SHA256
1
0
forked from pool/libvirt

Accepting request 1077101 from Virtualization

- Update to libvirt 9.2.0
  - Many incremental improvements and bug fixes, see
    https://libvirt.org/news.html#v9-2-0-2023-04-01
  - Move to a more git-centric packaging workflow using tar_scm
    instead of download_files
    - New source README.packaging.txt
    - Remove now unused signature file and libvirt.keyring
    - Patches now maintained in git
      libxl-dom-reset.patch,
      network-don-t-use-dhcp-authoritative-on-static-netwo.patch,
      0001-util-Don-t-spawn-pkttyagent-when-stdin-is-not-a-tty.patch,
      libvirt-power8-models.patch,
      ppc64le-canonical-name.patch,
      libxl-set-migration-constraints.patch,
      libxl-set-cach-mode.patch,
      0001-libxl-add-support-for-BlockResize-API.patch,
      suse-libvirtd-disable-tls.patch,
      suse-libvirt-guests-service.patch,
      suse-qemu-conf.patch,
      suse-qemu-ovmf-paths.patch,
      libxl-support-block-script.patch,
      qemu-apparmor-screenshot.patch,
      libvirt-suse-netcontrol.patch,
      lxc-wait-after-eth-del.patch,
      suse-libxl-disable-autoballoon.patch,
      suse-xen-ovmf-paths.patch,
      virt-create-rootfs.patch,
      suse-fix-lxc-container-init.patch
  - Remove old, unused SUSEfirewall2 config file
    libvirtd-relocation-server.fw

OBS-URL: https://build.opensuse.org/request/show/1077101
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libvirt?expand=0&rev=371
This commit is contained in:
Dominique Leuenberger 2023-04-06 13:55:36 +00:00 committed by Git OBS Bridge
commit 605ee1f982
32 changed files with 85 additions and 2706 deletions

View File

@ -1,145 +0,0 @@
From 914c37ca3f0af956e69179d49e87e8390560c2b3 Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig@suse.com>
Date: Tue, 5 Jul 2022 11:36:37 -0600
Subject: libxl: add support for BlockResize API
Add support in the libxl driver for the BlockResize API. Use libxl's
libxl_qemu_monitor_command API to issue the block_resize command to qemu.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
---
src/libxl/libxl_api_wrapper.h | 15 ++++++
src/libxl/libxl_driver.c | 90 +++++++++++++++++++++++++++++++++++
2 files changed, 105 insertions(+)
Index: libvirt-9.1.0/src/libxl/libxl_api_wrapper.h
===================================================================
--- libvirt-9.1.0.orig/src/libxl/libxl_api_wrapper.h
+++ libvirt-9.1.0/src/libxl/libxl_api_wrapper.h
@@ -215,3 +215,18 @@ libxlSetMemoryTargetWrapper(libxl_ctx *c
return ret;
}
+
+static inline int
+libxlQemuMonitorCommandWrapper(libxl_ctx *ctx, uint32_t domid,
+ const char *command_line, char **output)
+{
+ int ret;
+
+#if LIBXL_API_VERSION < 0x041300
+ ret = libxl_qemu_monitor_command(ctx, domid, command_line, output);
+#else
+ ret = libxl_qemu_monitor_command(ctx, domid, command_line, output, NULL);
+#endif
+
+ return ret;
+}
Index: libvirt-9.1.0/src/libxl/libxl_driver.c
===================================================================
--- libvirt-9.1.0.orig/src/libxl/libxl_driver.c
+++ libvirt-9.1.0/src/libxl/libxl_driver.c
@@ -5403,6 +5403,95 @@ libxlDomainMemoryStats(virDomainPtr dom,
#undef LIBXL_SET_MEMSTAT
+/**
+ * Resize a block device while a guest is running. Resize to a lower size
+ * is supported, but should be used with extreme caution. Note that it
+ * only supports to resize image files, it can't resize block devices
+ * like LVM volumes.
+ */
+static int
+libxlDomainBlockResize(virDomainPtr dom,
+ const char *path,
+ unsigned long long size,
+ unsigned int flags)
+{
+ libxlDriverPrivate *driver = dom->conn->privateData;
+ libxlDriverConfig *cfg;
+ virDomainObj *vm;
+ int ret = -1;
+ virDomainDiskDef *disk = NULL;
+ g_autofree char *moncmd = NULL;
+ g_autofree char *monreply = NULL;
+
+ virCheckFlags(VIR_DOMAIN_BLOCK_RESIZE_BYTES, -1);
+
+ if (path[0] == '\0') {
+ virReportError(VIR_ERR_INVALID_ARG,
+ "%s", _("empty path"));
+ return -1;
+ }
+
+ /* We prefer operating on bytes. */
+ if ((flags & VIR_DOMAIN_BLOCK_RESIZE_BYTES) == 0) {
+ if (size > ULLONG_MAX / 1024) {
+ virReportError(VIR_ERR_OVERFLOW,
+ _("size must be less than %llu"),
+ ULLONG_MAX / 1024);
+ return -1;
+ }
+ size *= 1024;
+ }
+
+ cfg = libxlDriverConfigGet(driver);
+ if (!(vm = libxlDomObjFromDomain(dom)))
+ goto cleanup;
+
+ if (virDomainBlockResizeEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
+ if (virDomainObjBeginJob(vm, VIR_JOB_MODIFY) < 0)
+ goto cleanup;
+
+ if (!virDomainObjIsActive(vm)) {
+ virReportError(VIR_ERR_OPERATION_INVALID,
+ "%s", _("domain is not running"));
+ goto endjob;
+ }
+
+ if (!(disk = virDomainDiskByName(vm->def, path, false))) {
+ virReportError(VIR_ERR_INVALID_ARG,
+ _("invalid path: %s"), path);
+ goto endjob;
+ }
+
+ /* qcow2 and qed must be sized on 512 byte blocks/sectors,
+ * so adjust size if necessary to round up.
+ */
+ if (disk->src->format == VIR_STORAGE_FILE_QCOW2 ||
+ disk->src->format == VIR_STORAGE_FILE_QED)
+ size = VIR_ROUND_UP(size, 512);
+
+ moncmd = g_strdup_printf("block_resize %s %lluB", disk->dst, size);
+
+ if (libxlQemuMonitorCommandWrapper(cfg->ctx, vm->def->id,
+ moncmd, &monreply) != 0) {
+ virReportError(VIR_ERR_OPERATION_FAILED,
+ _("block_resize command failed for device '%s' on domain '%d'"),
+ disk->dst, vm->def->id);
+ goto endjob;
+ }
+
+ ret = 0;
+
+ endjob:
+ virDomainObjEndJob(vm);
+
+ cleanup:
+ virDomainObjEndAPI(&vm);
+ virObjectUnref(cfg);
+ return ret;
+}
+
static int
libxlDomainGetJobInfo(virDomainPtr dom,
virDomainJobInfoPtr info)
@@ -6723,6 +6812,7 @@ static virHypervisorDriver libxlHypervis
.domainGetNumaParameters = libxlDomainGetNumaParameters, /* 1.1.1 */
.nodeGetFreeMemory = libxlNodeGetFreeMemory, /* 0.9.0 */
.nodeGetCellsFreeMemory = libxlNodeGetCellsFreeMemory, /* 1.1.1 */
+ .domainBlockResize = libxlDomainBlockResize, /* 4.2.0 */
.domainGetJobInfo = libxlDomainGetJobInfo, /* 1.3.1 */
.domainGetJobStats = libxlDomainGetJobStats, /* 1.3.1 */
.domainMemoryStats = libxlDomainMemoryStats, /* 1.3.0 */

View File

@ -1,34 +0,0 @@
From be595e5e9e9bc8fa3fdd94358b1c92bd8b30b0eb Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig@suse.com>
Date: Tue, 5 Jul 2022 11:21:45 -0600
Subject: util: Don't spawn pkttyagent when stdin is not a tty
My idea was that running pkttyagent unconditionally, modulo checks that
pkttyagent itself does to make sure it does not fail, is not going to be an
issue turned out to be wrong. Adding back the original check for stdin being a
tty helps in some testing scenarios as reported by Jim Fehlig and does not
really cause any issues. I originally wanted it in because it also made
pkttyagent auth work with redirected input into virsh (with a connection that
requires polkit authentication and without a session-wide polkit tty agent,
basically making pkttyagent necessary to succeed). But anyone running virsh
like that is asking for problems already anyway =)
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
---
src/util/virpolkit.c | 3 +++
1 file changed, 3 insertions(+)
Index: libvirt-9.1.0/src/util/virpolkit.c
===================================================================
--- libvirt-9.1.0.orig/src/util/virpolkit.c
+++ libvirt-9.1.0/src/util/virpolkit.c
@@ -235,6 +235,9 @@ virPolkitAgentAvailable(void)
const char *termid = ctermid(NULL);
VIR_AUTOCLOSE fd = -1;
+ if (!isatty(STDIN_FILENO))
+ return false;
+
if (!virFileIsExecutable(PKTTYAGENT))
return false;

View File

@ -1,43 +0,0 @@
From f49281168b3201d0ffe731554a49923914b0e67c Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig@suse.com>
Date: Thu, 23 Feb 2023 11:02:46 -0700
Subject: [PATCH] security: Add support for SUSE edk2 firmware paths
SUSE installs edk2 firmwares for both x86_64 and aarch64 in /usr/share/qemu.
Add support for this path in virt-aa-helper and allow locking files within
the path in the libvirt qemu abstraction.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
(cherry picked from commit b94a82ce9a3a27db2e6f76eacdb64428d11cbe6f)
---
src/security/apparmor/libvirt-qemu | 2 +-
src/security/virt-aa-helper.c | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
Index: libvirt-9.1.0/src/security/apparmor/libvirt-qemu
===================================================================
--- libvirt-9.1.0.orig/src/security/apparmor/libvirt-qemu
+++ libvirt-9.1.0/src/security/apparmor/libvirt-qemu
@@ -91,7 +91,7 @@
/usr/share/proll/** r,
/usr/share/qemu-efi/** r,
/usr/share/qemu-kvm/** r,
- /usr/share/qemu/** r,
+ /usr/share/qemu/** rk,
/usr/share/seabios/** r,
/usr/share/sgabios/** r,
/usr/share/slof/** r,
Index: libvirt-9.1.0/src/security/virt-aa-helper.c
===================================================================
--- libvirt-9.1.0.orig/src/security/virt-aa-helper.c
+++ libvirt-9.1.0/src/security/virt-aa-helper.c
@@ -481,6 +481,7 @@ valid_path(const char *path, const bool
"/usr/share/AAVMF/", /* for AAVMF images */
"/usr/share/qemu-efi/", /* for AAVMF images */
"/usr/share/qemu-efi-aarch64/", /* for AAVMF images */
+ "/usr/share/qemu/", /* SUSE path for OVMF and AAVMF images */
"/usr/lib/u-boot/", /* u-boot loaders for qemu */
"/usr/lib/riscv64-linux-gnu/opensbi" /* RISC-V SBI implementation */
};

View File

@ -1,87 +0,0 @@
From a4bec048bc68b2eeac0f3157a9b946b404f1cea1 Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig@suse.com>
Date: Mon, 13 Feb 2023 14:30:31 -0700
Subject: [PATCH 2/2] libxl: Add support for custom firmware path in config
converter
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 705525cbec0b2551d54a04d22b5605b04e0343c0)
References: bsc#1209161
---
src/libxl/xen_xl.c | 19 ++++++++++++++-----
tests/xlconfigdata/test-fullvirt-ovmf.cfg | 1 +
tests/xlconfigdata/test-fullvirt-ovmf.xml | 2 +-
3 files changed, 16 insertions(+), 6 deletions(-)
Index: libvirt-9.1.0/src/libxl/xen_xl.c
===================================================================
--- libvirt-9.1.0.orig/src/libxl/xen_xl.c
+++ libvirt-9.1.0/src/libxl/xen_xl.c
@@ -104,18 +104,23 @@ xenParseXLOS(virConf *conf, virDomainDef
if (def->os.type == VIR_DOMAIN_OSTYPE_HVM) {
g_autofree char *bios = NULL;
+ g_autofree char *bios_path = NULL;
g_autofree char *boot = NULL;
int val = 0;
if (xenConfigGetString(conf, "bios", &bios, NULL) < 0)
return -1;
+ if (xenConfigGetString(conf, "bios_path_override", &bios_path, NULL) < 0)
+ return -1;
if (bios && STREQ(bios, "ovmf")) {
def->os.loader = g_new0(virDomainLoaderDef, 1);
def->os.loader->type = VIR_DOMAIN_LOADER_TYPE_PFLASH;
def->os.loader->readonly = VIR_TRISTATE_BOOL_YES;
-
- def->os.loader->path = g_strdup(LIBXL_FIRMWARE_DIR "/ovmf.bin");
+ if (bios_path)
+ def->os.loader->path = g_strdup(bios_path);
+ else
+ def->os.loader->path = g_strdup(LIBXL_FIRMWARE_DIR "/ovmf.bin");
} else {
for (i = 0; i < caps->nguests; i++) {
if (caps->guests[i]->ostype == VIR_DOMAIN_OSTYPE_HVM &&
@@ -1119,9 +1124,13 @@ xenFormatXLOS(virConf *conf, virDomainDe
if (xenConfigSetString(conf, "builder", "hvm") < 0)
return -1;
- if (virDomainDefHasOldStyleUEFI(def) &&
- xenConfigSetString(conf, "bios", "ovmf") < 0)
- return -1;
+ if (virDomainDefHasOldStyleUEFI(def)) {
+ if (xenConfigSetString(conf, "bios", "ovmf") < 0)
+ return -1;
+ if (def->os.loader->path &&
+ (xenConfigSetString(conf, "bios_path_override", def->os.loader->path) < 0))
+ return -1;
+ }
if (def->os.slic_table &&
xenConfigSetString(conf, "acpi_firmware", def->os.slic_table) < 0)
Index: libvirt-9.1.0/tests/xlconfigdata/test-fullvirt-ovmf.cfg
===================================================================
--- libvirt-9.1.0.orig/tests/xlconfigdata/test-fullvirt-ovmf.cfg
+++ libvirt-9.1.0/tests/xlconfigdata/test-fullvirt-ovmf.cfg
@@ -22,5 +22,6 @@ parallel = "none"
serial = "none"
builder = "hvm"
bios = "ovmf"
+bios_path_override = "/usr/share/qemu/ovmf-x86_64-xen.bin"
boot = "d"
disk = [ "format=raw,vdev=hda,access=rw,backendtype=phy,target=/dev/HostVG/XenGuest2", "format=qcow2,vdev=hdb,access=rw,backendtype=qdisk,target=/var/lib/libvirt/images/XenGuest2-home", "format=raw,vdev=hdc,access=ro,backendtype=qdisk,devtype=cdrom,target=/root/boot.iso" ]
Index: libvirt-9.1.0/tests/xlconfigdata/test-fullvirt-ovmf.xml
===================================================================
--- libvirt-9.1.0.orig/tests/xlconfigdata/test-fullvirt-ovmf.xml
+++ libvirt-9.1.0/tests/xlconfigdata/test-fullvirt-ovmf.xml
@@ -6,7 +6,7 @@
<vcpu placement='static'>1</vcpu>
<os>
<type arch='x86_64' machine='xenfv'>hvm</type>
- <loader readonly='yes' type='pflash'>/LIBXL_FIRMWARE_DIR/ovmf.bin</loader>
+ <loader readonly='yes' type='pflash'>/usr/share/qemu/ovmf-x86_64-xen.bin</loader>
<boot dev='cdrom'/>
</os>
<features>

12
README.packaging.txt Normal file
View File

@ -0,0 +1,12 @@
This package is maintained in git at
https://github.com/openSUSE/libvirt
Please submit a pull request for any changes. The spec file is also maintained
in git.
To build a package from git, edit the _service to reference the desired branch
and call
osc service localrun
The package can then be build as usual with your prefered osc build options.

View File

@ -1,7 +1,18 @@
<services>
<service name="download_files" mode="disabled"/>
<service name="refresh_patches" mode="disabled">
<service name="tar_scm" mode="manual">
<param name="scm">git</param>
<param name="url">https://oauth2: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@github.com/openSUSE/libvirt.git</param>
<param name="revision">factory</param>
<param name="extract">libvirt.spec</param>
<param name="extract">README.packaging.txt</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">[v]?([^-+a-z]+)(.*)</param>
<param name="versionrewrite-replacement">\1</param>
<param name="changesgenerate">disable</param>
<param name="ignorefuzz">disable</param>
</service>
</services>
<service name="set_version" mode="manual"/>
<service name="recompress" mode="manual">
<param name="file">*.tar</param>
<param name="compression">xz</param>
</service>
</services>

View File

@ -1,204 +0,0 @@
From 4bb53ee6b832c4f8f6631ab7508c6bccd7a4241e Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig@suse.com>
Date: Fri, 10 Feb 2023 14:22:19 -0700
Subject: [PATCH 1/2] libxl: Support specifying a custom firmware path
libxl added support for specifying custom firmware paths long ago. The
functionality exists in all Xen version supported by libvirt. This patch
adds support for user-specified efi firmware paths in the libxl driver.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit bf3be5b76e96f22edfe71738f97c02a01f3b8354)
References: bsc#1209161
---
src/libxl/libxl_conf.c | 14 ++--
tests/libxlxml2domconfigdata/efi-hvm.json | 91 +++++++++++++++++++++++
tests/libxlxml2domconfigdata/efi-hvm.xml | 36 +++++++++
tests/libxlxml2domconfigtest.c | 1 +
4 files changed, 134 insertions(+), 8 deletions(-)
Index: libvirt-9.1.0/src/libxl/libxl_conf.c
===================================================================
--- libvirt-9.1.0.orig/src/libxl/libxl_conf.c
+++ libvirt-9.1.0/src/libxl/libxl_conf.c
@@ -632,14 +632,10 @@ libxlMakeDomBuildInfo(virDomainDef *def,
b_info->ramdisk = g_strdup(def->os.initrd);
/*
- * Currently libxl only allows specifying the type of BIOS.
- * If automatic firmware selection is enabled or the loader
- * type is PFLASH, we assume OVMF and set libxl_bios_type
- * to LIBXL_BIOS_TYPE_OVMF. The path to the OVMF firmware is
- * configured when building Xen using '--with-system-ovmf='. If
- * not specified, LIBXL_FIRMWARE_DIR/ovmf.bin is used. In the
- * future, Xen will support a user-specified firmware path. See
- * https://lists.xenproject.org/archives/html/xen-devel/2016-03/msg01628.html
+ * libxl allows specifying the type of firmware and an optional path.
+ * If the path is not explicitly specified, a default path for the given
+ * firmware type is used. For EFI, it's LIBXL_FIRMWARE_DIR/ovmf.bin.
+ * Currently libxl does not support specifying nvram for EFI firmwares.
*/
if (def->os.firmware == VIR_DOMAIN_OS_DEF_FIRMWARE_EFI) {
if (def->os.loader == NULL)
@@ -651,9 +647,11 @@ libxlMakeDomBuildInfo(virDomainDef *def,
if (def->os.loader->readonly == VIR_TRISTATE_BOOL_ABSENT)
def->os.loader->readonly = VIR_TRISTATE_BOOL_YES;
b_info->u.hvm.bios = LIBXL_BIOS_TYPE_OVMF;
+ b_info->u.hvm.system_firmware = g_strdup(def->os.loader->path);
def->os.firmware = VIR_DOMAIN_OS_DEF_FIRMWARE_NONE;
} else if (virDomainDefHasOldStyleUEFI(def)) {
b_info->u.hvm.bios = LIBXL_BIOS_TYPE_OVMF;
+ b_info->u.hvm.system_firmware = g_strdup(def->os.loader->path);
}
if (def->emulator) {
Index: libvirt-9.1.0/tests/libxlxml2domconfigdata/efi-hvm.json
===================================================================
--- /dev/null
+++ libvirt-9.1.0/tests/libxlxml2domconfigdata/efi-hvm.json
@@ -0,0 +1,91 @@
+{
+ "c_info": {
+ "type": "hvm",
+ "name": "test-hvm",
+ "uuid": "2147d599-9cc6-c0dc-92ab-4064b5446e9b"
+ },
+ "b_info": {
+ "max_vcpus": 4,
+ "avail_vcpus": [
+ 0,
+ 1,
+ 2,
+ 3
+ ],
+ "max_memkb": 1048576,
+ "target_memkb": 1048576,
+ "video_memkb": 8192,
+ "shadow_memkb": 1234,
+ "device_model_version": "qemu_xen",
+ "device_model": "/bin/true",
+ "sched_params": {
+
+ },
+ "apic": "True",
+ "acpi": "True",
+ "type.hvm": {
+ "bios": "ovmf",
+ "pae": "True",
+ "system_firmware": "/usr/share/qemu/ovmf-x86_64-xen.bin",
+ "vga": {
+ "kind": "cirrus"
+ },
+ "vnc": {
+ "enable": "True",
+ "listen": "0.0.0.0",
+ "findunused": "False"
+ },
+ "sdl": {
+ "enable": "False"
+ },
+ "spice": {
+
+ },
+ "boot": "c",
+ "rdm": {
+
+ }
+ },
+ "arch_arm": {
+
+ }
+ },
+ "disks": [
+ {
+ "pdev_path": "/var/lib/xen/images/test-hvm.img",
+ "vdev": "hda",
+ "backend": "qdisk",
+ "format": "raw",
+ "removable": 1,
+ "readwrite": 1
+ }
+ ],
+ "nics": [
+ {
+ "devid": 0,
+ "mac": "00:16:3e:66:12:b4",
+ "bridge": "br0",
+ "script": "/etc/xen/scripts/vif-bridge",
+ "nictype": "vif_ioemu"
+ }
+ ],
+ "vfbs": [
+ {
+ "devid": -1,
+ "vnc": {
+ "enable": "True",
+ "listen": "0.0.0.0",
+ "findunused": "False"
+ },
+ "sdl": {
+ "enable": "False"
+ }
+ }
+ ],
+ "vkbs": [
+ {
+ "devid": -1
+ }
+ ],
+ "on_reboot": "restart"
+}
Index: libvirt-9.1.0/tests/libxlxml2domconfigdata/efi-hvm.xml
===================================================================
--- /dev/null
+++ libvirt-9.1.0/tests/libxlxml2domconfigdata/efi-hvm.xml
@@ -0,0 +1,36 @@
+<domain type='xen'>
+ <name>test-hvm</name>
+ <description>None</description>
+ <uuid>2147d599-9cc6-c0dc-92ab-4064b5446e9b</uuid>
+ <memory>1048576</memory>
+ <currentMemory>1048576</currentMemory>
+ <vcpu>4</vcpu>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <clock offset='utc'/>
+ <os>
+ <type>hvm</type>
+ <loader readonly='yes' type='pflash'>/usr/share/qemu/ovmf-x86_64-xen.bin</loader>
+ <boot dev='hd'/>
+ </os>
+ <features>
+ <apic/>
+ <acpi/>
+ <pae/>
+ </features>
+ <devices>
+ <emulator>/bin/true</emulator>
+ <disk type='file' device='disk'>
+ <driver name='qemu'/>
+ <source file='/var/lib/xen/images/test-hvm.img'/>
+ <target dev='hda'/>
+ </disk>
+ <interface type='bridge'>
+ <source bridge='br0'/>
+ <mac address='00:16:3e:66:12:b4'/>
+ <script path='/etc/xen/scripts/vif-bridge'/>
+ </interface>
+ <graphics type='vnc' port='-1' autoport='yes' listen='0.0.0.0'/>
+ </devices>
+</domain>
Index: libvirt-9.1.0/tests/libxlxml2domconfigtest.c
===================================================================
--- libvirt-9.1.0.orig/tests/libxlxml2domconfigtest.c
+++ libvirt-9.1.0/tests/libxlxml2domconfigtest.c
@@ -183,6 +183,7 @@ mymain(void)
DO_TEST("basic-pv");
DO_TEST("basic-hvm");
+ DO_TEST("efi-hvm");
# ifdef WITH_XEN_PVH
DO_TEST("basic-pvh");
# endif

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:defebea252a24c1800fbf484b14018b6261192acbac5bda8395e47eba2a14d6a
size 9047300

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEERTtlMQWVVihVRxGZymi+gBAITJwFAmP/JdoACgkQymi+gBAI
TJzyEw/+P7h7zKR4l9xRfWC0T8fQtYx7l2YIcCYAY3MZvpfPDe9vpLWi0OTwdEAa
h8i1ceOw/mJWP2q1xrdrLt1T8J3+dgEJI4bGOOgby/RujVSIVmPQ91YQX8KwFgcc
WtCdvrgi+ID6HAz442c30TCESar92s04jGFBidTazqsgHAwHzG+ok0gpVlCabT+l
hQVdOKaS05asDgu3cZ8exfpwW/iUWC9u9GkEruj80gYiCxApYlnrmVp7Hrb0VDOl
aMENM94WUX6sBR3A8L3LAnqEEIJfi29eSyMxVhNmwCYd2HH5e9ACeNeP4ZJLhT9o
IfuBWRObxfFBe5ifgwGdUNo/Fh3lBEt2EQyCdm7h0x+RulEYSuga6NrjuS5uZWUM
cOKb21ly6tc0VMIpYyfWD+tMj/x1+B521VtpsK3M6a5+jGBOQHDYyLJkaDC66WyD
SL7RJrdxOdml/gWRdUMIUdRqGVKZTJ9PaEG7LtC5vOQtLZfm/tHFAFriIuZpXByK
2NvD+GplpDWQA2pzJUyO2zVdZ8PcDdi679FCjfhIhG2Fdf39PV1UW0avrXPwoSrF
PI1TpdhA5LKza2CR1cZrfF8B7LUFAV2BtycNYSsEvBJoGN0Z73ebHLHZuQOiTJu5
GfrQ8iIA3Q++6v3PU/lrbViLeO93AKqO1+ZjuEvIfHKj0kSY9ys=
=zdV2
-----END PGP SIGNATURE-----

3
libvirt-9.2.0.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d50d1c6a4a2a1656d39d994f3e5d482b66bd4236905164dabe3a32197f247da8
size 9495536

View File

@ -1,22 +0,0 @@
From a9d1dbe65bfbc90c39cc7719b7c9d51d24496931 Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig@suse.com>
Date: Tue, 5 Jul 2022 11:23:13 -0600
Subject: Add POWER8 v2.0 and v2.1 to cpu map XML
From: <ro@suse.de>
---
src/cpu_map/ppc64_POWER8.xml | 2 ++
1 file changed, 2 insertions(+)
Index: libvirt-9.1.0/src/cpu_map/ppc64_POWER8.xml
===================================================================
--- libvirt-9.1.0.orig/src/cpu_map/ppc64_POWER8.xml
+++ libvirt-9.1.0/src/cpu_map/ppc64_POWER8.xml
@@ -4,5 +4,7 @@
<pvr value='0x004b0000' mask='0xffff0000'/>
<pvr value='0x004c0000' mask='0xffff0000'/>
<pvr value='0x004d0000' mask='0xffff0000'/>
+ <pvr value='0x004b0200' mask='0xffffffff'/>
+ <pvr value='0x004b0201' mask='0xffffffff'/>
</model>
</cpus>

View File

@ -1,235 +0,0 @@
From a2a8fd82918b5d3e8ac5c8fd6f2f97be1d4bdf11 Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig@suse.com>
Date: Tue, 5 Jul 2022 11:58:35 -0600
Subject: libnetcontrol patch for libvirt
Originally authored by mt@suse.de
---
meson.build | 11 ++++-
meson_options.txt | 1 +
src/interface/interface_backend_netcf.c | 59 ++++++++++++++++++++++++-
src/interface/interface_driver.c | 9 +++-
src/interface/meson.build | 3 +-
tools/virsh.c | 2 +
6 files changed, 80 insertions(+), 5 deletions(-)
Index: libvirt-9.1.0/meson.build
===================================================================
--- libvirt-9.1.0.orig/meson.build
+++ libvirt-9.1.0/meson.build
@@ -1017,6 +1017,12 @@ else
netcf_dep = dependency('', required: false)
endif
+netcontrol_version = '0.2.0'
+netcontrol_dep = dependency('netcontrol', version: '>=' + netcontrol_version, required: get_option('netcontrol'))
+if netcontrol_dep.found()
+ conf.set('WITH_NETCONTROL', 1)
+endif
+
have_gnu_gettext_tools = false
if not get_option('nls').disabled()
have_gettext = cc.has_function('gettext')
@@ -1427,10 +1433,10 @@ elif get_option('driver_hyperv').enabled
error('openwsman is required for the Hyper-V driver')
endif
-if not get_option('driver_interface').disabled() and conf.has('WITH_LIBVIRTD') and (udev_dep.found() or conf.has('WITH_NETCF'))
+if not get_option('driver_interface').disabled() and conf.has('WITH_LIBVIRTD') and (udev_dep.found() or conf.has('WITH_NETCF') or netcontrol_dep.found())
conf.set('WITH_INTERFACE', 1)
elif get_option('driver_interface').enabled()
- error('Requested the Interface driver without netcf or udev and libvirtd support')
+ error('Requested the Interface driver without netcf, netcontrol or udev and libvirtd support')
endif
if not get_option('driver_libxl').disabled() and conf.has('WITH_LIBVIRTD')
@@ -2200,6 +2206,7 @@ libs_summary = {
'libssh2': libssh2_dep.found(),
'libutil': libutil_dep.found(),
'netcf': conf.has('WITH_NETCF'),
+ 'netcontrol': netcontrol_dep.found(),
'NLS': have_gnu_gettext_tools,
'numactl': numactl_dep.found(),
'openwsman': openwsman_dep.found(),
Index: libvirt-9.1.0/meson_options.txt
===================================================================
--- libvirt-9.1.0.orig/meson_options.txt
+++ libvirt-9.1.0/meson_options.txt
@@ -29,6 +29,7 @@ option('libpcap', type: 'feature', value
option('libssh', type: 'feature', value: 'auto', description: 'libssh support')
option('libssh2', type: 'feature', value: 'auto', description: 'libssh2 support')
option('netcf', type: 'feature', value: 'auto', description: 'netcf support')
+option('netcontrol', type: 'feature', value: 'auto', description: 'netcontrol support')
option('nls', type: 'feature', value: 'auto', description: 'nls support')
option('numactl', type: 'feature', value: 'auto', description: 'numactl support')
option('openwsman', type: 'feature', value: 'auto', description: 'openwsman support')
Index: libvirt-9.1.0/src/interface/interface_backend_netcf.c
===================================================================
--- libvirt-9.1.0.orig/src/interface/interface_backend_netcf.c
+++ libvirt-9.1.0/src/interface/interface_backend_netcf.c
@@ -21,7 +21,12 @@
#include <config.h>
-#include <netcf.h>
+#ifdef WITH_NETCONTROL
+# include <netcontrol/netcf.h>
+# include <netcontrol/logger.h>
+#else
+# include <netcf.h>
+#endif
#include "virerror.h"
#include "datatypes.h"
@@ -70,6 +75,37 @@ VIR_ONCE_GLOBAL_INIT(virNetcfDriverState
static virNetcfDriverStatePtr driver;
+#ifdef WITH_NETCONTROL
+static void
+interface_nc_log_driver(const char *category ATTRIBUTE_UNUSED,
+ int priority,
+ const char *func,
+ const char *file,
+ long long line,
+ const char *msg,
+ size_t len ATTRIBUTE_UNUSED)
+{
+ int vp;
+
+ switch (priority) {
+ case NC_LOG_FATAL:
+ case NC_LOG_ERROR:
+ vp = VIR_LOG_ERROR;
+ break;
+ case NC_LOG_WARN:
+ vp = VIR_LOG_WARN;
+ break;
+ case NC_LOG_INFO:
+ vp = VIR_LOG_INFO;
+ break;
+ case NC_LOG_DEBUG:
+ default:
+ vp = VIR_LOG_DEBUG;
+ break;
+ }
+ virLogMessage(&virLogSelf, vp, file, line, func, 0, "%s", msg);
+}
+#endif
static void
virNetcfDriverStateDispose(void *obj)
@@ -126,6 +162,10 @@ netcfStateInitialize(bool privileged,
virPidFileAcquire(driver->stateDir, "driver", false, getpid())) < 0)
goto error;
+#ifdef WITH_NETCONTROL
+ nc_logger_redirect_to(interface_nc_log_driver);
+#endif
+
/* open netcf */
if (ncf_init(&driver->netcf, NULL) != 0) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
@@ -1071,6 +1111,7 @@ static int netcfInterfaceIsActive(virInt
return ret;
}
+#ifdef HAVE_NETCF_TRANSACTIONS
static int netcfInterfaceChangeBegin(virConnectPtr conn, unsigned int flags)
{
int ret = -1;
@@ -1142,6 +1183,7 @@ static int netcfInterfaceChangeRollback(
return ret;
}
+#endif /* HAVE_NETCF_TRANSACTIONS */
static virInterfaceDriver interfaceDriver = {
.name = INTERFACE_DRIVER_NAME,
@@ -1158,9 +1200,11 @@ static virInterfaceDriver interfaceDrive
.interfaceCreate = netcfInterfaceCreate, /* 0.7.0 */
.interfaceDestroy = netcfInterfaceDestroy, /* 0.7.0 */
.interfaceIsActive = netcfInterfaceIsActive, /* 0.7.3 */
+#ifdef HAVE_NETCF_TRANSACTIONS
.interfaceChangeBegin = netcfInterfaceChangeBegin, /* 0.9.2 */
.interfaceChangeCommit = netcfInterfaceChangeCommit, /* 0.9.2 */
.interfaceChangeRollback = netcfInterfaceChangeRollback, /* 0.9.2 */
+#endif /* HAVE_NETCF_TRANSACTIONS */
};
@@ -1191,6 +1235,19 @@ static virStateDriver interfaceStateDriv
int netcfIfaceRegister(void)
{
+ struct netcf *netcf;
+
+ /* Initialization of libnetcontrol will fail if NetworkManager is enabled.
+ * Skip registration if ncf_init fails.
+ * TODO: finer-grained check? E.g. is_nm_enabled()
+ */
+ if (ncf_init(&netcf, NULL) != 0) {
+ VIR_WARN("Failed to initialize libnetcontrol. Management of interface devices is disabled");
+ return 0;
+ }
+
+ ncf_close(netcf);
+
if (virRegisterConnectDriver(&interfaceConnectDriver, false) < 0)
return -1;
if (virSetSharedInterfaceDriver(&interfaceDriver) < 0)
Index: libvirt-9.1.0/src/interface/interface_driver.c
===================================================================
--- libvirt-9.1.0.orig/src/interface/interface_driver.c
+++ libvirt-9.1.0/src/interface/interface_driver.c
@@ -30,8 +30,15 @@ interfaceRegister(void)
if (netcfIfaceRegister() == 0)
return 0;
#endif /* WITH_NETCF */
+#ifdef WITH_NETCONTROL
+ /* Attempt to load the netcontrol based backend, which is a slightly
+ patched netcf backend */
+ if (netcfIfaceRegister() == 0)
+ return 0;
+#endif /* WITH_NETCONTROL */
#if WITH_UDEV
- /* If there's no netcf or it failed to load, register the udev backend */
+ /* If there's no netcf or netcontrol, or it failed to load, register the
+ udev backend */
if (udevIfaceRegister() == 0)
return 0;
#endif /* WITH_UDEV */
Index: libvirt-9.1.0/src/interface/meson.build
===================================================================
--- libvirt-9.1.0.orig/src/interface/meson.build
+++ libvirt-9.1.0/src/interface/meson.build
@@ -2,7 +2,7 @@ interface_driver_sources = [
'interface_driver.c',
]
-if conf.has('WITH_NETCF')
+if conf.has('WITH_NETCF') or conf.has('WITH_NETCONTROL')
interface_driver_sources += 'interface_backend_netcf.c'
endif
@@ -23,6 +23,7 @@ if conf.has('WITH_INTERFACE')
access_dep,
libnl_dep,
netcf_dep,
+ netcontrol_dep,
udev_dep,
],
'link_args': [
Index: libvirt-9.1.0/tools/virsh.c
===================================================================
--- libvirt-9.1.0.orig/tools/virsh.c
+++ libvirt-9.1.0/tools/virsh.c
@@ -545,6 +545,8 @@ virshShowVersion(vshControl *ctl G_GNUC_
vshPrint(ctl, " Interface");
# if defined(WITH_NETCF)
vshPrint(ctl, " netcf");
+# elif defined(WITH_NETCONTROL)
+ vshPrint(ctl, " netcontrol");
# elif defined(WITH_UDEV)
vshPrint(ctl, " udev");
# endif

View File

@ -1,3 +1,41 @@
-------------------------------------------------------------------
Mon Apr 3 20:38:30 UTC 2023 - James Fehlig <jfehlig@suse.com>
- Update to libvirt 9.2.0
- Many incremental improvements and bug fixes, see
https://libvirt.org/news.html#v9-2-0-2023-04-01
- Move to a more git-centric packaging workflow using tar_scm
instead of download_files
- New source README.packaging.txt
- Remove now unused signature file and libvirt.keyring
- Patches now maintained in git
libxl-dom-reset.patch,
network-don-t-use-dhcp-authoritative-on-static-netwo.patch,
0001-util-Don-t-spawn-pkttyagent-when-stdin-is-not-a-tty.patch,
libvirt-power8-models.patch,
ppc64le-canonical-name.patch,
libxl-set-migration-constraints.patch,
libxl-set-cach-mode.patch,
0001-libxl-add-support-for-BlockResize-API.patch,
suse-libvirtd-disable-tls.patch,
suse-libvirt-guests-service.patch,
suse-qemu-conf.patch,
suse-qemu-ovmf-paths.patch,
libxl-support-block-script.patch,
qemu-apparmor-screenshot.patch,
libvirt-suse-netcontrol.patch,
lxc-wait-after-eth-del.patch,
suse-libxl-disable-autoballoon.patch,
suse-xen-ovmf-paths.patch,
virt-create-rootfs.patch,
suse-fix-lxc-container-init.patch
- Remove old, unused SUSEfirewall2 config file
libvirtd-relocation-server.fw
- Dropped patches:
4959490e-support-SUSE-edk2-firmware-paths.patch,
bf3be5b7-libxl-Support-custom-firmware-path.patch,
705525cb-libxl-Support-custom-firmware-path-conversion.patch,
-------------------------------------------------------------------
Fri Mar 10 19:01:21 UTC 2023 - James Fehlig <jfehlig@suse.com>

View File

@ -1,262 +0,0 @@
user: "Daniel Veillard (Red Hat work email) <veillard@redhat.com>"
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGiBDk1EfQRBACMYQsU1LMs37qOMMJhTkfyb5aruPapu8ICNR4kNk36jT/ld7oN
/0xtqM/e2S9VOzAd165POeEobxTXN234MOhj6PM9uJNOgAq1N1k1eWhGpVw2HIYs
b40BHgKVf9mdrv7375L18Sb8qv3CcBhJfK8oW0Zv2oeruWFDpsMr9ULxxwCgmjap
uDrJDZN7HEtOCcPF8CoNTG8D+wedGbKLvXg6NE5UyrkV3qfYwrPai84EsPY1VaWe
mF+hPch+14r0CUIOVADX87HaIBsTmGZ/u6Ks9ZYALVZbwjQcyNp7MP4ZmvIpfHXd
xgLJ+9DbKs6yTlgA1moUSERyfGq/kMC9nq3dVYgmYmxxRuO8/eVKufvStnxhIr/a
v3o3A/0T4/hPXT2N4WCpvpCxKDIPy9/pqXcYjSEVbS1lfYP6zfxNDKwuF2j4gRWm
unJnPowIGx0+Zhl1dc68B6QOgxqenJNkNbSKUUm23MlzSeT6zyyAJcXW///zxZ7t
7Yq4L9+X6FQtJ8D7kbcB/NQv93UqZKnUplD+35b/xM6zP6UqerQ6RGFuaWVsIFZl
aWxsYXJkIChSZWQgSGF0IHdvcmsgZW1haWwpIDx2ZWlsbGFyZEByZWRoYXQuY29t
PoheBBMRAgAeBQJDUpSLAhsDBgsJCAcDAgMVAgMDFgIBAh4BAheAAAoJEEYGuKXe
lbwfJcAAni8XquAlSF6z8WnJwQ6I7yrVTA6IAJ9NnwyV+dwE1wkDg1eyogC6lcU8
v4kCHAQQAQIABgUCU1n6kgAKCRBZXlskaUZz7ZnBD/9TIGS1KyGL0Bi1WuP01JAM
BzQ4Lgfi90Uwp6RZydZXAddAP3X1NBc8SqfcW8JZuB9BuStkcKvHnXK0+N9qJTrv
Id01FVApfi85W02ZTN1eB3YnVKPIQqzlSPzhsBSf26JNX2zjq8hW8dmKBdBp1AG/
oLVtrim+Jbl5qi8EiqdznDwOyKYPbkN8OwC2q0q5C8V/dCltQENTlkJKUCHHXbP5
v8r0TjIPveOa5MDYPmcoAnDC5D8OJlT6R0VLQzXpFEqET9o0CjDrynHH/8aOFGeI
yesr0L+53VVgK/j2nq3XgduGdtnoWon8/C8sNHmGowoQDT8hdGWjv/qIl3bESRoA
qIEGAwJloD1skJNDNpOdnf+m7mV8HBGkKUlQulXUCcVu608hKc34o+Jpmp2s1+qO
12ta4AyahTJuew6KqTnHaO0xoyI9iPql07jZianekb+TJtXt/a+iTrHJV9lgtw/q
eg9kfMp/AfDLy8dbCVQVtADaPlyBM8DdY7gkpDiH81kRl9A6CLjedHPSDIjdPH74
rVfFf+VZ5ZvYXD2YlNuraYrcp62xfMY8vAjNHMUXk1OKQCwUcxJq39U+j7wIAfak
ziVUuyZS2kK7wSfFFWHWELp2JpK4HswY1uhSHZsP29a0/ixT8ZmgE/ycmK58kG0D
re2/KLGV/nQo4Ll9yUo+/rQoRGFuaWVsIFZlaWxsYXJkIDxEYW5pZWwuVmVpbGxh
cmRAdzMub3JnPohWBBMRAgAWBQI5NRH0BAsKBAMDFQMCAxYCAQIXgAAKCRBGBril
3pW8HyjYAJ0bg3uZHA+/f974QtI0VE+0uKRpDACfTkTeyy9yyRzOOSzPcoyLuvFD
ru6IRgQQEQIABgUCO4F9pQAKCRC76Jcoav2y6MJ9AKDJCqU1ZAuA90uAd9p0FXlR
iziMHgCg3GscwaJNzalDPwP4Bp+Mtls6h2OIRgQQEQIABgUCOXo0KwAKCRDM82+T
KCNErcs7AKCQ1WggBKkliVg8A65tfzUk8+gaoQCeJKID6gSqtfzXrCCHg8HXJEXX
d6iIRgQQEQIABgUCOXo0bwAKCRAdSmEOaXIt7ojgAJ483kh0wLm6IHF9B5Enmw8I
XVHrWwCgjhU6b3FZJlVuO0H0RC/TTrT4VGWIRgQQEQIABgUCOX2ZfwAKCRA5+PYl
r+7+gN8mAKC1n+mEOkw+8X9a1q2xmIUzGTENdACgpOKWC7MeohUbH3GHxaPSXGIv
lzCIRgQQEQIABgUCOX74vAAKCRAkPyCkQ751RGZ2AJ4vEOnRcKyQJOhY1VrIQ8BS
LjlC0QCfTUxpvkdcSaVUBET+CGqi06Q6ABGIRgQQEQIABgUCOX/A4wAKCRBwMzCB
CGyIA9gHAJwOO3orF+dHWGjvdM94woAivQWvawCg0cUr7s3kx71jKHf+BqhiVi6M
jiyIRgQQEQIABgUCOYDj+AAKCRA5lRgWNJaaiRdzAJ9YHs948fbHMEU89WGcVfIx
W/e96gCgtokuC3crN+PCv3XmCm2HhCKm6ySIRgQQEQIABgUCOjUmqAAKCRA3ZR7q
LaQNB32aAKCA0RCogC5bKHo7/6hyPdVSqDBxuQCgsFRv1niYnYcp2NjlNUQukDqt
ipmIRgQQEQIABgUCO4GPvwAKCRBSR6/HAbmhcigJAKCZtDDAcig2+ApcrsK8TgkL
Bpy1SACfWf8654jVvZyiuP7RLKXcr+Ey4RmIRgQQEQIABgUCO4GSTwAKCRCgOnFn
LIp2kbJNAJ45oiVpnqf6PQBaD2D7Y4yubzboXACeLvQud8eHd8+EXchthZ21ozCH
ogGIRgQQEQIABgUCO+VJcgAKCRCe34HuRs12dEKrAJ4hgEFKj742qXijx9Bt1ZMI
V9allACfYYK7K1bwFXl4/rPQXn+z8pdMA92IRgQQEQIABgUCPGEs7gAKCRA5YbqF
NeeFXIQOAKCp1/XxBZAfEXkKMY5cVi2nxKx+7gCdEFccvay99qdDxcAukJ+FesJi
LiSIRgQQEQIABgUCPmU0SwAKCRBUFGa+sS3BmwgjAJ4qqHfGM/xd0ql1pXa8iljp
uhzYrQCfXd8PCmNguMQjc0sQZre1QyUwJFOIRgQQEQIABgUCP4AuDAAKCRB1eGxb
UoEzsMyRAJ4w9gJNAzqNpiAH3dVTDrHZ7vHCuwCbBicIMgKfUzP5zrcRpctCHRyj
Ib2IRgQTEQIABgUCPmU3HgAKCRBRxHllnuFJ/c/3AJ43bk++3FZZCmJSKzx02v5f
a+ae7QCbBWoyLX6sg4YXfyRMVM+50v2cXnCJARwEEAECAAYFAj+ALf0ACgkQ4TXe
g5d+zEV/fAf/Ru604Jm6N7c1RbRJkAKP2jhLPe+8f8LnBCtZqeRt832WvAezrx0A
46MXUMLulIqsHeMCu6N8AU+I5XvESR/XII5Mce2GMgQNRW33xwYbChLOfhFjcrcY
IbSXl78IkJL0830qwJoaL4TuPruKEY/egNHRwbYel7MSdpLsP8EZ6RoArxCXqzhQ
GeRfe1FN48tLcxIpy+h8+z9mKlbzbvwNcb1g9Z5z0wL5QXWOqOObPz76UWDqxCXL
ePDwbTtNkPllSMfd4QW52pgFe3vTBf9C+V6Z2b6OoRHB8a3wu0UctF9GmdeQLrrM
HbpwAd1f4BLCuQW2seVlCFDkEgLxMBkaF4kCHAQQAQIABgUCU1n6lwAKCRBZXlsk
aUZz7fPqD/sHP9Jly99g0lKnXeihGJlOGXSIoSu3tjR3m7lEXsPnu5Gjan9FmMou
G6HSFcNpIutEjY664NCpc9k8me1ybUBhUDgFPbOL9YOf0P9Jf3Pv0dGyERKczw/Z
DK9URiRLuuSgkn8yQI2q8QKZYBTleB9Iy8Nr+VkQfWQpA/SgaUlM0nu3mkr6jKzX
JmBrYDJIl0LAUjnZlSWB/ZBhBl+tqJNY/mcL+SENLZ1LrtLSqHg+k2C7JdOPgb6k
XsbEsKgQ6rFPHKnjCwtsKOc6MetVMwR0N/t34I8xChPHn837O8D//QzC42v5dVLw
PU4v7YQq55qUHLTnwYPD/kKk98KmkQ87o25kgwPT60Fu/d89naV1RJlITsg/g+WE
uuCmPYwRAcLJ53t/YKL5Dflu/ELggFbDK1dOQLIe49XQj0Vi08FGyTJ5K0J9+sY6
ELzs2jzzxjWhyhjWvHyxIZUnVm9ONXeRbVKwCv6hls5OHaY6a1nMBzlawCq37TYl
3Dz1w8QtSwCJSqAp596x/sC6W6JT3vGTGi33564yQmBCABYLNyXJw0SQ/Q/F2x/0
o5sU/4vAuDBuTzV4y3sRlbBBBmP71cO+zmQmatapMO8V8+lINEQc+WKlvcXb36vU
ShphDLtmsBHlmtcqsDxGtgXqtBQ3BOYy/iNlJPFXU/JFEbgevWQg+YhWBBMRAgAW
BQI5NRH0BAsKBAMDFQMCAxYCAQIXgAAKCRBGBril3pW8HyjYAJ0YoZqiRG8uArf9
9f1Lsnq5lUo2tQCeM2Ce2G2zJvy9Yz5BpK+LpHNvZqG5AQ0EOTUR/BAEAOq2lDkr
xxTRuNotrVeNAURKfnsZFzZ01ykupok1LUzY77uYtFQwx65D8r2jPCC0Z4N470XQ
4Yb/7VXJRyWeycpRP/+OWv9V2uX5dyZPLzQ1uYMtTxMIwBQUFIN++TG4HiKcMBEf
vXOlLbADMWL9qNNziA8qu3C6SUKN6dhtDiFHAAMFBADBsm+4DRNa8mqN6TPSoCvv
4sLAIJWgEJvFnfwHbAETh+lstXcENkHHnCeJvX3xNTIQkUKP//FRRhxR0tgtuDA7
JzlSIBFZ1mxCFTM6ebxXwvpCBe0a/Z6twYK+MB6OsvttOBhdVHN69wm9hZ+2FppN
TZ1SerXnpZQ7MU/uzL3zP4hGBBgRAgAGBQI5NRH8AAoJEEYGuKXelbwfOsMAnjy/
rqqTMYYtHaYfYLtIXDTLg5hIAKCG5DsFhM0CVUUzt9OW85SGADr1IrkBDQRYQIkq
AQgA1Srwwfkqd8t5nh+gGwkN9zPNzdaUbnMi4F+T+V0nSDO2CkM21veA8ktTeq6D
nqNEsfP/0wmuM0lqF49wJV5MMaJ9oCcXdDYIuaBlTYdrvOUE7SJBR8DSPTR44m55
EBcG8U4mfOpjTf4RrQqHTo7VCMhXaeOx4VMlwt2iVvwRqfnQvTfqXP+GYk82LQTN
TYZfeoqogHDcMoV2uKR8uGaqGr2nfcMXCfh5O2Z/FSasMnvdMaPNjD6uoVRVQtoQ
4pd1wkbESFw7xTu+JcHANhBCRaGY+7Z0m+wgHQaazziFuwTMsRoAd4zyt2gUQs9W
dyZg8vpHkNJwvWuYzC3G9bw9SQARAQABiQFoBBgRAgAJBQJYQIkqAhsCASkJEEYG
uKXelbwfwF0gBBkBAgAGBQJYQIkqAAoJEBVYiyZZa+pdRCEIALMTkRBVSsXL9sRz
p6G9nOvL526GE/ygl/3bOFiSkquevIGLvlWRwZ990Bcj5GLlezIKDhEftViyA2hf
RQ9Ujbj1VaA5VuD+LGrQz7MvRA2U+byOBRbvIbv06IHOVRfJg8xBBNOzQJveiLA1
gu4DMITU/LLthth5UDOesbUC6G5ph0aQVE3MjH57OUh5A3pgi0lyJtUansnk9/qU
T6kI/IUhAic8yjMySJT8KrI1ift1xPOTAIFbQ3BWp8n4RRpRR3wgMR/uZ2dIIG7r
4CACMYDBOKByrPIs13lU5OepJuCJXUpMwkJoIU9BWO+NOGQ1XDcovdF9NJGk6kVe
VzKrNFfjQQCfdfdj14GJXVmXLfMuVCm9mk6VYhsAnR970ia1+KXLBnz6nTq46FsL
o4ScuQENBFhAiWgBCAC7wL5SvrSOuuXdzlpf6p9O2nRT68Ch8IwLYqOm0s5bsRrB
IlwMSazbqnJiUL1I+kwVFygxQxCG5GtSCYiHASPOqeEyqu6eLMiedso+VFiCcNXW
Ct8xsVEpHsQc9MDpeqcFeSHI+agxxPy3m0mhjdanHzyE97nzAf5etPBzNUr4JQUP
rwJG7rHj6b7UgWN9MyPOPSKcvvM+C3E3HSZN0ym+dkIXPgELfXnnlMz8lILRPI/q
1QL9LCC/w4j62lnazTmcAk8r4+fE1HTXKriCm7lMPpHVWJXQLdw0Up6vKI2G1vGq
HtHs6YI5tujbYx5e2m3S63Lf6/hNzQPyURFQaYwhABEBAAGISQQYEQIACQUCWECJ
aAIbDAAKCRBGBril3pW8H+acAJ9rg9EaUPcWu8T69TmAZjVeB7rbzwCfWI/rxbXv
fhTU6jmxaa6p39kPq3Q=
=cqkL
-----END PGP PUBLIC KEY BLOCK-----
user: "Daniel Veillard (Red Hat work email) <veillard@redhat.com>"
1024-bit DSA key, ID DE95BC1F, created 2000-05-31
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.4
Comment: Hostname: pgp.mit.edu
mQGiBDk1EfQRBACMYQsU1LMs37qOMMJhTkfyb5aruPapu8ICNR4kNk36jT/ld7oN/0xtqM/e
2S9VOzAd165POeEobxTXN234MOhj6PM9uJNOgAq1N1k1eWhGpVw2HIYsb40BHgKVf9mdrv73
75L18Sb8qv3CcBhJfK8oW0Zv2oeruWFDpsMr9ULxxwCgmjapuDrJDZN7HEtOCcPF8CoNTG8D
+wedGbKLvXg6NE5UyrkV3qfYwrPai84EsPY1VaWemF+hPch+14r0CUIOVADX87HaIBsTmGZ/
u6Ks9ZYALVZbwjQcyNp7MP4ZmvIpfHXdxgLJ+9DbKs6yTlgA1moUSERyfGq/kMC9nq3dVYgm
YmxxRuO8/eVKufvStnxhIr/av3o3A/0T4/hPXT2N4WCpvpCxKDIPy9/pqXcYjSEVbS1lfYP6
zfxNDKwuF2j4gRWmunJnPowIGx0+Zhl1dc68B6QOgxqenJNkNbSKUUm23MlzSeT6zyyAJcXW
///zxZ7t7Yq4L9+X6FQtJ8D7kbcB/NQv93UqZKnUplD+35b/xM6zP6UqerQoRGFuaWVsIFZl
aWxsYXJkIDxEYW5pZWwuVmVpbGxhcmRAdzMub3JnPohGBBARAgAGBQI5ejQrAAoJEMzzb5Mo
I0StyzsAoJDVaCAEqSWJWDwDrm1/NSTz6BqhAJ4kogPqBKq1/NesIIeDwdckRdd3qIhGBBAR
AgAGBQI5ejRvAAoJEB1KYQ5pci3uiOAAnjzeSHTAubogcX0HkSebDwhdUetbAKCOFTpvcVkm
VW47QfREL9NOtPhUZYhGBBARAgAGBQI5fZl/AAoJEDn49iWv7v6A3yYAoLWf6YQ6TD7xf1rW
rbGYhTMZMQ10AKCk4pYLsx6iFRsfcYfFo9JcYi+XMIhGBBARAgAGBQI5fvi8AAoJECQ/IKRD
vnVEZnYAni8Q6dFwrJAk6FjVWshDwFIuOULRAJ9NTGm+R1xJpVQERP4IaqLTpDoAEYhGBBAR
AgAGBQI5f8DjAAoJEHAzMIEIbIgD2AcAnA47eisX50dYaO90z3jCgCK9Ba9rAKDRxSvuzeTH
vWMod/4GqGJWLoyOLIhGBBARAgAGBQI5gOP4AAoJEDmVGBY0lpqJF3MAn1gez3jx9scwRTz1
YZxV8jFb973qAKC2iS4Ldys348K/deYKbYeEIqbrJIhGBBARAgAGBQI6NSaoAAoJEDdlHuot
pA0HfZoAoIDREKiALlsoejv/qHI91VKoMHG5AKCwVG/WeJidhynY2OU1RC6QOq2KmYhGBBAR
AgAGBQI7gX2lAAoJELvolyhq/bLown0AoMkKpTVkC4D3S4B32nQVeVGLOIweAKDcaxzBok3N
qUM/A/gGn4y2WzqHY4hGBBARAgAGBQI7gY+/AAoJEFJHr8cBuaFyKAkAoJm0MMByKDb4Clyu
wrxOCQsGnLVIAJ9Z/zrniNW9nKK4/tEspdyv4TLhGYhGBBARAgAGBQI7gZJPAAoJEKA6cWcs
inaRsk0AnjmiJWmep/o9AFoPYPtjjK5vNuhcAJ4u9C53x4d3z4RdyG2FnbWjMIeiAYhGBBAR
AgAGBQI75UlyAAoJEJ7fge5GzXZ0QqsAniGAQUqPvjapeKPH0G3VkwhX1qWUAJ9hgrsrVvAV
eXj+s9Bef7Pyl0wD3YhGBBARAgAGBQI8YSzuAAoJEDlhuoU154VchA4AoKnX9fEFkB8ReQox
jlxWLafErH7uAJ0QVxy9rL32p0PFwC6Qn4V6wmIuJIhGBBARAgAGBQI+ZTRLAAoJEFQUZr6x
LcGbCCMAniqod8Yz/F3SqXWldryKWOm6HNitAJ9d3w8KY2C4xCNzSxBmt7VDJTAkU4hGBBAR
AgAGBQI/gC4MAAoJEHV4bFtSgTOwzJEAnjD2Ak0DOo2mIAfd1VMOsdnu8cK7AJsGJwgyAp9T
M/nOtxGly0IdHKMhvYhGBBMRAgAGBQI+ZTceAAoJEFHEeWWe4Un9z/cAnjduT77cVlkKYlIr
PHTa/l9r5p7tAJsFajItfqyDhhd/JExUz7nS/ZxecIhWBBMRAgAWBQI5NRH0BAsKBAMDFQMC
AxYCAQIXgAAKCRBGBril3pW8HyjYAJ0bg3uZHA+/f974QtI0VE+0uKRpDACfTkTeyy9yyRzO
OSzPcoyLuvFDru6IXgQTEQIAFgUCOTUR9AQLCgQDAxUDAgMWAgECF4AAEgkQRga4pd6VvB8H
ZUdQRwABASjYAJ0bg3uZHA+/f974QtI0VE+0uKRpDACfTkTeyy9yyRzOOSzPcoyLuvFDru6J
ARwEEAECAAYFAj+ALf0ACgkQ4TXeg5d+zEV/fAf/Ru604Jm6N7c1RbRJkAKP2jhLPe+8f8Ln
BCtZqeRt832WvAezrx0A46MXUMLulIqsHeMCu6N8AU+I5XvESR/XII5Mce2GMgQNRW33xwYb
ChLOfhFjcrcYIbSXl78IkJL0830qwJoaL4TuPruKEY/egNHRwbYel7MSdpLsP8EZ6RoArxCX
qzhQGeRfe1FN48tLcxIpy+h8+z9mKlbzbvwNcb1g9Z5z0wL5QXWOqOObPz76UWDqxCXLePDw
bTtNkPllSMfd4QW52pgFe3vTBf9C+V6Z2b6OoRHB8a3wu0UctF9GmdeQLrrMHbpwAd1f4BLC
uQW2seVlCFDkEgLxMBkaF4kCHAQQAQIABgUCU1n6lwAKCRBZXlskaUZz7fPqD/sHP9Jly99g
0lKnXeihGJlOGXSIoSu3tjR3m7lEXsPnu5Gjan9FmMouG6HSFcNpIutEjY664NCpc9k8me1y
bUBhUDgFPbOL9YOf0P9Jf3Pv0dGyERKczw/ZDK9URiRLuuSgkn8yQI2q8QKZYBTleB9Iy8Nr
+VkQfWQpA/SgaUlM0nu3mkr6jKzXJmBrYDJIl0LAUjnZlSWB/ZBhBl+tqJNY/mcL+SENLZ1L
rtLSqHg+k2C7JdOPgb6kXsbEsKgQ6rFPHKnjCwtsKOc6MetVMwR0N/t34I8xChPHn837O8D/
/QzC42v5dVLwPU4v7YQq55qUHLTnwYPD/kKk98KmkQ87o25kgwPT60Fu/d89naV1RJlITsg/
g+WEuuCmPYwRAcLJ53t/YKL5Dflu/ELggFbDK1dOQLIe49XQj0Vi08FGyTJ5K0J9+sY6ELzs
2jzzxjWhyhjWvHyxIZUnVm9ONXeRbVKwCv6hls5OHaY6a1nMBzlawCq37TYl3Dz1w8QtSwCJ
SqAp596x/sC6W6JT3vGTGi33564yQmBCABYLNyXJw0SQ/Q/F2x/0o5sU/4vAuDBuTzV4y3sR
lbBBBmP71cO+zmQmatapMO8V8+lINEQc+WKlvcXb36vUShphDLtmsBHlmtcqsDxGtgXqtBQ3
BOYy/iNlJPFXU/JFEbgevWQg+bQ6RGFuaWVsIFZlaWxsYXJkIChSZWQgSGF0IHdvcmsgZW1h
aWwpIDx2ZWlsbGFyZEByZWRoYXQuY29tPoheBBMRAgAeBQJDUpSLAhsDBgsJCAcDAgMVAgMD
FgIBAh4BAheAAAoJEEYGuKXelbwfJcAAni8XquAlSF6z8WnJwQ6I7yrVTA6IAJ9NnwyV+dwE
1wkDg1eyogC6lcU8v4kCHAQQAQIABgUCU1n6kgAKCRBZXlskaUZz7ZnBD/9TIGS1KyGL0Bi1
WuP01JAMBzQ4Lgfi90Uwp6RZydZXAddAP3X1NBc8SqfcW8JZuB9BuStkcKvHnXK0+N9qJTrv
Id01FVApfi85W02ZTN1eB3YnVKPIQqzlSPzhsBSf26JNX2zjq8hW8dmKBdBp1AG/oLVtrim+
Jbl5qi8EiqdznDwOyKYPbkN8OwC2q0q5C8V/dCltQENTlkJKUCHHXbP5v8r0TjIPveOa5MDY
PmcoAnDC5D8OJlT6R0VLQzXpFEqET9o0CjDrynHH/8aOFGeIyesr0L+53VVgK/j2nq3XgduG
dtnoWon8/C8sNHmGowoQDT8hdGWjv/qIl3bESRoAqIEGAwJloD1skJNDNpOdnf+m7mV8HBGk
KUlQulXUCcVu608hKc34o+Jpmp2s1+qO12ta4AyahTJuew6KqTnHaO0xoyI9iPql07jZiane
kb+TJtXt/a+iTrHJV9lgtw/qeg9kfMp/AfDLy8dbCVQVtADaPlyBM8DdY7gkpDiH81kRl9A6
CLjedHPSDIjdPH74rVfFf+VZ5ZvYXD2YlNuraYrcp62xfMY8vAjNHMUXk1OKQCwUcxJq39U+
j7wIAfakziVUuyZS2kK7wSfFFWHWELp2JpK4HswY1uhSHZsP29a0/ixT8ZmgE/ycmK58kG0D
re2/KLGV/nQo4Ll9yUo+/rkBDQQ5NRH8EAQA6raUOSvHFNG42i2tV40BREp+exkXNnTXKS6m
iTUtTNjvu5i0VDDHrkPyvaM8ILRng3jvRdDhhv/tVclHJZ7JylE//45a/1Xa5fl3Jk8vNDW5
gy1PEwjAFBQUg375MbgeIpwwER+9c6UtsAMxYv2o03OIDyq7cLpJQo3p2G0OIUcAAwUEAMGy
b7gNE1ryao3pM9KgK+/iwsAglaAQm8Wd/AdsAROH6Wy1dwQ2QcecJ4m9ffE1MhCRQo//8VFG
HFHS2C24MDsnOVIgEVnWbEIVMzp5vFfC+kIF7Rr9nq3Bgr4wHo6y+204GF1Uc3r3Cb2Fn7YW
mk1NnVJ6teellDsxT+7MvfM/iEYEGBECAAYFAjk1EfwACgkQRga4pd6VvB86wwCePL+uqpMx
hi0dph9gu0hcNMuDmEgAoIbkOwWEzQJVRTO305bzlIYAOvUiiE4EGBECAAYFAjk1EfwAEgkQ
Rga4pd6VvB8HZUdQRwABATrDAJ48v66qkzGGLR2mH2C7SFw0y4OYSACghuQ7BYTNAlVFM7fT
lvOUhgA69SI=
=aP5f
-----END PGP PUBLIC KEY BLOCK-----
user: "James Fehlig (SUSE work email) <jfehlig@suse.com>"
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBFkDRwgBCADFsXGkfIAe2SUxscazpo0QsfPP8/IGKUYQEeRk0Y/C/Aww28Q5
aBDhxMUT4TAR+ySLCEgCPjMOhy5RhfmFNno4NytqmJZqGekq/CCQdJ+dA5twT3sr
wUyy3KFX7Zjah0jgIw8+4E/18xXM1C6ikf5+ZI1uPwhQSofpDgTxrHlL9KPuXuKz
iz/9Ke1EqBcNBrj6spI+Vj9JH0UaanshYj0BYqAYUaBvcqwdfHTi2wgScV/+Wo4S
vethdSY0qynR6R38sF9/vI49tdXQBcF9glX4zCyVH66nPVHS4QjjopCBKXoCeslE
X6F7e4fieozVJRk0zDamKqI3SD5cdordWRS7ABEBAAG0H0phbWVzIEZlaGxpZyA8
amZlaGxpZ0BzdXNlLmNvbT6JAVQEEwEIAD4WIQSNSIoQI3HbAaANy81k1VoV2uAu
wAUCWQNHCAIbAwUJA8JnAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBk1VoV
2uAuwO3DB/9ekJqOh9nCS8dYvCcKBS8NxC/JMImMzE6bdJHL3s1hsjUwqINY6sjw
REw1+QeMpYjK/AR6tvlw4l1XuH8bhgh9FHv3YncR+z8v+BVjDQvxDb/GvmgyrgtK
uc4kW2A0gx/X+QDAt0LyUHhq5tZrXJRw5lhIwBUbV/ysRxHpZgfKlOZwlHfLCvIr
/gM7vRM2Yki3vBJyYpIu8RRwLG7qIKCDZJZVoBJeWAOXHKX1T4rNiVq882zGQLxJ
2hS4JXCbYvbH30r+gkDamRiYaHRSjmXeNoXykixR9S03sSdxpZb+ct9/EoxviCbd
5X421k4IfR7KSPrdYLg8L8dK1kF7CYo1uQENBFkDRwgBCAC/cXAVobHKnekeRTA3
IFU4YBc+vsd/HQoLYpEIvKcXKlvXu8aK0KPo7lNF480asEw1Q1skcAiUDKlkmkCd
orPt8aN56wUzOMSbbsQ3sCcHjqp8bkjO/9xvAXxxE5xo717SCFPOklW8zGCLfC3x
ffdLCjbOLz/ceWX9rogPEMTNqV59TZNYIshKJhfrsFFCVPEHApUdFc9+GV3Q/AuR
xGAy3sz5X6A3N3ydcwDfR6K3XDttkpbVTrxRSUu12wovLcwqb7FtHTNYSijF1U04
vINMgcg64Dd6O3WXthpu/ePMw5UQRP7j/iuDUwCR6HFbqc9d66dHS+eVATd7jvqt
VNYVABEBAAGJATwEGAEIACYWIQSNSIoQI3HbAaANy81k1VoV2uAuwAUCWQNHCAIb
DAUJA8JnAAAKCRBk1VoV2uAuwP6+B/9r47oROSj8nItoI/VWgu+F4pH5Dl1MWid2
LICUx8BQ6ZNxSRUxoGlOdbLAfyLqERvOqNpBHa54SgGTvkxADtYMNuB6NCciR7z/
7s49io/jXthUahvorf6l7XI468v9J4b4xsYfKQiofonoY9fGmLism3RPqR8h+n4m
ywmOQMcweZgM4eXhi+SHJctg5mJdd5G/OdgOz+gIISFfrGrYmQCdlRpLP1im9a5c
n+szFhmrIXMGUT5auvbAGIQzuBI/F+fTmg1SN4+YTJLVEdHG5zYhUzqElYNkMwGJ
3aBhP3rFTdF/TXGI9aXs84nW3KYWQV18Av1rw0O+PKkX4fu4Yktc
=9Te5
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBF8VqoQBEACcjMco80+TaJU8JYCiOSPZb2a9pKSvz8I7wGqa+awcELWnTGTS1A66KneU
NzEZlmXaL/OZ6n+KtMT+2V6hqBeG8+p/GbCDzr+ThwcdlUvQ9p15hiHV5IRPXgX15ltXB40+
HEDQsj7iaZD14PmD/5QewfuGa/wEkGtPJjY+6+7ARE+JVdvG0Tzj9hlKlVJnJrEZELZh2+MF
sRqtQPwx4h7JFZikLg1KHG8ewdo5zYjRLVrId334fu+cqvLa6dqXoM9adW5VREIyr4WJnyqC
e+X1fc2K6ZVC+vonQw/6B0AIH6HYkah0jdwD1aMwLEFd3OzkqWn32Bxk75xviuxesOX08pAW
oiDsbU7T2e+O0AXslBNVYDDfrnn0+OK8P0GzP391+OKC6fNN6I6Lfhs/+j5pNv5MzH2BdoRa
O6bwnlQ8X1NuER3H/CZwrgN7XH01mRyNmWZBX/IJqNv5iDXqWcVQKqT+EKiy6XQqnFyQRRmz
dj80/Ec3Xk55Ne73uMHExdVh5Rqv6/Pdn2lLT8IIsJiPS/NI9BamtvoyQC55M/ZgyMaTqQgr
Bhf0U9qMn09gT8g+XmlSTPa7ldWCZn3nnemSQcSuCCmoHXOy+ZMQOtXAqnDhkLlr9gHAesWs
zMoFfGqDfgj23MgYRIHw0HRyuYnk2bP06GZsZbd9b1pgDfeyGwARAQABtCVKacWZw60gRGVu
ZW1hcmsgPGpkZW5lbWFyQHJlZGhhdC5jb20+iQJUBBMBCAA+FiEERTtlMQWVVihVRxGZymi+
gBAITJwFAl8VqoQCGwMFCQlmAYAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQymi+gBAI
TJwAxg/6A/rc143J3rnHYVEzMbJR76MZFGv+WQn0N42+d2I4zZiEYuZPopTpHahysDf6k3d9
fZ0bv2mBNTzFvhlVMyqCKf9O1wPNnGdMCDhfCFjX1jkA9lW09XVpkKwqfMSV6nhEdlfabThz
YyK9kWpRCD+wtTRoDMuZEdE1lPXql8PWyrSV0xxatISB1ULjpzq7muc9YtCyAZFho6W3n2Ea
PXhuNavtz1oke4HVPEuzMDXk3o6RMMjhrMa9KrfRfXdp9adfF1X43S2EaBBDI1uFn2w9iiVA
Z2js4aZVxnEmiXO8XZRHvbgcDkRN5Wd/GsOKvZK7qoglPOMFpZ66UkneZsQv8fcpSIidkgpo
bvtfe28jMjZ//r//7k+9c8gHQPMcEQPXCjkELFpsUNBBXJ8WORQopp2uZNigVpZ+nM/YcxYD
4csDW6ieBCacEAvN3muzBqo01nk4IlbiZ6M5Ob+9aPAwXQjc9PQeB3qxlHfKwAvTcOk05dLJ
ctMGBhnG8KBWnQbjIIF+1PC1Mdum8h88uZObS8qMyPtUtgxno1RCa3rhm1RPH8Wjr2Q1FWSM
PNul8PHCagv6PZhts8a7i07hpizTiELkny+lKaBzrTnge2tl4VbfzOOO1XHqifh1tKD4IyYe
3BFeOvbc2w+EFwzpkcNp5Rse2uHgl2XL8NLIYZmb0bC5Ag0EXxWqhAEQALeQx73Ycb6gqDbJ
weVzY40IBkuG+4ES3zFcELCXDNTfityLTERMxJeuGuPi7IcoAYIjXl3eqUyiQgHsaodtL1y0
u1x1BL1ktvx4D0ztskgflAFz+LB+wZSau3P0SfgZkNtBzxwtSuTVVnkC+DwT0XXGLDRBbyAo
offF0NyurWRT7+uwx5cQ8z52M/w7lHeJywn8UonjjR+g+2IbsDsJYQuKuR0ColHftf13O9G8
xZJ+kiykMzQ1BHHinidFmTaSZwX8NKmJP67PQ5noMXBXv9YmC4Xd8IUe5t01A6Pjkaii8/SV
08Pa3GiVx/Mw18EbkwpgudrtyCkiXnqnbB7/UYOEdO+zLRglpRdBNDMF9gPWeoc0L8f9I0+o
fuZ+tDTJnahKxwJdFWqfGfLy7i58Y1RVRUsQY88xlI9tUeaHabtXEA55c+RdCom5IN+tEzJg
Y00YkS5XcsZcfJvL5DStHlMow1l90lbNqxif0fFthZqYAuyJGlu5vWlRpFn/90sPo2GQse+V
rFu2TF0wv5LsSKaj9oWzTCoPme6FOz2JCHWu+VnuKInnDN89nG4w1ajCiu9he3UywdxG3L8B
2VLwfi7wT5sUnqqEO/SEdlxAJ3MvSu4h+En0qRAdjWkSWRy4wjSVOC+4YaxQtbsq18BnOI3z
pkb21QFwNwpOdVbs6HWJABEBAAGJAjwEGAEIACYWIQRFO2UxBZVWKFVHEZnKaL6AEAhMnAUC
XxWqhAIbDAUJCWYBgAAKCRDKaL6AEAhMnKc2D/9CfgTonQlHZR/qWDTxWg6WZTaMCvuMK7qF
SOkOaXmilYNDf+MW4H9Dzg8GLZyhD9+9qeh/kMqLgiMwkPfqKlR8KhIcDwLiRP+QZyf+aHiz
FHTEbpSFcQ+tOZYQqdN+7Te0EA8WL0CefpQSgqY9iwj4R1DFb4cvoCe33A8nyJ6+FZoPZ5sZ
PUlUEgQ1tCjsgraquEkyZ31kbd7/6V17SPO6OiwzHWlaOqJEofAqZC2S4B/qjsqiECLbRERA
wJhHxVAREdtSWB29k4wqRjFIa0IwY+NdDSSyc7DZ9CuPzDQcZE9BE9z1gqrI5J32kP4lG98f
fL7w9qoLtk8ga9xt/Xk45iX+4E68csnHX60qW1/fRqO6aJMUPbrn9lGvCFwldOk88F60D19C
QorpI4gtuk7tkCnKUCa/AOAkpZMuliQUWxLzqar2LPfu7n41qI5VHXP1ZUHYU5yboUgWeKnq
WWLYXNoKvVI0teihvP/8tlz/5OHfUbiFzlYV8wVhs3faBJ0qRmTKiHmgRssDUM+LbJgXzxAp
vTYaoamncuAz6ofaQDFGlg6q5L+4RUTAg7csabTNBLewJk0F5gbzlMf5iMqNpPNDGZRlZGnY
heeiWwZ5bk480/0B9owTBrn3tL6iwApeR62HQJ6SLEcdCDCVJkcMT2Hh5AegqaRBEaE3ko/i
cA==
=o6gq
-----END PGP PUBLIC KEY BLOCK-----

View File

@ -161,8 +161,8 @@
%{nil}
Name: libvirt
URL: http://libvirt.org/
Version: 9.1.0
URL: https://libvirt.org/
Version: 9.2.0
Release: 0
Summary: Library providing a virtualization API
License: LGPL-2.1-or-later
@ -293,42 +293,13 @@ BuildRequires: libssh-devel >= 0.8.1
BuildRequires: firewall-macros
%endif
Source0: https://libvirt.org/sources/%{name}-%{version}.tar.xz
Source1: https://libvirt.org/sources/%{name}-%{version}.tar.xz.asc
Source2: %{name}.keyring
Source3: libvirtd-relocation-server.fw
Source4: libvirt-supportconfig
Source5: suse-qemu-domain-hook.py
Source6: libvirtd-relocation-server.xml
Source0: %{name}-%{version}.tar.xz
Source1: libvirt-supportconfig
Source2: suse-qemu-domain-hook.py
Source3: libvirtd-relocation-server.xml
Source98: README.packaging.txt
Source99: baselibs.conf
Source100: %{name}-rpmlintrc
# Upstream patches
Patch0: 4959490e-support-SUSE-edk2-firmware-paths.patch
Patch1: bf3be5b7-libxl-Support-custom-firmware-path.patch
Patch2: 705525cb-libxl-Support-custom-firmware-path-conversion.patch
# Patches pending upstream review
Patch100: libxl-dom-reset.patch
Patch101: network-don-t-use-dhcp-authoritative-on-static-netwo.patch
Patch102: 0001-util-Don-t-spawn-pkttyagent-when-stdin-is-not-a-tty.patch
# Need to go upstream
Patch150: libvirt-power8-models.patch
Patch151: ppc64le-canonical-name.patch
Patch152: libxl-set-migration-constraints.patch
Patch153: libxl-set-cach-mode.patch
Patch154: 0001-libxl-add-support-for-BlockResize-API.patch
# Our patches
Patch200: suse-libvirtd-disable-tls.patch
Patch201: suse-libvirt-guests-service.patch
Patch202: suse-qemu-conf.patch
Patch203: suse-qemu-ovmf-paths.patch
Patch204: libxl-support-block-script.patch
Patch205: qemu-apparmor-screenshot.patch
Patch206: libvirt-suse-netcontrol.patch
Patch207: lxc-wait-after-eth-del.patch
Patch208: suse-libxl-disable-autoballoon.patch
Patch209: suse-xen-ovmf-paths.patch
Patch210: virt-create-rootfs.patch
Patch211: suse-fix-lxc-container-init.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@ -864,7 +835,7 @@ Requires: %{name}-daemon-driver-network = %{version}-%{release}
libvirt plugin for NSS for translating domain names into IP addresses.
%prep
%autosetup -p1
%autosetup
%build
%if %{with_qemu}
@ -1090,6 +1061,7 @@ libvirt plugin for NSS for translating domain names into IP addresses.
-Dtests=enabled \
-Drpath=disabled \
-Dlogin_shell=disabled \
-Dno_git=true \
%{nil}
%meson_build
@ -1175,14 +1147,14 @@ ln -s %{_sbindir}/service %{buildroot}/%{_sbindir}/rcvirtvboxd
# install firewall services for migration ports
mkdir -p %{buildroot}/%{_fwdefdir}
install -m 644 %{S:6} %{buildroot}/%{_fwdefdir}/libvirtd-relocation-server.xml
install -m 644 %{S:3} %{buildroot}/%{_fwdefdir}/libvirtd-relocation-server.xml
# install supportconfig plugin
mkdir -p %{buildroot}/usr/lib/supportconfig/plugins
install -m 755 %{S:4} %{buildroot}/usr/lib/supportconfig/plugins/libvirt
install -m 755 %{S:1} %{buildroot}/usr/lib/supportconfig/plugins/libvirt
# install qemu hook script
install -m 755 %{S:5} %{buildroot}/%{_sysconfdir}/%{name}/hooks/qemu
install -m 755 %{S:2} %{buildroot}/%{_sysconfdir}/%{name}/hooks/qemu
%ifarch %{power64} s390x x86_64
mv %{buildroot}/%{_datadir}/systemtap/tapset/libvirt_probes.stp \
@ -1248,10 +1220,10 @@ VIR_TEST_DEBUG=1 %meson_test -t 5 --no-suite syntax-check
%libvirt_sysconfig_posttrans libvirtd
# All connection drivers should be installed post transaction.
# Time to restart the daemon
test -f %{_sysconfdir}/sysconfig/services -a \
-z "$DISABLE_RESTART_ON_UPDATE" && . %{_sysconfdir}/sysconfig/services
if test "$DISABLE_RESTART_ON_UPDATE" != yes -a \
"$DISABLE_RESTART_ON_UPDATE" != 1; then
test -f %{_sysconfdir}/sysconfig/services && \
test -z "$DISABLE_RESTART_ON_UPDATE" && . %{_sysconfdir}/sysconfig/services
if test "$DISABLE_RESTART_ON_UPDATE" != yes && \
test "$DISABLE_RESTART_ON_UPDATE" != 1; then
# See if user has previously modified their install to
# tell libvirtd to use --listen
if grep -q -s -E '^LIBVIRTD_ARGS=.*--listen' %{_sysconfdir}/sysconfig/libvirtd; then
@ -2030,7 +2002,7 @@ fi
%{_datadir}/%{name}/api/libvirt-lxc-api.xml
%files doc
%doc AUTHORS.rst NEWS.rst README.rst
%doc NEWS.rst README.rst
%license COPYING COPYING.LESSER
%dir %{_datadir}/doc/%{name}/
%doc %{_datadir}/doc/%{name}/*

View File

@ -1,3 +0,0 @@
## Name: Libvirtd Relocation Server
## Description: Enables libvirtd plain relocation service
TCP="49152:49215"

View File

@ -1,90 +0,0 @@
From 02cd96b46167b2b9c27a388ec25d4ffdae6508ba Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig@suse.com>
Date: Tue, 5 Jul 2022 11:07:05 -0600
Subject: libxl: support domainReset
Currently, libxl_send_trigger() does not implement the LIBXL_TRIGGER_RESET
option, but domainReset can be implemented in the libxl driver by
forcibly destroying the domain and starting it again.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
---
src/libxl/libxl_driver.c | 58 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 58 insertions(+)
Index: libvirt-9.1.0/src/libxl/libxl_driver.c
===================================================================
--- libvirt-9.1.0.orig/src/libxl/libxl_driver.c
+++ libvirt-9.1.0/src/libxl/libxl_driver.c
@@ -1355,6 +1355,63 @@ libxlDomainReboot(virDomainPtr dom, unsi
}
static int
+libxlDomainReset(virDomainPtr dom, unsigned int flags)
+{
+ libxlDriverPrivate *driver = dom->conn->privateData;
+ libxlDriverConfig *cfg = libxlDriverConfigGet(driver);
+ virDomainObj *vm;
+ int ret = -1;
+
+ virCheckFlags(0, -1);
+
+ if (!(vm = libxlDomObjFromDomain(dom)))
+ goto cleanup;
+
+ LIBXL_CHECK_DOM0_GOTO(vm->def->name, cleanup);
+
+ if (virDomainResetEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
+ if (virDomainObjBeginJob(vm, VIR_JOB_MODIFY) < 0)
+ goto cleanup;
+
+ if (!virDomainObjIsActive(vm)) {
+ virReportError(VIR_ERR_OPERATION_INVALID,
+ "%s", _("Domain is not running"));
+ goto endjob;
+ }
+
+ /*
+ * The semantics of reset can be achieved by forcibly destroying
+ * the domain and starting it again.
+ */
+ if (libxl_domain_destroy(cfg->ctx, vm->def->id, NULL) < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Failed to reset domain '%d'"), vm->def->id);
+ goto endjob;
+ }
+
+ libxlDomainCleanup(driver, vm);
+
+ if (libxlDomainStartNew(driver, vm, false) < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Failed to start domain '%d' after reset"),
+ vm->def->id);
+ goto endjob;
+ }
+
+ ret = 0;
+
+ endjob:
+ virDomainObjEndJob(vm);
+
+ cleanup:
+ virDomainObjEndAPI(&vm);
+ virObjectUnref(cfg);
+ return ret;
+}
+
+static int
libxlDomainDestroyFlags(virDomainPtr dom,
unsigned int flags)
{
@@ -6601,6 +6658,7 @@ static virHypervisorDriver libxlHypervis
.domainShutdown = libxlDomainShutdown, /* 0.9.0 */
.domainShutdownFlags = libxlDomainShutdownFlags, /* 0.9.10 */
.domainReboot = libxlDomainReboot, /* 0.9.0 */
+ .domainReset = libxlDomainReset, /* 1.2.16 */
.domainDestroy = libxlDomainDestroy, /* 0.9.0 */
.domainDestroyFlags = libxlDomainDestroyFlags, /* 0.9.4 */
#ifdef LIBXL_HAVE_DOMAIN_SUSPEND_ONLY

View File

@ -1,53 +0,0 @@
From 9b37c98cf768eb02afb384522a72ec36850876bf Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig@suse.com>
Date: Tue, 5 Jul 2022 11:27:47 -0600
Subject: libxl: Allow setting disk cache mode
https://bugzilla.novell.com/show_bug.cgi?id=879425
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
---
src/libxl/libxl_conf.c | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
Index: libvirt-9.1.0/src/libxl/libxl_conf.c
===================================================================
--- libvirt-9.1.0.orig/src/libxl/libxl_conf.c
+++ libvirt-9.1.0/src/libxl/libxl_conf.c
@@ -947,6 +947,28 @@ libxlDiskSetDiscard(libxl_device_disk *x
}
}
+static void
+libxlDiskSetCacheMode(libxl_device_disk *x_disk, int cachemode)
+{
+ switch (cachemode) {
+#if defined(LIBXL_HAVE_LIBXL_DEVICE_DISK_DISABLE_FLUSH_MAGIC)
+ case VIR_DOMAIN_DISK_CACHE_UNSAFE:
+ if (x_disk->readwrite)
+ x_disk->readwrite = (x_disk->readwrite & LIBXL_HAVE_LIBXL_DEVICE_DISK_DISABLE_FLUSH_MASK) | LIBXL_HAVE_LIBXL_DEVICE_DISK_DISABLE_FLUSH_MAGIC;
+ break;
+#endif
+ case VIR_DOMAIN_DISK_CACHE_DIRECTSYNC:
+ x_disk->direct_io_safe = true;
+ break;
+ case VIR_DOMAIN_DISK_CACHE_DEFAULT:
+ case VIR_DOMAIN_DISK_CACHE_DISABLE:
+ case VIR_DOMAIN_DISK_CACHE_WRITETHRU:
+ case VIR_DOMAIN_DISK_CACHE_WRITEBACK:
+ default:
+ break;
+ }
+}
+
static char *
libxlMakeNetworkDiskSrcStr(virStorageSource *src,
const char *username,
@@ -1181,6 +1203,7 @@ libxlMakeDisk(virDomainDiskDef *l_disk,
x_disk->readwrite = !l_disk->src->readonly;
x_disk->is_cdrom = l_disk->device == VIR_DOMAIN_DISK_DEVICE_CDROM ? 1 : 0;
libxlDiskSetDiscard(x_disk, l_disk->discard);
+ libxlDiskSetCacheMode(x_disk, l_disk->cachemode);
/* An empty CDROM must have the empty format, otherwise libxl fails. */
if (x_disk->is_cdrom && !x_disk->pdev_path)
x_disk->format = LIBXL_DISK_FORMAT_EMPTY;

View File

@ -1,386 +0,0 @@
From 3221868c5ca0be83d4e5f9a9f489e73d5b509a6e Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig@suse.com>
Date: Tue, 5 Jul 2022 11:26:24 -0600
Subject: libvirt: set migration constraints from cmdline
References: fate#316614
Signed-off-by: Olaf Hering <olaf@aepfle.de>
---
docs/manpages/virsh.rst | 7 +++++
include/libvirt/libvirt-domain.h | 25 +++++++++++++++
src/libxl/libxl_driver.c | 16 ++++++++--
src/libxl/libxl_migration.c | 54 ++++++++++++++++++++++----------
src/libxl/libxl_migration.h | 14 +++++++--
tools/virsh-domain.c | 29 +++++++++++++++++
6 files changed, 124 insertions(+), 21 deletions(-)
Index: libvirt-9.1.0/docs/manpages/virsh.rst
===================================================================
--- libvirt-9.1.0.orig/docs/manpages/virsh.rst
+++ libvirt-9.1.0/docs/manpages/virsh.rst
@@ -3362,6 +3362,7 @@ migrate
[--parallel [--parallel-connections connections]]
[--bandwidth bandwidth] [--tls-destination hostname]
[--disks-uri URI] [--copy-storage-synchronous-writes]
+ [--max_iters num] [--min_remaining num] [--abort_if_busy]
Migrate domain to another host. Add *--live* for live migration; <--p2p>
for peer-2-peer migration; *--direct* for direct migration; or *--tunnelled*
@@ -3488,6 +3489,12 @@ parallel connections. The number of such
network link between the source and the target and thus speeding up the
migration.
+SUSE-specific options for Xen: *--max_iters* allows specifying the maximum
+number of iterations before final suspend. Default is 2. *--min_remaining*
+allows specifying the number of dirty pages before final suspend. Default is 50.
+*--abort_if_busy* can be used to abort the migration instead of doing the final
+suspend for domUs with busy workloads, to avoid a long suspend-time of the domU.
+
Running migration can be canceled by interrupting virsh (usually using
``Ctrl-C``) or by ``domjobabort`` command sent from another virsh instance.
Index: libvirt-9.1.0/include/libvirt/libvirt-domain.h
===================================================================
--- libvirt-9.1.0.orig/include/libvirt/libvirt-domain.h
+++ libvirt-9.1.0/include/libvirt/libvirt-domain.h
@@ -1367,6 +1367,31 @@ typedef enum {
*/
# define VIR_MIGRATE_PARAM_TLS_DESTINATION "tls.destination"
+/**
+ * VIR_MIGRATE_PARAM_SUSE_MAX_ITERS:
+ *
+ * virDomainMigrate* params field: xc_domain_save max_iters
+ *
+ * Since: 1.2.5
+ */
+# define VIR_MIGRATE_PARAM_SUSE_MAX_ITERS "max_iters"
+/**
+ * VIR_MIGRATE_PARAM_SUSE_MIN_REMAINING:
+ *
+ * virDomainMigrate* params field: xc_domain_save min_remaining
+ *
+ * Since: 1.2.5
+ */
+# define VIR_MIGRATE_PARAM_SUSE_MIN_REMAINING "min_remaining"
+/**
+ * VIR_MIGRATE_PARAM_SUSE_ABORT_IF_BUSY:
+ *
+ * virDomainMigrate* params field: xc_domain_save abort_if_busy
+ *
+ * Since: 1.2.5
+ */
+# define VIR_MIGRATE_PARAM_SUSE_ABORT_IF_BUSY "abort_if_busy"
+
/* Domain migration. */
virDomainPtr virDomainMigrate (virDomainPtr domain, virConnectPtr dconn,
unsigned long flags, const char *dname,
Index: libvirt-9.1.0/src/libxl/libxl_driver.c
===================================================================
--- libvirt-9.1.0.orig/src/libxl/libxl_driver.c
+++ libvirt-9.1.0/src/libxl/libxl_driver.c
@@ -6142,6 +6142,9 @@ libxlDomainMigratePerform3Params(virDoma
const char *dname = NULL;
const char *uri = NULL;
int ret = -1;
+ libxlDomainMigrationProps props = {
+ .virFlags = flags,
+ };
#ifdef LIBXL_HAVE_NO_SUSPEND_RESUME
virReportUnsupportedError();
@@ -6158,6 +6161,15 @@ libxlDomainMigratePerform3Params(virDoma
virTypedParamsGetString(params, nparams,
VIR_MIGRATE_PARAM_DEST_NAME,
&dname) < 0 ||
+ virTypedParamsGetUInt(params, nparams,
+ VIR_MIGRATE_PARAM_SUSE_MAX_ITERS,
+ &props.max_iters) < 0 ||
+ virTypedParamsGetUInt(params, nparams,
+ VIR_MIGRATE_PARAM_SUSE_MIN_REMAINING,
+ &props.min_remaining) < 0 ||
+ virTypedParamsGetUInt(params, nparams,
+ VIR_MIGRATE_PARAM_SUSE_ABORT_IF_BUSY,
+ &props.abort_if_busy) < 0 ||
virTypedParamsGetString(params, nparams,
VIR_MIGRATE_PARAM_URI,
&uri) < 0)
@@ -6172,11 +6184,11 @@ libxlDomainMigratePerform3Params(virDoma
if ((flags & (VIR_MIGRATE_TUNNELLED | VIR_MIGRATE_PEER2PEER))) {
if (libxlDomainMigrationSrcPerformP2P(driver, vm, dom->conn, dom_xml,
- dconnuri, uri, dname, flags) < 0)
+ dconnuri, uri, dname, &props) < 0)
goto cleanup;
} else {
if (libxlDomainMigrationSrcPerform(driver, vm, dom_xml, dconnuri,
- uri, dname, flags) < 0)
+ uri, dname, &props) < 0)
goto cleanup;
}
Index: libvirt-9.1.0/src/libxl/libxl_migration.c
===================================================================
--- libvirt-9.1.0.orig/src/libxl/libxl_migration.c
+++ libvirt-9.1.0/src/libxl/libxl_migration.c
@@ -329,18 +329,38 @@ libxlMigrateDstReceive(virNetSocket *soc
static int
libxlDoMigrateSrcSend(libxlDriverPrivate *driver,
virDomainObj *vm,
- unsigned int flags,
+ const libxlDomainMigrationProps *props,
int sockfd)
{
libxlDriverConfig *cfg = libxlDriverConfigGet(driver);
+#ifdef LIBXL_HAVE_DOMAIN_SUSPEND_SUSE
+ libxl_domain_suspend_suse_properties libxl_props = {
+ .flags = 0,
+ };
+#else
int xl_flags = 0;
+#endif
int ret;
- if (flags & VIR_MIGRATE_LIVE)
+#ifdef LIBXL_HAVE_DOMAIN_SUSPEND_SUSE
+ if (props->virFlags & VIR_MIGRATE_LIVE)
+ libxl_props.flags |= LIBXL_SUSPEND_LIVE;
+
+ libxl_props.max_iters = props->max_iters;
+ libxl_props.min_remaining = props->min_remaining;
+ if (props->abort_if_busy)
+ libxl_props.flags |= LIBXL_SUSPEND_ABORT_IF_BUSY;
+
+ ret = libxl_domain_suspend_suse(cfg->ctx, vm->def->id, sockfd,
+ &libxl_props, NULL);
+#else
+ if (props->virFlags & VIR_MIGRATE_LIVE)
xl_flags = LIBXL_SUSPEND_LIVE;
ret = libxl_domain_suspend(cfg->ctx, vm->def->id, sockfd,
xl_flags, NULL);
+#endif
+
if (ret != 0) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("Failed to send migration data to destination host"));
@@ -877,7 +897,7 @@ struct libxlTunnelControl {
static int
libxlMigrationSrcStartTunnel(libxlDriverPrivate *driver,
virDomainObj *vm,
- unsigned int flags,
+ const libxlDomainMigrationProps *props,
virStreamPtr st,
struct libxlTunnelControl **tnl)
{
@@ -910,7 +930,7 @@ libxlMigrationSrcStartTunnel(libxlDriver
virObjectUnlock(vm);
/* Send data to pipe */
- ret = libxlDoMigrateSrcSend(driver, vm, flags, tc->dataFD[1]);
+ ret = libxlDoMigrateSrcSend(driver, vm, props, tc->dataFD[1]);
virObjectLock(vm);
/* libxlMigrationSrcStopTunnel will be called in libxlDoMigrateSrcP2P
@@ -945,7 +965,7 @@ libxlDoMigrateSrcP2P(libxlDriverPrivate
const char *dconnuri G_GNUC_UNUSED,
const char *dname,
const char *uri,
- unsigned int flags)
+ const libxlDomainMigrationProps *props)
{
virDomainPtr ddomain = NULL;
virTypedParameterPtr params = NULL;
@@ -990,11 +1010,11 @@ libxlDoMigrateSrcP2P(libxlDriverPrivate
/* We don't require the destination to have P2P support
* as it looks to be normal migration from the receiver perspective.
*/
- destflags = flags & ~(VIR_MIGRATE_PEER2PEER);
+ destflags = props->virFlags & ~(VIR_MIGRATE_PEER2PEER);
VIR_DEBUG("Prepare3");
virObjectUnlock(vm);
- if (flags & VIR_MIGRATE_TUNNELLED) {
+ if (props->virFlags & VIR_MIGRATE_TUNNELLED) {
if (!(st = virStreamNew(dconn, 0)))
goto confirm;
ret = dconn->driver->domainMigratePrepareTunnel3Params
@@ -1008,7 +1028,7 @@ libxlDoMigrateSrcP2P(libxlDriverPrivate
if (ret == -1)
goto confirm;
- if (!(flags & VIR_MIGRATE_TUNNELLED)) {
+ if (!(props->virFlags & VIR_MIGRATE_TUNNELLED)) {
if (uri_out) {
if (virTypedParamsReplaceString(&params, &nparams,
VIR_MIGRATE_PARAM_URI, uri_out) < 0) {
@@ -1023,11 +1043,11 @@ libxlDoMigrateSrcP2P(libxlDriverPrivate
}
VIR_DEBUG("Perform3 uri=%s", NULLSTR(uri_out));
- if (flags & VIR_MIGRATE_TUNNELLED)
- ret = libxlMigrationSrcStartTunnel(driver, vm, flags, st, &tc);
+ if (props->virFlags & VIR_MIGRATE_TUNNELLED)
+ ret = libxlMigrationSrcStartTunnel(driver, vm, props, st, &tc);
else
ret = libxlDomainMigrationSrcPerform(driver, vm, NULL, NULL,
- uri_out, NULL, flags);
+ uri_out, NULL, props);
if (ret < 0) {
notify_source = false;
virErrorPreserveLast(&orig_err);
@@ -1062,7 +1082,7 @@ libxlDoMigrateSrcP2P(libxlDriverPrivate
confirm:
if (notify_source) {
VIR_DEBUG("Confirm3 cancelled=%d vm=%p", cancelled, vm);
- ret = libxlDomainMigrationSrcConfirm(driver, vm, flags, cancelled);
+ ret = libxlDomainMigrationSrcConfirm(driver, vm, props->virFlags, cancelled);
if (ret < 0)
VIR_WARN("Guest %s probably left in 'paused' state on source",
@@ -1070,7 +1090,7 @@ libxlDoMigrateSrcP2P(libxlDriverPrivate
}
cleanup:
- if (flags & VIR_MIGRATE_TUNNELLED) {
+ if (props->virFlags & VIR_MIGRATE_TUNNELLED) {
libxlMigrationSrcStopTunnel(tc);
virObjectUnref(st);
}
@@ -1114,7 +1134,7 @@ libxlDomainMigrationSrcPerformP2P(libxlD
const char *dconnuri,
const char *uri_str G_GNUC_UNUSED,
const char *dname,
- unsigned int flags)
+ const libxlDomainMigrationProps *props)
{
int ret = -1;
int useParams;
@@ -1148,7 +1168,7 @@ libxlDomainMigrationSrcPerformP2P(libxlD
}
ret = libxlDoMigrateSrcP2P(driver, vm, sconn, xmlin, dconn, dconnuri,
- dname, uri_str, flags);
+ dname, uri_str, props);
if (ret < 0) {
/*
@@ -1175,7 +1195,7 @@ libxlDomainMigrationSrcPerform(libxlDriv
const char *dconnuri G_GNUC_UNUSED,
const char *uri_str,
const char *dname G_GNUC_UNUSED,
- unsigned int flags)
+ const libxlDomainMigrationProps *props)
{
libxlDomainObjPrivate *priv = vm->privateData;
char *hostname = NULL;
@@ -1211,7 +1231,7 @@ libxlDomainMigrationSrcPerform(libxlDriv
/* suspend vm and send saved data to dst through socket fd */
virObjectUnlock(vm);
- ret = libxlDoMigrateSrcSend(driver, vm, flags, sockfd);
+ ret = libxlDoMigrateSrcSend(driver, vm, props, sockfd);
virObjectLock(vm);
if (ret == 0) {
Index: libvirt-9.1.0/src/libxl/libxl_migration.h
===================================================================
--- libvirt-9.1.0.orig/src/libxl/libxl_migration.h
+++ libvirt-9.1.0/src/libxl/libxl_migration.h
@@ -35,6 +35,9 @@
VIR_MIGRATE_PARAM_URI, VIR_TYPED_PARAM_STRING, \
VIR_MIGRATE_PARAM_DEST_NAME, VIR_TYPED_PARAM_STRING, \
VIR_MIGRATE_PARAM_DEST_XML, VIR_TYPED_PARAM_STRING, \
+ VIR_MIGRATE_PARAM_SUSE_MAX_ITERS, VIR_TYPED_PARAM_UINT, \
+ VIR_MIGRATE_PARAM_SUSE_MIN_REMAINING, VIR_TYPED_PARAM_UINT, \
+ VIR_MIGRATE_PARAM_SUSE_ABORT_IF_BUSY, VIR_TYPED_PARAM_UINT, \
NULL
char *
@@ -66,6 +69,13 @@ libxlDomainMigrationDstPrepare(virConnec
int cookieinlen,
unsigned int flags);
+typedef struct {
+ unsigned int virFlags;
+ unsigned int max_iters;
+ unsigned int min_remaining;
+ unsigned int abort_if_busy;
+} libxlDomainMigrationProps;
+
int
libxlDomainMigrationSrcPerformP2P(libxlDriverPrivate *driver,
virDomainObj *vm,
@@ -74,7 +84,7 @@ libxlDomainMigrationSrcPerformP2P(libxlD
const char *dconnuri,
const char *uri_str,
const char *dname,
- unsigned int flags);
+ const libxlDomainMigrationProps *props);
int
libxlDomainMigrationSrcPerform(libxlDriverPrivate *driver,
@@ -83,7 +93,7 @@ libxlDomainMigrationSrcPerform(libxlDriv
const char *dconnuri,
const char *uri_str,
const char *dname,
- unsigned int flags);
+ const libxlDomainMigrationProps *props);
virDomainPtr
libxlDomainMigrationDstFinish(virConnectPtr dconn,
Index: libvirt-9.1.0/tools/virsh-domain.c
===================================================================
--- libvirt-9.1.0.orig/tools/virsh-domain.c
+++ libvirt-9.1.0/tools/virsh-domain.c
@@ -11097,6 +11097,18 @@ static const vshCmdOptDef opts_migrate[]
.completer = virshCompleteEmpty,
.help = N_("override the destination host name used for TLS verification")
},
+ {.name = "max_iters",
+ .type = VSH_OT_INT,
+ .help = N_("SUSE libxl: Number of iterations before final suspend (default: 2).")
+ },
+ {.name = "min_remaining",
+ .type = VSH_OT_INT,
+ .help = N_("SUSE libxl: Number of dirty pages before final suspend (default: 50).")
+ },
+ {.name = "abort_if_busy",
+ .type = VSH_OT_BOOL,
+ .help = N_("SUSE libxl: Abort migration instead of doing final suspend.")
+ },
{.name = NULL}
};
@@ -11117,6 +11129,7 @@ doMigrate(void *opaque)
unsigned long long ullOpt = 0;
int rv;
virConnectPtr dconn = data->dconn;
+ unsigned int uint_opt = 0;
#ifndef WIN32
sigset_t sigmask, oldsigmask;
@@ -11241,6 +11254,22 @@ doMigrate(void *opaque)
goto save_error;
}
+ if (vshCommandOptUInt(ctl, cmd, "max_iters", &uint_opt) > 0 && uint_opt) {
+ if (virTypedParamsAddUInt(&params, &nparams, &maxparams,
+ VIR_MIGRATE_PARAM_SUSE_MAX_ITERS, uint_opt) < 0)
+ goto save_error;
+ }
+ if (vshCommandOptUInt(ctl, cmd, "min_remaining", &uint_opt) > 0 && uint_opt) {
+ if (virTypedParamsAddUInt(&params, &nparams, &maxparams,
+ VIR_MIGRATE_PARAM_SUSE_MIN_REMAINING, uint_opt) < 0)
+ goto save_error;
+ }
+ if (vshCommandOptBool(cmd, "abort_if_busy")) {
+ if (virTypedParamsAddUInt(&params, &nparams, &maxparams,
+ VIR_MIGRATE_PARAM_SUSE_ABORT_IF_BUSY, 1) < 0)
+ goto save_error;
+ }
+
if (vshCommandOptStringReq(ctl, cmd, "xml", &opt) < 0)
goto out;
if (opt) {

View File

@ -1,66 +0,0 @@
From 1f6dc6fbf1a0741edb6635a1798d1ac14802f8eb Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig@suse.com>
Date: Tue, 5 Jul 2022 11:54:34 -0600
Subject: libxl: set script field of libxl_device_disk
Add a hack to the libvirt libxl driver to set
libxl_device_disk->script when the disk configuration starts
with some well-known Xen external block scripts: dmmd, drbd,
and npiv.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
---
src/libxl/libxl_conf.c | 19 ++++++++++++++++++-
1 file changed, 18 insertions(+), 1 deletion(-)
Index: libvirt-9.1.0/src/libxl/libxl_conf.c
===================================================================
--- libvirt-9.1.0.orig/src/libxl/libxl_conf.c
+++ libvirt-9.1.0/src/libxl/libxl_conf.c
@@ -948,6 +948,20 @@ libxlDiskSetDiscard(libxl_device_disk *x
}
static void
+libxlDiskSetScript(libxl_device_disk *x_disk, const char *disk_spec)
+{
+ if (disk_spec == NULL)
+ return;
+
+ if (STRPREFIX(disk_spec, "dmmd:"))
+ x_disk->script = g_strdup("block-dmmd");
+ else if (STRPREFIX(disk_spec, "drbd:"))
+ x_disk->script = g_strdup("block-drbd");
+ else if (STRPREFIX(disk_spec, "npiv:"))
+ x_disk->script = g_strdup("block-npiv");
+}
+
+static void
libxlDiskSetCacheMode(libxl_device_disk *x_disk, int cachemode)
{
switch (cachemode) {
@@ -1085,6 +1099,7 @@ libxlMakeNetworkDiskSrc(virStorageSource
int
libxlMakeDisk(virDomainDiskDef *l_disk, libxl_device_disk *x_disk)
{
+ const char *src = virDomainDiskGetSource(l_disk);
const char *driver = virDomainDiskGetDriver(l_disk);
int format = virDomainDiskGetFormat(l_disk);
virStorageType actual_type = virStorageSourceGetActualType(l_disk->src);
@@ -1098,7 +1113,7 @@ libxlMakeDisk(virDomainDiskDef *l_disk,
if (libxlMakeNetworkDiskSrc(l_disk->src, &x_disk->pdev_path) < 0)
return -1;
} else {
- x_disk->pdev_path = g_strdup(virDomainDiskGetSource(l_disk));
+ x_disk->pdev_path = g_strdup(src);
}
x_disk->vdev = g_strdup(l_disk->dst);
@@ -1204,6 +1219,8 @@ libxlMakeDisk(virDomainDiskDef *l_disk,
x_disk->is_cdrom = l_disk->device == VIR_DOMAIN_DISK_DEVICE_CDROM ? 1 : 0;
libxlDiskSetDiscard(x_disk, l_disk->discard);
libxlDiskSetCacheMode(x_disk, l_disk->cachemode);
+ libxlDiskSetScript(x_disk, src);
+
/* An empty CDROM must have the empty format, otherwise libxl fails. */
if (x_disk->is_cdrom && !x_disk->pdev_path)
x_disk->format = LIBXL_DISK_FORMAT_EMPTY;

View File

@ -1,61 +0,0 @@
From 7d83ea171dc86bdec171e14ffdbde8ae7e06fc7a Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig@suse.com>
Date: Tue, 5 Jul 2022 13:50:31 -0600
Subject: Wait for udev events to be handled after removing veth
As per http://www.redhat.com/archives/libvir-list/2013-July/msg01279.html,
wait for udev events to be handled after removing a virtual NIC.
Any udev rule associated to NIC destroy could happen to run with a new
device with the same name that is being created.
From: <cbosdonnat@suse.com>
---
src/lxc/lxc_controller.c | 1 +
src/lxc/lxc_driver.c | 2 ++
src/lxc/lxc_process.c | 1 +
3 files changed, 4 insertions(+)
Index: libvirt-9.1.0/src/lxc/lxc_controller.c
===================================================================
--- libvirt-9.1.0.orig/src/lxc/lxc_controller.c
+++ libvirt-9.1.0/src/lxc/lxc_controller.c
@@ -1997,6 +1997,7 @@ static int virLXCControllerDeleteInterfa
if (virNetDevVethDelete(ctrl->veths[i]) < 0)
ret = -1;
}
+ virWaitForDevices();
return ret;
}
Index: libvirt-9.1.0/src/lxc/lxc_driver.c
===================================================================
--- libvirt-9.1.0.orig/src/lxc/lxc_driver.c
+++ libvirt-9.1.0/src/lxc/lxc_driver.c
@@ -3593,6 +3593,7 @@ lxcDomainAttachDeviceNetLive(virLXCDrive
case VIR_DOMAIN_NET_TYPE_NETWORK:
case VIR_DOMAIN_NET_TYPE_ETHERNET:
ignore_value(virNetDevVethDelete(veth));
+ virWaitForDevices();
break;
case VIR_DOMAIN_NET_TYPE_DIRECT:
@@ -4058,6 +4059,7 @@ lxcDomainDetachDeviceNetLive(virDomainOb
virDomainAuditNet(vm, detach, NULL, "detach", false);
goto cleanup;
}
+ virWaitForDevices();
break;
/* It'd be nice to support this, but with macvlan
Index: libvirt-9.1.0/src/lxc/lxc_process.c
===================================================================
--- libvirt-9.1.0.orig/src/lxc/lxc_process.c
+++ libvirt-9.1.0/src/lxc/lxc_process.c
@@ -226,6 +226,7 @@ static void virLXCProcessCleanup(virLXCD
VIR_WARN("Unable to release network device '%s'", NULLSTR(iface->ifname));
}
}
+ virWaitForDevices();
virDomainConfVMNWFilterTeardown(vm);

View File

@ -1,51 +0,0 @@
From ec5427d1007477b746dde3ba24b7951a6e14a3d7 Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig@suse.com>
Date: Tue, 5 Jul 2022 11:19:41 -0600
Subject: network: don't use dhcp-authoritative on static networks
"Static" DHCP networks are those where no dynamic DHCP range is
defined, only a list of host entries is used to serve permanent
IP addresses. On such networks, we don't want dnsmasq to reply
to other requests than those statically defined. But
"dhcp-authoritative" will cause dnsmasq to do just that.
Therefore we can't use "dhcp-authoritative" for static networks.
Fixes: 4ac20b3ae "network: add dnsmasq option 'dhcp-authoritative'"
Signed-off-by: Martin Wilck <mwilck@suse.com>
---
src/network/bridge_driver.c | 9 ++++++++-
tests/networkxml2confdata/dhcp6host-routed-network.conf | 1 -
2 files changed, 8 insertions(+), 2 deletions(-)
Index: libvirt-9.1.0/src/network/bridge_driver.c
===================================================================
--- libvirt-9.1.0.orig/src/network/bridge_driver.c
+++ libvirt-9.1.0/src/network/bridge_driver.c
@@ -1044,7 +1044,14 @@ networkDnsmasqConfDHCP(virBuffer *buf,
if (VIR_SOCKET_ADDR_IS_FAMILY(&ipdef->address, AF_INET)) {
if (ipdef->nranges || ipdef->nhosts) {
virBufferAddLit(buf, "dhcp-no-override\n");
- virBufferAddLit(buf, "dhcp-authoritative\n");
+ /*
+ * Use "dhcp-authoritative" only for dynamic DHCP.
+ * In a static-only network, it would cause dnsmasq
+ * to reply to requests from other hosts than those
+ * statically defined.
+ */
+ if (ipdef->nranges || !ipdef->nhosts)
+ virBufferAddLit(buf, "dhcp-authoritative\n");
}
if (ipdef->bootfile) {
Index: libvirt-9.1.0/tests/networkxml2confdata/dhcp6host-routed-network.conf
===================================================================
--- libvirt-9.1.0.orig/tests/networkxml2confdata/dhcp6host-routed-network.conf
+++ libvirt-9.1.0/tests/networkxml2confdata/dhcp6host-routed-network.conf
@@ -10,7 +10,6 @@ bind-dynamic
interface=virbr1
dhcp-range=192.168.122.1,static
dhcp-no-override
-dhcp-authoritative
dhcp-range=2001:db8:ac10:fd01::1,static,64
dhcp-hostsfile=/var/lib/libvirt/dnsmasq/local.hostsfile
addn-hosts=/var/lib/libvirt/dnsmasq/local.addnhosts

View File

@ -1,25 +0,0 @@
From 71a726ca84535a6bfb2ad4795c6d499085df9594 Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig@suse.com>
Date: Tue, 5 Jul 2022 11:24:54 -0600
Subject: Canonicalize hostarch name ppc64le to ppc64
See bnc#894956
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
---
src/util/virarch.c | 2 ++
1 file changed, 2 insertions(+)
Index: libvirt-9.1.0/src/util/virarch.c
===================================================================
--- libvirt-9.1.0.orig/src/util/virarch.c
+++ libvirt-9.1.0/src/util/virarch.c
@@ -222,6 +222,8 @@ virArch virArchFromHost(void)
arch = VIR_ARCH_X86_64;
} else if (STREQ(ut.machine, "arm64")) {
arch = VIR_ARCH_AARCH64;
+ } else if (STREQ(ut.machine, "ppc64le")) {
+ arch = VIR_ARCH_PPC64;
} else {
/* Otherwise assume the canonical name */
if ((arch = virArchFromString(ut.machine)) == VIR_ARCH_NONE) {

View File

@ -1,21 +0,0 @@
From 99d654438cb259bee70d23363b2d5aefee830c7e Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig@suse.com>
Date: Tue, 5 Jul 2022 11:56:28 -0600
Subject: apparmor: Add rule allowing qemu to write screenshots
Not sure who added this patch. See bug#904426 for possible suspects.
---
src/security/apparmor/libvirt-qemu | 3 +++
1 file changed, 3 insertions(+)
Index: libvirt-9.1.0/src/security/apparmor/libvirt-qemu
===================================================================
--- libvirt-9.1.0.orig/src/security/apparmor/libvirt-qemu
+++ libvirt-9.1.0/src/security/apparmor/libvirt-qemu
@@ -254,3 +254,6 @@
# required for QEMU accessing UEFI nvram variables
owner /var/lib/libvirt/qemu/nvram/*_VARS.fd rwk,
owner /var/lib/libvirt/qemu/nvram/*_VARS.ms.fd rwk,
+
+ # Temporary screendump rule -- See bsc#904426
+ /var/cache/libvirt/qemu/qemu.screendump.* rw,

View File

@ -1,82 +0,0 @@
From 5152717ba78312ec5415ba19ed83bb313b7670f8 Mon Sep 17 00:00:00 2001
From: Eric van Blokland <mail@ericvanblokland.nl>
Date: Wed, 7 Dec 2022 21:45:11 +0100
Subject: [PATCH] Fix lxc container initialization with systemd and hybrid
cgroups
In an environment with hybrid cgroups and systemd the v2 backend is not available.
This causes a few checks to fail during container initialization.
To work around this we retrieve the lxc control process child process pid (the
process that is registered with machined) and perform the checks using that pid.
Signed-off-by: Eric van Blokland <mail@ericvanblokland.nl>
---
src/lxc/lxc_process.c | 33 +++++++++++++++++++++++++++++++--
1 file changed, 31 insertions(+), 2 deletions(-)
Index: libvirt-9.1.0/src/lxc/lxc_process.c
===================================================================
--- libvirt-9.1.0.orig/src/lxc/lxc_process.c
+++ libvirt-9.1.0/src/lxc/lxc_process.c
@@ -49,6 +49,9 @@
#include "virprocess.h"
#include "netdev_bandwidth_conf.h"
#include "virutil.h"
+#include "virstring.h"
+#include "vircgroupbackend.h"
+#include "virsystemd.h"
#define VIR_FROM_THIS VIR_FROM_LXC
@@ -1200,6 +1203,11 @@ int virLXCProcessStart(virLXCDriver * dr
int status;
g_autofree char *pidfile = NULL;
unsigned int stopFlags = 0;
+ virCgroupBackend **cgroupBackends = virCgroupBackendGetAll();
+ g_autofree char *pidFile = NULL;
+ g_autofree char *pidStr = NULL;
+ g_auto(GStrv) pidList = NULL;
+ pid_t checkPid = 0;
if (virCgroupNewSelf(&selfcgroup) < 0)
return -1;
@@ -1463,7 +1471,28 @@ int virLXCProcessStart(virLXCDriver * dr
goto cleanup;
}
- priv->machineName = virLXCDomainGetMachineName(vm->def, vm->pid);
+ /* In an environment with hybrid cgroups and systemd the v2 backend is not available.
+ * Systemd however depends on V2 for unit naming. This causes the next two checks to fail.
+ * To work around this issue we retrieve the actual container pid and check on that instead. */
+ if (virSystemdHasMachined() == 0 && cgroupBackends[VIR_CGROUP_BACKEND_TYPE_V2]->available() == false) {
+ pidFile = g_strdup_printf("/proc/%lld/task/%lld/children", (long long int)vm->pid, (long long int)vm->pid);
+ if (virFileReadAll(pidFile, 1024 * 1024, &pidStr) < 0)
+ goto cleanup;
+
+ virTrimSpaces(pidStr, NULL);
+
+ pidList = g_strsplit(pidStr, " ", 2);
+ if (!pidList)
+ goto cleanup;
+
+ if (virStrToLong_i(pidList[0], NULL, 10, &checkPid) < 0)
+ goto cleanup;
+
+ } else {
+ checkPid = vm->pid;
+ }
+
+ priv->machineName = virLXCDomainGetMachineName(vm->def, checkPid);
if (!priv->machineName)
goto cleanup;
@@ -1472,7 +1501,7 @@ int virLXCProcessStart(virLXCDriver * dr
* more reliable way to kill everything off if something
* goes wrong from here onwards ... */
if (virCgroupNewDetectMachine(vm->def->name, "lxc",
- vm->pid, -1, priv->machineName,
+ checkPid, -1, priv->machineName,
&priv->cgroup) < 0)
goto cleanup;

View File

@ -1,38 +0,0 @@
From b447f2a3042a206bebb897874af20fdd7d897347 Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig@suse.com>
Date: Tue, 5 Jul 2022 11:41:58 -0600
Subject: Adjust libvirt-guests service to conform to SUSE standards
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
---
tools/libvirt-guests.sh.in | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
Index: libvirt-9.1.0/tools/libvirt-guests.sh.in
===================================================================
--- libvirt-9.1.0.orig/tools/libvirt-guests.sh.in
+++ libvirt-9.1.0/tools/libvirt-guests.sh.in
@@ -20,10 +20,6 @@ sysconfdir="@sysconfdir@"
localstatedir="@localstatedir@"
libvirtd="@sbindir@"/libvirtd
-# Source function library.
-test ! -r "$sysconfdir"/rc.d/init.d/functions ||
- . "$sysconfdir"/rc.d/init.d/functions
-
# Source gettext library.
# Make sure this file is recognized as having translations: _("dummy")
. "@bindir@"/gettext.sh
@@ -43,7 +39,11 @@ test -f "$sysconfdir"/sysconfig/libvirt-
. "$sysconfdir"/sysconfig/libvirt-guests
LISTFILE="$localstatedir"/lib/libvirt/libvirt-guests
-VAR_SUBSYS_LIBVIRT_GUESTS="$localstatedir"/lock/subsys/libvirt-guests
+if [ -d "$localstatedir"/lock/subsys ]; then
+ VAR_SUBSYS_LIBVIRT_GUESTS="$localstatedir"/lock/subsys/libvirt-guests
+else
+ VAR_SUBSYS_LIBVIRT_GUESTS="$localstatedir"/lock/libvirt-guests
+fi
RETVAL=0

View File

@ -1,57 +0,0 @@
From 8c89cd65098dde736ff86e90283a8728dfed96d8 Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig@suse.com>
Date: Tue, 5 Jul 2022 11:40:27 -0600
Subject: Disable TLS by default
On SUSE distros, the default is for libvirtd to listen only on the
Unix Domain Socket. The libvirt client still provides remote access
via a SSH tunnel.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
---
src/remote/libvirtd.conf.in | 4 ++--
src/remote/remote_daemon_config.c | 2 +-
src/remote/test_libvirtd.aug.in | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
Index: libvirt-9.1.0/src/remote/libvirtd.conf.in
===================================================================
--- libvirt-9.1.0.orig/src/remote/libvirtd.conf.in
+++ libvirt-9.1.0/src/remote/libvirtd.conf.in
@@ -19,8 +19,8 @@
# It is necessary to setup a CA and issue server certificates before
# using this capability.
#
-# This is enabled by default, uncomment this to disable it
-#listen_tls = 0
+# This is disabled by default, uncomment this to enable it
+#listen_tls = 1
# Listen for unencrypted TCP connections on the public TCP/IP port.
#
Index: libvirt-9.1.0/src/remote/remote_daemon_config.c
===================================================================
--- libvirt-9.1.0.orig/src/remote/remote_daemon_config.c
+++ libvirt-9.1.0/src/remote/remote_daemon_config.c
@@ -95,7 +95,7 @@ daemonConfigNew(bool privileged G_GNUC_U
#ifdef WITH_IP
# ifdef LIBVIRTD
- data->listen_tls = true; /* Only honoured if --listen is set */
+ data->listen_tls = false; /* Only honoured if --listen is set */
# else /* ! LIBVIRTD */
data->listen_tls = false; /* Always honoured, --listen doesn't exist. */
# endif /* ! LIBVIRTD */
Index: libvirt-9.1.0/src/remote/test_libvirtd.aug.in
===================================================================
--- libvirt-9.1.0.orig/src/remote/test_libvirtd.aug.in
+++ libvirt-9.1.0/src/remote/test_libvirtd.aug.in
@@ -3,7 +3,7 @@ module Test_@DAEMON_NAME@ =
test @DAEMON_NAME_UC@.lns get conf =
@CUT_ENABLE_IP@
- { "listen_tls" = "0" }
+ { "listen_tls" = "1" }
{ "listen_tcp" = "1" }
{ "tls_port" = "16514" }
{ "tcp_port" = "16509" }

View File

@ -1,91 +0,0 @@
From a844460158d37bc6f984384f8edb9d369208e390 Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig@suse.com>
Date: Tue, 5 Jul 2022 13:51:37 -0600
Subject: libxl: disable autoballooning
Xen 4.12 introduced a CONFIG_DOM0_MEM option, which our xen package uses
to configure dom0 with a sensible initial memory value and disables
autoballooning. This patch changes libvirt to also disable autoballooning
by default. It can only be enabled with the 'autoballoon' setting in
libxl.conf. See jsc#SLE-3059 for more details.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
---
src/libxl/libxl.conf | 9 ++++-----
src/libxl/libxl_conf.c | 16 +++-------------
src/libxl/test_libvirtd_libxl.aug.in | 2 +-
3 files changed, 8 insertions(+), 19 deletions(-)
Index: libvirt-9.1.0/src/libxl/libxl.conf
===================================================================
--- libvirt-9.1.0.orig/src/libxl/libxl.conf
+++ libvirt-9.1.0/src/libxl/libxl.conf
@@ -4,12 +4,11 @@
# Enable autoballooning of domain0
#
-# By default, autoballooning of domain0 is enabled unless its memory
-# is already limited with Xen's "dom0_mem=" parameter, in which case
-# autoballooning is disabled. Override the default behavior with the
-# autoballoon setting.
+# By default, autoballooning of domain0 is disabled. Traditionally it
+# could also be disabled by using Xen's "dom0_mem=" parameter. Set to
+# 1 to enable autoballooning.
#
-#autoballoon = 1
+#autoballoon = 0
# In order to prevent accidentally starting two domains that
Index: libvirt-9.1.0/src/libxl/libxl_conf.c
===================================================================
--- libvirt-9.1.0.orig/src/libxl/libxl_conf.c
+++ libvirt-9.1.0/src/libxl/libxl_conf.c
@@ -1738,15 +1738,12 @@ libxlMakeBuildInfoVfb(virPortAllocatorRa
/*
* Get domain0 autoballoon configuration. Honor user-specified
* setting in libxl.conf first. If not specified, autoballooning
- * is disabled when domain0's memory is set with 'dom0_mem'.
- * Otherwise autoballooning is enabled.
+ * is disabled.
*/
static int
libxlGetAutoballoonConf(libxlDriverConfig *cfg,
virConf *conf)
{
- g_autoptr(GRegex) regex = NULL;
- g_autoptr(GError) err = NULL;
int res;
res = virConfGetValueBool(conf, "autoballoon", &cfg->autoballoon);
@@ -1755,15 +1752,8 @@ libxlGetAutoballoonConf(libxlDriverConfi
else if (res == 1)
return 0;
- regex = g_regex_new("(^| )dom0_mem=((|min:|max:)[0-9]+[bBkKmMgG]?,?)+($| )",
- 0, 0, &err);
- if (!regex) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("Failed to compile regex %s"), err->message);
- return -1;
- }
-
- cfg->autoballoon = !g_regex_match(regex, cfg->verInfo->commandline, 0, NULL);
+ /* make it explicit */
+ cfg->autoballoon = 0;
return 0;
}
Index: libvirt-9.1.0/src/libxl/test_libvirtd_libxl.aug.in
===================================================================
--- libvirt-9.1.0.orig/src/libxl/test_libvirtd_libxl.aug.in
+++ libvirt-9.1.0/src/libxl/test_libvirtd_libxl.aug.in
@@ -2,7 +2,7 @@ module Test_libvirtd_libxl =
@CONFIG@
test Libvirtd_libxl.lns get conf =
-{ "autoballoon" = "1" }
+{ "autoballoon" = "0" }
{ "lock_manager" = "lockd" }
{ "keepalive_interval" = "5" }
{ "keepalive_count" = "5" }

View File

@ -1,97 +0,0 @@
From 700dcddea3d9940e45b6888ee60ebf8879f39ce1 Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig@suse.com>
Date: Tue, 5 Jul 2022 11:43:19 -0600
Subject: SUSE adjustments to qemu.conf
This patch contains SUSE-specific adjustments to the upstream
qemu.conf configuration file. In the future, it might make
sense to separate these changes into individual patches (e.g.
suse-qemu-conf-secdriver.patch, suse-qemu-conf-lockmgr.patch,
etc.), but for now they are all lumped together in this
single patch.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
---
src/qemu/qemu.conf.in | 32 ++++++++++++++++++++++++------
src/qemu/qemu_conf.c | 2 +-
src/qemu/test_libvirtd_qemu.aug.in | 1 +
3 files changed, 28 insertions(+), 7 deletions(-)
Index: libvirt-9.1.0/src/qemu/qemu.conf.in
===================================================================
--- libvirt-9.1.0.orig/src/qemu/qemu.conf.in
+++ libvirt-9.1.0/src/qemu/qemu.conf.in
@@ -491,10 +491,19 @@
# isolation, but it cannot appear in a list of drivers.
#
#security_driver = "selinux"
+#security_driver = "apparmor"
# If set to non-zero, then the default security labeling
# will make guests confined. If set to zero, then guests
-# will be unconfined by default. Defaults to 1.
+# will be unconfined by default. Defaults to 0.
+#
+# SUSE Note:
+# Currently, Apparmor is the default security framework in SUSE
+# distros. If Apparmor is enabled on the host, libvirtd is
+# generously confined but users must opt-in to confine qemu
+# instances. Change this to a non-zero value to enable default
+# Apparmor confinement of qemu instances.
+#
#security_default_confined = 1
# If set to non-zero, then attempts to create unconfined
@@ -729,11 +738,22 @@
#relaxed_acs_check = 1
-# In order to prevent accidentally starting two domains that
-# share one writable disk, libvirt offers two approaches for
-# locking files. The first one is sanlock, the other one,
-# virtlockd, is then our own implementation. Accepted values
-# are "sanlock" and "lockd".
+# SUSE note:
+# Two lock managers are supported: lockd and sanlock. lockd, which
+# is provided by the virtlockd service, uses advisory locks (flock(2))
+# to protect virtual machine disks. sanlock uses the notion of leases
+# to protect virtual machine disks and is more appropriate in a SAN
+# environment.
+#
+# For most deployments that require virtual machine disk protection,
+# lockd is recommended since it is easy to configure and the virtlockd
+# service can be restarted without terminating any running virtual
+# machines. sanlock, which may be preferred in some SAN environments,
+# has the disadvantage of not being able to be restarted without
+# first terminating all virtual machines for which it holds leases.
+#
+# Specify lockd or sanlock to enable protection of virtual machine disk
+# content.
#
#lock_manager = "lockd"
Index: libvirt-9.1.0/src/qemu/qemu_conf.c
===================================================================
--- libvirt-9.1.0.orig/src/qemu/qemu_conf.c
+++ libvirt-9.1.0/src/qemu/qemu_conf.c
@@ -265,7 +265,7 @@ virQEMUDriverConfig *virQEMUDriverConfig
cfg->slirpHelperName = g_strdup(QEMU_SLIRP_HELPER);
cfg->dbusDaemonName = g_strdup(QEMU_DBUS_DAEMON);
- cfg->securityDefaultConfined = true;
+ cfg->securityDefaultConfined = false;
cfg->securityRequireConfined = false;
cfg->keepAliveInterval = 5;
Index: libvirt-9.1.0/src/qemu/test_libvirtd_qemu.aug.in
===================================================================
--- libvirt-9.1.0.orig/src/qemu/test_libvirtd_qemu.aug.in
+++ libvirt-9.1.0/src/qemu/test_libvirtd_qemu.aug.in
@@ -45,6 +45,7 @@ module Test_libvirtd_qemu =
{ "remote_websocket_port_min" = "5700" }
{ "remote_websocket_port_max" = "65535" }
{ "security_driver" = "selinux" }
+{ "security_driver" = "apparmor" }
{ "security_default_confined" = "1" }
{ "security_require_confined" = "1" }
{ "user" = "@QEMU_USER@" }

View File

@ -1,72 +0,0 @@
From 45b03e3c0e3dcf8f75083538b36238e03907e3fb Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig@suse.com>
Date: Tue, 5 Jul 2022 11:44:36 -0600
Subject: Adjust paths of OVMF firmwares on SUSE distros
Note: SLE15 SP2 and newer support automatic firmware selection. Firmwares
advertised and used by libvirt are automatically detected. Until upstream
removes the old DEFAULT_LOADER_NVRAM approach and associated code, this
patch will stay.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
---
src/qemu/qemu.conf.in | 7 +++----
src/qemu/qemu_conf.c | 7 +++----
src/qemu/test_libvirtd_qemu.aug.in | 7 +++----
src/security/virt-aa-helper.c | 3 ++-
4 files changed, 11 insertions(+), 13 deletions(-)
Index: libvirt-9.1.0/src/qemu/qemu.conf.in
===================================================================
--- libvirt-9.1.0.orig/src/qemu/qemu.conf.in
+++ libvirt-9.1.0/src/qemu/qemu.conf.in
@@ -857,10 +857,9 @@
# for x86_64 and i686, but it's AAVMF for aarch64. The libvirt default
# follows this scheme.
#nvram = [
-# "/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd",
-# "/usr/share/OVMF/OVMF_CODE.secboot.fd:/usr/share/OVMF/OVMF_VARS.fd",
-# "/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd",
-# "/usr/share/AAVMF/AAVMF32_CODE.fd:/usr/share/AAVMF/AAVMF32_VARS.fd"
+# "/usr/share/qemu/ovmf-x86_64-ms-4m-code.bin:/usr/share/qemu/ovmf-x86_64-ms-4m-vars.bin",
+# "/usr/share/qemu/ovmf-x86_64-ms-code.bin:/usr/share/qemu/ovmf-x86_64-ms-vars.bin",
+# "/usr/share/qemu/aavmf-aarch64-code.bin:/usr/share/qemu/aavmf-aarch64-vars.bin"
#]
# The backend to use for handling stdout/stderr output from
Index: libvirt-9.1.0/src/qemu/qemu_conf.c
===================================================================
--- libvirt-9.1.0.orig/src/qemu/qemu_conf.c
+++ libvirt-9.1.0/src/qemu/qemu_conf.c
@@ -90,10 +90,9 @@ VIR_ONCE_GLOBAL_INIT(virQEMUConfig);
#ifndef DEFAULT_LOADER_NVRAM
# define DEFAULT_LOADER_NVRAM \
- "/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd:" \
- "/usr/share/OVMF/OVMF_CODE.secboot.fd:/usr/share/OVMF/OVMF_VARS.fd:" \
- "/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd:" \
- "/usr/share/AAVMF/AAVMF32_CODE.fd:/usr/share/AAVMF/AAVMF32_VARS.fd"
+ "/usr/share/qemu/ovmf-x86_64-ms-4m-code.bin:/usr/share/qemu/ovmf-x86_64-ms-4m-vars.bin:" \
+ "/usr/share/qemu/ovmf-x86_64-ms-code.bin:/usr/share/qemu/ovmf-x86_64-ms-vars.bin:" \
+ "/usr/share/qemu/aavmf-aarch64-code.bin:/usr/share/qemu/aavmf-aarch64-vars.bin"
#endif
Index: libvirt-9.1.0/src/qemu/test_libvirtd_qemu.aug.in
===================================================================
--- libvirt-9.1.0.orig/src/qemu/test_libvirtd_qemu.aug.in
+++ libvirt-9.1.0/src/qemu/test_libvirtd_qemu.aug.in
@@ -96,10 +96,9 @@ module Test_libvirtd_qemu =
{ "migration_port_max" = "49215" }
{ "log_timestamp" = "0" }
{ "nvram"
- { "1" = "/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd" }
- { "2" = "/usr/share/OVMF/OVMF_CODE.secboot.fd:/usr/share/OVMF/OVMF_VARS.fd" }
- { "3" = "/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd" }
- { "4" = "/usr/share/AAVMF/AAVMF32_CODE.fd:/usr/share/AAVMF/AAVMF32_VARS.fd" }
+ { "1" = "/usr/share/qemu/ovmf-x86_64-ms-4m-code.bin:/usr/share/qemu/ovmf-x86_64-ms-4m-vars.bin" }
+ { "2" = "/usr/share/qemu/ovmf-x86_64-ms-code.bin:/usr/share/qemu/ovmf-x86_64-ms-vars.bin" }
+ { "3" = "/usr/share/qemu/aavmf-aarch64-code.bin:/usr/share/qemu/aavmf-aarch64-vars.bin" }
}
{ "stdio_handler" = "logd" }
{ "gluster_debug_level" = "9" }

View File

@ -1,27 +0,0 @@
From e0d6005e7bedd06099201f8be34959b160cf235c Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig@suse.com>
Date: Tue, 5 Jul 2022 13:52:35 -0600
Subject: libxl: Use the SUSE ovmf firmware path for Xen
The libxl driver trivially supports firmware autoselection since as of
June 2021 ovmf only supports one firmware for Xen. This patch adjusts
the firmware path to match the one provided by the ovmf package.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
---
src/libxl/libxl_conf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: libvirt-9.1.0/src/libxl/libxl_conf.c
===================================================================
--- libvirt-9.1.0.orig/src/libxl/libxl_conf.c
+++ libvirt-9.1.0/src/libxl/libxl_conf.c
@@ -1789,7 +1789,7 @@ libxlDriverConfigNew(void)
cfg->firmwares = g_new0(virFirmware *, 1);
cfg->nfirmwares = 1;
cfg->firmwares[0] = g_new0(virFirmware, 1);
- cfg->firmwares[0]->name = g_strdup(LIBXL_FIRMWARE_DIR "/ovmf.bin");
+ cfg->firmwares[0]->name = g_strdup(DATADIR "/qemu/ovmf-x86_64-xen-4m.bin");
#endif
/* Always add hvmloader to firmwares */

View File

@ -1,386 +0,0 @@
From 6c33161423fc79092b88b2ea7dba2d2711340052 Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig@suse.com>
Date: Tue, 5 Jul 2022 13:53:38 -0600
Subject: Add virt-create-rootfs utility
From <cbosdonnat@suse.com>
---
docs/manpages/meson.build | 1 +
docs/manpages/virt-create-rootfs.rst | 88 ++++++++++
tools/meson.build | 2 +
tools/virt-create-rootfs | 236 +++++++++++++++++++++++++++
4 files changed, 327 insertions(+)
create mode 100644 docs/manpages/virt-create-rootfs.rst
create mode 100644 tools/virt-create-rootfs
Index: libvirt-9.1.0/docs/manpages/meson.build
===================================================================
--- libvirt-9.1.0.orig/docs/manpages/meson.build
+++ libvirt-9.1.0/docs/manpages/meson.build
@@ -21,6 +21,7 @@ docs_man_files = [
{ 'name': 'virt-qemu-qmp-proxy', 'section': '1', 'install': conf.has('WITH_QEMU') },
{ 'name': 'virt-xml-validate', 'section': '1', 'install': true },
{ 'name': 'virt-qemu-sev-validate', 'section': '1', 'install': conf.has('WITH_QEMU') },
+ { 'name': 'virt-create-rootfs', 'section': '1', 'install': true },
{ 'name': 'libvirt-guests', 'section': '8', 'install': conf.has('WITH_LIBVIRTD') },
{ 'name': 'libvirtd', 'section': '8', 'install': conf.has('WITH_LIBVIRTD') },
Index: libvirt-9.1.0/docs/manpages/virt-create-rootfs.rst
===================================================================
--- /dev/null
+++ libvirt-9.1.0/docs/manpages/virt-create-rootfs.rst
@@ -0,0 +1,88 @@
+==================
+virt-create-rootfs
+==================
+
+---------------------------------------------------------
+A tool to create a root file system for distro containers
+---------------------------------------------------------
+
+:Manual section: 1
+:Manual group: Virtualization Support
+
+.. contents::
+
+SYNOPSIS
+========
+
+
+``virt-create-rootfs`` [*OPTION*]
+
+
+DESCRIPTION
+===========
+
+The ``virt-create-rootfs`` program is a shell script setting up a root file
+system for a distribution container.
+
+The basic structure of most virt-create-rootfs usage is:
+
+ ``virt-create-rootfs`` -r /path/to/root -d distro-name
+
+
+OPTIONS
+=======
+
+``-h``, ``--help``
+
+Display command line help usage then exit.
+
+``-r``, ``--root``
+
+Set the path where to create the new root file system.
+
+``-d``, ``--distro``
+
+Set the name of distribution to use for the root file system.
+
+As of now, only SLED-<XXX>, SLES-<XXX> and openSUSE-<XXX> are implemented
+where <XXX> is the version number. Examples are openSUSE-15.3, openSUSE-tumbleweed,
+and SLES-15.3. Note that SUSEConnect is required to handle SLE distributions.
+
+``-a``, ``--arch``
+
+Set the target architecture of the root file system to either i586 or x86_64.
+
+``-c``, ``--regcode``
+
+Set the registration code for the product to install in the root file system.
+For SLE distributions, use a registration code from SUSE Customer Center.
+
+``-u``, ``--url``
+
+For SLE distributions, set the registration server to use.
+Default: https://scc.suse.com.
+
+``--dry-run``
+
+Don't do anything, just report what would be done.
+
+
+COPYRIGHT
+=========
+
+Copyright (C) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+
+
+LICENSE
+=======
+
+``virt-create-rootfs`` is distributed under the terms of the GNU LGPL v2+.
+This is free software; see the source for copying conditions. There
+is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
+PURPOSE
+
+
+SEE ALSO
+========
+
+virsh(1), `https://libvirt.org/ <https://libvirt.org/>`_
Index: libvirt-9.1.0/tools/meson.build
===================================================================
--- libvirt-9.1.0.orig/tools/meson.build
+++ libvirt-9.1.0/tools/meson.build
@@ -154,6 +154,8 @@ else
virsh_icon_res = []
endif
+install_data('virt-create-rootfs', install_dir: bindir, install_mode: 'rwxr-xr-x',)
+
executable(
'virsh',
[
Index: libvirt-9.1.0/tools/virt-create-rootfs
===================================================================
--- /dev/null
+++ libvirt-9.1.0/tools/virt-create-rootfs
@@ -0,0 +1,236 @@
+#!/bin/sh
+set -e
+
+function fail
+{
+ echo $1
+ exit 1
+}
+
+function print_help
+{
+cat << EOF
+virt-create-rootfs --root /path/to/rootfs [ARGS]
+
+Create a new root file system to use for distribution containers.
+
+ARGUMENTS
+
+ -h, --help print this help and exit
+ -r, --root path where to create the root FS
+ -d, --distro distribution to install
+ -a, --arch target architecture
+ -u, --url URL of the registration server
+ -c, --regcode registration code for the product
+ --dry-run don't actually run it
+EOF
+}
+
+ARCH=$(uname -i)
+ROOT=
+DISTRO=
+URL=
+REG_CODE=
+DRY_RUN=
+
+while test $# -gt 0
+do
+ case $1 in
+
+ -h | --help)
+ # usage and help
+ print_help
+ ;;
+
+ -r | --root)
+ if test $# -lt 2; then
+ fail "$1 needs a value"
+ fi
+ ROOT="$2"
+ shift
+ ;;
+
+ -a | --arch)
+ if test $# -lt 2; then
+ fail "$1 needs a value"
+ fi
+ case "$2" in
+ i586 | x86_64)
+ ARCH=$2
+ shift
+ ;;
+ *)
+ fail "$1 valid values are 'i586', 'x86_64'"
+ esac
+ # Sanity checks for the arch
+ HOST_ARCH=$(uname -i)
+ case "$HOST_ARCH" in
+ i?86)
+ if test $ARCH = "x86_64"; then
+ fail "Host won't run x86_64 container"
+ fi
+ ;;
+ esac
+ ;;
+
+ -u | --url)
+ if test $# -lt 2; then
+ fail "$1 needs a value"
+ fi
+ URL="$2"
+ shift
+ ;;
+
+ -d | --distro)
+ if test $# -lt 2; then
+ fail "$1 needs a value"
+ fi
+ case "$2" in
+ SLED-* | SLES-* | openSUSE-*)
+ DISTRO=$2
+ shift
+ ;;
+ *)
+ fail "$1 valid values are 'SLED-*', 'SLES-*', 'openSUSE-*'"
+ esac
+ ;;
+
+ -c | --regcode)
+ if test $# -lt 2; then
+ fail "$1 needs a value"
+ fi
+ REG_CODE=$2
+ shift
+ ;;
+
+ --dry-run)
+ DRY_RUN="yes"
+ ;;
+
+ *)
+ fail "Unknown option: $1"
+ ;;
+ esac
+
+ shift
+done
+
+if test -z "$ROOT"; then
+ fail "--root argument need to be provided"
+fi
+
+RUN=
+if test "$DRY_RUN" = "yes"; then
+ RUN="echo"
+fi
+
+function call_zypper
+{
+ $RUN zypper --root "$ROOT" $*
+}
+
+function install_sle
+{
+ PRODUCT="$1"
+ TARGET_VERSION="$2"
+
+ case "$TARGET_VERSION" in
+ 12.0)
+ # Transform into zypper internal version scheme
+ TARGET_VERSION="12"
+ ;;
+ 15.0)
+ TARGET_VERSION="15"
+ ;;
+ 12.*|15.*)
+ ;;
+ *)
+ fail "Unhandled SLE version: $TARGET_VERSION"
+ ;;
+ esac
+
+ # Depending on the distro we run, we may have some preliminary things to do
+ . /etc/os-release
+ case "$VERSION_ID" in
+ 15*)
+ # on SLE 15 we need to symlink the two path to the RPM DB or the GPG
+ # key won't be found.
+ mkdir -p "$ROOT/usr/lib/sysimage/rpm"
+ mkdir -p "$ROOT/var/lib"
+ ln -s ../../usr/lib/sysimage/rpm "$ROOT/var/lib"
+ ;;
+ esac
+
+ # First copy the SUSE GPG keys from the host to the new root
+ rpm -qa gpg-pubkey\* --qf "%{name}-%{version}-%{release}: %{summary}\n" | \
+ grep 'gpg(SuSE Package Signing Key <build@suse.de>)' | \
+ while read -r line; do
+ key=$(echo $line | cut -d ':' -f 1)
+ tmpkey=$(mktemp)
+ rpm -qi $key | sed -n '/BEGIN/,/END/p' > "$tmpkey"
+ rpm --root "$ROOT" --import "$tmpkey"
+ rm "$tmpkey"
+ done
+
+ # SUSE Connect adds the repositories, and refreshes them,
+ # but requires the GPG key to be already imported
+ CONNECT_ARGS=
+ if test -n "$REG_CODE"; then
+ CONNECT_ARGS="$CONNECT_ARGS -r $REG_CODE"
+ fi
+ if test -n "$URL"; then
+ CONNECT_ARGS="$CONNECT_ARGS --url $URL"
+ fi
+
+ PATTERN=Minimal
+ case "$TARGET_VERSION" in
+ 12*)
+ $RUN SUSEConnect -p "$PRODUCT/$TARGET_VERSION/$ARCH" --root "$ROOT" $CONNECT_ARGS
+ ;;
+ 15*)
+ # Due to SLE 15 modules we need to add the product first, let it fail,
+ # add the basesystem
+ set +e
+ $RUN SUSEConnect -p "$PRODUCT/$TARGET_VERSION/$ARCH" --root "$ROOT" $CONNECT_ARGS
+ set -e
+ $RUN SUSEConnect -p "sle-module-basesystem/$TARGET_VERSION/$ARCH" --root "$ROOT" $CONNECT_ARGS
+ PATTERN=base
+ ;;
+ esac
+
+ # Then we install what we need
+ call_zypper -n in --auto-agree-with-licenses -t pattern $PATTERN
+
+ # Create the baseproduct symlink if missing
+ if ! test -e "$ROOT/etc/products.d/baseproduct"; then
+ ln -s $PRODUCT.prod "$ROOT/etc/products.d/baseproduct"
+ fi
+}
+
+case "$DISTRO" in
+ SLED-*)
+ install_sle "SLED" "${DISTRO:5}"
+ ;;
+ SLED-* | SLES-*)
+ install_sle "SLES" "${DISTRO:5}"
+ ;;
+
+ openSUSE-*)
+ TARGET_VERSION=${DISTRO:9}
+ if test $TARGET_VERSION = "tumbleweed"; then
+ REPO="https://download.opensuse.org/tumbleweed/repo/oss/"
+ call_zypper ar "$REPO" "openSUSE"
+ else
+ REPO="https://download.opensuse.org/distribution/leap/$TARGET_VERSION/repo/oss/"
+ UPDATE_REPO="https://download.opensuse.org/update/leap/$TARGET_VERSION/oss/"
+ call_zypper ar "$REPO" "openSUSE"
+ call_zypper ar "$UPDATE_REPO" "openSUSE-udpate"
+ fi
+ call_zypper in --no-recommends -t pattern base
+ ;;
+esac
+
+if test "$DRY_RUN" != "yes"; then
+ echo "pts/0" >> "$ROOT/etc/securetty"
+ chroot "$ROOT" /usr/bin/passwd
+fi
Index: libvirt-9.1.0/docs/manpages/index.rst
===================================================================
--- libvirt-9.1.0.orig/docs/manpages/index.rst
+++ libvirt-9.1.0/docs/manpages/index.rst
@@ -45,6 +45,7 @@ Tools
* `virt-pki-query-dn(1) <virt-pki-query-dn.html>`__ - extract Distinguished Name from a PEM certificate
* `virt-ssh-helper(8) <virt-ssh-helper.html>`__ - libvirt socket proxy (internal helper tool)
* `virt-qemu-qmp-proxy(1) <virt-qemu-qmp-proxy.html>`__ - Expose a QMP proxy server for a libvirt QEMU guest
+* `virt-create-rootfs(1) <virt-create-rootfs.html>`__ - tool to create a root file system for distro containers
Key codes
=========