Compare commits

...

No commits in common. "c8-beta-stream-rhel" and "c8s-stream-rhel" have entirely different histories.

59 changed files with 349 additions and 514 deletions

View File

@ -36,3 +36,6 @@ index 7df17b29..4d0b8639 100644
let get_domain conn name =
let dom =
--
2.31.1

View File

@ -0,0 +1,34 @@
From 96ea18db4a4f2e336145553c0fbbba59ede2221e Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Mon, 30 Mar 2020 14:34:43 +0100
Subject: [PATCH 1/4] options: Use new cryptsetup-open API if available.
Fall back to luks-open if we're using libguestfs <= 1.43.1.
---
options/decrypt.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/options/decrypt.c b/options/decrypt.c
index 683cf5e..d868f70 100644
--- a/common/options/decrypt.c
+++ b/common/options/decrypt.c
@@ -97,11 +97,15 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
/* Try each key in turn. */
for (j = 0; keys[j] != NULL; ++j) {
- /* XXX Should we call guestfs_luks_open_ro if readonly flag
+ /* XXX Should we set GUESTFS_CRYPTSETUP_OPEN_READONLY if readonly
* is set? This might break 'mount_ro'.
*/
guestfs_push_error_handler (g, NULL, NULL);
+#ifdef GUESTFS_HAVE_CRYPTSETUP_OPEN
+ r = guestfs_cryptsetup_open (g, partitions[i], keys[j], mapname, -1);
+#else
r = guestfs_luks_open (g, partitions[i], keys[j], mapname);
+#endif
guestfs_pop_error_handler (g);
if (r == 0)
goto opened;
--
2.18.4

View File

@ -209,3 +209,6 @@ index 120a52f7..3cbca9d7 100644
-val input_libvirt_xen_ssh : Libvirt.rw Libvirt.Connect.t Lazy.t -> string option -> Xml.uri -> string -> string -> Types.input
+val input_libvirt_xen_ssh : Libvirt.rw Libvirt.Connect.t Lazy.t -> string -> string option -> Xml.uri -> string -> string -> Types.input
--
2.31.1

View File

@ -0,0 +1,41 @@
From f9770058fa3bd8871b8b4ded0b10d4be418224ae Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Mon, 7 Sep 2020 10:15:40 +0100
Subject: [PATCH 2/4] options: Use cryptX instead of luksX as the temporary
name.
---
options/decrypt.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/options/decrypt.c b/options/decrypt.c
index d868f70..45de5b2 100644
--- a/common/options/decrypt.c
+++ b/common/options/decrypt.c
@@ -38,18 +38,18 @@
/**
* Make a LUKS map name from the partition name,
- * eg. C<"/dev/vda2" =E<gt> "luksvda2">
+ * eg. C<"/dev/vda2" =E<gt> "cryptvda2">
*/
static void
make_mapname (const char *device, char *mapname, size_t len)
{
size_t i = 0;
- if (len < 5)
+ if (len < 6)
abort ();
- strcpy (mapname, "luks");
- mapname += 4;
- len -= 4;
+ strcpy (mapname, "crypt");
+ mapname += 5;
+ len -= 5;
if (STRPREFIX (device, "/dev/"))
i = 5;
--
2.18.4

View File

@ -0,0 +1,56 @@
From 778c08fe7b7eb00b7f48189dd1a3edf3f3be2625 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Mon, 30 Mar 2020 14:40:45 +0100
Subject: [PATCH 3/4] options: Support Windows BitLocker (RHBZ#1808977).
---
mltools/tools_utils.mli | 5 ++---
options/decrypt.c | 9 ++++-----
2 files changed, 6 insertions(+), 8 deletions(-)
diff --git a/mltools/tools_utils.mli b/mltools/tools_utils.mli
index 102abff..1d1ac8a 100644
--- a/common/mltools/tools_utils.mli
+++ b/common/mltools/tools_utils.mli
@@ -195,9 +195,8 @@ val is_btrfs_subvolume : Guestfs.guestfs -> string -> bool
(** Checks if a filesystem is a btrfs subvolume. *)
val inspect_decrypt : Guestfs.guestfs -> key_store -> unit
-(** Simple implementation of decryption: look for any [crypto_LUKS]
- partitions and decrypt them, then rescan for VGs. This only works
- for Fedora whole-disk encryption. *)
+(** Simple implementation of decryption: look for any encrypted
+ partitions and decrypt them, then rescan for VGs. *)
val with_timeout : string -> int -> ?sleep:int -> (unit -> 'a option) -> 'a
(** [with_timeout op timeout ?sleep fn] implements a timeout loop.
diff --git a/options/decrypt.c b/options/decrypt.c
index 45de5b2..8eb24bc 100644
--- a/common/options/decrypt.c
+++ b/common/options/decrypt.c
@@ -65,10 +65,8 @@ make_mapname (const char *device, char *mapname, size_t len)
}
/**
- * Simple implementation of decryption: look for any C<crypto_LUKS>
- * partitions and decrypt them, then rescan for VGs. This only works
- * for Fedora whole-disk encryption. WIP to make this work for other
- * encryption schemes.
+ * Simple implementation of decryption: look for any encrypted
+ * partitions and decrypt them, then rescan for VGs.
*/
void
inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
@@ -82,7 +80,8 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
for (i = 0; partitions[i] != NULL; ++i) {
CLEANUP_FREE char *type = guestfs_vfs_type (g, partitions[i]);
- if (type && STREQ (type, "crypto_LUKS")) {
+ if (type &&
+ (STREQ (type, "crypto_LUKS") || STREQ (type, "BitLocker"))) {
char mapname[32];
make_mapname (partitions[i], mapname, sizeof mapname);
--
2.18.4

View File

@ -29,3 +29,6 @@ index c28a4ced..4c128b0c 100644
let headers =
List.map (
--
2.31.1

View File

@ -0,0 +1,50 @@
From 132c355d3ba10b6ec303cbc059d6732056474695 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 6 Oct 2020 15:04:27 +0100
Subject: [PATCH 4/4] options: Ignore errors from guestfs_luks_uuid.
For BitLocker disks cryptsetup does not (yet? ever?) support reading
UUIDs and this function will fail. Skip reading the UUID in this
case.
Updates commit bb4a2dc17a78b53437896d4215ae82df8e11b788.
---
options/decrypt.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/options/decrypt.c b/options/decrypt.c
index 8eb24bc..434b7d5 100644
--- a/common/options/decrypt.c
+++ b/common/options/decrypt.c
@@ -25,6 +25,7 @@
#include <stdio.h>
#include <stdlib.h>
+#include <stdbool.h>
#include <string.h>
#include <libintl.h>
#include <error.h>
@@ -82,11 +83,19 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
CLEANUP_FREE char *type = guestfs_vfs_type (g, partitions[i]);
if (type &&
(STREQ (type, "crypto_LUKS") || STREQ (type, "BitLocker"))) {
+ bool is_bitlocker = STREQ (type, "BitLocker");
char mapname[32];
make_mapname (partitions[i], mapname, sizeof mapname);
#ifdef GUESTFS_HAVE_LUKS_UUID
- CLEANUP_FREE char *uuid = guestfs_luks_uuid (g, partitions[i]);
+ CLEANUP_FREE char *uuid = NULL;
+
+ /* This fails for Windows BitLocker disks because cryptsetup
+ * luksUUID cannot read a UUID (unclear if this is a limitation
+ * of the format or cryptsetup).
+ */
+ if (!is_bitlocker)
+ uuid = guestfs_luks_uuid (g, partitions[i]);
#else
const char *uuid = NULL;
#endif
--
2.18.4

View File

@ -92,3 +92,6 @@ index 05553c4f..5a1fba0f 100644
] [];
(match pool with
| None ->
--
2.31.1

View File

@ -46,3 +46,6 @@ index 979c3773..402dfd0e 100644
cmd, args
)
else cmd, [] in
--
2.31.1

View File

@ -44,3 +44,6 @@ index 402dfd0e..bfda91a7 100644
(* Caching extents speeds up qemu-img, especially its consecutive
* block_status requests with req_one=1.
--
2.31.1

View File

@ -111,3 +111,6 @@ index bfda91a7..47832011 100644
let run cmd =
let sock, _ = Nbdkit.run_unix cmd in
--
2.31.1

View File

@ -52,3 +52,6 @@ index 47832011..f5e91911 100644
| PasswordFile password_file ->
Nbdkit.add_arg cmd "password" ("+" ^ password_file) in
--
2.31.1

View File

@ -39,3 +39,6 @@ index 1ab6bb4d..497840c2 100644
typedef OsinfoDb *OsinfoDb_t;
typedef OsinfoOs *OsinfoOs_t;
--
2.31.1

View File

@ -11,7 +11,7 @@ Subject: [PATCH] v2v: Use common documentation for --keys-from-stdin.
Submodule common be42b0b8..5ea1baec:
diff --git a/common/options/Makefile.am b/common/options/Makefile.am
index b38fedc7..f7ea7493 100644
index b38fedc..f7ea749 100644
--- a/common/options/Makefile.am
+++ b/common/options/Makefile.am
@@ -19,6 +19,7 @@ include $(top_srcdir)/subdir-rules.mk
@ -24,7 +24,7 @@ index b38fedc7..f7ea7493 100644
# liboptions.la contains guestfish code which is used in other
diff --git a/common/options/keys-from-stdin-option.pod b/common/options/keys-from-stdin-option.pod
new file mode 100644
index 00000000..03c5339b
index 0000000..03c5339
--- /dev/null
+++ b/common/options/keys-from-stdin-option.pod
@@ -0,0 +1,4 @@
@ -55,3 +55,6 @@ index a00fa8af..74934eb4 100644
=item B<--mac> aa:bb:cc:dd:ee:ffB<:network:>out
--
2.31.1

View File

@ -11,7 +11,7 @@ Subject: [PATCH] docs: Multiple keys must be supplied one per line
Submodule common 5ea1baec..9338df5e:
diff --git a/common/options/keys-from-stdin-option.pod b/common/options/keys-from-stdin-option.pod
index 03c5339b..83790394 100644
index 03c5339..8379039 100644
--- a/common/options/keys-from-stdin-option.pod
+++ b/common/options/keys-from-stdin-option.pod
@@ -2,3 +2,6 @@
@ -21,3 +21,6 @@ index 03c5339b..83790394 100644
+
+If there are multiple encrypted devices then you may need to supply
+multiple keys on stdin, one per line.
--
2.31.1

View File

@ -121,3 +121,6 @@ index 249137ab..3b74f307 100644
in
let no_trim_warning _ =
--
2.31.1

View File

@ -28,3 +28,6 @@ index 4d0b8639..1a24b049 100644
List.map (
function
| { Libvirt.Connect.typ = Libvirt.Connect.CredentialPassphrase } -> password
--
2.31.1

View File

@ -28,3 +28,6 @@ index be3a3c5e..85d08265 100644
let flag = Qemuopts.flag cmd
and arg = Qemuopts.arg cmd
--
2.31.1

View File

@ -100,3 +100,6 @@ index 3b74f307..df69e2e0 100644
Output_qemu.output_qemu os qemu_boot,
output_format, output_alloc
--
2.31.1

View File

@ -29,3 +29,6 @@ index ccbb9d68..c2940582 100644
(* Find the UEFI firmware. *)
let find_uefi_firmware guest_arch =
--
2.31.1

View File

@ -74,3 +74,6 @@ index f1da222a..ff94fe39 100755
diff -u "$expected" "$response"
# We also update the Registry several times, for firstboot, and (ONLY
--
2.31.1

View File

@ -281,3 +281,6 @@ index df69e2e0..7b79d462 100644
(* Common error message. *)
let error_option_cannot_be_used_in_output_mode mode opt =
error (f_"-o %s: %s option cannot be used in this output mode") mode opt
--
2.31.1

View File

@ -21,3 +21,6 @@ index d146e84c..4e403003 100644
s_listen = LNoListen; s_port = None };
s_video = None;
s_sound = None;
--
2.31.1

View File

@ -21,3 +21,6 @@ index 3b3cf0f0..32da2848 100644
=head1 INPUT FROM XEN
--
2.31.1

View File

@ -84,3 +84,6 @@ index d3e6260e..471102da 100644
storage_domains=[
types.StorageDomain(
name=params['output_storage'],
--
2.31.1

View File

@ -22,3 +22,6 @@ index 33c5e9a2..b1ea8f9d 100644
type script = {
tmpdir : string; (* Temporary directory. *)
--
2.31.1

View File

@ -120,3 +120,6 @@ index 8333366b..a5150907 100644
=head2 Guest firmware
--
2.31.1

View File

@ -383,3 +383,6 @@ index 73edff2c..a58ff433 100644
rename ov.ov_overlay_file saved_filename;
info (f_"Overlay saved as %s [--debug-overlays]") saved_filename
) overlays
--
2.31.1

View File

@ -29,3 +29,6 @@ index 179b0edf..fdc04b02 100644
(* List of Cinder volume IDs. *)
val mutable volume_ids = []
--
2.31.1

View File

@ -39,3 +39,6 @@ index ba26949f..f2f7b95c 100644
(*----------------------------------------------------------------------*)
(* Perform the conversion of the Windows guest. *)
--
2.31.1

View File

@ -132,3 +132,6 @@ index f2f7b95c..84db742f 100644
(*----------------------------------------------------------------------*)
(* Perform the conversion of the Windows guest. *)
--
2.31.1

View File

@ -57,3 +57,6 @@ index 84db742f..44cef5ed 100644
(*----------------------------------------------------------------------*)
(* Perform the conversion of the Windows guest. *)
--
2.31.1

View File

@ -1,447 +0,0 @@
From 9292a4637e8f4d534f4dde70e8e5451f61ad0162 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 19 Jan 2021 14:22:33 +0000
Subject: [PATCH] Update common/ submodule to latest upstream.
Only for RHEL AV 8.4.0, allowing this branch to be compiled
from git with libguestfs 1.44.
---
common | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Submodule common 9338df5e...be09523d:
diff --git a/common/mlcustomize/SELinux_relabel.ml b/common/mlcustomize/SELinux_relabel.ml
index 44995df6..5ecf7bd7 100644
--- a/common/mlcustomize/SELinux_relabel.ml
+++ b/common/mlcustomize/SELinux_relabel.ml
@@ -28,65 +28,80 @@ module G = Guestfs
let array_find a l =
List.mem a (Array.to_list l)
-let relabel (g : G.guestfs) =
- (* Is the guest using SELinux? *)
- if g#is_file ~followsymlinks:true "/usr/sbin/load_policy" &&
- g#is_file ~followsymlinks:true "/etc/selinux/config" then (
- (* Is setfiles / SELinux relabelling functionality available? *)
- if g#feature_available [| "selinuxrelabel" |] then (
- (* Use Augeas to parse /etc/selinux/config. *)
- g#aug_init "/" (16+32) (* AUG_SAVE_NOOP | AUG_NO_LOAD *);
- (* See: https://bugzilla.redhat.com/show_bug.cgi?id=975412#c0 *)
- ignore (g#aug_rm "/augeas/load/*[\"/etc/selinux/config/\" !~ regexp('^') + glob(incl) + regexp('/.*')]");
- g#aug_load ();
- debug_augeas_errors g;
-
- (* Get the SELinux policy name, eg. "targeted", "minimum".
- * Use "targeted" if not specified, just like libselinux does.
- *)
- let policy =
- let config_path = "/files/etc/selinux/config" in
- let selinuxtype_path = config_path ^ "/SELINUXTYPE" in
- let keys = g#aug_ls config_path in
- if array_find selinuxtype_path keys then
- g#aug_get selinuxtype_path
- else
- "targeted" in
-
- g#aug_close ();
-
- (* Get the spec file name. *)
- let specfile =
- sprintf "/etc/selinux/%s/contexts/files/file_contexts" policy in
-
- (* RHEL 6.2 - 6.5 had a malformed specfile that contained the
- * invalid regular expression "/var/run/spice-vdagentd.\pid"
- * (instead of "\.p"). This stops setfiles from working on
- * the guest.
- *
- * Because an SELinux relabel writes all over the filesystem,
- * it seems reasonable to fix this problem in the specfile
- * at the same time. (RHBZ#1374232)
- *)
- if g#grep ~fixed:true "vdagentd.\\pid" specfile <> [||] then (
- debug "fixing invalid regular expression in %s" specfile;
- let old_specfile = specfile ^ "~" in
- g#mv specfile old_specfile;
- let content = g#read_file old_specfile in
- let content =
- String.replace content "vdagentd.\\pid" "vdagentd\\.pid" in
- g#write specfile content;
- g#copy_attributes ~all:true old_specfile specfile
- );
-
- (* Relabel everything. *)
- g#selinux_relabel ~force:true specfile "/";
-
- (* If that worked, we don't need to autorelabel. *)
+let rec relabel (g : G.guestfs) =
+ (* Is the guest using SELinux? (Otherwise this is a no-op). *)
+ if is_selinux_guest g then (
+ try
+ use_setfiles g;
+ (* That worked, so we don't need to autorelabel. *)
g#rm_f "/.autorelabel"
- )
- else (
- (* SELinux guest, but not SELinux host. Fallback to this. *)
+ with Failure _ ->
+ (* This is the fallback in case something in the setfiles
+ * method didn't work. That includes the case where a non-SELinux
+ * host is processing an SELinux guest, and other things.
+ *)
g#touch "/.autorelabel"
- )
)
+
+and is_selinux_guest g =
+ g#is_file ~followsymlinks:true "/usr/sbin/load_policy" &&
+ g#is_file ~followsymlinks:true "/etc/selinux/config"
+
+and use_setfiles g =
+ (* Is setfiles / SELinux relabelling functionality available? *)
+ if not (g#feature_available [| "selinuxrelabel" |]) then
+ failwith "no selinux relabel feature";
+
+ (* Use Augeas to parse /etc/selinux/config. *)
+ g#aug_init "/" (16+32) (* AUG_SAVE_NOOP | AUG_NO_LOAD *);
+ (* See: https://bugzilla.redhat.com/show_bug.cgi?id=975412#c0 *)
+ ignore (g#aug_rm "/augeas/load/*[\"/etc/selinux/config/\" !~ regexp('^') + glob(incl) + regexp('/.*')]");
+ g#aug_load ();
+ debug_augeas_errors g;
+
+ (* Get the SELinux policy name, eg. "targeted", "minimum".
+ * Use "targeted" if not specified, just like libselinux does.
+ *)
+ let policy =
+ let config_path = "/files/etc/selinux/config" in
+ let selinuxtype_path = config_path ^ "/SELINUXTYPE" in
+ let keys = g#aug_ls config_path in
+ if array_find selinuxtype_path keys then
+ g#aug_get selinuxtype_path
+ else
+ "targeted" in
+
+ g#aug_close ();
+
+ (* Get the spec file name. *)
+ let specfile =
+ sprintf "/etc/selinux/%s/contexts/files/file_contexts" policy in
+
+ (* If the spec file doesn't exist then fall back to using
+ * autorelabel (RHBZ#1828952).
+ *)
+ if not (g#is_file ~followsymlinks:true specfile) then
+ failwith "no spec file";
+
+ (* RHEL 6.2 - 6.5 had a malformed specfile that contained the
+ * invalid regular expression "/var/run/spice-vdagentd.\pid"
+ * (instead of "\.p"). This stops setfiles from working on
+ * the guest.
+ *
+ * Because an SELinux relabel writes all over the filesystem,
+ * it seems reasonable to fix this problem in the specfile
+ * at the same time. (RHBZ#1374232)
+ *)
+ if g#grep ~fixed:true "vdagentd.\\pid" specfile <> [||] then (
+ debug "fixing invalid regular expression in %s" specfile;
+ let old_specfile = specfile ^ "~" in
+ g#mv specfile old_specfile;
+ let content = g#read_file old_specfile in
+ let content =
+ String.replace content "vdagentd.\\pid" "vdagentd\\.pid" in
+ g#write specfile content;
+ g#copy_attributes ~all:true old_specfile specfile
+ );
+
+ (* Relabel everything. *)
+ g#selinux_relabel ~force:true specfile "/"
diff --git a/common/mltools/Makefile.am b/common/mltools/Makefile.am
index 3b4172db..aea2dce9 100644
--- a/common/mltools/Makefile.am
+++ b/common/mltools/Makefile.am
@@ -95,6 +95,7 @@ libmltools_a_CPPFLAGS = \
-I$(shell $(OCAMLC) -where) \
-I$(top_srcdir)/common/utils \
-I$(top_srcdir)/lib \
+ $(INCLUDE_DIRECTORY) \
-I$(top_srcdir)/common/options \
-I$(top_srcdir)/common/mlgettext \
-I$(top_srcdir)/common/mlpcre \
diff --git a/common/mltools/tools_utils.ml b/common/mltools/tools_utils.ml
index 12718022..d54ec581 100644
--- a/common/mltools/tools_utils.ml
+++ b/common/mltools/tools_utils.ml
@@ -679,3 +679,53 @@ let with_timeout op timeout ?(sleep = 2) fn =
loop ()
in
loop ()
+
+let run_in_guest_command g root ?logfile ?incompatible_fn cmd =
+ (* Is the host_cpu compatible with the guest arch? ie. Can we
+ * run commands in this guest?
+ *)
+ let guest_arch = g#inspect_get_arch root in
+ let guest_arch_compatible = guest_arch_compatible guest_arch in
+ if not guest_arch_compatible then (
+ match incompatible_fn with
+ | None -> ()
+ | Some fn -> fn ()
+ )
+ else (
+ (* Add a prologue to the scripts:
+ * - Pass environment variables through from the host.
+ * - Optionally send stdout and stderr to a log file so we capture
+ * all output in error messages.
+ * - Use setarch when running x86_64 host + i686 guest.
+ *)
+ let env_vars =
+ List.filter_map (
+ fun name ->
+ try Some (sprintf "export %s=%s" name (quote (Sys.getenv name)))
+ with Not_found -> None
+ ) [ "http_proxy"; "https_proxy"; "ftp_proxy"; "no_proxy" ] in
+ let env_vars = String.concat "\n" env_vars ^ "\n" in
+
+ let cmd =
+ match Guestfs_config.host_cpu, guest_arch with
+ | "x86_64", ("i386"|"i486"|"i586"|"i686") ->
+ sprintf "setarch i686 <<\"__EOCMD\"
+%s
+__EOCMD
+" cmd
+ | _ -> cmd in
+
+ let logfile_redirect =
+ match logfile with
+ | None -> ""
+ | Some logfile -> sprintf "exec >>%s 2>&1" (quote logfile) in
+
+ let cmd = sprintf "\
+%s
+%s
+%s
+" (logfile_redirect) env_vars cmd in
+
+ debug "running command:\n%s" cmd;
+ ignore (g#sh cmd)
+ )
diff --git a/common/mltools/tools_utils.mli b/common/mltools/tools_utils.mli
index ab70f583..1d1ac8a8 100644
--- a/common/mltools/tools_utils.mli
+++ b/common/mltools/tools_utils.mli
@@ -195,9 +195,8 @@ val is_btrfs_subvolume : Guestfs.guestfs -> string -> bool
(** Checks if a filesystem is a btrfs subvolume. *)
val inspect_decrypt : Guestfs.guestfs -> key_store -> unit
-(** Simple implementation of decryption: look for any [crypto_LUKS]
- partitions and decrypt them, then rescan for VGs. This only works
- for Fedora whole-disk encryption. *)
+(** Simple implementation of decryption: look for any encrypted
+ partitions and decrypt them, then rescan for VGs. *)
val with_timeout : string -> int -> ?sleep:int -> (unit -> 'a option) -> 'a
(** [with_timeout op timeout ?sleep fn] implements a timeout loop.
@@ -212,3 +211,13 @@ val with_timeout : string -> int -> ?sleep:int -> (unit -> 'a option) -> 'a
calls {!error} and the program exits. The error message will
contain the diagnostic string [op] to identify the operation
which timed out. *)
+
+val run_in_guest_command : Guestfs.guestfs -> string -> ?logfile:string -> ?incompatible_fn:(unit -> unit) -> string -> unit
+(** [run_in_guest_command g root ?incompatible_archs_fn cmd]
+ runs a command in the guest, which is already mounted for the
+ specified [root]. The command is run directly in case the
+ architecture of the host and the guest are compatible, optionally
+ calling [?incompatible_fn] in case they are not.
+
+ [?logfile] is an optional file in the guest to where redirect
+ stdout and stderr of the command. *)
diff --git a/common/mlutils/unix_utils-c.c b/common/mlutils/unix_utils-c.c
index 33099611..8acf0395 100644
--- a/common/mlutils/unix_utils-c.c
+++ b/common/mlutils/unix_utils-c.c
@@ -77,6 +77,7 @@ extern value guestfs_int_mllib_mkdtemp (value val_pattern);
extern value guestfs_int_mllib_realpath (value pathv);
extern value guestfs_int_mllib_statvfs_statvfs (value pathv);
extern value guestfs_int_mllib_statvfs_is_network_filesystem (value pathv);
+extern value guestfs_int_mllib_sysconf_nr_processors_online (value unitv);
/* NB: This is a "noalloc" call. */
value
@@ -368,3 +369,17 @@ guestfs_int_mllib_statvfs_is_network_filesystem (value pathv)
return Val_bool (0);
#endif
}
+
+/* NB: This is a "noalloc" call. */
+value
+guestfs_int_mllib_sysconf_nr_processors_online (value unitv)
+{
+#ifdef _SC_NPROCESSORS_ONLN
+ long n;
+
+ n = sysconf (_SC_NPROCESSORS_ONLN);
+ if (n > 0) return Val_int (n);
+#endif
+ /* Return a safe value so that callers don't need to deal with errors. */
+ return Val_int (1);
+}
diff --git a/common/mlutils/unix_utils.ml b/common/mlutils/unix_utils.ml
index 52eb824d..2bdda12a 100644
--- a/common/mlutils/unix_utils.ml
+++ b/common/mlutils/unix_utils.ml
@@ -84,3 +84,8 @@ module StatVFS = struct
external is_network_filesystem : string -> bool =
"guestfs_int_mllib_statvfs_is_network_filesystem" "noalloc"
end
+
+module Sysconf = struct
+ external nr_processors_online : unit -> int =
+ "guestfs_int_mllib_sysconf_nr_processors_online" "noalloc"
+end
diff --git a/common/mlutils/unix_utils.mli b/common/mlutils/unix_utils.mli
index 4fcea4a3..aead4df2 100644
--- a/common/mlutils/unix_utils.mli
+++ b/common/mlutils/unix_utils.mli
@@ -121,3 +121,12 @@ module StatVFS : sig
(** [is_network_filesystem path] returns true if [path] is located on
a network filesystem such as NFS or CIFS. *)
end
+
+module Sysconf : sig
+ val nr_processors_online : unit -> int
+ (** [nr_processors_online ()] returns the number of processors
+ currently online, from [sysconf (_SC_NPROCESSORS_ONLN)].
+
+ Note this never fails. In case we cannot get the number of
+ cores it returns 1. *)
+end
diff --git a/common/options/Makefile.am b/common/options/Makefile.am
index f7ea7493..162d143b 100644
--- a/common/options/Makefile.am
+++ b/common/options/Makefile.am
@@ -41,8 +41,9 @@ liboptions_la_SOURCES = \
liboptions_la_CPPFLAGS = \
-DGUESTFS_NO_DEPRECATED=1 \
-I$(top_srcdir)/common/utils -I$(top_builddir)/common/utils \
+ -I$(top_srcdir)/gnulib/lib -I$(top_builddir)/gnulib/lib \
-I$(top_srcdir)/lib -I$(top_builddir)/lib \
- -I$(top_srcdir)/gnulib/lib -I$(top_builddir)/gnulib/lib
+ $(INCLUDE_DIRECTORY)
liboptions_la_CFLAGS = \
$(WARN_CFLAGS) $(WERROR_CFLAGS) \
$(LIBCONFIG_CFLAGS) \
diff --git a/common/options/decrypt.c b/common/options/decrypt.c
index 683cf5ed..434b7d58 100644
--- a/common/options/decrypt.c
+++ b/common/options/decrypt.c
@@ -25,6 +25,7 @@
#include <stdio.h>
#include <stdlib.h>
+#include <stdbool.h>
#include <string.h>
#include <libintl.h>
#include <error.h>
@@ -38,18 +39,18 @@
/**
* Make a LUKS map name from the partition name,
- * eg. C<"/dev/vda2" =E<gt> "luksvda2">
+ * eg. C<"/dev/vda2" =E<gt> "cryptvda2">
*/
static void
make_mapname (const char *device, char *mapname, size_t len)
{
size_t i = 0;
- if (len < 5)
+ if (len < 6)
abort ();
- strcpy (mapname, "luks");
- mapname += 4;
- len -= 4;
+ strcpy (mapname, "crypt");
+ mapname += 5;
+ len -= 5;
if (STRPREFIX (device, "/dev/"))
i = 5;
@@ -65,10 +66,8 @@ make_mapname (const char *device, char *mapname, size_t len)
}
/**
- * Simple implementation of decryption: look for any C<crypto_LUKS>
- * partitions and decrypt them, then rescan for VGs. This only works
- * for Fedora whole-disk encryption. WIP to make this work for other
- * encryption schemes.
+ * Simple implementation of decryption: look for any encrypted
+ * partitions and decrypt them, then rescan for VGs.
*/
void
inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
@@ -82,12 +81,21 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
for (i = 0; partitions[i] != NULL; ++i) {
CLEANUP_FREE char *type = guestfs_vfs_type (g, partitions[i]);
- if (type && STREQ (type, "crypto_LUKS")) {
+ if (type &&
+ (STREQ (type, "crypto_LUKS") || STREQ (type, "BitLocker"))) {
+ bool is_bitlocker = STREQ (type, "BitLocker");
char mapname[32];
make_mapname (partitions[i], mapname, sizeof mapname);
#ifdef GUESTFS_HAVE_LUKS_UUID
- CLEANUP_FREE char *uuid = guestfs_luks_uuid (g, partitions[i]);
+ CLEANUP_FREE char *uuid = NULL;
+
+ /* This fails for Windows BitLocker disks because cryptsetup
+ * luksUUID cannot read a UUID (unclear if this is a limitation
+ * of the format or cryptsetup).
+ */
+ if (!is_bitlocker)
+ uuid = guestfs_luks_uuid (g, partitions[i]);
#else
const char *uuid = NULL;
#endif
@@ -97,11 +105,15 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
/* Try each key in turn. */
for (j = 0; keys[j] != NULL; ++j) {
- /* XXX Should we call guestfs_luks_open_ro if readonly flag
+ /* XXX Should we set GUESTFS_CRYPTSETUP_OPEN_READONLY if readonly
* is set? This might break 'mount_ro'.
*/
guestfs_push_error_handler (g, NULL, NULL);
+#ifdef GUESTFS_HAVE_CRYPTSETUP_OPEN
+ r = guestfs_cryptsetup_open (g, partitions[i], keys[j], mapname, -1);
+#else
r = guestfs_luks_open (g, partitions[i], keys[j], mapname);
+#endif
guestfs_pop_error_handler (g);
if (r == 0)
goto opened;
diff --git a/common/options/uri.c b/common/options/uri.c
index ac36bccb..6b696fc2 100644
--- a/common/options/uri.c
+++ b/common/options/uri.c
@@ -194,6 +194,7 @@ parse (const char *arg, char **path_ret, char **protocol_ret,
if (path && path[0] == '/' &&
(STREQ (uri->scheme, "gluster") ||
STREQ (uri->scheme, "iscsi") ||
+ STREQ (uri->scheme, "nbd") ||
STREQ (uri->scheme, "rbd") ||
STREQ (uri->scheme, "sheepdog")))
path++;
diff --git a/common/utils/guestfs-stringlists-utils.h b/common/utils/guestfs-stringlists-utils.h
index 0bac1587..ade3b6f3 100644
--- a/common/utils/guestfs-stringlists-utils.h
+++ b/common/utils/guestfs-stringlists-utils.h
@@ -21,7 +21,8 @@
/* stringlists-utils.c */
extern void guestfs_int_free_string_list (char **);
-extern size_t guestfs_int_count_strings (char *const *);
+extern size_t guestfs_int_count_strings (char *const *)
+ __attribute__((__nonnull__ (1)));
extern char *guestfs_int_concat_strings (char *const *);
extern char **guestfs_int_copy_string_list (char *const *);
extern char *guestfs_int_join_strings (const char *sep, char *const *);

View File

@ -78,3 +78,6 @@ index 471102da..7cd6dea6 100644
http = optimize_http(http, host, options)
except:
cancel_transfer(connection, transfer)
--
2.31.1

View File

@ -32,3 +32,6 @@ index 44cef5ed..4d844e2d 100644
"
msi_path msi_path msi_path in
Firstboot.add_firstboot_script g inspect.i_root
--
2.31.1

View File

@ -27,3 +27,6 @@ index 4d844e2d..33fbd410 100644
(* Install RHEV-APT only if appropriate for the output hypervisor. *)
if output#install_rhev_apt then (
--
2.31.1

View File

@ -22,3 +22,6 @@ index a5150907..1ffc0f9d 100644
=item UEFI on oVirt or RHV
--
2.31.1

View File

@ -42,3 +42,6 @@ index 78623d97..f5a3abad 100644
Virt-v2v adds metadata for the guest to Glance, describing such things
as the guest operating system and what drivers it requires. The
--
2.31.1

View File

@ -147,3 +147,6 @@ index a58ff433..1f8d0138 100644
| TargetURI _ ->
(* XXX For the moment we assume that qemu URI outputs
--
2.31.1

View File

@ -37,3 +37,6 @@ index f5e91911..7c177e35 100644
(* Caching extents speeds up qemu-img, especially its consecutive
* block_status requests with req_one=1.
--
2.31.1

View File

@ -32,3 +32,6 @@ index e4df920e..ae8964dd 100644
=head1 SEE ALSO
L<virt-v2v(1)>.
--
2.31.1

View File

@ -126,3 +126,6 @@ index 1f8d0138..bde51885 100644
(* Not all the filesystems have inode counts. *)
if files > 0L && ffree < needed_inodes then
error (f_"not enough available inodes for conversion on filesystem %s. %Ld inodes available < %Ld inodes needed")
--
2.31.1

View File

@ -25,3 +25,6 @@ index 4e00cd61..b8256bad 100644
match rcaps.rcaps_video, has_qxl with
| Some QXL, false ->
error (f_"there is no QXL driver for this version of Windows (%d.%d %s). virt-v2v looks for this driver in %s")
--
2.31.1

View File

@ -23,3 +23,6 @@ index 1ffc0f9d..a9bfffab 100644
=item UEFI on oVirt or RHV
--
2.31.1

View File

@ -55,3 +55,6 @@ index bde51885..8af86687 100644
(* For everything else, just make sure there is some free space. *)
| _ -> 10
in
--
2.31.1

View File

@ -174,3 +174,6 @@ index 7cd6dea6..61ade1a8 100644
def transfer_supports_format():
--
2.31.1

View File

@ -75,3 +75,6 @@ index 33fbd410..13de10cb 100644
)
)
--
2.31.1

View File

@ -270,3 +270,6 @@ index 4c128b0c..ead03364 100644
let qemu_uri = Nbdkit_sources.run nbdkit in
(* Return the struct. *)
--
2.31.1

View File

@ -39,3 +39,6 @@ index 13de10cb..6c7440aa 100644
"
msi_path msi_path msi_path in
Firstboot.add_firstboot_script g inspect.i_root
--
2.31.1

View File

@ -206,3 +206,6 @@ index 8af86687..203b93f1 100644
(* What really happens here is that the call to #disk_create
* below fails if the format is not raw or qcow2. We would
--
2.31.1

View File

@ -39,3 +39,6 @@ index 27e08135..e65fbf4a 100644
(match xpath_string "/volume/@type" with
| None | Some "file" ->
--
2.31.1

View File

@ -177,3 +177,6 @@ index 50bb7e34..8887c52b 100644
+ raise RuntimeError(
+ "Timed out waiting for VM creation!"
+ " Jobs still running for correlation id %s" % correlation_id)
--
2.31.1

View File

@ -91,3 +91,6 @@ index 00000000..7c593139
+ -o null
+
+rm -rf $d
--
2.31.1

View File

@ -61,3 +61,6 @@ index 568ac5fa..fc413d2a 100644
(* Return true if [libvirt] supports ["json:"] pseudo-URLs and accepts the
* ["raw"] driver. Function also returns true if [libvirt] backend is not
--
2.31.1

View File

@ -93,3 +93,6 @@ index b8a3c8ad..554fde1d 100644
(* See if this guest could use UEFI to boot. It should use GPT and
* it should have an EFI System Partition (ESP).
*
--
2.31.1

View File

@ -16,7 +16,7 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Submodule common be09523d..1174b443:
diff --git a/common/options/keys.c b/common/options/keys.c
index 798315c2..d27a7123 100644
index 798315c..d27a712 100644
--- a/common/options/keys.c
+++ b/common/options/keys.c
@@ -128,17 +128,23 @@ read_first_line_from_file (const char *filename)
@ -48,3 +48,6 @@ index 798315c2..d27a7123 100644
if (r == NULL)
error (EXIT_FAILURE, errno, "calloc");
--
2.31.1

View File

@ -1,32 +0,0 @@
From 217a74ad09bad781ee9efd5599f4323bdf9e3cff Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Mon, 3 Apr 2023 09:41:37 +0100
Subject: [PATCH] RHEL 8: If setfiles fails fall back to autorelabel
SFDC case 03473932, RHEL 8 only.
See discussion in private email thread "Customer case requiring our
assistance" in 2023.
---
common | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Submodule common 1174b443..c4841a70:
diff --git a/common/mlcustomize/SELinux_relabel.ml b/common/mlcustomize/SELinux_relabel.ml
index 5ecf7bd7..f0630db1 100644
--- a/common/mlcustomize/SELinux_relabel.ml
+++ b/common/mlcustomize/SELinux_relabel.ml
@@ -35,11 +35,12 @@ let rec relabel (g : G.guestfs) =
use_setfiles g;
(* That worked, so we don't need to autorelabel. *)
g#rm_f "/.autorelabel"
- with Failure _ ->
+ with Failure _
(* This is the fallback in case something in the setfiles
* method didn't work. That includes the case where a non-SELinux
* host is processing an SELinux guest, and other things.
*)
+ | Guestfs.Error _ -> (* this is for SFDC case 03473932 in RHEL 8 only *)
g#touch "/.autorelabel"
)

View File

@ -6,7 +6,7 @@ set -e
# directory. Use it like this:
# ./copy-patches.sh
rhel_version=8.8.0
rhel_version=8.7.0
# Check we're in the right directory.
if [ ! -f virt-v2v.spec ]; then
@ -31,28 +31,7 @@ git rm -f [0-9]*.patch ||:
rm -f [0-9]*.patch
# Get the patches.
(
cd $git_checkout
rm -f [0-9]*.patch
# Ignore some directories in common/ which are not in the virt-v2v tarball.
ignoredirs="edit mlvisit parallel progress structs visit windows"
rm -f common/.gitattributes
for i in $ignoredirs; do
echo "$i/* -diff" >> common/.gitattributes
done
git -c core.abbrev=8 format-patch -O/dev/null --subject-prefix=PATCH -N \
--submodule=diff --no-signature --patience $tag
# However the .gitattributes doesn't completely ignore them but produces
# Binary files a/... and b/... differ
# which prevents the patches from being applied so we must remove that too.
for i in $ignoredirs; do
sed -i "/^diff --git a\/common\/$i/,/^Binary files a\/common\/$i/{d;}" [0-9]*.patch
done
rm common/.gitattributes
)
(cd $git_checkout; rm -f [0-9]*.patch; git format-patch -N --submodule=diff $tag)
mv $git_checkout/[0-9]*.patch .
# Remove any not to be applied.

View File

@ -10,7 +10,7 @@
Name: virt-v2v
Epoch: 1
Version: 1.42.0
Release: 22%{?dist}
Release: 21%{?dist}
Summary: Convert a virtual machine to run on KVM
License: GPLv2+
@ -64,7 +64,7 @@ Patch0025: 0025-v2v-o-openstack-Allow-guests-to-be-converted-to-UEFI.patch
Patch0026: 0026-v2v-Fix-spelling-mistake-in-uninstall-function-name.patch
Patch0027: 0027-v2v-windows-Refactor-uninstallation_commands-functio.patch
Patch0028: 0028-v2v-Replace-broken-VMware-Tools-uninstall-command-ms.patch
Patch0029: 0029-Update-common-submodule-to-latest-upstream.patch
#Patch0029: 0029-Update-common-submodule-to-latest-upstream.patch
Patch0030: 0030-v2v-rhv-upload-plugin-Defer-imageio-connection.patch
Patch0031: 0031-v2v-windows-Fix-schtasks-SD-parameter.patch
Patch0032: 0032-v2v-Turn-pnp_wait.exe-warning-into-a-debug-message.patch
@ -88,7 +88,13 @@ Patch0049: 0049-tests-Add-test-of-i-ova-from-a-directory.patch
Patch0050: 0050-v2v-i-ova-Fix-parsing-if-OVA-directory-name-has-a-tr.patch
Patch0051: 0051-convert-If-listing-RPM-applications-fails-rebuild-DB.patch
Patch0052: 0052-update-common-submodule-for-CVE-2022-2211-fix.patch
Patch0053: 0053-RHEL-8-If-setfiles-fails-fall-back-to-autorelabel.patch
# Patches which apply to the common/ submodule.
# These have to be hand-modified.
Patch1001: 0001-options-Use-new-cryptsetup-open-API-if-available.patch
Patch1002: 0002-options-Use-cryptX-instead-of-luksX-as-the-temporary.patch
Patch1003: 0003-options-Support-Windows-BitLocker-RHBZ-1808977.patch
Patch1004: 0004-options-Ignore-errors-from-guestfs_luks_uuid.patch
# Use git for patch management.
BuildRequires: git
@ -325,11 +331,6 @@ rm $RPM_BUILD_ROOT%{_mandir}/man1/virt-v2v-test-harness.1*
%changelog
* Mon Apr 03 2023 Richard W.M. Jones <rjones@redhat.com> - 1:1.42.0-22
- RHEL 8: If setfiles fails fall back to autorelabel
resolves: rhbz#XXX
- Reapply patches since we are using git format-patch --submodule=diff
* Tue Jul 05 2022 Richard W.M. Jones <rjones@redhat.com> - 1:1.42.0-21
- Fix assertion failure when parsing OVA dir with trailing slash
resolves: rhbz#2028823