From 27a346a01c1ae33e8edfe811945387331af293d1836202aeae4bb96ba8267a2c Mon Sep 17 00:00:00 2001
From: James Fehlig <jfehlig@suse.com>
Date: Mon, 3 Jun 2024 22:05:40 +0000
Subject: [PATCH] - Update to libvirt 10.4.0   - network: use nftables to setup
 virtual network firewall rules     boo#1201510   - Many incremental
 improvements and bug fixes, see    
 https://libvirt.org/news.html#v10-4-0-2024-06-03

OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=1038
---
 libvirt-10.3.0.tar.xz |  3 ---
 libvirt-10.4.0.tar.xz |  3 +++
 libvirt.changes       |  9 +++++++++
 libvirt.spec          | 39 +++++++++++++++++++++++++++++++++++----
 4 files changed, 47 insertions(+), 7 deletions(-)
 delete mode 100644 libvirt-10.3.0.tar.xz
 create mode 100644 libvirt-10.4.0.tar.xz

diff --git a/libvirt-10.3.0.tar.xz b/libvirt-10.3.0.tar.xz
deleted file mode 100644
index 5ab8650..0000000
--- a/libvirt-10.3.0.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9a68ef43417ba2c392c34c8635055bdb6f395ed984a79ddd3e61d613bff3bdc3
-size 9822088
diff --git a/libvirt-10.4.0.tar.xz b/libvirt-10.4.0.tar.xz
new file mode 100644
index 0000000..da5212e
--- /dev/null
+++ b/libvirt-10.4.0.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b5c70cb7d02807d8e39d8e4eb1e4e85c6b70c11fbf15d63656d0a84096d45031
+size 9852940
diff --git a/libvirt.changes b/libvirt.changes
index 615d781..7d98b47 100644
--- a/libvirt.changes
+++ b/libvirt.changes
@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Mon Jun  3 18:03:34 UTC 2024 - James Fehlig <jfehlig@suse.com>
+
+- Update to libvirt 10.4.0
+  - network: use nftables to setup virtual network firewall rules
+    boo#1201510
+  - Many incremental improvements and bug fixes, see
+    https://libvirt.org/news.html#v10-4-0-2024-06-03
+
 -------------------------------------------------------------------
 Wed May  8 22:39:10 UTC 2024 - James Fehlig <jfehlig@suse.com>
 
diff --git a/libvirt.spec b/libvirt.spec
index c4c1c5c..a2cb5c1 100644
--- a/libvirt.spec
+++ b/libvirt.spec
@@ -119,6 +119,16 @@
     %define with_storage_gluster 0
 %endif
 
+# Prefer nftables for Tumbleweed, but keep using iptables for distros based
+# on SLE15 codestream
+%if 0%{?suse_version} > 1500
+    %define prefer_nftables 1
+    %define firewall_backend_priority nftables,iptables
+%else
+    %define prefer_nftables 0
+    %define firewall_backend_priority iptables,nftables
+%endif
+
 # Force QEMU to run as qemu:qemu
 %define qemu_user          qemu
 %define qemu_group         qemu
@@ -135,7 +145,7 @@
 
 Name:           libvirt
 URL:            https://libvirt.org/
-Version:        10.3.0
+Version:        10.4.0
 Release:        0
 Summary:        Library providing a virtualization API
 License:        LGPL-2.1-or-later
@@ -182,7 +192,7 @@ BuildRequires:  libacl-devel
 BuildRequires:  qemu-tools
 %endif
 BuildRequires:  bash-completion-devel >= 2.0
-BuildRequires:  glib2-devel >= 2.56
+BuildRequires:  glib2-devel >= 2.58
 BuildRequires:  libattr-devel
 BuildRequires:  libgcrypt-devel
 BuildRequires:  libgnutls-devel
@@ -211,8 +221,6 @@ BuildRequires:  apparmor-rpm-macros
 BuildRequires:  libapparmor-devel
 %endif
 BuildRequires:  cyrus-sasl-devel
-BuildRequires:  ebtables
-BuildRequires:  iptables
 BuildRequires:  polkit >= 0.112
 %if %{with_nbdkit}
 BuildRequires:  libnbd-devel
@@ -414,7 +422,11 @@ Summary:        Network driver plugin for the libvirtd daemon
 Requires:       %{name}-daemon-common = %{version}-%{release}
 Requires:       %{name}-libs = %{version}-%{release}
 Requires:       dnsmasq >= 2.41
+%if %{prefer_nftables}
+Requires:       nftables
+%else
 Requires:       iptables
+%endif
 
 %description daemon-driver-network
 The network driver plugin for the libvirtd daemon, providing
@@ -596,6 +608,7 @@ Requires:       /usr/bin/bzip2
 Requires:       /usr/bin/gzip
 Requires:       /usr/bin/lzop
 Requires:       /usr/bin/xz
+Requires:       /usr/bin/zstd
 Requires:       qemu
 Requires:       systemd-container
 # swtp is needed to manage <tpm> devices.
@@ -817,6 +830,13 @@ Requires:       %{name}-daemon-driver-network = %{version}-%{release}
 %description nss
 libvirt plugin for NSS for translating domain names into IP addresses.
 
+%package ssh-proxy
+Summary:        Libvirt SSH proxy
+Requires:       %{name}-libs = %{version}-%{release}
+
+%description ssh-proxy
+Allows SSH into domains via VSOCK without need for network.
+
 %prep
 %autosetup -p1
 
@@ -1036,6 +1056,7 @@ libvirt plugin for NSS for translating domain names into IP addresses.
            %{?arg_userfaultfd_sysctl} \
            %{?arg_nbdkit} \
            %{?arg_nbdkit_config_default} \
+           -Dssh_proxy=enabled \
            -Dsysctl_config=enabled \
            -Dcapng=enabled \
            -Dfuse=enabled \
@@ -1066,6 +1087,7 @@ libvirt plugin for NSS for translating domain names into IP addresses.
            -Dexpensive_tests=enabled \
            %{?arg_loader_nvram} \
            -Dinit_script=systemd \
+           -Dfirewall_backend_priority=%{firewall_backend_priority} \
            -Ddocs=enabled \
            -Dtests=enabled \
            -Drpath=disabled \
@@ -1582,6 +1604,9 @@ fi
 %config(noreplace) %{_sysconfdir}/%{name}/virtnetworkd.conf
 %{_datadir}/augeas/lenses/virtnetworkd.aug
 %{_datadir}/augeas/lenses/tests/test_virtnetworkd.aug
+%config(noreplace) %{_sysconfdir}/%{name}/network.conf
+%{_datadir}/augeas/lenses/libvirtd_network.aug
+%{_datadir}/augeas/lenses/tests/test_libvirtd_network.aug
 %{_unitdir}/virtnetworkd.service
 %{_unitdir}/virtnetworkd.socket
 %{_unitdir}/virtnetworkd-ro.socket
@@ -1934,4 +1959,10 @@ fi
 %{_libdir}/libnss_libvirt.so.2
 %{_libdir}/libnss_libvirt_guest.so.2
 
+%files ssh-proxy
+%dir %{_sysconfdir}/ssh/
+%dir %{_sysconfdir}/ssh/ssh_config.d/
+%config(noreplace) %{_sysconfdir}/ssh/ssh_config.d/30-libvirt-ssh-proxy.conf
+%{_libexecdir}/libvirt-ssh-proxy
+
 %changelog