Accepting request 887108 from home:cyphar:lxc

- Don't use SecureBoot OVMF blobs, they don't work with LXD. - Add backport of <https://github.com/lxc/lxd/pull/8700> to fix LXD VMs on openSUSE. boo#1181549 + boo1181549-0001-vm-qemu-configure-spice-using-spice-parameter.patch OBS-URL: https://build.opensuse.org/request/show/887108 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/lxd?expand=0&rev=86
2021-04-21 01:35:46 +00:00 · 2021-04-21 01:35:46 +00:00 · c34f4d7e50
commit c34f4d7e50
parent 9364e3e2c2
3 changed files with 90 additions and 2 deletions
--- a/boo1181549-0001-vm-qemu-configure-spice-using-spice-parameter.patch
+++ b/boo1181549-0001-vm-qemu-configure-spice-using-spice-parameter.patch
@ -0,0 +1,76 @@
+From f86eaf85c38cda988589e64b643670189d22923f Mon Sep 17 00:00:00 2001
+From: Aleksa Sarai <cyphar@cyphar.com>
+Date: Wed, 21 Apr 2021 10:11:21 +1000
+Subject: [PATCH] vm/qemu: configure spice using -spice parameter
+
+Since QEMU 5.2, if QEMU has its modules compiled as dynamic objects to
+be dlopen(2)'d rather than statically compiled into the QEMU binary,
+QEMU will not accept [spice] directives through -readconfig. This is a
+known issue with QEMU but has been effectively marked as WONTFIX because
+-readconfig has sort-of been soft-deprecated[1,2,3].
+
+In the meantime, just switch to the -spice commandline since this
+appears to only affect modules rather than core QEMU options.
+
+[1]: https://bugs.launchpad.net/qemu/+bug/1910696
+[2]: https://lists.gnu.org/archive/html/qemu-devel/2020-11/msg02934.html
+[3]: https://bugzilla.suse.com/show_bug.cgi?id=1181549#c11
+
+SUSE-Bugs: bsc#1181549
+Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
+---
+ lxd/instance/drivers/driver_qemu.go           | 6 +++++-
+ lxd/instance/drivers/driver_qemu_templates.go | 6 ------
+ 2 files changed, 5 insertions(+), 7 deletions(-)
+
+diff --git a/lxd/instance/drivers/driver_qemu.go b/lxd/instance/drivers/driver_qemu.go
+index 13211f1c651f..d14267bdbb87 100644
+--- a/lxd/instance/drivers/driver_qemu.go
+++ b/lxd/instance/drivers/driver_qemu.go
+@@ -1043,6 +1043,7 @@ func (d *qemu) Start(stateful bool) error {
+ 		"-no-user-config",
+ 		"-sandbox", "on,obsolete=deny,elevateprivileges=allow,spawn=deny,resourcecontrol=deny",
+ 		"-readconfig", confFile,
+		"-spice", d.spiceCmdlineConfig(),
+ 		"-pidfile", d.pidFilePath(),
+ 		"-D", d.LogFilePath(),
+ 	}
+@@ -1572,6 +1573,10 @@ func (d *qemu) spicePath() string {
+ 	return filepath.Join(d.LogPath(), "qemu.spice")
+ }
+ 
+func (d *qemu) spiceCmdlineConfig() string {
+	return fmt.Sprintf("unix=on,disable-ticketing=on,addr=%s", d.spicePath())
+}
+
+ // generateConfigShare generates the config share directory that will be exported to the VM via
+ // a 9P share. Due to the unknown size of templates inside the images this directory is created
+ // inside the VM's config volume so that it can be restricted by quota.
+@@ -2004,7 +2009,6 @@ func (d *qemu) generateQemuConfigFile(mountInfo *storagePools.MountInfo, busName
+ 
+ 	err := qemuBase.Execute(sb, map[string]interface{}{
+ 		"architecture": d.architectureName,
+-		"spicePath":    d.spicePath(),
+ 	})
+ 	if err != nil {
+ 		return "", err
+diff --git a/lxd/instance/drivers/driver_qemu_templates.go b/lxd/instance/drivers/driver_qemu_templates.go
+index aa51f45c1426..3999c2bfbb9c 100644
+--- a/lxd/instance/drivers/driver_qemu_templates.go
+++ b/lxd/instance/drivers/driver_qemu_templates.go
+@@ -44,12 +44,6 @@ strict = "on"
+ # Console
+ [chardev "console"]
+ backend = "pty"
+-
+-# Graphical console
+-[spice]
+-unix = "on"
+-addr = "{{.spicePath}}"
+-disable-ticketing = "on"
+ `))
+ 
+ var qemuMemory = template.Must(template.New("qemuMemory").Parse(`
+-- 
+2.30.2
+
--- a/lxd.changes
+++ b/lxd.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Wed Apr 21 00:19:11 UTC 2021 - Aleksa Sarai <asarai@suse.com>
+
+- Don't use SecureBoot OVMF blobs, they don't work with LXD.
+- Add backport of <https://github.com/lxc/lxd/pull/8700> to fix LXD VMs on
+  openSUSE. boo#1181549
+  + boo1181549-0001-vm-qemu-configure-spice-using-spice-parameter.patch
+
 -------------------------------------------------------------------
 Mon Apr 12 05:19:43 UTC 2021 - Aleksa Sarai <asarai@suse.com>

--- a/lxd.spec
+++ b/lxd.spec
@ -43,6 +43,8 @@ Source101:      %{name}-config.yml
 # Additional runtime configuration.
 Source200:      %{name}.sysctl
 Source201:      %{name}.dnsmasq
+# Backport of <https://github.com/lxc/lxd/pull/8700>. boo#1181549
+Patch1:         boo1181549-0001-vm-qemu-configure-spice-using-spice-parameter.patch
 BuildRequires:  fdupes
 BuildRequires:  golang-packaging
 BuildRequires:  libacl-devel
@ -106,6 +108,8 @@ Bash command line completion support for %{name}.

 %prep
 %setup -q
+# boo#1181549
+%patch1 -p1

 # Create fake "go mod"-like import paths. This is going to be really fun to
 # maintain but it's unfortunately necessary because openSUSE doesn't have nice
@ -313,9 +317,9 @@ install -d -m 0755 %{buildroot}%{_localstatedir}/log/%{name}
 # in the way it expects. In particular, LXD depends on specific filenames for
 # the firmware files so we create fake ones with symlinks.
 mkdir -p %{buildroot}%{lxd_ovmfdir}
-ln -s %{_datarootdir}/qemu/ovmf-x86_64-ms-code.bin %{buildroot}%{lxd_ovmfdir}/OVMF_CODE.fd
-ln -s %{_datarootdir}/qemu/ovmf-x86_64-ms-vars.bin %{buildroot}%{lxd_ovmfdir}/OVMF_VARS.ms.fd
+ln -s %{_datarootdir}/qemu/ovmf-x86_64-code.bin %{buildroot}%{lxd_ovmfdir}/OVMF_CODE.fd
 ln -s %{_datarootdir}/qemu/ovmf-x86_64-vars.bin %{buildroot}%{lxd_ovmfdir}/OVMF_VARS.fd
+ln -s OVMF_VARS.fd %{buildroot}%{lxd_ovmfdir}/OVMF_VARS.ms.fd

 %fdupes %{buildroot}