I'm pleased to announce libguestfs 1.30, a library and set of tools for accessing and modifying virtual machine disk images. This release took 9 months of work by a considerable number of people, and has many new features (see release notes below). You can get libguestfs 1.30 here: Main website: http://libguestfs.org/ Source: http://libguestfs.org/download/1.30-stable/ You will also need latest supermin from here: http://libguestfs.org/download/supermin/ Fedora 22+: http://koji.fedoraproject.org/koji/packageinfo?packageID=8391 It will appear as an update for F22/F23 in about a week. Debian/experimental coming soon, see: https://packages.debian.org/experimental/libguestfs0 [ From http://libguestfs.org/guestfs-release-notes.1.html ] NAME guestfs-release-notes - libguestfs Release Notes RELEASE NOTES FOR LIBGUESTFS 1.30 These release notes only cover the differences from the previous stable/dev branch split (1.28.0). For detailed changelogs, please see the git repository, or the ChangeLog file distributed in the tarball. New features New tools virt-dib(1) is a secure and safe alternative to the OpenStack "diskimage-builder" tool. It is compatible with diskimage-builder elements. (Pino Toscano) virt-get-kernel(1) extracts the kernel and ramdisk from a disk image. Previously this functionality was part of virt-builder(1), but the new tool is more featureful. (Pino Toscano) New features in existing tools virt-v2v(1) -i ova mode can now read a wider range of OVA files, and also unpacked files (directories). virt-v2v now securely passes options to curl, so passwords, cookies and so on cannot be seen by users with shell access on the same machine. virt-v2v has a new --password-file option to allow you to securely pass in a password, and to avoid an interactive prompt. virt-v2v disables Windows autoreboot, making debugging conversion failures on Windows easier. virt-v2v now comes with an extensive external test suite. See virt-v2v-test-harness(1). virt-v2v allows virtio drivers to come from any location (Roman Kagan), and drivers can be read directly from the virtio ISO. virt-v2v supports conversion of Windows ≥ 8. Note this is experimental, and possibly broken. Use with caution. virt-v2v can now convert UEFI guests. virt-p2v(1) adds a network configuration dialog. virt-p2v now has p2v.pre, p2v.post and p2v.fail triggers, allowing arbitrary scripts for preparing the host for conversion and tidying up post-conversion. virt-p2v now uses the more advanced metacity window manager (instead of matchbox). virt-sysprep(1) will remove /var/spool/mail/username for non-root accounts (Hu Tao). virt-customize(1), virt-builder(1) and virt-sysprep have the following new options: --commands-from-file allow long lists of commands to be read from a file instead of from the command line (Pino Toscano) --copy copy files inside the guest (Maros Zatko) --copy-in copy host files recursively into the guest (Pino Toscano) --move move files inside the guest (Maros Zatko) --ssh-inject inject SSH keys into a guest (Pino Toscano) --sm-attach --sm-credentials --sm-register --sm-remove --sm-unregister register and unregister a guest from subscription-manager (Pino Toscano) --touch touch a file in the guest (Pino Toscano) --truncate --truncate-recursive truncate files (Maros Zatko) Improvements to virt-customize firstboot support. In particular, Windows firstboot should work as well as Linux (Roman Kagan). virt-df(1) can now use PolicyKit, SASL and other authentication methods when getting the list of domains from libvirt. Improvements to guestfish bash completion (Pino Toscano). Bash completion now completes short options as well as long options (Pino Toscano). guestfish(1) now displays a command synopsis if the number of parameters given to a command is wrong (Hu Tao). virt-builder now supports Red Hat Enterprise Linux versions back to RHEL 3. virt-builder supports SUSE guests using zypper (Cédric Bosdonnat). Language bindings The Java bindings now include validated Javadoc, and other improvements (Pino Toscano). Multiple fixes and improvements to the PHP bindings (Pino Toscano). Inspection Inspection can now get icons from RHEL 7 and CentOS 7. /etc/favicon.png is now allowed to be a symbolic link. For RPM-based guests, inspection now returns RPM Epoch fields. Debian packages now have separate Epoch and Version fields (Nikos Skalkotos). OpenBSD detection added, FreeBSD and NetBSD added as separate "distros", and other BSD inspection improvements and bug fixes (Nikos Skalkotos). CoreOS detection added (Nikos Skalkotos). The package manager in Fedora ≥ 22 is dnf. ReactOS guests can be inspected (Maros Zatko). Add support for UEFI guests. Inspection now works when kernel modules are gzip or xz compressed (Pino Toscano). Inspection now recognizes ppc64 and ppc64le guests (Maros Zatko). Inspection lists the installed applications on Archlinux guests (Nikos Skalkotos). Architectures and platforms PPC64 (POWER7) and PPC64LE (POWER8) architectures are now much better supported, and should work out of the box. For aarch64, we use AAVMF (an open source UEFI implementation based on OVMF) if available to run the appliance. For armv7, we now use the -M virt machine type by default. There is better support for compiling on non-Linux platforms (Pino Toscano, Margaret Lewicka). Libguestfs should now work on MIPS 32 bit little endian ("mipsel"). I have not been able to try 64 bit or big endian. Security CVE-2014-8484 CVE-2014-8485 Libguestfs previously ran the strings(1) utility on untrusted files. Strings could parse BFD headers in an unsafe way, leading to possible arbitrary code execution. Libguestfs now runs strings with a flag to ensure it does not try to parse BFD headers. This could have led to exploitation of the libguestfs appliance, but since libguestfs further constrains the appliance through virtualization, SELinux and other techniques, it was unlikely to have caused any privilege escalation on the host. XPath injection in virt-v2v One possible XPath injection vulnerability was fixed in virt-v2v. This might have allowed a malicious guest which was being converted by virt-v2v to construct an arbitrary XPath expression which would have been evaluated on the host (by the libxml2 library linked to the virt-v2v binary). It is not clear what the effects of this might be. For further information, see upstream commit https://github.com/libguestfs/libguestfs/commit/6c6ce85f94c36803fe2db35a9... Denial of service problems when using qemu-img info When using the American Fuzzy Lop fuzzer (afl-fuzz) on the qemu-img info command, Richard W.M. Jones found that certain files can cause the qemu-img program to use lots of memory and time (for example 6GB of heap and 14 seconds of CPU time on a fast Intel processor), and in some cases to crash. Since libguestfs may run qemu-img info on disk images to find out what they contain, this transitively could cause libguestfs to hang or consume lots of memory. Libguestfs was modified so that it uses resource limits to limit the space and time used by qemu-img info, to avoid this problem. If a malicious user tries to pass one of these disk images to libguestfs, qemu-img will crash and the crash is reported back to libguestfs callers as an error message. API New APIs guestfs_add_libvirt_dom This exposes a previously private API that allows you to pass a virDomainPtr object directly from libvirt to libguestfs. guestfs_blockdev_setra Adjust readahead parameter for devices. See blockdev --setra command. guestfs_btrfs_balance guestfs_btrfs_balance_cancel guestfs_btrfs_balance_pause guestfs_btrfs_balance_resume guestfs_btrfs_balance_status Balance support for Btrfs filesystems (Hu Tao). guestfs_btrfs_filesystem_defragment Filesystem defragmentation support for Btrfs filesystems (Hu Tao). guestfs_btrfs_image Create an image of a Btrfs filesystem (Chen Hanxiao) guestfs_btrfs_qgroup_assign guestfs_btrfs_qgroup_create guestfs_btrfs_qgroup_destroy guestfs_btrfs_qgroup_limit guestfs_btrfs_qgroup_remove guestfs_btrfs_qgroup_show guestfs_btrfs_quota_enable guestfs_btrfs_quota_rescan Quote support for Btrfs filesystems (Hu Tao). guestfs_btrfs_rescue_chunk_recover Scan and recover the chunk tree in Btrfs filesystems (Hu Tao). guestfs_btrfs_rescue_super_recover Restore superblocks in Btrfs filesystems (Hu Tao). guestfs_btrfs_replace Replace a device in a Btrfs filesystem (Cao Jin). guestfs_btrfs_scrub guestfs_btrfs_scrub_cancel guestfs_btrfs_scrub_resume guestfs_btrfs_scrub_status Scrub a Btrfs filesystem (Hu Tao). guestfs_btrfs_subvolume_get_default Get the default subvolume of a Btrfs filesystem (Hu Tao). guestfs_btrfs_subvolume_show List detailed information about the subvolume of a Btrfs filesystem (Hu Tao). guestfs_btrfstune_enable_extended_inode_refs guestfs_btrfstune_enable_skinny_metadata_extent_refs guestfs_btrfstune_seeding Various tuning parameters for Btrfs filesystems (Chen Hanxiao). guestfs_c_pointer Return the C pointer to the underlying guestfs_h *. This allows interworking of libguestfs bindings with bindings from other libraries. For further information see https://bugzilla.redhat.com/1075164 guestfs_copy_in guestfs_copy_out Flexible APIs for recursively copying directories of files between the host and guest filesystem. Previously these were available only as guestfish commands, but now any API users can call them (Pino Toscano). guestfs_part_get_gpt_guid guestfs_part_set_gpt_guid Get and set the GPT per-partition GUID. guestfs_part_get_mbr_part_type Get MBR partition type (Chen Hanxiao). guestfs_set_uuid_random Set the UUID of a filesystem to a randomly generated value; supported filesystems currently are ext2/3/4, XFS, Btrfs, and swap partitions. (Chen Hanxiao). Other API changes guestfs_disk_create can now use VMDK files as backing files. guestfs_btrfs_subvolume_snapshot takes extra optional parameters (all added by Hu Tao): ro for creating a read-only Btrfs snapshot qgroupid for adding the snapshot to a qgroup guestfs_btrfs_subvolume_create can also take the optional qgroupid parameter (Hu Tao). guestfs_set_uuid can set UUID of swap partitions, Btrfs (Hu Tao, Chen Hanxiao). guestfs_copy_device_to_file and guestfs_copy_file_to_file have a new optional append parameter, allowing you to append to the output file instead of truncating it. guestfs_mkfs has a new optional label parameter to set the initial label of the new filesystem (Pino Toscano). guestfs_set_label and guestfs_set_uuid now set ENOTSUP as errno when there is no implemented support for the filesystem of the specified mountable (Chen Hanxiao). Environment variables now let you write LIBGUESTFS_DEBUG=true, LIBGUESTFS_DEBUG=0 and so on. All guestfs_sfdisk* APIs have been deprecated. Because sfdisk(8) was rewritten, incompatibly, upstream, we don't recommend using these APIs in future code. Use the guestfs_part* APIs as replacements. APIs such as guestfs_download do not truncate /dev/stdout or /dev/stderr when writing to them, meaning that if you redirect stdout or stderr to a file, the file is no longer truncated. Build changes The daemon no longer uses its own separate copy of gnulib. Instead it shares a single copy with the library. OCaml .annot files are now created, so IDEs and editors like emacs and vi can browse OCaml types in the source code. Various fixes to allow different host/appliance architecture builds (Pino Toscano). Automake is now used directly to build all the OCaml programs, instead of ad hoc Makefile rules. One side effect of this is to enable warnings in all the C code used by OCaml programs. -fno-strict-overflow is used throughout the build to avoid dubious GCC optimizations. Multiple cleanups to support GCC 5. OCaml OUnit2 is needed to run some OCaml tests. Creating a statically linked libguestfs.a should work again. The src/api-support subdirectory and its scripts are no longer used. Instead we store in the generator/actions.ml when the API was added to libguestfs. Internationalization The translation service has changed from Transifex to Zanata. Many more translations are available now, for both library and tools messages and documentation. Internals In all OCaml tools, there are now common error, warning, info functions, and common way to set and get the --quiet, -x (trace) and -v (verbose) flags, and colour highlighting used consistently. COMPILE_REGEXP macros are used to simplify PCRE constructors and destructors. In the generator, Pointer arguments have finally been implemented. Internal identifiers no longer use double and triple underscores (eg. guestfs___program_name). These identifiers are invalid for C99 and C++ programs, although compilers would accept them. The daemon no longer parses guestfs_* options from /proc/cmdline. Instead it only takes ordinary command line options. The appliance init script turns /proc/cmdline into daemon command line options. The tests can now run the daemon as a "captive process", allowing it to be run directly on the host. The main advantage of this is we can run valgrind directly on the daemon during testing. Bugs fixed https://bugzilla.redhat.com/1239053 virt-v2v error reporting when grub.conf cannot be parsed by Augeas https://bugzilla.redhat.com/1238053 v2v:Duplicate disk target set when convert guest with cdrom attached https://bugzilla.redhat.com/1237869 Virtio drivers are not installed for windows 2008 guests by virt-v2v https://bugzilla.redhat.com/1234351 virt-v2v Support for Fedora virtio-win drivers https://bugzilla.redhat.com/1232192 Virt-v2v gives an error on a blank disk: part_get_parttype: unknown signature, of the output: BYT; https://bugzilla.redhat.com/1229385 virt-p2v in kernel command line mode should power off the machine after conversion https://bugzilla.redhat.com/1229340 virt-p2v no GUI mode appends \n to the final command line parameter https://bugzilla.redhat.com/1229305 virt-sysprep at cleanup deletes /var/spool/at/.SEQ which results in failing at https://bugzilla.redhat.com/1226794 "Doing conversion……" still shows after cancel the conversion from virt-p2v client https://bugzilla.redhat.com/1215042 Memory leak in virNetSocketNewConnectUNIX https://bugzilla.redhat.com/1213324 virt-v2v: warning: unknown guest operating system: windows windows 6.3 when converting win8,win8.1,win2012,win2012R2 to rhev https://bugzilla.redhat.com/1213247 virt tools should print the same format of version string https://bugzilla.redhat.com/1212808 RFE: virt-builder --touch https://bugzilla.redhat.com/1212807 virt-builder --selinux-relabel flag fails on cross-architecture builds https://bugzilla.redhat.com/1212680 RFE: virt-inspector xpath query should output a neat format of the query element https://bugzilla.redhat.com/1212152 virt-builder firstboot-command fails: File name too long https://bugzilla.redhat.com/1211996 virt-inspector gives incorrect arch (ppc64) for ppc64le guest https://bugzilla.redhat.com/1203817 RFE: virt-customize --move and --copy https://bugzilla.redhat.com/1201526 index-parser can't parse systemd mount files properly https://bugzilla.redhat.com/1196101 virt-builder --upload option doesn't work to a FAT partition https://bugzilla.redhat.com/1196100 virt-builder -x option on its own does not enable tracing https://bugzilla.redhat.com/1195204 `virt-builder` should create $HOME/.cache directory if it already doesn't exist https://bugzilla.redhat.com/1193237 Virt-builder fingerprint is required even when no check desired https://bugzilla.redhat.com/1189284 virt-resize should preserve GPT partition UUIDs, else EFI guests become unbootable https://bugzilla.redhat.com/1188866 Performance regression in virt-builder when uncompressing image https://bugzilla.redhat.com/1186800 virt-v2v should support gzip format ova as input https://bugzilla.redhat.com/1185561 virt-sparsify should ignore read-only LVs https://bugzilla.redhat.com/1182463 "mknod-b", "mknod-c", and "mkfifo" do not strip non-permissions bits from "mode" https://bugzilla.redhat.com/1176493 virt-v2v ignores sound device when convert xen guest to local kvm https://bugzilla.redhat.com/1175676 Typo error in 'help ping-daemon' https://bugzilla.redhat.com/1175196 "parse-environment" and "parse-environment-list" fail to parse "LIBGUESTFS_TRACE = 0" https://bugzilla.redhat.com/1175035 "is-blockdev"/"is-blockdev-opts" fail to detect "/dev/sda" https://bugzilla.redhat.com/1174280 RFE: Allow v2v conversion of Oracle Linux 5.8 VMware VM https://bugzilla.redhat.com/1174200 New virt-v2v failure: CURL: Error opening file: NSS: client certificate not found (nickname not specified): Invalid argument https://bugzilla.redhat.com/1174123 Graphics password disappear after conversion of virt-v2v https://bugzilla.redhat.com/1174073 The listen address for vnc is changed after conversion by virt-v2v https://bugzilla.redhat.com/1171666 inspection thinks EFI partition is a separate operating system https://bugzilla.redhat.com/1171130 virt-v2v conversion of RHEL 3 guest fails with: All of your loopback devices are in use https://bugzilla.redhat.com/1170685 Conversion of RHEL 4 guest fails: rpm -ql 1:kernel-utils-2.4-23.el4: virt-v2v: error: libguestfs error: command_lines: https://bugzilla.redhat.com/1170073 virt-v2v picks debug kernels over non-debug kernels when versions are equal https://bugzilla.redhat.com/1169045 virt-sparsify: libguestfs error: qemu-img info: 'virtual-size' is not representable as a 64 bit integer https://bugzilla.redhat.com/1169015 virt-resize --expand fails on ubuntu-14.04.img image (regression) https://bugzilla.redhat.com/1168144 warning: fstrim: fstrim: /sysroot/: FITRIM ioctl failed: Operation not supported (ignored) when convert win2003 guest from xen server https://bugzilla.redhat.com/1167921 p2v: No Network Connection dialog https://bugzilla.redhat.com/1167774 virt-p2v fails with error:"nbd.c:nbd_receive_negotiate():L501: read failed" https://bugzilla.redhat.com/1167623 Remove "If reporting bugs, run virt-v2v with debugging enabled .." message when running virt-p2v https://bugzilla.redhat.com/1167601 "Conversion was successful" pop out even virt-p2v fails https://bugzilla.redhat.com/1167302 virt-v2v: warning: ova hard disk has no parent controller when convert from a ova file https://bugzilla.redhat.com/1166618 virt-resize should give out the detail warning info to let customers know what's going wrong https://bugzilla.redhat.com/1165975 File "/boot/grub2/device.map" showing is not right after converting a rhel7 guest from esx server https://bugzilla.redhat.com/1165785 mount-loop command fails: mount failed: Unknown error -1 https://bugzilla.redhat.com/1165569 Disable "cancel conversion" button after virt-p2v conversion finished https://bugzilla.redhat.com/1165564 Provide Reboot/Shutdown button after virt-p2v https://bugzilla.redhat.com/1164853 Booting in qemu found no volume groups and failed checking the filesystems https://bugzilla.redhat.com/1164732 The description of 'help append' is not accurately, it add the kernel options to libguestfs appliance not the guest kernel https://bugzilla.redhat.com/1164697 typo errors in man pages https://bugzilla.redhat.com/1164619 Inspect-get-icon failed on RHEL7 guest https://bugzilla.redhat.com/1162966 xfs should also give a warning out to let customer know the limitation https://bugzilla.redhat.com/1161575 Failed to import guest with "rtl8139" nic to openstack server after converted by v2v https://bugzilla.redhat.com/1159651 virt-sysprep firstboot script is not deleted if it reboot a RHEL 7 guest https://bugzilla.redhat.com/1159258 esx win2008 32 bit guest fail to load after conversion because the firmware isn't ACPI compatible https://bugzilla.redhat.com/1159016 libvirt backend does not set RBD password https://bugzilla.redhat.com/1158526 Use password file instead of process interaction https://bugzilla.redhat.com/1157679 virt-p2v-make-disk should add firmwares https://bugzilla.redhat.com/1156449 libguestfs FTBFS on f21 ppc64le https://bugzilla.redhat.com/1156301 virt-inspector support adding a remote disk, but in its man page -a URI / --add URI is missing https://bugzilla.redhat.com/1155121 Virt-v2v will fail when using relative path for -i ova https://bugzilla.redhat.com/1153844 Redundancy whitespace at the end of directory name when use <TAB> to complete the directory name in guestfish with a xfs filesystem in guest https://bugzilla.redhat.com/1153589 virt-v2v will hang when converting esx guest before disk copy phase https://bugzilla.redhat.com/1152998 virt-v2v / qemu-img fails on ova image https://bugzilla.redhat.com/1151910 virt-ls should remove '/' in the output when specify the directory name as /etc/ https://bugzilla.redhat.com/1151900 Should also add a field for directory files when run virt-ls with --csv option https://bugzilla.redhat.com/1151033 virt-v2v conversions from VMware vCenter server run slowly https://bugzilla.redhat.com/1146832 virt-v2v fail to convert guest with disk type volume https://bugzilla.redhat.com/1146007 Input/output error during conversion of esx guest. https://bugzilla.redhat.com/1135585 [RFE] virt-builder should support copying in a directory/list of files https://bugzilla.redhat.com/1089566 [abrt] livecd-tools: kickstart.py:276:apply:IOError: [Errno 2] No such file or directory: '/run/media/jones/2tp001data/createlive/temp/imgcreate-_dX8Us/install_root/etc/rpm/macros.imgcreate' https://bugzilla.redhat.com/1079625 virt-sparsify fails if a btrfs filesystem contains readonly snapshots https://bugzilla.redhat.com/1075164 RFE: allow passing in a pre-opened libvirt connection from python https://bugzilla.redhat.com/912499 Security context on image file gets reset https://bugzilla.redhat.com/889082 [RFE] virt-v2v should check whether guest with same name exist on target first then transfer the disk https://bugzilla.redhat.com/855059 RFE: virt-p2v: display more information about network devices such as topology, bonding, etc. https://bugzilla.redhat.com/823758 p2v client should have largest number restrictions for CPU and Memory settings https://bugzilla.redhat.com/709327 hivex cannot read registry hives from ReactOS https://bugzilla.redhat.com/709326 virt-inspector cannot detect ReactOS https://bugzilla.redhat.com/119673 installation via NFS doesn't seem to work -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-builder quickly builds VMs from scratch http://libguestfs.org/virt-builder.1.html