
||||||
parserclass.cli_arg_name)
|
|
||||||
+ if options.distro_variant is not None:
|
|
||||||
+ fail(_("--os-variant is not supported with --remove-device"))
|
|
||||||
|
|
||||||
devs = _find_objects_to_edit(guest, "remove-device",
|
|
||||||
getattr(options, parserclass.cli_arg_name)[-1], parserclass)
|
|
||||||
@@ -207,6 +219,8 @@ def action_build_xml(conn, options, parserclass):
|
|
||||||
if not parserclass.propname:
|
|
||||||
fail(_("--build-xml not supported for --%s") %
|
|
||||||
parserclass.cli_arg_name)
|
|
||||||
+ if options.distro_variant is not None:
|
|
||||||
+ fail(_("--os-variant is not supported with --build-xml"))
|
|
||||||
|
|
||||||
guest = virtinst.Guest(conn)
|
|
||||||
inst = parserclass.lookup_prop(guest)
|
|
||||||
--
|
|
||||||
2.19.2
|
|
||||||
|
|
@ -1,9 +1,14 @@
|
|||||||
|
# This package depends on automagic byte compilation
|
||||||
|
# https://fedoraproject.org/wiki/Changes/No_more_automagic_Python_bytecompilation_phase_2
|
||||||
|
%global _python_bytecompile_extra 1
|
||||||
|
|
||||||
# -*- rpm-spec -*-
|
# -*- rpm-spec -*-
|
||||||
|
|
||||||
# RPM doesn't detect that code in /usr/share is python3, this forces it
|
# RPM doesn't detect that code in /usr/share is python3, this forces it
|
||||||
# https://fedoraproject.org/wiki/Changes/Avoid_usr_bin_python_in_RPM_Build#Python_bytecompilation
|
# https://fedoraproject.org/wiki/Changes/Avoid_usr_bin_python_in_RPM_Build#Python_bytecompilation
|
||||||
%global __python %{__python3}
|
%global __python %{__python3}
|
||||||
|
|
||||||
|
%bcond_with virtconvert
|
||||||
|
|
||||||
%global with_guestfs 0
|
%global with_guestfs 0
|
||||||
%global default_hvs "qemu,xen,lxc"
|
%global default_hvs "qemu,xen,lxc"
|
||||||
@ -12,40 +17,19 @@
|
|||||||
# End local config
|
# End local config
|
||||||
|
|
||||||
Name: virt-manager
|
Name: virt-manager
|
||||||
Version: 2.0.0
|
Version: 2.2.1
|
||||||
Release: 5.1%{?dist}%{?extra_release}
|
Release: 2%{?dist}%{?extra_release}
|
||||||
%global verrel %{version}-%{release}
|
%global verrel %{version}-%{release}
|
||||||
|
|
||||||
Summary: Desktop tool for managing virtual machines via libvirt
|
Summary: Desktop tool for managing virtual machines via libvirt
|
||||||
Group: Applications/Emulators
|
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
URL: https://virt-manager.org/
|
URL: https://virt-manager.org/
|
||||||
Source0: https://virt-manager.org/download/sources/%{name}/%{name}-%{version}.tar.gz
|
Source0: https://virt-manager.org/download/sources/%{name}/%{name}-%{version}.tar.gz
|
||||||
|
Source1: symlinks
|
||||||
|
|
||||||
Patch1: virt-manager-virt-install-Fix-description-for-os-variant.patch
|
Patch1: virt-manager-guest-fix-warning-message-when-machine-type-is-changed-for-secure-boot.patch
|
||||||
Patch2: virt-manager-virt-install-Add-Guest-OS-options-group.patch
|
Patch2: virt-manager-man-virt-install-Fix-a-couple-of-launchSecurity-related-typos.patch
|
||||||
Patch3: virt-manager-virt-xml-Accept-os-variant-option.patch
|
|
||||||
Patch4: virt-manager-tests-Add-some-tests-for-virt-xml-with-KVM.patch
|
|
||||||
Patch5: virt-manager-virt-xml-Start-using-os-variant.patch
|
|
||||||
Patch6: virt-manager-cli-s390x-graphics-specified-use-video-virtio-bz-1654994.patch
|
|
||||||
Patch7: virt-manager-diskbackend-Fix-backtrace-cloning-with-block-storage-bz-1661986.patch
|
|
||||||
Patch8: virt-manager-inspection-fix-check-of-null-icon.patch
|
|
||||||
Patch9: virt-manager-urldetect-Check-also-for-treeinfo-bz-1689252.patch
|
|
||||||
Patch10: virt-manager-cli-Fix-pool-default-when-path-belongs-to-another-pool-bz-1692489.patch
|
|
||||||
Patch11: virt-manager-tests-clitest-Add-a-test-case-for-the-last-commit.patch
|
|
||||||
Patch12: virt-manager-domcapabilities-introduce-get_cpu_security_features.patch
|
|
||||||
Patch13: virt-manager-domain-cpu-introduce-set_model-function.patch
|
|
||||||
Patch14: virt-manager-domain-cpu-automatically-add-CPU-security-features-for-custom-mode.patch
|
|
||||||
Patch15: virt-manager-domcapabilities-remove-recommended-CPU-features-from-security-features.patch
|
|
||||||
Patch16: virt-manager-domcapabilities-fix-typo-in-function-name.patch
|
|
||||||
Patch17: virt-manager-cli-introduce-CPU-secure-parameter.patch
|
|
||||||
Patch18: virt-manager-domcapabilities-add-caching-of-CPU-security-features.patch
|
|
||||||
Patch19: virt-manager-virt-manager-add-new-checkbox-to-control-CPU-security-features.patch
|
|
||||||
Patch20: virt-manager-DomainCpu-fix-detection-of-CPU-security-features.patch
|
|
||||||
Patch21: virt-manager-DomainCpu-check-CPU-model-name-only-if-model-exists.patch
|
|
||||||
Patch22: virt-manager-domcapabilities-detect-MDS-new-vulnerability.patch
|
|
||||||
Patch23: virt-manager-cli-fix-cpu-secure-option-to-actually-work.patch
|
|
||||||
|
|
||||||
|
|
||||||
Requires: virt-manager-common = %{verrel}
|
Requires: virt-manager-common = %{verrel}
|
||||||
@ -55,6 +39,9 @@ Requires: libvirt-glib >= 0.0.9
|
|||||||
Requires: gtk-vnc2
|
Requires: gtk-vnc2
|
||||||
Requires: spice-gtk3
|
Requires: spice-gtk3
|
||||||
|
|
||||||
|
# We can work with gtksourceview 3 or gtksourceview4, rhel has only the older one
|
||||||
|
Requires: gtksourceview3
|
||||||
|
|
||||||
# virt-manager is one of those apps that people will often install onto
|
# virt-manager is one of those apps that people will often install onto
|
||||||
# a headless machine for use over SSH. This means the virt-manager dep
|
# a headless machine for use over SSH. This means the virt-manager dep
|
||||||
# chain needs to provide everything we need to get a usable app experience.
|
# chain needs to provide everything we need to get a usable app experience.
|
||||||
@ -73,6 +60,9 @@ Requires: vte291
|
|||||||
Recommends: (libvirt-daemon-kvm or libvirt-daemon-qemu)
|
Recommends: (libvirt-daemon-kvm or libvirt-daemon-qemu)
|
||||||
Recommends: libvirt-daemon-config-network
|
Recommends: libvirt-daemon-config-network
|
||||||
|
|
||||||
|
# Optional inspection of guests
|
||||||
|
Suggests: python3-libguestfs
|
||||||
|
|
||||||
BuildRequires: git
|
BuildRequires: git
|
||||||
BuildRequires: intltool
|
BuildRequires: intltool
|
||||||
BuildRequires: /usr/bin/pod2man
|
BuildRequires: /usr/bin/pod2man
|
||||||
@ -89,8 +79,8 @@ management API.
|
|||||||
|
|
||||||
%package common
|
%package common
|
||||||
Summary: Common files used by the different Virtual Machine Manager interfaces
|
Summary: Common files used by the different Virtual Machine Manager interfaces
|
||||||
Group: Applications/Emulators
|
|
||||||
|
|
||||||
|
Requires: python3-argcomplete
|
||||||
Requires: python3-libvirt
|
Requires: python3-libvirt
|
||||||
Requires: python3-libxml2
|
Requires: python3-libxml2
|
||||||
Requires: python3-requests
|
Requires: python3-requests
|
||||||
@ -114,8 +104,10 @@ Requires: libvirt-client
|
|||||||
|
|
||||||
Provides: virt-install
|
Provides: virt-install
|
||||||
Provides: virt-clone
|
Provides: virt-clone
|
||||||
Provides: virt-convert
|
|
||||||
Provides: virt-xml
|
Provides: virt-xml
|
||||||
|
%if %{with virtconvert}
|
||||||
|
Provides: virt-convert
|
||||||
|
%endif
|
||||||
|
|
||||||
%description -n virt-install
|
%description -n virt-install
|
||||||
Package includes several command line utilities, including virt-install
|
Package includes several command line utilities, including virt-install
|
||||||
@ -124,44 +116,24 @@ machine).
|
|||||||
|
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%autosetup -S git_am -N
|
||||||
|
|
||||||
|
# "make dist" replaces all symlinks with a copy of the linked files;
|
||||||
# Patches have to be stored in a temporary file because RPM has
|
# we need to replace all of them with the original symlinks
|
||||||
# a limit on the length of the result of any macro expansion;
|
echo "Restoring symlinks"
|
||||||
# if the string is longer, it's silently cropped
|
while read lnk target; do
|
||||||
%{lua:
|
if [ -e $lnk ]; then
|
||||||
tmp = os.tmpname();
|
rm -rf $lnk
|
||||||
f = io.open(tmp, "w+");
|
ln -s $target $lnk
|
||||||
count = 0;
|
fi
|
||||||
for i, p in ipairs(patches) do
|
done <%{_sourcedir}/symlinks || exit 1
|
||||||
f:write(p.."\n");
|
|
||||||
count = count + 1;
|
|
||||||
end;
|
|
||||||
f:close();
|
|
||||||
print("PATCHCOUNT="..count.."\n")
|
|
||||||
print("PATCHLIST="..tmp.."\n")
|
|
||||||
}
|
|
||||||
|
|
||||||
git init -q
|
|
||||||
git config user.name rpm-build
|
|
||||||
git config user.email rpm-build
|
|
||||||
git config gc.auto 0
|
|
||||||
git add .
|
git add .
|
||||||
git commit -q -a --author 'rpm-build <rpm-build>' \
|
git commit -q -a --author 'rpm-build <rpm-build>' -m symlinks
|
||||||
-m '%{name}-%{version} base'
|
|
||||||
|
|
||||||
COUNT=$(grep '\.patch$' $PATCHLIST | wc -l)
|
|
||||||
if [ $COUNT -ne $PATCHCOUNT ]; then
|
git config gc.auto 0
|
||||||
echo "Found $COUNT patches in $PATCHLIST, expected $PATCHCOUNT"
|
|
||||||
exit 1
|
%autopatch
|
||||||
fi
|
|
||||||
if [ $COUNT -gt 0 ]; then
|
|
||||||
xargs git am <$PATCHLIST || exit 1
|
|
||||||
fi
|
|
||||||
echo "Applied $COUNT patches"
|
|
||||||
rm -f $PATCHLIST
|
|
||||||
rm -rf .git
|
|
||||||
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
@ -179,6 +151,11 @@ rm -rf .git
|
|||||||
install -O1 --root=%{buildroot}
|
install -O1 --root=%{buildroot}
|
||||||
%find_lang %{name}
|
%find_lang %{name}
|
||||||
|
|
||||||
|
%if %{without virtconvert}
|
||||||
|
find %{buildroot} -name virt-convert\* -delete
|
||||||
|
rm -rf %{buildroot}/%{_datadir}/%{name}/virtconv
|
||||||
|
%endif
|
||||||
|
|
||||||
# Replace '#!/usr/bin/env python3' with '#!/usr/bin/python3'
|
# Replace '#!/usr/bin/env python3' with '#!/usr/bin/python3'
|
||||||
# The format is ideal for upstream, but not a distro. See:
|
# The format is ideal for upstream, but not a distro. See:
|
||||||
# https://fedoraproject.org/wiki/Features/SystemPythonExecutablesUseSystemPython
|
# https://fedoraproject.org/wiki/Features/SystemPythonExecutablesUseSystemPython
|
||||||
@ -208,47 +185,62 @@ done
|
|||||||
%files common -f %{name}.lang
|
%files common -f %{name}.lang
|
||||||
%dir %{_datadir}/%{name}
|
%dir %{_datadir}/%{name}
|
||||||
|
|
||||||
%{_datadir}/%{name}/virtcli
|
%if %{with virtconvert}
|
||||||
%{_datadir}/%{name}/virtconv
|
%{_datadir}/%{name}/virtconv
|
||||||
|
%endif
|
||||||
%{_datadir}/%{name}/virtinst
|
%{_datadir}/%{name}/virtinst
|
||||||
|
|
||||||
|
|
||||||
%files -n virt-install
|
%files -n virt-install
|
||||||
%{_mandir}/man1/virt-install.1*
|
%{_mandir}/man1/virt-install.1*
|
||||||
%{_mandir}/man1/virt-clone.1*
|
%{_mandir}/man1/virt-clone.1*
|
||||||
%{_mandir}/man1/virt-convert.1*
|
|
||||||
%{_mandir}/man1/virt-xml.1*
|
%{_mandir}/man1/virt-xml.1*
|
||||||
|
|
||||||
%{_datadir}/%{name}/virt-install
|
%{_datadir}/%{name}/virt-install
|
||||||
%{_datadir}/%{name}/virt-clone
|
%{_datadir}/%{name}/virt-clone
|
||||||
%{_datadir}/%{name}/virt-convert
|
|
||||||
%{_datadir}/%{name}/virt-xml
|
%{_datadir}/%{name}/virt-xml
|
||||||
|
|
||||||
|
%{_datadir}/bash-completion/completions/virt-install
|
||||||
|
%{_datadir}/bash-completion/completions/virt-clone
|
||||||
|
%{_datadir}/bash-completion/completions/virt-xml
|
||||||
|
|
||||||
%{_bindir}/virt-install
|
%{_bindir}/virt-install
|
||||||
%{_bindir}/virt-clone
|
%{_bindir}/virt-clone
|
||||||
%{_bindir}/virt-convert
|
|
||||||
%{_bindir}/virt-xml
|
%{_bindir}/virt-xml
|
||||||
|
|
||||||
|
%if %{with virtconvert}
|
||||||
|
%{_bindir}/virt-convert
|
||||||
|
%{_datadir}/bash-completion/completions/virt-convert
|
||||||
|
%{_datadir}/%{name}/virt-convert
|
||||||
|
%{_mandir}/man1/virt-convert.1*
|
||||||
|
%endif
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Mon Jun 3 2019 Pavel Hrdina <phrdina@redhat.com> - 2.0.0-5.1.el8
|
* Fri Aug 16 2019 Pavel Hrdina <phrdina@redhat.com> - 2.2.1-2
|
||||||
- cli: Fix pool=default when path belongs to another pool (bz 1692489) (rhbz#1714752)
|
- man: virt-install: Fix a couple of launchSecurity related typos (rhbz#1741846)
|
||||||
- tests: clitest: Add a test case for the last commit (rhbz#1714752)
|
|
||||||
- domcapabilities: introduce get_cpu_security_features (rhbz#1716402)
|
|
||||||
- domain: cpu: introduce set_model function (rhbz#1716402)
|
|
||||||
- domain: cpu: automatically add CPU security features for "custom" mode (rhbz#1716402)
|
|
||||||
- domcapabilities: remove recommended CPU features from security features (rhbz#1716402)
|
|
||||||
- domcapabilities: fix typo in function name (rhbz#1716402)
|
|
||||||
- cli: introduce CPU secure parameter (rhbz#1716402)
|
|
||||||
- domcapabilities: add caching of CPU security features (rhbz#1716402)
|
|
||||||
- virt-manager: add new checkbox to control CPU security features (rhbz#1716402)
|
|
||||||
- DomainCpu: fix detection of CPU security features (rhbz#1716402)
|
|
||||||
- DomainCpu: check CPU model name only if model exists (rhbz#1716402)
|
|
||||||
- domcapabilities: detect MDS new vulnerability (rhbz#1716402)
|
|
||||||
- cli: fix cpu secure option to actually work (rhbz#1716402)
|
|
||||||
|
|
||||||
* Thu Mar 21 2019 Pavel Hrdina <phrdina@redhat.com> - 2.0.0-5
|
* Thu Jul 11 2019 Pavel Hrdina <phrdina@redhat.com> - 2.2.1-1
|
||||||
- urldetect: Check also for 'treeinfo' (bz 1689252) (rhbz#1689252)
|
- Rebased to virt-manager-2.2.1 (rhbz#1726535)
|
||||||
|
- The rebase also fixes the following bugs:
|
||||||
|
rhbz#1727881, rhbz#1724287, rhbz#1727811
|
||||||
|
- spec: add gtksourceview3 dependency introduced by upstream (rhbz#1722820)
|
||||||
|
- guest: fix warning message when machine type is changed for secure boot (rhbz#1727811)
|
||||||
|
|
||||||
|
* Mon Jun 24 2019 Pavel Hrdina <phrdina@redhat.com> - 2.2.0-2
|
||||||
|
- xmleditor: Handle gtksourceview3 as well as gtksourceview4 (rhbz#1722820)
|
||||||
|
- xmleditor: Fix the gtksource version checking (rhbz#1722820)
|
||||||
|
- spec: add gtksourceview3 dependency introduced by upstream (rhbz#1722820)
|
||||||
|
|
||||||
|
* Mon Jun 17 2019 Pavel Hrdina <phrdina@redhat.com> - 2.2.0-1
|
||||||
|
- Rebased to virt-manager-2.2.0 (rhbz#1721001)
|
||||||
|
- The rebase also fixes the following bugs:
|
||||||
|
rhbz#1718065, rhbz#1714304, rhbz#1709857, rhbz#1707379, rhbz#1700354
|
||||||
|
rhbz#1692489, rhbz#1690687, rhbz#1690685, rhbz#1683609, rhbz#1679018
|
||||||
|
rhbz#1677019, rhbz#1671599, rhbz#1667025, rhbz#1666597, rhbz#1663430
|
||||||
|
rhbz#1661867, rhbz#1660467, rhbz#1660123, rhbz#1659354, rhbz#1658511
|
||||||
|
rhbz#1648939, rhbz#1599139, rhbz#1508147, rhbz#1501608
|
||||||
|
- spec: add build dependencies that are now required for build (rhbz#1721001)
|
||||||
|
|
||||||
* Fri Feb 8 2019 Pavel Hrdina <phrdina@redhat.com> - 2.0.0-4
|
* Fri Feb 8 2019 Pavel Hrdina <phrdina@redhat.com> - 2.0.0-4
|
||||||
- inspection: fix check of null icon (rhbz#1671278)
|
- inspection: fix check of null icon (rhbz#1671278)
|
||||||
|
Loading…
Reference in New Issue
Block a user