Commit Graph

1011 Commits

Author SHA1 Message Date
Daniel P. Berrangé
b18c273a24 remote: enable connecting to the per-driver daemons
Historically URIs handled by the remote driver will always connect to
the libvirtd UNIX socket. There will now be one daemon per driver, and
each of these has its own UNIX sockets to connect to.

It will still be possible to run the traditional monolithic libvirtd
though, which will have the original UNIX socket path.

In addition there is a virproxyd daemon that doesn't run any drivers,
but provides proxying for clients accessing libvirt over IP sockets, or
tunnelling to the legacy libvirtd UNIX socket path.

Finally when running inside a daemon, the remote driver must not reject
connections unconditionally. For example, the QEMU driver needs to be
able to connect to the network driver. The remote driver must thus be
willing to handle connections even when inside the daemon, provided no
local driver is registered.

This refactoring enables the remote driver to be able to connect to the
per-driver daemons. The URI parameter "mode" accepts the values "auto",
"direct" and "legacy" to control which daemons are connected to.

The client side libvirt.conf config file also supports a "remote_mode"
setting which is used if the URI parameter is not set.

If neither the config file or URI parameter set a mode, then "auto"
is used, whereby the client looks to see which sockets actually exist
right now.

The remote driver will only ever spawn the per-driver daemons, or
the legacy libvirtd. It won't ever try to spawn virtproxyd, as
that is only there for IP based connectivity, or for access from
legacy remote clients.

If connecting to a remote host over any kind of ssh tunnel, for now we
must assume only the legacy socket exists. A future patch will introduce
a netcat replacement that is tailored for libvirt to make remote
tunnelling easier.

The configure arg '--with-remote-default-mode=legacy|direct' allows
packagers to set a default at build time. If not given, it will default
to legacy mode.

Eventually the default will switch to direct mode. Distros can choose
to do the switch earlier if desired. The main blocker is testing and
suitable SELinux/AppArmor policies.

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-09 14:06:31 +01:00
Daniel P. Berrangé
60ee70e93e vbox: introduce virtvboxd daemon
The virtvboxd daemon will be responsible for providing the vbox API
driver functionality. The vbox driver is still loaded by the main
libvirtd daemon at this stage, so virtvboxd must not be running at
the same time.

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-09 14:06:31 +01:00
Daniel P. Berrangé
23ab0f0bef lxc: introduce virtlxcd daemon
The virtlxcd daemon will be responsible for providing the lxc API
driver functionality. The lxc driver is still loaded by the main
libvirtd daemon at this stage, so virtlxcd must not be running at
the same time.

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-09 14:06:31 +01:00
Daniel P. Berrangé
bb1021e369 qemu: introduce virtqemud daemon
The virtqemud daemon will be responsible for providing the qemu API
driver functionality. The qemu driver is still loaded by the main
libvirtd daemon at this stage, so virtqemud must not be running at
the same time.

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-09 14:06:31 +01:00
Daniel P. Berrangé
12e30d1e54 libxl: introduce virtxend daemon
The virtxend daemon will be responsible for providing the libxl API
driver functionality. The libxl driver is still loaded by the main
libvirtd daemon at this stage, so virtxend must not be running at
the same time.

This naming is slightly different than other drivers. With the libxl
driver, the user still has a 'xen:///system' URI, and we provide it
in a libvirt-daemon-xen RPM, which pulls in a
libvirt-daemon-driver-libxl RPM.

Arguably we could rename the libxl driver to "xen" since it is the
only xen driver we have these days, and that matches how we expose it
to users in the URI naming.

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-09 14:06:31 +01:00
Daniel P. Berrangé
653ddc2e64 nwfilter: introduce virtnwfilterd daemon
The virtnwfilterd daemon will be responsible for providing the nwfilter API
driver functionality. The nwfilter driver is still loaded by the main
libvirtd daemon at this stage, so virtnwfilterd must not be running at
the same time.

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-09 14:06:31 +01:00
Daniel P. Berrangé
e4de8857ad nodedev: introduce virtnodedevd daemon
The virtnodedevd daemon will be responsible for providing the nodedev API
driver functionality. The nodedev driver is still loaded by the main
libvirtd daemon at this stage, so virtnodedevd must not be running at
the same time.

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-09 14:06:31 +01:00
Daniel P. Berrangé
e23d5b0435 storage: introduce virtstoraged daemon
The virtstoraged daemon will be responsible for providing the storage API
driver functionality. The storage driver is still loaded by the main
libvirtd daemon at this stage, so virtstoraged must not be running at
the same time.

Reviewed-by: Christophe de Dinechin <dinechin@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-09 14:06:31 +01:00
Daniel P. Berrangé
62d817a328 interface: introduce virtinterfaced daemon
The virtinterfaced daemon will be responsible for providing the interface API
driver functionality. The interface driver is still loaded by the main
libvirtd daemon at this stage, so virtinterfaced must not be running at
the same time.

Reviewed-by: Christophe de Dinechin <dinechin@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-09 14:06:31 +01:00
Daniel P. Berrangé
1c27cef1e3 network: introduce virtnetworkd daemon
The virtnetworkd daemon will be responsible for providing the network API
driver functionality. The network driver is still loaded by the main
libvirtd daemon at this stage, so virtnetworkd must not be running at
the same time.

Reviewed-by: Christophe de Dinechin <dinechin@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-09 14:06:31 +01:00
Daniel P. Berrangé
d353d57fcd secret: introduce virtsecretd daemon
The virtsecretd daemon will be responsible for providing the secret API
driver functionality. The secret driver is still loaded by the main
libvirtd daemon at this stage, so virtsecretd must not be running at
the same time.

Reviewed-by: Christophe de Dinechin <dinechin@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-09 14:06:31 +01:00
Daniel P. Berrangé
b7ed8ce981 remote: introduce virtproxyd daemon to handle IP connectivity
The libvirtd daemon provides the traditional libvirt experience where
all the drivers are in a single daemon, and is accessible over both
local UNIX sockets and remote IP sockets.

In the new world we're having a set of per-driver daemons which will
primarily be accessed locally via their own UNIX sockets.

We still, however, need to allow for case of applications which will
connect to libvirt remotely. These remote connections can be done as
TCP/TLS sockets, or by SSH tunnelling to the UNIX socket.

In the later case, the old libvirt.so clients will only know about
the path to the old libvirtd socket /var/run/libvirt/libvirt-sock,
and not the new driver sockets /var/run/libvirt/virtqemud-sock.

It is also not desirable to expose the main driver specific daemons
over IP directly to minimize their attack service.

Thus the virtproxyd daemon steps into place, to provide TCP/TLS sockets,
and back compat for the old libvirtd UNIX socket path(s). It will then
forward all RPC calls made to the appropriate driver specific daemon.

Essentially it is equivalent to the old libvirtd with absolutely no
drivers registered except for the remote driver (and other stateless
drivers in libvirt.so).

We could have modified libvirtd so none of the drivers are registed
to get the same end result. We could even add a libvirtd.conf parameter
to control whether the drivers are loaded to enable users to switch back
to the old world if we discover bugs in the split-daemon model. Using a
new daemon though has some advantages

 - We can make virtproxyd and the virtXXXd per-driver daemons all
   have "Conflicts: libvirtd.service" in their systemd unit files.
   This will guarantee that libvirtd is never started at the same
   time, as this would result in two daemons running the same driver.
   Fortunately drivers use locking to protect themselves, but it is
   better to avoid starting a daemon we know will conflict.

 - It allows us to break CLI compat to remove the --listen parameter.
   Both listen_tcp and listen_tls parameters in /etc/libvirtd/virtd.conf
   will default to zero. Either TLS or TCP can be enabled exclusively
   though virtd.conf without requiring the extra step of adding --listen.

 - It allows us to set a strict SELinux policy over virtproxyd. For
   back compat the libvirtd policy must continue to allow all drivers
   to run. We can't easily give a second policy to libvirtd which
   locks it down. By introducing a new virtproxyd we can set a strict
   policy for that daemon only.

 - It gets rid of the weird naming of having a daemon with "lib" in
   its name. Now all normal daemons libvirt ships will have "virt"
   as their prefix not "libvirt".

 - Distros can more easily choose their upgrade path. They can
   ship both sets of daemons in their packages, and choose to
   either enable libvirtd, or enable the per-driver daemons and
   virtproxyd out of the box. Users can easily override this if
   desired by just tweaking which systemd units are active.

After some time we can deprecate use of libvirtd and after some more
time delete it entirely, leaving us in a pretty world filled with
prancing unicorns.

The main downside with introducing a new daemon, and with the
per-driver daemons in general, is figuring out the correct upgrade
path.

The conservative option is to leave libvirtd running if it was
an existing installation. Only use the new daemons & virtproxyd
on completely new installs.

The aggressive option is to disable libvirtd if already running
and activate all the new daemons.

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Christophe de Dinechin <dinechin@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-09 14:06:31 +01:00
Daniel P. Berrangé
4feeb2d986 tools: split virt-login-shell into two binaries
The virt-login-shell binary is a setuid program that takes
no arguments. When invoked it looks at the invoking uid,
resolves it to a username, and finds an LXC guest with the
same name. It then starts the guest and runs the shell in
side the namespaces of the container.

Given this set of tasks the virt-login-shell binary needs
to connect to libvirtd, make various other libvirt API calls.
This is a problem for setuid binaries as various libraries
that libvirt.so links to are not safe. For example, they have
constructor functions which execute an unknown amount of code
that can be influenced by env variables.

For this reason virt-login-shell doesn't use libvirt.so,
but instead links to a custom, cut down, set of source files
sufficient to be a local client only.

This introduces a problem for integrating glib2 into libvirt
though, as once integrated, there would be no way to build
virt-login-shell without an external dependancy on glib2 and
this is definitely not setuid safe.

To resolve this problem, we split the virt-login-shell binary
into two parts. The first part is setuid and does almost
nothing. It simply records the original uid+gid, and then
invokes the virt-login-shell-helper binary. Crucially when
it does this it completes scrubs all environment variables.
It is thus safe for virt-login-shell-helper to link to the
normal libvirt.so. Any things that constructor functions
do cannot be influenced by user control env vars or cli
args.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-07 16:54:01 +01:00
Eric Blake
0d44788fc3 backup: Introduce virDomainCheckpoint APIs
Introduce a bunch of new public APIs related to backup checkpoints.
Checkpoints are modeled heavily after virDomainSnapshotPtr (both
represent a point in time of the guest), although a snapshot exists
with the intent of rolling back to that state, while a checkpoint
exists to make it possible to create an incremental backup at a later
time.  We may have a future hypervisor that can completely manage
checkpoints without libvirt metadata, but the first two planned
hypervisors (qemu and test) both always use libvirt for tracking
metadata relations between checkpoints, so for now, I've deferred
the counterpart of virDomainSnapshotHasMetadata for a separate
API addition at a later date if there is ever a need for it.

Note that until we allow snapshots and checkpoints to exist
simultaneously on the same domain (although the actual prevention of
this will be in a separate patch for the sake of an easier revert down
the road), that it is not possible to branch out to create more than
one checkpoint child to a given parent, although it may become
possible later when we revert to a snapshot that coincides with a
checkpoint.  This also means that for now, the decision of which
checkpoint becomes the parent of a newly created one is the only
checkpoint with no child (so while there are APIs for dealing with a
current snapshot, we do not need those for checkpoints).  We may end
up exposing a notion of a current checkpoint later, but it's easier to
add stuff when proven needed than to blindly support it now and wish
we hadn't exposed it.

The following map shows the API relations to snapshots, with new APIs
on the right:

Operate on a domain object to create/redefine a child:
virDomainSnapshotCreateXML          virDomainCheckpointCreateXML

Operate on a child object for lifetime management:
virDomainSnapshotDelete             virDomainCheckpointDelete
virDomainSnapshotFree               virDomainCheckpointFree
virDomainSnapshotRef                virDomainCheckpointRef

Operate on a child object to learn more about it:
virDomainSnapshotGetXMLDesc         virDomainCheckpointGetXMLDesc
virDomainSnapshotGetConnect         virDomainCheckpointGetConnect
virDomainSnapshotGetDomain          virDomainCheckpointGetDomain
virDomainSnapshotGetName            virDomainCheckpiontGetName
virDomainSnapshotGetParent          virDomainCheckpiontGetParent
virDomainSnapshotHasMetadata        (deferred for later)
virDomainSnapshotIsCurrent          (no counterpart, see note above)

Operate on a domain object to list all children:
virDomainSnapshotNum                (no counterparts, these are the old
virDomainSnapshotListNames           racy interfaces)
virDomainSnapshotListAllSnapshots   virDomainListAllCheckpoints

Operate on a child object to list descendents:
virDomainSnapshotNumChildren        (no counterparts, these are the old
virDomainSnapshotListChildrenNames   racy interfaces)
virDomainSnapshotListAllChildren    virDomainCheckpointListAllChildren

Operate on a domain to locate a particular child:
virDomainSnapshotLookupByName       virDomainCheckpointLookupByName
virDomainSnapshotCurrent            (no counterpart, see note above)
virDomainHasCurrentSnapshot         (no counterpart, old racy interface)

Operate on a snapshot to roll back to earlier state:
virDomainSnapshotRevert             (no counterpart, instead checkpoints
                                     are used in incremental backups via
				     XML to virDomainBackupBegin)

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-26 16:48:58 -05:00
Eric Blake
d85842cfd7 backup: Document new XML for checkpoints
Prepare for new checkpoint APIs by describing the XML that will
represent a checkpoint.  The checkpoint XML is modeled heavily after
virDomainSnapshotPtr. See the docs for more details.

Add testsuite coverage for some minimal uses of the XML (bare minimum,
the sample from html, and a full dumpxml, and some counter-examples
that should fail schema validation). Although use of the REDEFINE flag
will require the <domain> subelement to be present, it is easier for
most of the tests to provide counterpart output produced with the
NO_DOMAIN flag (particularly since synthesizing a valid <domain>
during testing is not trivial).

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-26 16:48:58 -05:00
Daniel P. Berrangé
2c3e08b0e3 remote: add systemd socket units for UNIX/TCP sockets
We don't do socket activation of libvirtd, since we need to
unconditionally start libvirtd in order to perform autostart. This
doesn't mean we can't have systemd socket units. Some use cases will
not need libvirt's autostart & are thus free to use activation.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 16:55:40 +01:00
Daniel P. Berrangé
5a148ce846 remote: delete the avahi mDNS support
Libvirtd has long had integration with avahi for advertising libvirtd
using mDNS when TCP/TLS listening is enabled. For a long time the
virt-manager application had support for auto-detecting libvirtds
on the local network using mDNS, but this was removed last year

  commit fc8f8d5d7e3ba80a0771df19cf20e84a05ed2422
  Author: Cole Robinson <crobinso@redhat.com>
  Date:   Sat Oct 6 20:55:31 2018 -0400

    connect: Drop avahi support

    Libvirtd can advertise itself over avahi. The feature is disabled by
    default though and in practice I hear of no one actually using it
    and frankly I don't think it's all that useful

    The 'Open Connection' wizard has a disproportionate amount of code
    devoted to this feature, but I don't think it's useful or worth
    maintaining, so let's drop it

I've never heard of any other applications having support for using
mDNS to detect libvirtd instances. Though it is theoretically possible
something exists out there, it is clearly going to be a niche use case
in the virt ecosystem as a whole.

By removing avahi integration we can cut down the dependency chain for
the basic libvirtd install and reduce our code maint burden.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-06-21 12:59:42 +01:00
Daniel P. Berrangé
4b4a981d60 conf: introduce virNetworkPortDefPtr struct and XML support
Introduce a virNetworkPortDefPtr struct to represent the data associated
with a virtual network port. Add APIs for parsing/formatting XML docs
with the data.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-06-17 15:19:54 +01:00
Andrea Bolognani
925bfbd809 examples: Install Polkit examples
Right now we install the files in RPMs only, and we include
them in the -daemon package which is probably not the best
option either. Start installing them via autotools; the RPMs
will get them automatically in the -docs package.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
2019-06-03 17:27:28 +02:00
Andrea Bolognani
4f274bd7e3 spec: Don't install libvirt-api.xml as documentation
We already install the file, along with its driver-specific
counterparts, into ${datadir}/libvirt/api/ where language
bindings will actually look for them.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
2019-06-03 17:27:03 +02:00
Andrea Bolognani
f8c734572c spec: Improve handling for default network
This is exactly how we already treat nwfilters, which require
the same kind of care (aka nasty hacks) as the default network,
because in both cases the UUID is generated and written to
disk the first time libvirtd is started after installing the
corresponding subpackage.

After this patch, RPM will be aware of the fact that the
libvirt-daemon-config-network subpackage owns the default
network.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
2019-05-27 15:24:05 +02:00
Jiri Denemark
7cf7eab52d spec: Fix permissions of /var/run/libvirt/qemu
While libvirtd creates this directory with the default 0755 mode, the
spec file stores 0700 in the RPM database. Thus RPM verification always
complains about this directory. Let's fix the spec file to match
reality.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2019-05-27 15:00:11 +02:00
Jiri Denemark
f87d5a964f spec: Fix permissions of nwfilter XMLs
The nwfilter XML files stored in /etc/libvirt/nwfilter are copied in a
%post scriptlet from /usr/share/libvirt/nwfilter/*.xml. While the files
in /usr/share are created with mode 0644, libvirt creates the files in
/etc/libvirt/nwfilter with mode 0600. Since 0600 is also stored in the
RPM database, we need to chmod the files copied from /usr/share to make
sure RPM verification does not complain about changed permissions.

https://bugzilla.redhat.com/show_bug.cgi?id=1628475

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2019-05-27 15:00:11 +02:00
Jiri Denemark
e67b0a4576 spec: Unconditionally set ownership of /var/lib/libvirt/sanlock
The libvirt-lock-sanlock subpackage requires sanlock to be installed
first and the sanlock package creates the sanlock group on all distros
we care about in the spec file (Fedora and RHEL >= 7). Thus instead of
setting the ownership and permissions in a post scriptlet only when the
sanlock group exists we can just install the directory with the
appropriate metadata.

https://bugzilla.redhat.com/show_bug.cgi?id=1702758

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
2019-05-27 15:00:11 +02:00
Daniel P. Berrangé
06a61a202c rpm: remove dependancy from qemu to network/storage drivers
The libvirt-daemon-driver-qemu RPM has historically had a hard
dependency on the libvirt-daemon-driver-network and
libvirt-daemon-driver-storage-core packages. This was because the QEMU
driver would directly call into APIs that were part of these drivers.

The dependency to the storage driver was eliminated in

  commit 064fec69be
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   Thu Jan 25 09:35:46 2018 +0000

    storage: move storage file backend framework into util directory

The dependency to the network driver was eliminated in

  commit 5b13570ab8
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   Thu Jan 25 09:35:47 2018 +0000

    conf: introduce callback registration for domain net device allocation

  commit 1438aea4ee
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   Thu Jan 25 09:35:48 2018 +0000

    conf: expand network device callbacks to cover bandwidth updates

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-05-20 12:27:37 +01:00
Andrea Bolognani
4faaaa8b27 examples: Install under $(docdir)
Our build system doesn't currently install the various
example programs provided along libvirt; however, both the
upstream .spec file and the Debian packaging go out of
their way to make sure these useful demos are included in
the respective documentation packages.

Moreover, doing so without help from the upstream build
system is easy to get wrong: the libvirt-docs RPM package,
for example, ends up missing one of the examples and
including a bunch of empty .deps/ directories.

Install the examples in $(docdir) as part of our regular
procedure, so that users and downstreams don't have to do
anything special about them.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
2019-05-13 12:02:17 +02:00
Andrea Bolognani
6716c997f6 docs: Install documentation under $(docdir)
At the moment we allow the user to specify exactly where
they want the HTML documentation to be installed with an
extreme level of precision through the --with-html-dir and
--with-html-subdir configure options.

Most of the time, of course, the user will stick with the
default, that is $(datadir)/doc/$(PACKAGE)-$(VERSION)/html.

So close to $(docdir)! Including the version number in
the path, specifically, seems entirely unnecessary since
different releases of libvirt are not going to be able to
coexist on the same system anyway.

Drop all these custom flexibilty for flexibilty's sake
shenaningans in favor of the standard, well understood
$(docdir).

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
2019-05-13 12:02:13 +02:00
Andrea Bolognani
8a1179831b spec: Bump minimum supported Fedora version to 29
Fedora 30 is out, which means that Fedora 28 is going to be
EOL very soon. Let's get ahead of the game and drop support
for it right now.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-05-09 15:08:03 +02:00
Cole Robinson
25c4b01662 spec: fix f28 rpm without firewalld zone
Commit 3b71f2e42d added spec handling for with_firewalld_zone. We
now call %firewalld_reload if with_firewalld is set. But the matching
'BuildRequires: firewalld-filesystem' is only applied if
with_firewalld_zone is set.

Fix the former bit to use with_firewalld_zone

Reviewed-by: Laine Stump <laine@laine.org>
Reported-by: Yuval Turgeman <yturgema@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-04-30 14:08:08 -04:00
Laine Stump
65b08aff08 build: set --without-firewalld-zone in configure commandline for Fedora 30
The firewalld package in Fedora 30 didn't get support for rich rule
priorities, which is required by the libvirt zonefile that's installed
when the build is configured with --with-firewalld-zone, so we need to
set --without-firewalld-zone for that version of Fedora. The needed
feature is already upstream in firewalld, so it just needs another
upstream release to be there. Let's be optimistic and assume that will
happen prior to F31.

Resolves: https://bugzilla.redhat.com/1699051
Signed-off-by: Laine Stump <laine@laine.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Acked-by: Eric Garver <eric@garver.life>
2019-04-11 14:29:31 -04:00
Andrea Bolognani
d2d875fd2f spec: Move ldconfig calls from -client to -libs
ldconfig needs to be called after installing or uninstalling
shared libraries.

For a very long time, libvirt didn't have a separate package
containing just the shared libraries, and so it shipped them
in the same one as the clients.

Since commit 70b4f0e719, however, shared libraries have been
moved from -client to their own -libs package; unfortunately,
the corresponding ldconfig calls were not moved at the same
time, which is what this commit takes care of.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2019-03-27 10:59:54 +01:00
Cole Robinson
8d09acf66d spec: Remove libvirt < 0.9.4 upgrade compat
These blocks are only triggered when updating from a libvirt version
less than 0.9.4, which was released in August 2011. I think it's been
long enough that we can say this upgrade path is unsupported without
an intermediate step.

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-03-22 11:32:46 -04:00
Cole Robinson
769eab7d78 spec: Only call ldconfig on RHEL7
Since Fedora 28 (our minimum supported build), ldconfig is called
automatically for us:

https://fedoraproject.org/wiki/Changes/Removing_ldconfig_scriptlets

These changes appear to be implemented for RHEL > 7 as well, so only
run ldconfig on RHEL7

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2019-03-22 11:32:45 -04:00
Daniel P. Berrangé
fc65c22b73 rpm: fix upgrades when RBD is disabled in a new version
We previously had to disable RBD on 32-bit platforms since Ceph has
dropped all support for 32-bit. Unfortunately anyone with the RPM
libvirt-daemon-driver-storage-rbd installed on 32-bit now has a
broken upgrade path.

To fix this we must make libvirt-daemon-driver-storage-core
have an Obsoletes: libvirt-daemon-driver-storage-rbd < $VER-$REL

Reviewed-by: Erik Skultety <eskultet@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-03-20 17:05:23 +00:00
Daniel P. Berrangé
81c5e75e57 rpm: add dep on xfsprogs-devel for reflink support
Support for XFS reflink clone was added in:

  commit 8ed874b39b
  Author: Julio Faracco <jcfaracco@gmail.com>
  Date:   Fri Jul 6 10:43:01 2018 -0300

    storage: Rename btrfsCloneFile to support other filesystems.

  commit 2e11298f93
  Author: Julio Faracco <jcfaracco@gmail.com>
  Date:   Fri Jul 6 10:43:00 2018 -0300

    configure: Adding XFS library/headers check.

But these patches missed that the xfs/xfs.h header is not installed
unless you have xfsprogs-devel present.

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-03-07 11:46:16 +00:00
John Ferlan
5dded8c806 docs: Add schema for storage pool capabilities
Define a schema for the storage pool capabilities along with
a test to show the general format.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2019-03-06 11:12:48 -05:00
Michal Privoznik
1620bb0a30 tools: Drop support for pre-2.4.0 wireshark
The wireshark-2.4.0 is almost 2 years old now. Assuming anybody
interested in running latest libvirt doesn't run old wireshark,
it is safe to do this. It also simplifies the code.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-02-12 09:22:59 +01:00
Michal Privoznik
dc93997a83 m4: Put wireshark plugin into epan/ directory
Since wirshark-2.5.0 toplevel plugins are no longer loaded. Only
plugins from epan/, wiretap/ or codecs/ subdirs are. Update the
plugin dir we generate. This is safe to do even for older
wiresharks, since they load plugins from there too.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-02-12 09:22:59 +01:00
Laine Stump
3b71f2e42d configure: selectively install a firewalld 'libvirt' zone
In the past (when both libvirt and firewalld used iptables), if either
libvirt's rules *OR* firewalld's rules accepted a packet, it would
be accepted. This was because libvirt and firewalld rules were
processed during the same kernel hook, and a single ACCEPT result
would terminate the rule traversal and cause the packet to be
accepted.

But now firewalld can use nftables for its backend, while libvirt's
firewall rules are still using iptables; iptables rules are still
processed, but at a different time during packet processing
(i.e. during a different hook) than the firewalld nftables rules. The
result is that a packet must be accepted by *BOTH* the libvirt
iptables rules *AND* the firewalld nftable rules in order to be
accepted.

This causes pain because

1) libvirt always adds rules to permit DNS and DHCP (and sometimes
TFTP) from guests to the host network's bridge interface. But
libvirt's bridges are in firewalld's "default" zone (which is usually
the zone called "public"). The public zone allows ssh, but doesn't
allow DNS, DHCP, or TFTP. So even though libvirt's rules allow the
DHCP and DNS traffic, the firewalld rules (now processed during a
different hook) dont, thus guests connected to libvirt's bridges can't
acquire an IP address from DHCP, nor can they make DNS queries to the
DNS server libvirt has setup on the host. (This could be solved by
modifying the default firewalld zone to allow DNS and DHCP, but that
would open *all* interfaces in the default zone to those services,
which is most likely not what the host's admin wants.)

2) Even though libvirt adds iptables rules to allow forwarded traffic
to pass the iptables hook, firewalld's higher level "rich rules" don't
yet have the ability to configure the acceptance of forwarded traffic
(traffic that is going somewhere beyond the host), so any traffic that
needs to be forwarded from guests to the network beyond the host is
rejected during the nftables hook by the default zone's "default
reject" policy (which rejects all traffic in the zone not specifically
allowed by the rules in the zone, whether that traffic is destined to
be forwarded or locally received by the host).

libvirt can't send "direct" nftables rules (firewalld only supports
direct/passthrough rules for iptables), so we can't solve this problem
by just sending explicit nftables rules instead of explicit iptables
rules (which, if it could be done, would place libvirt's rules in the
same hook as firewalld's native rules, and thus eliminate the need for
packets to be accepted by both libvirt's and firewalld's own rules).

However, we can take advantage of a quirk in firewalld zones that have
a default policy of "accept" (meaning any packet that doesn't match a
specific rule in the zone will be *accepted*) - this default accept will
also accept forwarded traffic (not just traffic destined for the host).

Of course we don't want to modify firewalld's default zone in that
way, because that would affect the filtering of traffic coming into
the host from other interfaces using that zone. Instead, we will
create a new zone called "libvirt". The libvirt zone will have a
default policy of accept so that forwarded traffic can pass and list
specific services that will be allowed into the host from guests (DNS,
DHCP, SSH, and TFTP).

But the same default accept policy that fixes forwarded traffic also
causes *all* traffic from guest to host to be accepted. To close this
new hole, the libvirt zone can take advantage of a new feature in
firewalld (currently slated for firewalld-0.7.0) - priorities for rich
rules - to add a low priority rule that rejects all local traffic (but
leaves alone all forwarded traffic).

So, our new zone will start with a list of services that are allowed
(dhcp, dns, tftp, and ssh to start, but configurable via any firewalld
management application, or direct editing of the zone file in
/etc/firewalld/zones/libvirt.xml), followed by a low priority
<reject/> rule (to reject all other traffic from guest to host), and
finally with a default policy of accept (to allow forwarded traffic).

This patch only creates the zonefile for the new zone, and implements
a configure.ac option to selectively enable/disable installation of
the new zone. A separate patch contains the necessary code to actually
place bridge interfaces in the libvirt zone.

Why do we need a configure option to disable installation of the new
libvirt zone? It uses a new firewalld attribute that sets the priority
of a rich rule; this feature first appears in firewalld-0.7.0 (unless
it has been backported to am earlier firewalld by a downstream
maintainer). If the file were installed on a system with firewalld
that didn't support rule priorities, firewalld would log an error
every time it restarted, causing confusion and lots of extra bug
reports.

So we add two new configure.ac switches to avoid polluting the system
logs with this error on systems that don't support rule priorities -
"--with-firewalld-zone" and "--without-firewalld-zone". A package
builder can use these to include/exclude the libvirt zone file in the
installation. If firewalld is enabled (--with-firewalld), the default
is --with-firewalld-zone, but it can be disabled during configure
(using --without-firewalld-zone). Targets that are using a firewalld
version too old to support the rule priority setting in the libvirt
zone file can simply add --without-firewalld-zone to their configure
commandline.

These switches only affect whether or not the libvirt zone file is
*installed* in /usr/lib/firewalld/zones, but have no effect on whether
or not libvirt looks for a zone called libvirt and tries to use it.

NB: firewalld zones can only be added to the permanent config of
firewalld, and won't be loaded/enabled until firewalld is restarted,
so at package install/upgrade time we have to restart firewalld. For
rpm-based distros, this is done in the libvirt.spec file by calling
the %firewalld_restart rpm macro, which is a part of the
firewalld-filesystem package. (For distros that don't use rpm
packages, the command "firewalld-cmd --reload" will have the same
effect).

Signed-off-by: Laine Stump <laine@laine.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-02-01 12:08:37 -05:00
Daniel P. Berrangé
388998ac76 rpm spec: remove %{extra_release} from spec
The %{extra_release} field was previously populated by data from the old
autobuild.sh file but is no longer used.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-01-22 11:16:08 +00:00
Daniel P. Berrangé
635c45a925 rpm spec: don't assume %{fedora} exists as a macro
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-01-21 14:05:35 +00:00
Daniel P. Berrangé
6c6001bddb rpm spec: disable ceph on 32-bit architectures
Ceph in upstream and Fedora has dropped support for building on host
architectures which are 32-bit.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-01-21 12:20:14 +00:00
Michal Privoznik
29682196d8 Drop UML driver
The driver is unmaintained, untested and severely broken for
quite some time now. Since nobody even reported any issue with it
let us drop it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-12-17 17:52:46 +01:00
Andrea Bolognani
2569ba1338 spec: Drop support for Fedora 27
In accordance with our platform support policy, now that
Fedora 29 is out we no longer support building on Fedora 27.

This allows us to remove a few version checks.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2018-11-08 14:01:07 +01:00
Daniel P. Berrangé
87f71398fe rpm: disable some features on riscv64
numctl, numad and zfs-fuse are not available on riscv64 targets

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-10-05 13:59:31 +01:00
Jiri Denemark
b1a0f691ce spec: Build ceph and gluster support everywhere
Both ceph and gluster have been built on RHEL on all architectures for
some time, there's no need to limit them to x86_64.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2018-09-27 17:32:40 +02:00
Jiri Denemark
8004767030 spec: Set correct TLS priority
RHEL-7 is the only system where gnutls is too old to support @LIBVIRT
specifier.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2018-09-27 17:32:40 +02:00
Fabiano Fidêncio
b3b7b38092 rpm: increase min required Fedora to 27
Fedora 26 has reached its EOL on May 29th 2018.

https://lists.fedoraproject.org/archives/list/announce@lists.fedoraproject.org/message/XGG7GYUJN3VDA6HX4KJNFSKSQCGF2FMW/

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2018-09-11 08:52:27 +02:00
Daniel P. Berrangé
3ecbac95cd cpu: move the CPU map data files into a src/cpu_map directory
In preparation for splitting up the CPU map data file, move it into a
dedicated directory of its own.

Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-08-28 12:08:21 +01:00
Cole Robinson
a408a6dae8 spec: Add firmware/nvram paths for edk2 arm and ia32
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2018-08-16 09:16:45 -04:00
Cole Robinson
3b1f56bee8 spec: Change nvram comments to reference edk2 package names
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2018-08-16 09:16:45 -04:00
Andrea Bolognani
fe5b35c6b2 spec: Enable the iscsi-direct storage driver conditionally
Most distributions we build RPMs on don't ship a
recent enough version of libiscsi, so we can't enable
the driver unconditionally. Add an explicit dependency
on the runtime package while at it.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2018-08-14 15:01:40 +02:00
Andrea Bolognani
27bb9c944d spec: Require libiscsi-devel instead of libiscsi
Commit 34a6962c41 added a BuildRequires for the
iscsi-direct backend, but we need the headers rather
than the runtime package to be available in order to
link against the library.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2018-08-14 14:33:10 +02:00
Cole Robinson
34a6962c41 spec: Add libvirt-daemon-driver-storage-iscsi-direct
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2018-08-13 11:43:56 -04:00
Ján Tomko
d99a89592d Revert "Switch from yajl to Jansson"
This reverts commit 9cf38263d0.

Jansson cannot parse QEMU's quirky JSON.
Revert back to yajl.

https://bugzilla.redhat.com/show_bug.cgi?id=1614569

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-08-13 15:50:01 +02:00
Ján Tomko
6c3d66ac74 Revert "util: avoid symbol clash between json libraries"
This reverts commit ce3c6ef684.

Jansson cannot parse QEMU's quirky JSON.
Revert back to yajl.

https://bugzilla.redhat.com/show_bug.cgi?id=1614569

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-08-13 15:50:00 +02:00
Daniel P. Berrangé
cc626ebe8d rpm: simplify applying of patches
The distros we support for RPM builds all have %autosetup support so we
can ditch the convoluted code for running git manually and use the RPM
defaults.

Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-08-08 16:28:37 +01:00
Cole Robinson
ff2bec49ec spec: Use %make_install
It's on RHEL7, saves a bit of typing, and lets us drop the comment

Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2018-08-08 09:04:24 -04:00
Daniel P. Berrangé
ce3c6ef684 util: avoid symbol clash between json libraries
The jansson and json-glib libraries both export symbols with a json_
name prefix and json_object_iter_next() clashes between them.

Unfortunately json-glib is linked in by GTK, so any app using GTK and
libvirt will get a clash, resulting in SEGV. This also affects the NSS
module provided by libvirt

Instead of directly linking to jansson, use dlopen() with the RTLD_LOCAL
flag which allows us to hide the symbols from the application that loads
libvirt or the NSS module.

Some preprocessor black magic and wrapper functions are used to redirect
calls into the dlopen resolved symbols.

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-07-31 18:04:53 +01:00
Daniel P. Berrangé
f508a65a21 rpm: remove conditionals for systemd
All our supported RHEL and Fedora versions include systemd, so we can
assume it is always present in the spec.

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-07-23 11:37:18 +01:00
Daniel P. Berrangé
0f5c19b4b6 rpm: increase min required RHEL to 7
We no longer build on RHEL-6, so can bump min required RHEL to 7
removing many conditions.

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-07-23 11:37:13 +01:00
Ján Tomko
9cf38263d0 Switch from yajl to Jansson
Yajl has not seen much activity upstream recently.
Switch to using Jansson >= 2.5.

All the platforms we target on https://libvirt.org/platforms.html
have a version >= 2.7 listed on the sites below:
https://repology.org/metapackage/jansson/versions
https://build.opensuse.org/package/show/devel:libraries:c_c++/libjansson

Additionally, Ubuntu 14.04 on Travis-CI has 2.5. Set the requirement
to 2.5 since we don't use anything from newer versions.

Implement virJSONValue{From,To}String using Jansson, delete the yajl
code (and the related virJSONParser structure) and report an error
if someone explicitly specifies --with-yajl.

Also adjust the test data to account for Jansson's different whitespace
usage for empty arrays and tune up the specfile to keep 'make rpm'
working when bisecting.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2018-07-18 17:54:18 +02:00
Pavel Hrdina
e1bc278ecc spec: remove libcgroup and cgconfig
RHEL-6/CentOS-6 is no longer supported, let's remove dependency on
libcgroup and code that enables/starts cgconfig service.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1602407

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-07-18 12:58:09 +02:00
Jiri Denemark
073d5041c7 spec: Explicitly require matching libvirt-libs
All drivers now link directly to libvirt.so rather than getting the
symbols from the daemon. Let's explicitly mention this dependency in the
spec file instead of relying on transitive dependency from
libvirt-daemon.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2018-07-11 13:37:48 +02:00
Pavel Hrdina
36e92adc7e spec: list new nwfilter schema files
Commit <41d619e99c2015eab2d56bea874e23ba9f52f829> introduced new RNG
schema files for nwfilter but forgot to update spec file.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-06-27 10:42:52 +02:00
Andrea Bolognani
aa51063927 spec: Move SASL configuration file from -libs to -daemon
SASL authentication is configured server-side, so the sample
configuration file should be shipped along with the daemon
rather than with the libraries.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2018-06-26 10:57:54 +02:00
Stefan Berger
d9c087f57d qemu: Extend qemu_conf with tpm-emulator support
Extend qemu_conf with user and group for running the tpm-emulator
and add directories to the configuration for the locations of the
log, state, and socket of the tpm-emulator.

Also add these new directories to the QEMU Makefile.inc.am and
the RPM spec file libvirt.spec.in.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-06 10:48:41 -04:00
Jiri Denemark
55e0cc2a42 spec: Fix requirement for "tc" on new distros
At least since Fedora 26 (maybe earlier, but we don't support older
Fedora releases), the "tc" tool is provided by a separate iproute-tc
package.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2018-06-01 17:38:37 +02:00
Jiri Denemark
7f8e1cb68f spec: Fix permissions of nwfilter XMLs
The nwfilter XMLs in /etc are defined as %ghost in the spec file, which
means rpm will not install them, but it will record its existence and
permissions in the database. During installation the files are copied in
a %post scriptlet from /usr/share/libvirt/nwfilter, but once libvirtd is
restarted, it will rewrite the files to add generated UUIDs.

While RPM recorded 644 mode for the XMLs, libvirt saves them with 600
and thus any future attempt to verify the libvirt-daemon-config-nwfilter
package would fail. We need to tell RPM the ghost files are supposed to
have 600 permissions.

https://bugzilla.redhat.com/show_bug.cgi?id=1559284

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2018-05-30 11:21:28 +02:00
Jiri Denemark
11a2550c27 spec: Enable libssh on future RHEL
Future RHEL will certainly be modern enough to support libssh.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2018-05-25 09:45:15 +02:00
Jiri Denemark
b6dddb5408 spec: Fix build without QEMU
libvirt_qemu_probes.stp is only generated when QEMU driver is enabled.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2018-05-21 10:33:39 +02:00
Cole Robinson
fe0fe366bf spec: Remove Group: tags
It's only required on el5 which we don't support anymore. Everywhere
else it's not used for anything useful

https://fedoraproject.org/wiki/RPMGroups

Signed-off-by: Cole Robinson <crobinso@redhat.com>
2018-05-08 09:50:55 -04:00
Igor Gnatenko
8a6e9c9b70 spec: Remove %clean section
None of currently supported distributions need that.
Last one was EL5 which is EOL for a while.

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2018-05-08 09:50:58 -04:00
Igor Gnatenko
c6ffdff878 spec: Remove BuildRoot definition
None of currently supported distributions need that.
It was needed last for EL5 which is EOL now

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2018-05-08 09:50:55 -04:00
Daniel P. Berrangé
01888af0e2 storage: create separate loadable modules for storage file drivers
The storage file drivers are currently loaded as a side effect of
loading the storage driver. This is a bogus dependancy because the
storage file code has no interaction with the storage drivers, and
even ultimately be running in a completely separate daemon.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-05-03 13:17:59 +01:00
Daniel P. Berrangé
78c5dfab42 rpm: set wireshark plugin directory from pkg-config
The wireshark plugin directory moved again in Fedora 29, and will
move again every time wireshark do a new minor release. Call out
to pkg-config to find the right directory to use in the RPM file
list.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-05-03 12:17:31 +01:00
Daniel P. Berrangé
9d3859d9d7 rpm: libvirt-daemon-driver-libxl must obsolete libvirt-daemon-driver-xen
Snce the xen driver was deleted we need to ensure that the old
libvirt-daemon-driver-xen sub-RPM gets removed on upgrade. We
achieve this my making libvirt-daemon-driver-libxl obsolete it.

We don't add a Provides: too, because libvirt-daemon-driver-libxl
is not a functionally identical replacement, since we don't want
to satisfy deps for 3rd party apps that have a Requires on the
libvirt-daemon-driver-xen RPM.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-05-03 11:18:42 +01:00
Jim Fehlig
bdb6ba0fad spec: remove legacy xen driver
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-04-09 11:39:28 -06:00
Daniel P. Berrangé
c018533156 rpm: add deps on rpcgen/libtirpc-devel
Since RPC support moved out of glibc we need to have explicit deps on
the new packages providing this functionality

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-04-03 16:05:51 +01:00
Daniel P. Berrangé
7495b1a779 rpm: fix incorrect expansion of macros with line continuations for args
Macros in RPMs are expanded before line continuations, so when we write

   %systemd_preun foo \
                  bar

What happens is that it expands to

   if [ $1 -eq 0 ] ; then
        # Package removal, not upgrade
        systemctl --no-reload disable --now foo \ > /dev/null 2>&1 || :
   fi
                 bar

which is obviously complete garbage and not what we expected. It is
simply not safe to ever use line continuations in combination with
macros.

Reviewed-by: Laine Stump <laine@laine.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-03-21 14:46:08 +00:00
Andrea Bolognani
7093e8c7a5 spec: Use Python 3 for building when possible
While RHEL / CentOS are still using Python 2 for the time being,
Fedora has already switched to Python 3 as the default Python
interpreter a while ago, so on that OS it doesn't make sense to
drag in Python 2 anymore; the same applies to future RHEL versions.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-03-20 14:03:00 +01:00
Daniel P. Berrangé
6c21ed93fc rpm: depend on python2, not bare python
Fedora requires packages to depend on "python2" RPM, not the unversioned
"python" name. Fortunately even though RHEL-6 ships a "python" RPM, it
has a virtual Provides for the "python2" name, so we don't need to
conditionalize this.

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-03-16 17:05:38 +00:00
Andrea Bolognani
9cd42e725f spec: Drop polkit-devel from BuildRequires
As of 2499d1a095 we don't link against libpolkit anymore, so
we only need the polkit package to be available during build.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-03-15 12:44:07 +01:00
Michal Privoznik
bf1b24514b libvirt:spec: Require gcc for build
According to latest discussion on fedora devel list [1] gcc will
be removed from default buildroot and packages requiring it must
have explicit build dependency,

1: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org/thread/IJFYI5Q2BYZKIGDFS2WLOBDUSEGWHIKV/

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2018-03-12 10:32:44 +01:00
Michal Privoznik
3154b3414a libvirt.spec.in: Don't distribute libvirtd.upstart
Firstly, for rpm we are building libvirt with
--init-script=systemd or --init-script=redhat. So upstart is
never enabled. And only due to a bug we installed
libvirtd.upstart file.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2018-02-23 11:11:20 +01:00
Daniel P. Berrangé
5590122937 rpm: don't enable fuse on RHEL-6
Fuse was recently enabled whereever LXC is enabled:

  commit 34783a9e6b
  Author: Jiri Denemark <jdenemar@redhat.com>
  Date:   Fri Feb 9 13:42:50 2018 +0100

    spec: Enable fuse only if LXC is enabled

Unfortunately the version of Fuse in RHEL-6 is too old for libvirt's
needs, but we still have LXC enabled there.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-02-22 12:49:15 +00:00
Jiri Denemark
bc84bb9fe0 spec: Drop overlapping triggers
The postun trigger for libvirt-daemon was defined twice for overlapping
ranges of package verions if systemd support was switched off (which
happens when building on something ancient, such as RHEL-6).

Let's combine the two triggers into the one which is called when
libvirt-daemon < 1.3.0 is uninstalled. As a side effect, virtlockd and
virtlogd might be reloaded twice after an upgrade from libvirt newer
than 1.2.1 and older than 1.3.0 (by postun script from the old libvirt
and postun trigger from the new libvirt).

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-02-14 15:55:18 +01:00
Jiri Denemark
cf555f9212 spec: Fix indentation in daemon's triggerpostun
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-02-14 15:55:18 +01:00
Jiri Denemark
b2ab38bfdc spec: Prepare for future RHEL
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-02-14 15:55:18 +01:00
Jiri Denemark
259b5ca73c spec: Drop checks for old Fedora releases
The oldest Fedora release supported by the spec file is 26. Checking for
anything older makes no sense.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-02-14 15:55:18 +01:00
Jiri Denemark
42188c1c65 spec: Build virt-login-shell iff LXC driver is enabled
Building virt-login-shell doesn't really make any sense without LXC and
doing so even breaks "make rpm" since the associated files are installed
but unpackaged (the login-shell sub package already depends on LXC).

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-02-14 15:55:18 +01:00
Jiri Denemark
34783a9e6b spec: Enable fuse only if LXC is enabled
Enabling fuse without LXC does not make a lot of sense because fuse is
used only by LXC.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-02-14 15:55:18 +01:00
John Ferlan
f65e8a9527 lockd: Install the admin sockets
Commit id 'ce7ae55e' added support for the lockd admin socket, but
forgot to add the socket to the make and spec files for installation
purposes.

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
2018-02-09 06:34:20 -05:00
John Ferlan
bffdd6c303 logd: Install the admin sockets
Commit id '85d45ff0' added support for the logd admin socket, but
forgot to add the socket to the make and spec files for installation
purposes.

NB: Includes breaking up the long %systemd_ lists across multiple lines
    for ease of reading

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
2018-02-09 06:34:20 -05:00
Michal Privoznik
08327dfff3 tools: Make symlinks to vsh bash-completion script
The bash-completion project documents that only those scripts
from $BASH_COMPLETIONS_DIR that share name with the current
command for which <TAB> was hit are loaded [1]. This means, that
vsh script we have there is not loaded. We have to create
symlinks for virsh and virt-admin.

At the same time, we have to create new RPM package because
virt-admin and client packages are independent. That means we
cannot place the vsh script in either of them. What we can do is
to have a different package that contains the completion script
and then virt-admin and client packages contain only the symlink
and require the bash-completion package.

1: https://github.com/scop/bash-completion#faq

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2018-01-31 15:41:51 +01:00
Daniel P. Berrange
2efd35a307 rpm: updates wrt min required fedora version
Update the min fedora to 26. Use a macro to record the min versions so that the
later error message is always in sync with the earlier version check. Clarify
the comment that refers to guessing of dist which does not actually happen.

Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2018-01-17 12:09:33 +00:00
Pavel Hrdina
5209781f67 spec: enable bash completion only on new enough distros
RHEL-6 doesn't have bash-completion package by default, it has to be
installed from EPEL.

Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-01-17 12:08:16 +01:00
Michal Privoznik
f0d390bc16 tools: Provide bash autompletion file
The only purpose of this file is to be sourced. After that one
can use completion even for their bash:

  # virsh list --<TAB><TAB>
  --all                   --inactive ...

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2018-01-11 18:53:04 +01:00
Jiri Denemark
4fe1125b77 spec: Make the build reproducible
If the spec file applies a patch which touches any file in the API XMLs
dependency tree, we need to regenerate the XMLs and consequently
recreate hvsupport.html. The file will contain a time stamp in a comment
which means it will be different every time the package is built. The
commit a54c962286 which added the time stamp also added support for
SOURCE_DATE_EPOCH environment variable. Let's set it to the time stamp
of the spec file itself to make the build reproducible.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pino Toscano <ptoscano@redhat.com>
2017-11-29 17:08:18 +01:00
Jiri Denemark
c2dc04c5aa spec: Turn on verbose build
When building a package in a build system, such as koji or cbs, logs are
the only thing which can be used to diagnose failures. Make them verbose
since human friendly output of V=0 build doesn't really help when a
build fails.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pino Toscano <ptoscano@redhat.com>
2017-11-29 17:08:18 +01:00
Jiri Denemark
1bf8934066 spec: Restart libvirtd in posttrans
When upgrading libvirt packages, there's no strict ordering for the
installation or removal of the individual libvirt sub packages. Thus
libvirt-daemon may be upgraded (and its %postun scriptlet) started
before all sub packages with driver libraries are upgraded. When
libvirt-daemon's %postun scriptlet restarts the daemon old drivers may
still be laying around and the daemon may crash when it tries to use
them.

Let's restart the daemon in %posttrans to make sure libvirtd is
restarted only after all sub packages are at the same version.

https://bugzilla.redhat.com/show_bug.cgi?id=1464300

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-10-31 16:00:50 +01:00
Daniel P. Berrange
f72d7cd933 Remove obsolete TODO file
We stopped autogenerating a TODO file from RFE bugs a long time
ago.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-10-16 10:22:34 +01:00
Jiri Denemark
0846296342 spec: Install README.md
Installing dead README symlink only is pretty useless.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2017-10-11 12:17:35 +02:00
Jiri Denemark
43d9cbd97b spec: Enable qemu driver on s390x on RHEL/CentOS
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-10-05 09:58:14 +02:00
Jiri Denemark
4ddb4bb861 spec: Delay supported_platform check
Building RPM should only be allowed on a supported platform, but
unpacking the source and applying all patches can be done anywhere.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-10-03 13:45:57 +02:00
Cole Robinson
11b0e889b5 spec: Fix %license compat on RHEL6
The macro needs to be defined closer to its usage
2017-09-15 13:04:18 -04:00
Cole Robinson
6cf1475a1c spec: Use %license when available
This is required by the fedora packaging guidelines:

https://fedoraproject.org/wiki/Packaging:LicensingGuidelines

This macro isn't available on stock RHEL6 so provide a backcompat
definition

https://bugzilla.redhat.com/show_bug.cgi?id=1483293

Reported-by: Ville Skyttä <ville.skytta@iki.fi>
2017-09-15 08:43:54 -04:00
Ville Skyttä
6966a8cd18 spec: Own %{_libdir}/libvirt{,/connection-driver} dirs
Owning all created directories is a requirement of the Fedora
packaging guidelines

https://bugzilla.redhat.com/show_bug.cgi?id=1483293
Signed-off-by: Cole Robinson <crobinso@redhat.com>
2017-09-15 08:43:54 -04:00
Daniel P. Berrange
0c3d8bb514 rpm: conditionalize dep on perl for perl-interpretor split in F27
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-08-04 16:20:12 +01:00
Daniel P. Berrange
f802c9de09 docs: drop XHTML 1.0 validation of website
The HTML pages are currently validated against an XHTML 1.0 DTD.
This makes it impossible to take advantage of features that are
introduced in HTML 5, because they'll fail validation.

There is intentionally no DTD defined for HTML 5, so there's no
alternative to XHTML 1.0 DTD that we could switch to. The only
options are to stick with XHTML 1.0 forever, or drop the DTD
validation, and we pick the latter.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-08-02 17:00:11 +01:00
Neal Gompa
9af764e86a spec: Add support for building the zfs storage driver
Where it can be supported in Fedora, the driver is built and made
available as a subpackage.

Signed-off-by: Neal Gompa <ngompa13@gmail.com>
2017-07-19 12:39:20 -04:00
Andrea Bolognani
53d3f8b224 spec: Use HTTPS instead of HTTP
libvirt.org supports HTTPS, so might as well use it.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2017-05-11 18:35:45 +02:00
Cole Robinson
1d07a5bf3c spec: Update version check for maint Source URL
New maint release version numbers of just A.B.C format, not the old
A.B.C.D format. Adjust the check that dynamically changes the Source
URL for maint releases

Signed-off-by: Cole Robinson <crobinso@redhat.com>
Acked-by: Andrea Bolognani <abologna@redhat.com>
2017-05-09 12:09:34 -04:00
Daniel P. Berrange
4727594078 Don't use ceph-devel on Fedora
A previous commit changed the spec to use librbd1-devel on
RHEL-7, since this replaces ceph-devel from RHEL-6:

  commit 6cfc8834c8
  Author: Peter Krempa <pkrempa@redhat.com>
  Date:   Thu Mar 5 11:40:54 2015 +0100

    spec: Enable RBD storage driver in RHEL-7

    Use correct package names too as they differ.

RHEL-7 inherited this rename from Fedora though, so it should
have also made Fedora use the new names.

This was missed, because Fedora still provides a (deprecated)
back-compat RPM for ceph-devel that just pulls in librbd1-devel
(and others).

Fixing this stops libvirt pulling Java into the build root in
Fedora.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-05-09 11:57:55 +01:00
Daniel P. Berrange
e6c3b59c19 Add ability to generate man page describing key code names & values
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-04-25 21:20:43 +01:00
Jiri Denemark
1d3963dba5 spec: Avoid RPM verification errors on nwfilter XMLs
/etc/libvirt/nwfilter/*.xml files are installed with no UUID, which
means libvirtd will automatically alter all of them once it starts. Thus
RPM verification will always fail on them. Let's use a trick similar to
the default network XML and store nwfilter XMLs in /usr/share. They will
be copied into /etc in %post. Additionally the /etc files are marked as
%ghost so that they are uninstalled if the RPM package is removed.

Note that the %post script overwrites existing files with new ones on
upgrade, which is what has always been happening.

https://bugzilla.redhat.com/show_bug.cgi?id=1431581
https://bugzilla.redhat.com/show_bug.cgi?id=1378774

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-04-19 11:36:06 +02:00
Daniel P. Berrange
3c647ee4bb Switch to GSSAPI (kerberos) instead of the insecure DIGEST-MD5
RFC 6331 documents a number of serious security weaknesses in
the SASL DIGEST-MD5 mechanism. As such, libvirtd should not
by using it as a default mechanism. GSSAPI is the only other
viable SASL mechanism that can provide secure session encryption
so enable that by defalt as the replacement.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-03-15 18:14:51 +00:00
Philipp Hahn
d7dcea6f60 doc: fix writing of QEMU
QEMU should be written all upper or all lower case.
2017-03-08 17:33:07 +01:00
Peter Krempa
27c8e36d60 spec: Modularize the storage driver
Create a new set of sub-packages containing the new storage driver
modules so that certain heavy-weight backends (gluster, rbd) can be
installed separately only if required.

To keep backward compatibility the 'libvirt-driver-storage' package
will be turned into a virtual package pulling in all the new storage
backend sub-packages. The storage driver module will be moved into
libvirt-driver-storage-core including the filesystem backend which is
mandatory.

This then allows to make libvirt-daemon-driver-qemu depend only on the
core of the storage driver.

All other meta-packages still depend on the full storage driver and thus
pull in all the backends.
2017-02-22 09:31:33 +01:00
Peter Krempa
0a6d3e51b4 storage: Turn storage backends into dynamic modules
If driver modules are enabled turn storage driver backends into
dynamically loadable objects. This will allow greater modularity for
binary distributions, where heavyweight dependencies as rbd and gluster
can be avoided by selecting only a subset of drivers if the rest is not
necessary.

The storage modules are installed into 'LIBDIR/libvirt/storage-backend/'
and users can override the location by using
'LIBVIRT_STORAGE_BACKEND_DIR' environment variable.

rpm based distros will at this point install all the backends when
libvirt-daemon-driver-storage package is installed.
2017-02-22 09:31:33 +01:00
Peter Krempa
4fb105f681 spec: Don't check for storage driver backends in configure script
Explicitly enable --with-storage-scsi and disable --without-storage-zfs
and --without-storage-vstorage so that the configure script doesn't
check for them.

Note that --with-storage-dir is enabled by default.
2017-02-22 09:31:33 +01:00
Andrea Bolognani
e04bd5b6fc spec: Require libacl when building the QEMU driver
For the namespaces feature to work properly we need to be able
to make a perfect copy of the original /dev, including ACLs.

By adding a BuildRequires on libacl-devel we ensure that ACL
support will be enabled at configure time and made available
to the QEMU driver.
2017-02-14 19:07:43 +01:00
Jiri Denemark
cff9de3eb4 spec: Enable qemu driver for RHEL-7 on aarch64
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-01-30 10:22:16 +01:00
Peter Krempa
dd335d03e8 spec: Depend on the gluster command line tool
The gluster command line tool that is used to lookup storage pool
sources moved from the gluster-client package to gluster-cli.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1349441
2017-01-18 11:05:26 +01:00
Michal Privoznik
b64af8f81d libvirt.spec: Package libnss_libvirt_guest.so.2
In 22f7ceb695 I've introduced another NSS module
but forgot to package it in libvirt-nss.rpm.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-12-08 15:25:17 +01:00
Daniel P. Berrange
0be9cea199 test: fix screenshot API impl
When redoing the website we deleted the libvirtLogo.png file
not remembering that the test driver screenshot API impl
relied on it.

Rather than having the test driver use the logo as a side
effect, give it its own dedicated image to use. This is
installed in /usr/share/libvirt/test-screenshot.png and
is taken from a NeXT Cube running WorldWideWeb[1]. The
very first web browser in existance, running on the
hardware it was originally written on.

[1] https://en.wikipedia.org/wiki/WorldWideWeb

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-12-08 10:57:32 +00:00
Nikolay Shirokovskiy
01079727fe libvirtd: systemd: add special target for system shutdown
It is already discussed in "[RFC] daemon: remove hardcode dep on libvirt-guests" [1].

Mgmt can use means to save/restore domains on system shutdown/boot other than
libvirt-guests.service. Thus we need to specify appropriate ordering dependency between
libvirtd, domains and save/restore service. This patch takes approach suggested
in RFC and introduces a systemd target, so that ordering can be built next way:

libvirtd -> domain -> virt-guest-shutdown.target -> save-restore.service.

This way domains are decoupled from specific shutdown service via intermediate
target.

[1] https://www.redhat.com/archives/libvir-list/2016-September/msg01353.html
2016-11-23 11:13:53 +03:00
Pino Toscano
e7a7807bd6 spec: enable libssh transport on Fedora 2016-11-15 15:50:51 +01:00
Daniel P. Berrange
e3e0f36719 docs: redo style of front page
Use a large logo banner across the front page. Tile the
three lists of links into three panels

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-11-11 12:15:03 +00:00
Andrea Bolognani
11d571eaa7 spec: Run all make jobs in parallel
Commit e8861f6971 changed our spec file to compile and run
tests in parallel. That's a very good step forward, but why
stop there? Let's run *all* make jobs in parallel and really
put those expensive cores to use!

On my laptop, this shaves ~10s off 'make rpm'.
2016-11-07 17:27:23 +01:00
Michal Privoznik
e8861f6971 libvirt.spec: Build & run tests in parallel
So far, the main code is built in parallel, which makes it pretty
fast. But with a lots of tests we have now I've noticed this part
takes too much time to build. The problem was that tests were
build and run in a single job.

Also, 'make' in the first hunk is useless. The test suite is not
built due to 'make all' because there's no .git in the sources
unpacked from a tar.xz archive. It's 'make check' which triggers
tests build.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-11-03 21:38:46 +08:00
Andrea Bolognani
c9ddecdf44 spec: Drop support for Fedora < 23
We only claim support for OSs that are still supported by the
respective vendors, which means anything older than Fedora 23
is out. Reword the comment a bit to highlight the criteria.
2016-10-19 17:06:41 +02:00
Jiri Denemark
1ee7efef6f spec: Package cputypes.rng
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-09-27 13:27:52 +02:00
Daniel P. Berrange
072e095660 rpm: set TLS priority to @LIBVIRT,SYSTEM on Fedora >= 25
With newest gnutls available in Fedora 25/rawhide, it is
possible to have TLS priority fallbacks, so we can finally
use --tls-priority=@LIBVIRT,SYSTEM

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-08-04 15:59:24 +01:00
Daniel P. Berrange
dcd5f59c5f libvirt.spec.in: fix indentation in previous commit
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-07-28 11:48:00 +01:00
Daniel P. Berrange
8035bf718a Fix RPM spec for wireshark on Fedora < 24
This previous commit

  commit cd9fcc8be7
  Author: Michal Privoznik <mprivozn@redhat.com>
  Date:   Wed Jul 27 16:58:32 2016 +0200

    libvirt.spec.in: Adapt to newest wireshark plugindir

Adapted the libvirt spec for wireshark >= 2.1.0 but
this ignored the fact that we enable wireshark from
Fedora 21 and 2.1.0 was only added in Fedora 24

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-07-28 11:02:02 +01:00
Michal Privoznik
cd9fcc8be7 libvirt.spec.in: Adapt to newest wireshark plugindir
In the old days, when wireshark plugin was introduced it was
installed under /usr/lib64/wireshark/plugins/$VERSION/ while with
wireshark-2.1.0 this path has changed just to
/usr/lib64/wireshark/plugins. We should teach our spec file about
this change.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-07-27 17:01:18 +02:00
Andrea Bolognani
55d8daa07e spec: Fix indentation
Commit ffc49e579c broke syntax-check:

  cppi: libvirt.spec.in: line 622: not properly indented
  cppi: libvirt.spec.in: line 624: not properly indented
  cppi: libvirt.spec.in: line 640: not properly indented
  cppi: libvirt.spec.in: line 642: not properly indented
  maint.mk: incorrect preprocessor indentation
  cfg.mk:697: recipe for target 'sc_spec_indentation' failed

Indent the new conditionals properly.
2016-07-13 19:02:15 +02:00
Daniel P. Berrange
ffc49e579c libvirt.spec.in: require systemd-container on >= f24
The systemd-machined tools libvirt uses were split into a
systemd-container RPM. Without depending on this, libvirt
may silently fallback to the non-systemd cgroup impl which
is not desirable.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-07-13 17:13:07 +01:00
Michal Privoznik
9a6e47c483 spec: Move virt-admin into its own package
The new package for the virt-admin binary is libvirt-admin.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-07-07 07:22:15 +02:00
Michal Privoznik
70b4f0e719 spec: Split libvirt-client
Currently, we have libvirt-client library which serves as a
collection point for all the libraries and client binaries we
have. Therefore we have couple of silly dependencies, for
instance libvirt-daemon depends on libvirt-client. Only because
the shared library is in the client package.
To solve this, new package libvirt-libs is introduced where all
the libraries are going to live. The client package is then set
to depend on this new package, just like the rest of packages
that suffer the same problem.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-07-07 07:22:15 +02:00
Jean-Marc Liger
e893d3ca8e libvirt.spec.in: Use libnl-devel for RHEL-6
RHEL-6 still needs to use libnl instead of libnl3, so re-add
the spec conditional mistakenly removed in

  commit 3694e038fd
  Author: Daniel P. Berrange <berrange@redhat.com>
  Date:   Wed May 4 15:43:08 2016 +0100

    libvirt.spec.in: drop Fedora < 20 and RHEL < 6
2016-06-29 17:38:15 +01:00
Erik Skultety
d0a9dbc323 spec: distribute admin API within libvirt-client package
With respect to to the following thread
https://www.redhat.com/archives/libvir-list/2016-June/msg01822.html, until we
introduce a new rpm package '-libs' that would allow us to drop daemon's
dependency on the client package, distribute admin API related stuff within
the client package (since it's the best analogy to the virsh client).

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-06-26 00:21:07 +02:00
Martin Kletzander
ddc99f11ac spec: Make driver-qemu require driver-storage
Without that we might get similar messages in the log:

  error : virDriverLoadModule:73 : failed to load module
  /usr/lib64/libvirt/connection-driver/libvirt_driver_qemu.so
  /usr/lib64/libvirt/connection-driver/libvirt_driver_qemu.so: undefined
  symbol: virStorageFileCreate

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-06-17 11:15:43 +02:00
Andrea Bolognani
2c51fa6ec4 maint: Switch to xz compressed PAX release archives
This allows us to produce releases that are roughly a third in
size, have no limitation on path length, and are still readable
by all supported platforms.
2016-06-15 18:53:34 +02:00
Daniel P. Berrange
8dfb796080 Use @SYSTEM priority for TLS on Fedora >= 21
In Fedora >= 21, there is a new crypto priority framework
that sets TLS policies globally for all apps. To activate
this with GNUTLS we must request "@SYSTEM" instead of
the traditional "NORMAL" string. The '@' causes gnutls todo
a lookup in its config file for the 'SYSTEM' keyword entry.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-08 13:48:46 +01:00
Daniel P. Berrange
c0bc172383 systemd: directly notify systemd instead of using sd_notify
The sd_notify method is used to tell systemd when libvirtd
has finished starting up. All it does is send a datagram
containing the string parameter to systemd on a UNIX socket
named in the NOTIFY_SOCKET environment variable. Rather than
pulling in the systemd libraries for this, just code the
notification directly in libvirt as this is a stable ABI
from systemd's POV which explicitly allows independant
implementations:

See "Reimplementable Independently" column in the
"$NOTIFY_SOCKET Daemon Notifications" row:

https://www.freedesktop.org/wiki/Software/systemd/InterfacePortabilityAndStabilityChart/

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1314881

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-07 09:37:57 +01:00
Cole Robinson
e9ef4dfac8 spec: Advertise nvram paths of official fedora edk2 builds
Fedora now ships edk2 firmware in its official repos, so adapt
the nvram path list to match. Eventually we can remove the nightly
links as well once some integration kinks have been worked out,
and documentation updated.

Move the macro building into the %build target, which lets us
build up a shell variable and make things a bit more readable

https://bugzilla.redhat.com/show_bug.cgi?id=1335395
2016-05-27 12:53:50 -04:00
Cole Robinson
90f9193cff spec: Remove %defattr usage
It was only needed for rpm versions that are much older than our
minimally supported distro

Some more details here: https://fedorahosted.org/fpc/ticket/77
2016-05-17 11:34:47 -04:00
Erik Skultety
df4d908d30 spec: Fix broken indentation reported by syntax-check
syntax-check complained about broken indentation in libvirt.spec.in which was
broken by commit 3694e038

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-11 20:03:57 +02:00
Daniel P. Berrange
7375948933 libvit.spec.in: Add missing BuildRequires against sheepdog
We were adding a sheepdog requirement at runtime, but forgetting
to turn it on at build time, so the underlying code was never
built.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:38 +01:00
Daniel P. Berrange
f008d918ad libvirt.spec.in: remove all changelog entries
The %changelog entries in the RPM are just a poor immitation
of the release notes, which is not what %changelog section
is for. It should be reflecting changes in the RPM packaging,
not changes in the application releases. Further, this bogus
list of changes has to be manually deleted every time we sync
the RPM with Fedora. Remove them, since they serve no useful
purpose.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:38 +01:00
Daniel P. Berrange
c3b1c51ed5 libvirt.spec.in: use explicit --with-xxx for all features
Rather than letting the configure script auto-detect features
we expect, use --with-xxx to explicitly mandate them. This
ensures that we get an error upfront when running configure,
rather than a failure later during build or RPM file packaging
time.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:38 +01:00
Daniel P. Berrange
4cc7c987c2 libvirt.spec.in: remove nss plugin conditional
Both RHEL and Fedora build the nss plugin at all times.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:38 +01:00
Daniel P. Berrange
5097fef87d libvirt.spec.in: remove libnl conditional
Both RHEL and Fedora build with libnl3 at all times.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:38 +01:00
Daniel P. Berrange
2c14e90d61 libvirt.spec.in: remove macvtap conditional
Both RHEL and Fedora build with macvtap at all times.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:38 +01:00
Daniel P. Berrange
4c6c4ca40e libvirt.spec.in: remove libpcap conditional
Both RHEL and Fedora build with libpcap at all times.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:38 +01:00
Daniel P. Berrange
01e681c49f libvirt.spec.in: remove nwfilter driver conditional
Both RHEL and Fedora build with the nwfilter driver enabled
at all times

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:38 +01:00
Daniel P. Berrange
c8bcff8143 libvirt.spec.in: remove nodedev conditional
Both RHEL and Fedora build with the nodedev driver enabled
at all times.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:38 +01:00
Daniel P. Berrange
a659559bb0 libvirt.spec.in: remove most storage conditionals
Both RHEL and Fedora build with the storage driver and
most of its sub-drivers enabled at all times.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:38 +01:00
Daniel P. Berrange
3e4009752f libvirt.spec.in: remove network driver conditiaonl
Both RHEL and Fedora build with the network driver
enabled at all times.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:38 +01:00
Daniel P. Berrange
d8a9ae98ca libvirt.spec.in: remove interface driver conditional
Both RHEL and Fedora build with the interface driver
enabled at all times.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:38 +01:00
Daniel P. Berrange
24553e174c libvirt.spec.in: remove selinux conditional
Both RHEL and Fedora build with selinux enabled at all
times.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:38 +01:00
Daniel P. Berrange
46c81bc42a libvirt.spec.in: remove yajl conditional
Both RHEL and Fedora build with yajl enabled at all times.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:38 +01:00
Daniel P. Berrange
a770e90809 libvirt.spec.in: remove polkit conditional
Both RHEL and Fedora build with polkit enabled at all
times.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:38 +01:00
Daniel P. Berrange
e0db77c38e libvirt.spec.in: remove sasl conditionals
Both RHEL and Fedora build with sasl enabled at all times.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:37 +01:00
Daniel P. Berrange
b3d8f4f3cd libvirt.spec.in: remove dtrace conditional
Both RHEL and Fedora build with dtrace enabled at all
times.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:37 +01:00
Daniel P. Berrange
29a34b3c16 libvirt.spec.in: remove audit conditional
Both RHEL and Fedora build with audit enabled at all
times.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:37 +01:00
Daniel P. Berrange
db9249a1f8 libvirt.spec.in: remove netcf conditional
Both RHEL and Fedora build with netcf enabled at all
times.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:37 +01:00
Daniel P. Berrange
64799c3f57 libvirt.spec.in: remove udev conditional
Both RHEL and Fedora build with udev enabled at all
times.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:37 +01:00
Daniel P. Berrange
023548c9b6 libvirt.spec.in: remove capng conditional
Both RHEL and Fedora build with capng enabled at all
times.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:37 +01:00
Daniel P. Berrange
6c5c56df07 libvirt.spec.in: remove apparmor conditional
Neither RHEL or Fedora build apparmor

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:37 +01:00
Daniel P. Berrange
f134e65c7e libvirt.spec.in: remove hal conditional
Neither RHEL or Fedora build HAL anymore.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:37 +01:00
Daniel P. Berrange
ddc81d7c77 libvirt.spec.in: remove avahi conditional
Both RHEL and Fedora build with avahi enabled at all
times.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:37 +01:00
Daniel P. Berrange
37465282e4 libvirt.spec.in: remove libvirtd conditional
Both RHEL and Fedora build with libvirtd enabled at
all times.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:37 +01:00
Daniel P. Berrange
4753c79600 libvirt.spec.in: remove conditional for driver modules
Both RHEL and Fedora build with driver modules enabled by
default, so there is no need for any conditional.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:37 +01:00
Daniel P. Berrange
2275c914e0 libvirt.spec.in: remove client only build option
A client only build dates back to RHEL5 where some architectures
did not build the libvirtd daemon, only the clients. Since RHEL5
was dropped this is no longer required.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:37 +01:00
Daniel P. Berrange
3694e038fd libvirt.spec.in: drop Fedora < 20 and RHEL < 6
Simplify conditionals to assume Fedora >= 20 or RHEL >= 6

The %prep section will explicitly check the version and
refuse to run if insufficient.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:37 +01:00
Daniel P. Berrange
56edf2fefe libvirt.spec.in: explicitly disable xenapi & vz drivers
The xenapi & vz drivers won't build in Fedora or RHEL
since their deps don't exist there.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:37 +01:00
Daniel P. Berrange
d6c25c34ef libvirt.spec: remove duplicate files from -docs package
Previous commit moved some lists out of the -devel package
and into the -docs package

  commit feffcc03a0
  Author: Cole Robinson <crobinso@redhat.com>
  Date:   Wed Apr 13 10:37:42 2016 -0400

    spec: Only pull in API docs with -devel package

What was not realized is that the rule 'libvirt-docs/*'
and ' docs/*.html docs/html docs/*.gif' actually point
to the exact same content. ie, we had previously included
the website HTML in *both* the -docs and -devel packages.

So this change ended up listing the files twice, which
caused RPM to print a load of warnings:

warning: File listed twice: /usr/share/doc/libvirt-docs/html
warning: File listed twice: /usr/share/doc/libvirt-docs/html/32favicon.png
warning: File listed twice: /usr/share/doc/libvirt-docs/html/404.html
warning: File listed twice: /usr/share/doc/libvirt-docs/html/acl.html
warning: File listed twice: /usr/share/doc/libvirt-docs/html/aclpolkit.html

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-04 10:11:37 +01:00
Andrea Bolognani
8fee0bb741 spec: Rename %{init_scripts} -> %{with_init_script}
The convention used throughout the file is to name variables after
the configure option they refer to.
2016-05-03 16:10:43 +02:00
Andrea Bolognani
11aba77a99 spec: Type --with-init-script correctly
Mixing dashes and underscores in configure options apparently
works fine, but it's confusing and just plain ugly.
2016-05-03 16:10:43 +02:00
Daniel Veillard
52f1874602 Release of libvirt-1.3.4
* docs/news.html.in libvirt.spec.in: update for release
* po/*.po* : regenerated
2016-05-01 09:50:21 +08:00
Andrea Bolognani
a528ae7fb7 spec: Use proper indentation
Commit 1d4400082a added some code that was not indented properly
and broke syntax-check. Fix it.
2016-04-26 17:38:17 +02:00
Cole Robinson
1d4400082a spec: If installing default network, restart libvirtd
If libvirt-daemon-config-network is installed while libvirtd is already
running, the daemon doesn't notice the network. Users then have to
manually restart libvirtd (or reboot) to pick up the network.

Instead let's trigger a daemon restart when the package is first installed.
Then the default network is available immediately if libvirtd was already
running.

https://bugzilla.redhat.com/show_bug.cgi?id=867546
2016-04-26 10:42:33 -04:00
Cole Robinson
3b9100a4d2 Revert "daemon: use socket activation with systemd"
This reverts commit 1e9808d3a1.

We shouldn't advertise libvirtd.socket activation, since currently
it means VM/network/... autostart won't work as expected.

We tried to find a middle ground by installing the config file without
an [Install] section, since systemd won't allow .socket to be enabled
without one... or at least it did do that; presently on f24 it allows
activating the socket quite happily. This also caused user confusion[1]

Just remove the socket file. I've filed a new RFE to track coming up
with a solution to the autostart problem[2], we can point users at that
if there's more confusion:

[1]: https://bugzilla.redhat.com/show_bug.cgi?id=1279348
[2]: https://bugzilla.redhat.com/show_bug.cgi?id=1326136
2016-04-20 08:53:38 -04:00
Cole Robinson
feffcc03a0 spec: Only pull in API docs with -devel package
Move some API specific documentation out of -docs package and into
-devel, and some end user docs out of -devel and into -docs, then
drop the -devel dep on -docs. This is more in line with the suggested
Fedora guidelines.

https://bugzilla.redhat.com/show_bug.cgi?id=1310155
2016-04-15 07:54:49 -04:00
Andrea Bolognani
ec37cf5486 spec: Include KVM support on RHEL 7 ppc64 and newer 2016-04-06 13:32:27 +02:00
Daniel Veillard
0086221cb3 Release of libvirt-1.3.3
- docs/news.html.in libvirt.spec.in: update for release
- po/*.po*: regenerated
2016-04-06 15:18:46 +08:00
Michal Privoznik
8054706c3f libvirt.spec.in: Introduce libvirt-nss package
Lets put the NSS module into its own package.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-03-18 17:29:53 +01:00
Daniel Veillard
dca504a1b9 Release of libvirt-1.3.2
* docs/news.html.in libvirt.spec.in: update for release
* po/*.po*: regenerated
2016-03-01 11:23:10 +08:00
Ján Tomko
d616544077 Spell VMware with a lowercase w
Replace all occurrences of VMWare outside the news.
2016-02-15 15:35:48 +01:00
Daniel Veillard
8fd68675e2 Release of libvirt-1.3.1
* docs/news.html.in libvirt.spec.in: update for release
* po/*.po*: regenerated
2016-01-17 10:29:57 +08:00
Cole Robinson
da176bf6b7 examples: Use one top level makefile
Using one Makefile per example subdirectory essentially serializes 'make'
calls. Convert to one example/Makefile that builds and distributes
all the subdir files. This reduces example/ rebuild time from about 5.8
seconds to 1.5 seconds on my machine.

One slight difference is that we no longer ship Makefile.am with the
examples in the rpm. This was virtually useless anyways since the Makefile
was very specific to libvirt infrastructure, so wasn't generically
reusable anyways.

Tested with 'make distcheck' and 'make rpm'
2016-01-09 21:14:12 -05:00
Michael Chapman
3e86757358 spec: chkconfig(8) and service(8) are in /sbin/, not /bin/
Signed-off-by: Michael Chapman <mike@very.puzzling.org>
2016-01-05 17:28:05 -05:00
Michael Chapman
c0617421ab spec: dbus-devel is needed as build dependency if polkit support is enabled
Signed-off-by: Michael Chapman <mike@very.puzzling.org>
2016-01-05 15:48:06 -05:00
Daniel Veillard
11288f56ee Release of libvirt-1.3.0
* docs/news.html.in libvirt.spec.in: update for release
* po/*.po*: regenerated
2015-12-09 17:13:48 +08:00
Daniel P. Berrange
da054f35ab rpm: explicitly enable & start virtlogd on install
When installing the libvirt-daemon RPM, we have a %post rule to
enable the libvirtd.service, virtlockd.socket and virtlogd.socket
files. This is only done, however, when the RPM is first installed,
not when upgrading RPMs. So virtlogd will not get activated on
upgrading, which is a problem as libvirt qemu driver will expect
it to be available by default.

This adds a trigger that is run when uninstalling libvirt-daemon
older than 1.3.0 that will enable & start virtlogd.socket if
libvirtd is enabled and/or started. Using the trigger rather
than %post ensures that it only runs once, allowing admins to
disable it explicitly thereafter without future upgrades
re-enabling it.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-12-08 11:08:16 +00:00
Martin Kletzander
2340f3ebfb admin: Distribute libvirt-admin.conf
Commit 48cd3dfa66 introduced configuration
file for libvirt-admin but forgot to distribute it.  Also the change
made to libvirt.conf in commit dbecb87f94
should've been removed thanks to introduction of separate config file.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-12-01 11:44:48 +01:00
Martin Kletzander
15b0a6d641 spec: Temporarily disable new admin-related files
The virt-admin binary and its man page should not yet be distributed,
but we need libvirt-common.h.  RPM build fails without specifying these.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-12-01 11:42:44 +01:00
Daniel P. Berrange
323a329b26 Import stripped down virtlockd code as basis of virtlogd
Copy the virtlockd codebase across to form the initial virlogd
code. Simple search & replace of s/lock/log/ and gut the remote
protocol & dispatcher. This gives us a daemon that starts up
and listens for connections, but does nothing with them.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-11-26 14:28:55 +00:00
Daniel Veillard
b091fef5cf Release of libvirt-1.2.21
* docs/news.html.in libvirt.spec.in: Updated for the release
* po/*.po*: regenerated
2015-11-04 10:59:12 +08:00
Michal Privoznik
7c8250d765 wireshark: Install to generic plugin directory
There has been a report on the list [1] that we are not
installing the wireshark dissector into the correct plugin
directory. And in fact we are not. The problem is, the plugin
directory path is constructed at compile time. However, it's
dependent on the wireshark version, e.g.

  /usr/lib/wireshark/plugins/1.12.6

This is rather unfortunate, because if libvirt RPMs were built
with one version, but installed on a system with newer one, the
plugins are not really loaded. This problem lead fedora packagers
to unify plugin path to:

  /usr/lib/wireshark/plugins/

Cool! But this was enabled just in wireshark-1.12.6-4. Therefore,
we must require at least that version.

And while at it, on some distributions, the wireshark.pc file
already has a variable that defines where plugin dir is. Use that
if possible.

1: https://www.redhat.com/archives/libvirt-users/2015-October/msg00063.html

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-10-29 13:55:06 +01:00
Cole Robinson
62ff210e5d spec: Delete .git after applying patches
I'm hitting this little annoyance in fedora's package repo:

$ fedpkg prep
Downloading libvirt-1.2.20.tar.gz
...
+ /usr/bin/gzip -dc /home/crobinso/src/fedora/libvirt/libvirt-1.2.20.tar.gz
$ git clean -xdf
Removing libvirt-1.2.20.tar.gz
Skipping repository libvirt-1.2.20/

We git-ify the libvirt directory as part of applying patches in the spec
file, but 'git clean' will ignore subfolders that appear to be standalone
git repos.

Let's just delete the .git directory after we're done with it.
2015-10-06 15:54:47 -04:00
Daniel P. Berrange
e3155cac18 libvirt.spec: fix accidental conditional inclusion of polkit docs
In previous change:

  commit 29b5167417
  Author: Jiri Denemark <jdenemar@redhat.com>
  Date:   Tue Aug 4 14:05:52 2015 +0200

    examples: Add example polkit ACL rules

The polkit examples were accidentally added to the spec inside
a %if %{with_network} conditional.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-10-02 16:08:02 +01:00
Daniel Veillard
439760214c Release of libvirt-1.2.20
* docs/news.html.in libvirt.spec.in: update for new release
* po/*.po*: regenerate localization
2015-10-02 13:17:16 +02:00
Cole Robinson
dae1250b24 spec: Fix some warnings with latest rpmbuild
$ rpmbuild -ba libvirt.spec
warning: Macro expanded in comment on line 5: # If neither fedora nor rhel was defined, try to guess them from %{dist}

warning: Macro %enable_autotools defined but not used within scope
warning: Macro %client_only defined but not used within scope
...
2015-09-22 15:57:23 -04:00
Martin Kletzander
f05f005c8b qemu: Allow others to browse /var/lib/libvirt/qemu
Commit f1f68ca334 tried fixing running multiple domains under various
users, but if the user can't browse the directory, it's hard for the
qemu running under that user to create the monitor socket.

The permissions need to be fixed in two places in the spec file due to
support for both installations with and without driver modules.

Creating a directory with '$(MKDIR_P) -m' shouldn't fail even on systems
where autoconf needs to fallback to 'install-sh -d'.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1146886

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-09-14 10:06:00 +02:00
Martin Kletzander
732ce2789b examples: Add missing build data for 'rename'
Commit e755186c5c added the rename example, but forgot to build some
essential files in there as well as add it to the spec file.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-09-07 09:00:19 +02:00
Jiri Denemark
29b5167417 examples: Add example polkit ACL rules
Creating ACL rules is not exactly easy and existing examples are pretty
simple. This patch adds a somewhat complex example which defines several
roles. Admins can do everything, operators can do basic operations
on any domain and several groups of users who act as operators but only
on a limited set of domains.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2015-09-04 17:26:04 +02:00
Daniel Veillard
66c5f02b96 Release of libvirt-1.2.19
* docs/news.html.in libvirt.spec.in: updated for the release
* po/*.po*: regenerated
2015-09-02 10:19:20 +08:00
Daniel Veillard
bd311d3a8a Fix a trailing space in spec file 2015-08-03 17:43:34 +08:00
Daniel Veillard
bcfdd8e836 Release of libvirt-1.2.18
* docs/news.html.in libvirt.spec.in: update for release
* po/*.po*: regenerated
2015-08-03 17:36:39 +08:00
Cole Robinson
6600f4f3d8 spec: Fix polkit dep on F23
As of fedora polkit-0.113-2, polkit-devel only pulls in polkit-libs, not
full polkit, but we need the latter for pkcheck otherwise our configure
test fails.
2015-07-21 14:06:37 -04:00
Daniel Veillard
845184b2fd Release of libvirt-1.2.17
* docs/news.html.in libvirt.spec.in: updated for the release
* po/*po*: regenerated
2015-07-02 13:22:30 +08:00
Martin Kletzander
1bcc88bbdd Temporarily disable admin API
Don't listen on the admin socket in the daemon and comment out the
admin devel files out of specfile.

Library is still being compiled and installed in order to link easily
without any disturbing modifications to the daemon code.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-06-28 11:34:25 +08:00
Martin Kletzander
886eb3c787 spec: Remove admin package specification
Its only file must be included in the daemon package anyway, since the
daemon is linked with the admin library and so then it's just an empty
package until we have virt-admin binary which we can decide later on
whether to just move it to clients or create a new package for it.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-06-28 11:34:19 +08:00
Michal Privoznik
6fc122c6b9 libvirt.spec: Don't expect virt-admin in libvirt-admin yet
While Martin introduced the binary (and its manpage) in commit
4e7ccf8713 it was pushed by mistake. Therefore it was reverted in
220393bfb0. The problem is, the original commit was not quite right
as the binary was added into the spec file in a different commit:
55e0c840af. So as long as the binary does not exist, we must remove it
from the spec file too.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-06-17 14:22:23 +02:00
Maxim Nestratov
9156991668 parallels: substitute parallels with vz spec file and Makefile
Since we have changed the name of the driver to vz, let's
reference it as vz everywhere.

Signed-off-by: Maxim Nestratov <mnestratov@parallels.com>
2015-06-17 15:07:55 +03:00
Martin Kletzander
878bf2a3c9 Add XML files with admin API specification
No online docs are build from it since it doesn't really fit into our
document structure and new page will need to be created for it, but this
is at least a heads-up commit for easier parsing in order to build some
documentation (or python bindings) later on.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-06-16 13:46:20 +02:00
Martin Kletzander
55e0c840af Add libvirt-admin library
Initial scratch of the admin library.  It has its own virAdmConnectPtr
that inherits from virAbstractConnectPtr and thus trivially supports
error reporting.

There's pkg-config file added and spec-file adjusted as well.

Since the library should be "minimalistic" and not depend on any other
library, the list of files is especially crafted for it.  Most of them
could've been put to it's own sub-libraries that would be LIBADD'd to
libvirt_util, libvirt_net_rpc and libvirt_setuid_rpc_client to minimize
the number of object files being built, but that's a refactoring that
isn't the orginal aim of this commit.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-06-16 13:46:20 +02:00
Jim Fehlig
df37c26e73 spec: fixes for recently introduced libxl conf files
Commit 198cc1d3 introduced libxl-lockd and libxl-sanlock config
files but forgot to add them to the spec file.  Follow-up commit
62b18d98 added the files to daemon-driver-libxl, but missed adding
them to the daemon package when configuring libvirt
--without-driver-modules.  In addition, commit 62b18d98 added
libxl-sanlock to daemon-driver-libxl, but it should be included
in lock-sanlock when libvirt is configured --with-sanlock.
2015-06-01 12:01:18 -06:00
Daniel Veillard
77fd04aaae Release of libvirt-1.2.16
- docs/news.html.in libvirt.spec.in: update for the release
- po/*.po*: regenerate
2015-06-01 10:30:29 +08:00
Jim Fehlig
77664cb406 libxl: add logrotate config file
Add logrotate config for log files in /var/log/libvirt/libxl.
2015-05-05 09:08:11 -06:00
Cole Robinson
e94979e901 polkit: Allow password-less access for 'libvirt' group
Many users, who admin their own machines, want to be able to access
system libvirtd via tools like virt-manager without having to enter
a root password. Just google 'virt-manager without password' and
you'll find many hits. I've read at least 5 blog posts over the years
describing slightly different ways of achieving this goal.

Let's finally add official support for this.

Install a polkit-1 rules file granting password-less auth for any user
in the new 'libvirt' group. Create the group on RPM install

https://bugzilla.redhat.com/show_bug.cgi?id=957300
2015-05-04 12:57:06 -04:00
Daniel Veillard
b978b85b24 Release of libvirt-1.2.15
- docs/news.html.in libvirt.spec.in: update for the release
- po/*.po*: regenerated
2015-05-04 11:43:04 +08:00
Pavel Hrdina
62b18d981c rpm-build: update %files section for libxl
Recent commit 198cc1d3 introduced integration of lockd and sanlock into
libxl, but forget to update libvirt.spec.in to also list new files
distributed via package.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2015-04-30 17:21:07 +02:00
Cole Robinson
19425d110b qemu: Build nvram directory at driver startup
Similar to what was done for the channel socket in the previous commit.
2015-04-24 10:30:42 -04:00
Cole Robinson
e31ab02fd0 qemu: Build channel autosocket directory at driver startup
Rather than depend on the RPM to put it in place, since this doesn't
cover the qemu:///session case. Currently auto allocated socket path is
completely busted with qemu:///session

https://bugzilla.redhat.com/show_bug.cgi?id=1105274

And because we chown the directory at driver startup now, this also fixes
autosocket startup failures when using user/group=root

https://bugzilla.redhat.com/show_bug.cgi?id=1044561
https://bugzilla.redhat.com/show_bug.cgi?id=1146886
2015-04-24 10:30:42 -04:00
Cole Robinson
f93e121129 spec: Point fedora --with-loader-nvram at nightly firmware repo
Fedora doesn't ship OVMF/AAVMF builds in its repos due to licensing
issues, so the recommended way to consume these bits is via Gerd's
nightly repo: https://www.kraxel.org/repos

Let's teach fedora builds about the loader/nvram pairs these packages
installed, so users don't need to edit qemu.conf to get virt-manager
UEFI support.
2015-04-22 18:29:39 -04:00
Cole Robinson
fa19aca168 spec: Fix libxl build with driver modules 2015-04-22 15:44:19 -04:00
Jim Fehlig
d0baac09e6 libxl: Introduce configuration file for libxl driver
Introduce libxl.conf configuration file, adding the 'autoballoon'
setting as the first knob for controlling the libxl driver.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2015-04-21 14:23:40 -06:00
Jiri Denemark
0c68ec7d78 daemon: Prefix sysctl configuration filename with a number
Apparently, files in /usr/lib/sysctl.d are usually prefixed with numbers
for easier ordering. Let's be consistent with this. I chose 60 for
libvirtd so that it goes after 50-default.conf.

https://bugzilla.redhat.com/show_bug.cgi?id=1084876
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2015-04-16 14:39:38 +02:00
Daniel Veillard
ecb9a5319a Release of libvirt-1.2.14
- docs/news.html.in libvirt.spec.in: update for the release
- po/*.po*: regenerated localization
2015-04-02 15:48:08 +08:00
Peter Krempa
6cfc8834c8 spec: Enable RBD storage driver in RHEL-7
Use correct package names too as they differ.
2015-03-05 16:24:53 +01:00
Daniel Veillard
1723cad6e7 Release of libvirt-1.2.13 2015-03-02 11:40:05 +08:00
Pavel Hrdina
259dfe24a8 libvirt.spec: remove vbox storage and network .so files
Commit 55ea7be7 removed separated modules for vbox_network and
vbox_storage drivers but forget to update libvirt.spec.in file. This
patch will fix rpm build.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2015-01-28 19:05:25 +01:00
Daniel Veillard
fd596a4583 Release of libvirt-1.2.12
* docs/news.html.in libvirt.spec.in: updated for the release
* po/*.po*: regenerated the po
2015-01-27 16:01:12 +08:00
Jiri Denemark
97c6271150 spec: Fix syntax
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2014-12-16 09:21:40 +01:00
Daniel P. Berrange
34f03984a6 spec: Disable -Werror in Fedora RPM builds
Since we switched to using GIT to apply patches in the RPM spec,
we automagically also turned on -Werror, since the .git directory
now exists. We don't want this on in Fedora, since changing
header files often lead to new warnings being issued. Explicitly
turn off -Werror for non-RHEL platforms, instead of relying on
the defaults
2014-12-15 18:08:45 +00:00
Daniel Veillard
d171cac6a5 Release of libvirt-1.2.11
- docs/news.html.in libvirt.spec.in: update for release
- po/*.po*: updated localization and regenerated
2014-12-13 10:43:56 +08:00
Martin Kletzander
e9e5eee5a8 build: Move check for XML::XPath into bootstrap
The module XML::XPath is needed when building from git only (no need to
have it when building from tarball), so this patch moves the check from
specfile into bootstrap.conf.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-12-09 08:23:21 +01:00
Ján Tomko
a47ae7c004 Generate a MAC when loading a config instead of package update
Partially reverts commit 5754dbd.

The code in the specfile adds a MAC address to every <bridge>,
even for <forward mode='bridge'> for which we don't support
changing MAC addresses.

Remove it completely. For new networks, we have been adding
MAC addresses on definition/creation since the commit mentioned above.
For existing networks (pre-0.9.0), the MAC is added by this commit.

https://bugzilla.redhat.com/show_bug.cgi?id=1156367
2014-12-02 15:56:33 +01:00
Martin Kletzander
af1b89d1d4 docs: Correct invalid hyperlinks
Since libvirt.h was split into multiple files and similarly
docs/libvirt-libvirt.html, docs/hvsupport.html have bad hyperlinks.  The
same happens for all the html.in files that used <code class='docref'>
tag, because page.xsl has no idea where to point the link that's found.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-12-02 07:30:10 +01:00
Jiri Denemark
1fd8360751 spec: Automatically apply all patches with git
With this change, any patch declared in libvirt.spec with Patch[0-9]* is
automatically applied in %prep. Unlike with the standard %patch[0-9]*,
patches are applied with "git am" to avoid some unexpected results.
However, as a result of this, all patches must be in the right format
for "git am" to be able to apply them; they should ideally be generated
from git using "git format-patch".

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2014-11-24 10:02:15 +01:00
Daniel Veillard
2e87e0aa8c Release of libvirt-1.2.10
- docs/news.html.in libvirt.spec.in: update for release
- po/*.po*: fetched loclalization and regenerated
2014-11-03 14:32:39 +08:00
Daniel P. Berrange
bcec07b9f0 Move virConnect related APIs out of libvirt.h.in
Create a new libvirt-host.h file to hold the public
API definitions for the virConnect type. This header
file is not self-contained, so applications will not directly
include it. They will continue to #include <libvirt/libvirt.h>
2014-10-24 17:23:51 +01:00
Daniel P. Berrange
653a5e4939 Move virDomain related APIs out of libvirt.h.in
Create a new libvirt-domain.h file to hold the public
API definitions for the virDomain type. This header
file is not self-contained, so applications will not directly
include it. They will continue to #include <libvirt/libvirt.h>
2014-10-24 17:23:32 +01:00
Daniel P. Berrange
6d9c5f3735 Move virEvent related APIs out of libvirt.h.in
Create a new libvirt-event.h file to hold the public
API definitions for the virEvent type. This header
file is not self-contained, so applications will not directly
include it. They will continue to #include <libvirt/libvirt.h>
2014-10-24 17:23:17 +01:00
Daniel P. Berrange
c9456e1a7f Move virStoragePool/Vol related APIs out of libvirt.h.in
Create a new libvirt-storage.h file to hold the public
API definitions for the virStorage/Vol type. This header
file is not self-contained, so applications will not directly
include it. They will continue to #include <libvirt/libvirt.h>
2014-10-24 17:22:57 +01:00
Daniel P. Berrange
2805ddb29a Move virStream related APIs out of libvirt.h.in
Create a new libvirt-stream.h file to hold the public
API definitions for the virStream type. This header
file is not self-contained, so applications will not directly
include it. They will continue to #include <libvirt/libvirt.h>

Note the definition of virStreamPtr is not moved, since that
must be declared early for all other libvirt APIs to be able
to reference it.
2014-10-24 17:22:38 +01:00
Daniel P. Berrange
75ff42fe7c Move virSecret related APIs out of libvirt.h.in
Create a new libvirt-secret.h file to hold the public
API definitions for the virSecret type. This header
file is not self-contained, so applications will not directly
include it. They will continue to #include <libvirt/libvirt.h>
2014-10-24 17:22:20 +01:00
Daniel P. Berrange
0147d6b88f Move virNodeDevice related APIs out of libvirt.h.in
Create a new libvirt-nodedev.h file to hold the public
API definitions for the virNodeDevice type. This header
file is not self-contained, so applications will not directly
include it. They will continue to #include <libvirt/libvirt.h>
2014-10-24 17:21:59 +01:00
Daniel P. Berrange
40741984fc Move virNWFilter related APIs out of libvirt.h.in
Create a new libvirt-nwfilter.h file to hold the public
API definitions for the virNWFilter type. This header
file is not self-contained, so applications will not directly
include it. They will continue to #include <libvirt/libvirt.h>
2014-10-24 17:21:34 +01:00
Daniel P. Berrange
fc964bfc27 Move virInterface related APIs out of libvirt.h.in
Create a new libvirt-interface.h file to hold the public
API definitions for the virInterface type. This header
file is not self-contained, so applications will not directly
include it. They will continue to #include <libvirt/libvirt.h>
2014-10-24 17:21:15 +01:00
Daniel P. Berrange
5c9789d2d1 Move virNetwork related APIs out of libvirt.h.in
Create a new libvirt-network.h file to hold the public
API definitions for the virNetwork type. This header
file is not self-contained, so applications will not directly
include it. They will continue to #include <libvirt/libvirt.h>
2014-10-24 17:20:52 +01:00
Daniel P. Berrange
84783d9d1c Move virDomainSnapshot related APIs out of libvirt.h.in
Create a new libvirt-domain-snapshot.h file to hold the public
API definitions for the virDomainSnapshot type. This header
file is not self-contained, so applications will not directly
include it. They will continue to #include <libvirt/libvirt.h>
2014-10-24 17:20:20 +01:00
Daniel Veillard
8a24579f3e Release of libvirt-1.2.9
* docs/news.html.in libvirt.spec.in: update for release
* po/*.po*: updated localizations and regenerated
2014-10-01 16:45:32 +08:00
Laine Stump
22048ae61d network: detect conflicting route even if it is the final entry
This is a folloup to commit 5f719596, which checks for a route
conflicting with the standard libvirt default network subnet
(192.168.122.0/24). It turns out that $() strips the trailing newline
from the output of "ip route show", so there would be no match if the
route we were looking for was the final line of output. This can be
solved by adding ${nl} to the end of the output (just as we were
already adding it at the beginning of the output).
2014-09-15 14:35:29 -04:00
Laine Stump
5f71959667 network: try to eliminate default network conflict during package install
Sometimes libvirt is installed on a host that is already using the
network 192.168.122.0/24. If the libvirt-daemon-config-network package
is installed, this creates a conflict, since that package has been
hard-coded to create a virtual network that also uses
192.168.122.0/24. In the past libvirt has attempted to warn of /
remediate this situation by checking for conflicting routes when the
network is started, but it turns out that isn't always useful (for
example in the case that the *other* interface/network creating the
conflict hasn't yet been started at the time libvirtd start its own
networks).

This patch attempts to catch the problem earlier - at install
time. During the %post install script for
libvirt-daemon-config-network, we use a case statement to look through
the output of "ip route show" for a route that exactly matches
192.168.122.0/24, and if found we search for a similar route that
*doesn't* match (e.g. 192.168.124.0/24) (note that the search starts
with "124" instead of 123 because of reports of people already
modifying their L1 host's network to 192.168.123.0/24 in an attempt to
solve exactly the problem we are also trying to solve).  When we find
an available route, we just replace all occurrences of "122" in the
default.xml that is being created with the newly found 192.168
subnet. This could obviously be made more complicated - examine the
template defaul.xml to automatically determine the existing network
address and mask rather than hard coding it in the specfile, etc, but
this scripting is simpler and gets the job done as long as we continue
to use 192.168.122.0/24 in the template. (If anyone with mad bash
skillz wants to suggest something to do that, by all means please do).

This is intended to at least "further reduce" occurrence of the
problems detailed in:

  https://bugzilla.redhat.com/show_bug.cgi?id=811967
2014-09-14 17:20:22 -04:00
Michal Privoznik
3c07693aa2 libvirt.spec: Fix permission even for libvirt-driver-qemu
In my previous patch (37d8c75fad) I've tried to fix permissions
for nvram store path. The aim was to give the nvram directory
execute permission so that domain running under other users
than qemu:qemu can access their nvram file. However, my fix
was incomplete as the path belongs to libvirt-driver-qemu
package too and I've fixed it only for the libvirt-daemon
package.

Reported-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-09-12 09:01:46 +02:00
Michal Privoznik
37d8c75fad nvram: Fix permissions
I've noticed two problem with the automatically created NVRAM varstore
file. The first, even though I run qemu as root:root for some reason I
get Permission denied when trying to open the _VARS.fd file. The
problem is, the upper directory misses execute permissions, which in
combination with us dropping some capabilities result in EPERM.

The next thing is, that if I switch SELinux to enforcing mode, I get
another EPERM because the vars file is not labeled correctly. It is
passed to qemu as disk and hence should be labelled as disk. QEMU may
write to it eventually, so this is different to kernel or initrd.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-09-11 16:16:27 +02:00
Michal Privoznik
742b08e30f qemu: Automatically create NVRAM store
When using split UEFI image, it may come handy if libvirt manages per
domain _VARS file automatically. While the _CODE file is RO and can be
shared among multiple domains, you certainly don't want to do that on
the _VARS file. This latter one needs to be per domain. So at the
domain startup process, if it's determined that domain needs _VARS
file it's copied from this master _VARS file. The location of the
master file is configurable in qemu.conf.

Temporary, on per domain basis the location of master NVRAM file can
be overridden by this @template attribute I'm inventing to the
<nvram/> element. All it does is holding path to the master NVRAM file
from which local copy is created. If that's the case, the map in
qemu.conf is not consulted.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
2014-09-10 09:38:07 +02:00
Jiri Denemark
6209454d5b spec: Fix preun script for daemon
%systemd_preun macro cannot be split into several lines.

https://bugzilla.redhat.com/show_bug.cgi?id=1136736

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2014-09-03 11:56:38 +02:00
Daniel Veillard
2097f7df5f Release of libvirt-1.2.8
* docs/news.html.in libvirt.spec.in: update for release
* po/*.po*: new localizations and regenerate pos
2014-09-02 09:41:09 +02:00
Michal Privoznik
dbb4cbf532 vbox: Register per partes
Since times when vbox moved to the daemon (due to some licensing
issue) the subdrivers that vbox implements were registered, but not
opened since our generic subdrivers took priority. I've tried to fix
this in 65b7d553f3 but it was not correct. Apparently moving
vbox driver registration upfront changes the default connection URI
which makes some users sad. So, this commit breaks vbox into pieces
and register vbox's network and storage drivers first, and vbox driver
then at the end. This way, the vbox driver is registered in the order
it always was, but its subdrivers are registered prior the generic
ones.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-08-27 08:05:25 +02:00
Eric Blake
da5792419c spec: drop anything older than Fedora 13
RHEL 5 is based on libvirt 0.8.2, as was Fedora 13.  RHEL 5 also
happens to be the oldest box that we actively support with a
buildbot, so it is time to clean up some crufty conditionals in
the spec file that no longer are necessary for modern Fedora.

Although it is probably okay to make further simplifications to
a newer minimum Fedora version, that can be done as a later patch.
This patch just focuses on cleaning any comparison of %{?fedora}
that will always be true or false once we assume a minimum of F13.

* libvirt.spec.in: Make with_audit default to on. Move other
conditionals to a single RHEL-5 block. Simplify any fedora
comparison older than 13.  Document our assumptions.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-08-25 13:13:39 -06:00
Martin Kletzander
1e9808d3a1 daemon: use socket activation with systemd
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-08-22 09:12:14 +02:00
Jincheng Miao
3f03398dbe build: force configure failed when perl is missing
Perl is necessary to our build processing, it will invoke a lot of
generating script, like: gendispatch.pl. If perl is missing, it's
ok for build from git checkout, because autogen.sh will tell you.
But for compiling from a release tarball, configure will just record
a missing message, and continue, then build failed, like:
https://www.redhat.com/archives/libvirt-users/2014-August/msg00050.html

So need to enhance configure script to handle this negative case.

Reported-by: Hongbin Lu <hongbin@savinetwork.ca>
Signed-off-by: Jincheng Miao <jmiao@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-08-14 11:28:18 +02:00
Daniel Veillard
21b59b651c Release of libvirt-1.2.7
* docs/news.html.in libvirt.spec.in: update for the release
* po/*.po*: update localizations and regenerate
2014-08-03 08:55:15 -04:00
Cole Robinson
e2e711aeaa spec: arm and aarch64 have kvm support with F20+ 2014-07-25 15:20:50 -04:00
Cole Robinson
6b57c3de0f spec: Use power64 macro
Covers the whole ppc64 family. Example bug for binutils:

https://bugzilla.redhat.com/show_bug.cgi?id=834651
2014-07-25 15:20:13 -04:00
Jiri Denemark
b983742029 spec: Enable sanlock on qemu_kvm_arches for RHEL
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2014-07-23 16:43:30 +02:00
Michal Privoznik
28d54aab05 examples: Introduce domtop
There's this question on the list that is asked over and over again.
How do I get {cpu, memory, ...} usage in percentage? Or its modified
version: How do I plot nice graphs like virt-manager does?

It would be nice if we have an example to inspire people. And that's
what domtop should do. Yes, it could be written in different ways, but
I've chosen this one as I think it show explicitly what users need to
implement in order to imitate virt-manager's graphing.

Note: The usage is displayed from host perspective. That is, how much
host CPUs the domain is using. But it should be fairly simple to
switch do just guest CPU usage if needed.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-07-18 16:39:54 +02:00
Jiri Denemark
d659b412a8 spec: Consolidate with_qemu* definitions
Decisions whether qemu driver and libvirt-daemon-{qemu,kvm} packages
should be built on various OS/arch combinations were scattered around
the spec file. Let's make it easier to see where qemu driver is going to
be built.
2014-07-18 10:07:16 +02:00
Eric Blake
13228b854c spec: fix invalid syntax
Commit 20e01504 broke 'make rpm':

error: line 540: Unknown tag:     %elif 020 >= 12 || 0 >= 6

Apparently, even though shell has elif so that you can do a chain
of conditionals, the rpm spec file does not, and you have to nest
things instead.

* libvirt.spec.in: Convert %elif to proper nested %if.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-07-15 17:11:56 -06:00
Jiri Denemark
20e01504a1 spec: Update polkit dependencies for CVE-2013-4311
Use secured polkit on distros which provide it. However, RHEL-6 will
still allow for older polkit-0.93 rather than forcing polkit-0.96-5
which is not available in all RHEL-6 releases.
2014-07-15 16:34:53 +02:00
Ján Tomko
a3a2080eac Actually fix the spec file
There was a '%' missing before the last {rhel}.
Tested on RHEL-7 this time.
2014-07-09 09:04:15 +02:00
Ján Tomko
f762aaf782 Fix the indentation in libvirt.spec.in
Over 66% of my last commit 66e7061 was not indented properly.
2014-07-08 15:55:31 +02:00
Ján Tomko
66e7061210 Don't require iptables-ipv6 on >= F17 and RHEL >= 7
We only need ip6tables, which is now a part of the iptables package:
http://pkgs.fedoraproject.org/cgit/iptables.git/commit/?h=1392835

This needlessly pulls in iptables-services:
https://bugzilla.redhat.com/show_bug.cgi?id=1101510
which can conflict with firewalld:
https://bugzilla.redhat.com/show_bug.cgi?id=1101484
2014-07-08 15:29:46 +02:00
Michal Privoznik
614581f32b Introduce domain_capabilities
This new module holds and formats capabilities for emulator. If you
are about to create a new domain, you may want to know what is the
host or hypervisor capable of. To make sure we don't regress on the
XML, the formatting is not something left for each driver to
implement, rather there's general format function.

The domain capabilities is a lockable object (even though the locking
is not necessary yet) which uses reference counter.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-07-03 12:22:37 +02:00
Daniel Veillard
b083528e56 Release of libvirt-1.2.6 2014-07-02 13:50:18 +08:00
Daniel P. Berrange
65d8c92a75 Add pkg-config files for libvirt-qemu & libvirt-lxc
For some reason there have never been pkg-config files created
for the libvirt-qemu.so and libvirt-lxc.so libraries.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-06-23 16:17:27 +01:00
Nehal J Wani
baafe668fa Add helper program to create custom leases
Introduce helper program to catch events from dnsmasq and maintain a custom
lease file per network. It supports dhcpv4 and dhcpv6. The file is saved as
"<interface-name>.status".

Each lease contains the following info:
<expiry-time (epoch time)> <mac> <iaid> <ip-address> <hostname> <clientid>

Example of custom leases file content:
[
    {
        "iaid": "1221229",
        "ip-address": "2001:db8:ca2:2:1::95",
        "mac-address": "52:54:00:12:a2:6d",
        "hostname": "Fedora20",
        "client-id": "00:04:1a:c1:d9:6b:5a:0a:e2:bc:f8:4b:1e:37:2e:38:22:55",
        "expiry-time": 1393244216
    },
    {
        "ip-address": "192.168.150.208",
        "mac-address": "52:54:00:11:56:b3",
        "hostname": "Wani-PC",
        "client-id": "01:52:54:00:11:56:b3",
        "expiry-time": 1393244248
    }
]

src/Makefile.am:
   * Add options to compile the helper program

src/network/bridge_driver.c:
   * Introduce networkDnsmasqLeaseFileNameCustom()
   * Invoke helper program along with dnsmasq
   * Delete the .status file when corresponding n/w is destroyed.

src/network/leaseshelper.c
   * Helper program to create the custom lease file
2014-06-02 11:45:10 +01:00
Daniel Veillard
7455be8ea9 Forgot spec changelog in 1.2.5 commit 2014-06-02 09:52:44 +08:00
Jiri Denemark
96eb7523e4 spec: Don't install nonexistent test_libvirt_lockd.aug
test_libvirt_lockd.aug is only generated when qemu driver is enabled.
2014-05-06 14:04:54 +02:00
Jiri Denemark
01cf9effcc spec: sanlock is x86_64 only on RHEL 2014-05-06 14:04:53 +02:00
Daniel Veillard
791fb3f668 Release of libvirt-1.2.4
* docs/news.html.in libvirt.spec.in: updates for release
* po/*.po*: fetched new localization and regenerated
2014-05-04 14:41:29 +08:00
Sahid Orentino Ferdjaoui
b21795bb5b Add a new example to illustrate domain migration
This commit adds a new example to illustrate peer to
peer domain migration with virDomainMigrateToURI.

Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@cloudwatt.com>
2014-04-30 14:29:07 +01:00
Eric Blake
110c0db88c conf: create common storage RNG grammar file
Having two tiny files with a couple definitions didn't make
as much sense as one common file, especially since I plan to
add more definitions and use it in more places.

* docs/schemas/storageencryption.rng: Merge this...
* docs/schemas/storagefilefeatures.rng: ...and this, into...
* docs/schemas/storagecommon.rng: ...this new file.
* docs/schemas/Makefile.am (schema_DATA): Reflect renames.
* docs/schemas/storagevol.rng: Likewise.
* docs/schemas/domaincommon.rng: Likewise.
* libvirt.spec.in: Likewise.
* mingw-libvirt.spec.in: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-04-14 07:07:01 -06:00
Cédric Bosdonnat
ec70f3696f Introduce --without-pm-utils to get rid of pm-is-supported dependency
This uses the dbus api of systemd to check the power management
capabilities of the node.
2014-04-11 15:51:10 -06:00
Daniel Veillard
c53663ccdb Release of libvirt-1.2.3
* docs/news.html.in libvirt.spec.in: update for the release
* po/*.po*: pull updated translations and regenerate
2014-04-01 15:29:53 +08:00
Michael Chapman
9add02a0b0 spec: move some dirs into appropriate subpackages
This commit moves a few directories into more appropriate subpackages.
In a few cases a directory is owned by two subpackages, however this is
OK as long as the permissions and ownership for the directory are
consistent between them.

- %{_sysconfdir}/libvirt/qemu/

  Used by the qemu and network drivers.

  When building with separate driver modules, this directory is only
  owned by l-d-d-network. l-d-d-qemu has a hard dependency on
  l-d-d-network, which means this directory is created with the
  correct permissions and ownership, however it's clearer if both
  subpackages own the directory independently.

- %{_sysconfdir}/libvirt/nwfilter/

  Used by the nwfilter driver only.

  This directory is currently always owned by libvirt-daemon. This
  commit moves it into l-d-d-nwfilter when building with separate
  driver modules.

- %{_localstatedir}/run/libvirt/network/

  Used by the network and nwfilter drivers.

  When building without separate driver modules, this directory is
  should be owned by libvirt-daemon only if either of these drivers
  are enabled. When building with separate driver modules, this
  directory should be owned by l-d-d-nwfilter in addition to
  l-d-d-network.

- %{_datadir}/libvirt/networks/ and
  %{_datadir}/libvirt/networks/default.xml

  Used only by the %post scriptlet in libvirt-daemon-config-network.

Signed-off-by: Michael Chapman <mike@very.puzzling.org>
2014-03-17 16:43:24 +01:00
Jiri Denemark
201082488f spec: Let translations be properly updated
Libvirt tarball contains po/stamp-po file which prevents any po/*.gmo
file to be regenerated even if a corresponding po/*.po file is newer. By
removing the stamp-po file, all *.gmo files are properly updated if
required. This allows downstreams to provide patches that update
translations.
2014-03-06 22:18:11 +01:00
Daniel Veillard
e8684eb541 Release of libvirt-1.2.2
- docs/news.html.in libvirt.spec.in: update for the release
* po/*.po*: update localization and merge
2014-03-02 23:09:45 +08:00
Peter Krempa
1600966749 spec: Fix braces around macros
In commit 72f7658ba2 I've added a few
macros with bad bracing. Although they work as expected fix them so that
we use uniform syntax.
2014-02-26 14:31:30 +01:00
Eric Blake
dea81f40ec spec: make systemd_daemon usage configurable
On Fedora 20, I added this to my '~/.rpmmacros':

%_without_udev 1
%_without_storage_mpath 1
%_without_storage_disk 1

and uninstalled systemd-devel (which also removed device-mapper-devel).
Then I ran 'make rpm', and inspected the results:

$ ldd ~/rpmbuild/BUILD/libvirt-1.2.2/daemon/.libs/libvirtd | grep syst
$

Then I reinstalled systemd-devel, where I now see:

$ ldd ~/rpmbuild/BUILD/libvirt-1.2.2/daemon/.libs/libvirtd | grep syst
  libsystemd-daemon.so.0 => /lib64/libsystemd-daemon.so.0 (0x00007ffb858ba000)
$

Oops - the build is non-deterministic, where the final binary
depends on my build environment.  The fix is to require
systemd-devel in all situations where the code base uses it.
Now ~/.rpmmacros can contain "%define _without_systemd_daemon 1"
to explicitly disable use of the library, but the library is now
a strict build requirement for normal builds; if systemd-devel
is not installed, the user now gets an up-front warning:

$ rpmbuild -ta libvirt-1.2.2.tar.gz
error: Failed build dependencies:
       systemd-devel is needed by libvirt-1.2.2-1.fc20.x86_64

* libvirt.spec.in (with_systemd_daemon): New variable.
(BuildRequires): Require systemd-devel for more than just udev.
(%configure): Make choice of systemd_daemon explicit.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-02-26 06:02:57 -07:00
Eric Blake
7cac3afa50 spec: require device-mapper-devel for storage-disk
On Fedora 20, with the following in my ~/.rpmmacros:

%_without_udev 1
%_without_storage_mpath 1

and with device-mapper-devel uninstalled, 'make rpm' fails with:

checking for libdevmapper.h... no
configure: error: You must install device-mapper-devel/libdevmapper >= 1.0.0 to compile libvirt
error: Bad exit status from /var/tmp/rpm-tmp.Wo9pOG (%build)

This is a rather late point to be issuing an error; better is
to flag missing packages up front.  The fix is to match the logic
in configure.ac on when devmapper is required (for both mpath and
storage).  While at it, rbd storage is not dependent on mpath.
With this patch applied, I now get:

$ rpmbuild -ta libvirt-1.2.2.tar.gz
error: Failed build dependencies:
       device-mapper-devel is needed by libvirt-1.2.2-1.fc20.x86_64

until either installing the package or further modifying
~/.rpmmacros to add "%_without_storage_disk 1".

* libvirt.spec.in (BuildRequires): Fix build when mpath is
disabled.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-02-26 06:02:06 -07:00
Eric Blake
fa2939986d spec: explicitly avoid bhyve on Linux
Generally, we try to make the spec file tweakable via user
variables, so that they can select a different subset of sub-rpms
to build.  We also try to explicitly list all driver config
options, rather than leaving the chance that the rpm build may be
non-deterministic based on what the user had installed locally.
But in the case of the recent bhyve hypervisor driver, there is
no port of bhyve to Linux, so it is easier to just blindly
disable it for now.  If someone ever does try to port bhyve to
Fedora, we can make the spec file conditional at that point.

* libvirt.spec.in (%configure): Don't try to build bhyve.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-02-26 06:00:56 -07:00
Peter Krempa
72f7658ba2 spec: Use correct versions of libgfapi in RHEL builds
RHEL still uses the 3.4.0 package of libgfapi and the package is built
only for x86_64.
2014-02-26 13:24:45 +01:00