diff --git a/libvirt-0.3.3-example-config.patch b/libvirt-0.3.3-example-config.patch
new file mode 100644
index 0000000..65c5ef4
--- /dev/null
+++ b/libvirt-0.3.3-example-config.patch
@@ -0,0 +1,207 @@
+changeset: 1147:7481eafdde8d
+user: berrange
+date: Fri Oct 12 18:54:15 2007 +0000
+files: libvirt.spec.in qemud/Makefile.am qemud/libvirtd.conf src/Makefile.am src/qemu.conf
+description:
+Added default example configs for libvirtd/qemu driver
+
+
+diff -r c48e81e685a3 -r 7481eafdde8d qemud/libvirtd.conf
+--- /dev/null Thu Jan 01 00:00:00 1970 +0000
++++ b/qemud/libvirtd.conf Fri Oct 12 18:54:15 2007 +0000
+@@ -0,0 +1,141 @@
++# Master libvirt daemon configuration file
++#
++# For further information consult http://libvirt.org/format.html
++
++
++# Flag listening for secure TLS connections on the public TCP/IP port.
++# NB, must pass the --listen flag to the libvirtd process for this to
++# have any effect.
++#
++# It is neccessary to setup a CA and issue server certificates before
++# using this capability.
++#
++# This is enabled by default, uncomment this to disable it
++# listen_tls = 0
++
++# Listen for unencrypted TCP connections on the public TCP/IP port.
++# NB, must pass the --listen flag to the libvirtd process for this to
++# have any effect.
++#
++# NB, this is insecure. Do not use except for development.
++#
++# This is disabled by default, uncomment this to enable it.
++# listen_tcp = 1
++
++
++
++# Override the port for accepting secure TLS connections
++# This can be a port number, or service name
++#
++# tls_port = "16514"
++
++# Override the port for accepting insecure TCP connections
++# This can be a port number, or service name
++#
++# tcp_port = "16509"
++
++
++
++# Flag toggling mDNS advertizement of the libvirt service.
++#
++# Alternatively can disable for all services on a host by
++# stopping the Avahi daemon
++#
++# This is enabled by default, uncomment this to disable it
++# mdns_adv = 0
++
++# Override the default mDNS advertizement name. This must be
++# unique on the immediate broadcast network.
++#
++# The default is "Virtualization Host HOSTNAME", where HOSTNAME
++# is subsituted for the short hostname of the machine (without domain)
++#
++# mdns_name "Virtualization Host Joe Demo"
++
++
++
++# Set the UNIX domain socket group ownership. This can be used to
++# allow a 'trusted' set of users access to management capabilities
++# without becoming root.
++#
++# This is restricted to 'root' by default.
++# unix_sock_group "libvirt"
++
++# Set the UNIX socket permissions for the R/O socket. This is used
++# for monitoring VM status only
++#
++# Default allows any user. If setting group ownership may want to
++# restrict this to:
++# unix_sock_ro_perms "0777"
++
++# Set the UNIX socket permissions for the R/W socket. This is used
++# for full management of VMs
++#
++# Default allows only root. If setting group ownership may want to
++# relax this to:
++# unix_sock_rw_perms "octal-perms" "0770"
++
++
++
++# Flag to disable verification of client certificates
++#
++# Client certificate verification is the primary authentication mechanism.
++# Any client which does not present a certificate signed by the CA
++# will be rejected.
++#
++# Default is to always verify. Uncommenting this will disable
++# verification - make sure an IP whitelist is set
++# tls_no_verify_certificate 1
++
++# Flag to disable verification of client IP address
++#
++# Client IP address will be verified against the CommonName field
++# of the x509 certificate. This has minimal security benefit since
++# it is easy to spoof source IP.
++#
++# Uncommenting this will disable verification
++# tls_no_verify_address 1
++
++# Override the default server key file path
++#
++# key_file "/etc/pki/libvirt/private/serverkey.pem"
++
++# Override the default server certificate file path
++#
++# cert_file "/etc/pki/libvirt/servercert.pem"
++
++# Override the default CA certificate path
++#
++# ca_file "/etc/pki/CA/cacert.pem"
++
++# Specify a certificate revocation list.
++#
++# Defaults to not using a CRL, uncomment to enable it
++# crl_file "/etc/pki/CA/crl.pem"
++
++# A whitelist of allowed x509 Distinguished Names
++# This list may contain wildcards such as
++#
++# "C=GB,ST=London,L=London,O=Red Hat,CN=*"
++#
++# See the POSIX fnmatch function for the format of the wildcards.
++#
++# NB If this is an empty list, no client can connect, so comment out
++# entirely rather than using empty list to disable these checks
++#
++# By default, no DN's are checked
++# tls_allowed_dn_list ["DN1", "DN2"]
++
++
++# A whitelist of allowed client IP addresses
++#
++# This list may contain wildcards such as 192.168.* See the POSIX fnmatch
++# function for the format of the wildcards.
++#
++# NB If this is an empty list, no client can connect, so comment out
++# entirely rather than using empty list to disable these checks
++#
++# By default, no IP's are checked. This can be IPv4 or IPv6 addresses
++# tls_allowed_ip_list ["ip1", "ip2", "ip3"]
++
++
+diff -r c48e81e685a3 -r 7481eafdde8d src/qemu.conf
+--- /dev/null Thu Jan 01 00:00:00 1970 +0000
++++ b/src/qemu.conf Fri Oct 12 18:54:15 2007 +0000
+@@ -0,0 +1,49 @@
++# Master configuration file for the QEMU driver.
++# All settings described here are optional - if omitted, sensible
++# defaults are used.
++
++# VNC is configured to listen on 127.0.0.1 by default.
++# To make it listen on all public interfaces, uncomment
++# this next option.
++#
++# NB, strong recommendation to enable TLS + x509 certificate
++# verification when allowing public access
++#
++# vnc_listen = "0.0.0.0"
++
++
++# Enable use of TLS encryption on the VNC server. This requires
++# a VNC client which supports the VeNCrypt protocol extension.
++# Examples include vinagre, virt-viewer, virt-manager and vencrypt
++# itself. UltraVNC, RealVNC, TightVNC do not support this
++#
++# It is neccessary to setup CA and issue a server certificate
++# before enabling this.
++#
++# vnc_tls = 1
++
++
++# Use of TLS requires that x509 certificates be issued. The
++# default it to keep them in /etc/pki/libvirt-vnc. This directory
++# must contain
++#
++# ca-cert.pem - the CA master certificate
++# server-cert.pem - the server certificate signed with ca-cert.pem
++# server-key.pem - the server private key
++#
++# This option allows the certificate directory to be changed
++#
++# vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc"
++
++
++# The default TLS configuration only uses certificates for the server
++# allowing the client to verify the server's identity and establish
++# and encrypted channel.
++#
++# It is possible to use x509 certificates for authentication too, by
++# issuing a x509 certificate to every client who needs to connect.
++#
++# Enabling this option will reject any client who does not have a
++# certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem
++#
++# vnc_tls_x509_verify = 1
+
diff --git a/libvirt-0.3.3-qemu-config.patch b/libvirt-0.3.3-qemu-config.patch
new file mode 100644
index 0000000..7330433
--- /dev/null
+++ b/libvirt-0.3.3-qemu-config.patch
@@ -0,0 +1,230 @@
+changeset: 1146:c48e81e685a3
+user: berrange
+date: Fri Oct 12 15:05:44 2007 +0000
+files: ChangeLog src/qemu_conf.c src/qemu_conf.h src/qemu_driver.c
+description:
+Added QEMU driver config file
+
+
+diff -r 522efe7f7e8f -r c48e81e685a3 src/qemu_conf.c
+--- a/src/qemu_conf.c Wed Oct 10 18:46:17 2007 +0000
++++ b/src/qemu_conf.c Fri Oct 12 15:05:44 2007 +0000
+@@ -45,6 +45,7 @@
+ #include "qemu_conf.h"
+ #include "uuid.h"
+ #include "buf.h"
++#include "conf.h"
+
+ #define qemudLog(level, msg...) fprintf(stderr, msg)
+
+@@ -65,6 +66,68 @@ void qemudReportError(virConnectPtr conn
+ __virRaiseError(conn, dom, net, VIR_FROM_QEMU, code, VIR_ERR_ERROR,
+ NULL, NULL, NULL, -1, -1, errorMessage);
+ }
++
++int qemudLoadDriverConfig(struct qemud_driver *driver,
++ const char *filename) {
++ virConfPtr conf;
++ virConfValuePtr p;
++
++ /* Setup 2 critical defaults */
++ strcpy(driver->vncListen, "127.0.0.1");
++ if (!(driver->vncTLSx509certdir = strdup(SYSCONF_DIR "/pki/libvirt-vnc"))) {
++ qemudReportError(NULL, NULL, NULL, VIR_ERR_NO_MEMORY,
++ "vncTLSx509certdir");
++ return -1;
++ }
++
++ /* Just check the file is readable before opening it, otherwise
++ * libvirt emits an error.
++ */
++ if (access (filename, R_OK) == -1) return 0;
++
++ conf = virConfReadFile (filename);
++ if (!conf) return 0;
++
++
++#define CHECK_TYPE(name,typ) if (p && p->type != (typ)) { \
++ qemudReportError(NULL, NULL, NULL, VIR_ERR_INTERNAL_ERROR, \
++ "remoteReadConfigFile: %s: %s: expected type " #typ "\n", \
++ filename, (name)); \
++ virConfFree(conf); \
++ return -1; \
++ }
++
++ p = virConfGetValue (conf, "vnc_tls");
++ CHECK_TYPE ("vnc_tls", VIR_CONF_LONG);
++ if (p) driver->vncTLS = p->l;
++
++ p = virConfGetValue (conf, "vnc_tls_x509_verify");
++ CHECK_TYPE ("vnc_tls_x509_verify", VIR_CONF_LONG);
++ if (p) driver->vncTLSx509verify = p->l;
++
++ p = virConfGetValue (conf, "vnc_tls_x509_cert_dir");
++ CHECK_TYPE ("vnc_tls_x509_cert_dir", VIR_CONF_STRING);
++ if (p && p->str) {
++ free(driver->vncTLSx509certdir);
++ if (!(driver->vncTLSx509certdir = strdup(p->str))) {
++ qemudReportError(NULL, NULL, NULL, VIR_ERR_NO_MEMORY,
++ "vncTLSx509certdir");
++ virConfFree(conf);
++ return -1;
++ }
++ }
++
++ p = virConfGetValue (conf, "vnc_listen");
++ CHECK_TYPE ("vnc_listen", VIR_CONF_STRING);
++ if (p && p->str) {
++ strncpy(driver->vncListen, p->str, sizeof(driver->vncListen));
++ driver->vncListen[sizeof(driver->vncListen)-1] = '\0';
++ }
++
++ virConfFree (conf);
++ return 0;
++}
++
+
+ struct qemud_vm *qemudFindVMByID(const struct qemud_driver *driver, int id) {
+ struct qemud_vm *vm = driver->vms;
+@@ -1234,7 +1297,7 @@ static struct qemud_vm_def *qemudParseXM
+ if (vnclisten && *vnclisten)
+ strncpy(def->vncListen, (char *)vnclisten, BR_INET_ADDR_MAXLEN-1);
+ else
+- strcpy(def->vncListen, "127.0.0.1");
++ strcpy(def->vncListen, driver->vncListen);
+ def->vncListen[BR_INET_ADDR_MAXLEN-1] = '\0';
+ xmlFree(vncport);
+ xmlFree(vnclisten);
+@@ -1750,15 +1813,30 @@ int qemudBuildCommandLine(virConnectPtr
+ }
+
+ if (vm->def->graphicsType == QEMUD_GRAPHICS_VNC) {
+- char vncdisplay[BR_INET_ADDR_MAXLEN+20];
++ char vncdisplay[PATH_MAX];
+ int ret;
+- if (vm->qemuCmdFlags & QEMUD_CMD_FLAG_VNC_COLON)
+- ret = snprintf(vncdisplay, sizeof(vncdisplay), "%s:%d",
++
++ if (vm->qemuCmdFlags & QEMUD_CMD_FLAG_VNC_COLON) {
++ char options[PATH_MAX] = "";
++ if (driver->vncTLS) {
++ strcat(options, ",tls");
++ if (driver->vncTLSx509verify) {
++ strcat(options, ",x509verify=");
++ } else {
++ strcat(options, ",x509=");
++ }
++ strncat(options, driver->vncTLSx509certdir,
++ sizeof(options) - (strlen(driver->vncTLSx509certdir)-1));
++ options[sizeof(options)-1] = '\0';
++ }
++ ret = snprintf(vncdisplay, sizeof(vncdisplay), "%s:%d%s",
+ vm->def->vncListen,
+- vm->def->vncActivePort - 5900);
+- else
++ vm->def->vncActivePort - 5900,
++ options);
++ } else {
+ ret = snprintf(vncdisplay, sizeof(vncdisplay), "%d",
+ vm->def->vncActivePort - 5900);
++ }
+ if (ret < 0 || ret >= (int)sizeof(vncdisplay))
+ goto error;
+
+diff -r 522efe7f7e8f -r c48e81e685a3 src/qemu_conf.h
+--- a/src/qemu_conf.h Wed Oct 10 18:46:17 2007 +0000
++++ b/src/qemu_conf.h Fri Oct 12 15:05:44 2007 +0000
+@@ -289,6 +289,10 @@ struct qemud_driver {
+ char *networkConfigDir;
+ char *networkAutostartDir;
+ char logDir[PATH_MAX];
++ int vncTLS : 1;
++ int vncTLSx509verify : 1;
++ char *vncTLSx509certdir;
++ char vncListen[BR_INET_ADDR_MAXLEN];
+ };
+
+
+@@ -311,6 +315,8 @@ void qemudReportError(virConnectPtr conn
+ ATTRIBUTE_FORMAT(printf,5,6);
+
+
++int qemudLoadDriverConfig(struct qemud_driver *driver,
++ const char *filename);
+
+ struct qemud_vm *qemudFindVMByID(const struct qemud_driver *driver,
+ int id);
+diff -r 522efe7f7e8f -r c48e81e685a3 src/qemu_driver.c
+--- a/src/qemu_driver.c Wed Oct 10 18:46:17 2007 +0000
++++ b/src/qemu_driver.c Fri Oct 12 15:05:44 2007 +0000
+@@ -155,6 +155,7 @@ qemudStartup(void) {
+ uid_t uid = geteuid();
+ struct passwd *pw;
+ char *base = NULL;
++ char driverConf[PATH_MAX];
+
+ if (!(qemu_driver = calloc(1, sizeof(struct qemud_driver)))) {
+ return -1;
+@@ -167,7 +168,7 @@ qemudStartup(void) {
+ if (snprintf(qemu_driver->logDir, PATH_MAX, "%s/log/libvirt/qemu", LOCAL_STATE_DIR) >= PATH_MAX)
+ goto snprintf_error;
+
+- if ((base = strdup (SYSCONF_DIR "/libvirt/qemu")) == NULL)
++ if ((base = strdup (SYSCONF_DIR "/libvirt")) == NULL)
+ goto out_of_memory;
+ } else {
+ if (!(pw = getpwuid(uid))) {
+@@ -179,7 +180,7 @@ qemudStartup(void) {
+ if (snprintf(qemu_driver->logDir, PATH_MAX, "%s/.libvirt/qemu/log", pw->pw_dir) >= PATH_MAX)
+ goto snprintf_error;
+
+- if (asprintf (&base, "%s/.libvirt/qemu", pw->pw_dir) == -1) {
++ if (asprintf (&base, "%s/.libvirt", pw->pw_dir) == -1) {
+ qemudLog (QEMUD_ERR, "out of memory in asprintf");
+ goto out_of_memory;
+ }
+@@ -188,24 +189,36 @@ qemudStartup(void) {
+ /* Configuration paths are either ~/.libvirt/qemu/... (session) or
+ * /etc/libvirt/qemu/... (system).
+ */
+- if (asprintf (&qemu_driver->configDir, "%s", base) == -1)
++ if (snprintf (driverConf, sizeof(driverConf), "%s/qemu.conf", base) == -1)
+ goto out_of_memory;
+-
+- if (asprintf (&qemu_driver->autostartDir, "%s/autostart", base) == -1)
++ driverConf[sizeof(driverConf)-1] = '\0';
++
++ if (asprintf (&qemu_driver->configDir, "%s/qemu", base) == -1)
+ goto out_of_memory;
+
+- if (asprintf (&qemu_driver->networkConfigDir, "%s/networks", base) == -1)
++ if (asprintf (&qemu_driver->autostartDir, "%s/qemu/autostart", base) == -1)
+ goto out_of_memory;
+
+- if (asprintf (&qemu_driver->networkAutostartDir, "%s/networks/autostart",
++ if (asprintf (&qemu_driver->networkConfigDir, "%s/qemu/networks", base) == -1)
++ goto out_of_memory;
++
++ if (asprintf (&qemu_driver->networkAutostartDir, "%s/qemu/networks/autostart",
+ base) == -1)
+ goto out_of_memory;
+
+- if (qemudScanConfigs(qemu_driver) < 0)
++ free(base);
++
++ if (qemudLoadDriverConfig(qemu_driver, driverConf) < 0) {
+ qemudShutdown();
++ return -1;
++ }
++
++ if (qemudScanConfigs(qemu_driver) < 0) {
++ qemudShutdown();
++ return -1;
++ }
+ qemudAutostartConfigs(qemu_driver);
+
+- free(base);
+ return 0;
+
+ snprintf_error:
+
diff --git a/libvirt.spec b/libvirt.spec
index a7d7cb6..e3e6a20 100644
--- a/libvirt.spec
+++ b/libvirt.spec
@@ -3,10 +3,14 @@
Summary: Library providing a simple API virtualization
Name: libvirt
Version: 0.3.3
-Release: 1%{?dist}%{?extra_release}
+Release: 2%{?dist}%{?extra_release}
License: LGPL
Group: Development/Libraries
Source: libvirt-%{version}.tar.gz
+Patch1: %{name}-%{version}-qemu-config.patch
+# NB, when removing this patch on next release, also remove the manual
+# config file copy in the install section of this spec file
+Patch2: %{name}-%{version}-example-config.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-root
URL: http://libvirt.org/
BuildRequires: python python-devel
@@ -66,6 +70,8 @@ of recent versions of Linux (and other OSes).
%prep
%setup -q
+%patch1 -p1
+%patch2 -p1
%build
# Xen is availble only on i386 x86_64 ia64
@@ -89,6 +95,11 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/python*/site-packages/*.la
rm -f $RPM_BUILD_ROOT%{_libdir}/python*/site-packages/*.a
install -d -m 0755 $RPM_BUILD_ROOT%{_localstatedir}/run/libvirt/
+# Copy files from patch2 into location
+install -d $RPM_BUILD_ROOT%{_sysconfdir}/libvirt
+install -m 0755 src/qemu.conf $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu.conf
+install -m 0755 qemud/libvirtd.conf $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/libvirtd.conf
+
# We don't want to install /etc/libvirt/qemu/networks in the main %files list
# because if the admin wants to delete the default network completely, we don't
# want to end up re-incarnating it on every RPM upgrade.
@@ -144,6 +155,8 @@ fi
%dir %attr(0700, root, root) %{_sysconfdir}/libvirt/qemu/networks/autostart
%{_sysconfdir}/rc.d/init.d/libvirtd
%config(noreplace) %{_sysconfdir}/sysconfig/libvirtd
+%config(noreplace) %{_sysconfdir}/libvirt/libvirtd.conf
+%config(noreplace) %{_sysconfdir}/libvirt/qemu.conf
%dir %{_datadir}/libvirt/
%dir %{_datadir}/libvirt/networks/
%{_datadir}/libvirt/networks/default.xml
@@ -183,6 +196,10 @@ fi
%doc docs/examples/python
%changelog
+* Mon Oct 15 2007 Daniel P. Berrange <berrange@redhat.com> - 0.3.3-2.fc8
+- Added QEMU driver config file support
+- Added example config files
+
* Sun Sep 30 2007 Daniel Veillard <veillard@redhat.com> - 0.3.3-1
- Release of 0.3.3
- Avahi support