apply add kylinsecos to supermin support
by Ken Lee
Dear all:
apply add kylinsecos to supermin support.
Modify the code as follows,
diff --git a/src/ph_rpm.ml b/src/ph_rpm.ml
index 783d1bb..5061d32 100644
--- a/src/ph_rpm.ml
+++ b/src/ph_rpm.ml
@@ -32,12 +32,13 @@ let stringset_of_list pkgs =
let fedora_detect () =
Config.rpm <> "no" && Config.rpm2cpio <> "no" && rpm_is_available () &&
(Config.yumdownloader <> "no" || Config.dnf <> "no") &&
- (List.mem (Os_release.get_id ()) [ "fedora"; "rhel"; "centos";
"openEuler"; "anolis" ] ||
+ (List.mem (Os_release.get_id ()) [ "fedora"; "rhel"; "centos";
"openEuler"; "anolis"; "KylinSecOS" ] ||
try
(stat "/etc/redhat-release").st_kind = S_REG ||
(stat "/etc/fedora-release").st_kind = S_REG ||
(stat "/etc/openEuler-release").st_kind = S_REG ||
- (stat "/etc/anolis-release").st_kind = S_REG
+ (stat "/etc/anolis-release").st_kind = S_REG ||
+ (stat "/etc/kylin-release").st_kind = S_REG
with Unix_error _ -> false)
let opensuse_detect () =
10 months
[libnbd PATCH] docs: Mention CVE-2023-5871
by Eric Blake
Point to the list archives for more details about the recent fix in
commit 177308adb1. The issue is deemed low risk, but every security
bug should be mentioned.
Signed-off-by: Eric Blake <eblake(a)redhat.com>
---
The URL may change as a result of getting the list migration stable
(doing another re-import to get more than 2 years of list history may
impact things); I'm also trying to figure out if mailman3/hyperkitty
has a way to get a shorter permalink URL under 80 columns that will
point to a given message. So for now, I'll hold off on pushing this
patch until we know we are ready for it.
---
docs/libnbd-security.pod | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/docs/libnbd-security.pod b/docs/libnbd-security.pod
index 216efa43..6bbd6bd8 100644
--- a/docs/libnbd-security.pod
+++ b/docs/libnbd-security.pod
@@ -45,6 +45,12 @@ negative size result from nbd_get_size(3)
See the full announcement here:
L<https://listman.redhat.com/archives/libguestfs/2023-September/032711.html>
+=head2 CVE-2023-5871
+assertion failure for 64-bit flags passed to nbd_block_status(3)
+
+See the full announcement here:
+L<https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/t...>
+
=head1 SEE ALSO
L<libnbd(3)>.
--
2.41.0
10 months, 1 week
New libguestfs mailing list is live
by Richard W.M. Jones
As you can see we have a new libguestfs mailing list. The old one
(libguestfs(a)redhat.com) had to be decommissioned when Red Hat decided
to get out of the mailing list hosting business. The new one is
provided on a self-administered VPS.
The archives are here:
https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/
The mailing list address is guestfs(a)lists.libguestfs.org. You can use
it for all discussion of libguestfs, guestfs tools, virt-v2v and
nbdkit, and related projects.
libnbd too, but for general NBD topics there is also the usual NBD
mailing list hosted by Debian.
I have updated the website and projects to point to the new mailing
list, where possible.
Thanks to Marc Dequènes for doing most of the heavy lifting for this one.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-p2v converts physical machines to virtual machines. Boot with a
live CD or over the network (PXE) and turn machines into KVM guests.
http://libguestfs.org/virt-v2v
10 months, 1 week
Re: [Libguestfs] libguestfs failure "mkdir: command not found ..."
by Richard W.M. Jones
On Mon, Oct 23, 2023 at 03:53:37PM +0000, Maximilian Kirschner wrote:
> Is it possible that this error occcurs because my root partition is encryped
> with LUKS. If the virtual file system tries to mount the /root of my host
> system, this will not work.
> Is this the case? Does libguestfs mount the /root of the host system?
> And if so, do you know a workaround for systems with encrypted disks?
It's not to do with LUKS. Just about everyone uses LUKS and
libguestfs works fine. It's a bug in the Ubuntu package, try:
>
> I'm afraid looks like however libguestfs was built, it is
> severly broken. You might want to file an Ubuntu bug if it's
> the official package, or else try rebuilding the dpkg from
> source and see if that works.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-p2v converts physical machines to virtual machines. Boot with a
live CD or over the network (PXE) and turn machines into KVM guests.
http://libguestfs.org/virt-v2v
10 months, 1 week
[PATCH nbdkit 0/3] server: Add magic values to important structs
by Richard W.M. Jones
Try to catch inconsistency within nbdkit better by adding a little
dynamic validation of the three important structs that we use most
often (backend, connection, context).
This passes the full test suite, including valgrind, so there are no
actual issues at the moment.
Rich.
11 months
[PATCH nbdkit v2] pattern: Accurately update b & offset in loop
by Richard W.M. Jones
It's better to update the 'b' pointer and the 'offset' using the
calculated increment 'n', rather than using '8-o' which might be
larger than the remainder of the buffer. Previously we could create a
dangling pointer beyond the end of the output buffer, and this should
not matter, but it's best not to do this if we can easily avoid it.
Also improve the test by replacing qemu-io with nbdsh. It is able to
make non-aligned requests so we can now test those.
---
plugins/pattern/pattern.c | 4 +-
tests/test-pattern.sh | 129 ++++++++++++++++++++++----------------
2 files changed, 77 insertions(+), 56 deletions(-)
diff --git a/plugins/pattern/pattern.c b/plugins/pattern/pattern.c
index 3d2bb6040..3db1a21eb 100644
--- a/plugins/pattern/pattern.c
+++ b/plugins/pattern/pattern.c
@@ -119,8 +119,8 @@ pattern_pread (void *handle, void *buf, uint32_t count, uint64_t offset,
o = offset & 7;
n = MIN (count, 8-o);
memcpy (b, (char *)&d + o, n);
- b += 8-o;
- offset += 8-o;
+ b += n;
+ offset += n;
count -= n;
}
diff --git a/tests/test-pattern.sh b/tests/test-pattern.sh
index 1b1bd56fb..79c42bc29 100755
--- a/tests/test-pattern.sh
+++ b/tests/test-pattern.sh
@@ -31,61 +31,82 @@
# SUCH DAMAGE.
# Test the pattern plugin.
-#
-# Note we don't have any client which can issue misaligned NBD
-# requests. qemu-io will issue 512-byte aligned requests no matter
-# what read parameters we give it. Hence these tests are rather
-# limited. (XXX)
source ./functions.sh
set -e
-requires qemu-io --version
-
-sock=$(mktemp -u /tmp/nbdkit-test-sock.XXXXXX)
-files="pattern.out pattern.pid $sock"
-rm -f $files
-cleanup_fn rm -f $files
-
-# Run nbdkit with pattern plugin.
-start_nbdkit -P pattern.pid -U $sock pattern 1G
-
-qemu-io -r -f raw "nbd+unix://?socket=$sock" \
- -c 'r -v 0 512' | grep -E '^[[:xdigit:]]+:' > pattern.out
-if [ "$(cat pattern.out)" != "00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 ................
-00000010: 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 18 ................
-00000020: 00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 28 ................
-00000030: 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 38 .......0.......8
-00000040: 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 48 ...............H
-00000050: 00 00 00 00 00 00 00 50 00 00 00 00 00 00 00 58 .......P.......X
-00000060: 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 68 ...............h
-00000070: 00 00 00 00 00 00 00 70 00 00 00 00 00 00 00 78 .......p.......x
-00000080: 00 00 00 00 00 00 00 80 00 00 00 00 00 00 00 88 ................
-00000090: 00 00 00 00 00 00 00 90 00 00 00 00 00 00 00 98 ................
-000000a0: 00 00 00 00 00 00 00 a0 00 00 00 00 00 00 00 a8 ................
-000000b0: 00 00 00 00 00 00 00 b0 00 00 00 00 00 00 00 b8 ................
-000000c0: 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 00 c8 ................
-000000d0: 00 00 00 00 00 00 00 d0 00 00 00 00 00 00 00 d8 ................
-000000e0: 00 00 00 00 00 00 00 e0 00 00 00 00 00 00 00 e8 ................
-000000f0: 00 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 f8 ................
-00000100: 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 08 ................
-00000110: 00 00 00 00 00 00 01 10 00 00 00 00 00 00 01 18 ................
-00000120: 00 00 00 00 00 00 01 20 00 00 00 00 00 00 01 28 ................
-00000130: 00 00 00 00 00 00 01 30 00 00 00 00 00 00 01 38 .......0.......8
-00000140: 00 00 00 00 00 00 01 40 00 00 00 00 00 00 01 48 ...............H
-00000150: 00 00 00 00 00 00 01 50 00 00 00 00 00 00 01 58 .......P.......X
-00000160: 00 00 00 00 00 00 01 60 00 00 00 00 00 00 01 68 ...............h
-00000170: 00 00 00 00 00 00 01 70 00 00 00 00 00 00 01 78 .......p.......x
-00000180: 00 00 00 00 00 00 01 80 00 00 00 00 00 00 01 88 ................
-00000190: 00 00 00 00 00 00 01 90 00 00 00 00 00 00 01 98 ................
-000001a0: 00 00 00 00 00 00 01 a0 00 00 00 00 00 00 01 a8 ................
-000001b0: 00 00 00 00 00 00 01 b0 00 00 00 00 00 00 01 b8 ................
-000001c0: 00 00 00 00 00 00 01 c0 00 00 00 00 00 00 01 c8 ................
-000001d0: 00 00 00 00 00 00 01 d0 00 00 00 00 00 00 01 d8 ................
-000001e0: 00 00 00 00 00 00 01 e0 00 00 00 00 00 00 01 e8 ................
-000001f0: 00 00 00 00 00 00 01 f0 00 00 00 00 00 00 01 f8 ................" ]
-then
- echo "$0: unexpected pattern:"
- cat pattern.out
- exit 1
-fi
+requires_run
+requires_nbdsh_uri
+
+# Run nbdkit-pattern-plugin. Use a disk > 4G so we can test 2G and 4G
+# boundaries.
+nbdkit pattern 5G --run 'nbdsh -u "$uri" -c -' <<EOF
+
+# Generate the expected pattern in the given range.
+# This only works for 8-byte aligned ranges.
+def generated_expected(start,end):
+ assert start % 8 == 0
+ assert end % 8 == 0
+ expected = bytearray()
+ for i in range(start,end,8):
+ expected = expected + i.to_bytes(8, 'big')
+ return expected
+
+# Check actual == expected, with printing
+def check_same(actual, expected):
+ if actual == expected:
+ print("check_same: passed", flush=True)
+ else:
+ print("actual = %r" % actual, flush=True)
+ print("expected = %r" % expected, flush=True)
+ assert False
+
+# Read an aligned range at the beginning of the disk.
+expected = generated_expected(0, 64)
+actual = h.pread(64, 0)
+check_same(actual, expected)
+
+# Read starting from an unaligned offset.
+actual = h.pread(60, 4)
+check_same(actual, expected[4:])
+
+# Read ending at an unaligned offset.
+actual = h.pread(60, 0)
+check_same(actual, expected[:60])
+
+# Same as above, but around offset 1,000,000.
+expected = generated_expected(1000000,1000000+64)
+actual = h.pread(64, 1000000)
+check_same(actual, expected)
+actual = h.pread(61, 1000003)
+check_same(actual, expected[3:])
+actual = h.pread(60, 1000000)
+check_same(actual, expected[:60])
+
+# Same as above, but around offset 2G.
+offset = 2*1024*1024*1024 - 32
+expected = generated_expected(offset, offset+64)
+actual = h.pread(64, offset)
+check_same(actual, expected)
+actual = h.pread(59, offset+5)
+check_same(actual, expected[5:])
+actual = h.pread(60, offset)
+check_same(actual, expected[:60])
+
+# Same as above, but around offset 4G.
+offset = 4*1024*1024*1024 - 32
+expected = generated_expected(offset, offset+64)
+actual = h.pread(64, offset)
+check_same(actual, expected)
+actual = h.pread(59, offset+5)
+check_same(actual, expected[5:])
+actual = h.pread(63, offset)
+check_same(actual, expected[:63])
+
+# Finish at the end of the disk.
+offset = 5*1024*1024*1024 - 64
+expected = generated_expected(offset, offset+64)
+actual = h.pread(64, offset)
+check_same(actual, expected)
+
+'EOF'
--
2.42.0
11 months
[PATCH nbdkit] pattern: Accurately update b & offset in loop
by Richard W.M. Jones
It's better to update the 'b' pointer and the 'offset' using the
calculated increment 'n', rather than using '8-o' which might be
larger than the remainder of the buffer. Previously we could create a
dangling pointer beyond the end of the output buffer, and this should
not matter, but it's best not to do this if we can easily avoid it.
Also improve the test by replacing qemu-io with nbdsh. It is able to
make non-aligned requests so we can now test those.
---
plugins/pattern/pattern.c | 4 +-
tests/test-pattern.sh | 98 ++++++++++++++++++---------------------
2 files changed, 46 insertions(+), 56 deletions(-)
diff --git a/plugins/pattern/pattern.c b/plugins/pattern/pattern.c
index 3d2bb6040..3db1a21eb 100644
--- a/plugins/pattern/pattern.c
+++ b/plugins/pattern/pattern.c
@@ -119,8 +119,8 @@ pattern_pread (void *handle, void *buf, uint32_t count, uint64_t offset,
o = offset & 7;
n = MIN (count, 8-o);
memcpy (b, (char *)&d + o, n);
- b += 8-o;
- offset += 8-o;
+ b += n;
+ offset += n;
count -= n;
}
diff --git a/tests/test-pattern.sh b/tests/test-pattern.sh
index 1b1bd56fb..6025aea78 100755
--- a/tests/test-pattern.sh
+++ b/tests/test-pattern.sh
@@ -31,61 +31,51 @@
# SUCH DAMAGE.
# Test the pattern plugin.
-#
-# Note we don't have any client which can issue misaligned NBD
-# requests. qemu-io will issue 512-byte aligned requests no matter
-# what read parameters we give it. Hence these tests are rather
-# limited. (XXX)
source ./functions.sh
set -e
-requires qemu-io --version
-
-sock=$(mktemp -u /tmp/nbdkit-test-sock.XXXXXX)
-files="pattern.out pattern.pid $sock"
-rm -f $files
-cleanup_fn rm -f $files
-
-# Run nbdkit with pattern plugin.
-start_nbdkit -P pattern.pid -U $sock pattern 1G
-
-qemu-io -r -f raw "nbd+unix://?socket=$sock" \
- -c 'r -v 0 512' | grep -E '^[[:xdigit:]]+:' > pattern.out
-if [ "$(cat pattern.out)" != "00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 ................
-00000010: 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 18 ................
-00000020: 00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 28 ................
-00000030: 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 38 .......0.......8
-00000040: 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 48 ...............H
-00000050: 00 00 00 00 00 00 00 50 00 00 00 00 00 00 00 58 .......P.......X
-00000060: 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 68 ...............h
-00000070: 00 00 00 00 00 00 00 70 00 00 00 00 00 00 00 78 .......p.......x
-00000080: 00 00 00 00 00 00 00 80 00 00 00 00 00 00 00 88 ................
-00000090: 00 00 00 00 00 00 00 90 00 00 00 00 00 00 00 98 ................
-000000a0: 00 00 00 00 00 00 00 a0 00 00 00 00 00 00 00 a8 ................
-000000b0: 00 00 00 00 00 00 00 b0 00 00 00 00 00 00 00 b8 ................
-000000c0: 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 00 c8 ................
-000000d0: 00 00 00 00 00 00 00 d0 00 00 00 00 00 00 00 d8 ................
-000000e0: 00 00 00 00 00 00 00 e0 00 00 00 00 00 00 00 e8 ................
-000000f0: 00 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 f8 ................
-00000100: 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 08 ................
-00000110: 00 00 00 00 00 00 01 10 00 00 00 00 00 00 01 18 ................
-00000120: 00 00 00 00 00 00 01 20 00 00 00 00 00 00 01 28 ................
-00000130: 00 00 00 00 00 00 01 30 00 00 00 00 00 00 01 38 .......0.......8
-00000140: 00 00 00 00 00 00 01 40 00 00 00 00 00 00 01 48 ...............H
-00000150: 00 00 00 00 00 00 01 50 00 00 00 00 00 00 01 58 .......P.......X
-00000160: 00 00 00 00 00 00 01 60 00 00 00 00 00 00 01 68 ...............h
-00000170: 00 00 00 00 00 00 01 70 00 00 00 00 00 00 01 78 .......p.......x
-00000180: 00 00 00 00 00 00 01 80 00 00 00 00 00 00 01 88 ................
-00000190: 00 00 00 00 00 00 01 90 00 00 00 00 00 00 01 98 ................
-000001a0: 00 00 00 00 00 00 01 a0 00 00 00 00 00 00 01 a8 ................
-000001b0: 00 00 00 00 00 00 01 b0 00 00 00 00 00 00 01 b8 ................
-000001c0: 00 00 00 00 00 00 01 c0 00 00 00 00 00 00 01 c8 ................
-000001d0: 00 00 00 00 00 00 01 d0 00 00 00 00 00 00 01 d8 ................
-000001e0: 00 00 00 00 00 00 01 e0 00 00 00 00 00 00 01 e8 ................
-000001f0: 00 00 00 00 00 00 01 f0 00 00 00 00 00 00 01 f8 ................" ]
-then
- echo "$0: unexpected pattern:"
- cat pattern.out
- exit 1
-fi
+requires_run
+requires_nbdsh_uri
+
+nbdkit pattern 2M --run 'nbdsh -u "$uri" -c -' <<EOF
+
+# Read from an aligned offset at the beginning of the disk.
+expected = bytearray()
+for i in range(0,64,8):
+ expected = expected + i.to_bytes(8, "big")
+print("expected = %r" % expected)
+actual = h.pread(64, 0)
+print("actual = %r" % actual)
+assert actual == expected
+
+# Read from an unaligned offset.
+actual = bytearray(4) + h.pread(60, 4)
+print("actual = %r" % actual)
+assert actual == expected
+
+# Read to an unaligned offset.
+actual = h.pread(60, 0)
+print("actual = %r" % actual)
+assert actual == expected[:60]
+
+# Read from an aligned offset further in the disk.
+expected = bytearray()
+for i in range(1000000,1000064,8):
+ expected = expected + i.to_bytes(8, "big")
+print("expected = %r" % expected)
+actual = h.pread(64, 1000000)
+print("actual = %r" % actual)
+assert actual == expected
+
+# Read from an unaligned offset.
+actual = bytearray(3) + h.pread(61, 1000003)
+print("actual = %r" % actual)
+assert actual == expected
+
+# Read to an unaligned offset.
+actual = h.pread(60, 1000000)
+print("actual = %r" % actual)
+assert actual == expected[:60]
+
+'EOF'
--
2.42.0
11 months
[COMMON PATCH v2] mldrivers: look for bootloader config in /boot/grub/grub.cfg in case of UEFI
by Andrey Drobyshev
On some older Debian-based distros (in particular, this is true for
Debian 8) GRUB config file doesn't reside on EFI partition, but rather
at /boot/grub/grub.cfg even if UEFI firmware is being used. As a
result, in the UEFI case we get "error: no bootloader detected". Let's
just append this path to the end of the corresponding list as a workaround
when dealing with UEFI guests.
Signed-off-by: Andrey Drobyshev <andrey.drobyshev(a)virtuozzo.com>
---
mldrivers/linux_bootloaders.ml | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/mldrivers/linux_bootloaders.ml b/mldrivers/linux_bootloaders.ml
index 6f8857e..91c5ab9 100644
--- a/mldrivers/linux_bootloaders.ml
+++ b/mldrivers/linux_bootloaders.ml
@@ -375,6 +375,18 @@ let detect_bootloader (g : G.guestfs) root i_firmware =
with G.Error msg ->
error (f_"could not find bootloader mount point (%s): %s") mp msg in
+ (*
+ * Workaround for older UEFI-based Debian which may not have
+ * /boot/efi/EFI/debian/grub.cfg.
+ *)
+ let paths =
+ if g#exists "/boot/grub/grub.cfg" then
+ match i_firmware with
+ | Firmware.I_BIOS -> paths
+ | I_UEFI _ -> paths @ ["/boot/grub/grub.cfg"]
+ else paths
+ in
+
(* We can determine if the bootloader config file is grub 1 or
* grub 2 just by looking at the filename.
*)
--
2.39.3
11 months