This replaces use of 'rpcgen' with our new python impl of
the RPC code generator. Since the new impl generates code
that matches our style/coding rules, and does not contain
long standing bugs, we no longer need to post-process the
output.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This adds a lexer capable of handling the XDR protocol files.
The lexical rquirements are detailed in
https://www.rfc-editor.org/rfc/rfc4506#section-6.2
pytest is introduced as a build dependancy for testing python
code.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
commit v9.8.0-40-g7cbd8c4230 changed the name of the option that
enables/disables nbdkit support in the build from "libnbd" to
"nbdkit", but one use of "libnbd=disabled" was missed in
libvirt.specfile.in - the meson commandline for mingw.
This patch changes that line to "-Dnbdkit=disabled", thus unbreaking
the rpm build.
Resolves: https://gitlab.com/libvirt/libvirt/-/issues/550
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Currently, nbdkit support will automatically be enabled as long as
the pidfd_open(2) syscall is available. Optionally, libnbd is used
to generate more user-friendly error messages.
In theory this is all good, since use of nbdkit is supposed to be
transparent to the user. In practice, however, there is a problem:
if support for it is enabled at build time and the necessary
runtime components are installed, nbdkit will always be preferred,
with no way for the user to opt out.
This will arguably be fine in the long run, but right now none of
the platforms that we target ships with a SELinux policy that
allows libvirt to launch nbdkit, and the AppArmor policy that we
maintain ourselves hasn't been updated either.
So, in practice, as of today having nbdkit installed on the host
makes network disks completely unusable unless you're willing to
compromise the overall security of the system by disabling
SELinux/AppArmor.
In order to make the transition smoother, provide a convenient
way for users and distro packagers to disable nbdkit support at
compile time until SELinux and AppArmor are ready.
In the process, detection is completely overhauled. libnbd is
made mandatory when nbdkit support is enabled, since availability
across operating systems is comparable and offering users the
option to make error messages worse doesn't make a lot of sense;
we also make sure that an explicit request from the user to
enable/disable nbdkit support is either complied with, or results
in a build failure when that's not possible. Last but not least,
we avoid linking against libnbd when nbdkit support is disabled.
At the RPM level, we disable the feature when building against
anything older than Fedora 40, which still doesn't have the
necessary SELinux bits but will hopefully gain them by the time
it's released. We also allow nbdkit support to be disabled at
build time the same way as other optional features, that is, by
passing "--define '_without_nbdkit 1'" to rpmbuild. Finally, if
nbdkit support has been disabled, installing libvirt will no
longer drag it in as a (weak) dependency.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com>
Require libnbd-devel when building the qemu driver, recommend nbdkit
packages.
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
The libvirt package is a sort of catch-all that brings in all
daemon drivers as well as the client package, so it makes sense
for it do drag in the QEMU-specific clients as well.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
A default deployment on modern distros uses modular daemons but
switching back to the monolithic daemon, while not recommended,
is still considered a perfectly valid option.
For a monolithic daemon deployment, the upgrade to libvirt 9.2.0
or newer works as expected; a subsequent call to dnf autoremove,
however, results in the libvirt-daemon package being removed and
the deployment no longer working.
In order to avoid that situation, mark the libvirt-daemon as
recommended.
This will unfortunately result in it being included in most
installations despite not being necessary, but considering that
the alternative is breaking existing setups on upgrade it feels
like a reasonable tradeoff.
Moreover, since the dependency on libvirt-daemon is just a weak
one, it's still possible for people looking to minimize the
footprint of their installation to manually remove the package
after installation, mitigating the drawbacks of this approach.
https://bugzilla.redhat.com/show_bug.cgi?id=2232805
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
The name of the virtsecretd daemon was misspelled, resulting
in multiple errors during installation:
Running scriptlet: libvirt-daemon-driver-secret-9.5.0-6.el9.x86_64
Failed to preset unit: Unit file virsecretd.socket does not exist.
Failed to preset unit: Unit file virsecretd-ro.socket does not exist.
Failed to preset unit: Unit file virsecretd-admin.socket does not exist.
Failed to preset unit: Unit file virsecretd.service does not exist.
Spell the name correctly.
https://bugzilla.redhat.com/show_bug.cgi?id=2236057
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
For historical reasons (i.e. unknown reason) we put channel
sockets into a path derived from cfg->libDir which is a path that
survives host reboots (e.g. /var/lib/libvirt/...). This is not
necessary and in fact for session daemon creates a longer prefix:
XDG_CONFIG_HOME -> /home/user/.config
XDG_RUNTIME_DIR -> /run/user/1000
Worse, if host is rebooted suddenly (e.g. due to power loss) then
we leave files behind and nobody will ever remove them.
Therefore, place the channel target dir into state dir.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2173980
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
A <channel/> device is basically an UNIX socket into guest.
Whatever is sent from the host, appears in the guest and vice
versa. But because of that, the length of the path to the socket
is important (underscored by fact that we derive the path from
domain short name). But there are still cases where we might not
fit into UNIX_PATH_MAX limit (usually 108 characters), because
the path is derived also from other variables, e.g.
XDG_CONFIG_HOME for session domains.
There are two components though, that are needless: "/target/"
and "domain-" prefix. Drop them. This is safe to do, because
running domains have their path saved in status XML and even
though paths are dropped on migration, they are not part of guest
ABI and thus we are free to change them.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
In most cases the replacement is straightforward, with the
biggest difference being that we now schedule restarts during
%pre instead of %post. This also means that we can get rid of
%post for most packages, reducing the number of scriptlets that
need to run during install/upgrade.
Notable exceptions are libvirt-guests.service, where we stop
using the standard systemd macros to adopt our custom ones, as
well as the virtlogd and virtlockd services, where the reload
operation is moved from %postun to %posttrans.
https://bugzilla.redhat.com/show_bug.cgi?id=2210058
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
systemd provides a number of standard RPM macros but they don't
quite satisfy our requirements, as evidenced by the fact that we
have already built some custom tooling around them.
Scenarios that the standard macros don't cover and that we're
already addressing with our custom ones:
* for some services (libvirtd, virtnetworkd, virtnwfilterd)
there are multiple conditions that might lead to a restart,
and we want to make sure that they're not needlessly
restarted several times per transaction;
* some services (virtlogd, virtlockd) must not be restarted
during upgrade, so we have to reload them instead.
Issues that neither the standard macros nor our custom ones
address:
* presets for units should be applied when the unit is first
installed, not when the package that contains it is.
The package split that happened in 9.1.0 highlighted why this
last point is so important: when virtproxyd and its sockets
were moved from libvirt-daemon to the new libvirt-daemon-proxy
package, upgrades from 9.0.0 caused presets for them to be
applied.
On a platform such as Fedora, where modular daemons are the
default, this has resulted in breaking existing deployments in
at least two scenarios.
The first one is machines that were configured to use the
monolithic daemon, either because the local admin had manually
changed the configuration or because the installation dated
back to before modular daemons had become the default. In this
case, virtproxyd.socket being enabled resulted in a silent
conflict with libvirtd.socket, which by design shares the same
path, and thus a completely broken setup.
The second one is machines where virtproxy-tls.socket, which is
disabled by default, had manually been enabled: in this case,
applying the presets resulted in it being disabled and thus a
loss of remote availability.
Note that these are just two concrete scenarios, but the problem
is more generic. For example, if we were to add more units to an
existing package, per the current approach they wouldn't have
their presets applied.
The new macros are designed to avoid all of the pitfalls
mentioned above. As a bonus, they're also simpler to use: where
the current approach requires restarts and other operations to
be handled separately, the new one integrates the two so that,
for each scriptlet, a single macro call is needed.
https://bugzilla.redhat.com/show_bug.cgi?id=2210058
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
This logic was necessary when socket activation was introduced
in libvirt 5.6.0/5.7.0 in order to guarantee smooth upgrades.
These days, even the oldest platform that we target ships a
version of libvirtd that implements socket activation, so the
additional code is no longer useful and we can treat libvirtd
the same as all other services.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
The current implementation pretty much assumes that targets
where modular daemons are the default will stick with that
configuration, as will targets where they're not, or that
changes to these defaults will be performed by the admin after
the packages have been installed.
This is unnecessarily limiting: for example, on a target that
defaults to using the monolithic daemon, it's entirely possible
to create a local preset such as
# /etc/systemd/system-preset/00-virt.preset
disable libvirtd.service
disable libvirtd*.socket
enable virtqemud.service
to opt into a modular daemon deployment. The opposite is of
course also true. We shouldn't get in the way of these
reasonable use cases.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
To make things more readable, use the same order (%pre, %post,
%posttrans, %preun, %postun) everywhere.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
According to our platform support policy, now that Fedora 38 is
out we no longer target Fedora 36 and older. This allows us to
simplify a few conditionals.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
It's not used as part of the build process or searched for at
build time, and the QEMU driver detects its path at runtime,
so one could think that the BuildRequires is unnecessary. But
we actually need it to be present at build time in order to
run the full test suite.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
The default would already work fine for Fedora and RHEL, but
it's better to be explicit.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Now that we have SELinux support for passt, we want things to
work out of the box and that requires having the passt-specific
SELinux bits installed.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
The RPM automatic deps generator for python does not pick these up
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Remove the libvirt-daemon dependency from the various
libvirt-daemon-<hypervisor> subpackages, replacing it with a set of the
new sub subpackages providing similar functionality. When libvirt is build
with modular daemons, the hypervisor subpackages no longer include the
traditional, monolithic libvirt daemon.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
To avoid needlessly installing the monolithic daemon, replace the
libvirt-daemon dependency with libvirt-daemon-common in the primary
drivers.
The qemu driver also needs a dependency on libvirt-daemon-log since
the virtqemud systemd service file has a hard dependency on
virtlogd.socket.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
To avoid needlessly installing the monolithic daemon, replace the
libvirt-daemon dependency with libvirt-daemon-common in the secondary
drivers. The common subpackage contains all the utilities and files
needed by the secondary drivers.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Both drivers use numad via virNumaGetAutoPlacementAdvice. Drop the numad
dependency from libvirt-daemon-common to avoid enforcing it all users of
the subpackage.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Only the nodedev and lxc drivers require module-init-tools. Remove the
dependency from libvirt-daemon-common and add it to the nodedev and lxc
drivers. This avoids enforcing the dependency on all users of
libvirt-daemon-common.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Introduce a new subpackage libvirt-daemon-common and move virt-admin,
virt-host-validate, virt-ssh-helper, libvirt-guests and miscellaneous
files/directories to it. Also move common dependencies to the new
subpackage. These files, utilities, and dependecies are used by other
core libvirt daemons
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
The new name "libvirt-daemon-plugin-sanlock" provides consistency with the
newly introduced "libvirt-daemon-plugin-lockd" subpackage.
It's also a good opportunity to taking ownership of
%{_libdir}/libvirt/lock-driver/, removing the need for a dependency on the
libvirt-daemon package.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Introduce the libvirt-daemon-plugin-lockd subpackage to provide the
client-side lockd plugin for virtlockd.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Note that with the introduction of SPDX, Fedora no longer wants
maintainers to do effective license analysis, hence we now list
all the licenses that are applicable to the binary package
contents
https://docs.fedoraproject.org/en-US/legal/license-field/#_no_effective_license_analysis
Note, we can still omit licenses that are only applicable to
the build system.
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The %posttrans phase has a special case for upgrading libvirt daemon
with --listen, but it forgot to also restart the daemon in order to
run the new installed version.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1820437
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
The only reason we need it at build time is to find its location in
$PATH so it can be hardcoded into the libvirt binary (and avoid the
possibility of someone adding in a malicious binary somewhere earlier
in the path, I guess).
Only 'recommend' passt during installation though, since it is not
needed unless someone is actually using it.
There is no need to add in a build-time "WITH_PASST" option (IMO),
since it adds very little to the size of the code - "PASST" (the path
to the binary) will just be set to "passt", so if someone does manage
to build and install passt on an older version of Fedora or RHEL, it
will still work (as long as it's installed somewhere in the path).
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
The storage-backend/ and storage-file/ directories are currently
considered unowned by RPM. Have the libvirt-daemon package take
ownership of them, just as it already owns the connection-driver/
and lock-driver/ directories.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
We currently list the locale file paths via a wildcard in %files, but the
normal pattern for mingw RPMs in Fedora is to use %mingw_find_lang.
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The spec file contains inconsistent use of blank lines. While trying to
make significant changes to the file, I found it hurts both readability
and maintainability. Remove blank lines that interrupt the overall flow
and consistency.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
The spec file uses both "libvirt" and "%{name}", but in reality the
expanded value of %{name} will never change. Drop the macro in favor
of the explicit and more readable "libvirt".
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Remove %triggerpostun for the daemon package. Upgrades from
libvirt < 1.3.0 are now unlikely.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
The virt-qemu-sev-validate program will compare a reported SEV/SEV-ES
domain launch measurement, to a computed launch measurement. This
determines whether the domain has been tampered with during launch.
This initial implementation requires all inputs to be provided
explicitly, and as such can run completely offline, without any
connection to libvirt.
The tool is placed in the libvirt-client-qemu sub-RPM since it is
specific to the QEMU driver.
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The libvirt-daemon subpackage contains libvirt-guests.sh script (used by
libvirt-guests service), which requires virsh to actually work. But
since dynamic libraries were separated from libvirt-client to
libvirt-libs more than 6 years ago, libvirt-daemon no longer requires
virsh to be installed. So unless libvirt-client is explicitly installed
(either manually or by installing the libvirt meta package),
libvirt-guests will not work.
Just adding libvirt-client as a dependency of libvirt-daemon would go
against the original idea behind splitting libvirt-client: users may not
want to install or use any client binaries on the host where the daemon
runs (either they just use various language bindings or access the
daemon remotely). To solve this we could possibly turn libvirt-daemon
into an empty package and separate the daemons and libvirt-guests into
subpackages to make sure we support both use cases, but marking
libvirt-client as Recommended for libvirt-daemon does the same job in a
much simpler way.
https://bugzilla.redhat.com/show_bug.cgi?id=2136591
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
This zone will be used for the routed network by default.
Note that this zone definition omits "forward" aka intra-zone
forwarding, because it requires firewalld >= 0.9.0.
Signed-off-by: Eric Garver <eric@garver.life>
Reviewed-by: Laine Stump <laine@redhat.com>
The %{release} part of the requirement is just wrong as python bindings
are not rebuilt anytime libvirt release is increased, which means the
client-qemu package may require nonexistent release of python bindings.
The %{version} part is not wrong, but it's too strict for no reason as
the virt-qemu-qmp-proxy script will work happily even with ancient
python bindings. And since all distros supported by libvirt.spec already
contain python3-libvirt, we can depend on the first package called this
way.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Bump the minimal required version to 0.56.0. Looking into our CI
this is the oldest version we install.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Libvirt provides QMP passthrough APIs for the QEMU driver and these are
exposed in virsh. It is not especially pleasant, however, using the raw
QMP JSON syntax. QEMU has a tool 'qmp-shell' which can speak QMP and
exposes a human friendly interactive shell. It is not possible to use
this with libvirt managed guest, however, since only one client can
attach to the QMP socket at any point in time. While it would be
possible to configure a second QMP socket for a VM, it may not be
an known requirement at the time the guest is provisioned.
The virt-qmp-proxy tool aims to solve this problem. It opens a UNIX
socket and listens for incoming client connections, speaking QMP on
the connected socket. It will forward any QMP commands received onto
the running libvirt QEMU guest, and forward any replies back to the
QMP client. It will also forward back events.
$ virsh start demo
$ virt-qmp-proxy demo demo.qmp &
$ qmp-shell demo.qmp
Welcome to the QMP low-level shell!
Connected to QEMU 6.2.0
(QEMU) query-kvm
{
"return": {
"enabled": true,
"present": true
}
}
Note this tool of course has the same risks as the raw libvirt
QMP passthrough. It is safe to run query commands to fetch information
but commands which change the QEMU state risk disrupting libvirt's
management of QEMU, potentially resulting in data loss/corruption in
the worst case. Any use of this tool will cause the guest to be marked
as tainted as an warning that it could be in an unexpected state.
Since this tool introduces a python dependency it is not desirable
to include it in any of the existing RPMs in libvirt. This tool is
also QEMU specific, so isn't appropriate to bundle with the generic
tools. Thus a new RPM is introduced 'libvirt-clients-qemu', to
contain additional QEMU specific tools, with extra external deps.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
We should explicitly depend on this package as we use some macros
defined by files that are installed from systemd-rpm-macros.
Currently the build works only because some of our other build
dependencies pull in systemd which will install systemd-rpm-macros if
rpm-build is installed as well.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
rpmbuild is complaining it's not recommended to have unversioned
Obsoletes. On the other hand using dynamic version/release is a bit too
much as we know in which release a particular subpackage was removed.
Let's just use the corresponding version in both cases to be consistent
with all other Obsoletes in our spec file.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
According to repology.org:
RHEL-8: 0.9.4
RHEL-9: 0.9.6
Debian 11: 0.9.5
openSUSE Leap 15.3: 0.8.7
Ubuntu 20.04: 0.9.3
And the rest of distros has something newer anyways. Requiring
0.8.1 or newer allows us to drop the terrible hack where we
rename functions at meson level using #define. Note, 0.8.0 is
the version of libssh where the rename happened. It also allows
us to stick with SHA-256 hash algorithm for public keys.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
The sheepdog project is unmaintained, with last commit in 2018 and
numerous unanswered issues reported.
Remove the libvirt storage driver support for it to follow the removal
of the client support in qemu.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Claudio Fontana <cfontana@suse.de>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Upstream will be dropping the sheepdog storage backend, so we need to
stop building the package and obsolete it.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Claudio Fontana <cfontana@suse.de>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
One specfile containing both native and mingw builds is the
new best practice for Fedora. This reduces the maint burden
and ensures the mingw packages don't fall behind.
Note this adds many more BuildRequires for anyone building
on Fedora, which will now need installing.
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The %posttrans scriptlet checks if libvirtd is active within a
condition that is only executed if libvirtd is active. Remove the
duplicate check.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
The documentation included in these manual pages is mostly useful
to users of the 'send-key' virsh command, and the virsh manual
page refers to them, so it makes more sense to install them along
with virsh instead of libvirtd.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
This has two advantages: it makes it possible for the admin to
ask rpm what package they belong to, and results in them ending
up with stricter permissions than they would have if we let
libvirt create them at runtime.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
The server, not the client, uses local storage.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Files like libvirt.conf influence the behavior of the library
itself. The daemon depends on the library, so the directory is
guaranteed to be present both on the client side and on the
server side.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
autotools used to produce those, but meson doesn't.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
'daemon-driver-storage' is just a meta-package, the actual daemon is in
the 'daemon-driver-storage-core' package, so without installing the meta
package the storage daemon is not being enabled.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2025644
Fixes: 50eae3f885, b8ef625544
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
It's been an optional build time dependency for a long time, so
if Meson couldn't find it the only consequence was that libvirt
would look for it at runtime instead, which is what we are doing
for most of our non-library dependencies anyway.
Since 5c98d1cee0 we've stopped even looking for it at build
time, so there's no point in having it installed in the build
environment.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
sysconfig files are owned by the admin of the host. They have the
liberty to put anything they want into these files. This makes it
difficult to provide different built-in defaults.
Remove the sysconfig file and place the current desired default into
the service file.
Local customizations can now go either into /etc/sysconfig/name
or /etc/systemd/system/name.service.d/my-knobs.conf
Attempt to handle upgrades in libvirt.spec.
Dirty files which are marked as %config will be renamed to file.rpmsave.
To restore them automatically, move stale .rpmsave files away, and
catch any new rpmsave files in %posttrans.
Signed-off-by: Olaf Hering <olaf@aepfle.de>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
While sections are somewhat loosely defined and thus the choice
is not quite a clear-cut one, section 8 might be a slightly
better fit in this case.
Suggested-by: Olaf Hering <olaf@aepfle.de>
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
We don't usually provide manual pages for internal tools,
but in the case of virt-ssh-helper the command is installed
inside the default $PATH and so it's likely that the user
will stumble upon it by using the shell's completion feature
when invoking another virt-* command, which makes it a good
idea to provide at least a minimal manual page.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
We no longer need its contents.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Neal Gompa <ngompa13@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
We're no longer performing build time detection.
Fixes: 506c3a39d6
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
It is only needed if compatibility with clients that have
libvirt < 6.9.0 is required, and can be uninstalled otherwise.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Reduce the delta in an upcoming change.
No change in behavior intended.
Signed-off-by: Olaf Hering <olaf@aepfle.de>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
Fixes: 50eae3f885
Signed-off-by: Olaf Hering <olaf@aepfle.de>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
These daemons do not have any support for unprivileged readonly
access, so we must not reference -ro.socket units in scripts.
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Userfaultfd is by default allowed only for privileged processes. Since
libvirt runs QEMU unprivileged, we need to enable unprivileged access to
userfaultfd to enable post-copy migration.
https://bugzilla.redhat.com/show_bug.cgi?id=1945420
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
The directory is already created by the build system, so we
don't need to create it explicitly in the spec file; moreover,
the path was incorrect, because it used datadir instead of
localstatedir.
Fixes: 4e041189f8
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
With this program we do not have to depend on the output of `certtool -i`, which
changed the order of the fields at some point and the newest version is
incompatible with what libvirt expects in tls_allowed_dn_list configuration
option.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
In a50c473ad6 ("qemu: move temp file of screenshot and memorypeek to
per-domain dir") and c4f3c955d5 ("qemu: don't change ownership of
cache directory"), I move the temporary files of screenshot and
memorypeek from the cache directory to per-domain directory, and the
only user of the cache directory is the domain capabilities currently.
Since the domain capabilities are used by libvirtd, no need to set the
ownership of the cache directory to qemu_user and qemu_group.
Signed-off-by: Peng Liang <liangpeng10@huawei.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Commit b5e8db8f14 tuned the SPEC file so that libvirt daemons restart
on package upgrade. In order to do that it added a bunch of
parametrized macros using the %global directive. This caused a problem
when running RPM builds on CentOS Stream 8 resulting in:
error: Too many levels of recursion in macro expansion. It is likely
caused by recursive macro declaration.
error: Macro %libvirt_daemon_perform_restart failed to expand
error: line 1275: %global libvirt_daemon_perform_restart() \
if test %libvirt_daemon_needs_restart %1 \
then \
/bin/systemctl try-restart %1.service >/dev/null 2>&1 || : \
fi \
%libvirt_daemon_finish_restart %1
There are 2 important differences between %global and %define
directives:
1) %define is local-only and does have scope - in reality though, its
scope is apparently not really enforced because it behaves exactly
the same way as %global
2) %define is evaluated at the time of use while %global is evaluated
at the time of definition
The latter and the fact the macro is parametrized is the reason why the
RPM builds fails on CentOS. Strangely enough this only happens on
CentOS Stream, but not Fedora (which is also the main proponent of
replacing %define with %global). Anyhow, replacing %global with %define
makes the rpmbuild to pass on both and along with package upgrades.
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
While s390x doesn't have NUMA nodes it has libnuma which is still
helpful as it parses sysfs for us and kernel emulates NUMA#0.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
The hypervisor drivers can be disabled in certain build scenarios, so
their corresponding post scripts need to match.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
We need to enable or disable the modular daemons with systemd after the
RPM install/uninstall.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The patterns for enabling/disabling daemons post/postun-install has a
bit of duplication across the different part of the spec, due to the
number of socket units involved. This is going to get much worse with
the need to enable/disalbe modular daemons, so benefits from macroization.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The daemons all need restarting to ensure they pick up the newly
installed code.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Currently we restart libvirtd if the nwfilter/network configs have
changed. We need to take account of possibility that the modular
daemons are in use instead though.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The patterns for restarting daemons post-transaction has a bit of
duplication across the different part of the spec. This is going to
get much worse with the need to restart modular daemons, so benefits
from macroization.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>