Hello community, here is the log from the commit of package nbd for openSUSE:Factory checked in at 2019-06-12 13:04:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nbd (Old) and /work/SRC/openSUSE:Factory/.nbd.new.4811 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nbd" Wed Jun 12 13:04:23 2019 rev:50 rq:706327 version:3.19 Changes: -------- --- /work/SRC/openSUSE:Factory/nbd/nbd.changes 2019-02-04 21:18:52.931703227 +0100 +++ /work/SRC/openSUSE:Factory/.nbd.new.4811/nbd.changes 2019-06-12 13:04:36.689226130 +0200 @@ -1,0 +2,12 @@ +Wed May 29 13:43:41 UTC 2019 - Martin Pluskal <[email protected]> + +- Update to version 3.19.0: + * Better error messages in case of unexpected disconnects + * Better compatibility with non-bash sh implementations + (for configure.sh) + * Fix for a segfault in NBD_OPT_INFO handling + * The ability to specify whether to listen on both TCP and Unix + domain sockets, rather than to always do so + * Various minor editorial and spelling fixes in the documentation. + +------------------------------------------------------------------- Old: ---- nbd-3.18.tar.xz New: ---- nbd-3.19.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nbd.spec ++++++ --- /var/tmp/diff_new_pack.o450db/_old 2019-06-12 13:04:37.337225858 +0200 +++ /var/tmp/diff_new_pack.o450db/_new 2019-06-12 13:04:37.341225857 +0200 @@ -25,7 +25,7 @@ %define use_firewalld 0 %endif Name: nbd -Version: 3.18 +Version: 3.19 Release: 0 Summary: Network Block Device Server and Client Utilities License: GPL-2.0-or-later @@ -44,6 +44,7 @@ BuildRequires: systemd-rpm-macros BuildRequires: pkgconfig(glib-2.0) >= 2.26.0 BuildRequires: pkgconfig(gnutls) +BuildRequires: pkgconfig(libnl-3.0) Requires(pre): %fillup_prereq Requires(pre): coreutils %systemd_requires ++++++ 0001_fix_setgroup.patch ++++++ --- /var/tmp/diff_new_pack.o450db/_old 2019-06-12 13:04:37.365225847 +0200 +++ /var/tmp/diff_new_pack.o450db/_new 2019-06-12 13:04:37.365225847 +0200 @@ -16,11 +16,11 @@ nbd-server.c | 1 + 1 file changed, 1 insertion(+) -Index: nbd-3.18/nbd-server.c +Index: nbd-3.19/nbd-server.c =================================================================== ---- nbd-3.18.orig/nbd-server.c -+++ nbd-3.18/nbd-server.c -@@ -3471,6 +3471,7 @@ void dousers(const gchar *const username +--- nbd-3.19.orig/nbd-server.c ++++ nbd-3.19/nbd-server.c +@@ -3476,6 +3476,7 @@ void dousers(const gchar *const username err(str); } setgroups(0, NULL); ++++++ nbd-3.18.tar.xz -> nbd-3.19.tar.xz ++++++ ++++ 1779 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/nbd-3.18/README.md new/nbd-3.19/README.md --- old/nbd-3.18/README.md 2018-03-16 19:22:16.000000000 +0100 +++ new/nbd-3.19/README.md 2018-11-23 12:27:50.000000000 +0100 @@ -19,7 +19,7 @@ If you want to send a patch, please do not open a pull request; instead, send it to the -[mailinglist](https://lists.sourceforge.net/lists/listinfo/nbd-general) +[mailinglist](https://lists.debian.org/nbd) Using NBD --------- @@ -108,7 +108,7 @@ If you're packaging NBD for a different operating system that isn't in the above list, I'd like to know about it. -For questions, please use the `[email protected]` mailinglist. +For questions, please use the [[email protected]](mailto:[email protected]) mailinglist. Badges ====== diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/nbd-3.18/autogen.sh new/nbd-3.19/autogen.sh --- old/nbd-3.18/autogen.sh 2017-06-05 16:18:09.000000000 +0200 +++ new/nbd-3.19/autogen.sh 2019-01-30 16:25:41.000000000 +0100 @@ -1,5 +1,5 @@ #!/bin/sh set -ex -make -C man -f Makefile.am nbd-server.1.sh.in nbd-server.5.sh.in nbd-client.8.sh.in nbd-trdump.1.sh.in nbdtab.5.sh.in +make -C man -f mans.mk nbd-server.1.sh.in nbd-server.5.sh.in nbd-client.8.sh.in nbd-trdump.1.sh.in nbdtab.5.sh.in make -C systemd -f Makefile.am [email protected] exec autoreconf -f -i diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/nbd-3.18/cliserv.c new/nbd-3.19/cliserv.c --- old/nbd-3.18/cliserv.c 2018-03-16 19:22:16.000000000 +0100 +++ new/nbd-3.19/cliserv.c 2018-11-23 12:27:50.000000000 +0100 @@ -124,6 +124,7 @@ return -1; } } else { + errno = ECONNRESET; return -1; } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/nbd-3.18/configure.ac new/nbd-3.19/configure.ac --- old/nbd-3.18/configure.ac 2018-08-18 16:29:57.000000000 +0200 +++ new/nbd-3.19/configure.ac 2019-01-30 16:24:10.000000000 +0100 @@ -319,8 +319,8 @@ PKG_CHECK_MODULES(LIBNL3, libnl-genl-3.0 >= 3.1, [HAVE_NETLINK=1 AC_DEFINE(HAVE_NETLINK, 1, [Define to 1 if we have netlink support]) - CFLAGS+=" $LIBNL3_CFLAGS" - LIBS+=" $LIBNL3_LIBS"], + CFLAGS="$CFLAGS $LIBNL3_CFLAGS" + LIBS="$LIBS $LIBNL3_LIBS"], [if test "x$with_libnl" = "xyes"; then AC_MSG_ERROR([--with-libnl given but cannot find libnl]) else @@ -333,6 +333,19 @@ AC_DEFINE(HAVE_NETLINK, 0, [Define to 1 if we have netlink support]) fi +AC_ARG_ENABLE([manpages], + AS_HELP_STRING([--disable-manpages], [Do not install man pages])) +AM_CONDITIONAL(MANPAGES, test "x$enablemanpages" != "xno") +AS_IF([test "x$enable_manpages" != "xno"], [ + AC_SUBST([MAN_CONFIG_FILES],["\ + man/nbd-client.8.sh \ + man/nbd-server.5.sh \ + man/nbd-server.1.sh \ + man/nbd-trdump.1.sh \ + man/nbdtab.5.sh \ + "]) + ]) + AC_HEADER_SYS_WAIT AC_TYPE_OFF_T AC_TYPE_PID_T @@ -351,11 +364,11 @@ tests/Makefile tests/code/Makefile tests/run/Makefile - man/nbd-client.8.sh - man/nbd-server.5.sh - man/nbd-server.1.sh - man/nbd-trdump.1.sh - man/nbdtab.5.sh + man/nbd-client.8.sh + man/nbd-server.5.sh + man/nbd-server.1.sh + man/nbd-trdump.1.sh + man/nbdtab.5.sh systemd/Makefile systemd/[email protected] ]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/nbd-3.18/doc/proto.md new/nbd-3.19/doc/proto.md --- old/nbd-3.18/doc/proto.md 2018-08-18 16:29:57.000000000 +0200 +++ new/nbd-3.19/doc/proto.md 2018-11-23 12:27:50.000000000 +0100 @@ -1049,7 +1049,7 @@ connections to the given device. In particular, if this flag is present, then the effects of `NBD_CMD_FLUSH` and `NBD_CMD_FLAG_FUA` MUST be visible across all connections when the server sends its reply - to that command to the client. In the absense of this flag, clients + to that command to the client. In the absence of this flag, clients SHOULD NOT multiplex their commands over more than one connection to the export. - bit 9, `NBD_FLAG_SEND_RESIZE`: defined by the experimental `RESIZE` @@ -2157,12 +2157,12 @@ * The `RESIZE` [extension](https://github.com/NetworkBlockDevice/nbd/blob/extension-resize/doc/proto.md). Implementors of these extensions are strongly suggested to contact the -[mailinglist](mailto:[email protected]) in order to help +[mailinglist](mailto:[email protected]) in order to help fine-tune the specifications before committing to a particular implementation. Those proposing further extensions should also contact the -[mailinglist](mailto:[email protected]). It is +[mailinglist](mailto:[email protected]). It is possible to reserve command codes etc. within this document for such proposed extensions. Aside from that, extensions are written as branches which can be merged into master if and diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/nbd-3.18/man/Makefile.am new/nbd-3.19/man/Makefile.am --- old/nbd-3.18/man/Makefile.am 2017-06-05 16:18:09.000000000 +0200 +++ new/nbd-3.19/man/Makefile.am 2019-01-30 16:25:29.000000000 +0100 @@ -1,46 +1,9 @@ +if MANPAGES man_MANS = nbd-server.1 nbd-server.5 nbd-client.8 nbd-trdump.1 nbdtab.5 CLEANFILES = manpage.links manpage.refs DISTCLEANFILES = nbd-server.1 nbd-client.8 nbd-server.5 nbd-trdump.1 nbdtab.5 MAINTAINERCLEANFILES = nbd-server.1.sh.in nbd-client.8.sh.in nbd-server.5.sh.in nbd-trdump.1.sh.in nbdtab.5.sh.in EXTRA_DIST = nbd-server.1.in.sgml nbd-client.8.in.sgml nbd-server.5.in.sgml nbd-trdump.1.in.sgml nbdtab.5.in.sgml nbd-server.1.sh.in nbd-server.5.sh.in nbd-client.8.sh.in nbd-trdump.1.sh.in nbdtab.5.sh.in sh.tmpl -nbd-server.1: nbd-server.1.sh - sh nbd-server.1.sh > nbd-server.1 -nbd-server.5: nbd-server.5.sh - sh nbd-server.5.sh > nbd-server.5 -nbd-client.8: nbd-client.8.sh - sh nbd-client.8.sh > nbd-client.8 -nbd-trdump.1: nbd-trdump.1.sh - sh nbd-trdump.1.sh > nbd-trdump.1 -nbdtab.5: nbdtab.5.sh - sh nbdtab.5.sh > nbdtab.5 -nbd-server.1.sh.in: nbd-server.1.in.sgml sh.tmpl - LC_ALL=C docbook2man nbd-server.1.in.sgml - cat sh.tmpl > nbd-server.1.sh.in - cat NBD-SERVER.1 >> nbd-server.1.sh.in - echo "EOF" >> nbd-server.1.sh.in - rm NBD-SERVER.1 -nbd-client.8.sh.in: nbd-client.8.in.sgml sh.tmpl - LC_ALL=C docbook2man nbd-client.8.in.sgml - cat sh.tmpl > nbd-client.8.sh.in - cat NBD-CLIENT.8 >> nbd-client.8.sh.in - echo "EOF" >> nbd-client.8.sh.in - rm NBD-CLIENT.8 -nbd-server.5.sh.in: nbd-server.5.in.sgml sh.tmpl - LC_ALL=C docbook2man nbd-server.5.in.sgml - cat sh.tmpl > nbd-server.5.sh.in - cat NBD-SERVER.5 >> nbd-server.5.sh.in - echo "EOF" >> nbd-server.5.sh.in - rm NBD-SERVER.5 -nbd-trdump.1.sh.in: nbd-trdump.1.in.sgml sh.tmpl - LC_ALL=C docbook2man nbd-trdump.1.in.sgml - cat sh.tmpl > nbd-trdump.1.sh.in - cat NBD-TRDUMP.1 >> nbd-trdump.1.sh.in - echo "EOF" >> nbd-trdump.1.sh.in - rm NBD-TRDUMP.1 -nbdtab.5.sh.in: nbdtab.5.in.sgml sh.tmpl - LC_ALL=C docbook2man nbdtab.5.in.sgml - cat sh.tmpl > nbdtab.5.sh.in - cat NBDTAB.5 >> nbdtab.5.sh.in - echo "EOF" >> nbdtab.5.sh.in - rm NBDTAB.5 +include $(srcdir)/mans.mk +endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/nbd-3.18/man/mans.mk new/nbd-3.19/man/mans.mk --- old/nbd-3.18/man/mans.mk 1970-01-01 01:00:00.000000000 +0100 +++ new/nbd-3.19/man/mans.mk 2019-01-30 16:25:29.000000000 +0100 @@ -0,0 +1,40 @@ +nbd-server.1: nbd-server.1.sh + sh nbd-server.1.sh > nbd-server.1 +nbd-server.5: nbd-server.5.sh + sh nbd-server.5.sh > nbd-server.5 +nbd-client.8: nbd-client.8.sh + sh nbd-client.8.sh > nbd-client.8 +nbd-trdump.1: nbd-trdump.1.sh + sh nbd-trdump.1.sh > nbd-trdump.1 +nbdtab.5: nbdtab.5.sh + sh nbdtab.5.sh > nbdtab.5 +nbd-server.1.sh.in: nbd-server.1.in.sgml sh.tmpl + LC_ALL=C docbook2man nbd-server.1.in.sgml + cat sh.tmpl > nbd-server.1.sh.in + cat NBD-SERVER.1 >> nbd-server.1.sh.in + echo "EOF" >> nbd-server.1.sh.in + rm NBD-SERVER.1 +nbd-client.8.sh.in: nbd-client.8.in.sgml sh.tmpl + LC_ALL=C docbook2man nbd-client.8.in.sgml + cat sh.tmpl > nbd-client.8.sh.in + cat NBD-CLIENT.8 >> nbd-client.8.sh.in + echo "EOF" >> nbd-client.8.sh.in + rm NBD-CLIENT.8 +nbd-server.5.sh.in: nbd-server.5.in.sgml sh.tmpl + LC_ALL=C docbook2man nbd-server.5.in.sgml + cat sh.tmpl > nbd-server.5.sh.in + cat NBD-SERVER.5 >> nbd-server.5.sh.in + echo "EOF" >> nbd-server.5.sh.in + rm NBD-SERVER.5 +nbd-trdump.1.sh.in: nbd-trdump.1.in.sgml sh.tmpl + LC_ALL=C docbook2man nbd-trdump.1.in.sgml + cat sh.tmpl > nbd-trdump.1.sh.in + cat NBD-TRDUMP.1 >> nbd-trdump.1.sh.in + echo "EOF" >> nbd-trdump.1.sh.in + rm NBD-TRDUMP.1 +nbdtab.5.sh.in: nbdtab.5.in.sgml sh.tmpl + LC_ALL=C docbook2man nbdtab.5.in.sgml + cat sh.tmpl > nbdtab.5.sh.in + cat NBDTAB.5 >> nbdtab.5.sh.in + echo "EOF" >> nbdtab.5.sh.in + rm NBDTAB.5 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/nbd-3.18/man/nbd-client.8.in.sgml new/nbd-3.19/man/nbd-client.8.in.sgml --- old/nbd-3.18/man/nbd-client.8.in.sgml 2018-08-18 16:29:57.000000000 +0200 +++ new/nbd-3.19/man/nbd-client.8.in.sgml 2018-11-23 16:41:56.000000000 +0100 @@ -358,21 +358,6 @@ </listitem> </varlistentry> <varlistentry> - <term><option>-netlink</option></term> - <term><option>-L</option></term> - <listitem> - <para> - Use the netlink interface to setup a new device. If no device is - specified then an empty one will be selected or a new one will be - created if there are no existing empty devices available. This - option does not leave the client waiting for the device to exit. - </para> - <para> - If this is used with disconnect then you must specify a device. - </para> - </listitem> - </varlistentry> - <varlistentry> <term><option>-unix</option></term> <term><option>-u</option></term> <listitem> @@ -384,47 +369,6 @@ </para> </listitem> </varlistentry> - </variablelist> - <refsect2> - <title>TLS support</title> - <para>Enabling any of the TLS-related options causes the client to - use the NBD_OPT_STARTTLS command to upgrade the connection to - TLS. Since negotiating TLS support from userspace for a kernel - socket would be very involved (if passing keys to kernel space - were even possible, which it isn't), the way this is implemented - is that the nbd-client process creates a socketpair, one side of - which it hands to the kernel, and the other side of which is - handed to an encrypting/decrypting proxy. This has the effect - that all communication will be encrypted before being sent over - the wire; however, doing so is not safe in combination with - swapping over an NBD device:</para> - <para> - In order to free memory by swapping, the kernel needs to be sure - that the write to the nbd device has finalized. For this, it - needs to be able to receive an NBD_CMD_WRITE reply which informs - it that the write has completed successfully and that the memory - may be released. Receiving data over the network, however, - requires that the kernel <emphasis>allocate</emphasis> memory - first, which is impossible if we're low on memory (a likely - situation when trying to swap). This is likely to cause a - deadlock when we're low on memory and there are high amounts of - network traffic.</para> - <para>To remedy this situation, the kernel sets the PF_MEMALLOC - option on the nbd socket; when low on memory, it will throw away - all packets except for those destined to a socket with that - option set, relying on the normal TCP retransmit system to - ensure that data is not lost. This avoids the deadlock described - above.</para> - <para>However, the PF_MEMALLOC option is set on the socket that is - connected to the nbd device, not the encrypted socket connected - to the encrypting/decrypting proxy. As such, when using TLS, the - PF_MEMALLOC option is not set on the socket that actually - receives data from the network, which means that the deadlock - reappears.</para> - <para>For this reason, if the <option>-swap</option> option is - used when TLS is in use, &dhpackage; will issue an appropriate - warning.</para> - <variablelist> <varlistentry> <term><option>-certfile <replaceable>file</replaceable></option></term> <term><option>-F</option></term> @@ -466,6 +410,45 @@ </listitem> </varlistentry> </variablelist> + <refsect2> + <title>TLS support</title> + <para>Enabling any of the TLS-related options causes the client to + use the NBD_OPT_STARTTLS command to upgrade the connection to + TLS. Since negotiating TLS support from userspace for a kernel + socket would be very involved (if passing keys to kernel space + were even possible, which it isn't), the way this is implemented + is that the nbd-client process creates a socketpair, one side of + which it hands to the kernel, and the other side of which is + handed to an encrypting/decrypting proxy. This has the effect + that all communication will be encrypted before being sent over + the wire; however, doing so is not safe in combination with + swapping over an NBD device:</para> + <para> + In order to free memory by swapping, the kernel needs to be sure + that the write to the nbd device has finalized. For this, it + needs to be able to receive an NBD_CMD_WRITE reply which informs + it that the write has completed successfully and that the memory + may be released. Receiving data over the network, however, + requires that the kernel <emphasis>allocate</emphasis> memory + first, which is impossible if we're low on memory (a likely + situation when trying to swap). This is likely to cause a + deadlock when we're low on memory and there are high amounts of + network traffic.</para> + <para>To remedy this situation, the kernel sets the PF_MEMALLOC + option on the nbd socket; when low on memory, it will throw away + all packets except for those destined to a socket with that + option set, relying on the normal TCP retransmit system to + ensure that data is not lost. This avoids the deadlock described + above.</para> + <para>However, the PF_MEMALLOC option is set on the socket that is + connected to the nbd device, not the encrypted socket connected + to the encrypting/decrypting proxy. As such, when using TLS, the + PF_MEMALLOC option is not set on the socket that actually + receives data from the network, which means that the deadlock + reappears.</para> + <para>For this reason, if the <option>-swap</option> option is + used when TLS is in use, &dhpackage; will issue an appropriate + warning.</para> </refsect2> </refsect1> <refsect1> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/nbd-3.18/man/nbd-client.8.sh.in new/nbd-3.19/man/nbd-client.8.sh.in --- old/nbd-3.18/man/nbd-client.8.sh.in 2018-08-18 16:37:39.000000000 +0200 +++ new/nbd-3.19/man/nbd-client.8.sh.in 2018-11-29 09:58:17.000000000 +0100 @@ -242,16 +242,6 @@ specified, nbd-client will ask for a "default" export, if one exists on the server. .TP -\fB-netlink\fR -.TP -\fB-L\fR -Use the netlink interface to setup a new device. If no device is -specified then an empty one will be selected or a new one will be -created if there are no existing empty devices available. This -option does not leave the client waiting for the device to exit. - -If this is used with disconnect then you must specify a device. -.TP \fB-unix\fR .TP \fB-u\fR @@ -259,6 +249,31 @@ \fIpath\fR, rather than to a server over a TCP socket. The server must be listening on the given socket. +.TP +\fB-certfile \fIfile\fB\fR +.TP +\fB-F\fR +Use the specified file as the client certificate for TLS +authentication to the server. +.TP +\fB-keyfile \fIfile\fB\fR +.TP +\fB-K\fR +Use the specified file as the private key for the client +cerificate. +.TP +\fB-cacertfile \fIfile\fB\fR +.TP +\fB-A\fR +Use the specified file as the CA certificate for TLS +authentication to the server. +.TP +\fB-tlshostname \fIhostname\fB\fR +.TP +\fB-H\fR +Use the specified hostname for the TLS context. If not +specified, the hostname used to connect to the server will +be used. .SS "TLS SUPPORT" .PP Enabling any of the TLS-related options causes the client to @@ -301,31 +316,6 @@ For this reason, if the \fB-swap\fR option is used when TLS is in use, nbd-client will issue an appropriate warning. -.TP -\fB-certfile \fIfile\fB\fR -.TP -\fB-F\fR -Use the specified file as the client certificate for TLS -authentication to the server. -.TP -\fB-keyfile \fIfile\fB\fR -.TP -\fB-K\fR -Use the specified file as the private key for the client -cerificate. -.TP -\fB-cacertfile \fIfile\fB\fR -.TP -\fB-A\fR -Use the specified file as the CA certificate for TLS -authentication to the server. -.TP -\fB-tlshostname \fIhostname\fB\fR -.TP -\fB-H\fR -Use the specified hostname for the TLS context. If not -specified, the hostname used to connect to the server will -be used. .SH "EXAMPLES" .PP Some examples of nbd-client usage: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/nbd-3.18/man/nbd-server.5.in.sgml new/nbd-3.19/man/nbd-server.5.in.sgml --- old/nbd-3.18/man/nbd-server.5.in.sgml 2018-03-16 19:22:16.000000000 +0100 +++ new/nbd-3.19/man/nbd-server.5.in.sgml 2019-01-30 16:31:20.000000000 +0100 @@ -350,7 +350,21 @@ <para> If specified, the server will listen on a UNIX domain socket with the specified name. Only newstyle negotiation is - supported on UNIX domain sockets. + supported on UNIX domain sockets. If a UNIX domain socket is, + then the server will not listen for TCP connections. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term><option>duallisten</option></term> + <listitem> + <para> + Optional; boolean + </para> + <para> + If true, and <option>unixsock</option> is specified, the the + server will listen on both the configured UNIX domain socket + and any configured TCP or SDP socket. Defaults to false. </para> </listitem> </varlistentry> @@ -966,7 +980,7 @@ TLS is optional, unless <option>tlsonly</option> is set in the generic section. In order for TLS to work at all, the <option>keyfile</option> option must be specified in - the generic section.</para> + the generic section. </para> </listitem> </varlistentry> @@ -989,8 +1003,8 @@ outstanding writes into it. Once this operation finishes, the diff file will be removed, and the server will allow normal use of the export.</para> - </para>This allows the out-of-band live migration of an export - from one server to another. + <para>This allows the out-of-band live migration of an export + from one server to another.</para> <para>Note that this option cannot be combined with the copy-on-write option itself.</para> </listitem> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/nbd-3.18/man/nbd-server.5.sh.in new/nbd-3.19/man/nbd-server.5.sh.in --- old/nbd-3.18/man/nbd-server.5.sh.in 2018-04-04 12:46:23.000000000 +0200 +++ new/nbd-3.19/man/nbd-server.5.sh.in 2019-01-30 16:31:23.000000000 +0100 @@ -224,7 +224,15 @@ If specified, the server will listen on a UNIX domain socket with the specified name. Only newstyle negotiation is -supported on UNIX domain sockets. +supported on UNIX domain sockets. If a UNIX domain socket is, +then the server will not listen for TCP connections. +.TP +\fBduallisten\fR +Optional; boolean + +If true, and \fBunixsock\fR is specified, the the +server will listen on both the configured UNIX domain socket +and any configured TCP or SDP socket. Defaults to false. .TP \fBtlsprio\fR Optional; string; default NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:%SERVER_PRECEDENCE @@ -718,6 +726,7 @@ outstanding writes into it. Once this operation finishes, the diff file will be removed, and the server will allow normal use of the export. + This allows the out-of-band live migration of an export from one server to another. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/nbd-3.18/man/nbdtab.5.in.sgml new/nbd-3.19/man/nbdtab.5.in.sgml --- old/nbd-3.18/man/nbdtab.5.in.sgml 2018-08-18 16:29:57.000000000 +0200 +++ new/nbd-3.19/man/nbdtab.5.in.sgml 2019-01-30 16:27:34.000000000 +0100 @@ -206,7 +206,7 @@ </varlistentry> <varlistentry> <term><option>tlshostname=<replaceable>TLS - hostname</replaceable></term> + hostname</replaceable></option></term> <listitem> <para>The hostname for TLS purposes; <option>-H</option></para> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/nbd-3.18/nbd-client.c new/nbd-3.19/nbd-client.c --- old/nbd-3.18/nbd-client.c 2018-08-18 16:29:57.000000000 +0200 +++ new/nbd-3.19/nbd-client.c 2019-01-30 16:24:10.000000000 +0100 @@ -910,7 +910,7 @@ #if HAVE_GNUTLS && !defined(NOTLS) fprintf(stderr, "All commands that connect to a host also take:\n\t[-F|-certfile certfile] [-K|-keyfile keyfile]\n\t[-A|-cacertfile cacertfile] [-H|-tlshostname hostname] [-x|-enable-tls]\n"); #endif - fprintf(stderr, "Default value for blocksize is 1024 (recommended for ethernet)\n"); + fprintf(stderr, "Default value for blocksize is 512\n"); fprintf(stderr, "Allowed values for blocksize are 512,1024,2048,4096\n"); /* will be checked in kernel :) */ fprintf(stderr, "Note, that kernel 2.4.2 and older ones do not work correctly with\n"); fprintf(stderr, "blocksizes other than 1024 without patches\n"); @@ -941,7 +941,7 @@ int main(int argc, char *argv[]) { char* port=NBD_DEFAULT_PORT; int sock, nbd; - int blocksize=1024; + int blocksize=512; char *hostname=NULL; char *nbddev=NULL; int swap=0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/nbd-3.18/nbd-server.c new/nbd-3.19/nbd-server.c --- old/nbd-3.18/nbd-server.c 2018-08-18 16:29:57.000000000 +0200 +++ new/nbd-3.19/nbd-server.c 2018-11-27 17:29:21.000000000 +0100 @@ -172,6 +172,7 @@ #define F_OLDSTYLE 1 /**< Allow oldstyle (port-based) exports */ #define F_LIST 2 /**< Allow clients to list the exports on a server */ #define F_NO_ZEROES 4 /**< Do not send zeros to client */ +#define F_DUAL_LISTEN 8 /**< Listen on both TCP and unix socket */ // also accepts F_FORCEDTLS (which is 16384) GHashTable *children; char pidfname[256]; /**< name of our PID file */ @@ -816,6 +817,7 @@ { "includedir", FALSE, PARAM_STRING, &cfdir, 0 }, { "allowlist", FALSE, PARAM_BOOL, &(genconftmp.flags), F_LIST }, { "unixsock", FALSE, PARAM_STRING, &(genconftmp.unixsock), 0 }, + { "duallisten", FALSE, PARAM_BOOL, &(genconftmp.flags), F_DUAL_LISTEN }, // Used to listen on both TCP and unix socket { "max_threads", FALSE, PARAM_INT, &(genconftmp.threads), 0 }, { "force_tls", FALSE, PARAM_BOOL, &(genconftmp.flags), F_FORCEDTLS }, { "certfile", FALSE, PARAM_STRING, &(genconftmp.certfile), 0 }, @@ -1942,22 +1944,22 @@ return true; } -void send_export_info(CLIENT* client, bool maybe_zeroes) { +void send_export_info(CLIENT* client, SERVER* server, bool maybe_zeroes) { uint64_t size_host = htonll((u64)(client->exportsize)); uint16_t flags = NBD_FLAG_HAS_FLAGS | NBD_FLAG_SEND_WRITE_ZEROES; socket_write(client, &size_host, 8); - if (client->server->flags & F_READONLY) + if (server->flags & F_READONLY) flags |= NBD_FLAG_READ_ONLY; - if (client->server->flags & F_FLUSH) + if (server->flags & F_FLUSH) flags |= NBD_FLAG_SEND_FLUSH; - if (client->server->flags & F_FUA) + if (server->flags & F_FUA) flags |= NBD_FLAG_SEND_FUA; - if (client->server->flags & F_ROTATIONAL) + if (server->flags & F_ROTATIONAL) flags |= NBD_FLAG_ROTATIONAL; - if (client->server->flags & F_TRIM) + if (server->flags & F_TRIM) flags |= NBD_FLAG_SEND_TRIM; - if (!(client->server->flags & F_COPYONWRITE)) + if (!(server->flags & F_COPYONWRITE)) flags |= NBD_FLAG_CAN_MULTI_CONN; flags = htons(flags); socket_write(client, &flags, sizeof(flags)); @@ -2097,7 +2099,7 @@ if(!commit_client(client, serve)) { return NULL; } - send_export_info(client, true); + send_export_info(client, serve, true); return client; } } @@ -2302,7 +2304,7 @@ case NBD_INFO_EXPORT: send_reply(client, opt, NBD_REP_INFO, 12, NULL); socket_write(client, &request, 2); - send_export_info(client, false); + send_export_info(client, server, false); sent_export = true; break; default: @@ -2314,7 +2316,7 @@ request = htons(NBD_INFO_EXPORT); send_reply(client, opt, NBD_REP_INFO, 12, NULL); socket_write(client, &request, 2); - send_export_info(client, false); + send_export_info(client, server, false); } send_reply(client, opt, NBD_REP_ACK, 0, NULL); @@ -2595,7 +2597,7 @@ if (!pkg->data) { if (expsplice(pkg->pipefd[0], req->from, req->len, client, SPLICE_OUT, fua)) { - DEBUG("Splice failed: %M"); + DEBUG("Splice failed: %m"); rep.error = nbd_errno(errno); } } else @@ -3364,16 +3366,10 @@ * Connect our servers. **/ void setup_servers(GArray *const servers, const gchar *const modernaddr, - const gchar *const modernport, const gchar* unixsock) { + const gchar *const modernport, const gchar* unixsock, + const gint flags ) { struct sigaction sa; - GError *gerror = NULL; - if (open_modern(modernaddr, modernport, &gerror) == -1) { - msg(LOG_ERR, "failed to setup servers: %s", - gerror->message); - g_clear_error(&gerror); - exit(EXIT_FAILURE); - } if(unixsock != NULL) { GError* gerror = NULL; if(open_unix(unixsock, &gerror) == -1) { @@ -3383,6 +3379,15 @@ exit(EXIT_FAILURE); } } + if (((flags & F_DUAL_LISTEN) != 0) || (unixsock == NULL)) { + GError *gerror = NULL; + if (open_modern(modernaddr, modernport, &gerror) == -1) { + msg(LOG_ERR, "failed to setup servers: %s", + gerror->message); + g_clear_error(&gerror); + exit(EXIT_FAILURE); + } + } children=g_hash_table_new_full(g_int_hash, g_int_equal, NULL, destroy_pid_t); sa.sa_handler = sigchld_handler; @@ -3567,7 +3572,7 @@ tpool = g_thread_pool_new(handle_request, NULL, genconf.threads, FALSE, NULL); setup_servers(servers, genconf.modernaddr, genconf.modernport, - genconf.unixsock); + genconf.unixsock, genconf.flags); dousers(genconf.user, genconf.group); #if HAVE_GNUTLS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/nbd-3.18/support/libtool.m4 new/nbd-3.19/support/libtool.m4 --- old/nbd-3.18/support/libtool.m4 2018-08-18 16:39:44.000000000 +0200 +++ new/nbd-3.19/support/libtool.m4 2019-01-30 16:34:38.000000000 +0100 @@ -4063,7 +4063,8 @@ if AC_TRY_EVAL(ac_compile); then # Now try to grab the symbols. nlist=conftest.nm - if AC_TRY_EVAL(NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) && test -s "$nlist"; then + $ECHO "$as_me:$LINENO: $NM conftest.$ac_objext | $lt_cv_sys_global_symbol_pipe > $nlist" >&AS_MESSAGE_LOG_FD + if eval "$NM" conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist 2>&AS_MESSAGE_LOG_FD && test -s "$nlist"; then # Try sorting and uniquifying the output. if sort "$nlist" | uniq > "$nlist"T; then mv -f "$nlist"T "$nlist" @@ -6438,7 +6439,7 @@ # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"' else GXX=no @@ -6813,7 +6814,7 @@ # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. - output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP " \-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' ;; *) if test yes = "$GXX"; then @@ -6878,7 +6879,7 @@ # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. - output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP " \-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' ;; *) if test yes = "$GXX"; then @@ -7217,7 +7218,7 @@ # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"' else # FIXME: insert proper C++ library support @@ -7301,7 +7302,7 @@ # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"' else # g++ 2.7 appears to require '-G' NOT '-shared' on this # platform. @@ -7312,7 +7313,7 @@ # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. - output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"' fi _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $wl$libdir'
