forked from pool/libvirt
1c1fa4f3a7
- Update to libvirt 8.2.0 - CVE-2022-0897 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v8-2-0-2022-04-01 - Dropped patches: 823a62ec-qemu-fix-undefine-crash.patch OBS-URL: https://build.opensuse.org/request/show/966486 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=927
360 lines
9.3 KiB
Diff
360 lines
9.3 KiB
Diff
Index: libvirt-8.2.0/tools/virt-create-rootfs
|
|
===================================================================
|
|
--- /dev/null
|
|
+++ libvirt-8.2.0/tools/virt-create-rootfs
|
|
@@ -0,0 +1,236 @@
|
|
+#!/bin/sh
|
|
+set -e
|
|
+
|
|
+function fail
|
|
+{
|
|
+ echo $1
|
|
+ exit 1
|
|
+}
|
|
+
|
|
+function print_help
|
|
+{
|
|
+cat << EOF
|
|
+virt-create-rootfs --root /path/to/rootfs [ARGS]
|
|
+
|
|
+Create a new root file system to use for distribution containers.
|
|
+
|
|
+ARGUMENTS
|
|
+
|
|
+ -h, --help print this help and exit
|
|
+ -r, --root path where to create the root FS
|
|
+ -d, --distro distribution to install
|
|
+ -a, --arch target architecture
|
|
+ -u, --url URL of the registration server
|
|
+ -c, --regcode registration code for the product
|
|
+ --dry-run don't actually run it
|
|
+EOF
|
|
+}
|
|
+
|
|
+ARCH=$(uname -i)
|
|
+ROOT=
|
|
+DISTRO=
|
|
+URL=
|
|
+REG_CODE=
|
|
+DRY_RUN=
|
|
+
|
|
+while test $# -gt 0
|
|
+do
|
|
+ case $1 in
|
|
+
|
|
+ -h | --help)
|
|
+ # usage and help
|
|
+ print_help
|
|
+ ;;
|
|
+
|
|
+ -r | --root)
|
|
+ if test $# -lt 2; then
|
|
+ fail "$1 needs a value"
|
|
+ fi
|
|
+ ROOT="$2"
|
|
+ shift
|
|
+ ;;
|
|
+
|
|
+ -a | --arch)
|
|
+ if test $# -lt 2; then
|
|
+ fail "$1 needs a value"
|
|
+ fi
|
|
+ case "$2" in
|
|
+ i586 | x86_64)
|
|
+ ARCH=$2
|
|
+ shift
|
|
+ ;;
|
|
+ *)
|
|
+ fail "$1 valid values are 'i586', 'x86_64'"
|
|
+ esac
|
|
+ # Sanity checks for the arch
|
|
+ HOST_ARCH=$(uname -i)
|
|
+ case "$HOST_ARCH" in
|
|
+ i?86)
|
|
+ if test $ARCH = "x86_64"; then
|
|
+ fail "Host won't run x86_64 container"
|
|
+ fi
|
|
+ ;;
|
|
+ esac
|
|
+ ;;
|
|
+
|
|
+ -u | --url)
|
|
+ if test $# -lt 2; then
|
|
+ fail "$1 needs a value"
|
|
+ fi
|
|
+ URL="$2"
|
|
+ shift
|
|
+ ;;
|
|
+
|
|
+ -d | --distro)
|
|
+ if test $# -lt 2; then
|
|
+ fail "$1 needs a value"
|
|
+ fi
|
|
+ case "$2" in
|
|
+ SLED-* | SLES-* | openSUSE-*)
|
|
+ DISTRO=$2
|
|
+ shift
|
|
+ ;;
|
|
+ *)
|
|
+ fail "$1 valid values are 'SLED-*', 'SLES-*', 'openSUSE-*'"
|
|
+ esac
|
|
+ ;;
|
|
+
|
|
+ -c | --regcode)
|
|
+ if test $# -lt 2; then
|
|
+ fail "$1 needs a value"
|
|
+ fi
|
|
+ REG_CODE=$2
|
|
+ shift
|
|
+ ;;
|
|
+
|
|
+ --dry-run)
|
|
+ DRY_RUN="yes"
|
|
+ ;;
|
|
+
|
|
+ *)
|
|
+ fail "Unknown option: $1"
|
|
+ ;;
|
|
+ esac
|
|
+
|
|
+ shift
|
|
+done
|
|
+
|
|
+if test -z "$ROOT"; then
|
|
+ fail "--root argument need to be provided"
|
|
+fi
|
|
+
|
|
+RUN=
|
|
+if test "$DRY_RUN" = "yes"; then
|
|
+ RUN="echo"
|
|
+fi
|
|
+
|
|
+function call_zypper
|
|
+{
|
|
+ $RUN zypper --root "$ROOT" $*
|
|
+}
|
|
+
|
|
+function install_sle
|
|
+{
|
|
+ PRODUCT="$1"
|
|
+ TARGET_VERSION="$2"
|
|
+
|
|
+ case "$TARGET_VERSION" in
|
|
+ 12.0)
|
|
+ # Transform into zypper internal version scheme
|
|
+ TARGET_VERSION="12"
|
|
+ ;;
|
|
+ 15.0)
|
|
+ TARGET_VERSION="15"
|
|
+ ;;
|
|
+ 12.*|15.*)
|
|
+ ;;
|
|
+ *)
|
|
+ fail "Unhandled SLE version: $TARGET_VERSION"
|
|
+ ;;
|
|
+ esac
|
|
+
|
|
+ # Depending on the distro we run, we may have some preliminary things to do
|
|
+ . /etc/os-release
|
|
+ case "$VERSION_ID" in
|
|
+ 15*)
|
|
+ # on SLE 15 we need to symlink the two path to the RPM DB or the GPG
|
|
+ # key won't be found.
|
|
+ mkdir -p "$ROOT/usr/lib/sysimage/rpm"
|
|
+ mkdir -p "$ROOT/var/lib"
|
|
+ ln -s ../../usr/lib/sysimage/rpm "$ROOT/var/lib"
|
|
+ ;;
|
|
+ esac
|
|
+
|
|
+ # First copy the SUSE GPG keys from the host to the new root
|
|
+ rpm -qa gpg-pubkey\* --qf "%{name}-%{version}-%{release}: %{summary}\n" | \
|
|
+ grep 'gpg(SuSE Package Signing Key <build@suse.de>)' | \
|
|
+ while read -r line; do
|
|
+ key=$(echo $line | cut -d ':' -f 1)
|
|
+ tmpkey=$(mktemp)
|
|
+ rpm -qi $key | sed -n '/BEGIN/,/END/p' > "$tmpkey"
|
|
+ rpm --root "$ROOT" --import "$tmpkey"
|
|
+ rm "$tmpkey"
|
|
+ done
|
|
+
|
|
+ # SUSE Connect adds the repositories, and refreshes them,
|
|
+ # but requires the GPG key to be already imported
|
|
+ CONNECT_ARGS=
|
|
+ if test -n "$REG_CODE"; then
|
|
+ CONNECT_ARGS="$CONNECT_ARGS -r $REG_CODE"
|
|
+ fi
|
|
+ if test -n "$URL"; then
|
|
+ CONNECT_ARGS="$CONNECT_ARGS --url $URL"
|
|
+ fi
|
|
+
|
|
+ PATTERN=Minimal
|
|
+ case "$TARGET_VERSION" in
|
|
+ 12*)
|
|
+ $RUN SUSEConnect -p "$PRODUCT/$TARGET_VERSION/$ARCH" --root "$ROOT" $CONNECT_ARGS
|
|
+ ;;
|
|
+ 15*)
|
|
+ # Due to SLE 15 modules we need to add the product first, let it fail,
|
|
+ # add the basesystem
|
|
+ set +e
|
|
+ $RUN SUSEConnect -p "$PRODUCT/$TARGET_VERSION/$ARCH" --root "$ROOT" $CONNECT_ARGS
|
|
+ set -e
|
|
+ $RUN SUSEConnect -p "sle-module-basesystem/$TARGET_VERSION/$ARCH" --root "$ROOT" $CONNECT_ARGS
|
|
+ PATTERN=base
|
|
+ ;;
|
|
+ esac
|
|
+
|
|
+ # Then we install what we need
|
|
+ call_zypper -n in --auto-agree-with-licenses -t pattern $PATTERN
|
|
+
|
|
+ # Create the baseproduct symlink if missing
|
|
+ if ! test -e "$ROOT/etc/products.d/baseproduct"; then
|
|
+ ln -s $PRODUCT.prod "$ROOT/etc/products.d/baseproduct"
|
|
+ fi
|
|
+}
|
|
+
|
|
+case "$DISTRO" in
|
|
+ SLED-*)
|
|
+ install_sle "SLED" "${DISTRO:5}"
|
|
+ ;;
|
|
+ SLED-* | SLES-*)
|
|
+ install_sle "SLES" "${DISTRO:5}"
|
|
+ ;;
|
|
+
|
|
+ openSUSE-*)
|
|
+ TARGET_VERSION=${DISTRO:9}
|
|
+ if test $TARGET_VERSION = "tumbleweed"; then
|
|
+ REPO="http://download.opensuse.org/tumbleweed/repo/oss/"
|
|
+ call_zypper ar "$REPO" "openSUSE"
|
|
+ else
|
|
+ REPO="http://download.opensuse.org/distribution/leap/$TARGET_VERSION/repo/oss/"
|
|
+ UPDATE_REPO="http://download.opensuse.org/update/leap/$TARGET_VERSION/oss/"
|
|
+ call_zypper ar "$REPO" "openSUSE"
|
|
+ call_zypper ar "$UPDATE_REPO" "openSUSE-udpate"
|
|
+ fi
|
|
+ call_zypper in --no-recommends -t pattern base
|
|
+ ;;
|
|
+esac
|
|
+
|
|
+if test "$DRY_RUN" != "yes"; then
|
|
+ echo "pts/0" >> "$ROOT/etc/securetty"
|
|
+ chroot "$ROOT" /usr/bin/passwd
|
|
+fi
|
|
Index: libvirt-8.2.0/docs/manpages/virt-create-rootfs.rst
|
|
===================================================================
|
|
--- /dev/null
|
|
+++ libvirt-8.2.0/docs/manpages/virt-create-rootfs.rst
|
|
@@ -0,0 +1,88 @@
|
|
+==================
|
|
+virt-create-rootfs
|
|
+==================
|
|
+
|
|
+---------------------------------------------------------
|
|
+A tool to create a root file system for distro containers
|
|
+---------------------------------------------------------
|
|
+
|
|
+:Manual section: 1
|
|
+:Manual group: Virtualization Support
|
|
+
|
|
+.. contents::
|
|
+
|
|
+SYNOPSIS
|
|
+========
|
|
+
|
|
+
|
|
+``virt-create-rootfs`` [*OPTION*]
|
|
+
|
|
+
|
|
+DESCRIPTION
|
|
+===========
|
|
+
|
|
+The ``virt-create-rootfs`` program is a shell script setting up a root file
|
|
+system for a distribution container.
|
|
+
|
|
+The basic structure of most virt-create-rootfs usage is:
|
|
+
|
|
+ ``virt-create-rootfs`` -r /path/to/root -d distro-name
|
|
+
|
|
+
|
|
+OPTIONS
|
|
+=======
|
|
+
|
|
+``-h``, ``--help``
|
|
+
|
|
+Display command line help usage then exit.
|
|
+
|
|
+``-r``, ``--root``
|
|
+
|
|
+Set the path where to create the new root file system.
|
|
+
|
|
+``-d``, ``--distro``
|
|
+
|
|
+Set the name of distribution to use for the root file system.
|
|
+
|
|
+As of now, only SLED-<XXX>, SLES-<XXX> and openSUSE-<XXX> are implemented
|
|
+where <XXX> is the version number. Examples are openSUSE-15.3, openSUSE-tumbleweed,
|
|
+and SLES-15.3. Note that SUSEConnect is required to handle SLE distributions.
|
|
+
|
|
+``-a``, ``--arch``
|
|
+
|
|
+Set the target architecture of the root file system to either i586 or x86_64.
|
|
+
|
|
+``-c``, ``--regcode``
|
|
+
|
|
+Set the registration code for the product to install in the root file system.
|
|
+For SLE distributions, use a registration code from SUSE Customer Center.
|
|
+
|
|
+``-u``, ``--url``
|
|
+
|
|
+For SLE distributions, set the registration server to use.
|
|
+Default: http://scc.suse.com.
|
|
+
|
|
+``--dry-run``
|
|
+
|
|
+Don't do anything, just report what would be done.
|
|
+
|
|
+
|
|
+COPYRIGHT
|
|
+=========
|
|
+
|
|
+Copyright (C) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
|
+
|
|
+
|
|
+LICENSE
|
|
+=======
|
|
+
|
|
+``virt-create-rootfs`` is distributed under the terms of the GNU LGPL v2+.
|
|
+This is free software; see the source for copying conditions. There
|
|
+is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
|
+PURPOSE
|
|
+
|
|
+
|
|
+SEE ALSO
|
|
+========
|
|
+
|
|
+virsh(1), `https://libvirt.org/ <https://libvirt.org/>`_
|
|
Index: libvirt-8.2.0/docs/manpages/meson.build
|
|
===================================================================
|
|
--- libvirt-8.2.0.orig/docs/manpages/meson.build
|
|
+++ libvirt-8.2.0/docs/manpages/meson.build
|
|
@@ -20,6 +20,7 @@ docs_man_files = [
|
|
{ 'name': 'virt-pki-validate', 'section': '1', 'install': true },
|
|
{ 'name': 'virt-qemu-run', 'section': '1', 'install': conf.has('WITH_QEMU') },
|
|
{ 'name': 'virt-xml-validate', 'section': '1', 'install': true },
|
|
+ { 'name': 'virt-create-rootfs', 'section': '1', 'install': true },
|
|
|
|
{ 'name': 'libvirt-guests', 'section': '8', 'install': conf.has('WITH_LIBVIRTD') },
|
|
{ 'name': 'libvirtd', 'section': '8', 'install': conf.has('WITH_LIBVIRTD') },
|
|
Index: libvirt-8.2.0/tools/meson.build
|
|
===================================================================
|
|
--- libvirt-8.2.0.orig/tools/meson.build
|
|
+++ libvirt-8.2.0/tools/meson.build
|
|
@@ -154,6 +154,8 @@ else
|
|
virsh_icon_res = []
|
|
endif
|
|
|
|
+install_data('virt-create-rootfs', install_dir: bindir, install_mode: 'rwxr-xr-x',)
|
|
+
|
|
executable(
|
|
'virsh',
|
|
[
|