diff --git a/0001-RHEL-v2v-Select-correct-qemu-binary-for-o-qemu-mode-.patch b/0001-RHEL-v2v-Select-correct-qemu-binary-for-o-qemu-mode-.patch index b42b858..89790ba 100644 --- a/0001-RHEL-v2v-Select-correct-qemu-binary-for-o-qemu-mode-.patch +++ b/0001-RHEL-v2v-Select-correct-qemu-binary-for-o-qemu-mode-.patch @@ -28,6 +28,3 @@ index 3269fba5..7f2e9284 100644 let flag = Qemuopts.flag cmd and arg = Qemuopts.arg cmd --- -2.31.1 - diff --git a/0002-RHEL-v2v-Disable-the-qemu-boot-oo-qemu-boot-option-R.patch b/0002-RHEL-v2v-Disable-the-qemu-boot-oo-qemu-boot-option-R.patch index 0cd7149..b5ef618 100644 --- a/0002-RHEL-v2v-Disable-the-qemu-boot-oo-qemu-boot-option-R.patch +++ b/0002-RHEL-v2v-Disable-the-qemu-boot-oo-qemu-boot-option-R.patch @@ -107,6 +107,3 @@ index 9790416e..97b4e4ec 100644 [ L"root" ], Getopt.String ("ask|... ", set_root_choice), s_"How to choose root filesystem"; [ L"vddk-config" ], Getopt.String ("filename", set_input_option_compat "vddk-config"), --- -2.31.1 - diff --git a/0003-RHEL-Fix-list-of-supported-sound-cards-to-match-RHEL.patch b/0003-RHEL-Fix-list-of-supported-sound-cards-to-match-RHEL.patch index f6f8a5d..11b2476 100644 --- a/0003-RHEL-Fix-list-of-supported-sound-cards-to-match-RHEL.patch +++ b/0003-RHEL-Fix-list-of-supported-sound-cards-to-match-RHEL.patch @@ -29,6 +29,3 @@ index 128bb697..7116a4f9 100644 (* Find the UEFI firmware. *) let find_uefi_firmware guest_arch = --- -2.31.1 - diff --git a/0004-RHEL-Fixes-for-libguestfs-winsupport.patch b/0004-RHEL-Fixes-for-libguestfs-winsupport.patch index c772f65..2540451 100644 --- a/0004-RHEL-Fixes-for-libguestfs-winsupport.patch +++ b/0004-RHEL-Fixes-for-libguestfs-winsupport.patch @@ -99,6 +99,3 @@ index a4cf191d..1ff41f6a 100755 diff -u "$expected" "$response" # We also update the Registry several times, for firstboot, and (ONLY --- -2.31.1 - diff --git a/0005-RHEL-v2v-i-disk-force-VNC-as-display-RHBZ-1372671.patch b/0005-RHEL-v2v-i-disk-force-VNC-as-display-RHBZ-1372671.patch index d1a5756..2be9f81 100644 --- a/0005-RHEL-v2v-i-disk-force-VNC-as-display-RHBZ-1372671.patch +++ b/0005-RHEL-v2v-i-disk-force-VNC-as-display-RHBZ-1372671.patch @@ -21,6 +21,3 @@ index 508adf9d..20f2e898 100644 s_listen = LNoListen; s_port = None }; s_sound = None; s_disks = s_disks; --- -2.31.1 - diff --git a/0006-RHEL-v2v-do-not-mention-SUSE-Xen-hosts-RHBZ-1430203.patch b/0006-RHEL-v2v-do-not-mention-SUSE-Xen-hosts-RHBZ-1430203.patch index cb58568..95dfe7c 100644 --- a/0006-RHEL-v2v-do-not-mention-SUSE-Xen-hosts-RHBZ-1430203.patch +++ b/0006-RHEL-v2v-do-not-mention-SUSE-Xen-hosts-RHBZ-1430203.patch @@ -21,6 +21,3 @@ index 8080ebea..ad5772de 100644 =head1 INPUT FROM XEN --- -2.31.1 - diff --git a/0007-RHEL-point-to-KB-for-supported-v2v-hypervisors-guest.patch b/0007-RHEL-point-to-KB-for-supported-v2v-hypervisors-guest.patch index ec0767b..922f52f 100644 --- a/0007-RHEL-point-to-KB-for-supported-v2v-hypervisors-guest.patch +++ b/0007-RHEL-point-to-KB-for-supported-v2v-hypervisors-guest.patch @@ -122,6 +122,3 @@ index 9815f51f..1ffc0f9d 100644 =head2 Guest firmware --- -2.31.1 - diff --git a/0008-RHEL-Disable-o-glance.patch b/0008-RHEL-Disable-o-glance.patch index 7cd395a..cbb09e1 100644 --- a/0008-RHEL-Disable-o-glance.patch +++ b/0008-RHEL-Disable-o-glance.patch @@ -214,6 +214,3 @@ index 97b4e4ec..41e020cb 100644 | `Openstack -> (module Output_openstack.Openstack) | `RHV_Upload -> (module Output_rhv_upload.RHVUpload) | `RHV -> (module Output_rhv.RHV) --- -2.31.1 - diff --git a/0009-RHEL-Remove-the-in-place-option.patch b/0009-RHEL-Remove-the-in-place-option.patch index f29246f..b554409 100644 --- a/0009-RHEL-Remove-the-in-place-option.patch +++ b/0009-RHEL-Remove-the-in-place-option.patch @@ -82,6 +82,3 @@ index 41e020cb..e00f9814 100644 [ L"mac" ], Getopt.String ("mac:network|bridge|ip:out", add_mac), s_"Map NIC to network or bridge or assign static IP"; [ S 'n'; L"network" ], Getopt.String ("in:out", add_network), --- -2.31.1 - diff --git a/0010-output-Remove-o-json-mode.patch b/0010-output-Remove-o-json-mode.patch index d2f7c94..355af01 100644 --- a/0010-output-Remove-o-json-mode.patch +++ b/0010-output-Remove-o-json-mode.patch @@ -1123,6 +1123,3 @@ index e00f9814..994982ac 100644 let output_options = { Output.output_alloc = output_alloc; --- -2.31.1 - diff --git a/0011-output-Remove-unused-dummy.c.patch b/0011-output-Remove-unused-dummy.c.patch index 872a67c..7c00d1a 100644 --- a/0011-output-Remove-unused-dummy.c.patch +++ b/0011-output-Remove-unused-dummy.c.patch @@ -25,6 +25,3 @@ index ebab6198..00000000 @@ -1,2 +0,0 @@ -/* Dummy source, to be used for OCaml-based tools with no C sources. */ -enum { foo = 1 }; --- -2.31.1 - diff --git a/0012-adopt-inversion-of-SELinux-relabeling-in-virt-custom.patch b/0012-adopt-inversion-of-SELinux-relabeling-in-virt-custom.patch index d150b82..dd89566 100644 --- a/0012-adopt-inversion-of-SELinux-relabeling-in-virt-custom.patch +++ b/0012-adopt-inversion-of-SELinux-relabeling-in-virt-custom.patch @@ -77,6 +77,3 @@ index 5a974d1b..5c5cae7c 100755 # Don't try to update Windows versions. case "$guestname" in --- -2.31.1 - diff --git a/0013-output-create_libvirt_xml-wire-up-the-QEMU-guest-age.patch b/0013-output-create_libvirt_xml-wire-up-the-QEMU-guest-age.patch index 5ec1008..9fa3822 100644 --- a/0013-output-create_libvirt_xml-wire-up-the-QEMU-guest-age.patch +++ b/0013-output-create_libvirt_xml-wire-up-the-QEMU-guest-age.patch @@ -103,6 +103,3 @@ index 6b8cda62..da1db473 100644 + --- -2.31.1 - diff --git a/0014-convert_linux-extract-qemu-guest-agent-package-name.patch b/0014-convert_linux-extract-qemu-guest-agent-package-name.patch index 897375c..a5d7e2f 100644 --- a/0014-convert_linux-extract-qemu-guest-agent-package-name.patch +++ b/0014-convert_linux-extract-qemu-guest-agent-package-name.patch @@ -80,6 +80,3 @@ index 79462aa1..2ddbc07a 100644 and configure_kernel () = (* Previously this function would try to install kernels, but we --- -2.31.1 - diff --git a/0015-convert_linux-install-the-QEMU-guest-agent-with-a-fi.patch b/0015-convert_linux-install-the-QEMU-guest-agent-with-a-fi.patch index 43056cc..5a5c7cb 100644 --- a/0015-convert_linux-install-the-QEMU-guest-agent-with-a-fi.patch +++ b/0015-convert_linux-install-the-QEMU-guest-agent-with-a-fi.patch @@ -117,6 +117,3 @@ index 2ddbc07a..59d143bd 100644 and configure_kernel () = (* Previously this function would try to install kernels, but we --- -2.31.1 - diff --git a/0016-RHV-outputs-limit-copied-disk-count-to-23.patch b/0016-RHV-outputs-limit-copied-disk-count-to-23.patch index 481b94f..411ecd7 100644 --- a/0016-RHV-outputs-limit-copied-disk-count-to-23.patch +++ b/0016-RHV-outputs-limit-copied-disk-count-to-23.patch @@ -120,6 +120,3 @@ index a1e8c246..23d1b9cd 100644 let disks = get_disks dir in let output_alloc, output_format, output_name, output_storage, --- -2.31.1 - diff --git a/0017-convert-document-networking-dependency-of-key-ID-cle.patch b/0017-convert-document-networking-dependency-of-key-ID-cle.patch index 8e2ea78..c244498 100644 --- a/0017-convert-document-networking-dependency-of-key-ID-cle.patch +++ b/0017-convert-document-networking-dependency-of-key-ID-cle.patch @@ -47,6 +47,3 @@ index 5e0e6c2b..b678dc92 100644 g#set_network true; List.iter ( fun { s_disk_id = i } -> --- -2.31.1 - diff --git a/0018-qemu-nbd-Implement-output-compression-for-qcow2-file.patch b/0018-qemu-nbd-Implement-output-compression-for-qcow2-file.patch index f7afaf9..6f57e5c 100644 --- a/0018-qemu-nbd-Implement-output-compression-for-qcow2-file.patch +++ b/0018-qemu-nbd-Implement-output-compression-for-qcow2-file.patch @@ -140,6 +140,3 @@ index 8d3d6865..c1f0f53d 100644 Types.output_allocation -> string -> string -> int64 -> string -> unit --- -2.31.1 - diff --git a/0019-o-disk-o-libvirt-o-qemu-Implement-of-qcow2-oo-compre.patch b/0019-o-disk-o-libvirt-o-qemu-Implement-of-qcow2-oo-compre.patch index eeb70eb..6da1880 100644 --- a/0019-o-disk-o-libvirt-o-qemu-Implement-of-qcow2-oo-compre.patch +++ b/0019-o-disk-o-libvirt-o-qemu-Implement-of-qcow2-oo-compre.patch @@ -270,6 +270,3 @@ index 527d3c5e..e7efbb73 100644 output_name, output_storage = options in let { guestcaps; target_buses; target_firmware } = target_meta in --- -2.31.1 - diff --git a/0020-tests-Add-a-simple-test-of-o-local-of-qcow2-oo-compr.patch b/0020-tests-Add-a-simple-test-of-o-local-of-qcow2-oo-compr.patch index 6971b34..7559e6c 100644 --- a/0020-tests-Add-a-simple-test-of-o-local-of-qcow2-oo-compr.patch +++ b/0020-tests-Add-a-simple-test-of-o-local-of-qcow2-oo-compr.patch @@ -112,6 +112,3 @@ index bdfd3418..6c5f5938 100755 # Test the disk is qcow2 format. if [ "$(guestfish disk-format $d/windows-sda)" != qcow2 ]; then echo "$0: test failed: output is not qcow2" --- -2.31.1 - diff --git a/0021-RHEL-9-oo-compressed-Remove-nbdcopy-version-check-an.patch b/0021-RHEL-9-oo-compressed-Remove-nbdcopy-version-check-an.patch index 588407e..afc8660 100644 --- a/0021-RHEL-9-oo-compressed-Remove-nbdcopy-version-check-an.patch +++ b/0021-RHEL-9-oo-compressed-Remove-nbdcopy-version-check-an.patch @@ -45,6 +45,3 @@ index a26ecf7a..47e5f10d 100644 test-v2v-o-null.sh \ test-v2v-o-openstack.sh \ test-v2v-o-qemu.sh \ --- -2.31.1 - diff --git a/0022-RHEL-9-tests-Remove-btrfs-test.patch b/0022-RHEL-9-tests-Remove-btrfs-test.patch index 240ce25..cf4fbc8 100644 --- a/0022-RHEL-9-tests-Remove-btrfs-test.patch +++ b/0022-RHEL-9-tests-Remove-btrfs-test.patch @@ -20,6 +20,3 @@ index 47e5f10d..9560cc77 100644 test-v2v-fedora-luks-on-lvm-conversion.sh \ test-v2v-fedora-lvm-on-luks-conversion.sh \ test-v2v-fedora-md-conversion.sh \ --- -2.31.1 - diff --git a/0023-convert-convert_linux-complete-the-remapping-of-NVMe.patch b/0023-convert-convert_linux-complete-the-remapping-of-NVMe.patch index e105eb8..08a653f 100644 --- a/0023-convert-convert_linux-complete-the-remapping-of-NVMe.patch +++ b/0023-convert-convert_linux-complete-the-remapping-of-NVMe.patch @@ -78,6 +78,3 @@ index 59d143bd..a66ff1e4 100644 else if PCRE.matches rex_device value then ( let device = PCRE.sub 1 and part = try PCRE.sub 2 with Not_found -> "" in --- -2.31.1 - diff --git a/0024-input-xen-sync-ip-limitations-language-from-input-vm.patch b/0024-input-xen-sync-ip-limitations-language-from-input-vm.patch index 0491770..9637e0b 100644 --- a/0024-input-xen-sync-ip-limitations-language-from-input-vm.patch +++ b/0024-input-xen-sync-ip-limitations-language-from-input-vm.patch @@ -47,6 +47,3 @@ index ad5772de..80ad94f7 100644 With some modern ssh implementations, legacy crypto policies required to interoperate with RHEL 5 sshd are disabled. To enable them you may need to run this command on the conversion server (ie. ssh client), --- -2.31.1 - diff --git a/0025-input-xen-replace-enable-LEGACY-crypto-advice-with-t.patch b/0025-input-xen-replace-enable-LEGACY-crypto-advice-with-t.patch index d6ecff8..351b1f1 100644 --- a/0025-input-xen-replace-enable-LEGACY-crypto-advice-with-t.patch +++ b/0025-input-xen-replace-enable-LEGACY-crypto-advice-with-t.patch @@ -80,6 +80,3 @@ index 80ad94f7..1775fc31 100644 =head2 Test libvirt connection to remote Xen host --- -2.31.1 - diff --git a/0026-common-Adapt-to-renamed-function-On_exit.rmdir-On_ex.patch b/0026-common-Adapt-to-renamed-function-On_exit.rmdir-On_ex.patch index 2787a5b..806e3da 100644 --- a/0026-common-Adapt-to-renamed-function-On_exit.rmdir-On_ex.patch +++ b/0026-common-Adapt-to-renamed-function-On_exit.rmdir-On_ex.patch @@ -170,6 +170,3 @@ index 54ccd1b5..ecf46c2d 100644 let path = tmpdir // name in with_open_out path (fun chan -> output_string chan code); { tmpdir; path } --- -2.31.1 - diff --git a/0027-o-rhv-Unmount-the-temporary-NFS-mountpoint-as-late-a.patch b/0027-o-rhv-Unmount-the-temporary-NFS-mountpoint-as-late-a.patch index 3a37588..050e4d9 100644 --- a/0027-o-rhv-Unmount-the-temporary-NFS-mountpoint-as-late-a.patch +++ b/0027-o-rhv-Unmount-the-temporary-NFS-mountpoint-as-late-a.patch @@ -138,10 +138,10 @@ index 9bcf104f..66a85542 100644 Similar to [Stdlib.at_exit] but also runs if the program is - killed with a signal that we can catch. *) + killed with a signal that we can catch. ++ ++ [?prio] is the priority, default 5000. See the description above. *) -val unlink : string -> unit -+ [?prio] is the priority, default 5000. See the description above. *) -+ +val unlink : ?prio:int -> string -> unit (** Unlink a single temporary file on exit. *) @@ -169,6 +169,3 @@ index 8571e07b..15a2c14a 100644 fun () -> let cmd = [ "umount"; mp ] in ignore (run_command cmd); --- -2.31.1 - diff --git a/0028-output-Permit-output-modes-to-wait-on-the-local-NBD-.patch b/0028-output-Permit-output-modes-to-wait-on-the-local-NBD-.patch index 5e97012..4a02e5e 100644 --- a/0028-output-Permit-output-modes-to-wait-on-the-local-NBD-.patch +++ b/0028-output-Permit-output-modes-to-wait-on-the-local-NBD-.patch @@ -177,6 +177,3 @@ index c1f0f53d..c4486311 100644 val disk_path : string -> string -> int -> string (** For [-o disk|qemu], return the output disk name of the i'th disk, --- -2.31.1 - diff --git a/0029-o-rhv-Wait-for-the-NBD-server-to-exit-to-avoid-a-rac.patch b/0029-o-rhv-Wait-for-the-NBD-server-to-exit-to-avoid-a-rac.patch index 079abf1..9799170 100644 --- a/0029-o-rhv-Wait-for-the-NBD-server-to-exit-to-avoid-a-rac.patch +++ b/0029-o-rhv-Wait-for-the-NBD-server-to-exit-to-avoid-a-rac.patch @@ -31,6 +31,3 @@ index 15a2c14a..45f831e3 100644 output_alloc output_format filename size socket ) (List.combine disks filenames); --- -2.31.1 - diff --git a/0030-output-create_libvirt_xml-relax-VCPU-feature-checkin.patch b/0030-output-create_libvirt_xml-relax-VCPU-feature-checkin.patch index 158b662..8d856c9 100644 --- a/0030-output-create_libvirt_xml-relax-VCPU-feature-checkin.patch +++ b/0030-output-create_libvirt_xml-relax-VCPU-feature-checkin.patch @@ -64,6 +64,3 @@ index 531a4f75..bd01304d 100644 (match source.s_cpu_vendor with | None -> () | Some vendor -> --- -2.31.1 - diff --git a/0031-input-xen-cover-RHEL9-OpenSSL-crypto-settings.patch b/0031-input-xen-cover-RHEL9-OpenSSL-crypto-settings.patch new file mode 100644 index 0000000..ae3fa10 --- /dev/null +++ b/0031-input-xen-cover-RHEL9-OpenSSL-crypto-settings.patch @@ -0,0 +1,59 @@ +From 9e1c78a4dda8e8f504fd8f01d7ff5a02e6d3b8ff Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Fri, 29 Jul 2022 12:57:03 +0200 +Subject: [PATCH] input-xen: cover RHEL9 OpenSSL crypto settings + +In [master] commit af4a0454cdd2 ("input-xen: replace "enable LEGACY +crypto" advice with targeted ssh options", 2022-07-11), we documented how +the libssh / openssh crypto settings needed to be relaxed, for connecting +to RHEL5 sshd. [rhel-9.1 commit: 3f7f730ac9cb.] + +It turns out that in RHEL9, the non-LEGACY crypto policies disable SHA1 in +signature algorithms even at the OpenSSL level. Explain how the user can +re-enable that separately, for individual virt-v2v invocations. + +The method depends on Rich's libvirt commit 45912ac399ab ("rpc: Pass +OPENSSL_CONF through to ssh invocations", 2022-07-25), which is is going +to be released in upstream libvirt v8.6.0. + +Thanks: Dmitry Belyavskiy & Rich Jones +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2062360 +Signed-off-by: Laszlo Ersek +Message-Id: <20220729105703.10150-1-lersek@redhat.com> +Reviewed-by: Richard W.M. Jones +(cherry picked from commit ddab06d5eb99696f5fd1073b8ec91efbc8c3e4ab) +--- + docs/virt-v2v-input-xen.pod | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/docs/virt-v2v-input-xen.pod b/docs/virt-v2v-input-xen.pod +index 1775fc31..9c3981e1 100644 +--- a/docs/virt-v2v-input-xen.pod ++++ b/docs/virt-v2v-input-xen.pod +@@ -54,6 +54,26 @@ new one. Virt-v2v uses both C and C when converting a guest + from Xen, and on some operating systems, C and C may not + both accept the same option variant.) + ++When connecting to RHEL 5 sshd from RHEL 9, the SHA1 algorithm's use in ++signatures has to be re-enabled at the OpenSSL level, in addition to the ++above SSH configuration. Create a file called F<$HOME/openssl-sha1.cnf> ++with the following contents: ++ ++ .include /etc/ssl/openssl.cnf ++ [openssl_init] ++ alg_section = evp_properties ++ [evp_properties] ++ rh-allow-sha1-signatures = yes ++ ++and export the following variable into the environment of the ++C process: ++ ++ OPENSSL_CONF=$HOME/openssl-sha1.cnf ++ ++Note that the C environment variable will only take effect ++if the libvirt client library used by virt-v2v is at least version ++8.6.0. ++ + =head2 Test libvirt connection to remote Xen host + + Use the L command to list the guests on the remote Xen host: diff --git a/copy-patches.sh b/copy-patches.sh index e797a3e..6a3c4f6 100755 --- a/copy-patches.sh +++ b/copy-patches.sh @@ -36,7 +36,12 @@ git rm -f [0-9]*.patch ||: rm -f [0-9]*.patch # Get the patches. -(cd $git_checkout; rm -f [0-9]*.patch; git -c core.abbrev=8 format-patch -O/dev/null --subject-prefix=PATCH -N --submodule=diff $tag) +( + cd $git_checkout + rm -f [0-9]*.patch + git -c core.abbrev=8 format-patch -O/dev/null --subject-prefix=PATCH -N \ + --submodule=diff --no-signature --patience $tag +) mv $git_checkout/[0-9]*.patch . # Remove any not to be applied. diff --git a/virt-v2v.spec b/virt-v2v.spec index 091be1b..8c63920 100644 --- a/virt-v2v.spec +++ b/virt-v2v.spec @@ -16,7 +16,7 @@ Name: virt-v2v Epoch: 1 Version: 2.0.7 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Convert a virtual machine to run on KVM License: GPLv2+ @@ -63,6 +63,7 @@ Patch0027: 0027-o-rhv-Unmount-the-temporary-NFS-mountpoint-as-late-a.patch Patch0028: 0028-output-Permit-output-modes-to-wait-on-the-local-NBD-.patch Patch0029: 0029-o-rhv-Wait-for-the-NBD-server-to-exit-to-avoid-a-rac.patch Patch0030: 0030-output-create_libvirt_xml-relax-VCPU-feature-checkin.patch +Patch0031: 0031-input-xen-cover-RHEL9-OpenSSL-crypto-settings.patch %if !0%{?rhel} # libguestfs hasn't been built on i686 for a while since there is no @@ -341,6 +342,9 @@ rm $RPM_BUILD_ROOT%{_mandir}/man1/virt-v2v-in-place.1* %changelog +* Fri Jul 29 2022 Laszlo Ersek - 1:2.0.7-4 +- Remove legacy crypto advice and replace with targeted mechanism + resolves: rhbz#2062360 * Mon Jul 25 2022 Laszlo Ersek - 1:2.0.7-3 - relax qemu64 VCPU feature checking in the libvirt output resolves rhbz#2107503 @@ -398,8 +402,6 @@ rm $RPM_BUILD_ROOT%{_mandir}/man1/virt-v2v-in-place.1* resolves: rhbz#2101665 - Improve documentation of vmx+ssh and -ip option resolves: rhbz#1854275 -- Remove legacy crypto advice and replace with targeted mechanism - resolves: rhbz#2062360 - Fix race condition when unmounting in -o rhv mode (1953286#c26) * Tue Feb 15 2022 Richard W.M. Jones - 1:1.45.99-1