[Pkg-libvirt-commits] [Git][libvirt-team/libvirt][debian/experimental] refresh d/p/* for v6.0.0

Guido Günther gitlab at salsa.debian.org
Mon Jan 13 14:12:03 GMT 2020



Guido Günther pushed to branch debian/experimental at Libvirt Packaging Team / libvirt


Commits:
cc6b955f by Christian Ehrhardt at 2020-01-13T14:33:06+01:00
refresh d/p/* for v6.0.0

Signed-off-by: Christian Ehrhardt <christian.ehrhardt at canonical.com>

- - - - -


8 changed files:

- debian/patches/Pass-GPG_TTY-env-var-to-the-ssh-binary.patch
- debian/patches/debian/Debianize-libvirt-guests.patch
- debian/patches/debian/Debianize-systemd-service-files.patch
- debian/patches/debian/Debianize-virtlockd.patch
- debian/patches/debian/Debianize-virtlogd.patch
- debian/patches/series
- − debian/patches/virt-aa-helper-Actually-fix-AppArmor-profile.patch
- − debian/patches/virt-aa-helper-Fix-AppArmor-profile.patch


Changes:

=====================================
debian/patches/Pass-GPG_TTY-env-var-to-the-ssh-binary.patch
=====================================
@@ -12,16 +12,14 @@ require the 'TERM' environment variable to be set to the terminal type.
  src/rpc/virnetsocket.c | 2 ++
  1 file changed, 2 insertions(+)
 
-diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
-index 3282bc0..f448001 100644
 --- a/src/rpc/virnetsocket.c
 +++ b/src/rpc/virnetsocket.c
-@@ -876,6 +876,8 @@ int virNetSocketNewConnectSSH(const char *nodename,
-     virCommandAddEnvPassBlockSUID(cmd, "KRB5CCNAME", NULL);
-     virCommandAddEnvPassBlockSUID(cmd, "SSH_AUTH_SOCK", NULL);
-     virCommandAddEnvPassBlockSUID(cmd, "SSH_ASKPASS", NULL);
-+    virCommandAddEnvPassBlockSUID(cmd, "GPG_TTY", NULL);
-+    virCommandAddEnvPassBlockSUID(cmd, "TERM", NULL);
-     virCommandAddEnvPassBlockSUID(cmd, "DISPLAY", NULL);
-     virCommandAddEnvPassBlockSUID(cmd, "XAUTHORITY", NULL);
+@@ -863,6 +863,8 @@ int virNetSocketNewConnectSSH(const char
+     virCommandAddEnvPass(cmd, "KRB5CCNAME");
+     virCommandAddEnvPass(cmd, "SSH_AUTH_SOCK");
+     virCommandAddEnvPass(cmd, "SSH_ASKPASS");
++    virCommandAddEnvPass(cmd, "GPG_TTY", NULL);
++    virCommandAddEnvPass(cmd, "TERM", NULL);
+     virCommandAddEnvPass(cmd, "DISPLAY");
+     virCommandAddEnvPass(cmd, "XAUTHORITY");
      virCommandClearCaps(cmd);


=====================================
debian/patches/debian/Debianize-libvirt-guests.patch
=====================================
@@ -8,8 +8,6 @@ Origin: vendor
  tools/libvirt-guests.sysconf |  4 ++--
  2 files changed, 30 insertions(+), 19 deletions(-)
 
-diff --git a/tools/libvirt-guests.sh.in b/tools/libvirt-guests.sh.in
-index 4bc6e86..f94f1b3 100644
 --- a/tools/libvirt-guests.sh.in
 +++ b/tools/libvirt-guests.sh.in
 @@ -1,5 +1,17 @@
@@ -31,7 +29,7 @@ index 4bc6e86..f94f1b3 100644
  # Copyright (C) 2011-2014 Red Hat, Inc.
  #
  # This library is free software; you can redistribute it and/or
-@@ -16,23 +28,23 @@
+@@ -16,34 +28,34 @@
  # License along with this library.  If not, see
  # <http://www.gnu.org/licenses/>.
  
@@ -66,8 +64,7 @@ index 4bc6e86..f94f1b3 100644
  SHUTDOWN_TIMEOUT=300
  PARALLEL_SHUTDOWN=0
  START_DELAY=0
-@@ -41,11 +53,11 @@ CONNECT_RETRIES=10
- RETRIES_SLEEP=1
+ BYPASS_CACHE=0
  SYNC_TIME=0
  
 -test -f "$sysconfdir"/sysconfig/libvirt-guests &&
@@ -81,7 +78,7 @@ index 4bc6e86..f94f1b3 100644
  
  RETVAL=0
  
-@@ -552,8 +564,7 @@ gueststatus() {
+@@ -543,8 +555,7 @@ gueststatus() {
  
  # rh_status
  # Display current status: whether saved state exists, and whether start
@@ -91,8 +88,6 @@ index 4bc6e86..f94f1b3 100644
  rh_status() {
      if [ -f "$LISTFILE" ]; then
          gettext "stopped, with saved guests"; echo
-diff --git a/tools/libvirt-guests.sysconf b/tools/libvirt-guests.sysconf
-index 669b046..1c4b450 100644
 --- a/tools/libvirt-guests.sysconf
 +++ b/tools/libvirt-guests.sysconf
 @@ -8,7 +8,7 @@


=====================================
debian/patches/debian/Debianize-systemd-service-files.patch
=====================================
@@ -7,35 +7,27 @@ Subject: Debianize systemd service files
  tools/libvirt-guests.service.in | 2 +-
  2 files changed, 3 insertions(+), 3 deletions(-)
 
-diff --git a/src/remote/libvirtd.service.in b/src/remote/libvirtd.service.in
-index 3ddf0e2..143dd7f 100644
 --- a/src/remote/libvirtd.service.in
 +++ b/src/remote/libvirtd.service.in
-@@ -20,12 +20,12 @@ Documentation=https://libvirt.org
+@@ -25,8 +25,8 @@ Documentation=https://libvirt.org
  
  [Service]
  Type=notify
--EnvironmentFile=-/etc/sysconfig/libvirtd
-+EnvironmentFile=-/etc/default/libvirtd
- # libvirtd.service is set to run on boot so that autostart of
- # VMs can be performed. We don't want it to stick around if
- # unused though, so we set a timeout. The socket activation
- # then ensures it gets started again if anything needs it
--ExecStart=@sbindir@/libvirtd --timeout 120 $LIBVIRTD_ARGS
-+ExecStart=@sbindir@/libvirtd --timeout 120 $libvirtd_opts
+-EnvironmentFile=- at sysconfdir@/sysconfig/libvirtd
+-ExecStart=@sbindir@/libvirtd $LIBVIRTD_ARGS
++EnvironmentFile=- at sysconfdir@/default/libvirtd
++ExecStart=@sbindir@/libvirtd $libvirtd_opts
  ExecReload=/bin/kill -HUP $MAINPID
  KillMode=process
  Restart=on-failure
-diff --git a/tools/libvirt-guests.service.in b/tools/libvirt-guests.service.in
-index 491ca62..c2f36cf 100644
 --- a/tools/libvirt-guests.service.in
 +++ b/tools/libvirt-guests.service.in
 @@ -10,7 +10,7 @@ Documentation=man:libvirtd(8)
  Documentation=https://libvirt.org
  
  [Service]
--EnvironmentFile=-/etc/sysconfig/libvirt-guests
-+EnvironmentFile=-/etc/default/libvirt-guests
+-EnvironmentFile=- at sysconfdir@/sysconfig/libvirt-guests
++EnvironmentFile=- at sysconfdir@/default/libvirt-guests
  # Hack just call traditional service until we factor
  # out the code
  ExecStart=@libexecdir@/libvirt-guests.sh start


=====================================
debian/patches/debian/Debianize-virtlockd.patch
=====================================
@@ -6,16 +6,14 @@ Subject: Debianize virtlockd
  src/locking/virtlockd.service.in | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
-diff --git a/src/locking/virtlockd.service.in b/src/locking/virtlockd.service.in
-index 3c9d587..7304a90 100644
 --- a/src/locking/virtlockd.service.in
 +++ b/src/locking/virtlockd.service.in
 @@ -7,7 +7,7 @@ Documentation=man:virtlockd(8)
  Documentation=https://libvirt.org
  
  [Service]
--EnvironmentFile=-/etc/sysconfig/virtlockd
-+EnvironmentFile=-/etc/default/virtlockd
+-EnvironmentFile=- at sysconfdir@/sysconfig/virtlockd
++EnvironmentFile=- at sysconfdir@/default/virtlockd
  ExecStart=@sbindir@/virtlockd $VIRTLOCKD_ARGS
  ExecReload=/bin/kill -USR1 $MAINPID
  # Loosing the locks is a really bad thing that will


=====================================
debian/patches/debian/Debianize-virtlogd.patch
=====================================
@@ -6,16 +6,14 @@ Subject: Debianize virtlogd
  src/logging/virtlogd.service.in | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
-diff --git a/src/logging/virtlogd.service.in b/src/logging/virtlogd.service.in
-index 3d9ae36..fe99d53 100644
 --- a/src/logging/virtlogd.service.in
 +++ b/src/logging/virtlogd.service.in
 @@ -7,7 +7,7 @@ Documentation=man:virtlogd(8)
  Documentation=https://libvirt.org
  
  [Service]
--EnvironmentFile=-/etc/sysconfig/virtlogd
-+EnvironmentFile=-/etc/default/virtlogd
+-EnvironmentFile=- at sysconfdir@/sysconfig/virtlogd
++EnvironmentFile=- at sysconfdir@/default/virtlogd
  ExecStart=@sbindir@/virtlogd $VIRTLOGD_ARGS
  ExecReload=/bin/kill -USR1 $MAINPID
  # Loosing the logs is a really bad thing that will


=====================================
debian/patches/series
=====================================
@@ -15,6 +15,4 @@ Pass-GPG_TTY-env-var-to-the-ssh-binary.patch
 apparmor-Allow-virt-aa-helper-to-access-the-name-service-.patch
 debian/Prefer-sbin-over-usr-sbin.patch
 Include-etc-pki-qemu-in-apparmor.patch
-virt-aa-helper-Fix-AppArmor-profile.patch
-virt-aa-helper-Actually-fix-AppArmor-profile.patch
 apparmor-Allow-run-pygrub.patch


=====================================
debian/patches/virt-aa-helper-Actually-fix-AppArmor-profile.patch deleted
=====================================
@@ -1,41 +0,0 @@
-From: Andrea Bolognani <abologna at redhat.com>
-Date: Tue, 20 Aug 2019 09:54:12 +0200
-Subject: virt-aa-helper: Actually fix AppArmor profile
-MIME-Version: 1.0
-Content-Type: text/plain; charset="utf-8"
-Content-Transfer-Encoding: 8bit
-
-Tried previously in
-
-  commit b1eb8b3e8fd1d4cb1da8e5e2b16f2c10837fd823
-  Author: Andrea Bolognani <abologna at redhat.com>
-  Date:   Mon Aug 19 10:23:42 2019 +0200
-
-    virt-aa-helper: Fix AppArmor profile
-
-  v5.6.0-243-gb1eb8b3e8f
-
-with somewhat disappointing results.
-
-Signed-off-by: Andrea Bolognani <abologna at redhat.com>
-Reviewed-by: Ján Tomko <jtomko at redhat.com>
-(cherry picked from commit 9c2446ed4a81450f6482f259f9a0cf720cb0e423)
----
- src/security/apparmor/usr.lib.libvirt.virt-aa-helper | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
-index 8a9a1f3..85ed370 100644
---- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
-+++ b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
-@@ -19,8 +19,8 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
-   @{PROC}/filesystems r,
- 
-   # Used when internally running another command (namely apparmor_parser)
--  @{PROC}/self/fd r,
--  @{PROC}/@{pid}/fd r,
-+  @{PROC}/self/fd/ r,
-+  @{PROC}/@{pid}/fd/ r,
- 
-   /etc/libnl-3/classid r,
- 


=====================================
debian/patches/virt-aa-helper-Fix-AppArmor-profile.patch deleted
=====================================
@@ -1,65 +0,0 @@
-From: Andrea Bolognani <abologna at redhat.com>
-Date: Mon, 19 Aug 2019 10:23:42 +0200
-Subject: virt-aa-helper: Fix AppArmor profile
-MIME-Version: 1.0
-Content-Type: text/plain; charset="utf-8"
-Content-Transfer-Encoding: 8bit
-
-Since
-
-  commit 432faf259b696043ee5d7e8f657d855419a9a3fa
-  Author: Michal Privoznik <mprivozn at redhat.com>
-  Date:   Tue Jul 2 19:49:51 2019 +0200
-
-    virCommand: use procfs to learn opened FDs
-
-    When spawning a child process, between fork() and exec() we close
-    all file descriptors and keep only those the caller wants us to
-    pass onto the child. The problem is how we do that. Currently, we
-    get the limit of opened files and then iterate through each one
-    of them and either close() it or make it survive exec(). This
-    approach is suboptimal (although, not that much in default
-    configurations where the limit is pretty low - 1024). We have
-    /proc where we can learn what FDs we hold open and thus we can
-    selectively close only those.
-
-    Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
-    Reviewed-by: Ján Tomko <jtomko at redhat.com>
-
-  v5.5.0-173-g432faf259b
-
-programs using the virCommand APIs on Linux need read access to
-/proc/self/fd, or they will fail like
-
-  error : virCommandWait:2796 : internal error: Child process
-  (LIBVIRT_LOG_OUTPUTS=3:stderr /usr/lib/libvirt/virt-aa-helper -c
-   -u libvirt-b20e9a8e-091a-45e0-8823-537119e98bc6) unexpected exit
-  status 1: libvirt:  error : cannot open directory '/proc/self/fd':
-  Permission denied
-  virt-aa-helper: error: apparmor_parser exited with error
-
-Update the AppArmor profile for virt-aa-helper so that read access
-to the relevant path is granted.
-
-Signed-off-by: Andrea Bolognani <abologna at redhat.com>
-Reviewed-by: Ján Tomko <jtomko at redhat.com>
-(cherry picked from commit b1eb8b3e8fd1d4cb1da8e5e2b16f2c10837fd823)
----
- src/security/apparmor/usr.lib.libvirt.virt-aa-helper | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
-index ee02744..8a9a1f3 100644
---- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
-+++ b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
-@@ -18,6 +18,10 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
-   owner @{PROC}/[0-9]*/status r,
-   @{PROC}/filesystems r,
- 
-+  # Used when internally running another command (namely apparmor_parser)
-+  @{PROC}/self/fd r,
-+  @{PROC}/@{pid}/fd r,
-+
-   /etc/libnl-3/classid r,
- 
-   # for gl enabled graphics



View it on GitLab: https://salsa.debian.org/libvirt-team/libvirt/commit/cc6b955fe06b03bbd8e74813848680d24434a530

-- 
View it on GitLab: https://salsa.debian.org/libvirt-team/libvirt/commit/cc6b955fe06b03bbd8e74813848680d24434a530
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-libvirt-commits/attachments/20200113/38e2dfd6/attachment-0001.html>


More information about the Pkg-libvirt-commits mailing list