Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Matthias Maier <tamiko@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: app-emulation/libvirt/, app-emulation/libvirt/files/
Date: Mon, 01 Jul 2019 14:27:24
Message-Id: 1561991177.46c770404a3482d0cc15d7748f71b5d2118deaba.tamiko@gentoo
1 commit: 46c770404a3482d0cc15d7748f71b5d2118deaba
2 Author: Matthias Maier <tamiko <AT> gentoo <DOT> org>
3 AuthorDate: Mon Jul 1 14:21:04 2019 +0000
4 Commit: Matthias Maier <tamiko <AT> gentoo <DOT> org>
5 CommitDate: Mon Jul 1 14:26:17 2019 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=46c77040
7
8 app-emulation/libvirt: fix apparmor
9
10 Closes: https://bugs.gentoo.org/686702
11 Package-Manager: Portage-2.3.67, Repoman-2.3.16
12 Signed-off-by: Matthias Maier <tamiko <AT> gentoo.org>
13
14 .../libvirt-5.0.0-fix-paths-for-apparmor.patch | 10 +-
15 ... => libvirt-5.2.0-fix-paths-for-apparmor.patch} | 10 +-
16 app-emulation/libvirt/libvirt-5.2.0-r3.ebuild | 388 +++++++++++++++++++++
17 3 files changed, 404 insertions(+), 4 deletions(-)
18
19 diff --git a/app-emulation/libvirt/files/libvirt-5.0.0-fix-paths-for-apparmor.patch b/app-emulation/libvirt/files/libvirt-5.0.0-fix-paths-for-apparmor.patch
20 index ca9f952a823..866c6357b6e 100644
21 --- a/app-emulation/libvirt/files/libvirt-5.0.0-fix-paths-for-apparmor.patch
22 +++ b/app-emulation/libvirt/files/libvirt-5.0.0-fix-paths-for-apparmor.patch
23 @@ -79,7 +79,7 @@ index de9436872c..99ab4ea527 100644
24 #include <abstractions/base>
25
26 # needed for searching directories
27 -@@ -33,7 +33,7 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
28 +@@ -36,7 +36,7 @@
29 deny /dev/mapper/ r,
30 deny /dev/mapper/* r,
31
32 @@ -88,6 +88,13 @@ index de9436872c..99ab4ea527 100644
33 /{usr/,}sbin/apparmor_parser Ux,
34
35 /etc/apparmor.d/libvirt/* r,
36 +@@ -66,5 +66,5 @@
37 + /**.[iI][sS][oO] r,
38 + /**/disk{,.*} r,
39 +
40 +- #include <local/usr.lib.libvirt.virt-aa-helper>
41 ++ #include <local/usr.libexec.virt-aa-helper>
42 + }
43 diff --git a/src/security/apparmor/usr.sbin.libvirtd b/src/security/apparmor/usr.sbin.libvirtd
44 index f0ffc53008..8a402bd6ec 100644
45 --- a/src/security/apparmor/usr.sbin.libvirtd
46 @@ -107,4 +114,3 @@ index f0ffc53008..8a402bd6ec 100644
47
48 --
49 2.19.2
50 -
51
52 diff --git a/app-emulation/libvirt/files/libvirt-5.0.0-fix-paths-for-apparmor.patch b/app-emulation/libvirt/files/libvirt-5.2.0-fix-paths-for-apparmor.patch
53 similarity index 95%
54 copy from app-emulation/libvirt/files/libvirt-5.0.0-fix-paths-for-apparmor.patch
55 copy to app-emulation/libvirt/files/libvirt-5.2.0-fix-paths-for-apparmor.patch
56 index ca9f952a823..866c6357b6e 100644
57 --- a/app-emulation/libvirt/files/libvirt-5.0.0-fix-paths-for-apparmor.patch
58 +++ b/app-emulation/libvirt/files/libvirt-5.2.0-fix-paths-for-apparmor.patch
59 @@ -79,7 +79,7 @@ index de9436872c..99ab4ea527 100644
60 #include <abstractions/base>
61
62 # needed for searching directories
63 -@@ -33,7 +33,7 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
64 +@@ -36,7 +36,7 @@
65 deny /dev/mapper/ r,
66 deny /dev/mapper/* r,
67
68 @@ -88,6 +88,13 @@ index de9436872c..99ab4ea527 100644
69 /{usr/,}sbin/apparmor_parser Ux,
70
71 /etc/apparmor.d/libvirt/* r,
72 +@@ -66,5 +66,5 @@
73 + /**.[iI][sS][oO] r,
74 + /**/disk{,.*} r,
75 +
76 +- #include <local/usr.lib.libvirt.virt-aa-helper>
77 ++ #include <local/usr.libexec.virt-aa-helper>
78 + }
79 diff --git a/src/security/apparmor/usr.sbin.libvirtd b/src/security/apparmor/usr.sbin.libvirtd
80 index f0ffc53008..8a402bd6ec 100644
81 --- a/src/security/apparmor/usr.sbin.libvirtd
82 @@ -107,4 +114,3 @@ index f0ffc53008..8a402bd6ec 100644
83
84 --
85 2.19.2
86 -
87
88 diff --git a/app-emulation/libvirt/libvirt-5.2.0-r3.ebuild b/app-emulation/libvirt/libvirt-5.2.0-r3.ebuild
89 new file mode 100644
90 index 00000000000..6eaa333934d
91 --- /dev/null
92 +++ b/app-emulation/libvirt/libvirt-5.2.0-r3.ebuild
93 @@ -0,0 +1,388 @@
94 +# Copyright 1999-2019 Gentoo Authors
95 +# Distributed under the terms of the GNU General Public License v2
96 +
97 +EAPI=7
98 +
99 +PYTHON_COMPAT=( python3_{5,6,7} )
100 +
101 +inherit autotools bash-completion-r1 eutils linux-info python-any-r1 readme.gentoo-r1 systemd user
102 +
103 +if [[ ${PV} = *9999* ]]; then
104 + inherit git-r3
105 + EGIT_REPO_URI="https://libvirt.org/git/libvirt.git"
106 + SRC_URI=""
107 + KEYWORDS=""
108 + SLOT="0"
109 +else
110 + SRC_URI="https://libvirt.org/sources/${P}.tar.xz"
111 + KEYWORDS="~amd64 ~arm64 ~x86"
112 + SLOT="0/${PV}"
113 +fi
114 +
115 +DESCRIPTION="C toolkit to manipulate virtual machines"
116 +HOMEPAGE="http://www.libvirt.org/"
117 +LICENSE="LGPL-2.1"
118 +IUSE="
119 + apparmor audit +caps +dbus firewalld fuse glusterfs iscsi iscsi-direct
120 + +libvirtd lvm libssh lxc +macvtap nfs nls numa openvz parted pcap phyp
121 + policykit +qemu rbd sasl selinux +udev +vepa virtualbox virt-network
122 + wireshark-plugins xen zeroconf zfs
123 +"
124 +
125 +REQUIRED_USE="
126 + firewalld? ( virt-network )
127 + libvirtd? ( || ( lxc openvz qemu virtualbox xen ) )
128 + lxc? ( caps libvirtd )
129 + openvz? ( libvirtd )
130 + policykit? ( dbus )
131 + qemu? ( libvirtd )
132 + vepa? ( macvtap )
133 + virt-network? ( libvirtd )
134 + virtualbox? ( libvirtd )
135 + xen? ( libvirtd )"
136 +
137 +# gettext.sh command is used by the libvirt command wrappers, and it's
138 +# non-optional, so put it into RDEPEND.
139 +# We can use both libnl:1.1 and libnl:3, but if you have both installed, the
140 +# package will use 3 by default. Since we don't have slot pinning in an API,
141 +# we must go with the most recent
142 +RDEPEND="
143 + app-misc/scrub
144 + dev-libs/libgcrypt:0
145 + dev-libs/libnl:3
146 + >=dev-libs/libxml2-2.7.6
147 + >=net-analyzer/openbsd-netcat-1.105-r1
148 + >=net-libs/gnutls-1.0.25:0=
149 + net-libs/libssh2
150 + net-libs/libtirpc
151 + net-libs/rpcsvc-proto
152 + >=net-misc/curl-7.18.0
153 + sys-apps/dmidecode
154 + >=sys-apps/util-linux-2.17
155 + sys-devel/gettext
156 + sys-libs/ncurses:0=
157 + sys-libs/readline:=
158 + apparmor? ( sys-libs/libapparmor )
159 + audit? ( sys-process/audit )
160 + caps? ( sys-libs/libcap-ng )
161 + dbus? ( sys-apps/dbus )
162 + firewalld? ( >=net-firewall/firewalld-0.6.3 )
163 + fuse? ( >=sys-fs/fuse-2.8.6:= )
164 + glusterfs? ( >=sys-cluster/glusterfs-3.4.1 )
165 + iscsi? ( sys-block/open-iscsi )
166 + iscsi-direct? ( >=net-libs/libiscsi-1.18.0 )
167 + libssh? ( net-libs/libssh )
168 + lvm? ( >=sys-fs/lvm2-2.02.48-r2[-device-mapper-only(-)] )
169 + nfs? ( net-fs/nfs-utils )
170 + numa? (
171 + >sys-process/numactl-2.0.2
172 + sys-process/numad
173 + )
174 + parted? (
175 + >=sys-block/parted-1.8[device-mapper]
176 + sys-fs/lvm2[-device-mapper-only(-)]
177 + )
178 + pcap? ( >=net-libs/libpcap-1.0.0 )
179 + policykit? ( >=sys-auth/polkit-0.9 )
180 + qemu? (
181 + >=app-emulation/qemu-1.5.0
182 + dev-libs/yajl
183 + )
184 + rbd? ( sys-cluster/ceph )
185 + sasl? ( dev-libs/cyrus-sasl )
186 + selinux? ( >=sys-libs/libselinux-2.0.85 )
187 + virt-network? (
188 + net-dns/dnsmasq[script]
189 + net-firewall/ebtables
190 + >=net-firewall/iptables-1.4.10[ipv6]
191 + net-misc/radvd
192 + sys-apps/iproute2[-minimal]
193 + )
194 + virtualbox? ( || ( app-emulation/virtualbox >=app-emulation/virtualbox-bin-2.2.0 ) )
195 + wireshark-plugins? ( net-analyzer/wireshark:= )
196 + xen? (
197 + >=app-emulation/xen-4.6.0
198 + app-emulation/xen-tools:=
199 + )
200 + udev? (
201 + virtual/udev
202 + >=x11-libs/libpciaccess-0.10.9
203 + )
204 + zeroconf? ( >=net-dns/avahi-0.6[dbus] )
205 + zfs? ( sys-fs/zfs )"
206 +
207 +DEPEND="${RDEPEND}
208 + ${PYTHON_DEPS}
209 + app-text/xhtml1
210 + dev-lang/perl
211 + dev-libs/libxslt
212 + dev-perl/XML-XPath
213 + virtual/pkgconfig"
214 +
215 +PATCHES=(
216 + "${FILESDIR}"/${PN}-5.2.0-do-not-use-sysconf.patch
217 + "${FILESDIR}"/${PN}-1.2.16-fix_paths_in_libvirt-guests_sh.patch
218 + "${FILESDIR}"/${PN}-5.2.0-fix-paths-for-apparmor.patch
219 + "${FILESDIR}"/${PN}-5.2.0-md-clear.patch
220 +)
221 +
222 +pkg_setup() {
223 + if use qemu; then
224 + enewgroup qemu 77
225 + enewuser qemu 77 -1 -1 "qemu,kvm"
226 + fi
227 +
228 + use policykit && enewgroup libvirt
229 +
230 + # Check kernel configuration:
231 + CONFIG_CHECK=""
232 + use fuse && CONFIG_CHECK+="
233 + ~FUSE_FS"
234 +
235 + use lvm && CONFIG_CHECK+="
236 + ~BLK_DEV_DM
237 + ~DM_MULTIPATH
238 + ~DM_SNAPSHOT"
239 +
240 + use lxc && CONFIG_CHECK+="
241 + ~BLK_CGROUP
242 + ~CGROUP_CPUACCT
243 + ~CGROUP_DEVICE
244 + ~CGROUP_FREEZER
245 + ~CGROUP_NET_PRIO
246 + ~CGROUP_PERF
247 + ~CGROUPS
248 + ~CGROUP_SCHED
249 + ~CPUSETS
250 + ~IPC_NS
251 + ~MACVLAN
252 + ~NAMESPACES
253 + ~NET_CLS_CGROUP
254 + ~NET_NS
255 + ~PID_NS
256 + ~POSIX_MQUEUE
257 + ~SECURITYFS
258 + ~USER_NS
259 + ~UTS_NS
260 + ~VETH
261 + ~!GRKERNSEC_CHROOT_MOUNT
262 + ~!GRKERNSEC_CHROOT_DOUBLE
263 + ~!GRKERNSEC_CHROOT_PIVOT
264 + ~!GRKERNSEC_CHROOT_CHMOD
265 + ~!GRKERNSEC_CHROOT_CAPS"
266 +
267 + kernel_is lt 4 7 && use lxc && CONFIG_CHECK+="
268 + ~DEVPTS_MULTIPLE_INSTANCES"
269 +
270 + use macvtap && CONFIG_CHECK+="
271 + ~MACVTAP"
272 +
273 + use virt-network && CONFIG_CHECK+="
274 + ~BRIDGE_EBT_MARK_T
275 + ~BRIDGE_NF_EBTABLES
276 + ~NETFILTER_ADVANCED
277 + ~NETFILTER_XT_CONNMARK
278 + ~NETFILTER_XT_MARK
279 + ~NETFILTER_XT_TARGET_CHECKSUM
280 + ~IP_NF_FILTER
281 + ~IP_NF_MANGLE
282 + ~IP_NF_NAT
283 + ~IP_NF_TARGET_MASQUERADE
284 + ~IP6_NF_FILTER
285 + ~IP6_NF_MANGLE
286 + ~IP6_NF_NAT"
287 + # Bandwidth Limiting Support
288 + use virt-network && CONFIG_CHECK+="
289 + ~BRIDGE_EBT_T_NAT
290 + ~IP_NF_TARGET_REJECT
291 + ~NET_ACT_POLICE
292 + ~NET_CLS_FW
293 + ~NET_CLS_U32
294 + ~NET_SCH_HTB
295 + ~NET_SCH_INGRESS
296 + ~NET_SCH_SFQ"
297 +
298 + # Handle specific kernel versions for different features
299 + kernel_is lt 3 6 && CONFIG_CHECK+=" ~CGROUP_MEM_RES_CTLR"
300 + if kernel_is ge 3 6; then
301 + CONFIG_CHECK+=" ~MEMCG ~MEMCG_SWAP "
302 + kernel_is lt 4 5 && CONFIG_CHECK+=" ~MEMCG_KMEM "
303 + fi
304 +
305 + ERROR_USER_NS="Optional depending on LXC configuration."
306 +
307 + if [[ -n ${CONFIG_CHECK} ]]; then
308 + linux-info_pkg_setup
309 + fi
310 +}
311 +
312 +src_prepare() {
313 + touch "${S}/.mailmap"
314 +
315 + default
316 +
317 + if [[ ${PV} = *9999* ]]; then
318 + # Reinitialize submodules as this is required for gnulib's bootstrap
319 + git submodule init
320 + # git checkouts require bootstrapping to create the configure script.
321 + # Additionally the submodules must be cloned to the right locations
322 + # bug #377279
323 + ./bootstrap || die "bootstrap failed"
324 + (
325 + git submodule status .gnulib | awk '{ print $1 }'
326 + git hash-object bootstrap.conf
327 + git ls-tree -d HEAD gnulib/local | awk '{ print $3 }'
328 + ) >.git-module-status
329 + fi
330 +
331 + # Tweak the init script:
332 + cp "${FILESDIR}/libvirtd.init-r17" "${S}/libvirtd.init" || die
333 + sed -e "s/USE_FLAG_FIREWALLD/$(usex firewalld 'need firewalld' '')/" \
334 + -e "s/USE_FLAG_AVAHI/$(usex zeroconf 'use avahi-daemon' '')/" \
335 + -e "s/USE_FLAG_ISCSI/$(usex iscsi 'use iscsid' '')/" \
336 + -e "s/USE_FLAG_RBD/$(usex rbd 'use ceph' '')/" \
337 + -i "${S}/libvirtd.init" || die "sed failed"
338 +
339 + eautoreconf
340 +}
341 +
342 +src_configure() {
343 + local myeconfargs=(
344 + $(use_with apparmor)
345 + $(use_with apparmor apparmor-profiles)
346 + $(use_with audit)
347 + $(use_with caps capng)
348 + $(use_with dbus)
349 + $(use_with firewalld)
350 + $(use_with fuse)
351 + $(use_with glusterfs)
352 + $(use_with glusterfs storage-gluster)
353 + $(use_with iscsi storage-iscsi)
354 + $(use_with iscsi-direct storage-iscsi-direct)
355 + $(use_with libvirtd)
356 + $(use_with libssh)
357 + $(use_with lvm storage-lvm)
358 + $(use_with lvm storage-mpath)
359 + $(use_with lxc)
360 + $(use_with macvtap)
361 + $(use_enable nls)
362 + $(use_with numa numactl)
363 + $(use_with numa numad)
364 + $(use_with openvz)
365 + $(use_with parted storage-disk)
366 + $(use_with pcap libpcap)
367 + $(use_with phyp)
368 + $(use_with policykit polkit)
369 + $(use_with qemu)
370 + $(use_with qemu yajl)
371 + $(use_with rbd storage-rbd)
372 + $(use_with sasl)
373 + $(use_with selinux)
374 + $(use_with udev)
375 + $(use_with vepa virtualport)
376 + $(use_with virt-network network)
377 + $(use_with wireshark-plugins wireshark-dissector)
378 + $(use_with xen libxl)
379 + $(use_with zeroconf avahi)
380 + $(use_with zfs storage-zfs)
381 +
382 + --without-hal
383 + --without-netcf
384 + --without-sanlock
385 +
386 + --with-esx
387 + --with-init-script=systemd
388 + --with-qemu-group=$(usex caps qemu root)
389 + --with-qemu-user=$(usex caps qemu root)
390 + --with-remote
391 + --with-storage-fs
392 + --with-vmware
393 +
394 + --disable-static
395 + --disable-werror
396 +
397 + --with-html-subdir=${PF}/html
398 + --localstatedir=/var
399 + )
400 +
401 + if use virtualbox && has_version app-emulation/virtualbox-ose; then
402 + myeconfargs+=( --with-vbox=/usr/lib/virtualbox-ose/ )
403 + else
404 + myeconfargs+=( $(use_with virtualbox vbox) )
405 + fi
406 +
407 + econf "${myeconfargs[@]}"
408 +
409 + if [[ ${PV} = *9999* ]]; then
410 + # Restore gnulib's config.sub and config.guess
411 + # bug #377279
412 + (cd .gnulib && git reset --hard > /dev/null)
413 + fi
414 +}
415 +
416 +src_test() {
417 + cd "${BUILD_DIR}"
418 +
419 + # remove problematic tests, bug #591416, bug #591418
420 + sed -i -e 's#commandtest$(EXEEXT) # #' \
421 + -e 's#virfirewalltest$(EXEEXT) # #' \
422 + -e 's#nwfilterebiptablestest$(EXEEXT) # #' \
423 + -e 's#nwfilterxml2firewalltest$(EXEEXT)$##' \
424 + tests/Makefile
425 +
426 + export VIR_TEST_DEBUG=1
427 + HOME="${T}" emake check || die "tests failed"
428 +}
429 +
430 +src_install() {
431 + emake DESTDIR="${D}" \
432 + SYSTEMD_UNIT_DIR="$(systemd_get_systemunitdir)" install
433 +
434 + find "${D}" -name '*.la' -delete || die
435 +
436 + # Remove bogus, empty directories. They are either not used, or
437 + # libvirtd is able to create them on demand
438 + rm -rf "${D}"/etc/sysconfig
439 + rm -rf "${D}"/var
440 +
441 + use libvirtd || return 0
442 + # From here, only libvirtd-related instructions, be warned!
443 +
444 + systemd_install_serviced \
445 + "${FILESDIR}"/libvirtd.service.conf libvirtd.service
446 +
447 + systemd_newtmpfilesd "${FILESDIR}"/libvirtd.tmpfiles.conf libvirtd.conf
448 +
449 + newinitd "${S}/libvirtd.init" libvirtd || die
450 + newinitd "${FILESDIR}/libvirt-guests.init-r3" libvirt-guests || die
451 + newinitd "${FILESDIR}/virtlockd.init-r1" virtlockd || die
452 + newinitd "${FILESDIR}/virtlogd.init-r1" virtlogd || die
453 +
454 + newconfd "${FILESDIR}/libvirtd.confd-r5" libvirtd || die
455 + newconfd "${FILESDIR}/libvirt-guests.confd" libvirt-guests || die
456 +
457 + newbashcomp "${S}/tools/bash-completion/vsh" virsh
458 + bashcomp_alias virsh virt-admin
459 +
460 + DOC_CONTENTS=$(<"${FILESDIR}/README.gentoo-r2")
461 + DISABLE_AUTOFORMATTING=true
462 + readme.gentoo_create_doc
463 +}
464 +
465 +pkg_preinst() {
466 + # we only ever want to generate this once
467 + if [[ -e "${ROOT}"/etc/libvirt/qemu/networks/default.xml ]]; then
468 + rm -rf "${D}"/etc/libvirt/qemu/networks/default.xml
469 + fi
470 +}
471 +
472 +pkg_postinst() {
473 + if [[ -e "${ROOT}"/etc/libvirt/qemu/networks/default.xml ]]; then
474 + touch "${ROOT}"/etc/libvirt/qemu/networks/default.xml
475 + fi
476 +
477 + use libvirtd || return 0
478 + # From here, only libvirtd-related instructions, be warned!
479 +
480 + readme.gentoo_print_elog
481 +}
Report Message
Find on MARC Find on Google Groups