1 |
commit: fee80067dca04cacb1a09290044fcbbadfdbd3cb |
2 |
Author: Matthias Maier <tamiko <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Dec 22 16:07:19 2015 +0000 |
4 |
Commit: Matthias Maier <tamiko <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Dec 22 16:13:50 2015 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fee80067 |
7 |
|
8 |
app-emulation/libvirt: remove vulnerable 1.2.18 (CVE-2015-5313, bug #568870) |
9 |
|
10 |
This is a cleanup for CVE-2015-5313 bug 568870. |
11 |
|
12 |
Gentoo-Bugs: 568870 |
13 |
|
14 |
Package-Manager: portage-2.2.26 |
15 |
|
16 |
app-emulation/libvirt/Manifest | 1 - |
17 |
app-emulation/libvirt/files/libvirtd.confd-r4 | 43 --- |
18 |
app-emulation/libvirt/files/libvirtd.init-r14 | 139 ------- |
19 |
app-emulation/libvirt/libvirt-1.2.18-r1.ebuild | 480 ------------------------- |
20 |
4 files changed, 663 deletions(-) |
21 |
|
22 |
diff --git a/app-emulation/libvirt/Manifest b/app-emulation/libvirt/Manifest |
23 |
index 6914572..fad874c 100644 |
24 |
--- a/app-emulation/libvirt/Manifest |
25 |
+++ b/app-emulation/libvirt/Manifest |
26 |
@@ -1,3 +1,2 @@ |
27 |
-DIST libvirt-1.2.18.tar.gz 29412554 SHA256 d5a5ff18af4cced21fed986d28fa0a21b782d256920326bf0ff1c7731eeb6ade SHA512 e89d494066ebec4de4c9a53089f015635b7b5ccf4a10ab9749883cc81f6f9607b18ca91a1bd01a9cdacb3a46de86223f0432fae3954106cb92dd275e5b4138c5 WHIRLPOOL dbbbd627ccb9be154bc680407898cd32dfdbc218a67f54560e6b0f0200cbc157a9aa05834de5d9d23e3b6da0625fd5943b4c8e38f8bb9a6ff920bc5820287bfc |
28 |
DIST libvirt-1.2.21-20151222.tar.xz 1684 SHA256 6c97f288470ec58bcbe98507563c6a191892c6f8813a7b9688c09b823934cbe5 SHA512 4fd43f0e12434b78ac3e671ad8eb0e402d384cff6278f6d0db322a068c2c8807c7c7f7e5774aa9d19e2a85e49f6d9888908b32fca5fc04980134edaccba0afe2 WHIRLPOOL 2bfbc3cbf1ca44a2bb06ddf2e8eabeb116165560b9c73d649d7b8cc9baba851f5e9246414bfc2c4740f27d0d0d42b6176eaec43b05e8c1e54de2804150c2cde1 |
29 |
DIST libvirt-1.2.21.tar.gz 29848954 SHA256 8d406582f5fe88d739d1d83e0ba7ac7f91f5a8da4be82162ab85631744d8925b SHA512 5c15d0ba5d75c13f735c6a60dfdbad007426f77e113f95894d520f7fc358fa4361d5cce7bb9a548a436f323b845f13b8940abbad568b8b146418430068bb970e WHIRLPOOL d53bbb07c85b3aa2d9b0f38ff2edd3cd0a2a5300627f3e2f0a82bc057303617cab9d6f1d8a9a771bd968b0496d38d3a39a0154f88bdca44dda359a65fdc2c650 |
30 |
|
31 |
diff --git a/app-emulation/libvirt/files/libvirtd.confd-r4 b/app-emulation/libvirt/files/libvirtd.confd-r4 |
32 |
deleted file mode 100644 |
33 |
index 48ab125..0000000 |
34 |
--- a/app-emulation/libvirt/files/libvirtd.confd-r4 |
35 |
+++ /dev/null |
36 |
@@ -1,43 +0,0 @@ |
37 |
-# /etc/conf.d/libvirtd |
38 |
- |
39 |
-# Startup dependency |
40 |
-# libvirtd typically requires all networks to be up and settled which |
41 |
-# is what rc_need="net" provides. However if you only use specific networks |
42 |
-# for libvirtd, you may override this. Or if you only use libvirtd locally. |
43 |
-rc_need="net" |
44 |
- |
45 |
-# LIBVIRTD_OPTS |
46 |
-# You may want to add '--listen' to have libvirtd listen for tcp/ip connections |
47 |
-# if you want to use libvirt for remote control |
48 |
-# Please consult 'libvirtd --help' for more options |
49 |
-#LIBVIRTD_OPTS="--listen" |
50 |
- |
51 |
-# LIBVIRTD_KVM_SHUTDOWN |
52 |
-# Valid options: |
53 |
-# * shutdown - Sends an ACPI shutdown (think when you tap the power button |
54 |
-# on your machine and it begins a graceful shutdown). If your |
55 |
-# VM ignores this, it will have the power yanked out from under |
56 |
-# it in LIBVIRTD_KVM_SHUTDOWN_MAXWAIT seconds. |
57 |
-# * managedsave - Performs a state save external to the VM. qemu-kvm will stop |
58 |
-# stop the CPU and save off all state to a separate file. When |
59 |
-# the machine is started again, it will resume like nothing ever |
60 |
-# happened. This is guarenteed to always successfully stop your |
61 |
-# machine and restart it. However it may take some time to finish. |
62 |
-# * none - No attempts will be made to stop any VMs. If you are restarting your |
63 |
-# machine the qemu-kvm process will be simply killed, which may result |
64 |
-# in your VMs having disk corruption. |
65 |
-LIBVIRTD_KVM_SHUTDOWN="managedsave" |
66 |
- |
67 |
-# LIBVIRTD_KVM_SHUTDOWN_MAXWAIT |
68 |
-# Timeout in seconds until stopping libvirtd and "pulling the plug" on the |
69 |
-# remaining VM's still in a running state |
70 |
-#LIBVIRTD_KVM_SHUTDOWN_MAXWAIT="500" |
71 |
- |
72 |
-# LIBVIRTD_KVM_NET_SHUTDOWN |
73 |
-# If libvirtd created networks for you (e.g. NATed networks) then this init |
74 |
-# script will shut them down for you if this is set to 'yes'. Otherwise, |
75 |
-# the networks will be left running once libvirt is shutdown. For this |
76 |
-# option to be useful you must have enabled the 'virt-network' USE flag and |
77 |
-# have had libvirt create a NATed network for you. |
78 |
-# Valid values: 'yes' or 'no' |
79 |
-#LIBVIRTD_KVM_NET_SHUTDOWN="yes" |
80 |
|
81 |
diff --git a/app-emulation/libvirt/files/libvirtd.init-r14 b/app-emulation/libvirt/files/libvirtd.init-r14 |
82 |
deleted file mode 100644 |
83 |
index 7bab682..0000000 |
84 |
--- a/app-emulation/libvirt/files/libvirtd.init-r14 |
85 |
+++ /dev/null |
86 |
@@ -1,139 +0,0 @@ |
87 |
-#!/sbin/runscript |
88 |
- |
89 |
-description="Virtual Machine Management daemon (libvirt)" |
90 |
-extra_started_commands="reload halt" |
91 |
-description_halt="Stops the libvirt daemon without stopping your VMs" |
92 |
-description_reload="Restarts the libvirt daemon without stopping your VMs" |
93 |
- |
94 |
-depend() { |
95 |
- USE_FLAG_FIREWALLD |
96 |
- use USE_FLAG_AVAHI USE_FLAG_ISCSI USE_FLAG_RBD dbus virtlockd |
97 |
- after ntp-client ntpd nfs nfsmount portmap rpc.statd iptables ip6tables ebtables corosync sanlock cgconfig xenconsoled |
98 |
-} |
99 |
- |
100 |
-libvirtd_virsh() { |
101 |
- local mode=$1 |
102 |
- shift |
103 |
- |
104 |
- # Silence errors because virsh always throws an error about |
105 |
- # not finding the hypervisor version when connecting to libvirtd |
106 |
- LC_ALL=C virsh -c ${mode}:///system "$@" 2>/dev/null |
107 |
-} |
108 |
- |
109 |
-libvirtd_dom_list() { |
110 |
- # Make sure that it wouldn't be confused if the domain name |
111 |
- # contains the word running. |
112 |
- libvirtd_virsh $1 list | awk '$3 == "running" { print $1 }' |
113 |
-} |
114 |
- |
115 |
-libvirtd_dom_count() { |
116 |
- # Make sure that it wouldn't be confused if the domain name |
117 |
- # contains the word running. |
118 |
- libvirtd_virsh $1 list | awk 'BEGIN { count = 0 } \ |
119 |
- $3 == "running" { count++ } \ |
120 |
- END { print count }' |
121 |
-} |
122 |
- |
123 |
-libvirtd_net_list() { |
124 |
- # The purpose of the awk is to avoid networks with 'active' in the name |
125 |
- libvirtd_virsh $1 net-list | awk '$2 == "active" { print $1 }' |
126 |
-} |
127 |
- |
128 |
-libvirtd_net_count() { |
129 |
- # The purpose of the awk is to avoid networks with 'active' in the name |
130 |
- libvirtd_virsh $1 net-list | awk 'BEGIN { count = 0 } \ |
131 |
- $2 == "active" { count++ } \ |
132 |
- END { print count }' |
133 |
-} |
134 |
- |
135 |
- |
136 |
-start() { |
137 |
- # Test configuration directories in /etc/libvirt/ to be either not |
138 |
- # present or a directory, i.e. not a regular file, bug #532892 |
139 |
- for dir in lxc nwfilter qemu storage; do |
140 |
- if [ -f /etc/libvirt/$dir ]; then |
141 |
- eerror "/etc/libvirt/$dir was created as a regular file. It must be either" |
142 |
- eerror "a directory or not present for libvirtd to start up successfully." |
143 |
- return 1 |
144 |
- fi |
145 |
- done |
146 |
- |
147 |
- ebegin "Starting libvirtd" |
148 |
- start-stop-daemon --start \ |
149 |
- --env KRB5_KTNAME=/etc/libvirt/krb5.tab \ |
150 |
- --exec /usr/sbin/libvirtd -- -d ${LIBVIRTD_OPTS} |
151 |
- eend $? |
152 |
-} |
153 |
- |
154 |
-stop() { |
155 |
- local counter= |
156 |
- local vm_name= |
157 |
- local net_name= |
158 |
- local dom_id= |
159 |
- |
160 |
- ebegin "Stopping libvirtd" |
161 |
- # try to shutdown all (KVM/Qemu) domains |
162 |
- if [ "${LIBVIRTD_KVM_SHUTDOWN}" != "none" ] \ |
163 |
- && [ "$(libvirtd_dom_count qemu)" != "0" ] ; then |
164 |
- |
165 |
- einfo " Shutting down domain(s):" |
166 |
- for dom_id in $(libvirtd_dom_list qemu) ; do |
167 |
- vm_name="$(libvirtd_virsh qemu domname ${dom_id} | head -n 1)" |
168 |
- einfo " ${vm_name}" |
169 |
- libvirtd_virsh qemu ${LIBVIRTD_KVM_SHUTDOWN} ${dom_id} > /dev/null |
170 |
- done |
171 |
- |
172 |
- if [ -n "${LIBVIRTD_KVM_SHUTDOWN_MAXWAIT}" ] ; then |
173 |
- counter="${LIBVIRTD_KVM_SHUTDOWN_MAXWAIT}" |
174 |
- else |
175 |
- counter=500 |
176 |
- fi |
177 |
- |
178 |
- if [ "${LIBVIRTD_KVM_SHUTDOWN}" = "shutdown" ]; then |
179 |
- einfo " Waiting ${counter} seconds while domains shutdown ..." |
180 |
- DOM_COUNT="$(libvirtd_dom_count qemu)" |
181 |
- while [ ${DOM_COUNT} -gt 0 ] && [ ${counter} -gt 0 ] ; do |
182 |
- DOM_COUNT="$(libvirtd_dom_count qemu)" |
183 |
- sleep 1 |
184 |
- counter=$((${counter} - 1)) |
185 |
- echo -n "." |
186 |
- done |
187 |
- fi |
188 |
- |
189 |
- if [ "$(libvirtd_dom_count qemu)" != "0" ] ; then |
190 |
- eerror " !!! Some guests are still running, stopping anyway" |
191 |
- fi |
192 |
- |
193 |
- fi |
194 |
- |
195 |
- if [ "${LIBVIRTD_KVM_NET_SHUTDOWN}" != "no" ] \ |
196 |
- && [ "$(libvirtd_net_count qemu)" != "0" ]; then |
197 |
- |
198 |
- einfo " Shutting down network(s):" |
199 |
- for net_name in $(libvirtd_net_list qemu); do |
200 |
- einfo " ${net_name}" |
201 |
- libvirtd_virsh qemu net-destroy ${net_name} > /dev/null |
202 |
- done |
203 |
- |
204 |
- if [ "$(libvirtd_net_count qemu)" != "0" ]; then |
205 |
- eerror " !!! Some networks are still active, stopping anyway" |
206 |
- fi |
207 |
- fi |
208 |
- |
209 |
- # Now actually stop the daemon |
210 |
- start-stop-daemon --stop --quiet --exec \ |
211 |
- /usr/sbin/libvirtd --pidfile=/var/run/libvirtd.pid |
212 |
- eend $? |
213 |
-} |
214 |
- |
215 |
-halt() { |
216 |
- ebegin "Stopping libvirtd without shutting down your VMs" |
217 |
- start-stop-daemon --stop --quiet --exec \ |
218 |
- /usr/sbin/libvirtd --pidfile=/var/run/libvirtd.pid |
219 |
- eend $? |
220 |
-} |
221 |
- |
222 |
-reload() { |
223 |
- halt |
224 |
- start |
225 |
-} |
226 |
|
227 |
diff --git a/app-emulation/libvirt/libvirt-1.2.18-r1.ebuild b/app-emulation/libvirt/libvirt-1.2.18-r1.ebuild |
228 |
deleted file mode 100644 |
229 |
index ed48d83..0000000 |
230 |
--- a/app-emulation/libvirt/libvirt-1.2.18-r1.ebuild |
231 |
+++ /dev/null |
232 |
@@ -1,480 +0,0 @@ |
233 |
-# Copyright 1999-2015 Gentoo Foundation |
234 |
-# Distributed under the terms of the GNU General Public License v2 |
235 |
-# $Id$ |
236 |
- |
237 |
-EAPI=5 |
238 |
- |
239 |
-AUTOTOOLIZE=yes |
240 |
- |
241 |
-MY_P="${P/_rc/-rc}" |
242 |
- |
243 |
-inherit eutils user autotools linux-info systemd readme.gentoo |
244 |
- |
245 |
-BACKPORTS="" |
246 |
- |
247 |
-if [[ ${PV} = *9999* ]]; then |
248 |
- inherit git-r3 |
249 |
- EGIT_REPO_URI="git://libvirt.org/libvirt.git" |
250 |
- SRC_URI="" |
251 |
- KEYWORDS="" |
252 |
- SLOT="0" |
253 |
-else |
254 |
- # Versions with 4 numbers are stable updates: |
255 |
- if [[ ${PV} =~ ^[0-9]+(\.[0-9]+){3} ]]; then |
256 |
- SRC_URI="http://libvirt.org/sources/stable_updates/${MY_P}.tar.gz" |
257 |
- else |
258 |
- SRC_URI="http://libvirt.org/sources/${MY_P}.tar.gz" |
259 |
- fi |
260 |
- SRC_URI+=" ${BACKPORTS:+ |
261 |
- https://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz |
262 |
- https://dev.gentoo.org/~tamiko/distfiles/${P}-${BACKPORTS}.tar.xz}" |
263 |
- KEYWORDS="amd64 x86" |
264 |
- SLOT="0/${PV}" |
265 |
-fi |
266 |
-S="${WORKDIR}/${P%_rc*}" |
267 |
- |
268 |
-DESCRIPTION="C toolkit to manipulate virtual machines" |
269 |
-HOMEPAGE="http://www.libvirt.org/" |
270 |
-LICENSE="LGPL-2.1" |
271 |
-# TODO: Reenable IUSE wireshark-plugins |
272 |
-IUSE="apparmor audit avahi +caps firewalld fuse glusterfs iscsi +libvirtd lvm \ |
273 |
- lxc +macvtap nfs nls numa openvz parted pcap phyp policykit +qemu rbd sasl \ |
274 |
- selinux +udev uml +vepa virtualbox virt-network wireshark-plugins xen \ |
275 |
- elibc_glibc systemd" |
276 |
-REQUIRED_USE="libvirtd? ( || ( lxc openvz qemu uml virtualbox xen ) ) |
277 |
- lxc? ( caps libvirtd ) |
278 |
- openvz? ( libvirtd ) |
279 |
- qemu? ( libvirtd ) |
280 |
- uml? ( libvirtd ) |
281 |
- vepa? ( macvtap ) |
282 |
- virtualbox? ( libvirtd ) |
283 |
- xen? ( libvirtd ) |
284 |
- virt-network? ( libvirtd ) |
285 |
- firewalld? ( virt-network )" |
286 |
- |
287 |
-# gettext.sh command is used by the libvirt command wrappers, and it's |
288 |
-# non-optional, so put it into RDEPEND. |
289 |
-# We can use both libnl:1.1 and libnl:3, but if you have both installed, the |
290 |
-# package will use 3 by default. Since we don't have slot pinning in an API, |
291 |
-# we must go with the most recent |
292 |
-RDEPEND="sys-libs/readline:= |
293 |
- sys-libs/ncurses:0= |
294 |
- >=net-misc/curl-7.18.0 |
295 |
- net-firewall/ebtables |
296 |
- >=net-firewall/iptables-1.4.10[ipv6] |
297 |
- dev-libs/libgcrypt:0 |
298 |
- >=dev-libs/libxml2-2.7.6 |
299 |
- dev-libs/libnl:3 |
300 |
- >=net-libs/gnutls-1.0.25 |
301 |
- net-libs/libssh2 |
302 |
- sys-apps/dmidecode |
303 |
- >=sys-apps/util-linux-2.17 |
304 |
- sys-devel/gettext |
305 |
- >=net-analyzer/netcat6-1.0-r2 |
306 |
- app-misc/scrub |
307 |
- apparmor? ( sys-libs/libapparmor ) |
308 |
- audit? ( sys-process/audit ) |
309 |
- avahi? ( >=net-dns/avahi-0.6[dbus] ) |
310 |
- caps? ( sys-libs/libcap-ng ) |
311 |
- fuse? ( >=sys-fs/fuse-2.8.6 ) |
312 |
- glusterfs? ( >=sys-cluster/glusterfs-3.4.1 ) |
313 |
- iscsi? ( sys-block/open-iscsi ) |
314 |
- lxc? ( !systemd? ( sys-power/pm-utils ) ) |
315 |
- lvm? ( >=sys-fs/lvm2-2.02.48-r2 ) |
316 |
- nfs? ( net-fs/nfs-utils ) |
317 |
- numa? ( |
318 |
- >sys-process/numactl-2.0.2 |
319 |
- sys-process/numad |
320 |
- ) |
321 |
- openvz? ( sys-kernel/openvz-sources:* ) |
322 |
- parted? ( |
323 |
- >=sys-block/parted-1.8[device-mapper] |
324 |
- sys-fs/lvm2 |
325 |
- ) |
326 |
- pcap? ( >=net-libs/libpcap-1.0.0 ) |
327 |
- policykit? ( >=sys-auth/polkit-0.9 ) |
328 |
- qemu? ( |
329 |
- >=app-emulation/qemu-0.13.0 |
330 |
- dev-libs/yajl |
331 |
- !systemd? ( sys-power/pm-utils ) |
332 |
- ) |
333 |
- rbd? ( sys-cluster/ceph ) |
334 |
- sasl? ( dev-libs/cyrus-sasl ) |
335 |
- selinux? ( >=sys-libs/libselinux-2.0.85 ) |
336 |
- systemd? ( sys-apps/systemd ) |
337 |
- virtualbox? ( || ( app-emulation/virtualbox >=app-emulation/virtualbox-bin-2.2.0 ) ) |
338 |
- wireshark-plugins? ( net-analyzer/wireshark:= ) |
339 |
- xen? ( app-emulation/xen-tools:= app-emulation/xen ) |
340 |
- udev? ( virtual/udev >=x11-libs/libpciaccess-0.10.9 ) |
341 |
- virt-network? ( net-dns/dnsmasq[script] |
342 |
- net-misc/radvd |
343 |
- sys-apps/iproute2[-minimal] |
344 |
- firewalld? ( net-firewall/firewalld ) |
345 |
- ) |
346 |
- elibc_glibc? ( || ( >=net-libs/libtirpc-0.2.2-r1 <sys-libs/glibc-2.14 ) )" |
347 |
- |
348 |
-DEPEND="${RDEPEND} |
349 |
- virtual/pkgconfig |
350 |
- app-text/xhtml1 |
351 |
- dev-lang/perl |
352 |
- dev-perl/XML-XPath |
353 |
- dev-libs/libxslt" |
354 |
- |
355 |
-# gentoo.readme stuff: |
356 |
-DISABLE_AUTOFORMATTING=true |
357 |
-DOC_CONTENTS="For the basic networking support (bridged and routed networks) you don't |
358 |
-need any extra software. For more complex network modes including but not |
359 |
-limited to NATed network, you can enable the 'virt-network' USE flag. |
360 |
- |
361 |
-If you are using dnsmasq on your system, you will have to configure |
362 |
-/etc/dnsmasq.conf to enable the following settings: |
363 |
- bind-interfaces |
364 |
- interface or except-interface |
365 |
-Otherwise you might have issues with your existing DNS server. |
366 |
- |
367 |
-For openrc users: |
368 |
- |
369 |
- Please use /etc/conf.d/libvirtd to control the '--listen' parameter for |
370 |
- libvirtd. |
371 |
- |
372 |
- The default configuration will suspend and resume running kvm guests |
373 |
- with 'managedsave'. This behavior can be changed under |
374 |
- /etc/conf.d/libvirtd |
375 |
- |
376 |
-For systemd users: |
377 |
- |
378 |
- Please use /etc/systemd/system/libvirtd.service.d/00gentoo.conf |
379 |
- to control the '--listen' parameter for libvirtd. |
380 |
- |
381 |
- The configuration for the 'libvirt-guests.service' is found under |
382 |
- /etc/libvirt/libvirt-guests.conf" |
383 |
- |
384 |
-! use policykit && DOC_CONTENTS+=" |
385 |
- |
386 |
-To allow normal users to connect to libvirtd you must change the unix sock |
387 |
-group and/or perms in /etc/libvirt/libvirtd.conf" |
388 |
- |
389 |
-use caps && use qemu && DOC_CONTENTS+=" |
390 |
- |
391 |
-libvirt will now start qemu/kvm VMs with non-root privileges. Ensure any |
392 |
-resources your VMs use are accessible by qemu:qemu" |
393 |
- |
394 |
-LXC_CONFIG_CHECK=" |
395 |
- ~CGROUPS |
396 |
- ~CGROUP_FREEZER |
397 |
- ~CGROUP_DEVICE |
398 |
- ~CGROUP_CPUACCT |
399 |
- ~CGROUP_SCHED |
400 |
- ~CGROUP_PERF |
401 |
- ~BLK_CGROUP |
402 |
- ~NET_CLS_CGROUP |
403 |
- ~CGROUP_NET_PRIO |
404 |
- ~CPUSETS |
405 |
- ~NAMESPACES |
406 |
- ~UTS_NS |
407 |
- ~IPC_NS |
408 |
- ~PID_NS |
409 |
- ~NET_NS |
410 |
- ~USER_NS |
411 |
- ~DEVPTS_MULTIPLE_INSTANCES |
412 |
- ~VETH |
413 |
- ~MACVLAN |
414 |
- ~POSIX_MQUEUE |
415 |
- ~SECURITYFS |
416 |
- ~!GRKERNSEC_CHROOT_MOUNT |
417 |
- ~!GRKERNSEC_CHROOT_DOUBLE |
418 |
- ~!GRKERNSEC_CHROOT_PIVOT |
419 |
- ~!GRKERNSEC_CHROOT_CHMOD |
420 |
- ~!GRKERNSEC_CHROOT_CAPS |
421 |
-" |
422 |
- |
423 |
-VIRTNET_CONFIG_CHECK=" |
424 |
- ~BRIDGE_NF_EBTABLES |
425 |
- ~BRIDGE_EBT_MARK_T |
426 |
- ~NETFILTER_ADVANCED |
427 |
- ~NETFILTER_XT_TARGET_CHECKSUM |
428 |
- ~NETFILTER_XT_CONNMARK |
429 |
- ~NETFILTER_XT_MARK |
430 |
-" |
431 |
- |
432 |
-BWLMT_CONFIG_CHECK=" |
433 |
- ~BRIDGE_EBT_T_NAT |
434 |
- ~NET_SCH_HTB |
435 |
- ~NET_SCH_SFQ |
436 |
- ~NET_SCH_INGRESS |
437 |
- ~NET_CLS_FW |
438 |
- ~NET_CLS_U32 |
439 |
- ~NET_ACT_POLICE |
440 |
-" |
441 |
- |
442 |
-MACVTAP_CONFIG_CHECK=" ~MACVTAP" |
443 |
- |
444 |
-LVM_CONFIG_CHECK=" ~BLK_DEV_DM ~DM_SNAPSHOT ~DM_MULTIPATH" |
445 |
- |
446 |
-ERROR_USER_NS="Optional depending on LXC configuration." |
447 |
- |
448 |
-pkg_setup() { |
449 |
- enewgroup qemu 77 |
450 |
- enewuser qemu 77 -1 -1 qemu kvm |
451 |
- |
452 |
- # Some people used the masked ebuild which was not adding the qemu |
453 |
- # user to the kvm group originally. This results in VMs failing to |
454 |
- # start for some users. bug #430808 |
455 |
- egetent group kvm | grep -q qemu |
456 |
- if [[ $? -ne 0 ]]; then |
457 |
- gpasswd -a qemu kvm |
458 |
- fi |
459 |
- |
460 |
- # Handle specific kernel versions for different features |
461 |
- kernel_is lt 3 6 && LXC_CONFIG_CHECK+=" ~CGROUP_MEM_RES_CTLR" |
462 |
- kernel_is ge 3 6 && LXC_CONFIG_CHECK+=" ~MEMCG ~MEMCG_SWAP ~MEMCG_KMEM" |
463 |
- |
464 |
- CONFIG_CHECK="" |
465 |
- use fuse && CONFIG_CHECK+=" ~FUSE_FS" |
466 |
- use lvm && CONFIG_CHECK+="${LVM_CONFIG_CHECK}" |
467 |
- use lxc && CONFIG_CHECK+="${LXC_CONFIG_CHECK}" |
468 |
- use macvtap && CONFIG_CHECK+="${MACVTAP_CONFIG_CHECK}" |
469 |
- use virt-network && CONFIG_CHECK+="${VIRTNET_CONFIG_CHECK}" |
470 |
- # Bandwidth Limiting Support |
471 |
- use virt-network && CONFIG_CHECK+="${BWLMT_CONFIG_CHECK}" |
472 |
- if [[ -n ${CONFIG_CHECK} ]]; then |
473 |
- linux-info_pkg_setup |
474 |
- fi |
475 |
-} |
476 |
- |
477 |
-src_prepare() { |
478 |
- touch "${S}/.mailmap" |
479 |
- |
480 |
- if [[ ${PV} = *9999* ]]; then |
481 |
- # git checkouts require bootstrapping to create the configure script. |
482 |
- # Additionally the submodules must be cloned to the right locations |
483 |
- # bug #377279 |
484 |
- ./bootstrap || die "bootstrap failed" |
485 |
- ( |
486 |
- git submodule status | sed 's/^[ +-]//;s/ .*//' |
487 |
- git hash-object bootstrap.conf |
488 |
- ) >.git-module-status |
489 |
- fi |
490 |
- |
491 |
- epatch \ |
492 |
- "${FILESDIR}"/${PN}-1.2.9-do_not_use_sysconf.patch \ |
493 |
- "${FILESDIR}"/${PN}-1.2.16-fix_paths_in_libvirt-guests_sh.patch \ |
494 |
- "${FILESDIR}"/${PN}-1.2.17-fix_paths_for_apparmor.patch |
495 |
- |
496 |
- [[ -n ${BACKPORTS} ]] && \ |
497 |
- EPATCH_FORCE=yes EPATCH_SUFFIX="patch" \ |
498 |
- EPATCH_SOURCE="${WORKDIR}/patches" epatch |
499 |
- |
500 |
- epatch_user |
501 |
- |
502 |
- [[ -n ${AUTOTOOLIZE} ]] && eautoreconf |
503 |
- |
504 |
- # Tweak the init script |
505 |
- local avahi_init= |
506 |
- local iscsi_init= |
507 |
- local rbd_init= |
508 |
- local firewalld_init= |
509 |
- cp "${FILESDIR}/libvirtd.init-r14" "${S}/libvirtd.init" |
510 |
- use avahi && avahi_init='avahi-daemon' |
511 |
- use iscsi && iscsi_init='iscsid' |
512 |
- use rbd && rbd_init='ceph' |
513 |
- use firewalld && firewalld_init='need firewalld' |
514 |
- |
515 |
- sed -e "s/USE_FLAG_FIREWALLD/${firewalld_init}/" -i "${S}/libvirtd.init" |
516 |
- sed -e "s/USE_FLAG_AVAHI/${avahi_init}/" -i "${S}/libvirtd.init" |
517 |
- sed -e "s/USE_FLAG_ISCSI/${iscsi_init}/" -i "${S}/libvirtd.init" |
518 |
- sed -e "s/USE_FLAG_RBD/${rbd_init}/" -i "${S}/libvirtd.init" |
519 |
-} |
520 |
- |
521 |
-src_configure() { |
522 |
- local myconf="" |
523 |
- |
524 |
- ## enable/disable daemon, otherwise client only utils |
525 |
- myconf+=" $(use_with libvirtd)" |
526 |
- |
527 |
- ## enable/disable the daemon using avahi to find VMs |
528 |
- myconf+=" $(use_with avahi)" |
529 |
- |
530 |
- ## hypervisors on the local host |
531 |
- myconf+=" $(use_with xen) $(use_with xen xen-inotify)" |
532 |
- myconf+=" --without-xenapi" |
533 |
- if use xen && has_version ">=app-emulation/xen-tools-4.2.0"; then |
534 |
- myconf+=" --with-libxl" |
535 |
- else |
536 |
- myconf+=" --without-libxl" |
537 |
- fi |
538 |
- myconf+=" $(use_with openvz)" |
539 |
- myconf+=" $(use_with lxc)" |
540 |
- if use virtualbox && has_version app-emulation/virtualbox-ose; then |
541 |
- myconf+=" --with-vbox=/usr/lib/virtualbox-ose/" |
542 |
- else |
543 |
- myconf+=" $(use_with virtualbox vbox)" |
544 |
- fi |
545 |
- myconf+=" $(use_with uml)" |
546 |
- myconf+=" $(use_with qemu)" |
547 |
- myconf+=" $(use_with qemu yajl)" # Use QMP over HMP |
548 |
- myconf+=" $(use_with phyp)" |
549 |
- myconf+=" --with-esx" |
550 |
- myconf+=" --with-vmware" |
551 |
- |
552 |
- ## additional host drivers |
553 |
- myconf+=" $(use_with apparmor)" |
554 |
- myconf+=" $(use_with apparmor apparmor-profiles)" |
555 |
- myconf+=" $(use_with virt-network network)" |
556 |
- myconf+=" --with-storage-fs" |
557 |
- myconf+=" $(use_with lvm storage-lvm)" |
558 |
- myconf+=" $(use_with iscsi storage-iscsi)" |
559 |
- myconf+=" $(use_with parted storage-disk)" |
560 |
- myconf+=" $(use_with glusterfs)" |
561 |
- myconf+=" $(use_with glusterfs storage-gluster)" |
562 |
- myconf+=" $(use_with lvm storage-mpath)" |
563 |
- myconf+=" $(use_with rbd storage-rbd)" |
564 |
- myconf+=" $(use_with numa numactl)" |
565 |
- myconf+=" $(use_with numa numad)" |
566 |
- myconf+=" $(use_with selinux)" |
567 |
- myconf+=" $(use_with fuse)" |
568 |
- |
569 |
- # udev for device support details |
570 |
- myconf+=" $(use_with udev)" |
571 |
- myconf+=" --without-hal" |
572 |
- |
573 |
- # linux capability support so we don't need privileged accounts |
574 |
- myconf+=" $(use_with caps capng)" |
575 |
- |
576 |
- ## auth stuff |
577 |
- myconf+=" $(use_with policykit polkit)" |
578 |
- myconf+=" $(use_with sasl)" |
579 |
- |
580 |
- # network bits |
581 |
- myconf+=" $(use_with macvtap)" |
582 |
- myconf+=" $(use_with pcap libpcap)" |
583 |
- myconf+=" $(use_with vepa virtualport)" |
584 |
- myconf+=" $(use_with firewalld)" |
585 |
- |
586 |
- ## other |
587 |
- myconf+=" $(use_enable nls)" |
588 |
- |
589 |
- # user privilege bits fir qemu/kvm |
590 |
- if use caps; then |
591 |
- myconf+=" --with-qemu-user=qemu" |
592 |
- myconf+=" --with-qemu-group=qemu" |
593 |
- else |
594 |
- myconf+=" --with-qemu-user=root" |
595 |
- myconf+=" --with-qemu-group=root" |
596 |
- fi |
597 |
- |
598 |
- # audit support |
599 |
- myconf+=" $(use_with audit)" |
600 |
- |
601 |
- # wireshark dissector |
602 |
- myconf+=" $(use_with wireshark-plugins wireshark-dissector)" |
603 |
- |
604 |
- ## stuff we don't yet support |
605 |
- myconf+=" --without-netcf" |
606 |
- |
607 |
- # locking support |
608 |
- myconf+=" --without-sanlock" |
609 |
- |
610 |
- # systemd unit files |
611 |
- myconf+=" $(use_with systemd systemd-daemon)" |
612 |
- use systemd && myconf+=" --with-init-script=systemd" |
613 |
- |
614 |
- # this is a nasty trick to work around the problem in bug |
615 |
- # #275073. The reason why we don't solve this properly is that |
616 |
- # it'll require us to rebuild autotools (and we don't really want |
617 |
- # to do that right now). The proper solution has been sent |
618 |
- # upstream and should hopefully land in 0.7.7, in the mean time, |
619 |
- # mime the same functionality with this. |
620 |
- case ${CHOST} in |
621 |
- *cygwin* | *mingw* ) |
622 |
- ;; |
623 |
- *) |
624 |
- ac_cv_prog_WINDRES=no |
625 |
- ;; |
626 |
- esac |
627 |
- |
628 |
- econf \ |
629 |
- ${myconf} \ |
630 |
- --disable-static \ |
631 |
- --disable-werror \ |
632 |
- --with-remote \ |
633 |
- --docdir=/usr/share/doc/${PF} \ |
634 |
- --localstatedir=/var |
635 |
- |
636 |
- if [[ ${PV} = *9999* ]]; then |
637 |
- # Restore gnulib's config.sub and config.guess |
638 |
- # bug #377279 |
639 |
- (cd .gnulib && git reset --hard > /dev/null) |
640 |
- fi |
641 |
-} |
642 |
- |
643 |
-src_test() { |
644 |
- # Explicitly allow parallel build of tests |
645 |
- export VIR_TEST_DEBUG=1 |
646 |
- HOME="${T}" emake check || die "tests failed" |
647 |
-} |
648 |
- |
649 |
-src_install() { |
650 |
- emake install \ |
651 |
- DESTDIR="${D}" \ |
652 |
- HTML_DIR=/usr/share/doc/${PF}/html \ |
653 |
- DOCS_DIR=/usr/share/doc/${PF} \ |
654 |
- EXAMPLE_DIR=/usr/share/doc/${PF}/examples \ |
655 |
- SYSTEMD_UNIT_DIR="$(systemd_get_unitdir)" \ |
656 |
- || die "emake install failed" |
657 |
- |
658 |
- find "${D}" -name '*.la' -delete || die |
659 |
- |
660 |
- # Remove bogus, empty directories. They are either not used, or |
661 |
- # libvirtd is able to create them on demand |
662 |
- rm -rf "${D}"/etc/sysconfig |
663 |
- rm -rf "${D}"/var/cache |
664 |
- rm -rf "${D}"/var/run |
665 |
- rm -rf "${D}"/var/log |
666 |
- |
667 |
- use libvirtd || return 0 |
668 |
- # From here, only libvirtd-related instructions, be warned! |
669 |
- |
670 |
- use systemd && systemd_install_serviced \ |
671 |
- "${FILESDIR}"/libvirtd.service.conf libvirtd.service |
672 |
- |
673 |
- systemd_newtmpfilesd "${FILESDIR}"/libvirtd.tmpfiles.conf libvirtd.conf |
674 |
- |
675 |
- newinitd "${S}/libvirtd.init" libvirtd || die |
676 |
- newconfd "${FILESDIR}/libvirtd.confd-r4" libvirtd || die |
677 |
- newinitd "${FILESDIR}/virtlockd.init-r1" virtlockd || die |
678 |
- |
679 |
- readme.gentoo_create_doc |
680 |
-} |
681 |
- |
682 |
-pkg_preinst() { |
683 |
- # we only ever want to generate this once |
684 |
- if [[ -e "${ROOT}"/etc/libvirt/qemu/networks/default.xml ]]; then |
685 |
- rm -rf "${D}"/etc/libvirt/qemu/networks/default.xml |
686 |
- fi |
687 |
- |
688 |
- # We really don't want to use or support old PolicyKit cause it |
689 |
- # screws with the new polkit integration |
690 |
- if has_version sys-auth/policykit; then |
691 |
- rm -rf "${D}"/usr/share/PolicyKit/policy/org.libvirt.unix.policy |
692 |
- fi |
693 |
- |
694 |
- # Only sysctl files ending in .conf work |
695 |
- dodir /etc/sysctl.d |
696 |
- mv "${D}"/usr/lib/sysctl.d/libvirtd.conf "${D}"/etc/sysctl.d/libvirtd.conf |
697 |
-} |
698 |
- |
699 |
-pkg_postinst() { |
700 |
- if [[ -e "${ROOT}"/etc/libvirt/qemu/networks/default.xml ]]; then |
701 |
- touch "${ROOT}"/etc/libvirt/qemu/networks/default.xml |
702 |
- fi |
703 |
- |
704 |
- use libvirtd || return 0 |
705 |
- # From here, only libvirtd-related instructions, be warned! |
706 |
- |
707 |
- if [[ -n ${REPLACING_VERSIONS} ]] && ! version_is_at_least 1.2.17-r2 ${REPLACING_VERSIONS} ]]; then |
708 |
- FORCE_PRINT_ELOG=true |
709 |
- fi |
710 |
- |
711 |
- readme.gentoo_print_elog |
712 |
-} |