From c34f4d7e5013bbd2a19aef205b818d2e2045f21ce2c6e43fdc048c7b9d87765a Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 21 Apr 2021 01:35:46 +0000 Subject: [PATCH] Accepting request 887108 from home:cyphar:lxc - Don't use SecureBoot OVMF blobs, they don't work with LXD. - Add backport of to fix LXD VMs on openSUSE. boo#1181549 + boo1181549-0001-vm-qemu-configure-spice-using-spice-parameter.patch OBS-URL: https://build.opensuse.org/request/show/887108 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/lxd?expand=0&rev=86 --- ...onfigure-spice-using-spice-parameter.patch | 76 +++++++++++++++++++ lxd.changes | 8 ++ lxd.spec | 8 +- 3 files changed, 90 insertions(+), 2 deletions(-) create mode 100644 boo1181549-0001-vm-qemu-configure-spice-using-spice-parameter.patch diff --git a/boo1181549-0001-vm-qemu-configure-spice-using-spice-parameter.patch b/boo1181549-0001-vm-qemu-configure-spice-using-spice-parameter.patch new file mode 100644 index 0000000..088ffc7 --- /dev/null +++ b/boo1181549-0001-vm-qemu-configure-spice-using-spice-parameter.patch @@ -0,0 +1,76 @@ +From f86eaf85c38cda988589e64b643670189d22923f Mon Sep 17 00:00:00 2001 +From: Aleksa Sarai +Date: Wed, 21 Apr 2021 10:11:21 +1000 +Subject: [PATCH] vm/qemu: configure spice using -spice parameter + +Since QEMU 5.2, if QEMU has its modules compiled as dynamic objects to +be dlopen(2)'d rather than statically compiled into the QEMU binary, +QEMU will not accept [spice] directives through -readconfig. This is a +known issue with QEMU but has been effectively marked as WONTFIX because +-readconfig has sort-of been soft-deprecated[1,2,3]. + +In the meantime, just switch to the -spice commandline since this +appears to only affect modules rather than core QEMU options. + +[1]: https://bugs.launchpad.net/qemu/+bug/1910696 +[2]: https://lists.gnu.org/archive/html/qemu-devel/2020-11/msg02934.html +[3]: https://bugzilla.suse.com/show_bug.cgi?id=1181549#c11 + +SUSE-Bugs: bsc#1181549 +Signed-off-by: Aleksa Sarai +--- + lxd/instance/drivers/driver_qemu.go | 6 +++++- + lxd/instance/drivers/driver_qemu_templates.go | 6 ------ + 2 files changed, 5 insertions(+), 7 deletions(-) + +diff --git a/lxd/instance/drivers/driver_qemu.go b/lxd/instance/drivers/driver_qemu.go +index 13211f1c651f..d14267bdbb87 100644 +--- a/lxd/instance/drivers/driver_qemu.go ++++ b/lxd/instance/drivers/driver_qemu.go +@@ -1043,6 +1043,7 @@ func (d *qemu) Start(stateful bool) error { + "-no-user-config", + "-sandbox", "on,obsolete=deny,elevateprivileges=allow,spawn=deny,resourcecontrol=deny", + "-readconfig", confFile, ++ "-spice", d.spiceCmdlineConfig(), + "-pidfile", d.pidFilePath(), + "-D", d.LogFilePath(), + } +@@ -1572,6 +1573,10 @@ func (d *qemu) spicePath() string { + return filepath.Join(d.LogPath(), "qemu.spice") + } + ++func (d *qemu) spiceCmdlineConfig() string { ++ return fmt.Sprintf("unix=on,disable-ticketing=on,addr=%s", d.spicePath()) ++} ++ + // generateConfigShare generates the config share directory that will be exported to the VM via + // a 9P share. Due to the unknown size of templates inside the images this directory is created + // inside the VM's config volume so that it can be restricted by quota. +@@ -2004,7 +2009,6 @@ func (d *qemu) generateQemuConfigFile(mountInfo *storagePools.MountInfo, busName + + err := qemuBase.Execute(sb, map[string]interface{}{ + "architecture": d.architectureName, +- "spicePath": d.spicePath(), + }) + if err != nil { + return "", err +diff --git a/lxd/instance/drivers/driver_qemu_templates.go b/lxd/instance/drivers/driver_qemu_templates.go +index aa51f45c1426..3999c2bfbb9c 100644 +--- a/lxd/instance/drivers/driver_qemu_templates.go ++++ b/lxd/instance/drivers/driver_qemu_templates.go +@@ -44,12 +44,6 @@ strict = "on" + # Console + [chardev "console"] + backend = "pty" +- +-# Graphical console +-[spice] +-unix = "on" +-addr = "{{.spicePath}}" +-disable-ticketing = "on" + `)) + + var qemuMemory = template.Must(template.New("qemuMemory").Parse(` +-- +2.30.2 + diff --git a/lxd.changes b/lxd.changes index c75e229..abacace 100644 --- a/lxd.changes +++ b/lxd.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Wed Apr 21 00:19:11 UTC 2021 - Aleksa Sarai + +- Don't use SecureBoot OVMF blobs, they don't work with LXD. +- Add backport of to fix LXD VMs on + openSUSE. boo#1181549 + + boo1181549-0001-vm-qemu-configure-spice-using-spice-parameter.patch + ------------------------------------------------------------------- Mon Apr 12 05:19:43 UTC 2021 - Aleksa Sarai diff --git a/lxd.spec b/lxd.spec index 92760d0..621ddc0 100644 --- a/lxd.spec +++ b/lxd.spec @@ -43,6 +43,8 @@ Source101: %{name}-config.yml # Additional runtime configuration. Source200: %{name}.sysctl Source201: %{name}.dnsmasq +# Backport of . boo#1181549 +Patch1: boo1181549-0001-vm-qemu-configure-spice-using-spice-parameter.patch BuildRequires: fdupes BuildRequires: golang-packaging BuildRequires: libacl-devel @@ -106,6 +108,8 @@ Bash command line completion support for %{name}. %prep %setup -q +# boo#1181549 +%patch1 -p1 # Create fake "go mod"-like import paths. This is going to be really fun to # maintain but it's unfortunately necessary because openSUSE doesn't have nice @@ -313,9 +317,9 @@ install -d -m 0755 %{buildroot}%{_localstatedir}/log/%{name} # in the way it expects. In particular, LXD depends on specific filenames for # the firmware files so we create fake ones with symlinks. mkdir -p %{buildroot}%{lxd_ovmfdir} -ln -s %{_datarootdir}/qemu/ovmf-x86_64-ms-code.bin %{buildroot}%{lxd_ovmfdir}/OVMF_CODE.fd -ln -s %{_datarootdir}/qemu/ovmf-x86_64-ms-vars.bin %{buildroot}%{lxd_ovmfdir}/OVMF_VARS.ms.fd +ln -s %{_datarootdir}/qemu/ovmf-x86_64-code.bin %{buildroot}%{lxd_ovmfdir}/OVMF_CODE.fd ln -s %{_datarootdir}/qemu/ovmf-x86_64-vars.bin %{buildroot}%{lxd_ovmfdir}/OVMF_VARS.fd +ln -s OVMF_VARS.fd %{buildroot}%{lxd_ovmfdir}/OVMF_VARS.ms.fd %fdupes %{buildroot}