* configure.in: look for AppArmor and devel
* src/security/security_apparmor.[ch] src/security/security_driver.c
src/Makefile.am: add and plug the new driver
* src/security/virt-aa-helper.c: new binary which is used exclusively by
the AppArmor security driver to manipulate AppArmor.
* po/POTFILES.in: registers the new files
* tests/Makefile.am tests/secaatest.c tests/virt-aa-helper-test:
tests for virt-aa-helper and the security driver, secaatest.c is
identical to seclabeltest.c except it initializes the 'apparmor'
driver instead of 'selinux'
Pull out all the QEMU monitor interaction code to a separate
file. This will make life easier when we need to drop in a
new implementation for the forthcoming QMP machine friendly
monitor support.
Next step is to add formal APIs for each monitor command,
and remove direct commands for sending/receiving generic
data.
* src/Makefile.am: Add qemu_monitor.c to build
* src/qemu/qemu_driver.c: Remove code for monitor interaction
* src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: New
file for monitor interaction
* po/POTFILES.in: Add src/qemu/qemu_monitor_text.c
This implementation stores the secrets in an unencrypted text file,
for simplicity in implementation and debugging.
(Symmetric encryption, e.g. using gpgme, will not be difficult to add.
Because the TLS private key used by libvirtd is stored unencrypted,
encrypting the secrets file does not currently provide much additional
security.)
* include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New
error number.
* po/POTFILES.in, src/Makefile.am: Add secret_driver.
* bootstrap: Use gnulib's base64 module.
* src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms:
Add local secret driver.
* qemud/qemud.c (qemudInitialize): Use the local secret driver.
Add a <secret> XML handling API, separate from the local driver, to
avoid manually generating XML in other parts of libvirt.
* src/secret_conf.c, src/secret_conf.h: New files.
* po/POTFILES.in, src/Makefile.am: Add secret_conf.
* configure.in src/Makefile.am src/storage_backend.[ch]
src/storage_conf.[ch] src/storage_backend_mpath.[ch] po/POTFILES.in:
add a new module for storage multipath, it requires device-mapper
Define an <encryption> tag specifying volume encryption format and
format-depenedent parameters (e.g. passphrase, cipher name, key
length, key).
Currently the only defined parameter is a reference to a "secret"
(passphrase/key) managed using the virSecret* API.
Only the qcow/qcow2 encryption format, and a "default" format used to
let libvirt choose the format during volume creation, is currently
supported.
This patch does not add any users; the <encryption> tag is added in
the following patches to both volumes (to support encrypted volume
creation) and domains.
* docs/*.html: Re-generate
* docs/formatstorageencryption.html.in, docs/sitemap.html.in:
Add page describing storage encryption data format
* docs/schemas/Makefile.am, docs/schemas/storageencryption.rng:
Add RNG schema for storage encryption format
* po/POTFILES.in: Add src/storage_encryption_conf.c
* src/libvirt_private.syms: Export virStorageEncryption* functions
* src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal
helper APIs for dealing with storage encryption format
* libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng
RNG schema
* src/libvirt.c src/logging.c: Don't convert high priority levels to the
debug level. Don't parse LIBVIRT_LOG_FILTERS and LIBVIRT_LOG_OUTPUTS
when they're set to the empty string. Warn when the user specifies an
invalid value (empty string remains a noop).
* po/POTFILES.in: src/logging.c now include translatable strings
* src/libvirt.c: activate the interface drivers
* po/POTFILES.in: add the netcf driver as a source of localization strings
* src/interface_driver.c: NETCF_ENOMEM -> VIR_ERR_NO_MEMORY mapping was
breaking syntax checking
* src/interface_conf.c src/interface_conf.h: the import and export
routines and the internal APIs
* src/Makefile.am: hook the new file in the makefiles
* src/libvirt_private.syms: export a few private symbols internally
* po/POTFILES.in: the new file contains translatable strings
This makes it so we record (via a git submodule)
a snapshot of whatever version of gnulib we're using,
and none of gnulib sources are in the libvirt repository.
The result is that we have as much reproducibility as when
we version-controlled imported copies of the gnulib sources,
but without the hassle of the manual process we used when
syncing with upstream.
Note that when you clone libvirt, you get only the libvirt
repository, but when you first run ./bootstrap, it clones
gnulib (at the SHA1 recorded via the submodule), creating
the .gnulib/ hierarchy. Then, the bootstrap script runs
gnulib-tool to populate gnulib/ with the files that make
up the selected modules.
Put the following in your ~/.gitconfig file.
[alias]
syncsub = submodule foreach git pull origin master
The update procedure is simple:
git syncsub
...build & test...
git commit -m 'gnulib: sync submodule to latest' .gnulib
* .gitmodules: New file.
* .gnulib: Initialize.
* bootstrap: Set up to use the new submodule.
Stop using --no-vc-files.
Don't remove .gitignore files.
Don't use or create .cvsignore.
Diagnose an invalid --gnulib-srcdir=DIR argument.
* build-aux/vc-list-files: Delete file, now pulled from gnulib.
* build-aux/useless-if-before-free: Likewise.
* po/POTFILES.in: Remove gnulib/lib/gai_strerror.c, since
it no longer contains translatable strings.
* gnulib/*: Remove gnulib/ hierarchy.
* src/Makefile.am src/node_device.[ch] src/node_device_conf.[ch]
src/node_device_hal.[ch] src/node_device_hal_linux.c
src/qemu_driver.c src/remote_internal.c src/storage_backend.c
src/virsh.c src/xen_unified.c tests/nodedevxml2xmltest.c
po/POTFILES.in: implementation for node device create and destroy
in NPIV support, patch by David Allan
Daniel
* configure.in po/POTFILES.in src/Makefile.am src/libvirt_private.syms
src/pci.c src/pci.h: Add implementations of dettach, reattach and
reset for PCI devices, patch by Mark McLoughlin
Daniel
POTFILES.in. Add it there, and then fix up one warning about included
c-ctypes.h that wasn't being used.
Signed-off-by: Chris Lalancette <clalance@redhat.com>