diff --git a/libvirt-0.8.8-kernel-boot-index.patch b/libvirt-0.8.8-kernel-boot-index.patch
deleted file mode 100644
index afa5de6..0000000
--- a/libvirt-0.8.8-kernel-boot-index.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-commit efc2594b4e0cbcdd6947fafeeed41accd5b611e0
-Author: Jim Fehlig <jfehlig@novell.com>
-Date: Thu Feb 17 14:22:55 2011 -0700
-
- Do not add drive 'boot=on' param when a kernel is specified
-
- libvirt-tck was failing several domain tests [1] with qemu 0.14, which
- is now less tolerable of specifying 2 bootroms with the same boot index [2].
-
- Drop the 'boot=on' param if kernel has been specfied.
-
- [1] https://www.redhat.com/archives/libvir-list/2011-February/msg00559.html
- [2] http://lists.nongnu.org/archive/html/qemu-devel/2011-02/msg01892.html
-
-diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
-index 371a7ed..0db2843 100644
---- a/src/qemu/qemu_command.c
-+++ b/src/qemu/qemu_command.c
-@@ -3173,7 +3173,7 @@ qemuBuildCommandLine(virConnectPtr conn,
- int bootCD = 0, bootFloppy = 0, bootDisk = 0;
-
- /* If QEMU supports boot=on for -drive param... */
-- if (qemuCmdFlags & QEMUD_CMD_FLAG_DRIVE_BOOT) {
-+ if (qemuCmdFlags & QEMUD_CMD_FLAG_DRIVE_BOOT && !def->os.kernel) {
- for (i = 0 ; i < def->os.nBootDevs ; i++) {
- switch (def->os.bootDevs[i]) {
- case VIR_DOMAIN_BOOT_CDROM:
diff --git a/libvirt-read-only-checks.patch b/libvirt-read-only-checks.patch
deleted file mode 100644
index 3981764..0000000
--- a/libvirt-read-only-checks.patch
+++ /dev/null
@@ -1,95 +0,0 @@
-From: Guido Günther <agx@sigxcpu.org>
-Date: Mon, 14 Mar 2011 02:56:28 +0000 (+0800)
-Subject: Add missing checks for read only connections
-X-Git-Url: http://libvirt.org/git/?p=libvirt.git;a=commitdiff_plain;h=71753cb7f7a16ff800381c0b5ee4e99eea92fed3;hp=13c00dde3171b3a38d23cceb3f9151cb6cac3dad
-
-Add missing checks for read only connections
-
-As pointed on CVE-2011-1146, some API forgot to check the read-only
-status of the connection for entry point which modify the state
-of the system or may lead to a remote execution using user data.
-The entry points concerned are:
- - virConnectDomainXMLToNative
- - virNodeDeviceDettach
- - virNodeDeviceReAttach
- - virNodeDeviceReset
- - virDomainRevertToSnapshot
- - virDomainSnapshotDelete
-
-* src/libvirt.c: fix the above set of entry points to error on read-only
- connections
----
-
-diff --git a/src/libvirt.c b/src/libvirt.c
-index caa109d..713291f 100644
---- a/src/libvirt.c
-+++ b/src/libvirt.c
-@@ -3321,6 +3321,10 @@ char *virConnectDomainXMLToNative(virConnectPtr conn,
- virDispatchError(NULL);
- return NULL;
- }
-+ if (conn->flags & VIR_CONNECT_RO) {
-+ virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-+ goto error;
-+ }
-
- if (nativeFormat == NULL || domainXml == NULL) {
- virLibConnError(VIR_ERR_INVALID_ARG, __FUNCTION__);
-@@ -9748,6 +9752,11 @@ virNodeDeviceDettach(virNodeDevicePtr dev)
- return -1;
- }
-
-+ if (dev->conn->flags & VIR_CONNECT_RO) {
-+ virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-+ goto error;
-+ }
-+
- if (dev->conn->driver->nodeDeviceDettach) {
- int ret;
- ret = dev->conn->driver->nodeDeviceDettach (dev);
-@@ -9791,6 +9800,11 @@ virNodeDeviceReAttach(virNodeDevicePtr dev)
- return -1;
- }
-
-+ if (dev->conn->flags & VIR_CONNECT_RO) {
-+ virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-+ goto error;
-+ }
-+
- if (dev->conn->driver->nodeDeviceReAttach) {
- int ret;
- ret = dev->conn->driver->nodeDeviceReAttach (dev);
-@@ -9836,6 +9850,11 @@ virNodeDeviceReset(virNodeDevicePtr dev)
- return -1;
- }
-
-+ if (dev->conn->flags & VIR_CONNECT_RO) {
-+ virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-+ goto error;
-+ }
-+
- if (dev->conn->driver->nodeDeviceReset) {
- int ret;
- ret = dev->conn->driver->nodeDeviceReset (dev);
-@@ -13131,6 +13150,10 @@ virDomainRevertToSnapshot(virDomainSnapshotPtr snapshot,
- }
-
- conn = snapshot->domain->conn;
-+ if (conn->flags & VIR_CONNECT_RO) {
-+ virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-+ goto error;
-+ }
-
- if (conn->driver->domainRevertToSnapshot) {
- int ret = conn->driver->domainRevertToSnapshot(snapshot, flags);
-@@ -13177,6 +13200,10 @@ virDomainSnapshotDelete(virDomainSnapshotPtr snapshot,
- }
-
- conn = snapshot->domain->conn;
-+ if (conn->flags & VIR_CONNECT_RO) {
-+ virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-+ goto error;
-+ }
-
- if (conn->driver->domainSnapshotDelete) {
- int ret = conn->driver->domainSnapshotDelete(snapshot, flags);
diff --git a/libvirt.spec b/libvirt.spec
index 6a64c75..a70e2d8 100644
--- a/libvirt.spec
+++ b/libvirt.spec
@@ -1,5 +1,13 @@
# -*- rpm-spec -*-
+# If neither fedora nor rhel was defined, try to guess them from %{dist}
+%if !0%{?rhel} && !0%{?fedora}
+%{expand:%(echo "%{?dist}" | \
+ sed -ne 's/^\.el\([0-9]\+\).*/%%define rhel \1/p')}
+%{expand:%(echo "%{?dist}" | \
+ sed -ne 's/^\.fc\?\([0-9]\+\).*/%%define fedora \1/p')}
+%endif
+
# A client only build will create a libvirt.so only containing
# the generic RPC driver, and test driver and no libvirtd
# Default to a full server + client build
@@ -37,8 +45,7 @@
%define with_vbox 0%{!?_without_vbox:%{server_drivers}}
%define with_uml 0%{!?_without_uml:%{server_drivers}}
%define with_xenapi 0%{!?_without_xenapi:%{server_drivers}}
-# XXX this shouldn't be here, but it mistakenly links into libvirtd
-%define with_one 0%{!?_without_one:%{server_drivers}}
+%define with_libxl 0%{!?_without_libxl:%{server_drivers}}
# Then the hypervisor drivers that talk a native remote protocol
%define with_phyp 0%{!?_without_phyp:1}
@@ -87,16 +94,16 @@
%define with_numactl 0
%endif
-# RHEL doesn't ship OpenVZ, VBox, UML, OpenNebula, PowerHypervisor,
-# VMWare, or libxenserver (xenapi)
+# RHEL doesn't ship OpenVZ, VBox, UML, PowerHypervisor,
+# VMWare, libxenserver (xenapi), or libxenlight (Xen 4.1 and newer)
%if 0%{?rhel}
%define with_openvz 0
%define with_vbox 0
%define with_uml 0
-%define with_one 0
%define with_phyp 0
%define with_vmware 0
%define with_xenapi 0
+%define with_libxl 0
%endif
# RHEL-5 has restricted QEMU to x86_64 only and is too old for LXC
@@ -123,6 +130,11 @@
%endif
%endif
+# Fedora doesn't have new enough Xen for libxl until F16
+%if 0%{?fedora} < 16
+%define with_libxl 0
+%endif
+
# PolicyKit was introduced in Fedora 8 / RHEL-6 or newer
%if 0%{?fedora} >= 8 || 0%{?rhel} >= 6
%define with_polkit 0%{!?_without_polkit:1}
@@ -203,16 +215,16 @@
Summary: Library providing a simple virtualization API
Name: libvirt
-Version: 0.8.8
-Release: 3%{?dist}%{?extra_release}
+Version: 0.9.0
+Release: 1%{?dist}%{?extra_release}
License: LGPLv2+
Group: Development/Libraries
Source: http://libvirt.org/sources/libvirt-%{version}.tar.gz
-Patch1: %{name}-%{version}-kernel-boot-index.patch
-Patch2: %{name}-read-only-checks.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
URL: http://libvirt.org/
-BuildRequires: python-devel
+
+# All runtime requirements for the libvirt package (runtime requrements
+# for subpackages are listed later in those subpackages)
# The client side, i.e. shared libs and virsh are in a subpackage
Requires: %{name}-client = %{version}-%{release}
@@ -221,15 +233,21 @@ Requires: %{name}-client = %{version}-%{release}
# daemon is present
%if %{with_libvirtd}
Requires: bridge-utils
+# for modprobe of pci devices
+Requires: module-init-tools
+# for /sbin/ip
+Requires: iproute
%endif
%if %{with_network}
Requires: dnsmasq >= 2.41
+Requires: radvd
+%endif
+%if %{with_network} || %{with_nwfilter}
Requires: iptables
+Requires: iptables-ipv6
%endif
%if %{with_nwfilter}
Requires: ebtables
-Requires: iptables
-Requires: iptables-ipv6
%endif
# needed for device enumeration
%if %{with_hal}
@@ -246,10 +264,6 @@ Requires: PolicyKit >= 0.6
%endif
%endif
%if %{with_storage_fs}
-# For mount/umount in FS driver
-BuildRequires: util-linux
-# For showmount in FS driver (netfs discovery)
-BuildRequires: nfs-utils
Requires: nfs-utils
# For glusterfs
%if 0%{?fedora} >= 11
@@ -281,6 +295,7 @@ Requires: iscsi-initiator-utils
%if %{with_storage_disk}
# For disk driver
Requires: parted
+Requires: device-mapper
%endif
%if %{with_storage_mpath}
# For multipath support
@@ -289,18 +304,24 @@ Requires: device-mapper
%if %{with_cgconfig}
Requires: libcgroup
%endif
+
+# All build-time requirements
+BuildRequires: python-devel
+
%if %{with_xen}
BuildRequires: xen-devel
%endif
-%if %{with_one}
-BuildRequires: xmlrpc-c-devel >= 1.14.0
-%endif
BuildRequires: libxml2-devel
BuildRequires: xhtml1-dtds
+BuildRequires: libxslt
BuildRequires: readline-devel
BuildRequires: ncurses-devel
BuildRequires: gettext
BuildRequires: gnutls-devel
+%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
+# for augparse, optionally used in testing
+BuildRequires: augeas
+%endif
%if %{with_hal}
BuildRequires: hal-devel
%endif
@@ -325,8 +346,15 @@ BuildRequires: libselinux-devel
%endif
%if %{with_network}
BuildRequires: dnsmasq >= 2.41
+BuildRequires: iptables
+BuildRequires: iptables-ipv6
+BuildRequires: radvd
+%endif
+%if %{with_nwfilter}
+BuildRequires: ebtables
%endif
BuildRequires: bridge-utils
+BuildRequires: module-init-tools
%if %{with_sasl}
BuildRequires: cyrus-sasl-devel
%endif
@@ -390,7 +418,11 @@ BuildRequires: libssh2-devel
BuildRequires: netcf-devel >= 0.1.4
%endif
%if %{with_esx}
+%if 0%{?fedora} >= 9 || 0%{?rhel} >= 6
BuildRequires: libcurl-devel
+%else
+BuildRequires: curl-devel
+%endif
%endif
%if %{with_audit}
BuildRequires: audit-libs-devel
@@ -400,6 +432,12 @@ BuildRequires: audit-libs-devel
BuildRequires: systemtap-sdt-devel
%endif
+%if %{with_storage_fs}
+# For mount/umount in FS driver
+BuildRequires: util-linux
+# For showmount in FS driver (netfs discovery)
+BuildRequires: nfs-utils
+%endif
# Fedora build root suckage
BuildRequires: gawk
@@ -417,6 +455,10 @@ Requires: ncurses
# So remote clients can access libvirt over SSH tunnel
# (client invokes 'nc' against the UNIX socket on the server)
Requires: nc
+# Needed by libvirt-guests init script.
+Requires: gettext
+# Needed by virt-pki-validate script.
+Requires: gnutls-utils
%if %{with_sasl}
Requires: cyrus-sasl
# Not technically required, but makes 'out-of-box' config
@@ -456,8 +498,6 @@ of recent versions of Linux (and other OSes).
%prep
%setup -q
-%patch1 -p1
-%patch2 -p1
%build
%if ! %{with_xen}
@@ -484,6 +524,10 @@ of recent versions of Linux (and other OSes).
%define _without_xenapi --without-xenapi
%endif
+%if ! %{with_libxl}
+%define _without_libxl --without-libxl
+%endif
+
%if ! %{with_sasl}
%define _without_sasl --without-sasl
%endif
@@ -520,10 +564,6 @@ of recent versions of Linux (and other OSes).
%define _without_uml --without-uml
%endif
-%if ! %{with_one}
-%define _without_one --without-one
-%endif
-
%if %{with_rhel5}
%define _with_rhel5_api --with-rhel5-api
%endif
@@ -754,6 +794,46 @@ then
> %{_sysconfdir}/libvirt/qemu/networks/default.xml
ln -s ../default.xml %{_sysconfdir}/libvirt/qemu/networks/autostart/default.xml
fi
+
+# All newly defined networks will have a mac address for the bridge
+# auto-generated, but networks already existing at the time of upgrade
+# will not. We need to go through all the network configs, look for
+# those that don't have a mac address, and add one.
+
+network_files=$( (cd %{_localstatedir}/lib/libvirt/network && \
+ grep -L "mac address" *.xml; \
+ cd %{_sysconfdir}/libvirt/qemu/networks && \
+ grep -L "mac address" *.xml) 2>/dev/null \
+ | sort -u)
+
+for file in $network_files
+do
+ # each file exists in either the config or state directory (or both) and
+ # does not have a mac address specified in either. We add the same mac
+ # address to both files (or just one, if the other isn't there)
+
+ mac4=`printf '%X' $(($RANDOM % 256))`
+ mac5=`printf '%X' $(($RANDOM % 256))`
+ mac6=`printf '%X' $(($RANDOM % 256))`
+ for dir in %{_localstatedir}/lib/libvirt/network \
+ %{_sysconfdir}/libvirt/qemu/networks
+ do
+ if test -f $dir/$file
+ then
+ sed -i.orig -e \
+ "s|\(<bridge.*$\)|\0\n <mac address='52:54:00:$mac4:$mac5:$mac6'/>|" \
+ $dir/$file
+ if test $? != 0
+ then
+ echo "failed to add <mac address='52:54:00:$mac4:$mac5:$mac6'/>" \
+ "to $dir/$file"
+ mv -f $dir/$file.orig $dir/$file
+ else
+ rm -f $dir/$file.orig
+ fi
+ fi
+ done
+done
%endif
%if %{with_cgconfig}
@@ -823,7 +903,11 @@ fi
%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/qemu/
%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/lxc/
%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/uml/
+%if %{with_libxl}
+%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/libxl/
+%endif
+%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd
%if %{with_qemu}
%config(noreplace) %{_sysconfdir}/libvirt/qemu.conf
%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.qemu
@@ -862,6 +946,10 @@ fi
%dir %{_localstatedir}/run/libvirt/uml/
%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/uml/
%endif
+%if %{with_libxl}
+%dir %{_localstatedir}/run/libvirt/libxl/
+%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/libxl/
+%endif
%if %{with_network}
%dir %{_localstatedir}/run/libvirt/network/
%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/network/
@@ -896,6 +984,7 @@ fi
%endif
%attr(0755, root, root) %{_libexecdir}/libvirt_parthelper
+%attr(0755, root, root) %{_libexecdir}/libvirt_iohelper
%attr(0755, root, root) %{_sbindir}/libvirtd
%{_mandir}/man8/libvirtd.8*
@@ -977,6 +1066,19 @@ fi
%endif
%changelog
+* Thu Apr 7 2011 Daniel Veillard <veillard@redhat.com> - 0.9.0-1
+- Support cputune cpu usage tuning
+- Add public APIs for storage volume upload/download
+- Add public API for setting migration speed on the fly
+- Add libxenlight driver
+- qemu: support migration to fd
+- libvirt: add virDomain{Get,Set}BlkioParameters
+- setmem: introduce a new libvirt API (virDomainSetMemoryFlags)
+- Expose event loop implementation as a public API
+- Dump the debug buffer to libvirtd.log on fatal signal
+- Audit support
+- Various improvements and bug fixes
+
* Mon Mar 14 2011 Daniel Veillard <veillard@redhat.com> - 0.8.8-3
- fix a lack of API check on read-only connections
- CVE-2011-1146
diff --git a/sources b/sources
index 42512b8..a136cf0 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-ac9235576352b84b8cb17df7456bbdfc libvirt-0.8.8.tar.gz
+53d005e6f3732aba1fd6b2718f9cec99 libvirt-0.9.0.tar.gz