Reapply patches since we are using git format-patch --submodule=diff

- Don't comment out patch 0029 (the common submodule update).

- Use a common/.gitattributes trick to exclude files from the common
  patch that are not included in virt-v2v tarball.  This also requires
  some sed hacking.

NB: I tried using ':(exclude)...' stuff and it does not work for
submodules, at least not with the git version in RHEL 8.

For more info see private email thread "Customer case requiring our
assistance" in 2023.

Reviewed-by: Laszlo Ersek <lersek@redhat.com>
resolves: rhbz#2184183
This commit is contained in:
Richard W.M. Jones 2023-04-03 07:44:04 +01:00
parent f71d54102d
commit 2f9214744a
58 changed files with 479 additions and 349 deletions

View File

@ -36,6 +36,3 @@ index 7df17b29..4d0b8639 100644
let get_domain conn name =
let dom =
--
2.31.1

View File

@ -1,34 +0,0 @@
From 96ea18db4a4f2e336145553c0fbbba59ede2221e Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Mon, 30 Mar 2020 14:34:43 +0100
Subject: [PATCH 1/4] options: Use new cryptsetup-open API if available.
Fall back to luks-open if we're using libguestfs <= 1.43.1.
---
options/decrypt.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/options/decrypt.c b/options/decrypt.c
index 683cf5e..d868f70 100644
--- a/common/options/decrypt.c
+++ b/common/options/decrypt.c
@@ -97,11 +97,15 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
/* Try each key in turn. */
for (j = 0; keys[j] != NULL; ++j) {
- /* XXX Should we call guestfs_luks_open_ro if readonly flag
+ /* XXX Should we set GUESTFS_CRYPTSETUP_OPEN_READONLY if readonly
* is set? This might break 'mount_ro'.
*/
guestfs_push_error_handler (g, NULL, NULL);
+#ifdef GUESTFS_HAVE_CRYPTSETUP_OPEN
+ r = guestfs_cryptsetup_open (g, partitions[i], keys[j], mapname, -1);
+#else
r = guestfs_luks_open (g, partitions[i], keys[j], mapname);
+#endif
guestfs_pop_error_handler (g);
if (r == 0)
goto opened;
--
2.18.4

View File

@ -209,6 +209,3 @@ index 120a52f7..3cbca9d7 100644
-val input_libvirt_xen_ssh : Libvirt.rw Libvirt.Connect.t Lazy.t -> string option -> Xml.uri -> string -> string -> Types.input
+val input_libvirt_xen_ssh : Libvirt.rw Libvirt.Connect.t Lazy.t -> string -> string option -> Xml.uri -> string -> string -> Types.input
--
2.31.1

View File

@ -1,41 +0,0 @@
From f9770058fa3bd8871b8b4ded0b10d4be418224ae Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Mon, 7 Sep 2020 10:15:40 +0100
Subject: [PATCH 2/4] options: Use cryptX instead of luksX as the temporary
name.
---
options/decrypt.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/options/decrypt.c b/options/decrypt.c
index d868f70..45de5b2 100644
--- a/common/options/decrypt.c
+++ b/common/options/decrypt.c
@@ -38,18 +38,18 @@
/**
* Make a LUKS map name from the partition name,
- * eg. C<"/dev/vda2" =E<gt> "luksvda2">
+ * eg. C<"/dev/vda2" =E<gt> "cryptvda2">
*/
static void
make_mapname (const char *device, char *mapname, size_t len)
{
size_t i = 0;
- if (len < 5)
+ if (len < 6)
abort ();
- strcpy (mapname, "luks");
- mapname += 4;
- len -= 4;
+ strcpy (mapname, "crypt");
+ mapname += 5;
+ len -= 5;
if (STRPREFIX (device, "/dev/"))
i = 5;
--
2.18.4

View File

@ -1,56 +0,0 @@
From 778c08fe7b7eb00b7f48189dd1a3edf3f3be2625 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Mon, 30 Mar 2020 14:40:45 +0100
Subject: [PATCH 3/4] options: Support Windows BitLocker (RHBZ#1808977).
---
mltools/tools_utils.mli | 5 ++---
options/decrypt.c | 9 ++++-----
2 files changed, 6 insertions(+), 8 deletions(-)
diff --git a/mltools/tools_utils.mli b/mltools/tools_utils.mli
index 102abff..1d1ac8a 100644
--- a/common/mltools/tools_utils.mli
+++ b/common/mltools/tools_utils.mli
@@ -195,9 +195,8 @@ val is_btrfs_subvolume : Guestfs.guestfs -> string -> bool
(** Checks if a filesystem is a btrfs subvolume. *)
val inspect_decrypt : Guestfs.guestfs -> key_store -> unit
-(** Simple implementation of decryption: look for any [crypto_LUKS]
- partitions and decrypt them, then rescan for VGs. This only works
- for Fedora whole-disk encryption. *)
+(** Simple implementation of decryption: look for any encrypted
+ partitions and decrypt them, then rescan for VGs. *)
val with_timeout : string -> int -> ?sleep:int -> (unit -> 'a option) -> 'a
(** [with_timeout op timeout ?sleep fn] implements a timeout loop.
diff --git a/options/decrypt.c b/options/decrypt.c
index 45de5b2..8eb24bc 100644
--- a/common/options/decrypt.c
+++ b/common/options/decrypt.c
@@ -65,10 +65,8 @@ make_mapname (const char *device, char *mapname, size_t len)
}
/**
- * Simple implementation of decryption: look for any C<crypto_LUKS>
- * partitions and decrypt them, then rescan for VGs. This only works
- * for Fedora whole-disk encryption. WIP to make this work for other
- * encryption schemes.
+ * Simple implementation of decryption: look for any encrypted
+ * partitions and decrypt them, then rescan for VGs.
*/
void
inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
@@ -82,7 +80,8 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
for (i = 0; partitions[i] != NULL; ++i) {
CLEANUP_FREE char *type = guestfs_vfs_type (g, partitions[i]);
- if (type && STREQ (type, "crypto_LUKS")) {
+ if (type &&
+ (STREQ (type, "crypto_LUKS") || STREQ (type, "BitLocker"))) {
char mapname[32];
make_mapname (partitions[i], mapname, sizeof mapname);
--
2.18.4

View File

@ -29,6 +29,3 @@ index c28a4ced..4c128b0c 100644
let headers =
List.map (
--
2.31.1

View File

@ -1,50 +0,0 @@
From 132c355d3ba10b6ec303cbc059d6732056474695 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 6 Oct 2020 15:04:27 +0100
Subject: [PATCH 4/4] options: Ignore errors from guestfs_luks_uuid.
For BitLocker disks cryptsetup does not (yet? ever?) support reading
UUIDs and this function will fail. Skip reading the UUID in this
case.
Updates commit bb4a2dc17a78b53437896d4215ae82df8e11b788.
---
options/decrypt.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/options/decrypt.c b/options/decrypt.c
index 8eb24bc..434b7d5 100644
--- a/common/options/decrypt.c
+++ b/common/options/decrypt.c
@@ -25,6 +25,7 @@
#include <stdio.h>
#include <stdlib.h>
+#include <stdbool.h>
#include <string.h>
#include <libintl.h>
#include <error.h>
@@ -82,11 +83,19 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
CLEANUP_FREE char *type = guestfs_vfs_type (g, partitions[i]);
if (type &&
(STREQ (type, "crypto_LUKS") || STREQ (type, "BitLocker"))) {
+ bool is_bitlocker = STREQ (type, "BitLocker");
char mapname[32];
make_mapname (partitions[i], mapname, sizeof mapname);
#ifdef GUESTFS_HAVE_LUKS_UUID
- CLEANUP_FREE char *uuid = guestfs_luks_uuid (g, partitions[i]);
+ CLEANUP_FREE char *uuid = NULL;
+
+ /* This fails for Windows BitLocker disks because cryptsetup
+ * luksUUID cannot read a UUID (unclear if this is a limitation
+ * of the format or cryptsetup).
+ */
+ if (!is_bitlocker)
+ uuid = guestfs_luks_uuid (g, partitions[i]);
#else
const char *uuid = NULL;
#endif
--
2.18.4

View File

@ -92,6 +92,3 @@ index 05553c4f..5a1fba0f 100644
] [];
(match pool with
| None ->
--
2.31.1

View File

@ -46,6 +46,3 @@ index 979c3773..402dfd0e 100644
cmd, args
)
else cmd, [] in
--
2.31.1

View File

@ -44,6 +44,3 @@ index 402dfd0e..bfda91a7 100644
(* Caching extents speeds up qemu-img, especially its consecutive
* block_status requests with req_one=1.
--
2.31.1

View File

@ -111,6 +111,3 @@ index bfda91a7..47832011 100644
let run cmd =
let sock, _ = Nbdkit.run_unix cmd in
--
2.31.1

View File

@ -52,6 +52,3 @@ index 47832011..f5e91911 100644
| PasswordFile password_file ->
Nbdkit.add_arg cmd "password" ("+" ^ password_file) in
--
2.31.1

View File

@ -39,6 +39,3 @@ index 1ab6bb4d..497840c2 100644
typedef OsinfoDb *OsinfoDb_t;
typedef OsinfoOs *OsinfoOs_t;
--
2.31.1

View File

@ -11,7 +11,7 @@ Subject: [PATCH] v2v: Use common documentation for --keys-from-stdin.
Submodule common be42b0b8..5ea1baec:
diff --git a/common/options/Makefile.am b/common/options/Makefile.am
index b38fedc..f7ea749 100644
index b38fedc7..f7ea7493 100644
--- a/common/options/Makefile.am
+++ b/common/options/Makefile.am
@@ -19,6 +19,7 @@ include $(top_srcdir)/subdir-rules.mk
@ -24,7 +24,7 @@ index b38fedc..f7ea749 100644
# liboptions.la contains guestfish code which is used in other
diff --git a/common/options/keys-from-stdin-option.pod b/common/options/keys-from-stdin-option.pod
new file mode 100644
index 0000000..03c5339
index 00000000..03c5339b
--- /dev/null
+++ b/common/options/keys-from-stdin-option.pod
@@ -0,0 +1,4 @@
@ -55,6 +55,3 @@ index a00fa8af..74934eb4 100644
=item B<--mac> aa:bb:cc:dd:ee:ffB<:network:>out
--
2.31.1

View File

@ -11,7 +11,7 @@ Subject: [PATCH] docs: Multiple keys must be supplied one per line
Submodule common 5ea1baec..9338df5e:
diff --git a/common/options/keys-from-stdin-option.pod b/common/options/keys-from-stdin-option.pod
index 03c5339..8379039 100644
index 03c5339b..83790394 100644
--- a/common/options/keys-from-stdin-option.pod
+++ b/common/options/keys-from-stdin-option.pod
@@ -2,3 +2,6 @@
@ -21,6 +21,3 @@ index 03c5339..8379039 100644
+
+If there are multiple encrypted devices then you may need to supply
+multiple keys on stdin, one per line.
--
2.31.1

View File

@ -121,6 +121,3 @@ index 249137ab..3b74f307 100644
in
let no_trim_warning _ =
--
2.31.1

View File

@ -28,6 +28,3 @@ index 4d0b8639..1a24b049 100644
List.map (
function
| { Libvirt.Connect.typ = Libvirt.Connect.CredentialPassphrase } -> password
--
2.31.1

View File

@ -28,6 +28,3 @@ index be3a3c5e..85d08265 100644
let flag = Qemuopts.flag cmd
and arg = Qemuopts.arg cmd
--
2.31.1

View File

@ -100,6 +100,3 @@ index 3b74f307..df69e2e0 100644
Output_qemu.output_qemu os qemu_boot,
output_format, output_alloc
--
2.31.1

View File

@ -29,6 +29,3 @@ index ccbb9d68..c2940582 100644
(* Find the UEFI firmware. *)
let find_uefi_firmware guest_arch =
--
2.31.1

View File

@ -74,6 +74,3 @@ index f1da222a..ff94fe39 100755
diff -u "$expected" "$response"
# We also update the Registry several times, for firstboot, and (ONLY
--
2.31.1

View File

@ -281,6 +281,3 @@ index df69e2e0..7b79d462 100644
(* Common error message. *)
let error_option_cannot_be_used_in_output_mode mode opt =
error (f_"-o %s: %s option cannot be used in this output mode") mode opt
--
2.31.1

View File

@ -21,6 +21,3 @@ index d146e84c..4e403003 100644
s_listen = LNoListen; s_port = None };
s_video = None;
s_sound = None;
--
2.31.1

View File

@ -21,6 +21,3 @@ index 3b3cf0f0..32da2848 100644
=head1 INPUT FROM XEN
--
2.31.1

View File

@ -84,6 +84,3 @@ index d3e6260e..471102da 100644
storage_domains=[
types.StorageDomain(
name=params['output_storage'],
--
2.31.1

View File

@ -22,6 +22,3 @@ index 33c5e9a2..b1ea8f9d 100644
type script = {
tmpdir : string; (* Temporary directory. *)
--
2.31.1

View File

@ -120,6 +120,3 @@ index 8333366b..a5150907 100644
=head2 Guest firmware
--
2.31.1

View File

@ -383,6 +383,3 @@ index 73edff2c..a58ff433 100644
rename ov.ov_overlay_file saved_filename;
info (f_"Overlay saved as %s [--debug-overlays]") saved_filename
) overlays
--
2.31.1

View File

@ -29,6 +29,3 @@ index 179b0edf..fdc04b02 100644
(* List of Cinder volume IDs. *)
val mutable volume_ids = []
--
2.31.1

View File

@ -39,6 +39,3 @@ index ba26949f..f2f7b95c 100644
(*----------------------------------------------------------------------*)
(* Perform the conversion of the Windows guest. *)
--
2.31.1

View File

@ -132,6 +132,3 @@ index f2f7b95c..84db742f 100644
(*----------------------------------------------------------------------*)
(* Perform the conversion of the Windows guest. *)
--
2.31.1

View File

@ -57,6 +57,3 @@ index 84db742f..44cef5ed 100644
(*----------------------------------------------------------------------*)
(* Perform the conversion of the Windows guest. *)
--
2.31.1

View File

@ -0,0 +1,447 @@
From 9292a4637e8f4d534f4dde70e8e5451f61ad0162 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 19 Jan 2021 14:22:33 +0000
Subject: [PATCH] Update common/ submodule to latest upstream.
Only for RHEL AV 8.4.0, allowing this branch to be compiled
from git with libguestfs 1.44.
---
common | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Submodule common 9338df5e...be09523d:
diff --git a/common/mlcustomize/SELinux_relabel.ml b/common/mlcustomize/SELinux_relabel.ml
index 44995df6..5ecf7bd7 100644
--- a/common/mlcustomize/SELinux_relabel.ml
+++ b/common/mlcustomize/SELinux_relabel.ml
@@ -28,65 +28,80 @@ module G = Guestfs
let array_find a l =
List.mem a (Array.to_list l)
-let relabel (g : G.guestfs) =
- (* Is the guest using SELinux? *)
- if g#is_file ~followsymlinks:true "/usr/sbin/load_policy" &&
- g#is_file ~followsymlinks:true "/etc/selinux/config" then (
- (* Is setfiles / SELinux relabelling functionality available? *)
- if g#feature_available [| "selinuxrelabel" |] then (
- (* Use Augeas to parse /etc/selinux/config. *)
- g#aug_init "/" (16+32) (* AUG_SAVE_NOOP | AUG_NO_LOAD *);
- (* See: https://bugzilla.redhat.com/show_bug.cgi?id=975412#c0 *)
- ignore (g#aug_rm "/augeas/load/*[\"/etc/selinux/config/\" !~ regexp('^') + glob(incl) + regexp('/.*')]");
- g#aug_load ();
- debug_augeas_errors g;
-
- (* Get the SELinux policy name, eg. "targeted", "minimum".
- * Use "targeted" if not specified, just like libselinux does.
- *)
- let policy =
- let config_path = "/files/etc/selinux/config" in
- let selinuxtype_path = config_path ^ "/SELINUXTYPE" in
- let keys = g#aug_ls config_path in
- if array_find selinuxtype_path keys then
- g#aug_get selinuxtype_path
- else
- "targeted" in
-
- g#aug_close ();
-
- (* Get the spec file name. *)
- let specfile =
- sprintf "/etc/selinux/%s/contexts/files/file_contexts" policy in
-
- (* RHEL 6.2 - 6.5 had a malformed specfile that contained the
- * invalid regular expression "/var/run/spice-vdagentd.\pid"
- * (instead of "\.p"). This stops setfiles from working on
- * the guest.
- *
- * Because an SELinux relabel writes all over the filesystem,
- * it seems reasonable to fix this problem in the specfile
- * at the same time. (RHBZ#1374232)
- *)
- if g#grep ~fixed:true "vdagentd.\\pid" specfile <> [||] then (
- debug "fixing invalid regular expression in %s" specfile;
- let old_specfile = specfile ^ "~" in
- g#mv specfile old_specfile;
- let content = g#read_file old_specfile in
- let content =
- String.replace content "vdagentd.\\pid" "vdagentd\\.pid" in
- g#write specfile content;
- g#copy_attributes ~all:true old_specfile specfile
- );
-
- (* Relabel everything. *)
- g#selinux_relabel ~force:true specfile "/";
-
- (* If that worked, we don't need to autorelabel. *)
+let rec relabel (g : G.guestfs) =
+ (* Is the guest using SELinux? (Otherwise this is a no-op). *)
+ if is_selinux_guest g then (
+ try
+ use_setfiles g;
+ (* That worked, so we don't need to autorelabel. *)
g#rm_f "/.autorelabel"
- )
- else (
- (* SELinux guest, but not SELinux host. Fallback to this. *)
+ with Failure _ ->
+ (* This is the fallback in case something in the setfiles
+ * method didn't work. That includes the case where a non-SELinux
+ * host is processing an SELinux guest, and other things.
+ *)
g#touch "/.autorelabel"
- )
)
+
+and is_selinux_guest g =
+ g#is_file ~followsymlinks:true "/usr/sbin/load_policy" &&
+ g#is_file ~followsymlinks:true "/etc/selinux/config"
+
+and use_setfiles g =
+ (* Is setfiles / SELinux relabelling functionality available? *)
+ if not (g#feature_available [| "selinuxrelabel" |]) then
+ failwith "no selinux relabel feature";
+
+ (* Use Augeas to parse /etc/selinux/config. *)
+ g#aug_init "/" (16+32) (* AUG_SAVE_NOOP | AUG_NO_LOAD *);
+ (* See: https://bugzilla.redhat.com/show_bug.cgi?id=975412#c0 *)
+ ignore (g#aug_rm "/augeas/load/*[\"/etc/selinux/config/\" !~ regexp('^') + glob(incl) + regexp('/.*')]");
+ g#aug_load ();
+ debug_augeas_errors g;
+
+ (* Get the SELinux policy name, eg. "targeted", "minimum".
+ * Use "targeted" if not specified, just like libselinux does.
+ *)
+ let policy =
+ let config_path = "/files/etc/selinux/config" in
+ let selinuxtype_path = config_path ^ "/SELINUXTYPE" in
+ let keys = g#aug_ls config_path in
+ if array_find selinuxtype_path keys then
+ g#aug_get selinuxtype_path
+ else
+ "targeted" in
+
+ g#aug_close ();
+
+ (* Get the spec file name. *)
+ let specfile =
+ sprintf "/etc/selinux/%s/contexts/files/file_contexts" policy in
+
+ (* If the spec file doesn't exist then fall back to using
+ * autorelabel (RHBZ#1828952).
+ *)
+ if not (g#is_file ~followsymlinks:true specfile) then
+ failwith "no spec file";
+
+ (* RHEL 6.2 - 6.5 had a malformed specfile that contained the
+ * invalid regular expression "/var/run/spice-vdagentd.\pid"
+ * (instead of "\.p"). This stops setfiles from working on
+ * the guest.
+ *
+ * Because an SELinux relabel writes all over the filesystem,
+ * it seems reasonable to fix this problem in the specfile
+ * at the same time. (RHBZ#1374232)
+ *)
+ if g#grep ~fixed:true "vdagentd.\\pid" specfile <> [||] then (
+ debug "fixing invalid regular expression in %s" specfile;
+ let old_specfile = specfile ^ "~" in
+ g#mv specfile old_specfile;
+ let content = g#read_file old_specfile in
+ let content =
+ String.replace content "vdagentd.\\pid" "vdagentd\\.pid" in
+ g#write specfile content;
+ g#copy_attributes ~all:true old_specfile specfile
+ );
+
+ (* Relabel everything. *)
+ g#selinux_relabel ~force:true specfile "/"
diff --git a/common/mltools/Makefile.am b/common/mltools/Makefile.am
index 3b4172db..aea2dce9 100644
--- a/common/mltools/Makefile.am
+++ b/common/mltools/Makefile.am
@@ -95,6 +95,7 @@ libmltools_a_CPPFLAGS = \
-I$(shell $(OCAMLC) -where) \
-I$(top_srcdir)/common/utils \
-I$(top_srcdir)/lib \
+ $(INCLUDE_DIRECTORY) \
-I$(top_srcdir)/common/options \
-I$(top_srcdir)/common/mlgettext \
-I$(top_srcdir)/common/mlpcre \
diff --git a/common/mltools/tools_utils.ml b/common/mltools/tools_utils.ml
index 12718022..d54ec581 100644
--- a/common/mltools/tools_utils.ml
+++ b/common/mltools/tools_utils.ml
@@ -679,3 +679,53 @@ let with_timeout op timeout ?(sleep = 2) fn =
loop ()
in
loop ()
+
+let run_in_guest_command g root ?logfile ?incompatible_fn cmd =
+ (* Is the host_cpu compatible with the guest arch? ie. Can we
+ * run commands in this guest?
+ *)
+ let guest_arch = g#inspect_get_arch root in
+ let guest_arch_compatible = guest_arch_compatible guest_arch in
+ if not guest_arch_compatible then (
+ match incompatible_fn with
+ | None -> ()
+ | Some fn -> fn ()
+ )
+ else (
+ (* Add a prologue to the scripts:
+ * - Pass environment variables through from the host.
+ * - Optionally send stdout and stderr to a log file so we capture
+ * all output in error messages.
+ * - Use setarch when running x86_64 host + i686 guest.
+ *)
+ let env_vars =
+ List.filter_map (
+ fun name ->
+ try Some (sprintf "export %s=%s" name (quote (Sys.getenv name)))
+ with Not_found -> None
+ ) [ "http_proxy"; "https_proxy"; "ftp_proxy"; "no_proxy" ] in
+ let env_vars = String.concat "\n" env_vars ^ "\n" in
+
+ let cmd =
+ match Guestfs_config.host_cpu, guest_arch with
+ | "x86_64", ("i386"|"i486"|"i586"|"i686") ->
+ sprintf "setarch i686 <<\"__EOCMD\"
+%s
+__EOCMD
+" cmd
+ | _ -> cmd in
+
+ let logfile_redirect =
+ match logfile with
+ | None -> ""
+ | Some logfile -> sprintf "exec >>%s 2>&1" (quote logfile) in
+
+ let cmd = sprintf "\
+%s
+%s
+%s
+" (logfile_redirect) env_vars cmd in
+
+ debug "running command:\n%s" cmd;
+ ignore (g#sh cmd)
+ )
diff --git a/common/mltools/tools_utils.mli b/common/mltools/tools_utils.mli
index ab70f583..1d1ac8a8 100644
--- a/common/mltools/tools_utils.mli
+++ b/common/mltools/tools_utils.mli
@@ -195,9 +195,8 @@ val is_btrfs_subvolume : Guestfs.guestfs -> string -> bool
(** Checks if a filesystem is a btrfs subvolume. *)
val inspect_decrypt : Guestfs.guestfs -> key_store -> unit
-(** Simple implementation of decryption: look for any [crypto_LUKS]
- partitions and decrypt them, then rescan for VGs. This only works
- for Fedora whole-disk encryption. *)
+(** Simple implementation of decryption: look for any encrypted
+ partitions and decrypt them, then rescan for VGs. *)
val with_timeout : string -> int -> ?sleep:int -> (unit -> 'a option) -> 'a
(** [with_timeout op timeout ?sleep fn] implements a timeout loop.
@@ -212,3 +211,13 @@ val with_timeout : string -> int -> ?sleep:int -> (unit -> 'a option) -> 'a
calls {!error} and the program exits. The error message will
contain the diagnostic string [op] to identify the operation
which timed out. *)
+
+val run_in_guest_command : Guestfs.guestfs -> string -> ?logfile:string -> ?incompatible_fn:(unit -> unit) -> string -> unit
+(** [run_in_guest_command g root ?incompatible_archs_fn cmd]
+ runs a command in the guest, which is already mounted for the
+ specified [root]. The command is run directly in case the
+ architecture of the host and the guest are compatible, optionally
+ calling [?incompatible_fn] in case they are not.
+
+ [?logfile] is an optional file in the guest to where redirect
+ stdout and stderr of the command. *)
diff --git a/common/mlutils/unix_utils-c.c b/common/mlutils/unix_utils-c.c
index 33099611..8acf0395 100644
--- a/common/mlutils/unix_utils-c.c
+++ b/common/mlutils/unix_utils-c.c
@@ -77,6 +77,7 @@ extern value guestfs_int_mllib_mkdtemp (value val_pattern);
extern value guestfs_int_mllib_realpath (value pathv);
extern value guestfs_int_mllib_statvfs_statvfs (value pathv);
extern value guestfs_int_mllib_statvfs_is_network_filesystem (value pathv);
+extern value guestfs_int_mllib_sysconf_nr_processors_online (value unitv);
/* NB: This is a "noalloc" call. */
value
@@ -368,3 +369,17 @@ guestfs_int_mllib_statvfs_is_network_filesystem (value pathv)
return Val_bool (0);
#endif
}
+
+/* NB: This is a "noalloc" call. */
+value
+guestfs_int_mllib_sysconf_nr_processors_online (value unitv)
+{
+#ifdef _SC_NPROCESSORS_ONLN
+ long n;
+
+ n = sysconf (_SC_NPROCESSORS_ONLN);
+ if (n > 0) return Val_int (n);
+#endif
+ /* Return a safe value so that callers don't need to deal with errors. */
+ return Val_int (1);
+}
diff --git a/common/mlutils/unix_utils.ml b/common/mlutils/unix_utils.ml
index 52eb824d..2bdda12a 100644
--- a/common/mlutils/unix_utils.ml
+++ b/common/mlutils/unix_utils.ml
@@ -84,3 +84,8 @@ module StatVFS = struct
external is_network_filesystem : string -> bool =
"guestfs_int_mllib_statvfs_is_network_filesystem" "noalloc"
end
+
+module Sysconf = struct
+ external nr_processors_online : unit -> int =
+ "guestfs_int_mllib_sysconf_nr_processors_online" "noalloc"
+end
diff --git a/common/mlutils/unix_utils.mli b/common/mlutils/unix_utils.mli
index 4fcea4a3..aead4df2 100644
--- a/common/mlutils/unix_utils.mli
+++ b/common/mlutils/unix_utils.mli
@@ -121,3 +121,12 @@ module StatVFS : sig
(** [is_network_filesystem path] returns true if [path] is located on
a network filesystem such as NFS or CIFS. *)
end
+
+module Sysconf : sig
+ val nr_processors_online : unit -> int
+ (** [nr_processors_online ()] returns the number of processors
+ currently online, from [sysconf (_SC_NPROCESSORS_ONLN)].
+
+ Note this never fails. In case we cannot get the number of
+ cores it returns 1. *)
+end
diff --git a/common/options/Makefile.am b/common/options/Makefile.am
index f7ea7493..162d143b 100644
--- a/common/options/Makefile.am
+++ b/common/options/Makefile.am
@@ -41,8 +41,9 @@ liboptions_la_SOURCES = \
liboptions_la_CPPFLAGS = \
-DGUESTFS_NO_DEPRECATED=1 \
-I$(top_srcdir)/common/utils -I$(top_builddir)/common/utils \
+ -I$(top_srcdir)/gnulib/lib -I$(top_builddir)/gnulib/lib \
-I$(top_srcdir)/lib -I$(top_builddir)/lib \
- -I$(top_srcdir)/gnulib/lib -I$(top_builddir)/gnulib/lib
+ $(INCLUDE_DIRECTORY)
liboptions_la_CFLAGS = \
$(WARN_CFLAGS) $(WERROR_CFLAGS) \
$(LIBCONFIG_CFLAGS) \
diff --git a/common/options/decrypt.c b/common/options/decrypt.c
index 683cf5ed..434b7d58 100644
--- a/common/options/decrypt.c
+++ b/common/options/decrypt.c
@@ -25,6 +25,7 @@
#include <stdio.h>
#include <stdlib.h>
+#include <stdbool.h>
#include <string.h>
#include <libintl.h>
#include <error.h>
@@ -38,18 +39,18 @@
/**
* Make a LUKS map name from the partition name,
- * eg. C<"/dev/vda2" =E<gt> "luksvda2">
+ * eg. C<"/dev/vda2" =E<gt> "cryptvda2">
*/
static void
make_mapname (const char *device, char *mapname, size_t len)
{
size_t i = 0;
- if (len < 5)
+ if (len < 6)
abort ();
- strcpy (mapname, "luks");
- mapname += 4;
- len -= 4;
+ strcpy (mapname, "crypt");
+ mapname += 5;
+ len -= 5;
if (STRPREFIX (device, "/dev/"))
i = 5;
@@ -65,10 +66,8 @@ make_mapname (const char *device, char *mapname, size_t len)
}
/**
- * Simple implementation of decryption: look for any C<crypto_LUKS>
- * partitions and decrypt them, then rescan for VGs. This only works
- * for Fedora whole-disk encryption. WIP to make this work for other
- * encryption schemes.
+ * Simple implementation of decryption: look for any encrypted
+ * partitions and decrypt them, then rescan for VGs.
*/
void
inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
@@ -82,12 +81,21 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
for (i = 0; partitions[i] != NULL; ++i) {
CLEANUP_FREE char *type = guestfs_vfs_type (g, partitions[i]);
- if (type && STREQ (type, "crypto_LUKS")) {
+ if (type &&
+ (STREQ (type, "crypto_LUKS") || STREQ (type, "BitLocker"))) {
+ bool is_bitlocker = STREQ (type, "BitLocker");
char mapname[32];
make_mapname (partitions[i], mapname, sizeof mapname);
#ifdef GUESTFS_HAVE_LUKS_UUID
- CLEANUP_FREE char *uuid = guestfs_luks_uuid (g, partitions[i]);
+ CLEANUP_FREE char *uuid = NULL;
+
+ /* This fails for Windows BitLocker disks because cryptsetup
+ * luksUUID cannot read a UUID (unclear if this is a limitation
+ * of the format or cryptsetup).
+ */
+ if (!is_bitlocker)
+ uuid = guestfs_luks_uuid (g, partitions[i]);
#else
const char *uuid = NULL;
#endif
@@ -97,11 +105,15 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
/* Try each key in turn. */
for (j = 0; keys[j] != NULL; ++j) {
- /* XXX Should we call guestfs_luks_open_ro if readonly flag
+ /* XXX Should we set GUESTFS_CRYPTSETUP_OPEN_READONLY if readonly
* is set? This might break 'mount_ro'.
*/
guestfs_push_error_handler (g, NULL, NULL);
+#ifdef GUESTFS_HAVE_CRYPTSETUP_OPEN
+ r = guestfs_cryptsetup_open (g, partitions[i], keys[j], mapname, -1);
+#else
r = guestfs_luks_open (g, partitions[i], keys[j], mapname);
+#endif
guestfs_pop_error_handler (g);
if (r == 0)
goto opened;
diff --git a/common/options/uri.c b/common/options/uri.c
index ac36bccb..6b696fc2 100644
--- a/common/options/uri.c
+++ b/common/options/uri.c
@@ -194,6 +194,7 @@ parse (const char *arg, char **path_ret, char **protocol_ret,
if (path && path[0] == '/' &&
(STREQ (uri->scheme, "gluster") ||
STREQ (uri->scheme, "iscsi") ||
+ STREQ (uri->scheme, "nbd") ||
STREQ (uri->scheme, "rbd") ||
STREQ (uri->scheme, "sheepdog")))
path++;
diff --git a/common/utils/guestfs-stringlists-utils.h b/common/utils/guestfs-stringlists-utils.h
index 0bac1587..ade3b6f3 100644
--- a/common/utils/guestfs-stringlists-utils.h
+++ b/common/utils/guestfs-stringlists-utils.h
@@ -21,7 +21,8 @@
/* stringlists-utils.c */
extern void guestfs_int_free_string_list (char **);
-extern size_t guestfs_int_count_strings (char *const *);
+extern size_t guestfs_int_count_strings (char *const *)
+ __attribute__((__nonnull__ (1)));
extern char *guestfs_int_concat_strings (char *const *);
extern char **guestfs_int_copy_string_list (char *const *);
extern char *guestfs_int_join_strings (const char *sep, char *const *);

View File

@ -78,6 +78,3 @@ index 471102da..7cd6dea6 100644
http = optimize_http(http, host, options)
except:
cancel_transfer(connection, transfer)
--
2.31.1

View File

@ -32,6 +32,3 @@ index 44cef5ed..4d844e2d 100644
"
msi_path msi_path msi_path in
Firstboot.add_firstboot_script g inspect.i_root
--
2.31.1

View File

@ -27,6 +27,3 @@ index 4d844e2d..33fbd410 100644
(* Install RHEV-APT only if appropriate for the output hypervisor. *)
if output#install_rhev_apt then (
--
2.31.1

View File

@ -22,6 +22,3 @@ index a5150907..1ffc0f9d 100644
=item UEFI on oVirt or RHV
--
2.31.1

View File

@ -42,6 +42,3 @@ index 78623d97..f5a3abad 100644
Virt-v2v adds metadata for the guest to Glance, describing such things
as the guest operating system and what drivers it requires. The
--
2.31.1

View File

@ -147,6 +147,3 @@ index a58ff433..1f8d0138 100644
| TargetURI _ ->
(* XXX For the moment we assume that qemu URI outputs
--
2.31.1

View File

@ -37,6 +37,3 @@ index f5e91911..7c177e35 100644
(* Caching extents speeds up qemu-img, especially its consecutive
* block_status requests with req_one=1.
--
2.31.1

View File

@ -32,6 +32,3 @@ index e4df920e..ae8964dd 100644
=head1 SEE ALSO
L<virt-v2v(1)>.
--
2.31.1

View File

@ -126,6 +126,3 @@ index 1f8d0138..bde51885 100644
(* Not all the filesystems have inode counts. *)
if files > 0L && ffree < needed_inodes then
error (f_"not enough available inodes for conversion on filesystem %s. %Ld inodes available < %Ld inodes needed")
--
2.31.1

View File

@ -25,6 +25,3 @@ index 4e00cd61..b8256bad 100644
match rcaps.rcaps_video, has_qxl with
| Some QXL, false ->
error (f_"there is no QXL driver for this version of Windows (%d.%d %s). virt-v2v looks for this driver in %s")
--
2.31.1

View File

@ -23,6 +23,3 @@ index 1ffc0f9d..a9bfffab 100644
=item UEFI on oVirt or RHV
--
2.31.1

View File

@ -55,6 +55,3 @@ index bde51885..8af86687 100644
(* For everything else, just make sure there is some free space. *)
| _ -> 10
in
--
2.31.1

View File

@ -174,6 +174,3 @@ index 7cd6dea6..61ade1a8 100644
def transfer_supports_format():
--
2.31.1

View File

@ -75,6 +75,3 @@ index 33fbd410..13de10cb 100644
)
)
--
2.31.1

View File

@ -270,6 +270,3 @@ index 4c128b0c..ead03364 100644
let qemu_uri = Nbdkit_sources.run nbdkit in
(* Return the struct. *)
--
2.31.1

View File

@ -39,6 +39,3 @@ index 13de10cb..6c7440aa 100644
"
msi_path msi_path msi_path in
Firstboot.add_firstboot_script g inspect.i_root
--
2.31.1

View File

@ -206,6 +206,3 @@ index 8af86687..203b93f1 100644
(* What really happens here is that the call to #disk_create
* below fails if the format is not raw or qcow2. We would
--
2.31.1

View File

@ -39,6 +39,3 @@ index 27e08135..e65fbf4a 100644
(match xpath_string "/volume/@type" with
| None | Some "file" ->
--
2.31.1

View File

@ -177,6 +177,3 @@ index 50bb7e34..8887c52b 100644
+ raise RuntimeError(
+ "Timed out waiting for VM creation!"
+ " Jobs still running for correlation id %s" % correlation_id)
--
2.31.1

View File

@ -91,6 +91,3 @@ index 00000000..7c593139
+ -o null
+
+rm -rf $d
--
2.31.1

View File

@ -61,6 +61,3 @@ index 568ac5fa..fc413d2a 100644
(* Return true if [libvirt] supports ["json:"] pseudo-URLs and accepts the
* ["raw"] driver. Function also returns true if [libvirt] backend is not
--
2.31.1

View File

@ -93,6 +93,3 @@ index b8a3c8ad..554fde1d 100644
(* See if this guest could use UEFI to boot. It should use GPT and
* it should have an EFI System Partition (ESP).
*
--
2.31.1

View File

@ -16,7 +16,7 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Submodule common be09523d..1174b443:
diff --git a/common/options/keys.c b/common/options/keys.c
index 798315c..d27a712 100644
index 798315c2..d27a7123 100644
--- a/common/options/keys.c
+++ b/common/options/keys.c
@@ -128,17 +128,23 @@ read_first_line_from_file (const char *filename)
@ -48,6 +48,3 @@ index 798315c..d27a712 100644
if (r == NULL)
error (EXIT_FAILURE, errno, "calloc");
--
2.31.1

View File

@ -6,7 +6,7 @@ set -e
# directory. Use it like this:
# ./copy-patches.sh
rhel_version=8.7.0
rhel_version=8.8.0
# Check we're in the right directory.
if [ ! -f virt-v2v.spec ]; then
@ -31,7 +31,28 @@ git rm -f [0-9]*.patch ||:
rm -f [0-9]*.patch
# Get the patches.
(cd $git_checkout; rm -f [0-9]*.patch; git format-patch -N --submodule=diff $tag)
(
cd $git_checkout
rm -f [0-9]*.patch
# Ignore some directories in common/ which are not in the virt-v2v tarball.
ignoredirs="edit mlvisit parallel progress structs visit windows"
rm -f common/.gitattributes
for i in $ignoredirs; do
echo "$i/* -diff" >> common/.gitattributes
done
git -c core.abbrev=8 format-patch -O/dev/null --subject-prefix=PATCH -N \
--submodule=diff --no-signature --patience $tag
# However the .gitattributes doesn't completely ignore them but produces
# Binary files a/... and b/... differ
# which prevents the patches from being applied so we must remove that too.
for i in $ignoredirs; do
sed -i "/^diff --git a\/common\/$i/,/^Binary files a\/common\/$i/{d;}" [0-9]*.patch
done
rm common/.gitattributes
)
mv $git_checkout/[0-9]*.patch .
# Remove any not to be applied.

View File

@ -10,7 +10,7 @@
Name: virt-v2v
Epoch: 1
Version: 1.42.0
Release: 21%{?dist}
Release: 22%{?dist}
Summary: Convert a virtual machine to run on KVM
License: GPLv2+
@ -64,7 +64,7 @@ Patch0025: 0025-v2v-o-openstack-Allow-guests-to-be-converted-to-UEFI.patch
Patch0026: 0026-v2v-Fix-spelling-mistake-in-uninstall-function-name.patch
Patch0027: 0027-v2v-windows-Refactor-uninstallation_commands-functio.patch
Patch0028: 0028-v2v-Replace-broken-VMware-Tools-uninstall-command-ms.patch
#Patch0029: 0029-Update-common-submodule-to-latest-upstream.patch
Patch0029: 0029-Update-common-submodule-to-latest-upstream.patch
Patch0030: 0030-v2v-rhv-upload-plugin-Defer-imageio-connection.patch
Patch0031: 0031-v2v-windows-Fix-schtasks-SD-parameter.patch
Patch0032: 0032-v2v-Turn-pnp_wait.exe-warning-into-a-debug-message.patch
@ -89,13 +89,6 @@ Patch0050: 0050-v2v-i-ova-Fix-parsing-if-OVA-directory-name-has-a-tr.patch
Patch0051: 0051-convert-If-listing-RPM-applications-fails-rebuild-DB.patch
Patch0052: 0052-update-common-submodule-for-CVE-2022-2211-fix.patch
# Patches which apply to the common/ submodule.
# These have to be hand-modified.
Patch1001: 0001-options-Use-new-cryptsetup-open-API-if-available.patch
Patch1002: 0002-options-Use-cryptX-instead-of-luksX-as-the-temporary.patch
Patch1003: 0003-options-Support-Windows-BitLocker-RHBZ-1808977.patch
Patch1004: 0004-options-Ignore-errors-from-guestfs_luks_uuid.patch
# Use git for patch management.
BuildRequires: git
@ -331,6 +324,9 @@ rm $RPM_BUILD_ROOT%{_mandir}/man1/virt-v2v-test-harness.1*
%changelog
* Mon Apr 03 2023 Richard W.M. Jones <rjones@redhat.com> - 1:1.42.0-22
- Reapply patches since we are using git format-patch --submodule=diff
* Tue Jul 05 2022 Richard W.M. Jones <rjones@redhat.com> - 1:1.42.0-21
- Fix assertion failure when parsing OVA dir with trailing slash
resolves: rhbz#2028823