[Pkg-libvirt-commits] [Git][libvirt-team/libvirt][debian/latest] 5 commits: Remove armhf from ARCHES_XEN
Andrea Bolognani (@abologna)
gitlab at salsa.debian.org
Fri Dec 27 16:51:18 GMT 2024
Andrea Bolognani pushed to branch debian/latest at Libvirt Packaging Team / libvirt
Commits:
c8f1b0f5 by Maximilian Engelhardt at 2024-12-26T01:28:45+01:00
Remove armhf from ARCHES_XEN
Starting with version 4.19, the xen package in Debian will
stop building xen on the armhf architecture.
Closes: #1090990
- - - - -
db8e6b78 by Andrea Bolognani at 2024-12-26T01:33:41+01:00
patches: Add backport/lxc-remove-no-longer-working-netns-[...]
Closes: #1088929
- - - - -
a0ba9b44 by Andrea Bolognani at 2024-12-27T15:37:47+01:00
control: Once again prefer iptables for the network driver
The nftables backend was unfortunately found to have serious
compatibility issues with popular software such as Docker and
ufw (the default firewall in Ubuntu). Given the situation, it
doesn't seem wise to make it the default backend in Debian quite
yet.
This reverts commit 4a7c66d5c3cfaf5247518cd6d321424672803f3d
almost completely; however, the possibility to have nftables
satisfy the dependencies for the network driver is retained.
This will allow users to manually switch backends without
needing to have iptables installed as well.
Closes: #1090355
- - - - -
56262818 by Andrea Bolognani at 2024-12-27T15:37:47+01:00
control: Sort Build-Depends
devscripts 2.24.8 changed the behavior of wrap-and-sort,
specifically making it so debhelper and friends are always sorted
first. Update to cope with this change so that the package can
be built in unstable.
Gbp-Dch: Ignore
- - - - -
5c99e06c by Andrea Bolognani at 2024-12-27T15:38:05+01:00
Document changes and release 10.10.0-4
- - - - -
8 changed files:
- debian/NEWS
- debian/arches.mk
- debian/changelog
- debian/control
- debian/control.in
- + debian/patches/backport/lxc-remove-no-longer-working-netns-check.patch
- debian/patches/series
- debian/rules
Changes:
=====================================
debian/NEWS
=====================================
@@ -1,26 +1,17 @@
-libvirt (10.10.0-2) experimental; urgency=medium
+libvirt (10.10.0-4) unstable; urgency=medium
- nftables is now used by default in the network driver.
+ nftables support is now available in the network driver.
- This makes it finally possible to use libvirt without having
- iptables installed on the system, but there are still a couple
- of caveats:
+ The default backend is still iptables for now, since the nftables
+ backend is incompatible with popular software such as Docker and
+ ufw (see #1090355 for details). Additionally, the nwfilter driver
+ only supports iptables at this time.
- * the nwfilter driver hasn't been converted to nftables yet,
- so if that's installed iptables will be dragged in;
+ Users for whom these caveats are not relevant can switch to the
+ nftables backend by editing /etc/libvirt/network.conf; after doing
+ so, they'll be able to safely uninstall the iptables package.
- * the libvirt-daemon-system package, now a convenient way to
- quickly bring up a reasonably featured QEMU-based hypervisor,
- depends on both the network and nwfilter drivers, which means
- that going that route will cause iptables to be installed and
- used for both.
-
- If not having iptables present on the system is a hard
- requirement, individual libvirt components (obviously excluding
- the nwfilter driver) will have to be selected and installed
- manually.
-
- -- Andrea Bolognani <eof at kiyuko.org> Thu, 05 Dec 2024 23:38:13 +0100
+ -- Andrea Bolognani <eof at kiyuko.org> Fri, 27 Dec 2024 15:33:13 +0100
libvirt (10.6.0-2) experimental; urgency=medium
=====================================
debian/arches.mk
=====================================
@@ -1,7 +1,7 @@
ARCHES_CEPH = amd64 arm64 loong64 mips64el ppc64el riscv64 s390x
ARCHES_GLUSTER = amd64 arm64 ia64 loong64 mips64el ppc64 ppc64el riscv64 s390x sparc64
ARCHES_QEMU = amd64 arm64 armel armhf i386 loong64 mips64el mipsel powerpc ppc64 ppc64el riscv64 s390x sparc64 x32
-ARCHES_XEN = amd64 arm64 armhf
+ARCHES_XEN = amd64 arm64
ARCHES_VBOX = amd64 i386
ARCHES_DMIDECODE = amd64 arm64 armhf i386 riscv64 loong64 x32
=====================================
debian/changelog
=====================================
@@ -1,3 +1,29 @@
+libvirt (10.10.0-4) unstable; urgency=medium
+
+ [ Pino Toscano ]
+ * [38ace20] Unconditionally enable LXC support on all Linux architectures
+ - Previously we had to explicitly avoid enabling it on ia64, but now that
+ the architecture has been dropped from Debian we can simplify things
+
+ [ Maximilian Engelhardt ]
+ * [c8f1b0f] Remove armhf from ARCHES_XEN
+ - As of 4.19.1-1, Xen is no longer being built on armhf
+ - Closes: #1090990
+
+ [ Andrea Bolognani ]
+ * [db8e6b7] patches: Add backport/lxc-remove-no-longer-working-netns-[...]
+ - Closes: #1088929
+ * [a0ba9b4] control: Once again prefer iptables for the network driver
+ - Undoes the change introduced in 10.10.0-2
+ - Unfortunately there are serious compatibility issues between the
+ nftables backend and popular software such as Docker and ufw, so it's
+ not a suitable default for Debian
+ - It's still possible for users to manually switch to the nftables
+ backend and uninstall iptables if they so desire
+ - Closes: #1090355
+
+ -- Andrea Bolognani <eof at kiyuko.org> Fri, 27 Dec 2024 15:33:23 +0100
+
libvirt (10.10.0-3) unstable; urgency=medium
[ Heinrich Schuchardt ]
=====================================
debian/control
=====================================
@@ -6,10 +6,10 @@ Uploaders:
Guido Günther <agx at sigxcpu.org>,
Andrea Bolognani <eof at kiyuko.org>,
Build-Depends:
- augeas-tools [linux-any],
- bash-completion,
debhelper-compat (= 13),
dh-apparmor [linux-any],
+ augeas-tools [linux-any],
+ bash-completion,
kmod [linux-any],
libacl1-dev [linux-any],
libapparmor-dev (>= 3.0.0) [linux-any],
@@ -45,7 +45,7 @@ Build-Depends:
libtirpc-dev,
libudev-dev [linux-any],
libwireshark-dev [linux-any],
- libxen-dev [amd64 arm64 armhf],
+ libxen-dev [amd64 arm64],
libxml2-dev,
libxml2-utils,
lvm2 [linux-any],
@@ -162,7 +162,7 @@ Recommends:
libvirt-daemon-driver-storage-mpath (= ${binary:Version}),
libvirt-daemon-driver-storage-scsi (= ${binary:Version}),
libvirt-daemon-driver-vbox (= ${binary:Version}) [amd64 i386],
- libvirt-daemon-driver-xen (= ${binary:Version}) [amd64 arm64 armhf],
+ libvirt-daemon-driver-xen (= ${binary:Version}) [amd64 arm64],
libvirt-daemon-lock (= ${binary:Version}),
libvirt-daemon-plugin-lockd (= ${binary:Version}),
libvirt-daemon-plugin-sanlock (= ${binary:Version}),
@@ -357,7 +357,7 @@ Description: Virtualization daemon VirtualBox connection driver
Package: libvirt-daemon-driver-xen
Section: admin
-Architecture: amd64 arm64 armhf
+Architecture: amd64 arm64
Multi-Arch: no
Depends:
libvirt-common (= ${binary:Version}),
@@ -612,10 +612,10 @@ Architecture: linux-any
Multi-arch: no
Depends:
dnsmasq-base,
+ iptables | nftables,
libvirt-common (= ${binary:Version}),
libvirt-daemon (= ${binary:Version}),
libvirt0 (= ${binary:Version}),
- nftables | iptables,
${misc:Depends},
${shlibs:Depends},
Breaks:
@@ -793,7 +793,7 @@ Depends:
${misc:Depends},
Recommends:
libvirt-daemon-driver-lxc (= ${binary:Version}) [linux-any],
- libvirt-daemon-driver-xen (= ${binary:Version}) [amd64 arm64 armhf],
+ libvirt-daemon-driver-xen (= ${binary:Version}) [amd64 arm64],
libvirt-daemon-lock (= ${binary:Version}),
Description: Virtualization daemon typical deployment
Libvirt is a C toolkit to interact with the virtualization capabilities
=====================================
debian/control.in
=====================================
@@ -6,10 +6,10 @@ Uploaders:
Guido Günther <agx at sigxcpu.org>,
Andrea Bolognani <eof at kiyuko.org>,
Build-Depends:
- augeas-tools [linux-any],
- bash-completion,
debhelper-compat (= 13),
dh-apparmor [linux-any],
+ augeas-tools [linux-any],
+ bash-completion,
kmod [linux-any],
libacl1-dev [linux-any],
libapparmor-dev (>= 3.0.0) [linux-any],
@@ -612,10 +612,10 @@ Architecture: linux-any
Multi-arch: no
Depends:
dnsmasq-base,
+ iptables | nftables,
libvirt-common (= ${binary:Version}),
libvirt-daemon (= ${binary:Version}),
libvirt0 (= ${binary:Version}),
- nftables | iptables,
${misc:Depends},
${shlibs:Depends},
Breaks:
=====================================
debian/patches/backport/lxc-remove-no-longer-working-netns-check.patch
=====================================
@@ -0,0 +1,112 @@
+From: Leigh Brown <leigh at solinno.co.uk>
+Date: Tue, 3 Dec 2024 16:02:08 +0000
+Subject: lxc: remove no longer working netns check
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+Since iproute2 v6.12.0, the command "ip link set lo netns -1" can
+no longer be used to check for netns support, as it now validates
+PIDs are not less than zero.
+
+Since every kernel we care about has the support, just remove the
+check.
+
+Reviewed-by: Daniel P. Berrangé <berrange at redhat.com>
+Signed-off-by: Leigh Brown <leigh at solinno.co.uk>
+(cherry picked from commit dd217cd9382cb7d67b26c5b3b4be07e5ce88ef86)
+
+Forwarded: not-needed
+Origin: https://gitlab.com/libvirt/libvirt/-/commit/dd217cd9382cb7d67b26c5b3b4be07e5ce88ef86
+---
+ src/lxc/lxc_conf.h | 1 -
+ src/lxc/lxc_driver.c | 36 ------------------------------------
+ 2 files changed, 37 deletions(-)
+
+diff --git a/src/lxc/lxc_conf.h b/src/lxc/lxc_conf.h
+index c0967ac..a639e39 100644
+--- a/src/lxc/lxc_conf.h
++++ b/src/lxc/lxc_conf.h
+@@ -49,7 +49,6 @@ struct _virLXCDriverConfig {
+ char *stateDir;
+ char *logDir;
+ bool log_libvirtd;
+- int have_netns;
+
+ char *securityDriverName;
+ bool securityDefaultConfined;
+diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
+index d682e71..2488940 100644
+--- a/src/lxc/lxc_driver.c
++++ b/src/lxc/lxc_driver.c
+@@ -422,12 +422,6 @@ lxcDomainDefineXMLFlags(virConnectPtr conn, const char *xml, unsigned int flags)
+ if (virSecurityManagerVerify(driver->securityManager, def) < 0)
+ goto cleanup;
+
+- if ((def->nets != NULL) && !(cfg->have_netns)) {
+- virReportError(VIR_ERR_OPERATION_INVALID,
+- "%s", _("System lacks NETNS support"));
+- goto cleanup;
+- }
+-
+ if (!(vm = virDomainObjListAdd(driver->domains, &def,
+ driver->xmlopt,
+ 0, &oldDef)))
+@@ -974,12 +968,6 @@ static int lxcDomainCreateWithFiles(virDomainPtr dom,
+ if (virDomainCreateWithFilesEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
+- if ((vm->def->nets != NULL) && !(cfg->have_netns)) {
+- virReportError(VIR_ERR_OPERATION_INVALID,
+- "%s", _("System lacks NETNS support"));
+- goto cleanup;
+- }
+-
+ if (virDomainObjBeginJob(vm, VIR_JOB_MODIFY) < 0)
+ goto cleanup;
+
+@@ -1088,13 +1076,6 @@ lxcDomainCreateXMLWithFiles(virConnectPtr conn,
+ if (virSecurityManagerVerify(driver->securityManager, def) < 0)
+ goto cleanup;
+
+- if ((def->nets != NULL) && !(cfg->have_netns)) {
+- virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+- "%s", _("System lacks NETNS support"));
+- goto cleanup;
+- }
+-
+-
+ if (!(vm = virDomainObjListAdd(driver->domains, &def,
+ driver->xmlopt,
+ VIR_DOMAIN_OBJ_LIST_ADD_LIVE |
+@@ -1386,22 +1367,6 @@ lxcDomainDestroy(virDomainPtr dom)
+ return lxcDomainDestroyFlags(dom, 0);
+ }
+
+-static int lxcCheckNetNsSupport(void)
+-{
+- g_autoptr(virCommand) cmd = virCommandNewArgList("ip", "link", "set", "lo",
+- "netns", "-1", NULL);
+- int ip_rc;
+-
+- if (virCommandRun(cmd, &ip_rc) < 0 || ip_rc == 255)
+- return 0;
+-
+- if (virProcessNamespaceAvailable(VIR_PROCESS_NAMESPACE_NET) < 0)
+- return 0;
+-
+- return 1;
+-}
+-
+-
+ static virSecurityManager *
+ lxcSecurityInit(virLXCDriverConfig *cfg)
+ {
+@@ -1481,7 +1446,6 @@ lxcStateInitialize(bool privileged,
+ goto cleanup;
+
+ cfg->log_libvirtd = false; /* by default log to container logfile */
+- cfg->have_netns = lxcCheckNetNsSupport();
+
+ /* Call function to load lxc driver configuration information */
+ if (virLXCLoadDriverConfig(cfg, SYSCONFDIR "/libvirt/lxc.conf") < 0)
=====================================
debian/patches/series
=====================================
@@ -1,5 +1,6 @@
backport/virt-aa-helper-allow-riscv64-EDK-II.patch
backport/qemu-tpm-do-not-update-profile-name-for-transient-domains.patch
+backport/lxc-remove-no-longer-working-netns-check.patch
debian/Debianize-libvirt-guests.patch
debian/apparmor_profiles_local_include.patch
debian/Use-sensible-editor-by-default.patch
=====================================
debian/rules
=====================================
@@ -36,7 +36,7 @@ ifeq ($(DEB_HOST_ARCH_OS), linux)
WITH_UDEV = -Dudev=enabled -Dpciaccess=enabled
WITH_CAPNG = -Dcapng=enabled
WITH_LIBNL = -Dlibnl=enabled
- WITH_NETWORK = -Ddriver_network=enabled -Dfirewall_backend_priority=nftables,iptables
+ WITH_NETWORK = -Ddriver_network=enabled -Dfirewall_backend_priority=iptables,nftables
WITH_INTERFACE = -Ddriver_interface=enabled
WITH_SECRETS = -Ddriver_secrets=enabled
WITH_OPENVZ = -Ddriver_openvz=enabled
@@ -75,7 +75,7 @@ else
WITH_UDEV = -Dudev=disabled -Dpciaccess=disabled
WITH_CAPNG = -Dcapng=disabled
WITH_LIBNL = -Dlibnl=disabled
- WITH_NETWORK = -Ddriver_network=disabled -Dfirewall_backend_priority=nftables,iptables
+ WITH_NETWORK = -Ddriver_network=disabled -Dfirewall_backend_priority=iptables,nftables
WITH_INTERFACE = -Ddriver_interface=disabled
WITH_SECRETS = -Ddriver_secrets=disabled
WITH_OPENVZ = -Ddriver_openvz=disabled
View it on GitLab: https://salsa.debian.org/libvirt-team/libvirt/-/compare/38ace2022d9afad65c4193d107203a0e897064fd...5c99e06cc5b016a23c7b95fa5fda61ad99f344bb
--
View it on GitLab: https://salsa.debian.org/libvirt-team/libvirt/-/compare/38ace2022d9afad65c4193d107203a0e897064fd...5c99e06cc5b016a23c7b95fa5fda61ad99f344bb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-libvirt-commits/attachments/20241227/e0cf6934/attachment-0001.htm>
More information about the Pkg-libvirt-commits
mailing list