[Pkg-libvirt-commits] [Git][libvirt-team/libvirt][debian/latest] 9 commits: changelog: Create entry for 9.0.0-1
Andrea Bolognani (@abologna)
gitlab at salsa.debian.org
Sat Jan 28 16:54:59 GMT 2023
Andrea Bolognani pushed to branch debian/latest at Libvirt Packaging Team / libvirt
Commits:
a737439e by Andrea Bolognani at 2023-01-18T00:10:21+01:00
changelog: Create entry for 9.0.0-1
Gbp-Dch: Ignore
- - - - -
f86887f2 by Andrea Bolognani at 2023-01-18T00:10:59+01:00
libvirt-daemon-system: Update comment
The next upload is going to be 9.0.0-1, not 8.10.0-4.
Gbp-Dch: Ignore
- - - - -
02c60178 by Andrea Bolognani at 2023-01-18T00:13:22+01:00
symbols: Bump symbol versions
New symbols:
* virDomainFDAssociate
Gbp-Dch: Ignore
- - - - -
30dad26e by Andrea Bolognani at 2023-01-23T21:47:58+01:00
patches: Drop obsolete backports
- - - - -
217f0860 by Andrea Bolognani at 2023-01-23T21:48:01+01:00
patches: Refresh patches
Gbp-Dch: Ignore
- - - - -
157a5ec2 by Andrea Bolognani at 2023-01-23T21:48:01+01:00
patches: Add backports
Specifically:
* backport/apparmor-Allow-umount-dev.patch
* backport/qemu_interface-Fix-managed-no-case-when-creating-an-ether.patch
which fix a couple of regressions.
- - - - -
1ba11531 by Andrea Bolognani at 2023-01-23T21:48:01+01:00
copyright: Update copyright years
Gbp-Dch: Ignore
- - - - -
94f11a4e by Andrea Bolognani at 2023-01-23T21:48:01+01:00
libvirt-daemon-sysv: Remove dependency on lsb-base
Lintian reports it as an obsolete package. It's empty, and
even on a system running sysvinit it can be removed without
causing any issue.
- - - - -
f68f9c73 by Andrea Bolognani at 2023-01-28T17:10:09+01:00
Document changes and release 9.0.0-1
- - - - -
13 changed files:
- debian/changelog
- debian/control
- debian/copyright
- debian/libvirt-daemon-system.postinst
- debian/libvirt0.symbols
- + debian/patches/backport/apparmor-Allow-umount-dev.patch
- − debian/patches/backport/docs-Fix-typo-in-virt-qemu-sev-validate-1.patch
- + debian/patches/backport/qemu_interface-Fix-managed-no-case-when-creating-an-ether.patch
- − debian/patches/backport/tools-Fix-interpreter-for-virt-qemu-sev-validate.patch
- − debian/patches/backport/tools-Fix-style-issues-in-virt-qemu-sev-validate.patch
- debian/patches/debian/apparmor_profiles_local_include.patch
- debian/patches/forward/Reduce-udevadm-settle-timeout-to-10-seconds.patch
- debian/patches/series
Changes:
=====================================
debian/changelog
=====================================
@@ -1,3 +1,23 @@
+libvirt (9.0.0-1) unstable; urgency=medium
+
+ * [45d077a] libvirt-daemon-system: Make default files functionally empty
+ - On systems running systemd, libvirtd will now follow the upstream
+ behavior of starting on demand via socket activation and shutting down
+ automatically after having been idle for 120 seconds
+ * [40fe229] Drop obsolete package transition logic
+ - The oldest version that we expect to be upgrading from is 6.0.0-1
+ * [5bb56e9] Drop obsolete UML-related files
+ - The UML driver was dropped in version 5.0.0-1
+ * [f9f3a4d] New upstream version 9.0.0
+ * [30dad26] patches: Drop obsolete backports
+ * [157a5ec] patches: Add backports
+ - backport/apparmor-Allow-umount-dev.patch
+ - backport/qemu_interface-Fix-managed-no-case-when-creating-an-ether.patch
+ * [94f11a4] libvirt-daemon-sysv: Remove dependency on lsb-base
+ - The package is obsolete
+
+ -- Andrea Bolognani <eof at kiyuko.org> Sat, 28 Jan 2023 17:03:53 +0100
+
libvirt (8.10.0-3) unstable; urgency=medium
[ Michael Biebl ]
=====================================
debian/control
=====================================
@@ -384,7 +384,6 @@ Package: libvirt-daemon-system-sysv
Section: admin
Architecture: all
Depends:
- lsb-base,
${misc:Depends},
Description: Libvirt daemon configuration files (sysv)
Libvirt is a C toolkit to interact with the virtualization capabilities
=====================================
debian/copyright
=====================================
@@ -4,7 +4,7 @@ Source: https://libvirt.org/git/?p=libvirt.git
Comment: in addition see the upstream maintainer AUTHORS file
Files: *
-Copyright: 2005-2022 Red Hat, Inc
+Copyright: 2005-2023 Red Hat, Inc
License: LGPL-2.1+
Comment: Among many source files this also includes many generated, test-data or binary files
=====================================
debian/libvirt-daemon-system.postinst
=====================================
@@ -118,7 +118,7 @@ case "$1" in
touch /var/log/libvirt/"${dir}"/.placeholder
done
- # Obsolete UML stuff included until 8.10.0-4
+ # Obsolete UML stuff included until 9.0.0-1
rm -f /var/log/libvirt/uml/.placeholder
if [ -d /var/log/libvirt/uml ]; then
rmdir --ignore-fail-on-non-empty /var/log/libvirt/uml
=====================================
debian/libvirt0.symbols
=====================================
@@ -134,7 +134,8 @@ libvirt.so.0 libvirt0 #MINVER#
*@LIBVIRT_8.0.0 8.0.0
*@LIBVIRT_8.4.0 8.4.0
*@LIBVIRT_8.5.0 8.5.0
- *@LIBVIRT_PRIVATE_8.10.0 8.10.0
+ *@LIBVIRT_9.0.0 9.0.0
+ *@LIBVIRT_PRIVATE_9.0.0 9.0.0
libvirt-qemu.so.0 libvirt0 #MINVER#
*@LIBVIRT_QEMU_0.8.3 0.8.3
@@ -158,4 +159,4 @@ libvirt-admin.so.0 libvirt0 #MINVER#
*@LIBVIRT_ADMIN_2.0.0 2.0.0~rc1
*@LIBVIRT_ADMIN_3.0.0 3.0.0
*@LIBVIRT_ADMIN_8.6.0 8.9.0
- *@LIBVIRT_ADMIN_PRIVATE_8.10.0 8.10.0
+ *@LIBVIRT_ADMIN_PRIVATE_9.0.0 9.0.0
=====================================
debian/patches/backport/apparmor-Allow-umount-dev.patch
=====================================
@@ -0,0 +1,54 @@
+From: Andrea Bolognani <abologna at redhat.com>
+Date: Wed, 18 Jan 2023 10:28:04 +0100
+Subject: apparmor: Allow umount(/dev)
+
+Commit 379c0ce4bfed introduced a call to umount(/dev) performed
+inside the namespace that we run QEMU in.
+
+As a result of this, on machines using AppArmor, VM startup now
+fails with
+
+ internal error: Process exited prior to exec: libvirt:
+ QEMU Driver error: failed to umount devfs on /dev: Permission denied
+
+The corresponding denial is
+
+ AVC apparmor="DENIED" operation="umount" profile="libvirtd"
+ name="/dev/" pid=70036 comm="rpc-libvirtd"
+
+Extend the AppArmor configuration for virtqemud and libvirtd so
+that this operation is allowed.
+
+Signed-off-by: Andrea Bolognani <abologna at redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn at redhat.com>
+Reviewed-by: Jim Fehlig <jfehlig at suse.com>
+(cherry picked from commit ef4829510549ec68cf80774e98b200a3e7bbe51f)
+---
+ src/security/apparmor/usr.sbin.libvirtd.in | 1 +
+ src/security/apparmor/usr.sbin.virtqemud.in | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/src/security/apparmor/usr.sbin.libvirtd.in b/src/security/apparmor/usr.sbin.libvirtd.in
+index 886f1ad..edb8dd8 100644
+--- a/src/security/apparmor/usr.sbin.libvirtd.in
++++ b/src/security/apparmor/usr.sbin.libvirtd.in
+@@ -35,6 +35,7 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) {
+ mount options=(rw,rslave) -> /,
+ mount options=(rw, nosuid) -> /{var/,}run/libvirt/qemu/*.dev/,
+ umount /{var/,}run/libvirt/qemu/*.dev/,
++ umount /dev/,
+
+ # libvirt provides any mounts under /dev to qemu namespaces
+ mount options=(rw, move) /dev/ -> /{,var/}run/libvirt/qemu/*.dev/,
+diff --git a/src/security/apparmor/usr.sbin.virtqemud.in b/src/security/apparmor/usr.sbin.virtqemud.in
+index 3de03d4..f269c60 100644
+--- a/src/security/apparmor/usr.sbin.virtqemud.in
++++ b/src/security/apparmor/usr.sbin.virtqemud.in
+@@ -35,6 +35,7 @@ profile virtqemud @sbindir@/virtqemud flags=(attach_disconnected) {
+ mount options=(rw,rslave) -> /,
+ mount options=(rw, nosuid) -> /{var/,}run/libvirt/qemu/*.dev/,
+ umount /{var/,}run/libvirt/qemu/*.dev/,
++ umount /dev/,
+
+ # libvirt provides any mounts under /dev to qemu namespaces
+ mount options=(rw, move) /dev/ -> /{,var/}run/libvirt/qemu/*.dev/,
=====================================
debian/patches/backport/docs-Fix-typo-in-virt-qemu-sev-validate-1.patch deleted
=====================================
@@ -1,29 +0,0 @@
-From: Andrea Bolognani <abologna at redhat.com>
-Date: Thu, 8 Dec 2022 16:55:32 +0100
-Subject: docs: Fix typo in virt-qemu-sev-validate(1)
-MIME-Version: 1.0
-Content-Type: text/plain; charset="utf-8"
-Content-Transfer-Encoding: 8bit
-
-Spotted by Lintian (typo-in-manual-page tag).
-
-Signed-off-by: Andrea Bolognani <abologna at redhat.com>
-Reviewed-by: Ján Tomko <jtomko at redhat.com>
-(cherry picked from commit a417571628704b38a31ecd07f0971a6ade986f75)
----
- docs/manpages/virt-qemu-sev-validate.rst | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/docs/manpages/virt-qemu-sev-validate.rst b/docs/manpages/virt-qemu-sev-validate.rst
-index f5f9286..fcbe84b 100644
---- a/docs/manpages/virt-qemu-sev-validate.rst
-+++ b/docs/manpages/virt-qemu-sev-validate.rst
-@@ -556,7 +556,7 @@ on the virtualization host. In that scenario the only three command
- line parameters required are for the TIK, TEK and libvirt domain
- name. It should be able to automatically determine all the other
- information required. If it still reports a failure, this points
--very strongly to the TIK/TEK pair not maching the configured
-+very strongly to the TIK/TEK pair not matching the configured
- DH certificate and session blob.
-
- The ``--debug`` flag will display hashes and/or hex dumps for various
=====================================
debian/patches/backport/qemu_interface-Fix-managed-no-case-when-creating-an-ether.patch
=====================================
@@ -0,0 +1,49 @@
+From: Michal Privoznik <mprivozn at redhat.com>
+Date: Mon, 23 Jan 2023 11:42:18 +0100
+Subject: qemu_interface: Fix managed='no' case when creating an ethernet
+ interface
+
+In a recent commit of v9.0.0-rc1~192 I've tried to forbid case
+where a TAP device already exists, but at the same time it's
+managed by Libvirt (<interface type='ethernet'> <target
+dev='tap0' managed='yes'/> </interface>). NB, if @managed
+attribute is missing then it's assumed to be managed by Libvirt.
+
+Anyway, I've mistakenly put setting of
+VIR_NETDEV_TAP_CREATE_ALLOW_EXISTING flag into managed='yes'
+branch instead of managed='no' branch in
+qemuInterfaceEthernetConnect().
+
+Move the setting of the flag into the correct branch.
+
+Fixes: a2ae3d299cf9c5ada8aa42ec4271748eb479dc27
+Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
+Reviewed-by: Martin Kletzander <mkletzan at redhat.com>
+(cherry picked from commit d6a8b9eef70887e01fa5fd292580e14ca5eab08c)
+---
+ src/qemu/qemu_interface.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/qemu/qemu_interface.c b/src/qemu/qemu_interface.c
+index b6895ce..ed2c209 100644
+--- a/src/qemu/qemu_interface.c
++++ b/src/qemu/qemu_interface.c
+@@ -443,6 +443,9 @@ qemuInterfaceEthernetConnect(virDomainDef *def,
+ _("target managed='no' but specified dev doesn't exist"));
+ goto cleanup;
+ }
++
++ tap_create_flags |= VIR_NETDEV_TAP_CREATE_ALLOW_EXISTING;
++
+ if (virNetDevMacVLanIsMacvtap(net->ifname)) {
+ auditdev = net->ifname;
+ if (virNetDevMacVLanTapOpen(net->ifname, tapfd, tapfdSize) < 0)
+@@ -461,8 +464,6 @@ qemuInterfaceEthernetConnect(virDomainDef *def,
+ if (!net->ifname)
+ template_ifname = true;
+
+- tap_create_flags |= VIR_NETDEV_TAP_CREATE_ALLOW_EXISTING;
+-
+ if (virNetDevTapCreate(&net->ifname, tunpath, tapfd, tapfdSize,
+ tap_create_flags) < 0) {
+ goto cleanup;
=====================================
debian/patches/backport/tools-Fix-interpreter-for-virt-qemu-sev-validate.patch deleted
=====================================
@@ -1,27 +0,0 @@
-From: Andrea Bolognani <abologna at redhat.com>
-Date: Thu, 8 Dec 2022 16:57:23 +0100
-Subject: tools: Fix interpreter for virt-qemu-sev-validate
-MIME-Version: 1.0
-Content-Type: text/plain; charset="utf-8"
-Content-Transfer-Encoding: 8bit
-
-Go through env(1) instead of hardcoding the path to the Python
-interpreter, as we already do for all other Python scripts.
-
-Signed-off-by: Andrea Bolognani <abologna at redhat.com>
-Reviewed-by: Ján Tomko <jtomko at redhat.com>
-(cherry picked from commit f6a19d7264bb26df8108805d3f28d71d7a597342)
----
- tools/virt-qemu-sev-validate | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tools/virt-qemu-sev-validate b/tools/virt-qemu-sev-validate
-index 712a4e4..46a92aa 100755
---- a/tools/virt-qemu-sev-validate
-+++ b/tools/virt-qemu-sev-validate
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/env python3
- #
- # SPDX-License-Identifier: LGPL-2.1-or-later
- #
=====================================
debian/patches/backport/tools-Fix-style-issues-in-virt-qemu-sev-validate.patch deleted
=====================================
@@ -1,49 +0,0 @@
-From: Andrea Bolognani <abologna at redhat.com>
-Date: Thu, 8 Dec 2022 18:00:13 +0100
-Subject: tools: Fix style issues in virt-qemu-sev-validate
-MIME-Version: 1.0
-Content-Type: text/plain; charset="utf-8"
-Content-Transfer-Encoding: 8bit
-
-The script had an incorrect interpreter line until commit
-f6a19d7264bb, so the flake8 check would not realize it needed
-to pick it up and these issues, some of which were present it
-the very first version that was committed, were not being
-reported.
-
-Signed-off-by: Andrea Bolognani <abologna at redhat.com>
-Reviewed-by: Ján Tomko <jtomko at redhat.com>
-(cherry picked from commit 6c4f5af9a07883ab3873884b8a44005a3e6d04e1)
----
- tools/virt-qemu-sev-validate | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/tools/virt-qemu-sev-validate b/tools/virt-qemu-sev-validate
-index 46a92aa..3d8b292 100755
---- a/tools/virt-qemu-sev-validate
-+++ b/tools/virt-qemu-sev-validate
-@@ -849,7 +849,7 @@ class ConfidentialVM(abc.ABC):
- secret64 = b64encode(secret_table_ciphertext).decode('utf8')
- log.debug("Header: %s (%d bytes)", header64, len(header))
- log.debug("Secret: %s (%d bytes)",
-- secret64, len(secret_table_ciphertext))
-+ secret64, len(secret_table_ciphertext))
-
- return header64, secret64
-
-@@ -955,7 +955,7 @@ class LibvirtConfidentialVM(ConfidentialVM):
- self.dom = self.conn.lookupByName(id_name_uuid)
-
- log.debug("VM: id=%d name=%s uuid=%s",
-- self.dom.ID(), self.dom.name(), self.dom.UUIDString())
-+ self.dom.ID(), self.dom.name(), self.dom.UUIDString())
-
- if not self.dom.isActive():
- raise InvalidStateException(
-@@ -1331,5 +1331,6 @@ def main():
- print("ERROR: %s" % e, file=sys.stderr)
- sys.exit(6)
-
-+
- if __name__ == "__main__":
- main()
=====================================
debian/patches/debian/apparmor_profiles_local_include.patch
=====================================
@@ -46,10 +46,10 @@ index ff1d46b..5a50823 100644
#include <local/usr.lib.libvirt.virt-aa-helper>
}
diff --git a/src/security/apparmor/usr.sbin.libvirtd.in b/src/security/apparmor/usr.sbin.libvirtd.in
-index 886f1ad..a4ed6ea 100644
+index edb8dd8..741f3b2 100644
--- a/src/security/apparmor/usr.sbin.libvirtd.in
+++ b/src/security/apparmor/usr.sbin.libvirtd.in
-@@ -138,4 +138,7 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) {
+@@ -139,4 +139,7 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) {
/usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper rmix,
}
=====================================
debian/patches/forward/Reduce-udevadm-settle-timeout-to-10-seconds.patch
=====================================
@@ -10,7 +10,7 @@ Closes: #663931
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/util/virutil.c b/src/util/virutil.c
-index 7e246d2..5bb1549 100644
+index ddc6600..ad0aa07 100644
--- a/src/util/virutil.c
+++ b/src/util/virutil.c
@@ -1247,7 +1247,7 @@ void virWaitForDevices(void)
=====================================
debian/patches/series
=====================================
@@ -1,6 +1,5 @@
-backport/docs-Fix-typo-in-virt-qemu-sev-validate-1.patch
-backport/tools-Fix-interpreter-for-virt-qemu-sev-validate.patch
-backport/tools-Fix-style-issues-in-virt-qemu-sev-validate.patch
+backport/apparmor-Allow-umount-dev.patch
+backport/qemu_interface-Fix-managed-no-case-when-creating-an-ether.patch
forward/Skip-vircgrouptest.patch
forward/Reduce-udevadm-settle-timeout-to-10-seconds.patch
forward/Pass-GPG_TTY-env-var-to-the-ssh-binary.patch
View it on GitLab: https://salsa.debian.org/libvirt-team/libvirt/-/compare/77de548300c2804f599d1cfc9f558f8e14198ad7...f68f9c7363f4be4e9cce7eb4c86683911b7e6759
--
View it on GitLab: https://salsa.debian.org/libvirt-team/libvirt/-/compare/77de548300c2804f599d1cfc9f558f8e14198ad7...f68f9c7363f4be4e9cce7eb4c86683911b7e6759
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-libvirt-commits/attachments/20230128/6ee31d13/attachment-0001.htm>
More information about the Pkg-libvirt-commits
mailing list