diff --git a/.cvsignore b/.cvsignore
index 28467d2..b91818f 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -22,3 +22,4 @@ libvirt-0.3.0.tar.gz
libvirt-0.3.1.tar.gz
libvirt-0.3.2.tar.gz
libvirt-0.3.3.tar.gz
+libvirt-0.4.0.tar.gz
diff --git a/libvirt-0.3.3-example-config.patch b/libvirt-0.3.3-example-config.patch
deleted file mode 100644
index 65c5ef4..0000000
--- a/libvirt-0.3.3-example-config.patch
+++ /dev/null
@@ -1,207 +0,0 @@
-changeset: 1147:7481eafdde8d
-user: berrange
-date: Fri Oct 12 18:54:15 2007 +0000
-files: libvirt.spec.in qemud/Makefile.am qemud/libvirtd.conf src/Makefile.am src/qemu.conf
-description:
-Added default example configs for libvirtd/qemu driver
-
-
-diff -r c48e81e685a3 -r 7481eafdde8d qemud/libvirtd.conf
---- /dev/null Thu Jan 01 00:00:00 1970 +0000
-+++ b/qemud/libvirtd.conf Fri Oct 12 18:54:15 2007 +0000
-@@ -0,0 +1,141 @@
-+# Master libvirt daemon configuration file
-+#
-+# For further information consult http://libvirt.org/format.html
-+
-+
-+# Flag listening for secure TLS connections on the public TCP/IP port.
-+# NB, must pass the --listen flag to the libvirtd process for this to
-+# have any effect.
-+#
-+# It is neccessary to setup a CA and issue server certificates before
-+# using this capability.
-+#
-+# This is enabled by default, uncomment this to disable it
-+# listen_tls = 0
-+
-+# Listen for unencrypted TCP connections on the public TCP/IP port.
-+# NB, must pass the --listen flag to the libvirtd process for this to
-+# have any effect.
-+#
-+# NB, this is insecure. Do not use except for development.
-+#
-+# This is disabled by default, uncomment this to enable it.
-+# listen_tcp = 1
-+
-+
-+
-+# Override the port for accepting secure TLS connections
-+# This can be a port number, or service name
-+#
-+# tls_port = "16514"
-+
-+# Override the port for accepting insecure TCP connections
-+# This can be a port number, or service name
-+#
-+# tcp_port = "16509"
-+
-+
-+
-+# Flag toggling mDNS advertizement of the libvirt service.
-+#
-+# Alternatively can disable for all services on a host by
-+# stopping the Avahi daemon
-+#
-+# This is enabled by default, uncomment this to disable it
-+# mdns_adv = 0
-+
-+# Override the default mDNS advertizement name. This must be
-+# unique on the immediate broadcast network.
-+#
-+# The default is "Virtualization Host HOSTNAME", where HOSTNAME
-+# is subsituted for the short hostname of the machine (without domain)
-+#
-+# mdns_name "Virtualization Host Joe Demo"
-+
-+
-+
-+# Set the UNIX domain socket group ownership. This can be used to
-+# allow a 'trusted' set of users access to management capabilities
-+# without becoming root.
-+#
-+# This is restricted to 'root' by default.
-+# unix_sock_group "libvirt"
-+
-+# Set the UNIX socket permissions for the R/O socket. This is used
-+# for monitoring VM status only
-+#
-+# Default allows any user. If setting group ownership may want to
-+# restrict this to:
-+# unix_sock_ro_perms "0777"
-+
-+# Set the UNIX socket permissions for the R/W socket. This is used
-+# for full management of VMs
-+#
-+# Default allows only root. If setting group ownership may want to
-+# relax this to:
-+# unix_sock_rw_perms "octal-perms" "0770"
-+
-+
-+
-+# Flag to disable verification of client certificates
-+#
-+# Client certificate verification is the primary authentication mechanism.
-+# Any client which does not present a certificate signed by the CA
-+# will be rejected.
-+#
-+# Default is to always verify. Uncommenting this will disable
-+# verification - make sure an IP whitelist is set
-+# tls_no_verify_certificate 1
-+
-+# Flag to disable verification of client IP address
-+#
-+# Client IP address will be verified against the CommonName field
-+# of the x509 certificate. This has minimal security benefit since
-+# it is easy to spoof source IP.
-+#
-+# Uncommenting this will disable verification
-+# tls_no_verify_address 1
-+
-+# Override the default server key file path
-+#
-+# key_file "/etc/pki/libvirt/private/serverkey.pem"
-+
-+# Override the default server certificate file path
-+#
-+# cert_file "/etc/pki/libvirt/servercert.pem"
-+
-+# Override the default CA certificate path
-+#
-+# ca_file "/etc/pki/CA/cacert.pem"
-+
-+# Specify a certificate revocation list.
-+#
-+# Defaults to not using a CRL, uncomment to enable it
-+# crl_file "/etc/pki/CA/crl.pem"
-+
-+# A whitelist of allowed x509 Distinguished Names
-+# This list may contain wildcards such as
-+#
-+# "C=GB,ST=London,L=London,O=Red Hat,CN=*"
-+#
-+# See the POSIX fnmatch function for the format of the wildcards.
-+#
-+# NB If this is an empty list, no client can connect, so comment out
-+# entirely rather than using empty list to disable these checks
-+#
-+# By default, no DN's are checked
-+# tls_allowed_dn_list ["DN1", "DN2"]
-+
-+
-+# A whitelist of allowed client IP addresses
-+#
-+# This list may contain wildcards such as 192.168.* See the POSIX fnmatch
-+# function for the format of the wildcards.
-+#
-+# NB If this is an empty list, no client can connect, so comment out
-+# entirely rather than using empty list to disable these checks
-+#
-+# By default, no IP's are checked. This can be IPv4 or IPv6 addresses
-+# tls_allowed_ip_list ["ip1", "ip2", "ip3"]
-+
-+
-diff -r c48e81e685a3 -r 7481eafdde8d src/qemu.conf
---- /dev/null Thu Jan 01 00:00:00 1970 +0000
-+++ b/src/qemu.conf Fri Oct 12 18:54:15 2007 +0000
-@@ -0,0 +1,49 @@
-+# Master configuration file for the QEMU driver.
-+# All settings described here are optional - if omitted, sensible
-+# defaults are used.
-+
-+# VNC is configured to listen on 127.0.0.1 by default.
-+# To make it listen on all public interfaces, uncomment
-+# this next option.
-+#
-+# NB, strong recommendation to enable TLS + x509 certificate
-+# verification when allowing public access
-+#
-+# vnc_listen = "0.0.0.0"
-+
-+
-+# Enable use of TLS encryption on the VNC server. This requires
-+# a VNC client which supports the VeNCrypt protocol extension.
-+# Examples include vinagre, virt-viewer, virt-manager and vencrypt
-+# itself. UltraVNC, RealVNC, TightVNC do not support this
-+#
-+# It is neccessary to setup CA and issue a server certificate
-+# before enabling this.
-+#
-+# vnc_tls = 1
-+
-+
-+# Use of TLS requires that x509 certificates be issued. The
-+# default it to keep them in /etc/pki/libvirt-vnc. This directory
-+# must contain
-+#
-+# ca-cert.pem - the CA master certificate
-+# server-cert.pem - the server certificate signed with ca-cert.pem
-+# server-key.pem - the server private key
-+#
-+# This option allows the certificate directory to be changed
-+#
-+# vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc"
-+
-+
-+# The default TLS configuration only uses certificates for the server
-+# allowing the client to verify the server's identity and establish
-+# and encrypted channel.
-+#
-+# It is possible to use x509 certificates for authentication too, by
-+# issuing a x509 certificate to every client who needs to connect.
-+#
-+# Enabling this option will reject any client who does not have a
-+# certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem
-+#
-+# vnc_tls_x509_verify = 1
-
diff --git a/libvirt-0.3.3-qemu-config.patch b/libvirt-0.3.3-qemu-config.patch
deleted file mode 100644
index 7330433..0000000
--- a/libvirt-0.3.3-qemu-config.patch
+++ /dev/null
@@ -1,230 +0,0 @@
-changeset: 1146:c48e81e685a3
-user: berrange
-date: Fri Oct 12 15:05:44 2007 +0000
-files: ChangeLog src/qemu_conf.c src/qemu_conf.h src/qemu_driver.c
-description:
-Added QEMU driver config file
-
-
-diff -r 522efe7f7e8f -r c48e81e685a3 src/qemu_conf.c
---- a/src/qemu_conf.c Wed Oct 10 18:46:17 2007 +0000
-+++ b/src/qemu_conf.c Fri Oct 12 15:05:44 2007 +0000
-@@ -45,6 +45,7 @@
- #include "qemu_conf.h"
- #include "uuid.h"
- #include "buf.h"
-+#include "conf.h"
-
- #define qemudLog(level, msg...) fprintf(stderr, msg)
-
-@@ -65,6 +66,68 @@ void qemudReportError(virConnectPtr conn
- __virRaiseError(conn, dom, net, VIR_FROM_QEMU, code, VIR_ERR_ERROR,
- NULL, NULL, NULL, -1, -1, errorMessage);
- }
-+
-+int qemudLoadDriverConfig(struct qemud_driver *driver,
-+ const char *filename) {
-+ virConfPtr conf;
-+ virConfValuePtr p;
-+
-+ /* Setup 2 critical defaults */
-+ strcpy(driver->vncListen, "127.0.0.1");
-+ if (!(driver->vncTLSx509certdir = strdup(SYSCONF_DIR "/pki/libvirt-vnc"))) {
-+ qemudReportError(NULL, NULL, NULL, VIR_ERR_NO_MEMORY,
-+ "vncTLSx509certdir");
-+ return -1;
-+ }
-+
-+ /* Just check the file is readable before opening it, otherwise
-+ * libvirt emits an error.
-+ */
-+ if (access (filename, R_OK) == -1) return 0;
-+
-+ conf = virConfReadFile (filename);
-+ if (!conf) return 0;
-+
-+
-+#define CHECK_TYPE(name,typ) if (p && p->type != (typ)) { \
-+ qemudReportError(NULL, NULL, NULL, VIR_ERR_INTERNAL_ERROR, \
-+ "remoteReadConfigFile: %s: %s: expected type " #typ "\n", \
-+ filename, (name)); \
-+ virConfFree(conf); \
-+ return -1; \
-+ }
-+
-+ p = virConfGetValue (conf, "vnc_tls");
-+ CHECK_TYPE ("vnc_tls", VIR_CONF_LONG);
-+ if (p) driver->vncTLS = p->l;
-+
-+ p = virConfGetValue (conf, "vnc_tls_x509_verify");
-+ CHECK_TYPE ("vnc_tls_x509_verify", VIR_CONF_LONG);
-+ if (p) driver->vncTLSx509verify = p->l;
-+
-+ p = virConfGetValue (conf, "vnc_tls_x509_cert_dir");
-+ CHECK_TYPE ("vnc_tls_x509_cert_dir", VIR_CONF_STRING);
-+ if (p && p->str) {
-+ free(driver->vncTLSx509certdir);
-+ if (!(driver->vncTLSx509certdir = strdup(p->str))) {
-+ qemudReportError(NULL, NULL, NULL, VIR_ERR_NO_MEMORY,
-+ "vncTLSx509certdir");
-+ virConfFree(conf);
-+ return -1;
-+ }
-+ }
-+
-+ p = virConfGetValue (conf, "vnc_listen");
-+ CHECK_TYPE ("vnc_listen", VIR_CONF_STRING);
-+ if (p && p->str) {
-+ strncpy(driver->vncListen, p->str, sizeof(driver->vncListen));
-+ driver->vncListen[sizeof(driver->vncListen)-1] = '\0';
-+ }
-+
-+ virConfFree (conf);
-+ return 0;
-+}
-+
-
- struct qemud_vm *qemudFindVMByID(const struct qemud_driver *driver, int id) {
- struct qemud_vm *vm = driver->vms;
-@@ -1234,7 +1297,7 @@ static struct qemud_vm_def *qemudParseXM
- if (vnclisten && *vnclisten)
- strncpy(def->vncListen, (char *)vnclisten, BR_INET_ADDR_MAXLEN-1);
- else
-- strcpy(def->vncListen, "127.0.0.1");
-+ strcpy(def->vncListen, driver->vncListen);
- def->vncListen[BR_INET_ADDR_MAXLEN-1] = '\0';
- xmlFree(vncport);
- xmlFree(vnclisten);
-@@ -1750,15 +1813,30 @@ int qemudBuildCommandLine(virConnectPtr
- }
-
- if (vm->def->graphicsType == QEMUD_GRAPHICS_VNC) {
-- char vncdisplay[BR_INET_ADDR_MAXLEN+20];
-+ char vncdisplay[PATH_MAX];
- int ret;
-- if (vm->qemuCmdFlags & QEMUD_CMD_FLAG_VNC_COLON)
-- ret = snprintf(vncdisplay, sizeof(vncdisplay), "%s:%d",
-+
-+ if (vm->qemuCmdFlags & QEMUD_CMD_FLAG_VNC_COLON) {
-+ char options[PATH_MAX] = "";
-+ if (driver->vncTLS) {
-+ strcat(options, ",tls");
-+ if (driver->vncTLSx509verify) {
-+ strcat(options, ",x509verify=");
-+ } else {
-+ strcat(options, ",x509=");
-+ }
-+ strncat(options, driver->vncTLSx509certdir,
-+ sizeof(options) - (strlen(driver->vncTLSx509certdir)-1));
-+ options[sizeof(options)-1] = '\0';
-+ }
-+ ret = snprintf(vncdisplay, sizeof(vncdisplay), "%s:%d%s",
- vm->def->vncListen,
-- vm->def->vncActivePort - 5900);
-- else
-+ vm->def->vncActivePort - 5900,
-+ options);
-+ } else {
- ret = snprintf(vncdisplay, sizeof(vncdisplay), "%d",
- vm->def->vncActivePort - 5900);
-+ }
- if (ret < 0 || ret >= (int)sizeof(vncdisplay))
- goto error;
-
-diff -r 522efe7f7e8f -r c48e81e685a3 src/qemu_conf.h
---- a/src/qemu_conf.h Wed Oct 10 18:46:17 2007 +0000
-+++ b/src/qemu_conf.h Fri Oct 12 15:05:44 2007 +0000
-@@ -289,6 +289,10 @@ struct qemud_driver {
- char *networkConfigDir;
- char *networkAutostartDir;
- char logDir[PATH_MAX];
-+ int vncTLS : 1;
-+ int vncTLSx509verify : 1;
-+ char *vncTLSx509certdir;
-+ char vncListen[BR_INET_ADDR_MAXLEN];
- };
-
-
-@@ -311,6 +315,8 @@ void qemudReportError(virConnectPtr conn
- ATTRIBUTE_FORMAT(printf,5,6);
-
-
-+int qemudLoadDriverConfig(struct qemud_driver *driver,
-+ const char *filename);
-
- struct qemud_vm *qemudFindVMByID(const struct qemud_driver *driver,
- int id);
-diff -r 522efe7f7e8f -r c48e81e685a3 src/qemu_driver.c
---- a/src/qemu_driver.c Wed Oct 10 18:46:17 2007 +0000
-+++ b/src/qemu_driver.c Fri Oct 12 15:05:44 2007 +0000
-@@ -155,6 +155,7 @@ qemudStartup(void) {
- uid_t uid = geteuid();
- struct passwd *pw;
- char *base = NULL;
-+ char driverConf[PATH_MAX];
-
- if (!(qemu_driver = calloc(1, sizeof(struct qemud_driver)))) {
- return -1;
-@@ -167,7 +168,7 @@ qemudStartup(void) {
- if (snprintf(qemu_driver->logDir, PATH_MAX, "%s/log/libvirt/qemu", LOCAL_STATE_DIR) >= PATH_MAX)
- goto snprintf_error;
-
-- if ((base = strdup (SYSCONF_DIR "/libvirt/qemu")) == NULL)
-+ if ((base = strdup (SYSCONF_DIR "/libvirt")) == NULL)
- goto out_of_memory;
- } else {
- if (!(pw = getpwuid(uid))) {
-@@ -179,7 +180,7 @@ qemudStartup(void) {
- if (snprintf(qemu_driver->logDir, PATH_MAX, "%s/.libvirt/qemu/log", pw->pw_dir) >= PATH_MAX)
- goto snprintf_error;
-
-- if (asprintf (&base, "%s/.libvirt/qemu", pw->pw_dir) == -1) {
-+ if (asprintf (&base, "%s/.libvirt", pw->pw_dir) == -1) {
- qemudLog (QEMUD_ERR, "out of memory in asprintf");
- goto out_of_memory;
- }
-@@ -188,24 +189,36 @@ qemudStartup(void) {
- /* Configuration paths are either ~/.libvirt/qemu/... (session) or
- * /etc/libvirt/qemu/... (system).
- */
-- if (asprintf (&qemu_driver->configDir, "%s", base) == -1)
-+ if (snprintf (driverConf, sizeof(driverConf), "%s/qemu.conf", base) == -1)
- goto out_of_memory;
--
-- if (asprintf (&qemu_driver->autostartDir, "%s/autostart", base) == -1)
-+ driverConf[sizeof(driverConf)-1] = '\0';
-+
-+ if (asprintf (&qemu_driver->configDir, "%s/qemu", base) == -1)
- goto out_of_memory;
-
-- if (asprintf (&qemu_driver->networkConfigDir, "%s/networks", base) == -1)
-+ if (asprintf (&qemu_driver->autostartDir, "%s/qemu/autostart", base) == -1)
- goto out_of_memory;
-
-- if (asprintf (&qemu_driver->networkAutostartDir, "%s/networks/autostart",
-+ if (asprintf (&qemu_driver->networkConfigDir, "%s/qemu/networks", base) == -1)
-+ goto out_of_memory;
-+
-+ if (asprintf (&qemu_driver->networkAutostartDir, "%s/qemu/networks/autostart",
- base) == -1)
- goto out_of_memory;
-
-- if (qemudScanConfigs(qemu_driver) < 0)
-+ free(base);
-+
-+ if (qemudLoadDriverConfig(qemu_driver, driverConf) < 0) {
- qemudShutdown();
-+ return -1;
-+ }
-+
-+ if (qemudScanConfigs(qemu_driver) < 0) {
-+ qemudShutdown();
-+ return -1;
-+ }
- qemudAutostartConfigs(qemu_driver);
-
-- free(base);
- return 0;
-
- snprintf_error:
-
diff --git a/libvirt.spec b/libvirt.spec
index e3e6a20..37e18db 100644
--- a/libvirt.spec
+++ b/libvirt.spec
@@ -1,16 +1,20 @@
# -*- rpm-spec -*-
+%if "%{fedora}" >= "8"
+%define with_polkit 1
+%define with_proxy no
+%else
+%define with_polkit 0
+%define with_proxy yes
+%endif
+
Summary: Library providing a simple API virtualization
Name: libvirt
-Version: 0.3.3
-Release: 2%{?dist}%{?extra_release}
+Version: 0.4.0
+Release: 1%{?dist}%{?extra_release}
License: LGPL
Group: Development/Libraries
Source: libvirt-%{version}.tar.gz
-Patch1: %{name}-%{version}-qemu-config.patch
-# NB, when removing this patch on next release, also remove the manual
-# config file copy in the install section of this spec file
-Patch2: %{name}-%{version}-example-config.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-root
URL: http://libvirt.org/
BuildRequires: python python-devel
@@ -20,6 +24,16 @@ Requires: ncurses
Requires: dnsmasq
Requires: bridge-utils
Requires: iptables
+# So remote clients can access libvirt over SSH tunnel
+# (client invokes 'nc' against the UNIX socket on the server)
+Requires: nc
+Requires: cyrus-sasl
+# Not technically required, but makes 'out-of-box' config
+# work correctly & doesn't have onerous dependancies
+Requires: cyrus-sasl-md5
+%if %{with_polkit}
+Requires: PolicyKit >= 0.6
+%endif
%ifarch i386 x86_64 ia64
BuildRequires: xen-devel
@@ -32,6 +46,10 @@ BuildRequires: gnutls-devel
BuildRequires: avahi-devel
BuildRequires: dnsmasq
BuildRequires: bridge-utils
+BuildRequires: cyrus-sasl-devel
+%if %{with_polkit}
+BuildRequires: PolicyKit-devel >= 0.6
+%endif
Obsoletes: libvir
# Fedora build root suckage
@@ -49,7 +67,6 @@ Requires: pkgconfig
%ifarch i386 x86_64 ia64
Requires: xen-devel
%endif
-Requires: gnutls-devel
Obsoletes: libvir-devel
%description devel
@@ -70,8 +87,6 @@ of recent versions of Linux (and other OSes).
%prep
%setup -q
-%patch1 -p1
-%patch2 -p1
%build
# Xen is availble only on i386 x86_64 ia64
@@ -95,11 +110,6 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/python*/site-packages/*.la
rm -f $RPM_BUILD_ROOT%{_libdir}/python*/site-packages/*.a
install -d -m 0755 $RPM_BUILD_ROOT%{_localstatedir}/run/libvirt/
-# Copy files from patch2 into location
-install -d $RPM_BUILD_ROOT%{_sysconfdir}/libvirt
-install -m 0755 src/qemu.conf $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu.conf
-install -m 0755 qemud/libvirtd.conf $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/libvirtd.conf
-
# We don't want to install /etc/libvirt/qemu/networks in the main %files list
# because if the admin wants to delete the default network completely, we don't
# want to end up re-incarnating it on every RPM upgrade.
@@ -157,13 +167,19 @@ fi
%config(noreplace) %{_sysconfdir}/sysconfig/libvirtd
%config(noreplace) %{_sysconfdir}/libvirt/libvirtd.conf
%config(noreplace) %{_sysconfdir}/libvirt/qemu.conf
+%config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
%dir %{_datadir}/libvirt/
%dir %{_datadir}/libvirt/networks/
%{_datadir}/libvirt/networks/default.xml
%dir %{_localstatedir}/run/libvirt/
%dir %{_localstatedir}/lib/libvirt/
+%if %{with_polkit}
+%{_datadir}/PolicyKit/policy/libvirtd.policy
+%endif
%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/qemu/
+%if %{with_proxy} == "yes"
%attr(4755, root, root) %{_libexecdir}/libvirt_proxy
+%endif
%attr(0755, root, root) %{_sbindir}/libvirtd
%doc docs/*.rng
%doc docs/*.xml
@@ -196,6 +212,14 @@ fi
%doc docs/examples/python
%changelog
+* Tue Dec 18 2007 Daniel Veillard <veillard@redhat.com> - 0.4.0-1.fc8
+- Release of 0.4.0
+- SASL based authentication
+- PolicyKit authentication
+- improved NUMA and statistics support
+- lots of assorted improvements, bugfixes and cleanups
+- documentation and localization improvements
+
* Mon Oct 15 2007 Daniel P. Berrange <berrange@redhat.com> - 0.3.3-2.fc8
- Added QEMU driver config file support
- Added example config files
diff --git a/sources b/sources
index c9ceb9e..a5b9c28 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-583fa13938df63bd404cc1b7cf553874 libvirt-0.3.3.tar.gz
+2f6c6adb62145988f0e5021e5cbd71d3 libvirt-0.4.0.tar.gz