Date: Sunday, October 18, 2020 @ 04:34:36 Author: freswa Revision: 725858
archrelease: copy trunk to community-x86_64 Added: libvirt/repos/community-x86_64/CVE-2020-14339.patch (from rev 725857, libvirt/trunk/CVE-2020-14339.patch) libvirt/repos/community-x86_64/Changelog (from rev 725857, libvirt/trunk/Changelog) libvirt/repos/community-x86_64/PKGBUILD (from rev 725857, libvirt/trunk/PKGBUILD) libvirt/repos/community-x86_64/libvirt.install (from rev 725857, libvirt/trunk/libvirt.install) Deleted: libvirt/repos/community-x86_64/Changelog libvirt/repos/community-x86_64/PKGBUILD libvirt/repos/community-x86_64/libvirt.install ----------------------+ CVE-2020-14339.patch | 478 +++++++++++++++++++++++++++++++++++++++++++++++++ Changelog | 2 PKGBUILD | 408 +++++++++++++++++++---------------------- libvirt.install | 14 - 4 files changed, 676 insertions(+), 226 deletions(-) Copied: libvirt/repos/community-x86_64/CVE-2020-14339.patch (from rev 725857, libvirt/trunk/CVE-2020-14339.patch) =================================================================== --- CVE-2020-14339.patch (rev 0) +++ CVE-2020-14339.patch 2020-10-18 04:34:36 UTC (rev 725858) @@ -0,0 +1,478 @@ +diff --git a/po/POTFILES.in b/po/POTFILES.in +index af52054aa4..eb1ffd1dbd 100644 +--- a/po/POTFILES.in ++++ b/po/POTFILES.in +@@ -240,6 +240,7 @@ + @SRCDIR@/src/util/vircrypto.c + @SRCDIR@/src/util/virdaemon.c + @SRCDIR@/src/util/virdbus.c ++@SRCDIR@/src/util/virdevmapper.c + @SRCDIR@/src/util/virdnsmasq.c + @SRCDIR@/src/util/virerror.c + @SRCDIR@/src/util/virerror.h +diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c +index 914bf640ca..e88da02341 100644 +--- a/src/qemu/qemu_cgroup.c ++++ b/src/qemu/qemu_cgroup.c +@@ -87,7 +87,7 @@ qemuSetupImagePathCgroup(virDomainObjPtr vm, + } + + if (virDevMapperGetTargets(path, &targetPaths) < 0 && +- errno != ENOSYS && errno != EBADF) { ++ errno != ENOSYS) { + virReportSystemError(errno, + _("Unable to get devmapper targets for %s"), + path); +diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c +index c5b8d91f9a..088d711ae3 100644 +--- a/src/qemu/qemu_domain.c ++++ b/src/qemu/qemu_domain.c +@@ -10338,7 +10338,7 @@ qemuDomainSetupDisk(virQEMUDriverConfigPtr cfg G_GNUC_UNUSED, + return -1; + + if (virDevMapperGetTargets(next->path, &targetPaths) < 0 && +- errno != ENOSYS && errno != EBADF) { ++ errno != ENOSYS) { + virReportSystemError(errno, + _("Unable to get devmapper targets for %s"), + next->path); +@@ -11402,7 +11402,7 @@ qemuDomainNamespaceSetupDisk(virDomainObjPtr vm, + tmpPath = g_strdup(next->path); + + if (virDevMapperGetTargets(next->path, &targetPaths) < 0 && +- errno != ENOSYS && errno != EBADF) { ++ errno != ENOSYS) { + virReportSystemError(errno, + _("Unable to get devmapper targets for %s"), + next->path); +diff --git a/src/util/virdevmapper.c b/src/util/virdevmapper.c +index 40a82285f9..a471504176 100644 +--- a/src/util/virdevmapper.c ++++ b/src/util/virdevmapper.c +@@ -20,38 +20,67 @@ + + #include <config.h> + ++#include "virdevmapper.h" ++#include "internal.h" ++ + #ifdef __linux__ + # include <sys/sysmacros.h> +-#endif ++# include <linux/dm-ioctl.h> ++# include <sys/ioctl.h> ++# include <sys/types.h> ++# include <sys/stat.h> ++# include <fcntl.h> + +-#ifdef WITH_DEVMAPPER +-# include <libdevmapper.h> +-#endif ++# include "virthread.h" ++# include "viralloc.h" ++# include "virstring.h" ++# include "virfile.h" ++ ++# define VIR_FROM_THIS VIR_FROM_STORAGE ++ ++# define PROC_DEVICES "/proc/devices" ++# define DM_NAME "device-mapper" ++# define DEV_DM_DIR "/dev/" DM_DIR ++# define CONTROL_PATH DEV_DM_DIR "/" DM_CONTROL_NODE ++# define BUF_SIZE (16 * 1024) ++ ++G_STATIC_ASSERT(BUF_SIZE > sizeof(struct dm_ioctl)); ++ ++static unsigned int virDMMajor; + +-#include "virdevmapper.h" +-#include "internal.h" +-#include "virthread.h" +-#include "viralloc.h" +-#include "virstring.h" +- +-#ifdef WITH_DEVMAPPER +-static void +-virDevMapperDummyLogger(int level G_GNUC_UNUSED, +- const char *file G_GNUC_UNUSED, +- int line G_GNUC_UNUSED, +- int dm_errno G_GNUC_UNUSED, +- const char *fmt G_GNUC_UNUSED, +- ...) +-{ +- return; +-} + + static int + virDevMapperOnceInit(void) + { +- /* Ideally, we would not need this. But libdevmapper prints +- * error messages to stderr by default. Sad but true. */ +- dm_log_with_errno_init(virDevMapperDummyLogger); ++ g_autofree char *buf = NULL; ++ VIR_AUTOSTRINGLIST lines = NULL; ++ size_t i; ++ ++ if (virFileReadAll(PROC_DEVICES, BUF_SIZE, &buf) < 0) ++ return -1; ++ ++ lines = virStringSplit(buf, "\n", 0); ++ if (!lines) ++ return -1; ++ ++ for (i = 0; lines[i]; i++) { ++ g_autofree char *dev = NULL; ++ unsigned int maj; ++ ++ if (sscanf(lines[i], "%u %ms\n", &maj, &dev) == 2 && ++ STREQ(dev, DM_NAME)) { ++ virDMMajor = maj; ++ break; ++ } ++ } ++ ++ if (!lines[i]) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, ++ _("Unable to find major for %s"), ++ DM_NAME); ++ return -1; ++ } ++ + return 0; + } + +@@ -59,104 +88,190 @@ virDevMapperOnceInit(void) + VIR_ONCE_GLOBAL_INIT(virDevMapper); + + ++static void * ++virDMIoctl(int controlFD, int cmd, struct dm_ioctl *dm, char **buf) ++{ ++ size_t bufsize = BUF_SIZE; ++ ++ reread: ++ *buf = g_new0(char, bufsize); ++ ++ dm->version[0] = DM_VERSION_MAJOR; ++ dm->version[1] = 0; ++ dm->version[2] = 0; ++ dm->data_size = bufsize; ++ dm->data_start = sizeof(struct dm_ioctl); ++ ++ memcpy(*buf, dm, sizeof(struct dm_ioctl)); ++ ++ if (ioctl(controlFD, cmd, *buf) < 0) { ++ VIR_FREE(*buf); ++ return NULL; ++ } ++ ++ memcpy(dm, *buf, sizeof(struct dm_ioctl)); ++ ++ if (dm->flags & DM_BUFFER_FULL_FLAG) { ++ bufsize += BUF_SIZE; ++ VIR_FREE(*buf); ++ goto reread; ++ } ++ ++ return *buf + dm->data_start; ++} ++ ++ + static int +-virDevMapperGetTargetsImpl(const char *path, ++virDMOpen(void) ++{ ++ VIR_AUTOCLOSE controlFD = -1; ++ struct dm_ioctl dm; ++ g_autofree char *tmp = NULL; ++ int ret; ++ ++ memset(&dm, 0, sizeof(dm)); ++ ++ if ((controlFD = open(CONTROL_PATH, O_RDWR)) < 0) ++ return -1; ++ ++ if (!virDMIoctl(controlFD, DM_VERSION, &dm, &tmp)) { ++ virReportSystemError(errno, "%s", ++ _("Unable to get device-mapper version")); ++ return -1; ++ } ++ ++ if (dm.version[0] != DM_VERSION_MAJOR) { ++ virReportError(VIR_ERR_OPERATION_UNSUPPORTED, ++ _("Unsupported device-mapper version. Expected %d got %d"), ++ DM_VERSION_MAJOR, dm.version[0]); ++ return -1; ++ } ++ ++ ret = controlFD; ++ controlFD = -1; ++ return ret; ++} ++ ++ ++static char * ++virDMSanitizepath(const char *path) ++{ ++ g_autofree char *dmDirPath = NULL; ++ struct dirent *ent = NULL; ++ struct stat sb[2]; ++ DIR *dh = NULL; ++ const char *p; ++ char *ret = NULL; ++ int rc; ++ ++ /* If a path is NOT provided then assume it's DM name */ ++ p = strrchr(path, '/'); ++ ++ if (!p) ++ return g_strdup(path); ++ else ++ p++; ++ ++ /* It's a path. Check if the last component is DM name */ ++ if (stat(path, &sb[0]) < 0) { ++ virReportError(errno, ++ _("Unable to stat %p"), ++ path); ++ return NULL; ++ } ++ ++ dmDirPath = g_strdup_printf(DEV_DM_DIR "/%s", p); ++ ++ if (stat(dmDirPath, &sb[1]) == 0 && ++ sb[0].st_rdev == sb[1].st_rdev) { ++ return g_strdup(p); ++ } ++ ++ /* The last component of @path wasn't DM name. Let's check if ++ * there's a device under /dev/mapper/ with the same rdev. */ ++ if (virDirOpen(&dh, DEV_DM_DIR) < 0) ++ return NULL; ++ ++ while ((rc = virDirRead(dh, &ent, DEV_DM_DIR)) > 0) { ++ g_autofree char *tmp = g_strdup_printf(DEV_DM_DIR "/%s", ent->d_name); ++ ++ if (stat(tmp, &sb[1]) == 0 && ++ sb[0].st_rdev == sb[0].st_rdev) { ++ ret = g_steal_pointer(&tmp); ++ break; ++ } ++ } ++ ++ virDirClose(&dh); ++ return ret; ++} ++ ++ ++static int ++virDevMapperGetTargetsImpl(int controlFD, ++ const char *path, + char ***devPaths_ret, + unsigned int ttl) + { +- struct dm_task *dmt = NULL; +- struct dm_deps *deps; +- struct dm_info info; +- char **devPaths = NULL; +- char **recursiveDevPaths = NULL; ++ g_autofree char *sanitizedPath = NULL; ++ g_autofree char *buf = NULL; ++ struct dm_ioctl dm; ++ struct dm_target_deps *deps = NULL; ++ VIR_AUTOSTRINGLIST devPaths = NULL; + size_t i; +- int ret = -1; + ++ memset(&dm, 0, sizeof(dm)); + *devPaths_ret = NULL; + +- if (virDevMapperInitialize() < 0) +- return ret; +- + if (ttl == 0) { + errno = ELOOP; +- return ret; ++ return -1; + } + + if (!virIsDevMapperDevice(path)) + return 0; + +- if (!(dmt = dm_task_create(DM_DEVICE_DEPS))) { +- if (errno == ENOENT || errno == ENODEV) { +- /* It's okay. Kernel is probably built without +- * devmapper support. */ +- ret = 0; +- } +- return ret; +- } +- +- if (!dm_task_set_name(dmt, path)) { +- if (errno == ENOENT) { +- /* It's okay, @path is not managed by devmapper => +- * not a devmapper device. */ +- ret = 0; +- } +- goto cleanup; +- } +- +- dm_task_no_open_count(dmt); ++ if (!(sanitizedPath = virDMSanitizepath(path))) ++ return 0; + +- if (!dm_task_run(dmt)) { +- if (errno == ENXIO) { +- /* If @path = "/dev/mapper/control" ENXIO is returned. */ +- ret = 0; +- } +- goto cleanup; ++ if (virStrncpy(dm.name, sanitizedPath, -1, DM_TABLE_DEPS) < 0) { ++ virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", ++ _("Resolved device mapper name too long")); ++ return -1; + } + +- if (!dm_task_get_info(dmt, &info)) +- goto cleanup; ++ deps = virDMIoctl(controlFD, DM_TABLE_DEPS, &dm, &buf); ++ if (!deps) { ++ if (errno == ENXIO) ++ return 0; + +- if (!info.exists) { +- ret = 0; +- goto cleanup; ++ virReportSystemError(errno, ++ _("Unable to query dependencies for %s"), ++ path); ++ return -1; + } + +- if (!(deps = dm_task_get_deps(dmt))) +- goto cleanup; +- + if (VIR_ALLOC_N_QUIET(devPaths, deps->count + 1) < 0) +- goto cleanup; ++ return -1; + + for (i = 0; i < deps->count; i++) { + devPaths[i] = g_strdup_printf("/dev/block/%u:%u", +- major(deps->device[i]), +- minor(deps->device[i])); ++ major(deps->dev[i]), ++ minor(deps->dev[i])); + } + +- recursiveDevPaths = NULL; + for (i = 0; i < deps->count; i++) { +- char **tmpPaths; ++ VIR_AUTOSTRINGLIST tmpPaths = NULL; + +- if (virDevMapperGetTargetsImpl(devPaths[i], &tmpPaths, ttl - 1) < 0) +- goto cleanup; ++ if (virDevMapperGetTargetsImpl(controlFD, devPaths[i], &tmpPaths, ttl - 1) < 0) ++ return -1; + +- if (tmpPaths && +- virStringListMerge(&recursiveDevPaths, &tmpPaths) < 0) { +- virStringListFree(tmpPaths); +- goto cleanup; +- } ++ if (virStringListMerge(&devPaths, &tmpPaths) < 0) ++ return -1; + } + +- if (virStringListMerge(&devPaths, &recursiveDevPaths) < 0) +- goto cleanup; +- + *devPaths_ret = g_steal_pointer(&devPaths); +- ret = 0; +- cleanup: +- virStringListFree(recursiveDevPaths); +- virStringListFree(devPaths); +- dm_task_destroy(dmt); +- return ret; ++ return 0; + } + + +@@ -175,9 +290,6 @@ virDevMapperGetTargetsImpl(const char *path, + * If @path consists of yet another devmapper targets these are + * consulted recursively. + * +- * If we don't have permissions to talk to kernel, -1 is returned +- * and errno is set to EBADF. +- * + * Returns 0 on success, + * -1 otherwise (with errno set, no libvirt error is + * reported) +@@ -186,46 +298,53 @@ int + virDevMapperGetTargets(const char *path, + char ***devPaths) + { ++ VIR_AUTOCLOSE controlFD = -1; + const unsigned int ttl = 32; + + /* Arbitrary limit on recursion level. A devmapper target can + * consist of devices or yet another targets. If that's the + * case, we have to stop recursion somewhere. */ + +- return virDevMapperGetTargetsImpl(path, devPaths, ttl); +-} ++ if (virDevMapperInitialize() < 0) ++ return -1; + +-#else /* ! WITH_DEVMAPPER */ ++ if ((controlFD = virDMOpen()) < 0) ++ return -1; + +-int +-virDevMapperGetTargets(const char *path G_GNUC_UNUSED, +- char ***devPaths G_GNUC_UNUSED) +-{ +- errno = ENOSYS; +- return -1; ++ return virDevMapperGetTargetsImpl(controlFD, path, devPaths, ttl); + } +-#endif /* ! WITH_DEVMAPPER */ + + +-#if WITH_DEVMAPPER + bool + virIsDevMapperDevice(const char *dev_name) + { + struct stat buf; + ++ if (virDevMapperInitialize() < 0) ++ return false; ++ + if (!stat(dev_name, &buf) && + S_ISBLK(buf.st_mode) && +- dm_is_dm_major(major(buf.st_rdev))) +- return true; ++ major(buf.st_rdev) == virDMMajor) ++ return true; + + return false; + } + +-#else /* ! WITH_DEVMAPPER */ ++#else /* !defined(__linux__) */ ++ ++int ++virDevMapperGetTargets(const char *path G_GNUC_UNUSED, ++ char ***devPaths G_GNUC_UNUSED) ++{ ++ errno = ENOSYS; ++ return -1; ++} ++ + + bool + virIsDevMapperDevice(const char *dev_name G_GNUC_UNUSED) + { + return false; + } +-#endif /* ! WITH_DEVMAPPER */ ++#endif /* ! defined(__linux__) */ Deleted: Changelog =================================================================== --- Changelog 2020-10-18 04:34:29 UTC (rev 725857) +++ Changelog 2020-10-18 04:34:36 UTC (rev 725858) @@ -1 +0,0 @@ -https://libvirt.org/news.html Copied: libvirt/repos/community-x86_64/Changelog (from rev 725857, libvirt/trunk/Changelog) =================================================================== --- Changelog (rev 0) +++ Changelog 2020-10-18 04:34:36 UTC (rev 725858) @@ -0,0 +1 @@ +https://libvirt.org/news.html Deleted: PKGBUILD =================================================================== --- PKGBUILD 2020-10-18 04:34:29 UTC (rev 725857) +++ PKGBUILD 2020-10-18 04:34:36 UTC (rev 725858) @@ -1,218 +0,0 @@ -# Maintainer: Robin Broda <ro...@broda.me> -# Contributor: Christian Rebischke <chris.rebisc...@archlinux.org> -# Contributor: Sergej Pupykin <pupykin.s+a...@gmail.com> -# Contributor: Jonathan Wiersma <archaur at jonw dot org> - -pkgname=(libvirt libvirt-storage-gluster libvirt-storage-iscsi-direct libvirt-storage-rbd) -pkgver=6.8.0 -pkgrel=3 -pkgdesc="API for controlling virtualization engines (openvz,kvm,qemu,virtualbox,xen,etc)" -arch=('x86_64') -url="https://libvirt.org/" -license=('LGPL' 'GPL3') #libvirt_parthelper links to libparted which is GPL3 only -install=libvirt.install -depends=('libpciaccess' 'yajl' 'fuse2' 'gnutls' 'parted' 'libssh' 'libxml2' 'numactl' 'polkit' - 'rust-libslirp') -makedepends=('libxslt' 'python-docutils' 'lvm2' 'open-iscsi' 'libiscsi' 'ceph-libs' 'glusterfs' - 'bash-completion' 'rpcsvc-proto' 'dnsmasq' 'iproute2' 'qemu-headless' 'meson') -checkdepends=('ebtables') -optdepends=('libvirt-storage-gluster: Gluster storage backend' - 'libvirt-storage-iscsi-direct: iSCSI-direct storage backend' - 'libvirt-storage-rbd: RBD storage backend' - 'gettext: required for libvirt-guests.service' - 'openbsd-netcat: for remote management over ssh' - 'dmidecode: DMI system info support' - 'dnsmasq: required for default NAT/DHCP for guests' - 'radvd: IPv6 RAD support' - 'ebtables: required for default NAT networking' - 'qemu: QEMU/KVM support' - 'lvm2: Logical Volume Manager support' - 'open-iscsi: iSCSI support via iscsiadm') -backup=( - 'etc/conf.d/libvirtd' - 'etc/conf.d/libvirt-guests' - 'etc/conf.d/virtinterfaced' - 'etc/conf.d/virtlockd' - 'etc/conf.d/virtlogd' - 'etc/conf.d/virtlxcd' - 'etc/conf.d/virtnetworkd' - 'etc/conf.d/virtnodedevd' - 'etc/conf.d/virtnwfilterd' - 'etc/conf.d/virtproxyd' - 'etc/conf.d/virtqemud' - 'etc/conf.d/virtsecretd' - 'etc/conf.d/virtstoraged' - 'etc/conf.d/virtvboxd' - 'etc/libvirt/libvirt-admin.conf' - 'etc/libvirt/libvirt.conf' - 'etc/libvirt/libvirtd.conf' - 'etc/libvirt/lxc.conf' - 'etc/libvirt/nwfilter/allow-arp.xml' - 'etc/libvirt/nwfilter/allow-dhcp-server.xml' - 'etc/libvirt/nwfilter/allow-dhcp.xml' - 'etc/libvirt/nwfilter/allow-incoming-ipv4.xml' - 'etc/libvirt/nwfilter/allow-ipv4.xml' - 'etc/libvirt/nwfilter/clean-traffic-gateway.xml' - 'etc/libvirt/nwfilter/clean-traffic.xml' - 'etc/libvirt/nwfilter/no-arp-ip-spoofing.xml' - 'etc/libvirt/nwfilter/no-arp-mac-spoofing.xml' - 'etc/libvirt/nwfilter/no-arp-spoofing.xml' - 'etc/libvirt/nwfilter/no-ip-multicast.xml' - 'etc/libvirt/nwfilter/no-ip-spoofing.xml' - 'etc/libvirt/nwfilter/no-mac-broadcast.xml' - 'etc/libvirt/nwfilter/no-mac-spoofing.xml' - 'etc/libvirt/nwfilter/no-other-l2-traffic.xml' - 'etc/libvirt/nwfilter/no-other-rarp-traffic.xml' - 'etc/libvirt/nwfilter/qemu-announce-self-rarp.xml' - 'etc/libvirt/nwfilter/qemu-announce-self.xml' - 'etc/libvirt/qemu.conf' - 'etc/libvirt/qemu-lockd.conf' - 'etc/libvirt/qemu/networks/default.xml' - 'etc/libvirt/virtinterfaced.conf' - 'etc/libvirt/virtlockd.conf' - 'etc/libvirt/virtlogd.conf' - 'etc/libvirt/virt-login-shell.conf' - 'etc/libvirt/virtlxcd.conf' - 'etc/libvirt/virtnetworkd.conf' - 'etc/libvirt/virtnodedevd.conf' - 'etc/libvirt/virtnwfilterd.conf' - 'etc/libvirt/virtproxyd.conf' - 'etc/libvirt/virtqemud.conf' - 'etc/libvirt/virtsecretd.conf' - 'etc/libvirt/virtstoraged.conf' - 'etc/libvirt/virtvboxd.conf' - 'etc/logrotate.d/libvirtd' - 'etc/logrotate.d/libvirtd.lxc' - 'etc/logrotate.d/libvirtd.qemu' - 'etc/sasl2/libvirt.conf' -) -source=("https://libvirt.org/sources/$pkgname-$pkgver.tar.xz"{,.asc}) -b2sums=('c118ca6b263054bb6941c62f3d1415f7ed1a3f29a35294272d04bc726643247ee5691e0310a1bf013faeba856d7aadd00a90fe8dbdca6ff4c7eb480e94d92fa2' - 'SKIP') -validpgpkeys=('C74415BA7C9C7F78F02E1DC34606B8A5DE95BC1F' # Daniel Veillard <veill...@redhat.com> - '453B65310595562855471199CA68BE8010084C9C') # Jiří Denemark <jdene...@redhat.com. - -prepare() { - cd "$pkgname-$pkgver" - - sed -i 's|/sysconfig/|/conf.d/|g' \ - src/interface/virtinterfaced.service.in \ - src/libxl/virtxend.service.in \ - src/locking/virtlockd.service.in \ - src/logging/virtlogd.service.in \ - src/lxc/virtlxcd.service.in \ - src/network/virtnetworkd.service.in \ - src/node_device/virtnodedevd.service.in \ - src/nwfilter/virtnwfilterd.service.in \ - src/qemu/virtqemud.service.in \ - src/remote/{virtproxyd.service.in,libvirtd.service.in} \ - src/secret/virtsecretd.service.in \ - src/storage/virtstoraged.service.in \ - src/vbox/virtvboxd.service.in \ - src/vz/virtvzd.service.in \ - tools/{libvirt-guests.service,libvirt-guests.sh,virt-pki-validate}.in - - sed -i 's|/usr/libexec/qemu-bridge-helper|/usr/lib/qemu/qemu-bridge-helper|g' \ - src/qemu/{qemu.conf,test_libvirtd_qemu.aug.in} - - # ZFS HACK - sed -i "s/'zfs'/'zic'/;s/'zpool'/'zic'/" meson.build -} - -build() { - CFLAGS+=" -Wall" \ - arch-meson $pkgname-$pkgver build \ - --libexecdir=/usr/lib/libvirt \ - -D apparmor=disabled \ - -D hal=disabled \ - -D netcf=disabled \ - -D openwsman=disabled \ - -D selinux=disabled \ - -D wireshark_dissector=disabled \ - -D driver_bhyve=disabled \ - -D driver_hyperv=disabled \ - -D driver_libxl=disabled \ - -D driver_vz=disabled \ - -D secdriver_apparmor=disabled \ - -D secdriver_selinux=disabled \ - -D storage_sheepdog=disabled \ - -D storage_vstorage=disabled \ - -D storage_zfs=enabled \ - -D dtrace=disabled \ - -D numad=disabled \ - -D git_werror=disabled \ - -D qemu_group=kvm \ - -D runstatedir=/run - - # ZFS HACK - sed -i '/ZIC/d' build/meson-config.h - echo '#define ZFS "/usr/bin/zfs"' >> build/meson-config.h - echo '#define ZPOOL "/usr/bin/zpool"' >> build/meson-config.h - - meson compile -C build -} - -check() { - meson test -C build --print-errorlogs -} - -package_libvirt() { - provides=('libvirt.so' 'libvirt-admin.so' 'libvirt-lxc.so' 'libvirt-qemu.so') - install=libvirt.install - DESTDIR="$pkgdir" meson install -C build - - mv "$pkgdir"/etc/{sysconfig,conf.d} - mkdir "$pkgdir"/usr/lib/{sysusers,tmpfiles}.d - echo "g libvirt - -" > "$pkgdir/usr/lib/sysusers.d/libvirt.conf" - echo "z /var/lib/libvirt/qemu 0751" > "$pkgdir/usr/lib/tmpfiles.d/libvirt.conf" - - chown 0:102 "$pkgdir/usr/share/polkit-1/rules.d" - chmod 0750 "$pkgdir/usr/share/polkit-1/rules.d" - chmod 600 "$pkgdir"/etc/libvirt/nwfilter/*.xml \ - "$pkgdir/etc/libvirt/qemu/networks/default.xml" - - # Strip auto-generated UUID, so it will be generated per-install. (reproducible builds) - sed -i 's|<uuid>.*</uuid>|<uuid></uuid>|' "$pkgdir"/etc/libvirt/qemu/networks/default.xml - - rm -rf \ - "$pkgdir/run" \ - "$pkgdir/var/lib/libvirt/qemu" \ - "$pkgdir/var/cache/libvirt/qemu" \ - "$pkgdir/etc/logrotate.d/libvirtd.libxl" - - rm -f "$pkgdir/etc/libvirt/qemu/networks/autostart/default.xml" - - # move split modules - mkdir "$srcdir"/split - mv "$pkgdir"/usr/lib/libvirt/storage-backend/libvirt_storage_backend_{rbd,gluster}.so "$srcdir"/split - mv "$pkgdir"/usr/lib/libvirt/storage-backend/libvirt_storage_backend_iscsi-direct.so "$srcdir"/split - mv "$pkgdir"/usr/lib/libvirt/storage-file/libvirt_storage_file_gluster.so "$srcdir"/split -} - -package_libvirt-storage-gluster() { - pkgdesc="Libvirt Gluster storage backend" - depends=("libvirt=$pkgver" 'glusterfs') - optdepends=() - backup=() - - install -Dv -t "$pkgdir/usr/lib/libvirt/storage-backend" "$srcdir/split/libvirt_storage_backend_gluster.so" - install -Dv -t "$pkgdir/usr/lib/libvirt/storage-file" "$srcdir/split/libvirt_storage_file_gluster.so" -} - -package_libvirt-storage-iscsi-direct() { - pkgdesc="Libvirt iSCSI-direct storage backend" - depends=("libvirt=$pkgver" 'libiscsi') - optdepends=() - backup=() - - install -Dv -t "$pkgdir/usr/lib/libvirt/storage-backend" "$srcdir/split/libvirt_storage_backend_iscsi-direct.so" -} - -package_libvirt-storage-rbd() { - pkgdesc="Libvirt RBD storage backend" - depends=("libvirt=$pkgver" 'ceph-libs') - optdepends=() - backup=() - - install -Dv -t "$pkgdir/usr/lib/libvirt/storage-backend" "$srcdir/split/libvirt_storage_backend_rbd.so" -} Copied: libvirt/repos/community-x86_64/PKGBUILD (from rev 725857, libvirt/trunk/PKGBUILD) =================================================================== --- PKGBUILD (rev 0) +++ PKGBUILD 2020-10-18 04:34:36 UTC (rev 725858) @@ -0,0 +1,190 @@ +# Maintainer: Robin Broda <ro...@broda.me> +# Contributor: Christian Rebischke <chris.rebisc...@archlinux.org> +# Contributor: Sergej Pupykin <pupykin.s+a...@gmail.com> +# Contributor: Jonathan Wiersma <archaur at jonw dot org> + +pkgname=(libvirt libvirt-storage-gluster libvirt-storage-iscsi-direct libvirt-storage-rbd) +epocj=1 +pkgver=6.5.0 +pkgrel=2 +pkgdesc="API for controlling virtualization engines (openvz,kvm,qemu,virtualbox,xen,etc)" +arch=('x86_64') +url="https://libvirt.org/" +license=('LGPL' 'GPL3') #libvirt_parthelper links to libparted which is GPL3 only +install=libvirt.install +depends=('libpciaccess' 'yajl' 'fuse2' 'gnutls' 'parted' 'libssh' 'libxml2' 'numactl' 'polkit') +makedepends=('libxslt' 'python-docutils' 'lvm2' 'open-iscsi' 'libiscsi' 'ceph-libs' 'glusterfs' + 'bash-completion' 'rpcsvc-proto' 'dnsmasq' 'iproute2' 'qemu-headless') +checkdepends=('ebtables') +optdepends=('libvirt-storage-gluster: Gluster storage backend' + 'libvirt-storage-iscsi-direct: iSCSI-direct storage backend' + 'libvirt-storage-rbd: RBD storage backend' + 'gettext: required for libvirt-guests.service' + 'openbsd-netcat: for remote management over ssh' + 'dmidecode: DMI system info support' + 'dnsmasq: required for default NAT/DHCP for guests' + 'radvd: IPv6 RAD support' + 'ebtables: required for default NAT networking' + 'qemu: QEMU/KVM support' + 'lvm2: Logical Volume Manager support' + 'open-iscsi: iSCSI support via iscsiadm') +backup=( + 'etc/conf.d/libvirtd' + 'etc/conf.d/libvirt-guests' + 'etc/conf.d/virtinterfaced' + 'etc/conf.d/virtlockd' + 'etc/conf.d/virtlogd' + 'etc/conf.d/virtlxcd' + 'etc/conf.d/virtnetworkd' + 'etc/conf.d/virtnodedevd' + 'etc/conf.d/virtnwfilterd' + 'etc/conf.d/virtproxyd' + 'etc/conf.d/virtqemud' + 'etc/conf.d/virtsecretd' + 'etc/conf.d/virtstoraged' + 'etc/conf.d/virtvboxd' + 'etc/libvirt/libvirt-admin.conf' + 'etc/libvirt/libvirt.conf' + 'etc/libvirt/libvirtd.conf' + 'etc/libvirt/lxc.conf' + 'etc/libvirt/nwfilter/allow-arp.xml' + 'etc/libvirt/nwfilter/allow-dhcp-server.xml' + 'etc/libvirt/nwfilter/allow-dhcp.xml' + 'etc/libvirt/nwfilter/allow-incoming-ipv4.xml' + 'etc/libvirt/nwfilter/allow-ipv4.xml' + 'etc/libvirt/nwfilter/clean-traffic-gateway.xml' + 'etc/libvirt/nwfilter/clean-traffic.xml' + 'etc/libvirt/nwfilter/no-arp-ip-spoofing.xml' + 'etc/libvirt/nwfilter/no-arp-mac-spoofing.xml' + 'etc/libvirt/nwfilter/no-arp-spoofing.xml' + 'etc/libvirt/nwfilter/no-ip-multicast.xml' + 'etc/libvirt/nwfilter/no-ip-spoofing.xml' + 'etc/libvirt/nwfilter/no-mac-broadcast.xml' + 'etc/libvirt/nwfilter/no-mac-spoofing.xml' + 'etc/libvirt/nwfilter/no-other-l2-traffic.xml' + 'etc/libvirt/nwfilter/no-other-rarp-traffic.xml' + 'etc/libvirt/nwfilter/qemu-announce-self-rarp.xml' + 'etc/libvirt/nwfilter/qemu-announce-self.xml' + 'etc/libvirt/qemu.conf' + 'etc/libvirt/qemu-lockd.conf' + 'etc/libvirt/qemu/networks/default.xml' + 'etc/libvirt/virtinterfaced.conf' + 'etc/libvirt/virtlockd.conf' + 'etc/libvirt/virtlogd.conf' + 'etc/libvirt/virt-login-shell.conf' + 'etc/libvirt/virtlxcd.conf' + 'etc/libvirt/virtnetworkd.conf' + 'etc/libvirt/virtnodedevd.conf' + 'etc/libvirt/virtnwfilterd.conf' + 'etc/libvirt/virtproxyd.conf' + 'etc/libvirt/virtqemud.conf' + 'etc/libvirt/virtsecretd.conf' + 'etc/libvirt/virtstoraged.conf' + 'etc/libvirt/virtvboxd.conf' + 'etc/logrotate.d/libvirtd' + 'etc/logrotate.d/libvirtd.lxc' + 'etc/logrotate.d/libvirtd.qemu' + 'etc/sasl2/libvirt.conf' +) +source=("https://libvirt.org/sources/$pkgname-$pkgver.tar.xz"{,.asc} + "CVE-2020-14339.patch") +sha256sums=('4915d9eab299ed79288d7598b717c587156708c05f701fe55a72293f32eb3182' + 'SKIP' + 'af90e325ae5f6f3f946695a8900ef2ea8cd579da61c608d69c4c550a8bc1b9db') +validpgpkeys=('C74415BA7C9C7F78F02E1DC34606B8A5DE95BC1F') # Daniel Veillard <veill...@redhat.com> + +prepare() { + mkdir build + cd "$pkgname-$pkgver" + + patch -Np1 -i "${srcdir}/CVE-2020-14339.patch" + + sed -i 's|/sysconfig/|/conf.d/|g' \ + src/remote/libvirtd.service.in \ + tools/{libvirt-guests.service,libvirt-guests.sh,virt-pki-validate}.in \ + src/locking/virtlockd.service.in \ + src/logging/virtlogd.service.in + sed -i 's|/usr/libexec/qemu-bridge-helper|/usr/lib/qemu/qemu-bridge-helper|g' \ + src/qemu/qemu.conf \ + src/qemu/test_libvirtd_qemu.aug.in + + sed -i 's/notify/simple/' src/remote/libvirtd.service.in +} + +build() { + cd build + ZFS=/usr/bin/zfs ZPOOL=/usr/bin/zpool \ + "../$pkgname-$pkgver/configure" \ + --prefix=/usr \ + "--libexec=/usr/lib/$pkgname" \ + --sbindir=/usr/bin \ + --with-runstatedir=/run \ + --with-qemu-group=kvm + sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool + make +} + +check() { + cd build + make check +} + +package_libvirt() { + provides=('libvirt.so' 'libvirt-admin.so' 'libvirt-lxc.so' 'libvirt-qemu.so') + cd build + make DESTDIR="$pkgdir" install + + mv "$pkgdir"/etc/{sysconfig,conf.d} + mkdir "$pkgdir"/usr/lib/{sysusers,tmpfiles}.d + echo "g libvirt - -" > "$pkgdir/usr/lib/sysusers.d/libvirt.conf" + echo "z /var/lib/libvirt/qemu 0751" > "$pkgdir/usr/lib/tmpfiles.d/libvirt.conf" + + chown 0:102 "$pkgdir/usr/share/polkit-1/rules.d" + chmod 0750 "$pkgdir/usr/share/polkit-1/rules.d" + chmod 600 "$pkgdir"/etc/libvirt/nwfilter/*.xml \ + "$pkgdir/etc/libvirt/qemu/networks/default.xml" + + # Strip auto-generated UUID, so it will be generated per-install. (reproducible builds) + sed -i 's|<uuid>.*</uuid>|<uuid></uuid>|' "$pkgdir"/etc/libvirt/qemu/networks/default.xml + + rm -rf \ + "$pkgdir/run" \ + "$pkgdir/var/lib/libvirt/qemu" \ + "$pkgdir/var/cache/libvirt/qemu" \ + "$pkgdir/etc/logrotate.d/libvirtd.libxl" + + rm -f "$pkgdir/etc/libvirt/qemu/networks/autostart/default.xml" + + # move split modules + mv "$pkgdir"/usr/lib/libvirt/storage-backend/libvirt_storage_backend_{rbd,gluster}.so "$pkgdir/../" + mv "$pkgdir/usr/lib/libvirt/storage-backend/libvirt_storage_backend_iscsi-direct.so" "$pkgdir/../" + mv "$pkgdir/usr/lib/libvirt/storage-file/libvirt_storage_file_gluster.so" "$pkgdir/../" +} + +package_libvirt-storage-gluster() { + pkgdesc="Libvirt Gluster storage backend" + depends=("libvirt=$pkgver" 'glusterfs') + optdepends=() + backup=() + + install -Dv -t "$pkgdir/usr/lib/libvirt/storage-backend" "$pkgdir/../libvirt_storage_backend_gluster.so" + install -Dv -t "$pkgdir/usr/lib/libvirt/storage-file" "$pkgdir/../libvirt_storage_file_gluster.so" +} + +package_libvirt-storage-iscsi-direct() { + pkgdesc="Libvirt iSCSI-direct storage backend" + depends=("libvirt=$pkgver" 'libiscsi') + optdepends=() + backup=() + + install -Dv -t "$pkgdir/usr/lib/libvirt/storage-backend" "$pkgdir/../libvirt_storage_backend_iscsi-direct.so" +} + +package_libvirt-storage-rbd() { + pkgdesc="Libvirt RBD storage backend" + depends=("libvirt=$pkgver" 'ceph-libs') + optdepends=() + backup=() + + install -Dv -t "$pkgdir/usr/lib/libvirt/storage-backend" "$pkgdir/../libvirt_storage_backend_rbd.so" +} Deleted: libvirt.install =================================================================== --- libvirt.install 2020-10-18 04:34:29 UTC (rev 725857) +++ libvirt.install 2020-10-18 04:34:36 UTC (rev 725858) @@ -1,7 +0,0 @@ -post_install() { - if [[ -f /etc/libvirt/qemu/networks/default.xml ]] - then - UUID=$(/usr/bin/uuidgen) - sed -i "s|<uuid></uuid>|<uuid>$UUID</uuid>|" /etc/libvirt/qemu/networks/default.xml - fi -} Copied: libvirt/repos/community-x86_64/libvirt.install (from rev 725857, libvirt/trunk/libvirt.install) =================================================================== --- libvirt.install (rev 0) +++ libvirt.install 2020-10-18 04:34:36 UTC (rev 725858) @@ -0,0 +1,7 @@ +post_install() { + if [[ -f /etc/libvirt/qemu/networks/default.xml ]] + then + UUID=$(/usr/bin/uuidgen) + sed -i "s|<uuid></uuid>|<uuid>$UUID</uuid>|" /etc/libvirt/qemu/networks/default.xml + fi +}