Currently we only allow /dev/random and /dev/hwrng as host input
for <rng><backend model='random'/> device. This was added after
various upstream discussions in commit 4932ef45
However this restriction has generated quite a few complaints over
the years, so a new discussion was initiated:
remote: Don't reject remote polkit if client lacks support
If you compile a client --without-polkit, and connect to a URI that needs
polkit auth, the connection will fail with:
$ ./tools/virsh --connect qemu+ssh://crobinso@machine/system
error: failed to connect to the hypervisor
error: authentication failed: unsupported authentication type 2
This is because the client side portion of the polkit handling is
compiled out. However, nothing polkit specific is actually required
of the client.
Fix that error by unconditionally compiling the basic polkit client
handling.
spec: If installing default network, restart libvirtd
If libvirt-daemon-config-network is installed while libvirtd is already
running, the daemon doesn't notice the network. Users then have to
manually restart libvirtd (or reboot) to pick up the network.
Instead let's trigger a daemon restart when the package is first installed.
Then the default network is available immediately if libvirtd was already
running.
Andrea Bolognani [Mon, 25 Apr 2016 15:45:14 +0000 (17:45 +0200)]
maint: Ignore all intermediate and generated man pages
Since commit 9b77ce63f1d7 we create a .in file while building all
man pages, including those in the tools/ directory; update the
ignore patterns to take this change into account.
The new ignore patterns are generic enough that we can get rid of
a few existing ones as well.
Andrea Bolognani [Mon, 25 Apr 2016 11:40:04 +0000 (13:40 +0200)]
docs: Pass relative paths to apibuild.py
Since commit d195cffa2e1b, both $(srcdir) and $(abs_builddir)
are passed to the apibuild.py script; however, since the
former is a relative path and the latter an absolute one, the
script might not be able to detect whether they point to the
same location.
John Ferlan [Tue, 8 Mar 2016 00:40:58 +0000 (19:40 -0500)]
secret: Introduce virSecretObjGetValue and virSecretObjGetValueSize
Introduce the final accessor's to _virSecretObject data and move the
structure from virsecretobj.h to virsecretobj.c
The virSecretObjSetValue logic will handle setting both the secret
value and the value_size. Some slight adjustments to the error path
over what was in secretSetValue were made.
Additionally, a slight logic change in secretGetValue where we'll
check for the internalFlags and error out before checking for
and erroring out for a NULL secret->value. That way, it won't be
obvious to anyone that the secret value wasn't set rather they'll
just know they cannot get the secret value since it's private.
John Ferlan [Mon, 7 Mar 2016 23:06:57 +0000 (18:06 -0500)]
secret: Introduce virSecretObjDelete{Config|Data}
Move and rename secretDeleteSaved from secret_driver into virsecretobj and
split it up into two parts since there is error path code that looks to
just delete the secret data file
John Ferlan [Wed, 2 Mar 2016 18:10:54 +0000 (13:10 -0500)]
secret: Move and rename secretLoadAllConfigs
Move to secret_conf.c and rename to virSecretLoadAllConfigs. Also includes
moving/renaming the supporting virSecretLoad, virSecretLoadValue, and
virSecretLoadValidateUUID.
John Ferlan [Thu, 25 Feb 2016 11:30:39 +0000 (06:30 -0500)]
secret: Use the hashed virSecretObjList
This patch replaces most of the guts of secret_driver.c with recently
added secret_conf.c APIs in order manage secret lists and objects
using the hashed virSecretObjList* lookup API's.
John Ferlan [Tue, 19 Apr 2016 20:05:38 +0000 (16:05 -0400)]
secret: Introduce virSecretObjListAdd* and virSecretObjListRemove
Add the functions to add/remove elements from the hashed secret obj list.
These will replace secret_driver functions secretAssignDef and secretObjRemove.
The virSecretObjListAddLocked will perform the necessary lookups and
decide whether to replace an existing hash entry or create a new one.
This includes setting up the configPath and base64Path as well as being
able to support the caller's need to restore from a previous definition
in case something goes wrong in the caller.
John Ferlan [Sat, 27 Feb 2016 11:49:12 +0000 (06:49 -0500)]
secret: Create virsecretobj.c and virsecretconf.h
Move virSecretObj from secret_driver.c to virsecretobj.h
To support being able to create a hashed secrets list, move the
virSecretObj to virsecretobj.h so that the code can at least find
the definition.
This should be a temporary situation while the virsecretobj.c code
is patched in order to support a hashed secret object while still
having the linked list support in secret_driver.c. Eventually, the
goal is to move the virSecretObj into virsecretobj.c, although it
is notable that the existing model from which virSecretObj was
derived has virDomainObj in src/conf/domain_conf.h and virNetworkObj
in src/conf/network_conf.h, so virSecretObj wouldn't be unique if
it were to remain in virsecretobj.h Still adding accessors to fetch
and store hashed object data will be the end goal.
Add definitions and infrastucture in virsecretobj.c to create and
handle a hashed virSecretObj and virSecretObjList including the class,
object, lock setup, and disposal API's. Nothing will call these yet.
This infrastructure will replace the forward linked list logic
within the secret_driver, eventually.
Michal Privoznik [Thu, 21 Apr 2016 05:33:01 +0000 (07:33 +0200)]
wireshark: Fix distcheck
Our distcheck is broken. Well, it works but only by pure chance.
When wireshark plugin is enabled, we try to query which path
should the plugin be installed into. Firstly, we try to ask
pkg-config as some releases of wireshark already sets
corresponding variable in their pkg-config files. However, if we
obtained no value from there we try to construct the path on our
own. Based on our observations it usually is:
$libdir/wireshark/plugins/$version/.
Now, the problem is in the way we are deciding whether we have
obtained the plugin directory from pkg-config or not. Simply
said, we are checking wrong variable. The variable we are
checking has never been set, thus in our test is empty and
therefore we will always construct the plugin dir path on our
own, regardless of its presence in the pkg-config file.
To make things worse, after fixing this problem, VPATH build was
broken as it now tried to install plugin into correct directory.
Yes, this is problem, because --prefix was not honoured and
everything but the plugin was installed into given prefix. I've
managed to resolve this issue by replacing plugin dir prefix with
our own. So when doing regular installation (our prefix ==
wireshark prefix), nothing changes. When doing VPATH build &
installation plugin is installed into correctly prefixed dir.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Michal Privoznik [Wed, 20 Apr 2016 08:14:23 +0000 (10:14 +0200)]
tools: Introduce install-nss targets
We do have something similar for installing init system files.
Basically I'm trying to avoid the following warning produced by
automake:
tools/Makefile.am:429: warning: uninstall-local was already defined in condition TRUE, which includes condition WITH_BSD_NSS ...
tools/Makefile.am:292: ... 'uninstall-local' previously defined here
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Michal Privoznik [Mon, 25 Apr 2016 05:47:59 +0000 (07:47 +0200)]
qemuProcessCreatePretendCmd: Rework FIPS handling
This function - in contrast with qemuBuildCommandLine - merely
constructs our internal command representation of a domain. This
is then later compared against expected output. Or, this function
is used also in virConnectDomainXMLToNative(). But due to a copy
paste error this function, just like its image - has @forceFips
argument that if enabled forces FIPS, otherwise mimics FIPS state
in the host. If FIPS is enabled or forced the generated command
line is different to state in which FIPS is disabled. Problem is,
while this could be desired in the virConnectDomainXMLToNative()
case, this is undesirable in the test suite as it will produce
unpredicted results.
Solution to this is to rename argument to @enableFips to
specifically tell whether we expect command line to be build in
either of fashions and make virConnectDomainXMLToNative()
implementation fetch FIPS state and pass it to
qemuProcessCreatePretendCmd().
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Laine Stump [Tue, 19 Apr 2016 16:53:02 +0000 (12:53 -0400)]
qemu: fix error log in qemuAssignPCIAddresses()
This error message was too specific, based on the incorrect assumption
that any error was cause by auto-added bridges:
failed to create PCI bridge on bus 2: too many devices
with fixed addresses
In practice you can't know if a bridge with an index <= the bus it's
connecting to was added automatically, or if it was a mistake in
explicit config, and the auto-add problem is going to be dealt with in
a different way in an upcoming patch. The new message is this:
PCI Controller at index 1 (0x01) has "
bus='0x02', but bus must be <= index
(note that index is given in both decimal and hex because it is
formatted as decimal in the XML, but bus is formatted as hex, and
displaying the hex value of index makes it easier to see the problem
when index > 9 (which will often be the case with PCIe, since most
controllers only have a single port, not 32 slots as with standard
PCI)).
Andrea Bolognani [Wed, 13 Apr 2016 17:24:51 +0000 (19:24 +0200)]
build: Always ship virt-login-shell.conf
No need to special-case this one: we can add it to EXTRA_DIST so
that it will be shipped in any case, and if WITH_LOGIN_SHELL
happens to be enabled we mark it for installation as well.
Andrea Bolognani [Tue, 12 Apr 2016 20:05:15 +0000 (22:05 +0200)]
build: Never ship man pages
The generated man pages may contain information that depend on
the build configuration, so they should not be shipped but
rather always built on the user's machine.
Andrea Bolognani [Tue, 12 Apr 2016 18:32:33 +0000 (20:32 +0200)]
build: Extract pod from source files
Instead of embedding the pod information inside the respective
source files, store them in separate files.
This allows us to reduce the number of custom build rules as
most of the information can be inferred for the file name;
moreover, text editors are more likely to use proper syntax
highlighting for standalone pod files.
Andrea Bolognani [Fri, 22 Apr 2016 11:51:50 +0000 (13:51 +0200)]
docs: Fix some formatting oddities
When describing attributes and elements, we mostly stick to
a certain pattern; however, there are a few cases when the
information is not presented in the usual way.
Since there doesn't seem to be any reason not to follow the
tried and true formula, rework those bits to fit the rest of
the documentation.
Andrea Bolognani [Fri, 22 Apr 2016 09:12:10 +0000 (11:12 +0200)]
syntax-check: Enforce <code> inside <dt> elements
Commit 61b070cf20b5 cleaned up a number of cases where the <dt>
element was used to document symbols, but the symbol itself was
not inside a <code> element.
To make sure we don't end up having to clean up again a few
months from now, introduce a syntax-check rule that can spot
such mistakes.
All existing exceptions are marked as such, with either file
or line granularity depending on the case.
Peter Krempa [Fri, 22 Apr 2016 14:14:26 +0000 (16:14 +0200)]
docs: apibuild: Fix VPATH build
libvirt-common.h is generated into builddir/include/libvirt. apibuild.py
only operated on srcdir/inlcude/libvirt. With VPATH build
srcdir/docs/libvirt-libvirt-common.html would not get generated and make
RPM failed.
This unifies the test scripts to all use the similar pattern added for
schematests in ace4aecd. This gives the following
- Enables running all tests from outside of tests/ dir
- Drops redundant abs_* definitions, which are set by test-lib.sh
- Drops unnecessary srcdir variable which was only used for sourcing
test-lib.sh
Behavior changes:
- srcdir can no longer be overwritten, but I don't know why anyone would
really need to...
- Script VERBOSE setting no longer prints commands executed by test-lib.sh.
if anyone cares I suggest handling this in test-lib.sh which already
has other verbose style handling
These old tests expect to run against a real xen connection via
xend running on the host. Our intentions for the test suite are
that it doesn't require interacting with any specific host resources,
so these don't really belong here.
John Ferlan [Thu, 21 Apr 2016 11:54:30 +0000 (07:54 -0400)]
docs: Add bold style for <dt><code> elements
Add bolding for <dt><code> elements to make them "stick out" on the
page rather that just a stream of text where the elements only differ
by slightly different font style.
The values are currently limited to LLONG_MAX which causes some
problems. QEMU conveniently changed their maximum to 1e15 (1 PB) which
is enough for some time and we need to adapt to that so that we don't
throw "Unknown error" messages. Strictly limiting these values actually
fixes some corner case values (off-by-one checks in QEMU probably).
Since values out of the new specified range do not overflow anything,
change the type of error as well.
Store the test list in libvirtd_test_scripts, and use it where
appropriate. This also fixes the fact that we didn't ship
virsh-uriprecedence when libvirtd build is disabled.
Rather than try to fix this in the depths of the parser, just catch
the case when a config file doesn't end in a newline, and manually
append a newline to the content before parsing
Laine Stump [Thu, 21 Apr 2016 18:32:51 +0000 (14:32 -0400)]
docs: remove reference to non-existent "igmp-ipv6" protocol
IGMP is used on IPv4 networks tp setup multicast group memberships. On
IPv6, this job is done by Multicast Listener Discovery (MLD), which
uses ICMPv6 packets rather than its own IP protocol number like IGMP.
The nwfilter documentation lists "igmp-ipv6" as one of the possible
protocols, but this is ignored (and stripped from the xml). This patch
removes that erroneous reference.
Laine Stump [Thu, 21 Apr 2016 18:03:18 +0000 (14:03 -0400)]
network: fix DHCPv6 on networks with prefix != 64
According to the dnsmasq manpage, the netmask for IPv4 address ranges
will be auto-deteremined from the interface dnsmasq is listening on,
but it can't do this for IPv6 for some reason - it instead assumes a
network prefix of 64 for all IPv6 address ranges. If this is
incorrect, dnsmasq will refuse to give out an address to clients,
instead logging this message:
dnsmasq-dhcp[2380]: no address range available for DHCPv6 request via virbr0
The solution is for libvirt to add ",$prefix" to all IPv6 dhcp-range
arguments when building the dnsmasq.conf file.
Andrea Bolognani [Thu, 21 Apr 2016 10:01:27 +0000 (12:01 +0200)]
build: Fix default network generation on FreeBSD
FreeBSD's sed(1) doesn't support using "\n" to insert a newline,
so the installed default.xml file ends up containing a literal
"n" between tags; to work around this problem, add a tr(1)
invocation as suggested by the sed FAQ[1].
[1] http://sed.sourceforge.net/sedfaq4.html (4.1 c)
daemonStreamHandleRead: Rework to follow our coding pattern
Usually, we have this 'if() goto cleanup;' pattern in our new
code. It is going to be useful here too. Thing is, there was a
memleak. If there has been an error in
virNetServerProgramSendStreamError() or
virNetServerProgramSendStreamData() created message was never
freed.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Michal Privoznik [Tue, 29 Mar 2016 15:33:14 +0000 (17:33 +0200)]
daemonClientStream: Use unsigned int to store stream @serial
The stream serial number is the serial number of the RPC call
that initiated a data transfer. And as such can never be
negative. Moreover, when looking up internal state for a stream,
the serial numbers are compared. But hey, the serial number in
message header is unsigned too!
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Peter Krempa [Thu, 21 Apr 2016 12:35:29 +0000 (14:35 +0200)]
api: Generate docs for libvirt-common.h
Since commit f5d9c5d00cfc0c moved the virTypedParam stuff into
libvirt-common we did not generate any docs for them and neither did we
populate them into libvirt-api.xml. This broke the sanity check in
libvirt python. Fix it by generating docs for libvirt-common.h too.
Peter Krempa [Thu, 21 Apr 2016 12:31:23 +0000 (14:31 +0200)]
apibuild: Allow completely skipping certain macros
Some macros don't make sense to be documented at all. Add infrastructure
to the web/api generator and add VIR_DEPRECATED and VIR_EXPORT_VAR as
macros we should not document.
Peter Krempa [Thu, 21 Apr 2016 12:27:24 +0000 (14:27 +0200)]
include: common: Fix file header for apibuild.py
Our docs/web generator would take the complete license text and put it
into the description of the file, since it depends on position of the
"Author:" line. Move the author line to the top and remove the spurious
emacs comment.
Erik Skultety [Tue, 12 Apr 2016 19:08:57 +0000 (21:08 +0200)]
tests: remove virnetservertest data leftovers
Commit a4746114 renamed virnetservertest to virnetdaemontest to reflect some
refactor changes to virNetServer code (which moved daemon-related parts to
virNetDaemon module). Moving test data from virnetserverdata to
virnetdaemondata was also part of the commit, but the commit failed to clean
half of the files that were copied (rather than moved).
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Peter Krempa [Thu, 21 Apr 2016 07:51:08 +0000 (09:51 +0200)]
virsh: perf: Don't leak domain
After failing to parse the perf event list, the code would return
failure without freeing the previously acquired object. Rearrange the
code to avoid the problem.
projects / libvirt.git / log