Compare commits
No commits in common. "c8-beta-stream-rhel" and "c8s-stream-rhel" have entirely different histories.
c8-beta-st
...
c8s-stream
@ -36,3 +36,6 @@ index 7df17b29..4d0b8639 100644
|
||||
|
||||
let get_domain conn name =
|
||||
let dom =
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -0,0 +1,34 @@
|
||||
From 96ea18db4a4f2e336145553c0fbbba59ede2221e Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Mon, 30 Mar 2020 14:34:43 +0100
|
||||
Subject: [PATCH 1/4] options: Use new cryptsetup-open API if available.
|
||||
|
||||
Fall back to luks-open if we're using libguestfs <= 1.43.1.
|
||||
---
|
||||
options/decrypt.c | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/options/decrypt.c b/options/decrypt.c
|
||||
index 683cf5e..d868f70 100644
|
||||
--- a/common/options/decrypt.c
|
||||
+++ b/common/options/decrypt.c
|
||||
@@ -97,11 +97,15 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
|
||||
|
||||
/* Try each key in turn. */
|
||||
for (j = 0; keys[j] != NULL; ++j) {
|
||||
- /* XXX Should we call guestfs_luks_open_ro if readonly flag
|
||||
+ /* XXX Should we set GUESTFS_CRYPTSETUP_OPEN_READONLY if readonly
|
||||
* is set? This might break 'mount_ro'.
|
||||
*/
|
||||
guestfs_push_error_handler (g, NULL, NULL);
|
||||
+#ifdef GUESTFS_HAVE_CRYPTSETUP_OPEN
|
||||
+ r = guestfs_cryptsetup_open (g, partitions[i], keys[j], mapname, -1);
|
||||
+#else
|
||||
r = guestfs_luks_open (g, partitions[i], keys[j], mapname);
|
||||
+#endif
|
||||
guestfs_pop_error_handler (g);
|
||||
if (r == 0)
|
||||
goto opened;
|
||||
--
|
||||
2.18.4
|
||||
|
@ -209,3 +209,6 @@ index 120a52f7..3cbca9d7 100644
|
||||
|
||||
-val input_libvirt_xen_ssh : Libvirt.rw Libvirt.Connect.t Lazy.t -> string option -> Xml.uri -> string -> string -> Types.input
|
||||
+val input_libvirt_xen_ssh : Libvirt.rw Libvirt.Connect.t Lazy.t -> string -> string option -> Xml.uri -> string -> string -> Types.input
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -0,0 +1,41 @@
|
||||
From f9770058fa3bd8871b8b4ded0b10d4be418224ae Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Mon, 7 Sep 2020 10:15:40 +0100
|
||||
Subject: [PATCH 2/4] options: Use cryptX instead of luksX as the temporary
|
||||
name.
|
||||
|
||||
---
|
||||
options/decrypt.c | 10 +++++-----
|
||||
1 file changed, 5 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/options/decrypt.c b/options/decrypt.c
|
||||
index d868f70..45de5b2 100644
|
||||
--- a/common/options/decrypt.c
|
||||
+++ b/common/options/decrypt.c
|
||||
@@ -38,18 +38,18 @@
|
||||
|
||||
/**
|
||||
* Make a LUKS map name from the partition name,
|
||||
- * eg. C<"/dev/vda2" =E<gt> "luksvda2">
|
||||
+ * eg. C<"/dev/vda2" =E<gt> "cryptvda2">
|
||||
*/
|
||||
static void
|
||||
make_mapname (const char *device, char *mapname, size_t len)
|
||||
{
|
||||
size_t i = 0;
|
||||
|
||||
- if (len < 5)
|
||||
+ if (len < 6)
|
||||
abort ();
|
||||
- strcpy (mapname, "luks");
|
||||
- mapname += 4;
|
||||
- len -= 4;
|
||||
+ strcpy (mapname, "crypt");
|
||||
+ mapname += 5;
|
||||
+ len -= 5;
|
||||
|
||||
if (STRPREFIX (device, "/dev/"))
|
||||
i = 5;
|
||||
--
|
||||
2.18.4
|
||||
|
@ -0,0 +1,56 @@
|
||||
From 778c08fe7b7eb00b7f48189dd1a3edf3f3be2625 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Mon, 30 Mar 2020 14:40:45 +0100
|
||||
Subject: [PATCH 3/4] options: Support Windows BitLocker (RHBZ#1808977).
|
||||
|
||||
---
|
||||
mltools/tools_utils.mli | 5 ++---
|
||||
options/decrypt.c | 9 ++++-----
|
||||
2 files changed, 6 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/mltools/tools_utils.mli b/mltools/tools_utils.mli
|
||||
index 102abff..1d1ac8a 100644
|
||||
--- a/common/mltools/tools_utils.mli
|
||||
+++ b/common/mltools/tools_utils.mli
|
||||
@@ -195,9 +195,8 @@ val is_btrfs_subvolume : Guestfs.guestfs -> string -> bool
|
||||
(** Checks if a filesystem is a btrfs subvolume. *)
|
||||
|
||||
val inspect_decrypt : Guestfs.guestfs -> key_store -> unit
|
||||
-(** Simple implementation of decryption: look for any [crypto_LUKS]
|
||||
- partitions and decrypt them, then rescan for VGs. This only works
|
||||
- for Fedora whole-disk encryption. *)
|
||||
+(** Simple implementation of decryption: look for any encrypted
|
||||
+ partitions and decrypt them, then rescan for VGs. *)
|
||||
|
||||
val with_timeout : string -> int -> ?sleep:int -> (unit -> 'a option) -> 'a
|
||||
(** [with_timeout op timeout ?sleep fn] implements a timeout loop.
|
||||
diff --git a/options/decrypt.c b/options/decrypt.c
|
||||
index 45de5b2..8eb24bc 100644
|
||||
--- a/common/options/decrypt.c
|
||||
+++ b/common/options/decrypt.c
|
||||
@@ -65,10 +65,8 @@ make_mapname (const char *device, char *mapname, size_t len)
|
||||
}
|
||||
|
||||
/**
|
||||
- * Simple implementation of decryption: look for any C<crypto_LUKS>
|
||||
- * partitions and decrypt them, then rescan for VGs. This only works
|
||||
- * for Fedora whole-disk encryption. WIP to make this work for other
|
||||
- * encryption schemes.
|
||||
+ * Simple implementation of decryption: look for any encrypted
|
||||
+ * partitions and decrypt them, then rescan for VGs.
|
||||
*/
|
||||
void
|
||||
inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
|
||||
@@ -82,7 +80,8 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
|
||||
|
||||
for (i = 0; partitions[i] != NULL; ++i) {
|
||||
CLEANUP_FREE char *type = guestfs_vfs_type (g, partitions[i]);
|
||||
- if (type && STREQ (type, "crypto_LUKS")) {
|
||||
+ if (type &&
|
||||
+ (STREQ (type, "crypto_LUKS") || STREQ (type, "BitLocker"))) {
|
||||
char mapname[32];
|
||||
make_mapname (partitions[i], mapname, sizeof mapname);
|
||||
|
||||
--
|
||||
2.18.4
|
||||
|
@ -29,3 +29,6 @@ index c28a4ced..4c128b0c 100644
|
||||
|
||||
let headers =
|
||||
List.map (
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -0,0 +1,50 @@
|
||||
From 132c355d3ba10b6ec303cbc059d6732056474695 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Tue, 6 Oct 2020 15:04:27 +0100
|
||||
Subject: [PATCH 4/4] options: Ignore errors from guestfs_luks_uuid.
|
||||
|
||||
For BitLocker disks cryptsetup does not (yet? ever?) support reading
|
||||
UUIDs and this function will fail. Skip reading the UUID in this
|
||||
case.
|
||||
|
||||
Updates commit bb4a2dc17a78b53437896d4215ae82df8e11b788.
|
||||
---
|
||||
options/decrypt.c | 11 ++++++++++-
|
||||
1 file changed, 10 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/options/decrypt.c b/options/decrypt.c
|
||||
index 8eb24bc..434b7d5 100644
|
||||
--- a/common/options/decrypt.c
|
||||
+++ b/common/options/decrypt.c
|
||||
@@ -25,6 +25,7 @@
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
+#include <stdbool.h>
|
||||
#include <string.h>
|
||||
#include <libintl.h>
|
||||
#include <error.h>
|
||||
@@ -82,11 +83,19 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
|
||||
CLEANUP_FREE char *type = guestfs_vfs_type (g, partitions[i]);
|
||||
if (type &&
|
||||
(STREQ (type, "crypto_LUKS") || STREQ (type, "BitLocker"))) {
|
||||
+ bool is_bitlocker = STREQ (type, "BitLocker");
|
||||
char mapname[32];
|
||||
make_mapname (partitions[i], mapname, sizeof mapname);
|
||||
|
||||
#ifdef GUESTFS_HAVE_LUKS_UUID
|
||||
- CLEANUP_FREE char *uuid = guestfs_luks_uuid (g, partitions[i]);
|
||||
+ CLEANUP_FREE char *uuid = NULL;
|
||||
+
|
||||
+ /* This fails for Windows BitLocker disks because cryptsetup
|
||||
+ * luksUUID cannot read a UUID (unclear if this is a limitation
|
||||
+ * of the format or cryptsetup).
|
||||
+ */
|
||||
+ if (!is_bitlocker)
|
||||
+ uuid = guestfs_luks_uuid (g, partitions[i]);
|
||||
#else
|
||||
const char *uuid = NULL;
|
||||
#endif
|
||||
--
|
||||
2.18.4
|
||||
|
@ -92,3 +92,6 @@ index 05553c4f..5a1fba0f 100644
|
||||
] [];
|
||||
(match pool with
|
||||
| None ->
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -46,3 +46,6 @@ index 979c3773..402dfd0e 100644
|
||||
cmd, args
|
||||
)
|
||||
else cmd, [] in
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -44,3 +44,6 @@ index 402dfd0e..bfda91a7 100644
|
||||
|
||||
(* Caching extents speeds up qemu-img, especially its consecutive
|
||||
* block_status requests with req_one=1.
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -111,3 +111,6 @@ index bfda91a7..47832011 100644
|
||||
|
||||
let run cmd =
|
||||
let sock, _ = Nbdkit.run_unix cmd in
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -52,3 +52,6 @@ index 47832011..f5e91911 100644
|
||||
| PasswordFile password_file ->
|
||||
Nbdkit.add_arg cmd "password" ("+" ^ password_file) in
|
||||
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -39,3 +39,6 @@ index 1ab6bb4d..497840c2 100644
|
||||
|
||||
typedef OsinfoDb *OsinfoDb_t;
|
||||
typedef OsinfoOs *OsinfoOs_t;
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -11,7 +11,7 @@ Subject: [PATCH] v2v: Use common documentation for --keys-from-stdin.
|
||||
|
||||
Submodule common be42b0b8..5ea1baec:
|
||||
diff --git a/common/options/Makefile.am b/common/options/Makefile.am
|
||||
index b38fedc7..f7ea7493 100644
|
||||
index b38fedc..f7ea749 100644
|
||||
--- a/common/options/Makefile.am
|
||||
+++ b/common/options/Makefile.am
|
||||
@@ -19,6 +19,7 @@ include $(top_srcdir)/subdir-rules.mk
|
||||
@ -24,7 +24,7 @@ index b38fedc7..f7ea7493 100644
|
||||
# liboptions.la contains guestfish code which is used in other
|
||||
diff --git a/common/options/keys-from-stdin-option.pod b/common/options/keys-from-stdin-option.pod
|
||||
new file mode 100644
|
||||
index 00000000..03c5339b
|
||||
index 0000000..03c5339
|
||||
--- /dev/null
|
||||
+++ b/common/options/keys-from-stdin-option.pod
|
||||
@@ -0,0 +1,4 @@
|
||||
@ -55,3 +55,6 @@ index a00fa8af..74934eb4 100644
|
||||
|
||||
=item B<--mac> aa:bb:cc:dd:ee:ffB<:network:>out
|
||||
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -11,7 +11,7 @@ Subject: [PATCH] docs: Multiple keys must be supplied one per line
|
||||
|
||||
Submodule common 5ea1baec..9338df5e:
|
||||
diff --git a/common/options/keys-from-stdin-option.pod b/common/options/keys-from-stdin-option.pod
|
||||
index 03c5339b..83790394 100644
|
||||
index 03c5339..8379039 100644
|
||||
--- a/common/options/keys-from-stdin-option.pod
|
||||
+++ b/common/options/keys-from-stdin-option.pod
|
||||
@@ -2,3 +2,6 @@
|
||||
@ -21,3 +21,6 @@ index 03c5339b..83790394 100644
|
||||
+
|
||||
+If there are multiple encrypted devices then you may need to supply
|
||||
+multiple keys on stdin, one per line.
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -121,3 +121,6 @@ index 249137ab..3b74f307 100644
|
||||
in
|
||||
|
||||
let no_trim_warning _ =
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -28,3 +28,6 @@ index 4d0b8639..1a24b049 100644
|
||||
List.map (
|
||||
function
|
||||
| { Libvirt.Connect.typ = Libvirt.Connect.CredentialPassphrase } -> password
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -28,3 +28,6 @@ index be3a3c5e..85d08265 100644
|
||||
|
||||
let flag = Qemuopts.flag cmd
|
||||
and arg = Qemuopts.arg cmd
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -100,3 +100,6 @@ index 3b74f307..df69e2e0 100644
|
||||
Output_qemu.output_qemu os qemu_boot,
|
||||
output_format, output_alloc
|
||||
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -29,3 +29,6 @@ index ccbb9d68..c2940582 100644
|
||||
|
||||
(* Find the UEFI firmware. *)
|
||||
let find_uefi_firmware guest_arch =
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -74,3 +74,6 @@ index f1da222a..ff94fe39 100755
|
||||
diff -u "$expected" "$response"
|
||||
|
||||
# We also update the Registry several times, for firstboot, and (ONLY
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -281,3 +281,6 @@ index df69e2e0..7b79d462 100644
|
||||
(* Common error message. *)
|
||||
let error_option_cannot_be_used_in_output_mode mode opt =
|
||||
error (f_"-o %s: %s option cannot be used in this output mode") mode opt
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -21,3 +21,6 @@ index d146e84c..4e403003 100644
|
||||
s_listen = LNoListen; s_port = None };
|
||||
s_video = None;
|
||||
s_sound = None;
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -21,3 +21,6 @@ index 3b3cf0f0..32da2848 100644
|
||||
|
||||
=head1 INPUT FROM XEN
|
||||
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -84,3 +84,6 @@ index d3e6260e..471102da 100644
|
||||
storage_domains=[
|
||||
types.StorageDomain(
|
||||
name=params['output_storage'],
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -22,3 +22,6 @@ index 33c5e9a2..b1ea8f9d 100644
|
||||
|
||||
type script = {
|
||||
tmpdir : string; (* Temporary directory. *)
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -120,3 +120,6 @@ index 8333366b..a5150907 100644
|
||||
|
||||
=head2 Guest firmware
|
||||
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -383,3 +383,6 @@ index 73edff2c..a58ff433 100644
|
||||
rename ov.ov_overlay_file saved_filename;
|
||||
info (f_"Overlay saved as %s [--debug-overlays]") saved_filename
|
||||
) overlays
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -29,3 +29,6 @@ index 179b0edf..fdc04b02 100644
|
||||
|
||||
(* List of Cinder volume IDs. *)
|
||||
val mutable volume_ids = []
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -39,3 +39,6 @@ index ba26949f..f2f7b95c 100644
|
||||
|
||||
(*----------------------------------------------------------------------*)
|
||||
(* Perform the conversion of the Windows guest. *)
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -132,3 +132,6 @@ index f2f7b95c..84db742f 100644
|
||||
|
||||
(*----------------------------------------------------------------------*)
|
||||
(* Perform the conversion of the Windows guest. *)
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -57,3 +57,6 @@ index 84db742f..44cef5ed 100644
|
||||
|
||||
(*----------------------------------------------------------------------*)
|
||||
(* Perform the conversion of the Windows guest. *)
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -1,447 +0,0 @@
|
||||
From 9292a4637e8f4d534f4dde70e8e5451f61ad0162 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Tue, 19 Jan 2021 14:22:33 +0000
|
||||
Subject: [PATCH] Update common/ submodule to latest upstream.
|
||||
|
||||
Only for RHEL AV 8.4.0, allowing this branch to be compiled
|
||||
from git with libguestfs 1.44.
|
||||
---
|
||||
common | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
Submodule common 9338df5e...be09523d:
|
||||
diff --git a/common/mlcustomize/SELinux_relabel.ml b/common/mlcustomize/SELinux_relabel.ml
|
||||
index 44995df6..5ecf7bd7 100644
|
||||
--- a/common/mlcustomize/SELinux_relabel.ml
|
||||
+++ b/common/mlcustomize/SELinux_relabel.ml
|
||||
@@ -28,65 +28,80 @@ module G = Guestfs
|
||||
let array_find a l =
|
||||
List.mem a (Array.to_list l)
|
||||
|
||||
-let relabel (g : G.guestfs) =
|
||||
- (* Is the guest using SELinux? *)
|
||||
- if g#is_file ~followsymlinks:true "/usr/sbin/load_policy" &&
|
||||
- g#is_file ~followsymlinks:true "/etc/selinux/config" then (
|
||||
- (* Is setfiles / SELinux relabelling functionality available? *)
|
||||
- if g#feature_available [| "selinuxrelabel" |] then (
|
||||
- (* Use Augeas to parse /etc/selinux/config. *)
|
||||
- g#aug_init "/" (16+32) (* AUG_SAVE_NOOP | AUG_NO_LOAD *);
|
||||
- (* See: https://bugzilla.redhat.com/show_bug.cgi?id=975412#c0 *)
|
||||
- ignore (g#aug_rm "/augeas/load/*[\"/etc/selinux/config/\" !~ regexp('^') + glob(incl) + regexp('/.*')]");
|
||||
- g#aug_load ();
|
||||
- debug_augeas_errors g;
|
||||
-
|
||||
- (* Get the SELinux policy name, eg. "targeted", "minimum".
|
||||
- * Use "targeted" if not specified, just like libselinux does.
|
||||
- *)
|
||||
- let policy =
|
||||
- let config_path = "/files/etc/selinux/config" in
|
||||
- let selinuxtype_path = config_path ^ "/SELINUXTYPE" in
|
||||
- let keys = g#aug_ls config_path in
|
||||
- if array_find selinuxtype_path keys then
|
||||
- g#aug_get selinuxtype_path
|
||||
- else
|
||||
- "targeted" in
|
||||
-
|
||||
- g#aug_close ();
|
||||
-
|
||||
- (* Get the spec file name. *)
|
||||
- let specfile =
|
||||
- sprintf "/etc/selinux/%s/contexts/files/file_contexts" policy in
|
||||
-
|
||||
- (* RHEL 6.2 - 6.5 had a malformed specfile that contained the
|
||||
- * invalid regular expression "/var/run/spice-vdagentd.\pid"
|
||||
- * (instead of "\.p"). This stops setfiles from working on
|
||||
- * the guest.
|
||||
- *
|
||||
- * Because an SELinux relabel writes all over the filesystem,
|
||||
- * it seems reasonable to fix this problem in the specfile
|
||||
- * at the same time. (RHBZ#1374232)
|
||||
- *)
|
||||
- if g#grep ~fixed:true "vdagentd.\\pid" specfile <> [||] then (
|
||||
- debug "fixing invalid regular expression in %s" specfile;
|
||||
- let old_specfile = specfile ^ "~" in
|
||||
- g#mv specfile old_specfile;
|
||||
- let content = g#read_file old_specfile in
|
||||
- let content =
|
||||
- String.replace content "vdagentd.\\pid" "vdagentd\\.pid" in
|
||||
- g#write specfile content;
|
||||
- g#copy_attributes ~all:true old_specfile specfile
|
||||
- );
|
||||
-
|
||||
- (* Relabel everything. *)
|
||||
- g#selinux_relabel ~force:true specfile "/";
|
||||
-
|
||||
- (* If that worked, we don't need to autorelabel. *)
|
||||
+let rec relabel (g : G.guestfs) =
|
||||
+ (* Is the guest using SELinux? (Otherwise this is a no-op). *)
|
||||
+ if is_selinux_guest g then (
|
||||
+ try
|
||||
+ use_setfiles g;
|
||||
+ (* That worked, so we don't need to autorelabel. *)
|
||||
g#rm_f "/.autorelabel"
|
||||
- )
|
||||
- else (
|
||||
- (* SELinux guest, but not SELinux host. Fallback to this. *)
|
||||
+ with Failure _ ->
|
||||
+ (* This is the fallback in case something in the setfiles
|
||||
+ * method didn't work. That includes the case where a non-SELinux
|
||||
+ * host is processing an SELinux guest, and other things.
|
||||
+ *)
|
||||
g#touch "/.autorelabel"
|
||||
- )
|
||||
)
|
||||
+
|
||||
+and is_selinux_guest g =
|
||||
+ g#is_file ~followsymlinks:true "/usr/sbin/load_policy" &&
|
||||
+ g#is_file ~followsymlinks:true "/etc/selinux/config"
|
||||
+
|
||||
+and use_setfiles g =
|
||||
+ (* Is setfiles / SELinux relabelling functionality available? *)
|
||||
+ if not (g#feature_available [| "selinuxrelabel" |]) then
|
||||
+ failwith "no selinux relabel feature";
|
||||
+
|
||||
+ (* Use Augeas to parse /etc/selinux/config. *)
|
||||
+ g#aug_init "/" (16+32) (* AUG_SAVE_NOOP | AUG_NO_LOAD *);
|
||||
+ (* See: https://bugzilla.redhat.com/show_bug.cgi?id=975412#c0 *)
|
||||
+ ignore (g#aug_rm "/augeas/load/*[\"/etc/selinux/config/\" !~ regexp('^') + glob(incl) + regexp('/.*')]");
|
||||
+ g#aug_load ();
|
||||
+ debug_augeas_errors g;
|
||||
+
|
||||
+ (* Get the SELinux policy name, eg. "targeted", "minimum".
|
||||
+ * Use "targeted" if not specified, just like libselinux does.
|
||||
+ *)
|
||||
+ let policy =
|
||||
+ let config_path = "/files/etc/selinux/config" in
|
||||
+ let selinuxtype_path = config_path ^ "/SELINUXTYPE" in
|
||||
+ let keys = g#aug_ls config_path in
|
||||
+ if array_find selinuxtype_path keys then
|
||||
+ g#aug_get selinuxtype_path
|
||||
+ else
|
||||
+ "targeted" in
|
||||
+
|
||||
+ g#aug_close ();
|
||||
+
|
||||
+ (* Get the spec file name. *)
|
||||
+ let specfile =
|
||||
+ sprintf "/etc/selinux/%s/contexts/files/file_contexts" policy in
|
||||
+
|
||||
+ (* If the spec file doesn't exist then fall back to using
|
||||
+ * autorelabel (RHBZ#1828952).
|
||||
+ *)
|
||||
+ if not (g#is_file ~followsymlinks:true specfile) then
|
||||
+ failwith "no spec file";
|
||||
+
|
||||
+ (* RHEL 6.2 - 6.5 had a malformed specfile that contained the
|
||||
+ * invalid regular expression "/var/run/spice-vdagentd.\pid"
|
||||
+ * (instead of "\.p"). This stops setfiles from working on
|
||||
+ * the guest.
|
||||
+ *
|
||||
+ * Because an SELinux relabel writes all over the filesystem,
|
||||
+ * it seems reasonable to fix this problem in the specfile
|
||||
+ * at the same time. (RHBZ#1374232)
|
||||
+ *)
|
||||
+ if g#grep ~fixed:true "vdagentd.\\pid" specfile <> [||] then (
|
||||
+ debug "fixing invalid regular expression in %s" specfile;
|
||||
+ let old_specfile = specfile ^ "~" in
|
||||
+ g#mv specfile old_specfile;
|
||||
+ let content = g#read_file old_specfile in
|
||||
+ let content =
|
||||
+ String.replace content "vdagentd.\\pid" "vdagentd\\.pid" in
|
||||
+ g#write specfile content;
|
||||
+ g#copy_attributes ~all:true old_specfile specfile
|
||||
+ );
|
||||
+
|
||||
+ (* Relabel everything. *)
|
||||
+ g#selinux_relabel ~force:true specfile "/"
|
||||
diff --git a/common/mltools/Makefile.am b/common/mltools/Makefile.am
|
||||
index 3b4172db..aea2dce9 100644
|
||||
--- a/common/mltools/Makefile.am
|
||||
+++ b/common/mltools/Makefile.am
|
||||
@@ -95,6 +95,7 @@ libmltools_a_CPPFLAGS = \
|
||||
-I$(shell $(OCAMLC) -where) \
|
||||
-I$(top_srcdir)/common/utils \
|
||||
-I$(top_srcdir)/lib \
|
||||
+ $(INCLUDE_DIRECTORY) \
|
||||
-I$(top_srcdir)/common/options \
|
||||
-I$(top_srcdir)/common/mlgettext \
|
||||
-I$(top_srcdir)/common/mlpcre \
|
||||
diff --git a/common/mltools/tools_utils.ml b/common/mltools/tools_utils.ml
|
||||
index 12718022..d54ec581 100644
|
||||
--- a/common/mltools/tools_utils.ml
|
||||
+++ b/common/mltools/tools_utils.ml
|
||||
@@ -679,3 +679,53 @@ let with_timeout op timeout ?(sleep = 2) fn =
|
||||
loop ()
|
||||
in
|
||||
loop ()
|
||||
+
|
||||
+let run_in_guest_command g root ?logfile ?incompatible_fn cmd =
|
||||
+ (* Is the host_cpu compatible with the guest arch? ie. Can we
|
||||
+ * run commands in this guest?
|
||||
+ *)
|
||||
+ let guest_arch = g#inspect_get_arch root in
|
||||
+ let guest_arch_compatible = guest_arch_compatible guest_arch in
|
||||
+ if not guest_arch_compatible then (
|
||||
+ match incompatible_fn with
|
||||
+ | None -> ()
|
||||
+ | Some fn -> fn ()
|
||||
+ )
|
||||
+ else (
|
||||
+ (* Add a prologue to the scripts:
|
||||
+ * - Pass environment variables through from the host.
|
||||
+ * - Optionally send stdout and stderr to a log file so we capture
|
||||
+ * all output in error messages.
|
||||
+ * - Use setarch when running x86_64 host + i686 guest.
|
||||
+ *)
|
||||
+ let env_vars =
|
||||
+ List.filter_map (
|
||||
+ fun name ->
|
||||
+ try Some (sprintf "export %s=%s" name (quote (Sys.getenv name)))
|
||||
+ with Not_found -> None
|
||||
+ ) [ "http_proxy"; "https_proxy"; "ftp_proxy"; "no_proxy" ] in
|
||||
+ let env_vars = String.concat "\n" env_vars ^ "\n" in
|
||||
+
|
||||
+ let cmd =
|
||||
+ match Guestfs_config.host_cpu, guest_arch with
|
||||
+ | "x86_64", ("i386"|"i486"|"i586"|"i686") ->
|
||||
+ sprintf "setarch i686 <<\"__EOCMD\"
|
||||
+%s
|
||||
+__EOCMD
|
||||
+" cmd
|
||||
+ | _ -> cmd in
|
||||
+
|
||||
+ let logfile_redirect =
|
||||
+ match logfile with
|
||||
+ | None -> ""
|
||||
+ | Some logfile -> sprintf "exec >>%s 2>&1" (quote logfile) in
|
||||
+
|
||||
+ let cmd = sprintf "\
|
||||
+%s
|
||||
+%s
|
||||
+%s
|
||||
+" (logfile_redirect) env_vars cmd in
|
||||
+
|
||||
+ debug "running command:\n%s" cmd;
|
||||
+ ignore (g#sh cmd)
|
||||
+ )
|
||||
diff --git a/common/mltools/tools_utils.mli b/common/mltools/tools_utils.mli
|
||||
index ab70f583..1d1ac8a8 100644
|
||||
--- a/common/mltools/tools_utils.mli
|
||||
+++ b/common/mltools/tools_utils.mli
|
||||
@@ -195,9 +195,8 @@ val is_btrfs_subvolume : Guestfs.guestfs -> string -> bool
|
||||
(** Checks if a filesystem is a btrfs subvolume. *)
|
||||
|
||||
val inspect_decrypt : Guestfs.guestfs -> key_store -> unit
|
||||
-(** Simple implementation of decryption: look for any [crypto_LUKS]
|
||||
- partitions and decrypt them, then rescan for VGs. This only works
|
||||
- for Fedora whole-disk encryption. *)
|
||||
+(** Simple implementation of decryption: look for any encrypted
|
||||
+ partitions and decrypt them, then rescan for VGs. *)
|
||||
|
||||
val with_timeout : string -> int -> ?sleep:int -> (unit -> 'a option) -> 'a
|
||||
(** [with_timeout op timeout ?sleep fn] implements a timeout loop.
|
||||
@@ -212,3 +211,13 @@ val with_timeout : string -> int -> ?sleep:int -> (unit -> 'a option) -> 'a
|
||||
calls {!error} and the program exits. The error message will
|
||||
contain the diagnostic string [op] to identify the operation
|
||||
which timed out. *)
|
||||
+
|
||||
+val run_in_guest_command : Guestfs.guestfs -> string -> ?logfile:string -> ?incompatible_fn:(unit -> unit) -> string -> unit
|
||||
+(** [run_in_guest_command g root ?incompatible_archs_fn cmd]
|
||||
+ runs a command in the guest, which is already mounted for the
|
||||
+ specified [root]. The command is run directly in case the
|
||||
+ architecture of the host and the guest are compatible, optionally
|
||||
+ calling [?incompatible_fn] in case they are not.
|
||||
+
|
||||
+ [?logfile] is an optional file in the guest to where redirect
|
||||
+ stdout and stderr of the command. *)
|
||||
diff --git a/common/mlutils/unix_utils-c.c b/common/mlutils/unix_utils-c.c
|
||||
index 33099611..8acf0395 100644
|
||||
--- a/common/mlutils/unix_utils-c.c
|
||||
+++ b/common/mlutils/unix_utils-c.c
|
||||
@@ -77,6 +77,7 @@ extern value guestfs_int_mllib_mkdtemp (value val_pattern);
|
||||
extern value guestfs_int_mllib_realpath (value pathv);
|
||||
extern value guestfs_int_mllib_statvfs_statvfs (value pathv);
|
||||
extern value guestfs_int_mllib_statvfs_is_network_filesystem (value pathv);
|
||||
+extern value guestfs_int_mllib_sysconf_nr_processors_online (value unitv);
|
||||
|
||||
/* NB: This is a "noalloc" call. */
|
||||
value
|
||||
@@ -368,3 +369,17 @@ guestfs_int_mllib_statvfs_is_network_filesystem (value pathv)
|
||||
return Val_bool (0);
|
||||
#endif
|
||||
}
|
||||
+
|
||||
+/* NB: This is a "noalloc" call. */
|
||||
+value
|
||||
+guestfs_int_mllib_sysconf_nr_processors_online (value unitv)
|
||||
+{
|
||||
+#ifdef _SC_NPROCESSORS_ONLN
|
||||
+ long n;
|
||||
+
|
||||
+ n = sysconf (_SC_NPROCESSORS_ONLN);
|
||||
+ if (n > 0) return Val_int (n);
|
||||
+#endif
|
||||
+ /* Return a safe value so that callers don't need to deal with errors. */
|
||||
+ return Val_int (1);
|
||||
+}
|
||||
diff --git a/common/mlutils/unix_utils.ml b/common/mlutils/unix_utils.ml
|
||||
index 52eb824d..2bdda12a 100644
|
||||
--- a/common/mlutils/unix_utils.ml
|
||||
+++ b/common/mlutils/unix_utils.ml
|
||||
@@ -84,3 +84,8 @@ module StatVFS = struct
|
||||
external is_network_filesystem : string -> bool =
|
||||
"guestfs_int_mllib_statvfs_is_network_filesystem" "noalloc"
|
||||
end
|
||||
+
|
||||
+module Sysconf = struct
|
||||
+ external nr_processors_online : unit -> int =
|
||||
+ "guestfs_int_mllib_sysconf_nr_processors_online" "noalloc"
|
||||
+end
|
||||
diff --git a/common/mlutils/unix_utils.mli b/common/mlutils/unix_utils.mli
|
||||
index 4fcea4a3..aead4df2 100644
|
||||
--- a/common/mlutils/unix_utils.mli
|
||||
+++ b/common/mlutils/unix_utils.mli
|
||||
@@ -121,3 +121,12 @@ module StatVFS : sig
|
||||
(** [is_network_filesystem path] returns true if [path] is located on
|
||||
a network filesystem such as NFS or CIFS. *)
|
||||
end
|
||||
+
|
||||
+module Sysconf : sig
|
||||
+ val nr_processors_online : unit -> int
|
||||
+ (** [nr_processors_online ()] returns the number of processors
|
||||
+ currently online, from [sysconf (_SC_NPROCESSORS_ONLN)].
|
||||
+
|
||||
+ Note this never fails. In case we cannot get the number of
|
||||
+ cores it returns 1. *)
|
||||
+end
|
||||
diff --git a/common/options/Makefile.am b/common/options/Makefile.am
|
||||
index f7ea7493..162d143b 100644
|
||||
--- a/common/options/Makefile.am
|
||||
+++ b/common/options/Makefile.am
|
||||
@@ -41,8 +41,9 @@ liboptions_la_SOURCES = \
|
||||
liboptions_la_CPPFLAGS = \
|
||||
-DGUESTFS_NO_DEPRECATED=1 \
|
||||
-I$(top_srcdir)/common/utils -I$(top_builddir)/common/utils \
|
||||
+ -I$(top_srcdir)/gnulib/lib -I$(top_builddir)/gnulib/lib \
|
||||
-I$(top_srcdir)/lib -I$(top_builddir)/lib \
|
||||
- -I$(top_srcdir)/gnulib/lib -I$(top_builddir)/gnulib/lib
|
||||
+ $(INCLUDE_DIRECTORY)
|
||||
liboptions_la_CFLAGS = \
|
||||
$(WARN_CFLAGS) $(WERROR_CFLAGS) \
|
||||
$(LIBCONFIG_CFLAGS) \
|
||||
diff --git a/common/options/decrypt.c b/common/options/decrypt.c
|
||||
index 683cf5ed..434b7d58 100644
|
||||
--- a/common/options/decrypt.c
|
||||
+++ b/common/options/decrypt.c
|
||||
@@ -25,6 +25,7 @@
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
+#include <stdbool.h>
|
||||
#include <string.h>
|
||||
#include <libintl.h>
|
||||
#include <error.h>
|
||||
@@ -38,18 +39,18 @@
|
||||
|
||||
/**
|
||||
* Make a LUKS map name from the partition name,
|
||||
- * eg. C<"/dev/vda2" =E<gt> "luksvda2">
|
||||
+ * eg. C<"/dev/vda2" =E<gt> "cryptvda2">
|
||||
*/
|
||||
static void
|
||||
make_mapname (const char *device, char *mapname, size_t len)
|
||||
{
|
||||
size_t i = 0;
|
||||
|
||||
- if (len < 5)
|
||||
+ if (len < 6)
|
||||
abort ();
|
||||
- strcpy (mapname, "luks");
|
||||
- mapname += 4;
|
||||
- len -= 4;
|
||||
+ strcpy (mapname, "crypt");
|
||||
+ mapname += 5;
|
||||
+ len -= 5;
|
||||
|
||||
if (STRPREFIX (device, "/dev/"))
|
||||
i = 5;
|
||||
@@ -65,10 +66,8 @@ make_mapname (const char *device, char *mapname, size_t len)
|
||||
}
|
||||
|
||||
/**
|
||||
- * Simple implementation of decryption: look for any C<crypto_LUKS>
|
||||
- * partitions and decrypt them, then rescan for VGs. This only works
|
||||
- * for Fedora whole-disk encryption. WIP to make this work for other
|
||||
- * encryption schemes.
|
||||
+ * Simple implementation of decryption: look for any encrypted
|
||||
+ * partitions and decrypt them, then rescan for VGs.
|
||||
*/
|
||||
void
|
||||
inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
|
||||
@@ -82,12 +81,21 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
|
||||
|
||||
for (i = 0; partitions[i] != NULL; ++i) {
|
||||
CLEANUP_FREE char *type = guestfs_vfs_type (g, partitions[i]);
|
||||
- if (type && STREQ (type, "crypto_LUKS")) {
|
||||
+ if (type &&
|
||||
+ (STREQ (type, "crypto_LUKS") || STREQ (type, "BitLocker"))) {
|
||||
+ bool is_bitlocker = STREQ (type, "BitLocker");
|
||||
char mapname[32];
|
||||
make_mapname (partitions[i], mapname, sizeof mapname);
|
||||
|
||||
#ifdef GUESTFS_HAVE_LUKS_UUID
|
||||
- CLEANUP_FREE char *uuid = guestfs_luks_uuid (g, partitions[i]);
|
||||
+ CLEANUP_FREE char *uuid = NULL;
|
||||
+
|
||||
+ /* This fails for Windows BitLocker disks because cryptsetup
|
||||
+ * luksUUID cannot read a UUID (unclear if this is a limitation
|
||||
+ * of the format or cryptsetup).
|
||||
+ */
|
||||
+ if (!is_bitlocker)
|
||||
+ uuid = guestfs_luks_uuid (g, partitions[i]);
|
||||
#else
|
||||
const char *uuid = NULL;
|
||||
#endif
|
||||
@@ -97,11 +105,15 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
|
||||
|
||||
/* Try each key in turn. */
|
||||
for (j = 0; keys[j] != NULL; ++j) {
|
||||
- /* XXX Should we call guestfs_luks_open_ro if readonly flag
|
||||
+ /* XXX Should we set GUESTFS_CRYPTSETUP_OPEN_READONLY if readonly
|
||||
* is set? This might break 'mount_ro'.
|
||||
*/
|
||||
guestfs_push_error_handler (g, NULL, NULL);
|
||||
+#ifdef GUESTFS_HAVE_CRYPTSETUP_OPEN
|
||||
+ r = guestfs_cryptsetup_open (g, partitions[i], keys[j], mapname, -1);
|
||||
+#else
|
||||
r = guestfs_luks_open (g, partitions[i], keys[j], mapname);
|
||||
+#endif
|
||||
guestfs_pop_error_handler (g);
|
||||
if (r == 0)
|
||||
goto opened;
|
||||
diff --git a/common/options/uri.c b/common/options/uri.c
|
||||
index ac36bccb..6b696fc2 100644
|
||||
--- a/common/options/uri.c
|
||||
+++ b/common/options/uri.c
|
||||
@@ -194,6 +194,7 @@ parse (const char *arg, char **path_ret, char **protocol_ret,
|
||||
if (path && path[0] == '/' &&
|
||||
(STREQ (uri->scheme, "gluster") ||
|
||||
STREQ (uri->scheme, "iscsi") ||
|
||||
+ STREQ (uri->scheme, "nbd") ||
|
||||
STREQ (uri->scheme, "rbd") ||
|
||||
STREQ (uri->scheme, "sheepdog")))
|
||||
path++;
|
||||
diff --git a/common/utils/guestfs-stringlists-utils.h b/common/utils/guestfs-stringlists-utils.h
|
||||
index 0bac1587..ade3b6f3 100644
|
||||
--- a/common/utils/guestfs-stringlists-utils.h
|
||||
+++ b/common/utils/guestfs-stringlists-utils.h
|
||||
@@ -21,7 +21,8 @@
|
||||
|
||||
/* stringlists-utils.c */
|
||||
extern void guestfs_int_free_string_list (char **);
|
||||
-extern size_t guestfs_int_count_strings (char *const *);
|
||||
+extern size_t guestfs_int_count_strings (char *const *)
|
||||
+ __attribute__((__nonnull__ (1)));
|
||||
extern char *guestfs_int_concat_strings (char *const *);
|
||||
extern char **guestfs_int_copy_string_list (char *const *);
|
||||
extern char *guestfs_int_join_strings (const char *sep, char *const *);
|
@ -78,3 +78,6 @@ index 471102da..7cd6dea6 100644
|
||||
http = optimize_http(http, host, options)
|
||||
except:
|
||||
cancel_transfer(connection, transfer)
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -32,3 +32,6 @@ index 44cef5ed..4d844e2d 100644
|
||||
"
|
||||
msi_path msi_path msi_path in
|
||||
Firstboot.add_firstboot_script g inspect.i_root
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -27,3 +27,6 @@ index 4d844e2d..33fbd410 100644
|
||||
|
||||
(* Install RHEV-APT only if appropriate for the output hypervisor. *)
|
||||
if output#install_rhev_apt then (
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -22,3 +22,6 @@ index a5150907..1ffc0f9d 100644
|
||||
|
||||
=item UEFI on oVirt or RHV
|
||||
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -42,3 +42,6 @@ index 78623d97..f5a3abad 100644
|
||||
|
||||
Virt-v2v adds metadata for the guest to Glance, describing such things
|
||||
as the guest operating system and what drivers it requires. The
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -147,3 +147,6 @@ index a58ff433..1f8d0138 100644
|
||||
|
||||
| TargetURI _ ->
|
||||
(* XXX For the moment we assume that qemu URI outputs
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -37,3 +37,6 @@ index f5e91911..7c177e35 100644
|
||||
|
||||
(* Caching extents speeds up qemu-img, especially its consecutive
|
||||
* block_status requests with req_one=1.
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -32,3 +32,6 @@ index e4df920e..ae8964dd 100644
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<virt-v2v(1)>.
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -126,3 +126,6 @@ index 1f8d0138..bde51885 100644
|
||||
(* Not all the filesystems have inode counts. *)
|
||||
if files > 0L && ffree < needed_inodes then
|
||||
error (f_"not enough available inodes for conversion on filesystem ‘%s’. %Ld inodes available < %Ld inodes needed")
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -25,3 +25,6 @@ index 4e00cd61..b8256bad 100644
|
||||
match rcaps.rcaps_video, has_qxl with
|
||||
| Some QXL, false ->
|
||||
error (f_"there is no QXL driver for this version of Windows (%d.%d %s). virt-v2v looks for this driver in %s")
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -23,3 +23,6 @@ index 1ffc0f9d..a9bfffab 100644
|
||||
|
||||
=item UEFI on oVirt or RHV
|
||||
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -55,3 +55,6 @@ index bde51885..8af86687 100644
|
||||
(* For everything else, just make sure there is some free space. *)
|
||||
| _ -> 10
|
||||
in
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -174,3 +174,6 @@ index 7cd6dea6..61ade1a8 100644
|
||||
|
||||
|
||||
def transfer_supports_format():
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -75,3 +75,6 @@ index 33fbd410..13de10cb 100644
|
||||
)
|
||||
)
|
||||
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -270,3 +270,6 @@ index 4c128b0c..ead03364 100644
|
||||
let qemu_uri = Nbdkit_sources.run nbdkit in
|
||||
|
||||
(* Return the struct. *)
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -39,3 +39,6 @@ index 13de10cb..6c7440aa 100644
|
||||
"
|
||||
msi_path msi_path msi_path in
|
||||
Firstboot.add_firstboot_script g inspect.i_root
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -206,3 +206,6 @@ index 8af86687..203b93f1 100644
|
||||
|
||||
(* What really happens here is that the call to #disk_create
|
||||
* below fails if the format is not raw or qcow2. We would
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -39,3 +39,6 @@ index 27e08135..e65fbf4a 100644
|
||||
|
||||
(match xpath_string "/volume/@type" with
|
||||
| None | Some "file" ->
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -177,3 +177,6 @@ index 50bb7e34..8887c52b 100644
|
||||
+ raise RuntimeError(
|
||||
+ "Timed out waiting for VM creation!"
|
||||
+ " Jobs still running for correlation id %s" % correlation_id)
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -91,3 +91,6 @@ index 00000000..7c593139
|
||||
+ -o null
|
||||
+
|
||||
+rm -rf $d
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -61,3 +61,6 @@ index 568ac5fa..fc413d2a 100644
|
||||
|
||||
(* Return true if [libvirt] supports ["json:"] pseudo-URLs and accepts the
|
||||
* ["raw"] driver. Function also returns true if [libvirt] backend is not
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -93,3 +93,6 @@ index b8a3c8ad..554fde1d 100644
|
||||
(* See if this guest could use UEFI to boot. It should use GPT and
|
||||
* it should have an EFI System Partition (ESP).
|
||||
*
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -16,7 +16,7 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
|
||||
Submodule common be09523d..1174b443:
|
||||
diff --git a/common/options/keys.c b/common/options/keys.c
|
||||
index 798315c2..d27a7123 100644
|
||||
index 798315c..d27a712 100644
|
||||
--- a/common/options/keys.c
|
||||
+++ b/common/options/keys.c
|
||||
@@ -128,17 +128,23 @@ read_first_line_from_file (const char *filename)
|
||||
@ -48,3 +48,6 @@ index 798315c2..d27a7123 100644
|
||||
if (r == NULL)
|
||||
error (EXIT_FAILURE, errno, "calloc");
|
||||
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -1,32 +0,0 @@
|
||||
From 217a74ad09bad781ee9efd5599f4323bdf9e3cff Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Mon, 3 Apr 2023 09:41:37 +0100
|
||||
Subject: [PATCH] RHEL 8: If setfiles fails fall back to autorelabel
|
||||
|
||||
SFDC case 03473932, RHEL 8 only.
|
||||
|
||||
See discussion in private email thread "Customer case requiring our
|
||||
assistance" in 2023.
|
||||
---
|
||||
common | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
Submodule common 1174b443..c4841a70:
|
||||
diff --git a/common/mlcustomize/SELinux_relabel.ml b/common/mlcustomize/SELinux_relabel.ml
|
||||
index 5ecf7bd7..f0630db1 100644
|
||||
--- a/common/mlcustomize/SELinux_relabel.ml
|
||||
+++ b/common/mlcustomize/SELinux_relabel.ml
|
||||
@@ -35,11 +35,12 @@ let rec relabel (g : G.guestfs) =
|
||||
use_setfiles g;
|
||||
(* That worked, so we don't need to autorelabel. *)
|
||||
g#rm_f "/.autorelabel"
|
||||
- with Failure _ ->
|
||||
+ with Failure _
|
||||
(* This is the fallback in case something in the setfiles
|
||||
* method didn't work. That includes the case where a non-SELinux
|
||||
* host is processing an SELinux guest, and other things.
|
||||
*)
|
||||
+ | Guestfs.Error _ -> (* this is for SFDC case 03473932 in RHEL 8 only *)
|
||||
g#touch "/.autorelabel"
|
||||
)
|
||||
|
@ -6,7 +6,7 @@ set -e
|
||||
# directory. Use it like this:
|
||||
# ./copy-patches.sh
|
||||
|
||||
rhel_version=8.8.0
|
||||
rhel_version=8.7.0
|
||||
|
||||
# Check we're in the right directory.
|
||||
if [ ! -f virt-v2v.spec ]; then
|
||||
@ -31,28 +31,7 @@ git rm -f [0-9]*.patch ||:
|
||||
rm -f [0-9]*.patch
|
||||
|
||||
# Get the patches.
|
||||
(
|
||||
cd $git_checkout
|
||||
rm -f [0-9]*.patch
|
||||
|
||||
# Ignore some directories in common/ which are not in the virt-v2v tarball.
|
||||
ignoredirs="edit mlvisit parallel progress structs visit windows"
|
||||
rm -f common/.gitattributes
|
||||
for i in $ignoredirs; do
|
||||
echo "$i/* -diff" >> common/.gitattributes
|
||||
done
|
||||
|
||||
git -c core.abbrev=8 format-patch -O/dev/null --subject-prefix=PATCH -N \
|
||||
--submodule=diff --no-signature --patience $tag
|
||||
|
||||
# However the .gitattributes doesn't completely ignore them but produces
|
||||
# Binary files a/... and b/... differ
|
||||
# which prevents the patches from being applied so we must remove that too.
|
||||
for i in $ignoredirs; do
|
||||
sed -i "/^diff --git a\/common\/$i/,/^Binary files a\/common\/$i/{d;}" [0-9]*.patch
|
||||
done
|
||||
rm common/.gitattributes
|
||||
)
|
||||
(cd $git_checkout; rm -f [0-9]*.patch; git format-patch -N --submodule=diff $tag)
|
||||
mv $git_checkout/[0-9]*.patch .
|
||||
|
||||
# Remove any not to be applied.
|
||||
|
@ -10,7 +10,7 @@
|
||||
Name: virt-v2v
|
||||
Epoch: 1
|
||||
Version: 1.42.0
|
||||
Release: 22%{?dist}
|
||||
Release: 21%{?dist}
|
||||
Summary: Convert a virtual machine to run on KVM
|
||||
|
||||
License: GPLv2+
|
||||
@ -64,7 +64,7 @@ Patch0025: 0025-v2v-o-openstack-Allow-guests-to-be-converted-to-UEFI.patch
|
||||
Patch0026: 0026-v2v-Fix-spelling-mistake-in-uninstall-function-name.patch
|
||||
Patch0027: 0027-v2v-windows-Refactor-uninstallation_commands-functio.patch
|
||||
Patch0028: 0028-v2v-Replace-broken-VMware-Tools-uninstall-command-ms.patch
|
||||
Patch0029: 0029-Update-common-submodule-to-latest-upstream.patch
|
||||
#Patch0029: 0029-Update-common-submodule-to-latest-upstream.patch
|
||||
Patch0030: 0030-v2v-rhv-upload-plugin-Defer-imageio-connection.patch
|
||||
Patch0031: 0031-v2v-windows-Fix-schtasks-SD-parameter.patch
|
||||
Patch0032: 0032-v2v-Turn-pnp_wait.exe-warning-into-a-debug-message.patch
|
||||
@ -88,7 +88,13 @@ Patch0049: 0049-tests-Add-test-of-i-ova-from-a-directory.patch
|
||||
Patch0050: 0050-v2v-i-ova-Fix-parsing-if-OVA-directory-name-has-a-tr.patch
|
||||
Patch0051: 0051-convert-If-listing-RPM-applications-fails-rebuild-DB.patch
|
||||
Patch0052: 0052-update-common-submodule-for-CVE-2022-2211-fix.patch
|
||||
Patch0053: 0053-RHEL-8-If-setfiles-fails-fall-back-to-autorelabel.patch
|
||||
|
||||
# Patches which apply to the common/ submodule.
|
||||
# These have to be hand-modified.
|
||||
Patch1001: 0001-options-Use-new-cryptsetup-open-API-if-available.patch
|
||||
Patch1002: 0002-options-Use-cryptX-instead-of-luksX-as-the-temporary.patch
|
||||
Patch1003: 0003-options-Support-Windows-BitLocker-RHBZ-1808977.patch
|
||||
Patch1004: 0004-options-Ignore-errors-from-guestfs_luks_uuid.patch
|
||||
|
||||
# Use git for patch management.
|
||||
BuildRequires: git
|
||||
@ -325,11 +331,6 @@ rm $RPM_BUILD_ROOT%{_mandir}/man1/virt-v2v-test-harness.1*
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon Apr 03 2023 Richard W.M. Jones <rjones@redhat.com> - 1:1.42.0-22
|
||||
- RHEL 8: If setfiles fails fall back to autorelabel
|
||||
resolves: rhbz#XXX
|
||||
- Reapply patches since we are using git format-patch --submodule=diff
|
||||
|
||||
* Tue Jul 05 2022 Richard W.M. Jones <rjones@redhat.com> - 1:1.42.0-21
|
||||
- Fix assertion failure when parsing OVA dir with trailing slash
|
||||
resolves: rhbz#2028823
|
||||
|
Loading…
Reference in New Issue
Block a user