[guestfs-tools PATCH 0/2] refresh "virt-inspector.rng", recognize kylin
by Laszlo Ersek
These patches (for guestfs-tools) are not strictly necessary for solving
RHBZ#1995391. However, "virt-inspector.rng" is supposed to validate
virt-inspector output, and so, when virt-inspector learns about a new
distro (via libguestfs) and its output broadens, we might want to
refresh "virt-inspector.rng" too.
Thanks,
Laszlo
Laszlo Ersek (2):
virt-inspector.rng: recognize "kalilinux" and "msdos" distros
virt-inspector.rng: Add support for Kylin (RHBZ#1995391).
inspector/virt-inspector.rng | 3 +++
1 file changed, 3 insertions(+)
base-commit: a4930f5fad82e5358d565b8cf3610970e9646259
--
2.19.1.3.g30247aa5d201
3 years, 2 months
[PATCH] daemon: inspection: Add support for Kylin (RHBZ#1995391).
by Laszlo Ersek
Similar-to: cd08039d2427b584237265237c713d8cf46536a0
Signed-off-by: Laszlo Ersek <lersek(a)redhat.com>
---
daemon/inspect_fs.ml | 2 ++
daemon/inspect_fs_unix.ml | 1 +
daemon/inspect_types.ml | 2 ++
daemon/inspect_types.mli | 1 +
generator/actions_inspection.ml | 4 ++++
5 files changed, 10 insertions(+)
diff --git a/daemon/inspect_fs.ml b/daemon/inspect_fs.ml
index 02b5a0470930..77f0f6aea6dc 100644
--- a/daemon/inspect_fs.ml
+++ b/daemon/inspect_fs.ml
@@ -275,6 +275,7 @@ and check_package_format { distro } =
Some PACKAGE_FORMAT_RPM
| Some DISTRO_DEBIAN
| Some DISTRO_KALI_LINUX
+ | Some DISTRO_KYLIN (* supposedly another Ubuntu derivative *)
| Some DISTRO_LINUX_MINT
| Some DISTRO_UBUNTU ->
Some PACKAGE_FORMAT_DEB
@@ -345,6 +346,7 @@ and check_package_management { distro; version } =
| Some DISTRO_ALTLINUX
| Some DISTRO_DEBIAN
| Some DISTRO_KALI_LINUX
+ | Some DISTRO_KYLIN (* supposedly another Ubuntu derivative *)
| Some DISTRO_LINUX_MINT
| Some DISTRO_UBUNTU ->
Some PACKAGE_MANAGEMENT_APT
diff --git a/daemon/inspect_fs_unix.ml b/daemon/inspect_fs_unix.ml
index 652bacc0fc18..7f6eb92e93c0 100644
--- a/daemon/inspect_fs_unix.ml
+++ b/daemon/inspect_fs_unix.ml
@@ -146,6 +146,7 @@ and distro_of_os_release_id = function
| "frugalware" -> Some DISTRO_FRUGALWARE
| "gentoo" -> Some DISTRO_GENTOO
| "kali" -> Some DISTRO_KALI_LINUX
+ | "kylin" -> Some DISTRO_KYLIN
| "mageia" -> Some DISTRO_MAGEIA
| "neokylin" -> Some DISTRO_NEOKYLIN
| "openmandriva" -> Some DISTRO_OPENMANDRIVA
diff --git a/daemon/inspect_types.ml b/daemon/inspect_types.ml
index 18e410ce0309..e2bc7165c283 100644
--- a/daemon/inspect_types.ml
+++ b/daemon/inspect_types.ml
@@ -79,6 +79,7 @@ and distro =
| DISTRO_FRUGALWARE
| DISTRO_GENTOO
| DISTRO_KALI_LINUX
+ | DISTRO_KYLIN
| DISTRO_LINUX_MINT
| DISTRO_MAGEIA
| DISTRO_MANDRIVA
@@ -211,6 +212,7 @@ and string_of_distro = function
| DISTRO_FRUGALWARE -> "frugalware"
| DISTRO_GENTOO -> "gentoo"
| DISTRO_KALI_LINUX -> "kalilinux"
+ | DISTRO_KYLIN -> "kylin"
| DISTRO_LINUX_MINT -> "linuxmint"
| DISTRO_MAGEIA -> "mageia"
| DISTRO_MANDRIVA -> "mandriva"
diff --git a/daemon/inspect_types.mli b/daemon/inspect_types.mli
index d12f7a61aa99..43c79818ff23 100644
--- a/daemon/inspect_types.mli
+++ b/daemon/inspect_types.mli
@@ -86,6 +86,7 @@ and distro =
| DISTRO_FRUGALWARE
| DISTRO_GENTOO
| DISTRO_KALI_LINUX
+ | DISTRO_KYLIN
| DISTRO_LINUX_MINT
| DISTRO_MAGEIA
| DISTRO_MANDRIVA
diff --git a/generator/actions_inspection.ml b/generator/actions_inspection.ml
index 690afd460be4..0c6d39b43786 100644
--- a/generator/actions_inspection.ml
+++ b/generator/actions_inspection.ml
@@ -214,6 +214,10 @@ Gentoo.
Kali Linux.
+=item \"kylin\"
+
+Kylin.
+
=item \"linuxmint\"
Linux Mint.
base-commit: e597fc5317e018c259c75eb475cf6668e07236d1
--
2.19.1.3.g30247aa5d201
3 years, 2 months
[PATCH 0/3] clean up Yara (version) dependency
by Laszlo Ersek
Libguestfs now depends (optionally) on Yara >= 4.0.0. Make this explicit
in the build configuration and the build documentation.
Thanks,
Laszlo
Laszlo Ersek (3):
build: fix the pkg-config identifier of the (optional) Yara library
build: eliminate the AC_CHECK_LIB / AC_CHECK_HEADER tests for Yara
build, docs: spell out minimum version (4.0.0) for the (optional) Yara
lib
docs/guestfs-building.pod | 2 +-
m4/guestfs-daemon.m4 | 11 ++---------
2 files changed, 3 insertions(+), 10 deletions(-)
base-commit: e597fc5317e018c259c75eb475cf6668e07236d1
--
2.19.1.3.g30247aa5d201
3 years, 2 months
[virt-v2v PATCH] build: fix typo in "--enable-werror" help string
by Laszlo Ersek
Fixes: af9251086030886580cd5243afabf726d5e50fdc
Signed-off-by: Laszlo Ersek <lersek(a)redhat.com>
---
m4/guestfs-c.m4 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/m4/guestfs-c.m4 b/m4/guestfs-c.m4
index 6b417c091c91..67a7f276df74 100644
--- a/m4/guestfs-c.m4
+++ b/m4/guestfs-c.m4
@@ -30,7 +30,7 @@ test "x$U" != "x" && AC_MSG_ERROR([Compiler not ANSI compliant])
AM_PROG_CC_C_O
AC_ARG_ENABLE([werror],
- [AS_HELP_STRING([--enable-error],
+ [AS_HELP_STRING([--enable-werror],
[turn on lots of GCC warnings (for developers)])],
[case $enableval in
yes|no) ;;
--
2.19.1.3.g30247aa5d201
3 years, 2 months
[PATCH 0/3] daemon/yara: fix undefined behavior due to Yara 4.0 API changes
by Laszlo Ersek
I *almost* got around looking at RHBZ#1995391 again, but then I pulled
master to build a new baseline, and then:
- the Yara test case failed (I had recently installed the Yara devel
package),
- it turns out the test case failure comes from a genuine bug,
- it turns out that gcc warns about the bug, but I don't notice gcc
warnings unless I ask for "-Werror" (I don't really "watch" the
build),
- it turns out the "./configure --help" hint on "-Werror" is inexact :)
Thanks,
Laszlo
Laszlo Ersek (3):
build: fix typo in "--enable-werror" help string
lib/proto: suppress "may be used uninitialized" in
send_file_complete()
daemon/yara: fix undefined behavior due to Yara 4.0 API changes
daemon/yara.c | 20 ++++++++++++++++----
lib/proto.c | 2 +-
m4/guestfs-c.m4 | 2 +-
3 files changed, 18 insertions(+), 6 deletions(-)
--
2.19.1.3.g30247aa5d201
3 years, 2 months
[PATCH 1/3] nbdkit/curl: add support for ssl configuration
by Przemyslaw Czarnowski
From: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski(a)intel.com>
Some clients may want to enforce specific TLS/SSL version and ciphers, what is not
possible at the moment.
To make it possible, curl plugin options are added:
- ssl-version, and
- ssl-cipher-list.
Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski(a)intel.com>
---
plugins/curl/curl.c | 34 ++++++++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)
diff --git a/plugins/curl/curl.c b/plugins/curl/curl.c
index 135f70b5..50440bf9 100644
--- a/plugins/curl/curl.c
+++ b/plugins/curl/curl.c
@@ -83,6 +83,8 @@ const char *proxy = NULL;
char *proxy_password = NULL;
const char *proxy_user = NULL;
bool sslverify = true;
+const char *ssl_version = NULL;
+const char *ssl_cipher_list = NULL;
bool tcp_keepalive = false;
bool tcp_nodelay = true;
uint32_t timeout = 0;
@@ -301,6 +303,12 @@ curl_config (const char *key, const char *value)
sslverify = r;
}
+ else if (strcmp (key, "ssl-version") == 0)
+ ssl_version = value;
+
+ else if (strcmp (key, "ssl-cipher-list") == 0)
+ ssl_cipher_list = value;
+
else if (strcmp (key, "tcp-keepalive") == 0) {
r = nbdkit_parse_bool (value);
if (r == -1)
@@ -403,6 +411,8 @@ curl_config_complete (void)
"proxy-user=<USER> The proxy user.\n" \
"timeout=<TIMEOUT> Set the timeout for requests (seconds).\n" \
"sslverify=false Do not verify SSL certificate of remote host.\n" \
+ "ssl-version=<VERSION> Specify preferred TLS/SSL version.\n " \
+ "ssl-cipher-list=C1:C2:.. Specify TLS/SSL cipher suites to be used.\n" \
"tcp-keepalive=true Enable TCP keepalives.\n" \
"tcp-nodelay=false Disable Nagle’s algorithm.\n" \
"unix-socket-path=<PATH> Open Unix domain socket instead of TCP/IP.\n" \
@@ -516,6 +526,30 @@ curl_open (int readonly)
curl_easy_setopt (h->c, CURLOPT_SSL_VERIFYPEER, 0L);
curl_easy_setopt (h->c, CURLOPT_SSL_VERIFYHOST, 0L);
}
+ if (ssl_version) {
+ if (strcmp (ssl_version, "tlsv1") == 0)
+ curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
+ else if (strcmp (ssl_version, "sslv2") == 0)
+ curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv2);
+ else if (strcmp (ssl_version, "sslv3") == 0)
+ curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3);
+ else if (strcmp (ssl_version, "tlsv1.0") == 0)
+ curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_0);
+ else if (strcmp (ssl_version, "tlsv1.1") == 0)
+ curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1);
+ else if (strcmp (ssl_version, "tlsv1.2") == 0)
+ curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
+ else if (strcmp (ssl_version, "tlsv1.3") == 0)
+ curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_3);
+ else {
+ display_curl_error (h, r, "curl_easy_setopt: CURLOPT_SSLVERSION [%s]",
+ ssl_version);
+ goto err;
+ }
+
+ }
+ if (ssl_cipher_list)
+ curl_easy_setopt (h->c, CURLOPT_SSL_CIPHER_LIST, ssl_cipher_list);
if (tcp_keepalive)
curl_easy_setopt (h->c, CURLOPT_TCP_KEEPALIVE, 1L);
if (!tcp_nodelay)
--
2.26.2
3 years, 2 months
[PATCH 1/3] nbdkit/curl: add support for ssl configuration
by Przemyslaw Czarnowski
Some clients may want to enforce specific TLS/SSL version and ciphers, what is not
possible at the moment.
To make it possible, curl plugin options are added:
- ssl-version, and
- ssl-cipher-list.
Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski(a)intel.com>
---
plugins/curl/curl.c | 34 ++++++++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)
diff --git a/plugins/curl/curl.c b/plugins/curl/curl.c
index 135f70b5..50440bf9 100644
--- a/plugins/curl/curl.c
+++ b/plugins/curl/curl.c
@@ -83,6 +83,8 @@ const char *proxy = NULL;
char *proxy_password = NULL;
const char *proxy_user = NULL;
bool sslverify = true;
+const char *ssl_version = NULL;
+const char *ssl_cipher_list = NULL;
bool tcp_keepalive = false;
bool tcp_nodelay = true;
uint32_t timeout = 0;
@@ -301,6 +303,12 @@ curl_config (const char *key, const char *value)
sslverify = r;
}
+ else if (strcmp (key, "ssl-version") == 0)
+ ssl_version = value;
+
+ else if (strcmp (key, "ssl-cipher-list") == 0)
+ ssl_cipher_list = value;
+
else if (strcmp (key, "tcp-keepalive") == 0) {
r = nbdkit_parse_bool (value);
if (r == -1)
@@ -403,6 +411,8 @@ curl_config_complete (void)
"proxy-user=<USER> The proxy user.\n" \
"timeout=<TIMEOUT> Set the timeout for requests (seconds).\n" \
"sslverify=false Do not verify SSL certificate of remote host.\n" \
+ "ssl-version=<VERSION> Specify preferred TLS/SSL version.\n " \
+ "ssl-cipher-list=C1:C2:.. Specify TLS/SSL cipher suites to be used.\n" \
"tcp-keepalive=true Enable TCP keepalives.\n" \
"tcp-nodelay=false Disable Nagle’s algorithm.\n" \
"unix-socket-path=<PATH> Open Unix domain socket instead of TCP/IP.\n" \
@@ -516,6 +526,30 @@ curl_open (int readonly)
curl_easy_setopt (h->c, CURLOPT_SSL_VERIFYPEER, 0L);
curl_easy_setopt (h->c, CURLOPT_SSL_VERIFYHOST, 0L);
}
+ if (ssl_version) {
+ if (strcmp (ssl_version, "tlsv1") == 0)
+ curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
+ else if (strcmp (ssl_version, "sslv2") == 0)
+ curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv2);
+ else if (strcmp (ssl_version, "sslv3") == 0)
+ curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3);
+ else if (strcmp (ssl_version, "tlsv1.0") == 0)
+ curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_0);
+ else if (strcmp (ssl_version, "tlsv1.1") == 0)
+ curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1);
+ else if (strcmp (ssl_version, "tlsv1.2") == 0)
+ curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
+ else if (strcmp (ssl_version, "tlsv1.3") == 0)
+ curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_3);
+ else {
+ display_curl_error (h, r, "curl_easy_setopt: CURLOPT_SSLVERSION [%s]",
+ ssl_version);
+ goto err;
+ }
+
+ }
+ if (ssl_cipher_list)
+ curl_easy_setopt (h->c, CURLOPT_SSL_CIPHER_LIST, ssl_cipher_list);
if (tcp_keepalive)
curl_easy_setopt (h->c, CURLOPT_TCP_KEEPALIVE, 1L);
if (!tcp_nodelay)
--
2.26.2
3 years, 2 months
[PATCH RFC 0/5] Subject: [PATCH RFC 0/5] qapi: Add feature flags to enum members
by Markus Armbruster
PATCH 1+2 add feature flags to enum members. Awkward due to an
introspection design mistake; see PATCH 1 for details. Feedback
welcome, in particular from management application guys.
PATCH 3+4 implement policy deprecated-input={reject,crash} for enum
values.
Policy deprecated-output=hide is not implemented, because we can't
hide a value without hiding the entire member, which is almost
certainly more than the requester of this policy bargained for.
Perhaps we want a new policy deprecated-output=crash to help us catch
unwanted use of deprecated enum values. Thoughts?
PATCH 5 puts the new feature flags to use. It makes sense only on top
of Vladimir's deprecation of drive-backup. See its commit message for
a reference.
Based on my "[PATCH 00/22] qapi: Remove simple unions from the schema
language".
Based-on: Message-Id: <20210913123932.3306639-1-armbru(a)redhat.com>
Markus Armbruster (5):
qapi: Enable enum member introspection to show more than name
qapi: Add feature flags to enum members
qapi: Move compat policy from QObject to generic visitor
qapi: Implement deprecated-input={reject,crash} for enum values
block: Deprecate transaction type drive-backup
docs/devel/qapi-code-gen.rst | 4 ++-
qapi/compat.json | 3 +++
qapi/introspect.json | 23 ++++++++++++++--
qapi/transaction.json | 5 +++-
include/qapi/qobject-input-visitor.h | 4 ---
include/qapi/qobject-output-visitor.h | 4 ---
include/qapi/util.h | 6 ++++-
include/qapi/visitor-impl.h | 3 +++
include/qapi/visitor.h | 9 +++++++
qapi/qapi-visit-core.c | 27 ++++++++++++++++---
qapi/qmp-dispatch.c | 4 +--
qapi/qobject-input-visitor.c | 14 +---------
qapi/qobject-output-visitor.c | 14 +---------
scripts/qapi/expr.py | 3 ++-
scripts/qapi/introspect.py | 19 ++++++++++---
scripts/qapi/schema.py | 22 +++++++++++++--
scripts/qapi/types.py | 17 +++++++++++-
tests/qapi-schema/doc-good.json | 5 +++-
tests/qapi-schema/doc-good.out | 3 +++
tests/qapi-schema/doc-good.txt | 3 +++
.../qapi-schema/enum-dict-member-unknown.err | 2 +-
tests/qapi-schema/qapi-schema-test.json | 3 ++-
tests/qapi-schema/qapi-schema-test.out | 1 +
tests/qapi-schema/test-qapi.py | 1 +
24 files changed, 144 insertions(+), 55 deletions(-)
--
2.31.1
3 years, 2 months
virt-builder stuck starting qemu-kvm on centos stream 9 container
by Nir Soffer
I'm trying to add a centos-9 build to imageio, using a centos stream 9
container.
We have some tests using virt-builder to create a test image:
https://github.com/oVirt/ovirt-imageio/blob/584dec63debcc181ebc4c83836899...
When trying to create the test image, the test times out after 120 seconds.
The container is built from this dockerfile:
https://github.com/oVirt/ovirt-imageio/blob/master/docker/Dockerfile.cent...
The issue can be reproduce locally in fedora 34, using the same container:
$ podman pull quay.io/ovirt/imageio-test-centos-9
$ podman run -it --rm quay.io/ovirt/imageio-test-centos-9
# LIBGUESTFS_BACKEND=direct virt-builder -v -x cirros-0.3.5 -o test.img
/usr/libexec/qemu-kvm \
-global virtio-blk-pci.scsi=off \
-no-user-config \
-nodefaults \
-display none \
-machine accel=kvm:tcg,graphics=off \
-cpu max \
-m 1280 \
-no-reboot \
-rtc driftfix=slew \
-no-hpet \
-global kvm-pit.lost_tick_policy=discard \
-kernel /var/tmp/.guestfs-0/appliance.d/kernel \
-initrd /var/tmp/.guestfs-0/appliance.d/initrd \
-object rng-random,filename=/dev/urandom,id=rng0 \
-device virtio-rng-pci,rng=rng0 \
-device virtio-scsi-pci,id=scsi \
-drive file=/test.img,cache=unsafe,format=raw,id=hd0,if=none \
-device scsi-hd,drive=hd0 \
-drive file=/var/tmp/.guestfs-0/appliance.d/root,snapshot=on,id=appliance,cache=unsafe,if=none,format=raw
\
-device scsi-hd,drive=appliance \
-device virtio-serial-pci \
-serial stdio \
-chardev socket,path=/tmp/libguestfsb5LzRA/guestfsd.sock,id=channel0 \
-device virtserialport,chardev=channel0,name=org.libguestfs.channel.0 \
-netdev user,id=usernet,net=169.254.0.0/16 \
-device virtio-net-pci,netdev=usernet \
-append "panic=1 console=ttyS0 edd=off udevtimeout=6000
udev.event-timeout=6000 no_timer_check printk.time=1
cgroup_disable=memory usbcore.nousb cryptomgr.notests tsc=reliable
8250.nr_uarts=1 root=UUID=a1794cae-0869-4b1e-b4f7-e45b998dc6d7
selinux=0 guestfs_verbose=1 guestfs_network=1 TERM=xterm"
Could not access KVM kernel module: No such file or directory
qemu-kvm: failed to initialize kvm: No such file or directory
qemu-kvm: falling back to tcg
\x1bc\x1b[?7l\x1b[2J\x1b[0mSeaBIOS (version 1.14.0-6.el9)
iPXE (http://ipxe.org) 00:05.0 C000 PCI2.10 PnP PMM+4FF8C4C0+4FECC4C0 C000
Booting from ROM...
\x1bc\x1b[?7l\x1b[2J
(No progress after this point)
Same if building the container locally.
Same test works on centos-8 and fedora 33, 34, and 35, and in centos
stream 9 vm.
In centos 9 vm, we see at the same point:
Booting from ROM..\x1bc\x1b[?7l\x1b[2J[ 0.000000] Linux version
5.14.0-4.el9.x86_64 (mockbuild(a)x86-06.stream.rdu2.redhat.com) (gcc
(GCC) 11.2.1 20210728 (Red Hat 11.2.1-2), GNU ld version 2.35.2-9.el9)
#1 SMP Thu Sep 23 12:07:52 UTC 2021
Nir
3 years, 2 months