Commit Graph

317 Commits

Author SHA1 Message Date
Ján Tomko
f13bf4518b build: remove WITH_YAJL2
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-04-03 13:30:47 +02:00
Ján Tomko
105756660f build: require yajl >= 2.0.3
The pkg-config file was introduced by commit b729ded which was released
in yajl 2.0.3.

Since all our supported platforms include at least yajl 2.0.4,
use pkg-config to detect the library and set the minimum to 2.0.3.

https://repology.org/project/yajl/versions

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-04-03 13:30:47 +02:00
Ján Tomko
4e75b0a00f build: drop check for SASL1
Even Debian 8 which we no longer support has 2.1.26.

https://repology.org/project/cyrus-sasl/versions

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-04-03 13:30:46 +02:00
Andrea Bolognani
e5e23e3fb9 m4: Add warning when running QEMU as root
Running QEMU as root is a pretty bad idea, so try to make the
user aware of that as part of the configure summary.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-03-26 18:30:26 +01:00
Andrea Bolognani
29cd1877ac m4: Run QEMU under a distro-specific user when possible
Our current defaults are root:wheel on FreeBSD and macOS, root:root
everywhere else.

Looking at what downstream distributions actually do, we can see that
these defaults are overriden the vast majority of the time, with a
number of variations showing up in the wild:

  * qemu:qemu -> Used by CentOS, Fedora, Gentoo, OpenSUSE, RHEL
                 and... As it turns out, our very own spec file :)

  * libvirt-qemu:libvirt-qemu -> Used by Debian.

  * libvirt-qemu:kvm -> Used by Ubuntu.

  * nobody:nobody -> Used by Arch Linux.

Based on this information, we can do a better job at integrating with
downstream packages: if the distro-specific user and group already
exist on the system then we use them, and if not (or we're building
on an unknown OS) we just use root:root as we would have before.

This change makes it less likely that people building from source
will end up running their guests as root, which is a very desiderable
outcome from the security point of view.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-03-26 18:30:24 +01:00
Daniel P. Berrangé
3aa190f2a4 storage: add support for new rbd_list2 method
The rbd_list method has been deprecated in Ceph >= 14.0.0
in favour of the new rbd_list2 method which populates an
array of structs.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-03-18 15:21:10 +00:00
Andrea Bolognani
cf6b65a19e m4: Simplify LIBVIRT_CHECK_INIT_SCRIPT
Now that we no longer support the weird "redhat+systemd"
configuration, we can make our code slightly simpler.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-03-15 18:36:19 +01:00
Andrea Bolognani
912fe2df9d Drop support for "Red Hat" init scripts
Despite the misleading name, these were supposed to be used
with a System V style init; however, none of the platforms we
target is using that kind of init anymore: almost all Linux
distributions have switched to systemd, those that haven't
(such as Gentoo and Alpine) are mostly using OpenRC with
custom init scripts, and the BSDs have been doing their own
thing all along.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-03-15 18:36:19 +01:00
Andrea Bolognani
b8cfdee42b Drop support for Upstart init scripts
Not a single one of the platforms we target still uses Upstart, and
the Upstart project itself has been abandoned for several years now.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-03-15 18:36:19 +01:00
Michal Privoznik
2a00ef6e71 virt-driver-qemu.m4: Require YAJL
There is no way that qemu driver can work without being able to
format/parse JSON.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-14 17:27:56 +01:00
Michal Privoznik
5f2adfab59 virt-driver-qemu.m4: Make qemu driver optional
The basic idea of our configure script is to probe for things
rather than have them enabled by default. This is even more
visible in the next commit where configure fails if qemu driver
is enabled but no yajl is found.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2019-03-14 17:27:49 +01:00
Michal Privoznik
0b3f7ec884 virt-yajl.m4: Drop useless check for qemu
The code tries to detect installed version of qemu to learn if it
uses HMP or QMP and enable YAJL based on that. Well, we support
only QMP and also minimal required version of qemu is 1.5.0 so
the check would have enabled yajl anyway.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-03-14 14:29:48 +01:00
Michal Privoznik
1620bb0a30 tools: Drop support for pre-2.4.0 wireshark
The wireshark-2.4.0 is almost 2 years old now. Assuming anybody
interested in running latest libvirt doesn't run old wireshark,
it is safe to do this. It also simplifies the code.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-02-12 09:22:59 +01:00
Michal Privoznik
dc93997a83 m4: Put wireshark plugin into epan/ directory
Since wirshark-2.5.0 toplevel plugins are no longer loaded. Only
plugins from epan/, wiretap/ or codecs/ subdirs are. Update the
plugin dir we generate. This is safe to do even for older
wiresharks, since they load plugins from there too.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-02-12 09:22:59 +01:00
Laine Stump
3b71f2e42d configure: selectively install a firewalld 'libvirt' zone
In the past (when both libvirt and firewalld used iptables), if either
libvirt's rules *OR* firewalld's rules accepted a packet, it would
be accepted. This was because libvirt and firewalld rules were
processed during the same kernel hook, and a single ACCEPT result
would terminate the rule traversal and cause the packet to be
accepted.

But now firewalld can use nftables for its backend, while libvirt's
firewall rules are still using iptables; iptables rules are still
processed, but at a different time during packet processing
(i.e. during a different hook) than the firewalld nftables rules. The
result is that a packet must be accepted by *BOTH* the libvirt
iptables rules *AND* the firewalld nftable rules in order to be
accepted.

This causes pain because

1) libvirt always adds rules to permit DNS and DHCP (and sometimes
TFTP) from guests to the host network's bridge interface. But
libvirt's bridges are in firewalld's "default" zone (which is usually
the zone called "public"). The public zone allows ssh, but doesn't
allow DNS, DHCP, or TFTP. So even though libvirt's rules allow the
DHCP and DNS traffic, the firewalld rules (now processed during a
different hook) dont, thus guests connected to libvirt's bridges can't
acquire an IP address from DHCP, nor can they make DNS queries to the
DNS server libvirt has setup on the host. (This could be solved by
modifying the default firewalld zone to allow DNS and DHCP, but that
would open *all* interfaces in the default zone to those services,
which is most likely not what the host's admin wants.)

2) Even though libvirt adds iptables rules to allow forwarded traffic
to pass the iptables hook, firewalld's higher level "rich rules" don't
yet have the ability to configure the acceptance of forwarded traffic
(traffic that is going somewhere beyond the host), so any traffic that
needs to be forwarded from guests to the network beyond the host is
rejected during the nftables hook by the default zone's "default
reject" policy (which rejects all traffic in the zone not specifically
allowed by the rules in the zone, whether that traffic is destined to
be forwarded or locally received by the host).

libvirt can't send "direct" nftables rules (firewalld only supports
direct/passthrough rules for iptables), so we can't solve this problem
by just sending explicit nftables rules instead of explicit iptables
rules (which, if it could be done, would place libvirt's rules in the
same hook as firewalld's native rules, and thus eliminate the need for
packets to be accepted by both libvirt's and firewalld's own rules).

However, we can take advantage of a quirk in firewalld zones that have
a default policy of "accept" (meaning any packet that doesn't match a
specific rule in the zone will be *accepted*) - this default accept will
also accept forwarded traffic (not just traffic destined for the host).

Of course we don't want to modify firewalld's default zone in that
way, because that would affect the filtering of traffic coming into
the host from other interfaces using that zone. Instead, we will
create a new zone called "libvirt". The libvirt zone will have a
default policy of accept so that forwarded traffic can pass and list
specific services that will be allowed into the host from guests (DNS,
DHCP, SSH, and TFTP).

But the same default accept policy that fixes forwarded traffic also
causes *all* traffic from guest to host to be accepted. To close this
new hole, the libvirt zone can take advantage of a new feature in
firewalld (currently slated for firewalld-0.7.0) - priorities for rich
rules - to add a low priority rule that rejects all local traffic (but
leaves alone all forwarded traffic).

So, our new zone will start with a list of services that are allowed
(dhcp, dns, tftp, and ssh to start, but configurable via any firewalld
management application, or direct editing of the zone file in
/etc/firewalld/zones/libvirt.xml), followed by a low priority
<reject/> rule (to reject all other traffic from guest to host), and
finally with a default policy of accept (to allow forwarded traffic).

This patch only creates the zonefile for the new zone, and implements
a configure.ac option to selectively enable/disable installation of
the new zone. A separate patch contains the necessary code to actually
place bridge interfaces in the libvirt zone.

Why do we need a configure option to disable installation of the new
libvirt zone? It uses a new firewalld attribute that sets the priority
of a rich rule; this feature first appears in firewalld-0.7.0 (unless
it has been backported to am earlier firewalld by a downstream
maintainer). If the file were installed on a system with firewalld
that didn't support rule priorities, firewalld would log an error
every time it restarted, causing confusion and lots of extra bug
reports.

So we add two new configure.ac switches to avoid polluting the system
logs with this error on systems that don't support rule priorities -
"--with-firewalld-zone" and "--without-firewalld-zone". A package
builder can use these to include/exclude the libvirt zone file in the
installation. If firewalld is enabled (--with-firewalld), the default
is --with-firewalld-zone, but it can be disabled during configure
(using --without-firewalld-zone). Targets that are using a firewalld
version too old to support the rule priority setting in the libvirt
zone file can simply add --without-firewalld-zone to their configure
commandline.

These switches only affect whether or not the libvirt zone file is
*installed* in /usr/lib/firewalld/zones, but have no effect on whether
or not libvirt looks for a zone called libvirt and tries to use it.

NB: firewalld zones can only be added to the permanent config of
firewalld, and won't be loaded/enabled until firewalld is restarted,
so at package install/upgrade time we have to restart firewalld. For
rpm-based distros, this is done in the libvirt.spec file by calling
the %firewalld_restart rpm macro, which is a part of the
firewalld-filesystem package. (For distros that don't use rpm
packages, the command "firewalld-cmd --reload" will have the same
effect).

Signed-off-by: Laine Stump <laine@laine.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-02-01 12:08:37 -05:00
Laine Stump
4bf0f390ed configure: change HAVE_FIREWALLD to WITH_FIREWALLD
Support for firewalld is a feature that can be selectively enabled or
disabled (using --with-firewalld/--without-firewalld), not merely
something that must be accounted for in the code if it is present with
no exceptions. It is more consistent with other usage in libvirt to
use WITH_FIREWALLD rather than HAVE_FIREWALLD.

Signed-off-by: Laine Stump <laine@laine.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-02-01 12:08:37 -05:00
Michal Privoznik
29682196d8 Drop UML driver
The driver is unmaintained, untested and severely broken for
quite some time now. Since nobody even reported any issue with it
let us drop it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-12-17 17:52:46 +01:00
Marek Marczykowski-Górecki
aca7ff5f70 libxl: add support for PVH
Since this is something between PV and HVM, it makes sense to put the
setting in place where domain type is specified.
To enable it, use <os><type machine="xenpvh">xenpvh</type></os>. It is
also included in capabilities.xml, for every supported HVM guest type - it
doesn't seems to be any other requirement (besides new enough Xen).

Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
2018-11-26 16:31:21 -07:00
Jim Fehlig
dc3d2c9f8c libxl: fallback to lib probe if pkgconfig file not found
With the assumption that all Xen >= 4.6 contains a pkgconfig file for
libxenlight, commit 5bdcef13 dropped the fallback check to probe
libxenlight with LIBVIRT_CHECK_LIB. At the time it was not known that
the various Xen pkgconfig files are in the -runtime package in Fedora,
instead of the traditional -devel package. This bug [1] was fixed in
Fedora > 28, but until Fedora 28 reaches EOL we'll need to re-introduce
the fallback check.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1629643

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2018-09-20 07:59:26 -06:00
Jim Fehlig
e44840c441 build: remove unused variables from virt-driver-libxl.m4
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2018-09-20 07:59:26 -06:00
Jim Fehlig
212df3f957 libxl: remove configure check for libxl_domain_config_from_json
The libxl_domain_config_from_json API appeared in Xen 4.5, hence
there is no need to check for its existence after changing the
minimum supported Xen version to 4.6. Remove the check and its
use in the tests.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-09-19 09:41:09 -06:00
Jim Fehlig
5bdcef13d1 libxl: drop support for Xen < 4.6
Currently the libxl driver claims support for Xen >= 4.4, but
Xen 4.4 and 4.5 are no longer supported upstream. Let's increase
the minimum supported Xen version to 4.6 and change the defined
LIBXL_API_VERSION to 0x040500, which is the API version defined
when Xen 4.6 was released.

Since Xen 4.6 contains a pkgconfig file, drop the now unused code
that falls back to using LIBVIRT_CHECK_LIB in the absence of
pkgconfig file. In addition, bumping the LIBXL_API_VERSION
required adjusting the calls to libxl_set_vcpuaffinity to account
for the extra parameter in the 0x040500 version of the API.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-09-14 11:47:08 -06:00
Ján Tomko
86db0db979 Revert "build: add --with-jansson"
This reverts commit 12b34f094e.

Jansson cannot parse QEMU's quirky JSON.
Revert back to yajl.

https://bugzilla.redhat.com/show_bug.cgi?id=1614569

Conflicts:
  configure.ac:
    Commit 8aa85e0b introduced LIBVIRT_*_LIBISCSI macros.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-08-13 15:50:01 +02:00
Ján Tomko
d99a89592d Revert "Switch from yajl to Jansson"
This reverts commit 9cf38263d0.

Jansson cannot parse QEMU's quirky JSON.
Revert back to yajl.

https://bugzilla.redhat.com/show_bug.cgi?id=1614569

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-08-13 15:50:01 +02:00
Ján Tomko
5a58b5ed68 Revert "build: switch --with-qemu default from yes to check"
This reverts commit c5ae8e0c2b.

Jansson cannot parse QEMU's quirky JSON.
Revert back to yajl.

https://bugzilla.redhat.com/show_bug.cgi?id=1614569

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-08-13 15:50:01 +02:00
Ján Tomko
f204cf5103 Revert "build: require Jansson if QEMU driver is enabled"
This reverts commit 01ce04375c.

Jansson cannot parse QEMU's quirky JSON.
Revert back to yajl.

https://bugzilla.redhat.com/show_bug.cgi?id=1614569

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-08-13 15:50:01 +02:00
Ján Tomko
6f99de3148 Revert "m4: Introduce STABLE_ORDERING_JANSSON"
This reverts commit 4dd6054000.

Jansson cannot parse QEMU's quirky JSON.
Revert back to yajl.

https://bugzilla.redhat.com/show_bug.cgi?id=1614569

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-08-13 15:50:00 +02:00
Marek Marczykowski-Górecki
3d203553d3 Fix libvirt-driver-libxl check
Fix saving CFLAGS in LIBVIRT_DRIVER_CHECK_LIBXL - LIBVIRT_CHECK_LIB will
override old_CFLAGS, so use a different name.

Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
2018-08-09 14:55:21 -06:00
Clementine Hayat
91a3d88a61 storage: Implement iscsi_direct pool backend
We need here libiscsi for the storgae pool backend.
For the iscsi-direct storage pool, only checkPool and refreshPool should
be necessary for basic support.
The pool is state-less and just need the informations within the volume
to work.

Signed-off-by: Clementine Hayat <clem@lse.epita.fr>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2018-08-06 12:23:55 +02:00
Clementine Hayat
f0bf1be3e7 storage: Introduce iscsi_direct pool type
Introducing the pool as a noop. Integration inside the build
system. Implementation will be in the following commits.

Signed-off-by: Clementine Hayat <clem@lse.epita.fr>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2018-08-06 12:23:55 +02:00
Clementine Hayat
8aa85e0bb7 configure: Introduce libiscsi in build system
The minimal required version is 1.18.0 because the synchrounous function
needed were introduced here.

Signed-off-by: Clementine Hayat <clem@lse.epita.fr>
2018-08-06 12:23:55 +02:00
Martin Kletzander
df09767773 Fix include for xattr.h
The proper file that should be included is `sys/xattr.h` as that comes from
`glibc` and not `attr/xattr.h` which ships with the `attr` utility.

We're most probably not the only ones because `attr/xattr.h` added a #warning to
their include resulting in the following compilation errors:

In file included from securityselinuxlabeltest.c:31:0:
/usr/include/attr/xattr.h:5:2: error: #warning "Please change your <attr/xattr.h> includes to <sys/xattr.h>" [-Werror=cpp]
 #warning "Please change your <attr/xattr.h> includes to <sys/xattr.h>"
  ^~~~~~~

In file included from securityselinuxhelper.c:37:0:
/usr/include/attr/xattr.h:5:2: error: #warning "Please change your <attr/xattr.h> includes to <sys/xattr.h>" [-Werror=cpp]
 #warning "Please change your <attr/xattr.h> includes to <sys/xattr.h>"
  ^~~~~~~

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-08-06 11:50:53 +02:00
Ján Tomko
4dd6054000 m4: Introduce STABLE_ORDERING_JANSSON
Add a second check for Jansson >= 2.8, which includes
fixes to preserve ordering of object keys.

Use this constant to guard tests that depend on stable ordering.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2018-07-18 17:54:18 +02:00
Ján Tomko
01ce04375c build: require Jansson if QEMU driver is enabled
If the QEMU driver was requested, require Jansson, since we need to use
the JSON monitor to probe capabilities for all QEMU version supported
by libvirt.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2018-07-18 17:54:18 +02:00
Ján Tomko
c5ae8e0c2b build: switch --with-qemu default from yes to check
Unless explicitly requested, enable the QEMU driver
only if the Jansson library is present.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2018-07-18 17:54:18 +02:00
Ján Tomko
9cf38263d0 Switch from yajl to Jansson
Yajl has not seen much activity upstream recently.
Switch to using Jansson >= 2.5.

All the platforms we target on https://libvirt.org/platforms.html
have a version >= 2.7 listed on the sites below:
https://repology.org/metapackage/jansson/versions
https://build.opensuse.org/package/show/devel:libraries:c_c++/libjansson

Additionally, Ubuntu 14.04 on Travis-CI has 2.5. Set the requirement
to 2.5 since we don't use anything from newer versions.

Implement virJSONValue{From,To}String using Jansson, delete the yajl
code (and the related virJSONParser structure) and report an error
if someone explicitly specifies --with-yajl.

Also adjust the test data to account for Jansson's different whitespace
usage for empty arrays and tune up the specfile to keep 'make rpm'
working when bisecting.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2018-07-18 17:54:18 +02:00
Ján Tomko
12b34f094e build: add --with-jansson
Introduce the configure argument and check for Jansson >= 2.5

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2018-07-18 17:54:17 +02:00
Daniel P. Berrangé
3f4db69c2f po: don't install gmo files when --disable-nls is given
With --disable-nls is given we turn off use of gettext in the source
code, but mistakenly still installed the gmo files.

Reported-by: Olaf Hering <olaf@aepfle.de>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-06-05 17:36:42 +01:00
Michal Privoznik
60d9ad6f1e configure: Require GnuTLS
We are building with GnuTLS everywhere because GnuTLS is widely
available. Also, it is desirable to prefer cryptographically
strong PRNG over "/dev/urandom" which is just a fallback.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-06-05 14:32:03 +02:00
Ján Tomko
fe8a06798d Remove check for gnutls/crypto.h
Assume its presence for gnutls >= 3.2.

Check introduced by <commit 7d21d6b>.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2018-05-16 10:40:40 +02:00
Ján Tomko
fbb07a757b Remove explicit check for gnutls_cipher_encrypt
Introduced in gnutls 2.10, and we assume >= 3.2.

Commit 1ce9c08a added this check.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2018-05-16 10:40:40 +02:00
Ján Tomko
ac9ad77303 Remove explicit check for gnutls_rnd
Introduced in gnutls 2.12, but we require gnutls >= 3.2
Check added by commit <2d23d14>.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2018-05-16 10:40:40 +02:00
Ján Tomko
279a27d4aa Deprecate GNUTLS_GCRYPT
Now that we assume GnuTLS >= 3.0, we can ditch gcrypt support.
Introduced by <commit 6094b1f>.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2018-05-16 10:40:40 +02:00
Ján Tomko
eee8c852e0 Require GnuTLS >= 3.2.0
Ubuntu 14.04 which is not targetted as a supported platform [0]
already has 3.2.11

[0] https://libvirt.org/platforms.html

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2018-05-16 10:40:40 +02:00
Julio Faracco
463fa9c762 m4: checking if ssh_get_server_publickey() exists.
This commit adds some checks inside libssh m4 checking to verify if
ssh_get_server_publickey is available. This new function scope replaces
the old ssh_get_publickey() from libssh 0.7.5 and below. Assuming that
some distros are not showing the right version of libssh. This is a
simple way to check which function is available.

Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2018-05-11 10:38:08 +02:00
Michal Privoznik
8be74af168 qemu: Introduce pr_helper to qemu.conf
Just like we allow users overriding path to bridge-helper
detected at compile time we can allow them to override path to
qemu-pr-helper.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-05-11 09:02:56 +02:00
Daniel P. Berrangé
c0a8ea450d po: provide custom make rules for po file management
Historically we have relied on autopoint/gettextize to install a
standard po/Makefile.in.in. There is very limited scope for customizing
this and it also causes a bunch of extra stuff to be pulled into
configure.ac which potentially clashes with gnulib. Writing make rules
for po file management is no more difficult than any other rules libvirt
has, so stop using autopoint/gettextize.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-04-19 10:35:58 +01:00
Jim Fehlig
1dac5fbbbb Remove the xend driver
xend was deprecated in Xen 4.2 and removed from the Xen sources
before the Xen 4.5 release. The last Xen release to contain xend
was Xen 4.4, which was retired upstream in March 2017.

Remove xend support from libvirt since it is unrealistic to use
modern libvirt with ancient Xen.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-04-09 11:38:05 -06:00
Ján Tomko
5123e6ed1f polkit: reintroduce check for pkcheck
Commit 2499d1a0 was too eager and possibly enabled polkit
on all platforms with D-Bus, regardless of whether they use polkit.

Reintroduce the usage of pkcheck as a witness for --with-polkit=check,
but do not require it for --with-polkit=yes.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reported-by: Jiří Denemark <jdenemar@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2018-03-25 22:27:22 +02:00
Rainer Müller
c28d837c0f build: Remove --with-xml-catalog-file option
After validation against XHTML 1.0 was dropped in f802c9de0,
the XML_CATALOG_FILE is not in use anymore. Therefore the checks in
configure can be removed.

Signed-off-by: Rainer Müller <raimue@codingfarm.de>
2018-03-25 19:49:25 +02:00