[Pkg-libvirt-commits] [Git][libvirt-team/libvirt][debian/latest] 56 commits: dirs: Don't list /usr/share/polkit-1/rules.d
Guido Günther (@agx)
gitlab at salsa.debian.org
Mon Aug 26 14:41:59 BST 2024
Guido Günther pushed to branch debian/latest at Libvirt Packaging Team / libvirt
Commits:
ad44f4f6 by Andrea Bolognani at 2024-08-24T13:36:12+02:00
dirs: Don't list /usr/share/polkit-1/rules.d
We install a file inside it, which automatically takes care of
creating the directory. No need to list it explicitly.
This was probably needed in the past since polkit support is
conditionally enabled, but these days the binary package itself
is Linux only so we can keep things simple.
Gbp-Dch: Ignore
- - - - -
ebce687d by Andrea Bolognani at 2024-08-25T15:45:58+02:00
control: Drop unnecessary use of ${source:Version}
In order to ensure that the package is binNMU-able, we need to
play some shenanigans when it comes to dependencies between
arch:all and arch:any packages.
In the case of libvirt-daemon-system and libvirt0, however,
both packages are arch:any so we can simply use
${binary:Version}, as is already the case for its other
dependencies.
Gbp-Dch: Ignore
- - - - -
9ae33a06 by Andrea Bolognani at 2024-08-25T15:49:52+02:00
snippets: Transfer conffiles on update too
When the conffile transfer functionality was initially
implemented, we only needed it to handle a single scenario:
moving conffiles between existing packages and newly-introduced
package.
Soon, we will need it to handle an additional scenario: moving
conffiles between two existing packages.
Luckily, making this work only requires a small tweak to the
gating check. The actual logic applies completely unchanged.
Gbp-Dch: Ignore
- - - - -
741ed5e0 by Andrea Bolognani at 2024-08-25T15:49:52+02:00
snippets: Introduce firstver for conffile transfer
Our logic currently assumes that the conffile we're trying to
transfer has existed in the package since forever, and that
assumption applies to most cases so it hasn't caused any trouble
until now.
However, libvirt 10.4.0 introduced a new conffile that we want
to be able to transfer between packages, and we need to make
sure that its absence is not misinterpreted.
In order to do that, introduce a new parameter "firstver" for
all conffile transfer functions. This will contain the first
version that added the conffile to "pkgfrom".
For all existing conffiles, use 6.0.0-0 as "firstver". This
might look odd, but it ensures that upgrades from the version
of libvirt shipped with Ubuntu 20.04 will work correctly.
We could hunt for more accurate versioning information, but
that would require an annoying amount of additional work and
we don't really care about anything older than that anyway.
Gbp-Dch: Ignore
- - - - -
a7383b13 by Andrea Bolognani at 2024-08-25T15:49:52+02:00
snippets: Rename firstver for template handling
For consistency with the conffile transfer code.
Gbp-Dch: Ignore
- - - - -
d3fc39de by Andrea Bolognani at 2024-08-25T15:49:52+02:00
snippets: Delete unchanged conffile on transfer
The current approach to conffile transfer is to always preserve
the existing file.
This is extremely safe, but it has one significant drawback:
if the contents of the conffile, as shipped, have been changed
since the original package version, then the user will miss out
on those improvements.
We can do better.
If the conffile has been customized by the user, of course we
still have no choice but to preserve its contents, otherwise we
would risk breaking the user's setup.
If its contents still match the default, however, we can skip
the entire conffile transfer process and simply allow pkgto to
install its own (updated, improved) version of the conffile.
Incidentally, this matches perfectly dpkg's own handling of
conffiles, where conffiles are silently upgraded unless local
changes are present.
Gbp-Dch: Ignore
- - - - -
82dc7126 by Andrea Bolognani at 2024-08-25T15:49:53+02:00
postrm: Move cleanup of obsolete AppArmor files to purge
purge, not abort-{install,upgrade}, is the appropriate time
to clean up after ourselves.
Gbp-Dch: Ignore
- - - - -
9748cf44 by Andrea Bolognani at 2024-08-25T15:49:53+02:00
postrm: Fix cleanup of obsolete AppArmor files
rmdir --ignore-fail-on-non-empty will still fail if the
directory doesn't exist at all, so we should make sure that
it does before attempting to delete it.
Gbp-Dch: Ignore
- - - - -
e5ac3c32 by Andrea Bolognani at 2024-08-25T15:49:53+02:00
postinst: Make cleanup of local AppArmor abstraction conditional
Right now we perform the cleanup unconditionally, but there's
a scenario in which that could be problematic.
Old versions of the abstractions, including those shipped in
bookworm, were written with AppArmor 2 in mind, which didn't
implement the "include if exists" directive.
If we were to bring forward such a configuration, specifically
because of the abstractions undergoing the conffile transfer
process, and also deleted the local abstractions at the same
time because they're empty, the profiles would become invalid
and VM startup completely broken.
In order to avoid that possibility, only delete the local
abstractions if the AppArmor configuration has not been
customized by the local admin. In that case, we know that the
abstraction itself will use the "include if exist" directive
and thus that it's fine for the local abstractions not to be
present.
Gbp-Dch: Ignore
- - - - -
a834ab67 by Andrea Bolognani at 2024-08-25T15:49:53+02:00
control: Temporarily drop generated file
In order to make upcoming changes easier to review, the
generated file is temporary dropped. It will be re-introduced
once we're done, obviously, since the package can't be built
at all with it missing.
Gbp-Dch: Ignore
- - - - -
042a8cc6 by Andrea Bolognani at 2024-08-25T15:49:53+02:00
control: Introduce common package
The libvirt.conf and libvirt-admin.conf configuration files
are parsed by the library itself to ensure that whatever client
is used, including third-party ones such as virt-manager, will
obey the settings contained therein.
Accordingly, the files should live in the library package, not
together with the default clients.
However, since the library package itself is Multi-Arch aware
and so it's possible to install multiple copies of it in
parallel, it's likely not a good idea to include conffiles in
it.
Take a slightly different approach, and create a common package
for the conffiles to live in. Since we're at it, we can move
all existing data files to it as well, eliminating the risk to
have any conflict whatsoever.
All other binary package currently point to libvirt0 for their
docs, and we have to switch them to libvirt-common instead.
Luckily the dir_to_symlink dpkg-maintscript-helper command is
very robust, and will behave correctly if the switch to symlink
has already been performed in a previous update: in that case,
the old symlink will simply be replaced with the new one.
Gbp-Dch: Ignore
- - - - -
93339500 by Andrea Bolognani at 2024-08-25T15:49:53+02:00
control: Introduce daemon-common package
As of today, Debian only ships the libvirtd monolithic daemon.
Modular daemons were introduced several years ago as a more
secure and flexible alternative, and they're currently the
recommended deployment option both upstream and in other distros
such as Fedora.
Our long-term goal is to make a modular deployment possible in
Debian too, but a significant amount of work is still necessary
for that to happen. As a preparatory step, move some files that
are needed both for monolithic and modular deployments into a
separate package.
Appropriate package relationship are declared to ensure that
things will behave as expected at upgrade time. The usual dance
is performed to correctly transfer conffiles between packages.
It's worth noting that a couple of commands (virt-admin,
virt-host-validate) are moved into this new package from the
libvirt-clients package. While this might look surprising, it's
actually the right thing to do: both tools are only useful
when run directly on the virtualization host, so they don't
belong in the libvirt-clients package, which can be installed
a client machine to manage a remote hypervisor.
This commit moves files and conffiles, but a few additional
items need to be handled too. That will happen in the next
couple of commits.
- - - - -
55ceeffd by Andrea Bolognani at 2024-08-25T15:49:53+02:00
dirs: Move to daemon-common
A few directories are not specific to any driver, so they
belong to the common package.
Gbp-Dch: Ignore
- - - - -
2337edb8 by Andrea Bolognani at 2024-08-25T15:49:53+02:00
postinst: Move user handling to daemon-common
The "libvirt" group is not specific to any hypervisor driver,
so it should be handled by the common package.
Gbp-Dch: Ignore
- - - - -
ec69c794 by Andrea Bolognani at 2024-08-25T15:49:53+02:00
control: Move more files to daemon package
These configuration items, including systemd units and sysv
init script, belong together with the corresponding daemon.
Gbp-Dch: Ignore
- - - - -
fb2e0937 by Andrea Bolognani at 2024-08-25T15:49:53+02:00
control: Introduce daemon-log package
This package contains the virtlogd daemon along with all its
configuration files, including systemd units and sysv init
script.
Gbp-Dch: Ignore
- - - - -
e99f1955 by Andrea Bolognani at 2024-08-25T15:49:53+02:00
control: Introduce daemon-lock package
This package contains the virtlockd daemon along with all its
configuration files, including systemd units and sysv init
script.
Gbp-Dch: Ignore
- - - - -
0110b9f5 by Andrea Bolognani at 2024-08-25T15:49:53+02:00
rules: Adjust service configuration
After the recent changes, we need to update the calls to
service-related debhelper tools so that they can work again.
Things are actually somewhat simpler after the change, since
we no longer need to install the sysv init script and the
default file for each service into separate packages. This was
necessary in the past, when Debian tooling got confused by the
presence of the sysv init script and didn't handle systemd
units correctly on upgrade; those bugs have since been
addressed, so there is no longer any reason to have separate
packages for systemd and sysv init support, and we can just
keep everything together just like every other package in
Debian already does.
Gbp-Dch: Ignore
- - - - -
d776368f by Andrea Bolognani at 2024-08-25T15:49:53+02:00
control: Mark daemon-system-* packages as dummy
Now that the bugs that caused them to be created have been
long fixed, we can finally get rid of these annoying extra
packages and return to a less quirky setup.
- - - - -
9497159f by Andrea Bolognani at 2024-08-25T15:49:53+02:00
install: Move conffiles to daemon-driver-xen
We no longer need to make the installation conditional, as
the entire package is only built on ARCHES_XEN.
Gbp-Dch: Ignore
- - - - -
504c5cc4 by Andrea Bolognani at 2024-08-25T15:49:53+02:00
install: Move conffiles to daemon-driver-lxc
We no longer need to make the installation conditional, as
the entire package is only built on ARCHES_LXC.
Gbp-Dch: Ignore
- - - - -
5b046538 by Andrea Bolognani at 2024-08-25T15:49:53+02:00
dirs: Move to daemon-driver-lxc
Gbp-Dch: Ignore
- - - - -
75de05f5 by Andrea Bolognani at 2024-08-25T15:49:53+02:00
install: Move conffiles to daemon-driver-qemu
We no longer need to make the installation conditional, as
the entire package is only built on ARCHES_QEMU.
Gbp-Dch: Ignore
- - - - -
060b0bec by Andrea Bolognani at 2024-08-25T15:49:53+02:00
dirs: Move to daemon-driver-qemu
Gbp-Dch: Ignore
- - - - -
68b263fe by Andrea Bolognani at 2024-08-25T15:49:53+02:00
postinst: Move user handling to daemon-driver-qemu
The "qemu" user/group is specific to the QEMU driver and it
should be handled by the corresponding package. This requires
moving the debconf templates too, since the prompt is related
to UID/GID allocation.
Gbp-Dch: Ignore
- - - - -
05d29bd7 by Andrea Bolognani at 2024-08-25T15:49:53+02:00
control: Introduce daemon-driver-network package
This package contains the network driver along with all its
data and configuration files.
Note that, in this one case, the value for "firstver" as
passed to the various functions implementing conffile transfer
is the fairly recent version in which network.conf was
introduced.
Gbp-Dch: Ignore
- - - - -
28407562 by Andrea Bolognani at 2024-08-25T15:49:53+02:00
control: Introduce daemon-driver-nwfilter package
This package contains the nwfilter driver along with all its
data and configuration files.
Gbp-Dch: Ignore
- - - - -
8686b08d by Andrea Bolognani at 2024-08-25T15:49:53+02:00
control: Introduce daemon-driver-storage package
This package contains the storage driver along with all its
data and configuration files.
Note that this contains just the core storage handling
functionality: the storage driver itself and the "fs" storage
driver. Additional storage drivers will be shipped in separate
packages.
Gbp-Dch: Ignore
- - - - -
692c662b by Andrea Bolognani at 2024-08-25T15:49:53+02:00
control: Introduce daemon-driver-storage-logical package
This package contains the LVM backend for the storage driver.
Gbp-Dch: Ignore
- - - - -
69a46d1d by Andrea Bolognani at 2024-08-25T15:49:53+02:00
control: Introduce daemon-driver-storage-disk package
This package contains the disk backend for the storage driver.
Gbp-Dch: Ignore
- - - - -
1d10655c by Andrea Bolognani at 2024-08-25T15:49:53+02:00
control: Introduce daemon-driver-storage-scsi package
This package contains the scsi backend for the storage driver.
Gbp-Dch: Ignore
- - - - -
7aec204a by Andrea Bolognani at 2024-08-25T15:49:53+02:00
control: Introduce daemon-driver-storage-iscsi package
This package contains the iscsi backend for the storage driver.
Gbp-Dch: Ignore
- - - - -
d81ff23e by Andrea Bolognani at 2024-08-25T15:49:53+02:00
control: Introduce daemon-driver-storage-mpath package
This package contains the multipath backend for the storage driver.
Gbp-Dch: Ignore
- - - - -
2367c4b6 by Andrea Bolognani at 2024-08-25T15:49:53+02:00
control: Introduce daemon-driver-interface package
This package contains the interface driver.
Gbp-Dch: Ignore
- - - - -
5203e5b8 by Andrea Bolognani at 2024-08-25T15:49:53+02:00
control: Introduce daemon-driver-nodedev package
This package contains the nodedev driver.
Gbp-Dch: Ignore
- - - - -
5e540891 by Andrea Bolognani at 2024-08-25T15:49:53+02:00
control: Introduce daemon-driver-secret package
This package contains the secret driver.
Gbp-Dch: Ignore
- - - - -
c3ff0950 by Andrea Bolognani at 2024-08-25T15:49:53+02:00
control: Introduce daemon-plugin-lockd package
This package contains the plugin that relies on virtlockd.
Gbp-Dch: Ignore
- - - - -
94b13fe7 by Andrea Bolognani at 2024-08-25T15:49:53+02:00
control: Introduce daemon-plugin-sanlock package
This package contains the plugin that relies on sanlock.
It's mostly a rename of the existing libvirt-sanlock for
consistency with the just-introduce libvirt-daemon-plugin-lockd,
but a few additional files are moved over from libvirt-daemon
as well.
Gbp-Dch: Ignore
- - - - -
bedb674f by Andrea Bolognani at 2024-08-25T15:49:53+02:00
dirs: Move to daemon-plugin-sanlock
Gbp-Dch: Ignore
- - - - -
0ac1f2c1 by Andrea Bolognani at 2024-08-25T15:49:53+02:00
control: Mark sanlock package as dummy
The daemon-plugin-sanlock package replaced it.
- - - - -
5adbed5c by Andrea Bolognani at 2024-08-25T15:49:53+02:00
install: Split AppArmor configuration across packages
Bits that are tied to a specific binary go in the same package
as that binary, while bits that are tied to a specific
hypervisor driver go in the same package as that driver.
Gbp-Dch: Ignore
- - - - -
9a042e58 by Andrea Bolognani at 2024-08-25T15:49:53+02:00
control: Make daemon-plugin-lockd depend on daemon-lock
The plugin requires virtlockd to work.
Gbp-Dch: Ignore
- - - - -
0916418c by Andrea Bolognani at 2024-08-25T15:49:53+02:00
control: Make daemon-driver-qemu depend on daemon-log
The QEMU driver needs virtlogd to work.
Gbp-Dch: Ignore
- - - - -
a0dcbe57 by Andrea Bolognani at 2024-08-25T15:49:53+02:00
control: Make daemon-config-network depend on daemon-driver-network
It doesn't make sense to install the configuration without the
corresponding driver.
Gbp-Dch: Ignore
- - - - -
e7cb93d6 by Andrea Bolognani at 2024-08-25T15:49:53+02:00
control: Make daemon-config-nwfilter depend on daemon-driver-nwfilter
It doesn't make sense to install the configuration without the
corresponding driver.
Gbp-Dch: Ignore
- - - - -
6210d269 by Andrea Bolognani at 2024-08-25T15:49:53+02:00
control: Downgrade several Depends to Recommends
When introducing all the new packages that (partially) replace
existing ones, we have liberally added Depends from the old
packages to the new ones, in order to ensure that existing
installations would not lose functionality on upgrade.
In some cases, however, these strong dependency are undesirable
and can even cause dependency loops, which is something that we
want to avoid.
In order to make things better, we now downgrade several of
those Depends to Recommends.
This still achieves our goal of ensuring smooth upgrades, since
disabling Recommends is a "you get to keep both pieces" kind of
deal, especially during upgrades, while at the same time making
it possible to obtain smaller/cleaner installs by strategically
removing certain packages.
The detailed list of Depends that are weakened to Recommends is
as such:
daemon-system -> daemon-driver-lxc, daemon-driver-xen
daemon -> daemon-*
daemon-plugin-lockd -> daemon
daemon-plugin-sanlock -> daemon
There is a single scenario in which we don't simply downgrade
the dependency, but drop it altogether instead: that's the
clients -> daemon-common
dependency. In this case, we really don't want the client
package to drag in part of the daemon package, even if it's
just a few files, since it's very common to install the client
package to connect to a remote hypervisor.
This is safe to do in this specific case because the files
that we've moved between packages, namely the virt-admin and
virt-host-validate commands, only work when run locally on the
hypervisor host, so we can be sure that anyone who actually
needs them also has the full daemon package installed.
Gbp-Dch: Ignore
- - - - -
5067dfa0 by Andrea Bolognani at 2024-08-25T15:49:53+02:00
control: Make daemon-common depend on sensible-utils
It's used by virt-admin.
Gbp-Dch: Ignore
- - - - -
ab097e20 by Andrea Bolognani at 2024-08-25T15:49:53+02:00
control: Split and move Enhances
Each driver enhances the corresponding hypervisor.
Gbp-Dch: Ignore
- - - - -
ab594e65 by Andrea Bolognani at 2024-08-25T15:49:53+02:00
control: Shuffle external dependencies
We've already taken care of all internal dependencies, now it's
time for the external ones.
Most of the changes are obvious: for example, it makes perfect
sense that the QEMU driver would be the one depending on QEMU.
In a few cases, such as for adduser, dependencies had to be
duplicated since the maintainer script snippet that uses them
has been split across multiple binary packages.
Gbp-Dch: Ignore
- - - - -
05c4c2ce by Andrea Bolognani at 2024-08-25T15:49:53+02:00
control: Update description for daemon-system
The old description is no longer accurate.
Gbp-Dch: Ignore
- - - - -
28bbdf80 by Andrea Bolognani at 2024-08-25T15:49:53+02:00
control: Re-introduce generated file
So that the package can once again be built.
Gbp-Dch: Ignore
- - - - -
00d83d73 by Andrea Bolognani at 2024-08-25T15:49:53+02:00
lintian: Move overrides
The warnings we want to override remain the same, but the
packages they apply to have changed.
Gbp-Dch: Ignore
- - - - -
19f39a35 by Andrea Bolognani at 2024-08-25T15:49:53+02:00
lintian: Add source overrides
The dummy transitional packages that we've recently introduced
all share the same description, which lintian doesn't like.
Gbp-Dch: Ignore
- - - - -
cf64ba3b by Andrea Bolognani at 2024-08-25T15:49:53+02:00
install: Perform usr-merge transition
Move all systemd units as well as the NSS plugin under /usr.
Note that this change is performed in the simplest possible way,
which has the downside of making the package no longer trivially
backportable to bookworm. This is considered fine since other
changes implemented during the trixie development cycle, namely
the 64-bit time_t transition, make such backports very hard to
perform.
Closes: #1064126
Thanks: Michael Biebl, Helmut Grohne
- - - - -
f60bf532 by Andrea Bolognani at 2024-08-25T15:49:53+02:00
news: Update with information about recent changes
Gbp-Dch: Ignore
- - - - -
293f6232 by Andrea Bolognani at 2024-08-25T15:52:19+02:00
Document changes and release 10.6.0-2
- - - - -
30 changed files:
- debian/NEWS
- debian/changelog
- debian/control
- debian/control.in
- debian/libnss-libvirt.install.in
- debian/libnss-libvirt.links
- debian/libnss-libvirt.maintscript
- debian/libvirt-clients-qemu.links
- debian/libvirt-clients-qemu.maintscript
- debian/libvirt-clients.install.in
- debian/libvirt-clients.links
- debian/libvirt-clients.maintscript
- debian/libvirt-clients.postrm.in
- debian/libvirt-clients.preinst.in
- debian/libvirt0.docs → debian/libvirt-common.docs
- + debian/libvirt-common.install.in
- + debian/libvirt-common.postinst.in
- + debian/libvirt-daemon-common.dirs
- + debian/libvirt-daemon-common.install.in
- debian/libvirt-daemon-system.libvirt-guests.default → debian/libvirt-daemon-common.libvirt-guests.default
- debian/libvirt-daemon-system-sysv.libvirt-guests.init → debian/libvirt-daemon-common.libvirt-guests.init
- + debian/libvirt-daemon-common.links
- + debian/libvirt-daemon-common.lintian-overrides
- + debian/libvirt-daemon-common.postinst.in
- + debian/libvirt-daemon-common.postrm.in
- debian/libvirt-daemon-config-network.links
- debian/libvirt-daemon-config-network.maintscript
- debian/libvirt-daemon-config-network.postinst.in
- debian/libvirt-daemon-config-nwfilter.links
- debian/libvirt-daemon-config-nwfilter.maintscript
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/libvirt-team/libvirt/-/compare/8f151d673aa2cceb333942d27ec9941e112887e1...293f6232563469e1e25cce8128dd9bf82bc84a99
--
View it on GitLab: https://salsa.debian.org/libvirt-team/libvirt/-/compare/8f151d673aa2cceb333942d27ec9941e112887e1...293f6232563469e1e25cce8128dd9bf82bc84a99
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-libvirt-commits/attachments/20240826/bd717bac/attachment-0001.htm>
More information about the Pkg-libvirt-commits
mailing list