diff --git a/_service b/_service index c0869b6..0e528cf 100644 --- a/_service +++ b/_service @@ -1,8 +1,8 @@ <services> <service name="tar_scm" mode="manual"> <param name="scm">git</param> - <param name="url">https://gitlab.suse.de/virtualization/libvirt.git</param> - <param name="revision">v10.0.0-sle15sp6</param> + <param name="url">https://github.com/openSUSE/libvirt.git</param> + <param name="revision">factory</param> <param name="extract">libvirt.spec</param> <param name="extract">README.packaging.txt</param> <param name="extract">libvirt-supportconfig</param> diff --git a/libvirt-10.0.0.tar.xz b/libvirt-10.0.0.tar.xz deleted file mode 100644 index 1eba9aa..0000000 --- a/libvirt-10.0.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1121b59825f1ced5280a8a5c93267a32b96e0f1c48cd0cdb7cee146be020c821 -size 9751304 diff --git a/libvirt-10.8.0.tar.xz b/libvirt-10.8.0.tar.xz new file mode 100644 index 0000000..ac1190c --- /dev/null +++ b/libvirt-10.8.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:bbd976d3f0fb0a98ec4a35f997167ae78dbcc58a092a94e7426fcb8e1260883c +size 9932916 diff --git a/libvirt.changes b/libvirt.changes index d64090e..35f3129 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,31 @@ +------------------------------------------------------------------- +Tue Oct 1 19:57:06 UTC 2024 - James Fehlig <jfehlig@suse.com> + +- Update to libvirt 10.8.0 + - libvirt-daemon-driver-storage-core: Change dependency on + nfs-utils from Requires to Recommends + - Switch from YAJL to json-c for JSON parsing and formatting + - jsc#PED-8909 + - Many incremental improvements and bug fixes, see + https://libvirt.org/news.html#v10-8-0-2024-10-01 + +------------------------------------------------------------------- +Tue Sep 3 17:23:41 UTC 2024 - James Fehlig <jfehlig@suse.com> + +- Update to libvirt 10.7.0 + - CVE-2024-8235, bsc#1230024 + - jsc#PED-8909 + - Many incremental improvements and bug fixes, see + https://libvirt.org/news.html#v10-7-0-2024-09-02 + +------------------------------------------------------------------- +Mon Aug 5 22:02:12 UTC 2024 - James Fehlig <jfehlig@suse.com> + +- Update to libvirt 10.6.0 + - jsc#PED-8909 + - Many incremental improvements and bug fixes, see + https://libvirt.org/news.html#v10-6-0-2024-08-05 + ------------------------------------------------------------------- Wed Jun 26 19:16:35 UTC 2024 - James Fehlig <jfehlig@suse.com> diff --git a/libvirt.spec b/libvirt.spec index 948f76e..38235dc 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -47,6 +47,7 @@ %define with_libssh2 0%{!?_without_libssh2:1} %define with_numactl 0%{!?_without_numactl:1} %define with_modular_daemons 0%{!?_without_modular_daemons:1} +%define with_userfaultfd_sysctl 0%{!?_without_userfaultfd_sysctl:1} # A few optional bits off by default, we enable later %define with_numad 0%{!?_without_numad:0} @@ -67,6 +68,12 @@ %define with_numactl 0 %endif +# Tumbleweeed and SLE15 SP7 are new enough to support /dev/userfaultfd, +# which does not require enabling vm.unprivileged_userfaultfd sysct +%if 0%{?suse_version} > 1500 || 0%{?sle_version} > 150600 + %define with_userfaultfd_sysctl 0 +%endif + # vbox is available only on i386 x86_64 %ifnarch %{ix86} x86_64 %define with_vbox 0 @@ -112,6 +119,16 @@ %define with_storage_gluster 0 %endif +# Prefer nftables for Tumbleweed, but keep using iptables for distros based +# on SLE15 codestream +%if 0%{?suse_version} > 1500 + %define prefer_nftables 1 + %define firewall_backend_priority nftables,iptables +%else + %define prefer_nftables 0 + %define firewall_backend_priority iptables,nftables +%endif + # Force QEMU to run as qemu:qemu %define qemu_user qemu %define qemu_group qemu @@ -128,7 +145,7 @@ Name: libvirt URL: https://libvirt.org/ -Version: 10.0.0 +Version: 10.8.0 Release: 0 Summary: Library providing a virtualization API License: LGPL-2.1-or-later @@ -175,7 +192,7 @@ BuildRequires: libacl-devel BuildRequires: qemu-tools %endif BuildRequires: bash-completion-devel >= 2.0 -BuildRequires: glib2-devel >= 2.56 +BuildRequires: glib2-devel >= 2.58 BuildRequires: libattr-devel BuildRequires: libgcrypt-devel BuildRequires: libgnutls-devel @@ -189,8 +206,8 @@ BuildRequires: python3-pytest BuildRequires: readline-devel # For pool-build probing for existing pools BuildRequires: libblkid-devel >= 2.17 +BuildRequires: libjson-c-devel BuildRequires: libpciaccess0-devel >= 0.10.9 -BuildRequires: libyajl-devel BuildRequires: pkgconfig(libudev) >= 145 %if %{with_sanlock} BuildRequires: sanlock-devel >= 2.4 @@ -204,8 +221,6 @@ BuildRequires: apparmor-rpm-macros BuildRequires: libapparmor-devel %endif BuildRequires: cyrus-sasl-devel -BuildRequires: ebtables -BuildRequires: iptables BuildRequires: polkit >= 0.112 %if %{with_nbdkit} BuildRequires: libnbd-devel @@ -330,6 +345,11 @@ Requires: group(libvirt) # Needed by libvirt-guests init script. Requires: gettext-runtime Requires: bash-completion >= 2.0 +# virt-manager uses netcat for accessing spice and VNC servers running in +# qemu processes. See boo#1222100 for details. Although libvirt does not +# use netcat, it's in a good position to provide the dependency for +# virt-manager. netcat-openbsd is a tiny package, so it's a tolerable hack. +Requires: netcat-openbsd %if %{with_apparmor} Recommends: apparmor-abstractions @@ -369,10 +389,6 @@ Server side daemon used to manage logs from virtual machine consoles %package daemon-proxy Summary: Server side daemon providing libvirtd proxy Requires: %{name}-libs = %{version}-%{release} -# netcat is needed on the server side so that clients that have -# libvirt < 6.9.0 can connect, but newer versions will prefer -# virt-ssh-helper -Recommends: netcat-openbsd %description daemon-proxy Server side daemon providing functionality previously provided by @@ -406,7 +422,11 @@ Summary: Network driver plugin for the libvirtd daemon Requires: %{name}-daemon-common = %{version}-%{release} Requires: %{name}-libs = %{version}-%{release} Requires: dnsmasq >= 2.41 +%if %{prefer_nftables} +Requires: nftables +%else Requires: iptables +%endif %description daemon-driver-network The network driver plugin for the libvirtd daemon, providing @@ -463,7 +483,7 @@ an implementation of the secret key APIs. Summary: Storage driver plugin including base backends for the libvirtd daemon Requires: %{name}-daemon-common = %{version}-%{release} Requires: %{name}-libs = %{version}-%{release} -Requires: nfs-utils +Recommends: nfs-utils # For mkfs Requires: util-linux %if %{with_qemu} @@ -588,6 +608,7 @@ Requires: /usr/bin/bzip2 Requires: /usr/bin/gzip Requires: /usr/bin/lzop Requires: /usr/bin/xz +Requires: /usr/bin/zstd Requires: qemu Requires: systemd-container # swtp is needed to manage <tpm> devices. @@ -743,10 +764,7 @@ capabilities of VirtualBox %package client Summary: Client side utilities of the libvirt library Requires: %{name}-libs = %{version}-%{release} -# Needed by virt-pki-validate script. -Requires: cyrus-sasl Requires: bash-completion >= 2.0 -Requires: gnutls # Ensure smooth upgrades Obsoletes: libvirt-bash-completion < 7.3.0 @@ -809,6 +827,13 @@ Requires: %{name}-daemon-driver-network = %{version}-%{release} %description nss libvirt plugin for NSS for translating domain names into IP addresses. +%package ssh-proxy +Summary: Libvirt SSH proxy +Requires: %{name}-libs = %{version}-%{release} + +%description ssh-proxy +Allows SSH into domains via VSOCK without need for network. + %prep %autosetup -p1 @@ -900,6 +925,11 @@ libvirt plugin for NSS for translating domain names into IP addresses. %else %define arg_numad -Dnumad=disabled %endif +%if %{with_userfaultfd_sysctl} + %define arg_userfaultfd_sysctl -Duserfaultfd_sysctl=enabled +%else + %define arg_userfaultfd_sysctl -Duserfaultfd_sysctl=disabled +%endif %if %{with_nbdkit} %define arg_nbdkit -Dnbdkit=enabled %else @@ -988,6 +1018,8 @@ libvirt plugin for NSS for translating domain names into IP addresses. %meson \ --libexecdir=%{_libexecdir} \ -Drunstatedir=%{_rundir} \ + -Dunitdir=%{_unitdir} \ + -Dsysusersdir=%{_sysusersdir} \ %{?arg_qemu} \ %{?arg_openvz} \ %{?arg_lxc} \ @@ -1020,8 +1052,11 @@ libvirt plugin for NSS for translating domain names into IP addresses. -Dstorage_vstorage=disabled \ %{?arg_numactl} \ %{?arg_numad} \ + %{?arg_userfaultfd_sysctl} \ %{?arg_nbdkit} \ %{?arg_nbdkit_config_default} \ + -Dssh_proxy=enabled \ + -Dsysctl_config=enabled \ -Dcapng=enabled \ -Dfuse=enabled \ -Dnetcf=disabled \ @@ -1031,7 +1066,7 @@ libvirt plugin for NSS for translating domain names into IP addresses. %{?arg_apparmor} \ %{?arg_apparmor_profiles} \ -Dudev=enabled \ - -Dyajl=enabled \ + -Djson_c=enabled \ %{?arg_sanlock} \ -Dlibpcap=enabled \ -Dlibnl=enabled \ @@ -1051,6 +1086,7 @@ libvirt plugin for NSS for translating domain names into IP addresses. -Dexpensive_tests=enabled \ %{?arg_loader_nvram} \ -Dinit_script=systemd \ + -Dfirewall_backend_priority=%{firewall_backend_priority} \ -Ddocs=enabled \ -Dtests=enabled \ -Drpath=disabled \ @@ -1111,6 +1147,7 @@ rm -f %{buildroot}/%{_datadir}/augeas/lenses/libvirt_sanlock.aug rm -f %{buildroot}/%{_datadir}/augeas/lenses/tests/test_libvirt_sanlock.aug %endif +rm -f %{buildroot}/%{_sysusersdir}/libvirt-qemu.conf rm -f %{buildroot}/usr/lib/sysctl.d/60-libvirtd.conf # Provide rc symlink backward compatibility ln -s %{_sbindir}/service %{buildroot}/%{_sbindir}/rclibvirtd @@ -1161,7 +1198,8 @@ mv %{buildroot}/%{_datadir}/systemtap/tapset/libvirt_qemu_probes.stp \ %endif %check -VIR_TEST_DEBUG=1 %meson_test -t 5 --no-suite syntax-check +export VIR_TEST_DEBUG=1 +%meson_test -t 5 --no-suite syntax-check # For daemons with only UNIX sockets %define libvirt_daemon_systemd_pre() %service_add_pre %1.socket %1-ro.socket %1-admin.socket %1.service @@ -1566,6 +1604,9 @@ fi %config(noreplace) %{_sysconfdir}/%{name}/virtnetworkd.conf %{_datadir}/augeas/lenses/virtnetworkd.aug %{_datadir}/augeas/lenses/tests/test_virtnetworkd.aug +%config(noreplace) %{_sysconfdir}/%{name}/network.conf +%{_datadir}/augeas/lenses/libvirtd_network.aug +%{_datadir}/augeas/lenses/tests/test_libvirtd_network.aug %{_unitdir}/virtnetworkd.service %{_unitdir}/virtnetworkd.socket %{_unitdir}/virtnetworkd-ro.socket @@ -1696,7 +1737,9 @@ fi %if %{with_apparmor} %config(noreplace) %{_sysconfdir}/apparmor.d/usr.sbin.virtqemud %endif +%if %{with_userfaultfd_sysctl} %config(noreplace) %{_prefix}/lib/sysctl.d/60-qemu-postcopy-migration.conf +%endif %{_datadir}/augeas/lenses/virtqemud.aug %{_datadir}/augeas/lenses/tests/test_virtqemud.aug %{_unitdir}/virtqemud.service @@ -1916,4 +1959,10 @@ fi %{_libdir}/libnss_libvirt.so.2 %{_libdir}/libnss_libvirt_guest.so.2 +%files ssh-proxy +%dir %{_sysconfdir}/ssh/ +%dir %{_sysconfdir}/ssh/ssh_config.d/ +%config(noreplace) %{_sysconfdir}/ssh/ssh_config.d/30-libvirt-ssh-proxy.conf +%{_libexecdir}/libvirt-ssh-proxy + %changelog