There's already a libvirt upgrade in master-next. Check it out and send any patches incrementally to that.
Bruce On Thu, Mar 31, 2022 at 10:18 AM <[email protected]> wrote: > Dropped patches which are part of the new version: > 0001-docs-Fix-template-matching-in-page.xsl.patch > 0001-security-fix-SELinux-label-generation-logic.patch > 0001-storage_driver-Unlock-object-on-ACL-fail-in-storageP.patch > 0002-meson-Fix-compatibility-with-Meson-0.58.patch > > Dropped the obsolete md5checksum. > > From upstream libvirt, the commit: > 8eb4461645 remove sysconfig files > removes all sysconfig files. Add the former libvirtd > sysconfig file that starts libvirtd in the right mode. > Since the sysconfig file has already been sed'ed, > remove the sed line from the install rule. > > Signed-off-by: Sakib Sajal <[email protected]> > --- > recipes-extended/libvirt/libvirt-python.inc | 4 +- > ...cs-Fix-template-matching-in-page.xsl.patch | 64 ------------------- > ...y-fix-SELinux-label-generation-logic.patch | 56 ---------------- > ...nlock-object-on-ACL-fail-in-storageP.patch | 40 ------------ > ...on-Fix-compatibility-with-Meson-0.58.patch | 48 -------------- > recipes-extended/libvirt/libvirt/libvirtd | 22 +++++++ > .../{libvirt_7.2.0.bb => libvirt_8.1.0.bb} | 19 +++--- > 7 files changed, 34 insertions(+), 219 deletions(-) > delete mode 100644 > recipes-extended/libvirt/libvirt/0001-docs-Fix-template-matching-in-page.xsl.patch > delete mode 100644 > recipes-extended/libvirt/libvirt/0001-security-fix-SELinux-label-generation-logic.patch > delete mode 100644 > recipes-extended/libvirt/libvirt/0001-storage_driver-Unlock-object-on-ACL-fail-in-storageP.patch > delete mode 100644 > recipes-extended/libvirt/libvirt/0002-meson-Fix-compatibility-with-Meson-0.58.patch > create mode 100644 recipes-extended/libvirt/libvirt/libvirtd > rename recipes-extended/libvirt/{libvirt_7.2.0.bb => libvirt_8.1.0.bb} > (94%) > > diff --git a/recipes-extended/libvirt/libvirt-python.inc > b/recipes-extended/libvirt/libvirt-python.inc > index a48aaea5..6f963fb8 100644 > --- a/recipes-extended/libvirt/libvirt-python.inc > +++ b/recipes-extended/libvirt/libvirt-python.inc > @@ -17,8 +17,8 @@ FILES:${PN}-python = "${bindir}/* ${libdir}/* > ${libdir}/${PYTHON_DIR}/*" > > SRC_URI += " > http://libvirt.org/sources/python/libvirt-python-${PV}.tar.gz;name=libvirt_python > " > > -SRC_URI[libvirt_python.md5sum] = "19bf22414a43d358581b9259b52047a7" > -SRC_URI[libvirt_python.sha256sum] = > "c0c3bac54c55622e17927b09cd9843869600d71842fb072c99491fe2608dcee7" > +SRC_URI[libvirt_python.md5sum] = "dbb1ab179303700aefa20f831b645ee2" > +SRC_URI[libvirt_python.sha256sum] = > "a21ecfab6d29ac1bdd1bfd4aa3ef58447f9f70919aefecd03774613f65914e43" > > export LIBVIRT_API_PATH = "${S}/docs/libvirt-api.xml" > export LIBVIRT_CFLAGS = "-I${S}/include" > diff --git > a/recipes-extended/libvirt/libvirt/0001-docs-Fix-template-matching-in-page.xsl.patch > b/recipes-extended/libvirt/libvirt/0001-docs-Fix-template-matching-in-page.xsl.patch > deleted file mode 100644 > index 9dd650ee..00000000 > --- > a/recipes-extended/libvirt/libvirt/0001-docs-Fix-template-matching-in-page.xsl.patch > +++ /dev/null > @@ -1,64 +0,0 @@ > -Upstream-Status: Backport > - > -Signed-off-by: Kai Kang <[email protected]> > - > -From 54814c87f3706cc8eb894634ebef0f9cf7dabae6 Mon Sep 17 00:00:00 2001 > -From: Martin Kletzander <[email protected]> > -Date: Mon, 21 Feb 2022 09:26:13 +0100 > -Subject: [PATCH] docs: Fix template matching in page.xsl > - > -Our last default template had a match of "node()" which incidentally > matched > -everything, including text nodes. Since this has the same priority > according to > -the XSLT spec, section 5.5: > - > - https://www.w3.org/TR/1999/REC-xslt-19991116#conflict > - > -this is an error. Also according to the same spec section, the XSLT > processor > -may signal the error or pick the last rule. > - > -This was uncovered with libxslt 1.1.35 which contains the following > commit: > - > - > https://gitlab.gnome.org/GNOME/libxslt/-/commit/b0074eeca3c6b21b4da14fdf712b853900c51635 > - > -which makes the build fail with: > - > - runtime error: file ../docs/page.xsl line 223 element element > - xsl:element: The effective name '' is not a valid QName. > - > -because our last rule also matches text nodes and we are trying to > extract the > -node name out of them. > - > -To fix this we change the match to "*" which only matches elements and > not all > -the nodes, and to avoid any possible errors with different XSLT > processors we > -also bump the priority of the match="text()" rule a little higher, just > in case > -someone needs to use an XSLT processor that chooses signalling the error > instead > -of the optional recovery. > - > -https://bugs.gentoo.org/833586 > - > -Signed-off-by: Martin Kletzander <[email protected]> > ---- > - docs/page.xsl | 4 ++-- > - 1 file changed, 2 insertions(+), 2 deletions(-) > - > -diff --git a/docs/page.xsl b/docs/page.xsl > -index fd67918d3b..72a6fa0842 100644 > ---- a/docs/page.xsl > -+++ b/docs/page.xsl > -@@ -215,11 +215,11 @@ > - </xsl:element> > - </xsl:template> > - > -- <xsl:template match="text()" mode="copy"> > -+ <xsl:template match="text()" mode="copy" priority="0"> > - <xsl:value-of select="."/> > - </xsl:template> > - > -- <xsl:template match="node()" mode="copy"> > -+ <xsl:template match="*" mode="copy"> > - <xsl:element name="{name()}"> > - <xsl:copy-of select="./@*"/> > - <xsl:apply-templates mode="copy" /> > --- > -2.33.0 > - > diff --git > a/recipes-extended/libvirt/libvirt/0001-security-fix-SELinux-label-generation-logic.patch > b/recipes-extended/libvirt/libvirt/0001-security-fix-SELinux-label-generation-logic.patch > deleted file mode 100644 > index 2753503d..00000000 > --- > a/recipes-extended/libvirt/libvirt/0001-security-fix-SELinux-label-generation-logic.patch > +++ /dev/null > @@ -1,56 +0,0 @@ > -From 15073504dbb624d3f6c911e85557019d3620fdb2 Mon Sep 17 00:00:00 2001 > -From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <[email protected]> > -Date: Mon, 28 Jun 2021 13:09:04 +0100 > -Subject: [PATCH] security: fix SELinux label generation logic > -MIME-Version: 1.0 > -Content-Type: text/plain; charset=UTF-8 > -Content-Transfer-Encoding: 8bit > - > -A process can access a file if the set of MCS categories > -for the file is equal-to *or* a subset-of, the set of > -MCS categories for the process. > - > -If there are two VMs: > - > - a) svirt_t:s0:c117 > - b) svirt_t:s0:c117,c720 > - > -Then VM (b) is able to access files labelled for VM (a). > - > -IOW, we must discard case where the categories are equal > -because that is a subset of many other valid category pairs. > - > -Upstream-status: Backport > - > -Fixes: https://gitlab.com/libvirt/libvirt/-/issues/153 > -CVE-2021-3631 > -Reviewed-by: Peter Krempa <[email protected]> > -Signed-off-by: Daniel P. Berrangé <[email protected]> > ---- > - src/security/security_selinux.c | 10 +++++++++- > - 1 file changed, 9 insertions(+), 1 deletion(-) > - > -diff --git a/src/security/security_selinux.c > b/src/security/security_selinux.c > -index b50f4463cc..0c2cf1d1c7 100644 > ---- a/src/security/security_selinux.c > -+++ b/src/security/security_selinux.c > -@@ -383,7 +383,15 @@ virSecuritySELinuxMCSFind(virSecurityManager *mgr, > - VIR_DEBUG("Try cat %s:c%d,c%d", sens, c1 + catMin, c2 + catMin); > - > - if (c1 == c2) { > -- mcs = g_strdup_printf("%s:c%d", sens, catMin + c1); > -+ /* > -+ * A process can access a file if the set of MCS categories > -+ * for the file is equal-to *or* a subset-of, the set of > -+ * MCS categories for the process. > -+ * > -+ * IOW, we must discard case where the categories are equal > -+ * because that is a subset of other category pairs. > -+ */ > -+ continue; > - } else { > - if (c1 > c2) { > - int t = c1; > --- > -2.17.1 > - > diff --git > a/recipes-extended/libvirt/libvirt/0001-storage_driver-Unlock-object-on-ACL-fail-in-storageP.patch > b/recipes-extended/libvirt/libvirt/0001-storage_driver-Unlock-object-on-ACL-fail-in-storageP.patch > deleted file mode 100644 > index 608322d9..00000000 > --- > a/recipes-extended/libvirt/libvirt/0001-storage_driver-Unlock-object-on-ACL-fail-in-storageP.patch > +++ /dev/null > @@ -1,40 +0,0 @@ > -From d3e20e186ed531e196bb1529430f39b0c917e6dc Mon Sep 17 00:00:00 2001 > -From: Peter Krempa <[email protected]> > -Date: Wed, 21 Jul 2021 11:22:25 +0200 > -Subject: [PATCH] storage_driver: Unlock object on ACL fail in > - storagePoolLookupByTargetPath > - > -'virStoragePoolObjListSearch' returns a locked and refed object, thus we > -must release it on ACL permission failure. > - > -Fixes: 7aa0e8c0cb8 > -Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1984318 > -Signed-off-by: Peter Krempa <[email protected]> > -Reviewed-by: Michal Privoznik <[email protected]> > - > -Upstream-status: Backport > -CVE-2021-3667 [https://bugzilla.redhat.com/show_bug.cgi?id=1986094] > -Signed-off-by: Yanfei Xu <[email protected]> > ---- > - src/storage/storage_driver.c | 4 +++- > - 1 file changed, 3 insertions(+), 1 deletion(-) > - > -diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c > -index ecb5b86b4f..de66f1f9e5 100644 > ---- a/src/storage/storage_driver.c > -+++ b/src/storage/storage_driver.c > -@@ -1739,8 +1739,10 @@ storagePoolLookupByTargetPath(virConnectPtr conn, > - > storagePoolLookupByTargetPathCallback, > - cleanpath))) { > - def = virStoragePoolObjGetDef(obj); > -- if (virStoragePoolLookupByTargetPathEnsureACL(conn, def) < 0) > -+ if (virStoragePoolLookupByTargetPathEnsureACL(conn, def) < 0) { > -+ virStoragePoolObjEndAPI(&obj); > - return NULL; > -+ } > - > - pool = virGetStoragePool(conn, def->name, def->uuid, NULL, NULL); > - virStoragePoolObjEndAPI(&obj); > --- > -2.27.0 > - > diff --git > a/recipes-extended/libvirt/libvirt/0002-meson-Fix-compatibility-with-Meson-0.58.patch > b/recipes-extended/libvirt/libvirt/0002-meson-Fix-compatibility-with-Meson-0.58.patch > deleted file mode 100644 > index 3201eede..00000000 > --- > a/recipes-extended/libvirt/libvirt/0002-meson-Fix-compatibility-with-Meson-0.58.patch > +++ /dev/null > @@ -1,48 +0,0 @@ > -From c607266619c5ab78ad5d4179b3ea93cfb6348391 Mon Sep 17 00:00:00 2001 > -From: Andrea Bolognani <[email protected]> > -Date: Mon, 3 May 2021 09:06:34 +0200 > -Subject: [PATCH] meson: Fix compatibility with Meson 0.58 > - > -Builds failed with > - > - tests/meson.build:690:0: ERROR: List item must be one > - of <class 'str'>, not <class 'list'> > - > -before this change. > - > -https://gitlab.com/libvirt/libvirt/-/issues/158 > - > -Upstream-Status: Backport [ > https://gitlab.com/libvirt/libvirt/-/commit/c607266619c5ab78ad5d4179b3ea93cfb6348391 > ] > - > -Signed-off-by: Martin Jansa <[email protected]> > -Signed-off-by: Andrea Bolognani <[email protected]> > -Reviewed-by: Peter Krempa <[email protected]> > -Reviewed-by: Pavel Hrdina <[email protected]> > ---- > - tests/meson.build | 8 ++++---- > - 1 file changed, 4 insertions(+), 4 deletions(-) > - > -diff --git a/tests/meson.build b/tests/meson.build > -index 05c3e90195..9900983d0c 100644 > ---- a/tests/meson.build > -+++ b/tests/meson.build > -@@ -687,12 +687,12 @@ foreach name : test_scripts > - test(name, script, env: tests_env) > - endforeach > - > -+testenv = runutf8 > -+testenv += 'VIR_TEST_FILE_ACCESS=1' > -+ > - add_test_setup( > - 'access', > -- env: [ > -- 'VIR_TEST_FILE_ACCESS=1', > -- runutf8, > -- ], > -+ env: testenv, > - exe_wrapper: [ python3_prog, check_file_access_prog.path() ], > - ) > - > --- > -GitLab > - > diff --git a/recipes-extended/libvirt/libvirt/libvirtd > b/recipes-extended/libvirt/libvirt/libvirtd > new file mode 100644 > index 00000000..455b4395 > --- /dev/null > +++ b/recipes-extended/libvirt/libvirt/libvirtd > @@ -0,0 +1,22 @@ > +# Customizations for the libvirtd.service systemd unit > + > +# Default behaviour is for libvirtd.service to start on boot > +# so that VM autostart can be performed. We then want it to > +# shutdown again if nothing was started and rely on systemd > +# socket activation to start it again when some client app > +# connects. > +LIBVIRTD_ARGS="--timeout 120" > + > +# If systemd socket activation is disabled, then the following > +# can be used to listen on TCP/TLS sockets > +#LIBVIRTD_ARGS="--listen" > +LIBVIRTD_ARGS="--listen --daemon" > + > +# Override the QEMU/SDL default audio driver probing when > +# starting virtual machines using SDL graphics > +# > +# NB these have no effect for VMs using VNC, unless vnc_allow_host_audio > +# is enabled in /etc/libvirt/qemu.conf > +#QEMU_AUDIO_DRV=sdl > +# > +#SDL_AUDIODRIVER=pulse > diff --git a/recipes-extended/libvirt/libvirt_7.2.0.bb > b/recipes-extended/libvirt/libvirt_8.1.0.bb > similarity index 94% > rename from recipes-extended/libvirt/libvirt_7.2.0.bb > rename to recipes-extended/libvirt/libvirt_8.1.0.bb > index 1fc55b8d..f4c0722a 100644 > --- a/recipes-extended/libvirt/libvirt_7.2.0.bb > +++ b/recipes-extended/libvirt/libvirt_8.1.0.bb > @@ -23,19 +23,15 @@ RDEPENDS:libvirt-libvirtd:append:x86 = " dmidecode" > RCONFLICTS:${PN}_libvirtd = "connman" > > SRC_URI = "http://libvirt.org/sources/libvirt-${PV}.tar.xz;name=libvirt \ > + file://libvirtd \ > file://libvirtd.sh \ > file://libvirtd.conf \ > file://dnsmasq.conf \ > file://hook_support.py \ > file://gnutls-helper.py \ > - file://0002-meson-Fix-compatibility-with-Meson-0.58.patch \ > - file://0001-security-fix-SELinux-label-generation-logic.patch \ > - > file://0001-storage_driver-Unlock-object-on-ACL-fail-in-storageP.patch \ > - file://0001-docs-Fix-template-matching-in-page.xsl.patch \ > " > > -SRC_URI[libvirt.md5sum] = "92044b629216e44adce63224970a54a3" > -SRC_URI[libvirt.sha256sum] = > "01f459d0c7ba5009622a628dba1a026200e8f4a299fea783b936a71d7e0ed1d0" > +SRC_URI[libvirt.sha256sum] = > "3c6c43becffeb34a3f397c616206aa69a893ff8bf5e8208393c84e8e75352934" > > inherit meson gettext update-rc.d pkgconfig systemd useradd perlnative > USERADD_PACKAGES = "${PN}" > @@ -160,7 +156,7 @@ PACKAGECONFIG[fuse] = > "-Dfuse=enabled,-Dfuse=disabled,fuse," > PACKAGECONFIG[audit] = "-Daudit=enabled,-Daudit=disabled,audit," > PACKAGECONFIG[libcap-ng] = "-Dcapng=enabled,-Dcapng=disabled,libcap-ng," > PACKAGECONFIG[wireshark] = > "-Dwireshark_dissector=enabled,-Dwireshark_dissector=disabled,wireshark > libwsutil," > -PACKAGECONFIG[apparmor_profiles] = "-Dapparmor_profiles=true, > -Dapparmor_profiles=false," > +PACKAGECONFIG[apparmor_profiles] = "-Dapparmor_profiles=enabled, > -Dapparmor_profiles=disabled," > PACKAGECONFIG[firewalld] = "-Dfirewalld=enabled, -Dfirewalld=disabled," > PACKAGECONFIG[libpcap] = "-Dlibpcap=enabled, > -Dlibpcap=disabled,libpcap,libpcap" > PACKAGECONFIG[numad] = "-Dnumad=enabled, -Dnumad=disabled," > @@ -211,8 +207,8 @@ do_install:append() { > rmdir ${D}${prefix}/lib/systemd/system > ${D}${prefix}/lib/systemd > fi > > - # This variable is used by libvirtd.service to start libvirtd > in the right mode > - sed -i '/#LIBVIRTD_ARGS="--listen"/a LIBVIRTD_ARGS="--listen > --daemon"' ${D}/${sysconfdir}/sysconfig/libvirtd > + mkdir -p ${D}/${sysconfdir}/sysconfig > + install -m 0644 ${WORKDIR}/libvirtd > ${D}/${sysconfdir}/sysconfig > > # We can't use 'notify' when we don't support 'sd_notify' dbus > capabilities. > sed -i -e 's/Type=notify/Type=forking/' \ > @@ -307,6 +303,11 @@ do_install:append() { > > # virt-login-shell needs to run with setuid permission > chmod 4755 ${D}${bindir}/virt-login-shell > + > + # remove unsupported migration config file > + # migration process is described here: > + # https://wiki.qemu.org/Features/PostCopyLiveMigration > + rm ${D}/usr/lib/sysctl.d/60-qemu-postcopy-migration.conf > } > > EXTRA_OEMESON += " \ > -- > 2.33.0 > > > > > -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#7119): https://lists.yoctoproject.org/g/meta-virtualization/message/7119 Mute This Topic: https://lists.yoctoproject.org/mt/90155357/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
