Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Doug Goldstein (cardoe)" <cardoe@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in app-emulation/libvirt: libvirt-1.0.6-r1.ebuild ChangeLog
Date: Mon, 01 Jul 2013 14:07:46
Message-Id: 20130701140741.848CC2171D@flycatcher.gentoo.org
1 cardoe 13/07/01 14:07:41
2
3 Modified: ChangeLog
4 Added: libvirt-1.0.6-r1.ebuild
5 Log:
6 Fix for CVE-2013-2218 and virInterface should work read-only when using udev backend.
7
8 (Portage version: 2.1.12.2/cvs/Linux x86_64, signed Manifest commit with key D7DFA8D318FA9AEF!)
9
10 Revision Changes Path
11 1.286 app-emulation/libvirt/ChangeLog
12
13 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/libvirt/ChangeLog?rev=1.286&view=markup
14 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/libvirt/ChangeLog?rev=1.286&content-type=text/plain
15 diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/libvirt/ChangeLog?r1=1.285&r2=1.286
16
17 Index: ChangeLog
18 ===================================================================
19 RCS file: /var/cvsroot/gentoo-x86/app-emulation/libvirt/ChangeLog,v
20 retrieving revision 1.285
21 retrieving revision 1.286
22 diff -u -r1.285 -r1.286
23 --- ChangeLog 28 Jun 2013 20:52:44 -0000 1.285
24 +++ ChangeLog 1 Jul 2013 14:07:41 -0000 1.286
25 @@ -1,6 +1,15 @@
26 # ChangeLog for app-emulation/libvirt
27 # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
28 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/libvirt/ChangeLog,v 1.285 2013/06/28 20:52:44 ago Exp $
29 +# $Header: /var/cvsroot/gentoo-x86/app-emulation/libvirt/ChangeLog,v 1.286 2013/07/01 14:07:41 cardoe Exp $
30 +
31 +*libvirt-1.0.6-r1 (01 Jul 2013)
32 +
33 + 01 Jul 2013; Doug Goldstein <cardoe@g.o>
34 + +files/libvirt-1.0.6-CVE-2013-2218.patch,
35 + +files/libvirt-1.0.6-virinterface-udev-backend-ro.patch,
36 + +libvirt-1.0.6-r1.ebuild:
37 + Fix for CVE-2013-2218 and virInterface should work read-only when using udev
38 + backend.
39
40 28 Jun 2013; Agostino Sarubbo <ago@g.o> libvirt-1.0.5.2.ebuild:
41 Stable for amd64, wrt bug #475040
42
43
44
45 1.1 app-emulation/libvirt/libvirt-1.0.6-r1.ebuild
46
47 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/libvirt/libvirt-1.0.6-r1.ebuild?rev=1.1&view=markup
48 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/libvirt/libvirt-1.0.6-r1.ebuild?rev=1.1&content-type=text/plain
49
50 Index: libvirt-1.0.6-r1.ebuild
51 ===================================================================
52 # Copyright 1999-2013 Gentoo Foundation
53 # Distributed under the terms of the GNU General Public License v2
54 # $Header: /var/cvsroot/gentoo-x86/app-emulation/libvirt/libvirt-1.0.6-r1.ebuild,v 1.1 2013/07/01 14:07:41 cardoe Exp $
55
56 EAPI=5
57
58 BACKPORTS=9eea7e71
59 AUTOTOOLIZE=yes
60
61 MY_P="${P/_rc/-rc}"
62
63 PYTHON_COMPAT=( python{2_5,2_6,2_7} )
64
65 inherit eutils python-single-r1 user autotools linux-info systemd
66
67 if [[ ${PV} = *9999* ]]; then
68 inherit git-2
69 EGIT_REPO_URI="git://libvirt.org/libvirt.git"
70 AUTOTOOLIZE=yes
71 SRC_URI=""
72 KEYWORDS=""
73 else
74 SRC_URI="http://libvirt.org/sources/${MY_P}.tar.gz
75 ftp://libvirt.org/libvirt/${MY_P}.tar.gz
76 ${BACKPORTS:+
77 http://dev.gentoo.org/~cardoe/distfiles/${MY_P}-${BACKPORTS}.tar.xz}"
78 KEYWORDS="~amd64 ~x86"
79 fi
80 S="${WORKDIR}/${P%_rc*}"
81
82 DESCRIPTION="C toolkit to manipulate virtual machines"
83 HOMEPAGE="http://www.libvirt.org/"
84 LICENSE="LGPL-2.1"
85 SLOT="0"
86 IUSE="audit avahi +caps firewalld fuse iscsi +libvirtd lvm lxc +macvtap nfs \
87 nls numa openvz parted pcap phyp policykit python +qemu rbd sasl \
88 selinux +udev uml +vepa virtualbox virt-network xen elibc_glibc \
89 systemd"
90 REQUIRED_USE="libvirtd? ( || ( lxc openvz qemu uml virtualbox xen ) )
91 lxc? ( caps libvirtd )
92 openvz? ( libvirtd )
93 qemu? ( libvirtd )
94 uml? ( libvirtd )
95 vepa? ( macvtap )
96 virtualbox? ( libvirtd )
97 xen? ( libvirtd )
98 virt-network? ( libvirtd )
99 firewalld? ( virt-network )
100 python? ( ${PYTHON_REQUIRED_USE} )"
101
102 # gettext.sh command is used by the libvirt command wrappers, and it's
103 # non-optional, so put it into RDEPEND.
104 # We can use both libnl:1.1 and libnl:3, but if you have both installed, the
105 # package will use 3 by default. Since we don't have slot pinning in an API,
106 # we must go with the most recent
107 RDEPEND="sys-libs/readline
108 sys-libs/ncurses
109 >=net-misc/curl-7.18.0
110 dev-libs/libgcrypt
111 >=dev-libs/libxml2-2.7.6
112 dev-libs/libnl:3
113 >=net-libs/gnutls-1.0.25
114 net-libs/libssh2
115 sys-apps/dmidecode
116 >=sys-apps/util-linux-2.17
117 sys-devel/gettext
118 >=net-analyzer/netcat6-1.0-r2
119 app-misc/scrub
120 audit? ( sys-process/audit )
121 avahi? ( >=net-dns/avahi-0.6[dbus] )
122 caps? ( sys-libs/libcap-ng )
123 fuse? ( >=sys-fs/fuse-2.8.6 )
124 iscsi? ( sys-block/open-iscsi )
125 lxc? ( sys-power/pm-utils )
126 lvm? ( >=sys-fs/lvm2-2.02.48-r2 )
127 nfs? ( net-fs/nfs-utils )
128 numa? (
129 >sys-process/numactl-2.0.2
130 sys-process/numad
131 )
132 openvz? ( sys-kernel/openvz-sources )
133 parted? (
134 >=sys-block/parted-1.8[device-mapper]
135 sys-fs/lvm2
136 )
137 pcap? ( >=net-libs/libpcap-1.0.0 )
138 policykit? ( >=sys-auth/polkit-0.9 )
139 python? ( ${PYTHON_DEPS} )
140 qemu? (
141 >=app-emulation/qemu-0.13.0
142 dev-libs/yajl
143 sys-power/pm-utils
144 )
145 rbd? ( sys-cluster/ceph )
146 sasl? ( dev-libs/cyrus-sasl )
147 selinux? ( >=sys-libs/libselinux-2.0.85 )
148 virtualbox? ( || ( app-emulation/virtualbox >=app-emulation/virtualbox-bin-2.2.0 ) )
149 xen? ( app-emulation/xen-tools app-emulation/xen )
150 udev? ( virtual/udev >=x11-libs/libpciaccess-0.10.9 )
151 virt-network? ( net-dns/dnsmasq
152 >=net-firewall/iptables-1.4.10
153 net-misc/radvd
154 net-firewall/ebtables
155 sys-apps/iproute2[-minimal]
156 firewalld? ( net-firewall/firewalld )
157 )
158 elibc_glibc? ( || ( >=net-libs/libtirpc-0.2.2-r1 <sys-libs/glibc-2.14 ) )"
159 # one? ( dev-libs/xmlrpc-c )
160 DEPEND="${RDEPEND}
161 virtual/pkgconfig
162 app-text/xhtml1
163 dev-libs/libxslt"
164
165 LXC_CONFIG_CHECK="
166 ~CGROUPS
167 ~CGROUP_FREEZER
168 ~CGROUP_DEVICE
169 ~CGROUP_CPUACCT
170 ~CGROUP_SCHED
171 ~CGROUP_PERF
172 ~BLK_CGROUP
173 ~NET_CLS_CGROUP
174 ~NETPRIO_CGROUP
175 ~CPUSETS
176 ~RESOURCE_COUNTERS
177 ~NAMESPACES
178 ~UTS_NS
179 ~IPC_NS
180 ~PID_NS
181 ~NET_NS
182 ~DEVPTS_MULTIPLE_INSTANCES
183 ~VETH
184 ~MACVLAN
185 ~POSIX_MQUEUE
186 ~!GRKERNSEC_CHROOT_MOUNT
187 ~!GRKERNSEC_CHROOT_DOUBLE
188 ~!GRKERNSEC_CHROOT_PIVOT
189 ~!GRKERNSEC_CHROOT_CHMOD
190 ~!GRKERNSEC_CHROOT_CAPS
191 "
192
193 VIRTNET_CONFIG_CHECK="
194 ~BRIDGE_NF_EBTABLES
195 ~BRIDGE_EBT_MARK_T
196 ~NETFILTER_ADVANCED
197 ~NETFILTER_XT_TARGET_CHECKSUM
198 ~NETFILTER_XT_CONNMARK
199 ~NETFILTER_XT_MARK
200 "
201
202 MACVTAP_CONFIG_CHECK="~MACVTAP"
203
204 pkg_setup() {
205 enewgroup qemu 77
206 enewuser qemu 77 -1 -1 qemu kvm
207
208 # Some people used the masked ebuild which was not adding the qemu
209 # user to the kvm group originally. This results in VMs failing to
210 # start for some users. bug #430808
211 egetent group kvm | grep -q qemu
212 if [[ $? -ne 0 ]]; then
213 gpasswd -a qemu kvm
214 fi
215
216 python-single-r1_pkg_setup
217
218 # Handle specific kernel versions for different features
219 kernel_is lt 3 6 && LXC_CONFIG_CHECK+=" ~CGROUP_MEM_RES_CTLR"
220 kernel_is ge 3 6 && LXC_CONFIG_CHECK+=" ~MEMCG ~MEMCG_SWAP ~MEMCG_KMEM"
221
222 CONFIG_CHECK=""
223 use fuse && CONFIG_CHECK+=" ~FUSE_FS"
224 use lxc && CONFIG_CHECK+="${LXC_CONFIG_CHECK}"
225 use macvtap && CONFIG_CHECK+="${MACVTAP}"
226 use virt-network && CONFIG_CHECK+="${VIRTNET_CONFIG_CHECK}"
227 if [[ -n ${CONFIG_CHECK} ]]; then
228 linux-info_pkg_setup
229 fi
230 }
231
232 src_prepare() {
233 touch "${S}/.mailmap"
234 [[ -n ${BACKPORTS} ]] && \
235 EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \
236 epatch
237
238 if [[ ${PV} = *9999* ]]; then
239
240 # git checkouts require bootstrapping to create the configure script.
241 # Additionally the submodules must be cloned to the right locations
242 # bug #377279
243 ./bootstrap || die "bootstrap failed"
244 (
245 git submodule status | sed 's/^[ +-]//;s/ .*//'
246 git hash-object bootstrap.conf
247 ) >.git-module-status
248 fi
249
250 epatch "${FILESDIR}/libvirt-1.0.6-CVE-2013-2218.patch"
251 epatch "${FILESDIR}/libvirt-1.0.6-virinterface-udev-backend-ro.patch"
252
253 epatch_user
254
255 [[ -n ${AUTOTOOLIZE} ]] && eautoreconf
256
257 # Tweak the init script
258 local avahi_init=
259 local iscsi_init=
260 local rbd_init=
261 local firewalld_init=
262 cp "${FILESDIR}/libvirtd.init-r12" "${S}/libvirtd.init"
263 use avahi && avahi_init='avahi-daemon'
264 use iscsi && iscsi_init='iscsid'
265 use rbd && rbd_init='ceph'
266 use firewalld && firewalld_init='need firewalld'
267
268 sed -e "s/USE_FLAG_FIREWALLD/${firewalld_init}/" -i "${S}/libvirtd.init"
269 sed -e "s/USE_FLAG_AVAHI/${avahi_init}/" -i "${S}/libvirtd.init"
270 sed -e "s/USE_FLAG_ISCSI/${iscsi_init}/" -i "${S}/libvirtd.init"
271 sed -e "s/USE_FLAG_RBD/${rbd_init}/" -i "${S}/libvirtd.init"
272 }
273
274 src_configure() {
275 local myconf=""
276
277 ## enable/disable daemon, otherwise client only utils
278 myconf="${myconf} $(use_with libvirtd)"
279
280 ## enable/disable the daemon using avahi to find VMs
281 myconf="${myconf} $(use_with avahi)"
282
283 ## hypervisors on the local host
284 myconf="${myconf} $(use_with xen) $(use_with xen xen-inotify)"
285 myconf+=" --without-xenapi"
286 if use xen && has_version ">=app-emulation/xen-tools-4.2.0"; then
287 myconf+=" --with-libxl"
288 else
289 myconf+=" --without-libxl"
290 fi
291 myconf="${myconf} $(use_with openvz)"
292 myconf="${myconf} $(use_with lxc)"
293 if use virtualbox && has_version app-emulation/virtualbox-ose; then
294 myconf="${myconf} --with-vbox=/usr/lib/virtualbox-ose/"
295 else
296 myconf="${myconf} $(use_with virtualbox vbox)"
297 fi
298 myconf="${myconf} $(use_with uml)"
299 myconf="${myconf} $(use_with qemu)"
300 myconf="${myconf} $(use_with qemu yajl)" # Use QMP over HMP
301 myconf="${myconf} $(use_with phyp)"
302 myconf="${myconf} --with-esx"
303 myconf="${myconf} --with-vmware"
304
305 ## additional host drivers
306 myconf="${myconf} $(use_with virt-network network)"
307 myconf="${myconf} --with-storage-fs"
308 myconf="${myconf} $(use_with lvm storage-lvm)"
309 myconf="${myconf} $(use_with iscsi storage-iscsi)"
310 myconf="${myconf} $(use_with parted storage-disk)"
311 myconf="${myconf} $(use_with lvm storage-mpath)"
312 myconf="${myconf} $(use_with rbd storage-rbd)"
313 myconf="${myconf} $(use_with numa numactl)"
314 myconf="${myconf} $(use_with numa numad)"
315 myconf="${myconf} $(use_with selinux)"
316 myconf="${myconf} $(use_with fuse)"
317
318 # udev for device support details
319 myconf="${myconf} $(use_with udev)"
320
321 # linux capability support so we don't need privileged accounts
322 myconf="${myconf} $(use_with caps capng)"
323
324 ## auth stuff
325 myconf="${myconf} $(use_with policykit polkit)"
326 myconf="${myconf} $(use_with sasl)"
327
328 # network bits
329 myconf="${myconf} $(use_with macvtap)"
330 myconf="${myconf} $(use_with pcap libpcap)"
331 myconf="${myconf} $(use_with vepa virtualport)"
332 myconf="${myconf} $(use_with firewalld)"
333
334 ## other
335 myconf="${myconf} $(use_enable nls)"
336 myconf="${myconf} $(use_with python)"
337
338 # user privilege bits fir qemu/kvm
339 if use caps; then
340 myconf="${myconf} --with-qemu-user=qemu"
341 myconf="${myconf} --with-qemu-group=qemu"
342 else
343 myconf="${myconf} --with-qemu-user=root"
344 myconf="${myconf} --with-qemu-group=root"
345 fi
346
347 # audit support
348 myconf="${myconf} $(use_with audit)"
349
350 ## stuff we don't yet support
351 myconf="${myconf} --without-netcf"
352
353 # we use udev over hal
354 myconf="${myconf} --without-hal"
355
356 # locking support
357 myconf="${myconf} --without-sanlock"
358
359 # systemd unit files
360 use systemd && myconf="${myconf} --with-init-script=systemd"
361
362 # this is a nasty trick to work around the problem in bug
363 # #275073. The reason why we don't solve this properly is that
364 # it'll require us to rebuild autotools (and we don't really want
365 # to do that right now). The proper solution has been sent
366 # upstream and should hopefully land in 0.7.7, in the mean time,
367 # mime the same functionality with this.
368 case ${CHOST} in
369 *cygwin* | *mingw* )
370 ;;
371 *)
372 ac_cv_prog_WINDRES=no
373 ;;
374 esac
375
376 econf \
377 ${myconf} \
378 --disable-static \
379 --docdir=/usr/share/doc/${PF} \
380 --with-remote \
381 --localstatedir=/var
382
383 if [[ ${PV} = *9999* ]]; then
384 # Restore gnulib's config.sub and config.guess
385 # bug #377279
386 (cd .gnulib && git reset --hard > /dev/null)
387 fi
388 }
389
390 src_test() {
391 # Explicitly allow parallel build of tests
392 export VIR_TEST_DEBUG=1
393 HOME="${T}" emake check || die "tests failed"
394 }
395
396 src_install() {
397 emake install \
398 DESTDIR="${D}" \
399 HTML_DIR=/usr/share/doc/${PF}/html \
400 DOCS_DIR=/usr/share/doc/${PF} \
401 EXAMPLE_DIR=/usr/share/doc/${PF}/examples \
402 SYSTEMD_UNIT_DIR="$(systemd_get_unitdir)" \
403 || die "emake install failed"
404
405 find "${D}" -name '*.la' -delete || die
406
407 use libvirtd || return 0
408 # From here, only libvirtd-related instructions, be warned!
409
410 newinitd "${S}/libvirtd.init" libvirtd || die
411 newconfd "${FILESDIR}/libvirtd.confd-r4" libvirtd || die
412
413 keepdir /var/lib/libvirt/images
414
415 use python && python_optimize
416 }
417
418 pkg_preinst() {
419 # we only ever want to generate this once
420 if [[ -e "${ROOT}"/etc/libvirt/qemu/networks/default.xml ]]; then
421 rm -rf "${D}"/etc/libvirt/qemu/networks/default.xml
422 fi
423
424 # We really don't want to use or support old PolicyKit cause it
425 # screws with the new polkit integration
426 if has_version sys-auth/policykit; then
427 rm -rf "${D}"/usr/share/PolicyKit/policy/org.libvirt.unix.policy
428 fi
429
430 # Only sysctl files ending in .conf work
431 mv "${D}"/usr/lib/sysctl.d/libvirtd.conf "${D}"/etc/sysctl.d/libvirtd.conf
432 }
433
434 pkg_postinst() {
435 if [[ -e "${ROOT}"/etc/libvirt/qemu/networks/default.xml ]]; then
436 touch "${ROOT}"/etc/libvirt/qemu/networks/default.xml
437 fi
438
439 # support for dropped privileges
440 if use qemu; then
441 fperms 0750 "${EROOT}/var/lib/libvirt/qemu"
442 fperms 0750 "${EROOT}/var/cache/libvirt/qemu"
443 fi
444
445 if use caps && use qemu; then
446 fowners -R qemu:qemu "${EROOT}/var/lib/libvirt/qemu"
447 fowners -R qemu:qemu "${EROOT}/var/cache/libvirt/qemu"
448 elif use qemu; then
449 fowners -R root:root "${EROOT}/var/lib/libvirt/qemu"
450 fowners -R root:root "${EROOT}/var/cache/libvirt/qemu"
451 fi
452
453 if ! use policykit; then
454 elog "To allow normal users to connect to libvirtd you must change the"
455 elog "unix sock group and/or perms in /etc/libvirt/libvirtd.conf"
456 fi
457
458 use libvirtd || return 0
459 # From here, only libvirtd-related instructions, be warned!
460
461 elog
462 elog "For the basic networking support (bridged and routed networks)"
463 elog "you don't need any extra software. For more complex network modes"
464 elog "including but not limited to NATed network, you can enable the"
465 elog "'virt-network' USE flag."
466 elog
467 if has_version net-dns/dnsmasq; then
468 ewarn "If you have a DNS server setup on your machine, you will have"
469 ewarn "to configure /etc/dnsmasq.conf to enable the following settings: "
470 ewarn " bind-interfaces"
471 ewarn " interface or except-interface"
472 ewarn
473 ewarn "Otherwise you might have issues with your existing DNS server."
474 fi
475
476 if use caps && use qemu; then
477 elog "libvirt will now start qemu/kvm VMs with non-root privileges."
478 elog "Ensure any resources your VMs use are accessible by qemu:qemu"
479 fi
480 }
Report Message
Find on MARC Find on Google Groups