From 7749fc4a2637ebd6438063e96ccc3de2267ca9da Mon Sep 17 00:00:00 2001 From: Daniel P. Berrangé Date: Jun 05 2024 09:09:34 +0000 Subject: Update to 10.4.0 release This switches the virtual network backend from iptables to nftables and introduces an SSH VSOCK proxy by default for QEMU. Signed-off-by: Daniel P. Berrangé --- diff --git a/libvirt.spec b/libvirt.spec index d43fb58..560ff01 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -205,6 +205,18 @@ %define with_modular_daemons 1 %endif +# Prefer nftables for future OS releases but keep using iptables +# for existing ones +%if 0%{?rhel} >= 10 || 0%{?fedora} >= 41 + %define prefer_nftables 1 + %define firewall_backend_priority nftables,iptables +%else + %define prefer_nftables 0 + %define firewall_backend_priority iptables,nftables +%endif + + + # Force QEMU to run as non-root %define qemu_user qemu %define qemu_group qemu @@ -276,7 +288,7 @@ Summary: Library providing a simple virtualization API Name: libvirt -Version: 10.3.0 +Version: 10.4.0 Release: 1%{?dist} License: GPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND OFL-1.1 URL: https://libvirt.org/ @@ -336,7 +348,7 @@ BuildRequires: gcc %if %{with_libxl} BuildRequires: xen-devel %endif -BuildRequires: glib2-devel >= 2.56 +BuildRequires: glib2-devel >= 2.58 BuildRequires: libxml2-devel BuildRequires: readline-devel BuildRequires: pkgconfig(bash-completion) >= 2.0 @@ -356,8 +368,6 @@ BuildRequires: sanlock-devel >= 2.4 BuildRequires: libpcap-devel >= 1.5.0 BuildRequires: libnl3-devel BuildRequires: libselinux-devel -BuildRequires: iptables -BuildRequires: ebtables # For modprobe BuildRequires: kmod BuildRequires: cyrus-sasl-devel @@ -594,7 +604,11 @@ Summary: Network driver plugin for the libvirtd daemon Requires: libvirt-daemon-common = %{version}-%{release} Requires: libvirt-libs = %{version}-%{release} Requires: dnsmasq >= 2.41 + %if %{prefer_nftables} +Requires: nftables + %else Requires: iptables + %endif %description daemon-driver-network The network driver plugin for the libvirtd daemon, providing @@ -815,6 +829,7 @@ Requires: gzip Requires: bzip2 Requires: lzop Requires: xz +Requires: zstd Requires: systemd-container Requires: swtpm-tools %if %{with_numad} @@ -902,6 +917,7 @@ Requires: libvirt-daemon-driver-nodedev = %{version}-%{release} Requires: libvirt-daemon-driver-nwfilter = %{version}-%{release} Requires: libvirt-daemon-driver-secret = %{version}-%{release} Requires: libvirt-daemon-driver-storage = %{version}-%{release} +Requires: libvirt-ssh-proxy = %{version}-%{release} Requires: qemu %description daemon-qemu @@ -930,6 +946,7 @@ Requires: libvirt-daemon-driver-nodedev = %{version}-%{release} Requires: libvirt-daemon-driver-nwfilter = %{version}-%{release} Requires: libvirt-daemon-driver-secret = %{version}-%{release} Requires: libvirt-daemon-driver-storage = %{version}-%{release} +Requires: libvirt-ssh-proxy = %{version}-%{release} Requires: qemu-kvm %description daemon-kvm @@ -1099,6 +1116,13 @@ Requires: libvirt-daemon-driver-network = %{version}-%{release} Libvirt plugin for NSS for translating domain names into IP addresses. %endif +%package ssh-proxy +Summary: Libvirt SSH proxy +Requires: libvirt-libs = %{version}-%{release} + +%description ssh-proxy +Allows SSH into domains via VSOCK without need for network. + %if %{with_mingw32} %package -n mingw32-libvirt Summary: %{summary} @@ -1371,9 +1395,11 @@ export SOURCE_DATE_EPOCH=$(stat --printf='%Y' %{_specdir}/libvirt.spec) -Dtls_priority=%{tls_priority} \ -Dsysctl_config=enabled \ %{?arg_userfaultfd_sysctl} \ + -Dssh_proxy=enabled \ %{?enable_werror} \ -Dexpensive_tests=enabled \ -Dinit_script=systemd \ + -Dfirewall_backend_priority=%{firewall_backend_priority} \ -Ddocs=enabled \ -Dtests=enabled \ -Drpath=disabled \ @@ -1455,6 +1481,7 @@ export SOURCE_DATE_EPOCH=$(stat --printf='%Y' %{_specdir}/libvirt.spec) -Dstorage_zfs=disabled \ -Dsysctl_config=disabled \ -Duserfaultfd_sysctl=disabled \ + -Dssh_proxy=disabled \ -Dtests=disabled \ -Dudev=disabled \ -Dwireshark_dissector=disabled \ @@ -1565,7 +1592,8 @@ rm -rf $RPM_BUILD_ROOT%{mingw64_libexecdir}/libvirt-guests.sh %if %{with_native} # Building on slow archs, like emulated s390x in Fedora copr, requires # raising the test timeout -VIR_TEST_DEBUG=1 %meson_test --no-suite syntax-check --timeout-multiplier 10 +VIR_TEST_DEBUG=1 +%meson_test --no-suite syntax-check --timeout-multiplier 10 %endif %define libvirt_rpmstatedir %{_localstatedir}/lib/rpm-state/libvirt @@ -2108,6 +2136,9 @@ exit 0 %config(noreplace) %{_sysconfdir}/libvirt/virtnetworkd.conf %{_datadir}/augeas/lenses/virtnetworkd.aug %{_datadir}/augeas/lenses/tests/test_virtnetworkd.aug +%config(noreplace) %{_sysconfdir}/libvirt/network.conf +%{_datadir}/augeas/lenses/libvirtd_network.aug +%{_datadir}/augeas/lenses/tests/test_libvirtd_network.aug %{_unitdir}/virtnetworkd.service %{_unitdir}/virtnetworkd.socket %{_unitdir}/virtnetworkd-ro.socket @@ -2425,6 +2456,10 @@ exit 0 %{_libdir}/libnss_libvirt.so.2 %{_libdir}/libnss_libvirt_guest.so.2 +%files ssh-proxy +%config(noreplace) %{_sysconfdir}/ssh/ssh_config.d/30-libvirt-ssh-proxy.conf +%{_libexecdir}/libvirt-ssh-proxy + %if %{with_lxc} %files login-shell %attr(4750, root, virtlogin) %{_bindir}/virt-login-shell @@ -2586,8 +2621,12 @@ exit 0 %{mingw64_mandir}/man7/virkey*.7* %endif - %changelog +* Wed Jun 5 2024 Daniel P. Berrangé - 10.4.0-1 +- Update to version 10.4.0 +- Change virtual network backend from iptables to nftables +- Introduce SSH VSOCK proxy + * Thu May 2 2024 Daniel P. Berrangé - 10.3.0-1 - Update to version 10.3.0 diff --git a/sources b/sources index c32eb9b..f84031b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (libvirt-10.3.0.tar.xz) = dd2b151a19877e57e11b582b1c11542319f8b7b7cd3d7d51304442aa7d5eb1a8490d2887d340191c3ecc561320ea453773763083364579de0a40ada9c244fc59 +SHA512 (libvirt-10.4.0.tar.xz) = 711be39f3fb831a5073b25a5b02410676147114f3dcf85b24c8505b611a81bf64cf3b95f66908e0dc3a2f3e66e5fc31b2d95db610ea3f1b747a9fd1f52b1ffa7