From 9abc69f0784752076ced5483069b286cf70be131 Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Apr 05 2024 23:16:45 +0000 Subject: [PATCH 1/6] libvirt-10.2.0-1 Update to version 10.2.0 --- diff --git a/libvirt.spec b/libvirt.spec index b8aa25b..06030aa 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -276,7 +276,7 @@ Summary: Library providing a simple virtualization API Name: libvirt -Version: 10.1.0 +Version: 10.2.0 Release: 1%{?dist} License: GPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND OFL-1.1 URL: https://libvirt.org/ @@ -2588,6 +2588,9 @@ exit 0 %changelog +* Fri Apr 05 2024 Cole Robinson - 10.2.0-1 +- Update to version 10.2.0 + * Fri Mar 01 2024 Cole Robinson - 10.1.0-1 - Update to version 10.1.0 diff --git a/sources b/sources index fa67790..436dd18 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (libvirt-10.1.0.tar.xz) = 08e73ae15de5681430b62db85ec9901242dca5e9a4ca9685614f4a67092c6e28f27f9187144b3ceb18ad6b40e6eb1a90b1a4b056b0888724d04a62002ee2bc48 +SHA512 (libvirt-10.2.0.tar.xz) = 65faf2346e66bdba606ba99b9e4da2be8bd94ef42ac49c2801f9e9253ceea10f5fe772d5c7ada59f48aa34ff528726719b690c3acfd3e63a5c3580db17b023ae From 36079ddefa266c91aeb14ca883768f4561e45713 Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Apr 06 2024 19:04:19 +0000 Subject: [PATCH 2/6] Rebuild for new libiscsi Signed-off-by: Cole Robinson --- diff --git a/libvirt.spec b/libvirt.spec index 06030aa..a370918 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -277,7 +277,7 @@ Summary: Library providing a simple virtualization API Name: libvirt Version: 10.2.0 -Release: 1%{?dist} +Release: 2%{?dist} License: GPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND OFL-1.1 URL: https://libvirt.org/ @@ -2588,6 +2588,9 @@ exit 0 %changelog +* Sat Apr 06 2024 Cole Robinson - 10.2.0-2 +- Rebuild for new libiscsi + * Fri Apr 05 2024 Cole Robinson - 10.2.0-1 - Update to version 10.2.0 From 5b0f05f970f7267c4e2ebdbe878c6d1a5137b098 Mon Sep 17 00:00:00 2001 From: Daniel P. Berrangé Date: May 02 2024 13:38:32 +0000 Subject: [PATCH 3/6] Update to 10.3.0 release Signed-off-by: Daniel P. Berrangé --- diff --git a/libvirt.spec b/libvirt.spec index a370918..d43fb58 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -276,8 +276,8 @@ Summary: Library providing a simple virtualization API Name: libvirt -Version: 10.2.0 -Release: 2%{?dist} +Version: 10.3.0 +Release: 1%{?dist} License: GPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND OFL-1.1 URL: https://libvirt.org/ @@ -2588,6 +2588,9 @@ exit 0 %changelog +* Thu May 2 2024 Daniel P. Berrangé - 10.3.0-1 +- Update to version 10.3.0 + * Sat Apr 06 2024 Cole Robinson - 10.2.0-2 - Rebuild for new libiscsi diff --git a/sources b/sources index 436dd18..c32eb9b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (libvirt-10.2.0.tar.xz) = 65faf2346e66bdba606ba99b9e4da2be8bd94ef42ac49c2801f9e9253ceea10f5fe772d5c7ada59f48aa34ff528726719b690c3acfd3e63a5c3580db17b023ae +SHA512 (libvirt-10.3.0.tar.xz) = dd2b151a19877e57e11b582b1c11542319f8b7b7cd3d7d51304442aa7d5eb1a8490d2887d340191c3ecc561320ea453773763083364579de0a40ada9c244fc59 From 7749fc4a2637ebd6438063e96ccc3de2267ca9da Mon Sep 17 00:00:00 2001 From: Daniel P. Berrangé Date: Jun 05 2024 09:09:34 +0000 Subject: [PATCH 4/6] Update to 10.4.0 release This switches the virtual network backend from iptables to nftables and introduces an SSH VSOCK proxy by default for QEMU. Signed-off-by: Daniel P. Berrangé --- diff --git a/libvirt.spec b/libvirt.spec index d43fb58..560ff01 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -205,6 +205,18 @@ %define with_modular_daemons 1 %endif +# Prefer nftables for future OS releases but keep using iptables +# for existing ones +%if 0%{?rhel} >= 10 || 0%{?fedora} >= 41 + %define prefer_nftables 1 + %define firewall_backend_priority nftables,iptables +%else + %define prefer_nftables 0 + %define firewall_backend_priority iptables,nftables +%endif + + + # Force QEMU to run as non-root %define qemu_user qemu %define qemu_group qemu @@ -276,7 +288,7 @@ Summary: Library providing a simple virtualization API Name: libvirt -Version: 10.3.0 +Version: 10.4.0 Release: 1%{?dist} License: GPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND OFL-1.1 URL: https://libvirt.org/ @@ -336,7 +348,7 @@ BuildRequires: gcc %if %{with_libxl} BuildRequires: xen-devel %endif -BuildRequires: glib2-devel >= 2.56 +BuildRequires: glib2-devel >= 2.58 BuildRequires: libxml2-devel BuildRequires: readline-devel BuildRequires: pkgconfig(bash-completion) >= 2.0 @@ -356,8 +368,6 @@ BuildRequires: sanlock-devel >= 2.4 BuildRequires: libpcap-devel >= 1.5.0 BuildRequires: libnl3-devel BuildRequires: libselinux-devel -BuildRequires: iptables -BuildRequires: ebtables # For modprobe BuildRequires: kmod BuildRequires: cyrus-sasl-devel @@ -594,7 +604,11 @@ Summary: Network driver plugin for the libvirtd daemon Requires: libvirt-daemon-common = %{version}-%{release} Requires: libvirt-libs = %{version}-%{release} Requires: dnsmasq >= 2.41 + %if %{prefer_nftables} +Requires: nftables + %else Requires: iptables + %endif %description daemon-driver-network The network driver plugin for the libvirtd daemon, providing @@ -815,6 +829,7 @@ Requires: gzip Requires: bzip2 Requires: lzop Requires: xz +Requires: zstd Requires: systemd-container Requires: swtpm-tools %if %{with_numad} @@ -902,6 +917,7 @@ Requires: libvirt-daemon-driver-nodedev = %{version}-%{release} Requires: libvirt-daemon-driver-nwfilter = %{version}-%{release} Requires: libvirt-daemon-driver-secret = %{version}-%{release} Requires: libvirt-daemon-driver-storage = %{version}-%{release} +Requires: libvirt-ssh-proxy = %{version}-%{release} Requires: qemu %description daemon-qemu @@ -930,6 +946,7 @@ Requires: libvirt-daemon-driver-nodedev = %{version}-%{release} Requires: libvirt-daemon-driver-nwfilter = %{version}-%{release} Requires: libvirt-daemon-driver-secret = %{version}-%{release} Requires: libvirt-daemon-driver-storage = %{version}-%{release} +Requires: libvirt-ssh-proxy = %{version}-%{release} Requires: qemu-kvm %description daemon-kvm @@ -1099,6 +1116,13 @@ Requires: libvirt-daemon-driver-network = %{version}-%{release} Libvirt plugin for NSS for translating domain names into IP addresses. %endif +%package ssh-proxy +Summary: Libvirt SSH proxy +Requires: libvirt-libs = %{version}-%{release} + +%description ssh-proxy +Allows SSH into domains via VSOCK without need for network. + %if %{with_mingw32} %package -n mingw32-libvirt Summary: %{summary} @@ -1371,9 +1395,11 @@ export SOURCE_DATE_EPOCH=$(stat --printf='%Y' %{_specdir}/libvirt.spec) -Dtls_priority=%{tls_priority} \ -Dsysctl_config=enabled \ %{?arg_userfaultfd_sysctl} \ + -Dssh_proxy=enabled \ %{?enable_werror} \ -Dexpensive_tests=enabled \ -Dinit_script=systemd \ + -Dfirewall_backend_priority=%{firewall_backend_priority} \ -Ddocs=enabled \ -Dtests=enabled \ -Drpath=disabled \ @@ -1455,6 +1481,7 @@ export SOURCE_DATE_EPOCH=$(stat --printf='%Y' %{_specdir}/libvirt.spec) -Dstorage_zfs=disabled \ -Dsysctl_config=disabled \ -Duserfaultfd_sysctl=disabled \ + -Dssh_proxy=disabled \ -Dtests=disabled \ -Dudev=disabled \ -Dwireshark_dissector=disabled \ @@ -1565,7 +1592,8 @@ rm -rf $RPM_BUILD_ROOT%{mingw64_libexecdir}/libvirt-guests.sh %if %{with_native} # Building on slow archs, like emulated s390x in Fedora copr, requires # raising the test timeout -VIR_TEST_DEBUG=1 %meson_test --no-suite syntax-check --timeout-multiplier 10 +VIR_TEST_DEBUG=1 +%meson_test --no-suite syntax-check --timeout-multiplier 10 %endif %define libvirt_rpmstatedir %{_localstatedir}/lib/rpm-state/libvirt @@ -2108,6 +2136,9 @@ exit 0 %config(noreplace) %{_sysconfdir}/libvirt/virtnetworkd.conf %{_datadir}/augeas/lenses/virtnetworkd.aug %{_datadir}/augeas/lenses/tests/test_virtnetworkd.aug +%config(noreplace) %{_sysconfdir}/libvirt/network.conf +%{_datadir}/augeas/lenses/libvirtd_network.aug +%{_datadir}/augeas/lenses/tests/test_libvirtd_network.aug %{_unitdir}/virtnetworkd.service %{_unitdir}/virtnetworkd.socket %{_unitdir}/virtnetworkd-ro.socket @@ -2425,6 +2456,10 @@ exit 0 %{_libdir}/libnss_libvirt.so.2 %{_libdir}/libnss_libvirt_guest.so.2 +%files ssh-proxy +%config(noreplace) %{_sysconfdir}/ssh/ssh_config.d/30-libvirt-ssh-proxy.conf +%{_libexecdir}/libvirt-ssh-proxy + %if %{with_lxc} %files login-shell %attr(4750, root, virtlogin) %{_bindir}/virt-login-shell @@ -2586,8 +2621,12 @@ exit 0 %{mingw64_mandir}/man7/virkey*.7* %endif - %changelog +* Wed Jun 5 2024 Daniel P. Berrangé - 10.4.0-1 +- Update to version 10.4.0 +- Change virtual network backend from iptables to nftables +- Introduce SSH VSOCK proxy + * Thu May 2 2024 Daniel P. Berrangé - 10.3.0-1 - Update to version 10.3.0 diff --git a/sources b/sources index c32eb9b..f84031b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (libvirt-10.3.0.tar.xz) = dd2b151a19877e57e11b582b1c11542319f8b7b7cd3d7d51304442aa7d5eb1a8490d2887d340191c3ecc561320ea453773763083364579de0a40ada9c244fc59 +SHA512 (libvirt-10.4.0.tar.xz) = 711be39f3fb831a5073b25a5b02410676147114f3dcf85b24c8505b611a81bf64cf3b95f66908e0dc3a2f3e66e5fc31b2d95db610ea3f1b747a9fd1f52b1ffa7 From 9ae002fc724f8b01e0b2f3101f8662bf701ee5c7 Mon Sep 17 00:00:00 2001 From: Daniel P. Berrangé Date: Jun 05 2024 11:55:10 +0000 Subject: [PATCH 5/6] Fix GSource leak & udev leak Signed-off-by: Daniel P. Berrangé --- diff --git a/0001-interface-fix-udev-reference-leak-with-invalid-flags.patch b/0001-interface-fix-udev-reference-leak-with-invalid-flags.patch new file mode 100644 index 0000000..cdc4a2b --- /dev/null +++ b/0001-interface-fix-udev-reference-leak-with-invalid-flags.patch @@ -0,0 +1,41 @@ +From 3499354e12a1c1832bf4030693a64e03ceb79d05 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Wed, 5 Jun 2024 11:16:21 +0100 +Subject: [PATCH] interface: fix udev reference leak with invalid flags +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The udevInterfaceGetXMLDesc method takes a reference on the udev +driver as its first action. If the virCheckFlags() condition +fails, however, this reference is never released. + +Reviewed-by: Peter Krempa +Signed-off-by: Daniel P. Berrangé +--- + src/interface/interface_backend_udev.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c +index fdf11a8318..e1a50389c9 100644 +--- a/src/interface/interface_backend_udev.c ++++ b/src/interface/interface_backend_udev.c +@@ -1027,12 +1027,14 @@ static char * + udevInterfaceGetXMLDesc(virInterfacePtr ifinfo, + unsigned int flags) + { +- struct udev *udev = udev_ref(driver->udev); ++ struct udev *udev = NULL; + g_autoptr(virInterfaceDef) ifacedef = NULL; + char *xmlstr = NULL; + + virCheckFlags(VIR_INTERFACE_XML_INACTIVE, NULL); + ++ udev = udev_ref(driver->udev); ++ + /* Recursively build up the interface XML based on the requested + * interface name + */ +-- +2.45.1 + diff --git a/0001-rpc-avoid-leak-of-GSource-in-use-for-interrupting-ma.patch b/0001-rpc-avoid-leak-of-GSource-in-use-for-interrupting-ma.patch new file mode 100644 index 0000000..afa729d --- /dev/null +++ b/0001-rpc-avoid-leak-of-GSource-in-use-for-interrupting-ma.patch @@ -0,0 +1,49 @@ +From 98f1cf88fa7e0f992d93f376418fbfb3996a9690 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Fri, 17 May 2024 14:55:24 +0100 +Subject: [PATCH] rpc: avoid leak of GSource in use for interrupting main loop +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +We never release the reference on the GSource created for +interrupting the main loop, nor do we remove it from the +main context if our thread is woken up prior to the wakeup +callback firing. + +This can result in a leak of GSource objects, along with an +ever growing list of GSources attached to the main context, +which will gradually slow down execution of the loop, as +several operations are O(N) for the number of attached GSource +objects. + +Reviewed-by: Michal Privoznik +Signed-off-by: Daniel P. Berrangé +--- + src/rpc/virnetclient.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c +index 147b0d661a..6d424eb599 100644 +--- a/src/rpc/virnetclient.c ++++ b/src/rpc/virnetclient.c +@@ -1946,7 +1946,7 @@ static int virNetClientIO(virNetClient *client, + /* Check to see if another thread is dispatching */ + if (client->haveTheBuck) { + /* Force other thread to wakeup from poll */ +- GSource *wakeup = g_idle_source_new(); ++ g_autoptr(GSource) wakeup = g_idle_source_new(); + g_source_set_callback(wakeup, virNetClientIOWakeup, client->eventLoop, NULL); + g_source_attach(wakeup, client->eventCtx); + +@@ -1968,6 +1968,7 @@ static int virNetClientIO(virNetClient *client, + return -1; + } + ++ g_source_destroy(wakeup); + VIR_DEBUG("Woken up from sleep head=%p call=%p", + client->waitDispatch, thiscall); + /* Three reasons we can be woken up +-- +2.45.1 + diff --git a/libvirt.spec b/libvirt.spec index 560ff01..2fe3ad7 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -289,7 +289,7 @@ Summary: Library providing a simple virtualization API Name: libvirt Version: 10.4.0 -Release: 1%{?dist} +Release: 2%{?dist} License: GPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND OFL-1.1 URL: https://libvirt.org/ @@ -297,6 +297,8 @@ URL: https://libvirt.org/ %define mainturl stable_updates/ %endif Source: https://download.libvirt.org/%{?mainturl}libvirt-%{version}.tar.xz +Patch2: 0001-rpc-avoid-leak-of-GSource-in-use-for-interrupting-ma.patch +Patch3: 0001-interface-fix-udev-reference-leak-with-invalid-flags.patch Requires: libvirt-daemon = %{version}-%{release} Requires: libvirt-daemon-config-network = %{version}-%{release} @@ -2622,6 +2624,10 @@ exit 0 %endif %changelog +* Wed Jun 5 2024 Daniel P. Berrangé - 10.4.0-2 +- Fix leak of GSource handle +- Fix leak of udev reference (rhbz #2266017) + * Wed Jun 5 2024 Daniel P. Berrangé - 10.4.0-1 - Update to version 10.4.0 - Change virtual network backend from iptables to nftables From 89027b54f251e2b87ff2afab5af7b95178238094 Mon Sep 17 00:00:00 2001 From: Roberto Campesato Date: Jun 14 2024 12:29:00 +0000 Subject: [PATCH 6/6] Merge remote-tracking branch 'upstream/rawhide' into libvirt-hyperscale-10.4.0 --- diff --git a/0001-interface-fix-udev-reference-leak-with-invalid-flags.patch b/0001-interface-fix-udev-reference-leak-with-invalid-flags.patch new file mode 100644 index 0000000..cdc4a2b --- /dev/null +++ b/0001-interface-fix-udev-reference-leak-with-invalid-flags.patch @@ -0,0 +1,41 @@ +From 3499354e12a1c1832bf4030693a64e03ceb79d05 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Wed, 5 Jun 2024 11:16:21 +0100 +Subject: [PATCH] interface: fix udev reference leak with invalid flags +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The udevInterfaceGetXMLDesc method takes a reference on the udev +driver as its first action. If the virCheckFlags() condition +fails, however, this reference is never released. + +Reviewed-by: Peter Krempa +Signed-off-by: Daniel P. Berrangé +--- + src/interface/interface_backend_udev.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c +index fdf11a8318..e1a50389c9 100644 +--- a/src/interface/interface_backend_udev.c ++++ b/src/interface/interface_backend_udev.c +@@ -1027,12 +1027,14 @@ static char * + udevInterfaceGetXMLDesc(virInterfacePtr ifinfo, + unsigned int flags) + { +- struct udev *udev = udev_ref(driver->udev); ++ struct udev *udev = NULL; + g_autoptr(virInterfaceDef) ifacedef = NULL; + char *xmlstr = NULL; + + virCheckFlags(VIR_INTERFACE_XML_INACTIVE, NULL); + ++ udev = udev_ref(driver->udev); ++ + /* Recursively build up the interface XML based on the requested + * interface name + */ +-- +2.45.1 + diff --git a/0001-rpc-avoid-leak-of-GSource-in-use-for-interrupting-ma.patch b/0001-rpc-avoid-leak-of-GSource-in-use-for-interrupting-ma.patch new file mode 100644 index 0000000..afa729d --- /dev/null +++ b/0001-rpc-avoid-leak-of-GSource-in-use-for-interrupting-ma.patch @@ -0,0 +1,49 @@ +From 98f1cf88fa7e0f992d93f376418fbfb3996a9690 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Fri, 17 May 2024 14:55:24 +0100 +Subject: [PATCH] rpc: avoid leak of GSource in use for interrupting main loop +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +We never release the reference on the GSource created for +interrupting the main loop, nor do we remove it from the +main context if our thread is woken up prior to the wakeup +callback firing. + +This can result in a leak of GSource objects, along with an +ever growing list of GSources attached to the main context, +which will gradually slow down execution of the loop, as +several operations are O(N) for the number of attached GSource +objects. + +Reviewed-by: Michal Privoznik +Signed-off-by: Daniel P. Berrangé +--- + src/rpc/virnetclient.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c +index 147b0d661a..6d424eb599 100644 +--- a/src/rpc/virnetclient.c ++++ b/src/rpc/virnetclient.c +@@ -1946,7 +1946,7 @@ static int virNetClientIO(virNetClient *client, + /* Check to see if another thread is dispatching */ + if (client->haveTheBuck) { + /* Force other thread to wakeup from poll */ +- GSource *wakeup = g_idle_source_new(); ++ g_autoptr(GSource) wakeup = g_idle_source_new(); + g_source_set_callback(wakeup, virNetClientIOWakeup, client->eventLoop, NULL); + g_source_attach(wakeup, client->eventCtx); + +@@ -1968,6 +1968,7 @@ static int virNetClientIO(virNetClient *client, + return -1; + } + ++ g_source_destroy(wakeup); + VIR_DEBUG("Woken up from sleep head=%p call=%p", + client->waitDispatch, thiscall); + /* Three reasons we can be woken up +-- +2.45.1 + diff --git a/libvirt.spec b/libvirt.spec index a0774ca..07c1ddf 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -205,6 +205,16 @@ %define with_modular_daemons 1 %endif +# Prefer nftables for future OS releases but keep using iptables +# for existing ones +%if 0%{?rhel} >= 10 || 0%{?fedora} >= 41 + %define prefer_nftables 1 + %define firewall_backend_priority nftables,iptables +%else + %define prefer_nftables 0 + %define firewall_backend_priority iptables,nftables +%endif + # Force QEMU to run as non-root %define qemu_user qemu %define qemu_group qemu @@ -275,14 +285,14 @@ %{nil} # To prevent rpmdev-bumpspec breakage -%global baserelease 1 +%global baserelease 2 # Hyperscale release %global hsrel .1 Summary: Library providing a simple virtualization API Name: libvirt -Version: 10.1.0 +Version: 10.4.0 Release: %{baserelease}%{?hsrel}%{?dist} License: GPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND OFL-1.1 URL: https://libvirt.org/ @@ -291,6 +301,8 @@ URL: https://libvirt.org/ %define mainturl stable_updates/ %endif Source: https://download.libvirt.org/%{?mainturl}libvirt-%{version}.tar.xz +Patch2: 0001-rpc-avoid-leak-of-GSource-in-use-for-interrupting-ma.patch +Patch3: 0001-interface-fix-udev-reference-leak-with-invalid-flags.patch Requires: libvirt-daemon = %{version}-%{release} Requires: libvirt-daemon-config-network = %{version}-%{release} @@ -342,7 +354,7 @@ BuildRequires: gcc %if %{with_libxl} BuildRequires: xen-devel %endif -BuildRequires: glib2-devel >= 2.56 +BuildRequires: glib2-devel >= 2.58 BuildRequires: libxml2-devel BuildRequires: readline-devel BuildRequires: pkgconfig(bash-completion) >= 2.0 @@ -362,8 +374,6 @@ BuildRequires: sanlock-devel >= 2.4 BuildRequires: libpcap-devel >= 1.5.0 BuildRequires: libnl3-devel BuildRequires: libselinux-devel -BuildRequires: iptables -BuildRequires: ebtables # For modprobe BuildRequires: kmod BuildRequires: cyrus-sasl-devel @@ -600,7 +610,11 @@ Summary: Network driver plugin for the libvirtd daemon Requires: libvirt-daemon-common = %{version}-%{release} Requires: libvirt-libs = %{version}-%{release} Requires: dnsmasq >= 2.41 + %if %{prefer_nftables} +Requires: nftables + %else Requires: iptables + %endif %description daemon-driver-network The network driver plugin for the libvirtd daemon, providing @@ -821,8 +835,13 @@ Requires: gzip Requires: bzip2 Requires: lzop Requires: xz +Requires: zstd Requires: systemd-container + %if 0%{?facebook} +Recommends: swtpm-tools + %else Requires: swtpm-tools + %endif %if %{with_numad} Requires: numad %endif @@ -908,6 +927,7 @@ Requires: libvirt-daemon-driver-nodedev = %{version}-%{release} Requires: libvirt-daemon-driver-nwfilter = %{version}-%{release} Requires: libvirt-daemon-driver-secret = %{version}-%{release} Requires: libvirt-daemon-driver-storage = %{version}-%{release} +Requires: libvirt-ssh-proxy = %{version}-%{release} Requires: qemu %description daemon-qemu @@ -936,6 +956,7 @@ Requires: libvirt-daemon-driver-nodedev = %{version}-%{release} Requires: libvirt-daemon-driver-nwfilter = %{version}-%{release} Requires: libvirt-daemon-driver-secret = %{version}-%{release} Requires: libvirt-daemon-driver-storage = %{version}-%{release} +Requires: libvirt-ssh-proxy = %{version}-%{release} # relax requirement for qemu-kvm for fb builds %if 0%{?facebook} @@ -1111,6 +1132,13 @@ Requires: libvirt-daemon-driver-network = %{version}-%{release} Libvirt plugin for NSS for translating domain names into IP addresses. %endif +%package ssh-proxy +Summary: Libvirt SSH proxy +Requires: libvirt-libs = %{version}-%{release} + +%description ssh-proxy +Allows SSH into domains via VSOCK without need for network. + %if %{with_mingw32} %package -n mingw32-libvirt Summary: %{summary} @@ -1383,9 +1411,11 @@ export SOURCE_DATE_EPOCH=$(stat --printf='%Y' %{_specdir}/libvirt.spec) -Dtls_priority=%{tls_priority} \ -Dsysctl_config=enabled \ %{?arg_userfaultfd_sysctl} \ + -Dssh_proxy=enabled \ %{?enable_werror} \ -Dexpensive_tests=enabled \ -Dinit_script=systemd \ + -Dfirewall_backend_priority=%{firewall_backend_priority} \ -Ddocs=enabled \ -Dtests=enabled \ -Drpath=disabled \ @@ -1467,6 +1497,7 @@ export SOURCE_DATE_EPOCH=$(stat --printf='%Y' %{_specdir}/libvirt.spec) -Dstorage_zfs=disabled \ -Dsysctl_config=disabled \ -Duserfaultfd_sysctl=disabled \ + -Dssh_proxy=disabled \ -Dtests=disabled \ -Dudev=disabled \ -Dwireshark_dissector=disabled \ @@ -1577,7 +1608,8 @@ rm -rf $RPM_BUILD_ROOT%{mingw64_libexecdir}/libvirt-guests.sh %if %{with_native} # Building on slow archs, like emulated s390x in Fedora copr, requires # raising the test timeout -VIR_TEST_DEBUG=1 %meson_test --no-suite syntax-check --timeout-multiplier 10 +VIR_TEST_DEBUG=1 +%meson_test --no-suite syntax-check --timeout-multiplier 10 %endif %define libvirt_rpmstatedir %{_localstatedir}/lib/rpm-state/libvirt @@ -2120,6 +2152,9 @@ exit 0 %config(noreplace) %{_sysconfdir}/libvirt/virtnetworkd.conf %{_datadir}/augeas/lenses/virtnetworkd.aug %{_datadir}/augeas/lenses/tests/test_virtnetworkd.aug +%config(noreplace) %{_sysconfdir}/libvirt/network.conf +%{_datadir}/augeas/lenses/libvirtd_network.aug +%{_datadir}/augeas/lenses/tests/test_libvirtd_network.aug %{_unitdir}/virtnetworkd.service %{_unitdir}/virtnetworkd.socket %{_unitdir}/virtnetworkd-ro.socket @@ -2437,6 +2472,10 @@ exit 0 %{_libdir}/libnss_libvirt.so.2 %{_libdir}/libnss_libvirt_guest.so.2 +%files ssh-proxy +%config(noreplace) %{_sysconfdir}/ssh/ssh_config.d/30-libvirt-ssh-proxy.conf +%{_libexecdir}/libvirt-ssh-proxy + %if %{with_lxc} %files login-shell %attr(4750, root, virtlogin) %{_bindir}/virt-login-shell @@ -2600,6 +2639,28 @@ exit 0 %changelog +* Wed Jun 14 2024 Roberto Campesato - 10.4.0-2.1 +- Update to version 10.4.0 +- Relax dependency on swtpm-tools for facebook builds + +* Wed Jun 5 2024 Daniel P. Berrangé - 10.4.0-2 +- Fix leak of GSource handle +- Fix leak of udev reference (rhbz #2266017) + +* Wed Jun 5 2024 Daniel P. Berrangé - 10.4.0-1 +- Update to version 10.4.0 +- Change virtual network backend from iptables to nftables +- Introduce SSH VSOCK proxy + +* Thu May 2 2024 Daniel P. Berrangé - 10.3.0-1 +- Update to version 10.3.0 + +* Sat Apr 06 2024 Cole Robinson - 10.2.0-2 +- Rebuild for new libiscsi + +* Fri Apr 05 2024 Cole Robinson - 10.2.0-1 +- Update to version 10.2.0 + * Wed Mar 27 2024 Roberto Campesato - 10.1.0-1.1 - Update to version 10.1.0 - Relax dependency on qemu-kvm for facebook builds diff --git a/sources b/sources index fa67790..f84031b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (libvirt-10.1.0.tar.xz) = 08e73ae15de5681430b62db85ec9901242dca5e9a4ca9685614f4a67092c6e28f27f9187144b3ceb18ad6b40e6eb1a90b1a4b056b0888724d04a62002ee2bc48 +SHA512 (libvirt-10.4.0.tar.xz) = 711be39f3fb831a5073b25a5b02410676147114f3dcf85b24c8505b611a81bf64cf3b95f66908e0dc3a2f3e66e5fc31b2d95db610ea3f1b747a9fd1f52b1ffa7