This bumps the release number of 2.0.0, to reflect the switch to
a new time based release versioning scheme. The downloads page
is updated to describe our policies for release schedules and
release version numbering
The stable release docs are changed to reflect the fact that
the stable version numbers are now just 3 digits long instead
of 4.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Currently libvirt calls gnutls_set_default_priority()
which on old systems resolves to "NORMAL" while new
systems it resolves to "@SYSTEM". Either way, this
is a global default that is identical across all apps.
We want to allow distros to flexibility to define a
custom default string for libvirt priority, so add
a --tls-priority=STRING flag to configure to enable
this to be set.
It is expected that distros would use this when creating
RPM/Deb/etc packages, according to their preferred crypto
handling policies.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
We need to use the gnutls_priority_set_direct method which
was not introduced until 2.1.7, so bump version to 2.2.0
which is the first stable release with it included. This
release dates from Dec 2007 so it is reasonable to ditch
support for the 1.x.x series for gnutls releases entirely.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
The sd_notify method is used to tell systemd when libvirtd
has finished starting up. All it does is send a datagram
containing the string parameter to systemd on a UNIX socket
named in the NOTIFY_SOCKET environment variable. Rather than
pulling in the systemd libraries for this, just code the
notification directly in libvirt as this is a stable ABI
from systemd's POV which explicitly allows independant
implementations:
See "Reimplementable Independently" column in the
"$NOTIFY_SOCKET Daemon Notifications" row:
https://www.freedesktop.org/wiki/Software/systemd/InterfacePortabilityAndStabilityChart/
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1314881
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
There is a lot to explain, but I try to make it as short as
possible. I'd start by pasting some parts of sys/stat.h:
extern int stat (const char *__restrict __file,
struct stat *__restrict __buf) __THROW __nonnull ((1, 2));
extern int __REDIRECT_NTH (stat, (const char *__restrict __file,
struct stat *__restrict __buf), stat64)
__nonnull ((1, 2));
__extern_inline int
__NTH (stat (const char *__path, struct stat *__statbuf))
{
return __xstat (_STAT_VER, __path, __statbuf);
}
Only one of these is effective at once, due to some usage of
the mess we are dealing with in here. So, basically, while
compiling or linking stat() in our code can be transformed into
some other func. Or a dragon.
Now, if you read stat(2) manpage, esp. "C library/kernel
differences" section, you'll learn that glibc uses some tricks
for older applications to work. I haven't gotten around actual
code that does this, but based on my observations, if 'stat'
symbol is found, glibc assumes it's dealing with ancient
application. Unfortunately, it can be just ours stat coming from
our mock. Therefore, calling stat() from a test will end up in
our mock. But since glibc is not exposing the symbol anymore, our
call of real_stat() will SIGSEGV immediately as the pointer to
function is NULL. Therefore, we should expose only those symbols
we know glibc has.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Introduce virCryptoHaveCipher and virCryptoEncryptData to handle
performing encryption.
virCryptoHaveCipher:
Boolean function to determine whether the requested cipher algorithm
is available. It's expected this API will be called prior to
virCryptoEncryptdata. It will return true/false.
virCryptoEncryptData:
Based on the requested cipher type, call the specific encryption
API to encrypt the data.
Currently the only algorithm support is the AES 256 CBC encryption.
Adjust tests for the API's
Commit id 'df1011ca8' modified virStorageBackendDiskDeleteVol to use
"dmsetup remove --force" to remove the volume, but left things in an
inconsistent state since the partition still existed on the disk and
only the device mapper device (/dev/dm-#) was removed.
Prior to commit '1895b421' (or '1ffd82bb' and '471e1c4e'), this could
go unnoticed since virStorageBackendDiskRefreshPool wasn't called.
However, the pool would be unusable since the /dev/dm-# device would
be removed even though the partition was not removed unless a multipathd
restart reset the link. That would of course make the volume appear again
in the pool after a refresh or pool start after libvirt reload.
This patch removes the 'dmsetup' logic and re-implements the partition
deletion logic for device mapper devices. The removal of the partition
via 'parted rm --script #' will cause udev device change logic to allow
multipathd to handle removing the dm-* device associated with the partition.
In LIBXL_API_VERSION 0x040400, the libxl_domain_create_restore API
gained a parameter for specifying restore parameters. Switch to
using version 0x040400, which will be useful in a subsequent commit
to specify the Xen migration stream version when restoring.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Most distributions, including RHEL, have switched to systemd,
so we should detect it and act accordingly. This also means
that 'systemd+redhat' should be preferred to legacy 'redhat'.
Our witness for the check is the availability of the systemctl
command on the host.
If we didn't find a match, either because we're cross compiling
or because we're not building on RHEL, we won't install any
init script.
Make sure this is reported correctly in the configure summary.
So in glibc-2.23 sys/sysmacros.h is no longer included from sys/types.h
and we don't build because of the usage of major/minor/makedev macros.
Autoconf already has AC_HEADER_MAJOR macro that check where exactly
these functions/macros are defined, so let's use that.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
To ensure the libvirt libxl driver will build with future versions
of Xen where the libxl API may change in incompatible ways,
explicitly use LIBXL_API_VERSION 0x040200. The libxl driver
does use new libxl APIs that have been added since Xen 4.2, but
currently it does not make use of any changes made to existing
APIs such as libxl_domain_create_restore or libxl_set_vcpuaffinity.
The version can be bumped if/when the libxl driver consumes the
changed APIs.
Further details can be found in the following discussion thread
https://www.redhat.com/archives/libvir-list/2016-April/msg00178.html
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
The reason for this is to fix the automatic rebuild of libvirt-common.h.in.
All *.in files should be automatically rebuilt each time they're modified.
It works well for makefiles and pkgconfig files, since they do have a valid
dependency in the top-level Makefile. However, with libvirt-common.h.in
there is no dependency in the top-level Makefile and there's no need for it
either, so this rule
include/libvirt/libvirt-common.h: $(top_builddir)/config.status \
$(top_srcdir)/include/libvirt/libvirt-common.h.in
cd $(top_builddir) && $(SHELL) ./config.status $@
is never hit and should be moved to include/Makefile, but that's automake's
job. According to GNU automake docs:
"Files created by AC_CONFIG_FILES, be they
Automake Makefiles or not, are all removed by ‘make distclean’. Their inputs
are automatically distributed, unless they are the output of prior
AC_CONFIG_FILES commands. Finally, rebuild rules are generated in the Automake
Makefile existing in the subdirectory of the output file, if there is one, or
in the top-level Makefile otherwise."
Which means that if we want to have the rule for libvirt-common.h automatically
generated by automake, the include/Makefile.am needs to be moved into libvirt/
subdirectory and $SUBDIRS in the top-level Makefile need to be adjusted as
well. This patch moves Makefile.am from include/ to include/libvirt, adjusting
the prefixes accordingly as well as updates the top-level Makefile $SUBDIRS to
properly hint automake to generate all rules at proper places.
Best way to see the changes, use -M with 'git show'.
Signed-off-by: Erik Skultety <eskultet@redhat.com>
virt-host-validate, just like virt-login-shell, doesn't make sense
on Windows, so we should avoid building it.
Make the tool optional and build it by default on all platforms
except Windows, erroring out if the user attempts to build it
anyway.
Checking for the availability of this header, just like checking
for the availability of gnutls_rnd(), requires CFLAGS and LIBS to
be set appropriately.
Fixes the following compilation errors on FreeBSD:
qemu/qemu_domain.c:640:16: error: implicit declaration of function
'gnutls_rnd' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
if ((ret = gnutls_rnd(GNUTLS_RND_RANDOM, key, nbytes)) < 0) {
^
qemu/qemu_domain.c:640:27: error: use of undeclared identifier
'GNUTLS_RND_RANDOM'; did you mean 'GNUTLS_CRD_ANON'?
if ((ret = gnutls_rnd(GNUTLS_RND_RANDOM, key, nbytes)) < 0) {
^~~~~~~~~~~~~~~~~
GNUTLS_CRD_ANON
Our use of gnutls_rnd(), introduced with commit ad7520e8, is
conditional to the availability of the <gnutls/crypto.h> header
file.
Such check, however, turns out not to be strict enough, as there
are some versions of GnuTLS (eg. 2.8.5 from CentOS 6) that provide
the header file, but not the function itself, which was introduced
only in GnuTLS 2.12.0.
Introduce an explicit check for the function.
The variables used for storing CFLAGS and LIBS before temporarily
modifying them was consistent when it comes to the name, but not
when it comes to the case.
Make sure names are completely consistent.
The previous value of CFLAGS was saved as old_cflags but later
restored from old_CFLAGS, which is clearly not correct.
Restore CFLAGS from the right variable.
Name Service Switch is a glibc feature responsible for many
things. Translating domain names into IP addresses and vice versa
is just one of them. However, currently it's the only
functionality that this commit is tickling. Well, in this commit
the plugin skeleton is introduced. Implementation to come in next
patches.
Because of the future testing, where the implementation is to be
linked with a test, this needs to go into static library. Linking
a program with an .so statically is not portable. Therefore a
dummy libnss_libvirt_impl library is being introduced too.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
We include the file in plenty of places. This is mostly due to
historical reasons. The only place that needs something from the
header file is storage_backend_fs which opens _PATH_MOUNTED. But
it gets the file included indirectly via mntent.h. At no other
place in our code we need _PATH_.*. Drop the include and
configure check then.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
ZFS-on-Linux implementation of ZFS starting with version 0.6.4
contains all the features we use. Additionally, as we support
'volmode' option handling that's not available on ZoL but is
available on FreeBSD, there is no need to block ZFS storage driver
on Linux anymore.
So un-mark zfs storage driver as FreeBSD-only.
OpenBSD uses 'struct sockpeercred' instead of 'struct ucred'. Add a
configure check that detects its presence and use if in the code that
could be compiled on OpenBSD.
Signed-off-by: Roman Bogorodskiy <bogorodskiy@gmail.com>
Using one Makefile per example subdirectory essentially serializes 'make'
calls. Convert to one example/Makefile that builds and distributes
all the subdir files. This reduces example/ rebuild time from about 5.8
seconds to 1.5 seconds on my machine.
One slight difference is that we no longer ship Makefile.am with the
examples in the rpm. This was virtually useless anyways since the Makefile
was very specific to libvirt infrastructure, so wasn't generically
reusable anyways.
Tested with 'make distcheck' and 'make rpm'
This function can be used to retrieve the current locked memory
limit for a process, so that the setting can be later restored.
Add a configure check for getrlimit(), which we now use.
Cygwin cannot build the vbox driver yet:
CC vbox/libvirt_driver_vbox_impl_la-vbox_glue.lo
In file included from vbox/vbox_glue.c:27:0:
vblox/vbox_XPCOMCGlue.c:63:3: error: #error "Port me"
# error "Port me"
^
In file included from vbox/vbox_XPCOMCGlue.c:45:0,
from vbox/vbox_glue.c:27:
vbox/vbox_XPCOMCGlue.c: In function 'tryLoadOne':
vbox/vbox_XPCOMCGlue.c:98:46: error: 'DYNLIB_NAME' undeclared (first use in this function)
if (virAsprintf(&name, "%s/%s", dir, DYNLIB_NAME) < 0)
^
./util/virstring.h:245:31: note: in definition of macro 'virAsprintf'
strp, __VA_ARGS__)
^
Rather than trying to figure out how to get dynamic loading of
vbox to work under cygwin (since I don't even have a working vbox
setup to test whether it works), I'm going to be lazy and just
default to not even trying vbox on cygwin.
Upstream Xen is in the process of splitting the (stable API) xtl_*
interfaces out from the (unstable API) libxenctrl library and into a
new (stable API) libxentoollog.
In order to be compatible with Xen both before and after this
transition check for xtl_createlogger_stdiostream in a libxentoollog
library and use it if present. If it is not present assume it is in
libxenctrl.
Compile tested on Xen 4.6 and a development tree with the split in
place.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
As it turned out, we need to share some enums and declarations between
libvirt.h and libvirt-admin.h, but since our policy forbids direct includes of
libvirt*.h, there has to be some header exempt from this rule. This patch moves
the relevant part of code from libvirt.h.in to libvirt-common.h.in. Moreover,
since there is no need to have libvirt.h generated anymore, introduce a new
header libvirt.h which was previosly ignored from git and make the common
header ignored and generated instead.
For openSUSE the qemu-bridge-helper is installed in /usr/lib
So libvirt has to search it in this directory.
Signed-off-by: Michel Normand <normand@linux.vnet.ibm.com>
So, our mingw build is broken. It's because while libvirt_shell
library is using some of our internal APIs, e.g. virStrndup, and
readline API but it's not being linked with nor libvirt.la nor
libreadline. Only subsequent users of the library, like virsh,
do link to the needed libraries. In fact, I'm surprised Linux
linker doesn't care, because how can it make a static library
with missing symbols is mystery to me.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
This reverts commit e5470dd0e0a5be02cbf18a882cfc676b39d1c1a5.
This has been ACK'd by the original author in the original mail thread:
https://www.redhat.com/archives/libvir-list/2015-September/msg00310.html
The reason to revert this is due to the patch breaking the generation of
internal subsites. The original issue still needs to be dealt with,
though.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Creating ACL rules is not exactly easy and existing examples are pretty
simple. This patch adds a somewhat complex example which defines several
roles. Admins can do everything, operators can do basic operations
on any domain and several groups of users who act as operators but only
on a limited set of domains.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>