October 2021 - Libguestfs - Libguestfs List Archives

[guestfs-tools PATCH 0/2] refresh "virt-inspector.rng", recognize kylin

by Laszlo Ersek

These patches (for guestfs-tools) are not strictly necessary for solving RHBZ#1995391. However, "virt-inspector.rng" is supposed to validate virt-inspector output, and so, when virt-inspector learns about a new distro (via libguestfs) and its output broadens, we might want to refresh "virt-inspector.rng" too. Thanks, Laszlo Laszlo Ersek (2): virt-inspector.rng: recognize "kalilinux" and "msdos" distros virt-inspector.rng: Add support for Kylin (RHBZ#1995391). inspector/virt-inspector.rng | 3 +++ 1 file changed, 3 insertions(+) base-commit: a4930f5fad82e5358d565b8cf3610970e9646259 -- 2.19.1.3.g30247aa5d201

2 years, 7 months

2
4
0 / 0

[PATCH] daemon: inspection: Add support for Kylin (RHBZ#1995391).

by Laszlo Ersek

Similar-to: cd08039d2427b584237265237c713d8cf46536a0 Signed-off-by: Laszlo Ersek <lersek(a)redhat.com> --- daemon/inspect_fs.ml | 2 ++ daemon/inspect_fs_unix.ml | 1 + daemon/inspect_types.ml | 2 ++ daemon/inspect_types.mli | 1 + generator/actions_inspection.ml | 4 ++++ 5 files changed, 10 insertions(+) diff --git a/daemon/inspect_fs.ml b/daemon/inspect_fs.ml index 02b5a0470930..77f0f6aea6dc 100644 --- a/daemon/inspect_fs.ml +++ b/daemon/inspect_fs.ml @@ -275,6 +275,7 @@ and check_package_format { distro } = Some PACKAGE_FORMAT_RPM | Some DISTRO_DEBIAN | Some DISTRO_KALI_LINUX + | Some DISTRO_KYLIN (* supposedly another Ubuntu derivative *) | Some DISTRO_LINUX_MINT | Some DISTRO_UBUNTU -> Some PACKAGE_FORMAT_DEB @@ -345,6 +346,7 @@ and check_package_management { distro; version } = | Some DISTRO_ALTLINUX | Some DISTRO_DEBIAN | Some DISTRO_KALI_LINUX + | Some DISTRO_KYLIN (* supposedly another Ubuntu derivative *) | Some DISTRO_LINUX_MINT | Some DISTRO_UBUNTU -> Some PACKAGE_MANAGEMENT_APT diff --git a/daemon/inspect_fs_unix.ml b/daemon/inspect_fs_unix.ml index 652bacc0fc18..7f6eb92e93c0 100644 --- a/daemon/inspect_fs_unix.ml +++ b/daemon/inspect_fs_unix.ml @@ -146,6 +146,7 @@ and distro_of_os_release_id = function | "frugalware" -> Some DISTRO_FRUGALWARE | "gentoo" -> Some DISTRO_GENTOO | "kali" -> Some DISTRO_KALI_LINUX + | "kylin" -> Some DISTRO_KYLIN | "mageia" -> Some DISTRO_MAGEIA | "neokylin" -> Some DISTRO_NEOKYLIN | "openmandriva" -> Some DISTRO_OPENMANDRIVA diff --git a/daemon/inspect_types.ml b/daemon/inspect_types.ml index 18e410ce0309..e2bc7165c283 100644 --- a/daemon/inspect_types.ml +++ b/daemon/inspect_types.ml @@ -79,6 +79,7 @@ and distro = | DISTRO_FRUGALWARE | DISTRO_GENTOO | DISTRO_KALI_LINUX + | DISTRO_KYLIN | DISTRO_LINUX_MINT | DISTRO_MAGEIA | DISTRO_MANDRIVA @@ -211,6 +212,7 @@ and string_of_distro = function | DISTRO_FRUGALWARE -> "frugalware" | DISTRO_GENTOO -> "gentoo" | DISTRO_KALI_LINUX -> "kalilinux" + | DISTRO_KYLIN -> "kylin" | DISTRO_LINUX_MINT -> "linuxmint" | DISTRO_MAGEIA -> "mageia" | DISTRO_MANDRIVA -> "mandriva" diff --git a/daemon/inspect_types.mli b/daemon/inspect_types.mli index d12f7a61aa99..43c79818ff23 100644 --- a/daemon/inspect_types.mli +++ b/daemon/inspect_types.mli @@ -86,6 +86,7 @@ and distro = | DISTRO_FRUGALWARE | DISTRO_GENTOO | DISTRO_KALI_LINUX + | DISTRO_KYLIN | DISTRO_LINUX_MINT | DISTRO_MAGEIA | DISTRO_MANDRIVA diff --git a/generator/actions_inspection.ml b/generator/actions_inspection.ml index 690afd460be4..0c6d39b43786 100644 --- a/generator/actions_inspection.ml +++ b/generator/actions_inspection.ml @@ -214,6 +214,10 @@ Gentoo. Kali Linux. +=item \"kylin\" + +Kylin. + =item \"linuxmint\" Linux Mint. base-commit: e597fc5317e018c259c75eb475cf6668e07236d1 -- 2.19.1.3.g30247aa5d201

2 years, 7 months

2
2
0 / 0

[PATCH 0/3] clean up Yara (version) dependency

by Laszlo Ersek

Libguestfs now depends (optionally) on Yara >= 4.0.0. Make this explicit in the build configuration and the build documentation. Thanks, Laszlo Laszlo Ersek (3): build: fix the pkg-config identifier of the (optional) Yara library build: eliminate the AC_CHECK_LIB / AC_CHECK_HEADER tests for Yara build, docs: spell out minimum version (4.0.0) for the (optional) Yara lib docs/guestfs-building.pod | 2 +- m4/guestfs-daemon.m4 | 11 ++--------- 2 files changed, 3 insertions(+), 10 deletions(-) base-commit: e597fc5317e018c259c75eb475cf6668e07236d1 -- 2.19.1.3.g30247aa5d201

2 years, 7 months

3
6
0 / 0

[virt-v2v PATCH] build: fix typo in "--enable-werror" help string

by Laszlo Ersek

Fixes: af9251086030886580cd5243afabf726d5e50fdc Signed-off-by: Laszlo Ersek <lersek(a)redhat.com> --- m4/guestfs-c.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/m4/guestfs-c.m4 b/m4/guestfs-c.m4 index 6b417c091c91..67a7f276df74 100644 --- a/m4/guestfs-c.m4 +++ b/m4/guestfs-c.m4 @@ -30,7 +30,7 @@ test "x$U" != "x" && AC_MSG_ERROR([Compiler not ANSI compliant]) AM_PROG_CC_C_O AC_ARG_ENABLE([werror], - [AS_HELP_STRING([--enable-error], + [AS_HELP_STRING([--enable-werror], [turn on lots of GCC warnings (for developers)])], [case $enableval in yes|no) ;; -- 2.19.1.3.g30247aa5d201

2 years, 7 months

2
2
0 / 0

libnbd | Failed pipeline for master | f4fa9361

by GitLab

Pipeline #387509460 has failed! Project: libnbd ( https://gitlab.com/nbdkit/libnbd ) Branch: master ( https://gitlab.com/nbdkit/libnbd/-/commits/master ) Commit: f4fa9361 ( https://gitlab.com/nbdkit/libnbd/-/commit/f4fa9361852382d67503cff4e0a7ede... ) Commit Message: valgrind: Add suppression for new leak in OCaml... Commit Author: Richard W_M_ Jones ( https://gitlab.com/rwmjones ) Pipeline #387509460 ( https://gitlab.com/nbdkit/libnbd/-/pipelines/387509460 ) triggered by Richard W_M_ Jones ( https://gitlab.com/rwmjones ) had 1 failed job. Job #1675226703 ( https://gitlab.com/nbdkit/libnbd/-/jobs/1675226703/raw ) Stage: containers Name: x86_64-fedora-rawhide-container -- You're receiving this email because of your account on gitlab.com.

2 years, 7 months

1
0
0 / 0

[PATCH 0/3] daemon/yara: fix undefined behavior due to Yara 4.0 API changes

by Laszlo Ersek

I *almost* got around looking at RHBZ#1995391 again, but then I pulled master to build a new baseline, and then: - the Yara test case failed (I had recently installed the Yara devel package), - it turns out the test case failure comes from a genuine bug, - it turns out that gcc warns about the bug, but I don't notice gcc warnings unless I ask for "-Werror" (I don't really "watch" the build), - it turns out the "./configure --help" hint on "-Werror" is inexact :) Thanks, Laszlo Laszlo Ersek (3): build: fix typo in "--enable-werror" help string lib/proto: suppress "may be used uninitialized" in send_file_complete() daemon/yara: fix undefined behavior due to Yara 4.0 API changes daemon/yara.c | 20 ++++++++++++++++---- lib/proto.c | 2 +- m4/guestfs-c.m4 | 2 +- 3 files changed, 18 insertions(+), 6 deletions(-) -- 2.19.1.3.g30247aa5d201

2 years, 7 months

3
13
0 / 0

[PATCH 1/3] nbdkit/curl: add support for ssl configuration

by Przemyslaw Czarnowski

From: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski(a)intel.com> Some clients may want to enforce specific TLS/SSL version and ciphers, what is not possible at the moment. To make it possible, curl plugin options are added: - ssl-version, and - ssl-cipher-list. Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski(a)intel.com> --- plugins/curl/curl.c | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/plugins/curl/curl.c b/plugins/curl/curl.c index 135f70b5..50440bf9 100644 --- a/plugins/curl/curl.c +++ b/plugins/curl/curl.c @@ -83,6 +83,8 @@ const char *proxy = NULL; char *proxy_password = NULL; const char *proxy_user = NULL; bool sslverify = true; +const char *ssl_version = NULL; +const char *ssl_cipher_list = NULL; bool tcp_keepalive = false; bool tcp_nodelay = true; uint32_t timeout = 0; @@ -301,6 +303,12 @@ curl_config (const char *key, const char *value) sslverify = r; } + else if (strcmp (key, "ssl-version") == 0) + ssl_version = value; + + else if (strcmp (key, "ssl-cipher-list") == 0) + ssl_cipher_list = value; + else if (strcmp (key, "tcp-keepalive") == 0) { r = nbdkit_parse_bool (value); if (r == -1) @@ -403,6 +411,8 @@ curl_config_complete (void) "proxy-user=<USER> The proxy user.\n" \ "timeout=<TIMEOUT> Set the timeout for requests (seconds).\n" \ "sslverify=false Do not verify SSL certificate of remote host.\n" \ + "ssl-version=<VERSION> Specify preferred TLS/SSL version.\n " \ + "ssl-cipher-list=C1:C2:.. Specify TLS/SSL cipher suites to be used.\n" \ "tcp-keepalive=true Enable TCP keepalives.\n" \ "tcp-nodelay=false Disable Nagle’s algorithm.\n" \ "unix-socket-path=<PATH> Open Unix domain socket instead of TCP/IP.\n" \ @@ -516,6 +526,30 @@ curl_open (int readonly) curl_easy_setopt (h->c, CURLOPT_SSL_VERIFYPEER, 0L); curl_easy_setopt (h->c, CURLOPT_SSL_VERIFYHOST, 0L); } + if (ssl_version) { + if (strcmp (ssl_version, "tlsv1") == 0) + curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1); + else if (strcmp (ssl_version, "sslv2") == 0) + curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv2); + else if (strcmp (ssl_version, "sslv3") == 0) + curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3); + else if (strcmp (ssl_version, "tlsv1.0") == 0) + curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_0); + else if (strcmp (ssl_version, "tlsv1.1") == 0) + curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1); + else if (strcmp (ssl_version, "tlsv1.2") == 0) + curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2); + else if (strcmp (ssl_version, "tlsv1.3") == 0) + curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_3); + else { + display_curl_error (h, r, "curl_easy_setopt: CURLOPT_SSLVERSION [%s]", + ssl_version); + goto err; + } + + } + if (ssl_cipher_list) + curl_easy_setopt (h->c, CURLOPT_SSL_CIPHER_LIST, ssl_cipher_list); if (tcp_keepalive) curl_easy_setopt (h->c, CURLOPT_TCP_KEEPALIVE, 1L); if (!tcp_nodelay) -- 2.26.2

2 years, 7 months

2
3
0 / 0

[PATCH 1/3] nbdkit/curl: add support for ssl configuration

by Przemyslaw Czarnowski

Some clients may want to enforce specific TLS/SSL version and ciphers, what is not possible at the moment. To make it possible, curl plugin options are added: - ssl-version, and - ssl-cipher-list. Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski(a)intel.com> --- plugins/curl/curl.c | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/plugins/curl/curl.c b/plugins/curl/curl.c index 135f70b5..50440bf9 100644 --- a/plugins/curl/curl.c +++ b/plugins/curl/curl.c @@ -83,6 +83,8 @@ const char *proxy = NULL; char *proxy_password = NULL; const char *proxy_user = NULL; bool sslverify = true; +const char *ssl_version = NULL; +const char *ssl_cipher_list = NULL; bool tcp_keepalive = false; bool tcp_nodelay = true; uint32_t timeout = 0; @@ -301,6 +303,12 @@ curl_config (const char *key, const char *value) sslverify = r; } + else if (strcmp (key, "ssl-version") == 0) + ssl_version = value; + + else if (strcmp (key, "ssl-cipher-list") == 0) + ssl_cipher_list = value; + else if (strcmp (key, "tcp-keepalive") == 0) { r = nbdkit_parse_bool (value); if (r == -1) @@ -403,6 +411,8 @@ curl_config_complete (void) "proxy-user=<USER> The proxy user.\n" \ "timeout=<TIMEOUT> Set the timeout for requests (seconds).\n" \ "sslverify=false Do not verify SSL certificate of remote host.\n" \ + "ssl-version=<VERSION> Specify preferred TLS/SSL version.\n " \ + "ssl-cipher-list=C1:C2:.. Specify TLS/SSL cipher suites to be used.\n" \ "tcp-keepalive=true Enable TCP keepalives.\n" \ "tcp-nodelay=false Disable Nagle’s algorithm.\n" \ "unix-socket-path=<PATH> Open Unix domain socket instead of TCP/IP.\n" \ @@ -516,6 +526,30 @@ curl_open (int readonly) curl_easy_setopt (h->c, CURLOPT_SSL_VERIFYPEER, 0L); curl_easy_setopt (h->c, CURLOPT_SSL_VERIFYHOST, 0L); } + if (ssl_version) { + if (strcmp (ssl_version, "tlsv1") == 0) + curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1); + else if (strcmp (ssl_version, "sslv2") == 0) + curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv2); + else if (strcmp (ssl_version, "sslv3") == 0) + curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3); + else if (strcmp (ssl_version, "tlsv1.0") == 0) + curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_0); + else if (strcmp (ssl_version, "tlsv1.1") == 0) + curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1); + else if (strcmp (ssl_version, "tlsv1.2") == 0) + curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2); + else if (strcmp (ssl_version, "tlsv1.3") == 0) + curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_3); + else { + display_curl_error (h, r, "curl_easy_setopt: CURLOPT_SSLVERSION [%s]", + ssl_version); + goto err; + } + + } + if (ssl_cipher_list) + curl_easy_setopt (h->c, CURLOPT_SSL_CIPHER_LIST, ssl_cipher_list); if (tcp_keepalive) curl_easy_setopt (h->c, CURLOPT_TCP_KEEPALIVE, 1L); if (!tcp_nodelay) -- 2.26.2

2 years, 7 months

2
3
0 / 0

[PATCH RFC 0/5] Subject: [PATCH RFC 0/5] qapi: Add feature flags to enum members

by Markus Armbruster

PATCH 1+2 add feature flags to enum members. Awkward due to an introspection design mistake; see PATCH 1 for details. Feedback welcome, in particular from management application guys. PATCH 3+4 implement policy deprecated-input={reject,crash} for enum values. Policy deprecated-output=hide is not implemented, because we can't hide a value without hiding the entire member, which is almost certainly more than the requester of this policy bargained for. Perhaps we want a new policy deprecated-output=crash to help us catch unwanted use of deprecated enum values. Thoughts? PATCH 5 puts the new feature flags to use. It makes sense only on top of Vladimir's deprecation of drive-backup. See its commit message for a reference. Based on my "[PATCH 00/22] qapi: Remove simple unions from the schema language". Based-on: Message-Id: <20210913123932.3306639-1-armbru(a)redhat.com> Markus Armbruster (5): qapi: Enable enum member introspection to show more than name qapi: Add feature flags to enum members qapi: Move compat policy from QObject to generic visitor qapi: Implement deprecated-input={reject,crash} for enum values block: Deprecate transaction type drive-backup docs/devel/qapi-code-gen.rst | 4 ++- qapi/compat.json | 3 +++ qapi/introspect.json | 23 ++++++++++++++-- qapi/transaction.json | 5 +++- include/qapi/qobject-input-visitor.h | 4 --- include/qapi/qobject-output-visitor.h | 4 --- include/qapi/util.h | 6 ++++- include/qapi/visitor-impl.h | 3 +++ include/qapi/visitor.h | 9 +++++++ qapi/qapi-visit-core.c | 27 ++++++++++++++++--- qapi/qmp-dispatch.c | 4 +-- qapi/qobject-input-visitor.c | 14 +--------- qapi/qobject-output-visitor.c | 14 +--------- scripts/qapi/expr.py | 3 ++- scripts/qapi/introspect.py | 19 ++++++++++--- scripts/qapi/schema.py | 22 +++++++++++++-- scripts/qapi/types.py | 17 +++++++++++- tests/qapi-schema/doc-good.json | 5 +++- tests/qapi-schema/doc-good.out | 3 +++ tests/qapi-schema/doc-good.txt | 3 +++ .../qapi-schema/enum-dict-member-unknown.err | 2 +- tests/qapi-schema/qapi-schema-test.json | 3 ++- tests/qapi-schema/qapi-schema-test.out | 1 + tests/qapi-schema/test-qapi.py | 1 + 24 files changed, 144 insertions(+), 55 deletions(-) -- 2.31.1

2 years, 7 months

4
18
0 / 0

virt-builder stuck starting qemu-kvm on centos stream 9 container

by Nir Soffer

I'm trying to add a centos-9 build to imageio, using a centos stream 9 container. We have some tests using virt-builder to create a test image: https://github.com/oVirt/ovirt-imageio/blob/584dec63debcc181ebc4c83836899... When trying to create the test image, the test times out after 120 seconds. The container is built from this dockerfile: https://github.com/oVirt/ovirt-imageio/blob/master/docker/Dockerfile.cent... The issue can be reproduce locally in fedora 34, using the same container: $ podman pull quay.io/ovirt/imageio-test-centos-9 $ podman run -it --rm quay.io/ovirt/imageio-test-centos-9 # LIBGUESTFS_BACKEND=direct virt-builder -v -x cirros-0.3.5 -o test.img /usr/libexec/qemu-kvm \ -global virtio-blk-pci.scsi=off \ -no-user-config \ -nodefaults \ -display none \ -machine accel=kvm:tcg,graphics=off \ -cpu max \ -m 1280 \ -no-reboot \ -rtc driftfix=slew \ -no-hpet \ -global kvm-pit.lost_tick_policy=discard \ -kernel /var/tmp/.guestfs-0/appliance.d/kernel \ -initrd /var/tmp/.guestfs-0/appliance.d/initrd \ -object rng-random,filename=/dev/urandom,id=rng0 \ -device virtio-rng-pci,rng=rng0 \ -device virtio-scsi-pci,id=scsi \ -drive file=/test.img,cache=unsafe,format=raw,id=hd0,if=none \ -device scsi-hd,drive=hd0 \ -drive file=/var/tmp/.guestfs-0/appliance.d/root,snapshot=on,id=appliance,cache=unsafe,if=none,format=raw \ -device scsi-hd,drive=appliance \ -device virtio-serial-pci \ -serial stdio \ -chardev socket,path=/tmp/libguestfsb5LzRA/guestfsd.sock,id=channel0 \ -device virtserialport,chardev=channel0,name=org.libguestfs.channel.0 \ -netdev user,id=usernet,net=169.254.0.0/16 \ -device virtio-net-pci,netdev=usernet \ -append "panic=1 console=ttyS0 edd=off udevtimeout=6000 udev.event-timeout=6000 no_timer_check printk.time=1 cgroup_disable=memory usbcore.nousb cryptomgr.notests tsc=reliable 8250.nr_uarts=1 root=UUID=a1794cae-0869-4b1e-b4f7-e45b998dc6d7 selinux=0 guestfs_verbose=1 guestfs_network=1 TERM=xterm" Could not access KVM kernel module: No such file or directory qemu-kvm: failed to initialize kvm: No such file or directory qemu-kvm: falling back to tcg \x1bc\x1b[?7l\x1b[2J\x1b[0mSeaBIOS (version 1.14.0-6.el9) iPXE (http://ipxe.org) 00:05.0 C000 PCI2.10 PnP PMM+4FF8C4C0+4FECC4C0 C000 Booting from ROM... \x1bc\x1b[?7l\x1b[2J (No progress after this point) Same if building the container locally. Same test works on centos-8 and fedora 33, 34, and 35, and in centos stream 9 vm. In centos 9 vm, we see at the same point: Booting from ROM..\x1bc\x1b[?7l\x1b[2J[ 0.000000] Linux version 5.14.0-4.el9.x86_64 (mockbuild(a)x86-06.stream.rdu2.redhat.com) (gcc (GCC) 11.2.1 20210728 (Red Hat 11.2.1-2), GNU ld version 2.35.2-9.el9) #1 SMP Thu Sep 23 12:07:52 UTC 2021 Nir

2 years, 7 months

2
1
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

Libguestfs October 2021