Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Joonas Niilola <juippis@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: app-emulation/libvirt/, app-emulation/libvirt/files/
Date: Wed, 02 Mar 2022 17:36:09
Message-Id: 1646242562.d802ae84726a1051e9358f681c460f037f5a7372.juippis@gentoo
1 commit: d802ae84726a1051e9358f681c460f037f5a7372
2 Author: Michal Privoznik <mprivozn <AT> redhat <DOT> com>
3 AuthorDate: Wed Mar 2 09:21:18 2022 +0000
4 Commit: Joonas Niilola <juippis <AT> gentoo <DOT> org>
5 CommitDate: Wed Mar 2 17:36:02 2022 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d802ae84
7
8 app-emulation/libvirt: version bump to 8.1.0
9
10 Ideally, this would be way simpler, just introduce new ebuild and
11 append hashes to the Manifest file. Unfortunately, a nasty
12 crasher was found in the freshly released 8.1.0 so we need to
13 backport the fix. And while at it, rebase two patches that don't
14 apply cleanly anymore (libvirt-6.7.0-do-not-use-sysconfig.patch
15 and libvirt-6.7.0-fix-paths-for-apparmor.patch).
16
17 Closes: https://bugs.gentoo.org/834483
18 Signed-off-by: Michal Privoznik <mprivozn <AT> redhat.com>
19 Closes: https://github.com/gentoo/gentoo/pull/24388
20 Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>
21
22 app-emulation/libvirt/Manifest | 2 +
23 .../files/libvirt-8.2.0-do-not-use-sysconfig.patch | 211 +++++++++++++
24 .../libvirt-8.2.0-fix-paths-for-apparmor.patch | 140 +++++++++
25 ...tation-fault-in-virtqemud-executing-qemuD.patch | 50 +++
26 app-emulation/libvirt/libvirt-8.1.0.ebuild | 337 +++++++++++++++++++++
27 5 files changed, 740 insertions(+)
28
29 diff --git a/app-emulation/libvirt/Manifest b/app-emulation/libvirt/Manifest
30 index 8507f3b3ece4..98669a94c4d6 100644
31 --- a/app-emulation/libvirt/Manifest
32 +++ b/app-emulation/libvirt/Manifest
33 @@ -4,3 +4,5 @@ DIST libvirt-7.7.0.tar.xz 8670212 BLAKE2B 93c72117941b0a74484c7510c8437054e66fc3
34 DIST libvirt-7.7.0.tar.xz.asc 833 BLAKE2B 86a77bf461e353776d79f31f1d0c82fa13e28348bd9c6ae7cb653b98886c7e070d67ed0db55f5e1f3b5e5bd2a3861a5cb08dbf95799b14df1037139f8001b030 SHA512 d5f8cd6accd3bfaebfb7c8761e321aaa9a090c7705256785c5507aa88d985f78a788047dc881f37ea6f64a4634c65c9718d8b1ee0a24744acc3ad5ed6e517bdf
35 DIST libvirt-8.0.0.tar.xz 8860124 BLAKE2B 4669ae8f4de6379c3f94d3b6875ccc8eb435fbbf96aac26642fc593bc1921e9189decd9d366f5ca9e3e0fd8392ce840dce9e50ae048a5a2b72c465fd514eaf73 SHA512 e84cf2753d3c57cfe5aadbb6601fa76e0ba750471c1c24631720fe64376c3599ea252863ec671a50527e4fb380ffe0c2f02f07705b4b87d373ccf3e516ff4b1c
36 DIST libvirt-8.0.0.tar.xz.asc 833 BLAKE2B 2571ee10d433630ddd79761b1a50948aed33f61ef11e793a7e563e37c28e48bc856139aa1cc62bf50852b056de14f36bb75fa97155b31bfa97c8af2ef55ba4dc SHA512 ce1252a034723774542ab00e782c24b7ef243b5ca302033e45993f90273c697cdb82e9a126b729557a6c90b5f407f0f06b78c0affb6eefe60c364fa979831f8b
37 +DIST libvirt-8.1.0.tar.xz 8881608 BLAKE2B ddbd684f43a75ab04aca8be0a761ec5890c365e3c802af55e85d0f3b906a3b075f737acd14648d46cdacce90cbd2ccdda12d39784eaa17a05657b13447df1fe7 SHA512 5db227b78f48e35f917030eeb45ce9d0f7e868c5ce75da496ca06fad175ad6b026173b2fb78415c0103a61af24aec78d89bcebdf60b817d8ff6e84dc926faa97
38 +DIST libvirt-8.1.0.tar.xz.asc 833 BLAKE2B 21ea45127d68313264b9e17c315d75b20e409ef56ce3f6a61899c3c9d9ce1ff51a4743d912f7440d2197230df802d955516cbc8d6f98960cef8a0265a7d0f334 SHA512 9a28b0405c01518f7d6837d02df492d6d97d6e73cd711e718b53cc18d8830a1216aa87366b2065ef5ce65b12d72cbb3d80024529264430de20fe89d8bf595d76
39
40 diff --git a/app-emulation/libvirt/files/libvirt-8.2.0-do-not-use-sysconfig.patch b/app-emulation/libvirt/files/libvirt-8.2.0-do-not-use-sysconfig.patch
41 new file mode 100644
42 index 000000000000..fae61294584e
43 --- /dev/null
44 +++ b/app-emulation/libvirt/files/libvirt-8.2.0-do-not-use-sysconfig.patch
45 @@ -0,0 +1,211 @@
46 +From 10d65f10a76c7478c4ec0c65ffeec7f4b18929f9 Mon Sep 17 00:00:00 2001
47 +Message-Id: <10d65f10a76c7478c4ec0c65ffeec7f4b18929f9.1646212419.git.mprivozn@××××××.com>
48 +From: Michal Privoznik <mprivozn@××××××.com>
49 +Date: Wed, 2 Mar 2022 10:01:04 +0100
50 +Subject: [PATCH] libvirt-8.2.0-do-not-use-sysconfig.patch
51 +
52 +Signed-off-by: Michal Privoznik <mprivozn@××××××.com>
53 +---
54 + src/interface/virtinterfaced.service.in | 1 -
55 + src/libxl/virtxend.service.in | 1 -
56 + src/locking/virtlockd.service.in | 1 -
57 + src/logging/virtlogd.service.in | 3 +--
58 + src/lxc/virtlxcd.service.in | 1 -
59 + src/network/virtnetworkd.service.in | 1 -
60 + src/node_device/virtnodedevd.service.in | 1 -
61 + src/nwfilter/virtnwfilterd.service.in | 1 -
62 + src/qemu/virtqemud.service.in | 1 -
63 + src/remote/libvirtd.service.in | 1 -
64 + src/remote/virtproxyd.service.in | 1 -
65 + src/secret/virtsecretd.service.in | 1 -
66 + src/storage/virtstoraged.service.in | 1 -
67 + src/vbox/virtvboxd.service.in | 1 -
68 + tools/libvirt-guests.service.in | 2 +-
69 + 15 files changed, 2 insertions(+), 16 deletions(-)
70 +
71 +diff --git a/src/interface/virtinterfaced.service.in b/src/interface/virtinterfaced.service.in
72 +index cb860ff1c4..090b198ac7 100644
73 +--- a/src/interface/virtinterfaced.service.in
74 ++++ b/src/interface/virtinterfaced.service.in
75 +@@ -14,7 +14,6 @@ Documentation=https://libvirt.org
76 + [Service]
77 + Type=notify
78 + Environment=VIRTINTERFACED_ARGS="--timeout 120"
79 +-EnvironmentFile=-@sysconfdir@/sysconfig/virtinterfaced
80 + ExecStart=@sbindir@/virtinterfaced $VIRTINTERFACED_ARGS
81 + ExecReload=/bin/kill -HUP $MAINPID
82 + Restart=on-failure
83 +diff --git a/src/libxl/virtxend.service.in b/src/libxl/virtxend.service.in
84 +index 6b083c414f..597f5d1905 100644
85 +--- a/src/libxl/virtxend.service.in
86 ++++ b/src/libxl/virtxend.service.in
87 +@@ -19,7 +19,6 @@ ConditionPathExists=/proc/xen/capabilities
88 + [Service]
89 + Type=notify
90 + Environment=VIRTXEND_ARGS="--timeout 120"
91 +-EnvironmentFile=-@sysconfdir@/sysconfig/virtxend
92 + ExecStart=@sbindir@/virtxend $VIRTXEND_ARGS
93 + ExecReload=/bin/kill -HUP $MAINPID
94 + Restart=on-failure
95 +diff --git a/src/locking/virtlockd.service.in b/src/locking/virtlockd.service.in
96 +index 19271d1e7d..87193952cb 100644
97 +--- a/src/locking/virtlockd.service.in
98 ++++ b/src/locking/virtlockd.service.in
99 +@@ -8,7 +8,6 @@ Documentation=https://libvirt.org
100 +
101 + [Service]
102 + Environment=VIRTLOCKD_ARGS=
103 +-EnvironmentFile=-@sysconfdir@/sysconfig/virtlockd
104 + ExecStart=@sbindir@/virtlockd $VIRTLOCKD_ARGS
105 + ExecReload=/bin/kill -USR1 $MAINPID
106 + # Losing the locks is a really bad thing that will
107 +diff --git a/src/logging/virtlogd.service.in b/src/logging/virtlogd.service.in
108 +index 8ab5478517..fe5c58b8ed 100644
109 +--- a/src/logging/virtlogd.service.in
110 ++++ b/src/logging/virtlogd.service.in
111 +@@ -7,8 +7,7 @@ Documentation=man:virtlogd(8)
112 + Documentation=https://libvirt.org
113 +
114 + [Service]
115 +-EnvironmentFile=-@sysconfdir@/sysconfig/virtlogd
116 +-ExecStart=@sbindir@/virtlogd $VIRTLOGD_ARGS
117 ++ExecStart=@sbindir@/virtlogd
118 + ExecReload=/bin/kill -USR1 $MAINPID
119 + # Losing the logs is a really bad thing that will
120 + # cause the machine to be fenced (rebooted), so make
121 +diff --git a/src/lxc/virtlxcd.service.in b/src/lxc/virtlxcd.service.in
122 +index 334c34db44..1b9689017e 100644
123 +--- a/src/lxc/virtlxcd.service.in
124 ++++ b/src/lxc/virtlxcd.service.in
125 +@@ -19,7 +19,6 @@ Documentation=https://libvirt.org
126 + [Service]
127 + Type=notify
128 + Environment=VIRTLXCD_ARGS="--timeout 120"
129 +-EnvironmentFile=-@sysconfdir@/sysconfig/virtlxcd
130 + ExecStart=@sbindir@/virtlxcd $VIRTLXCD_ARGS
131 + ExecReload=/bin/kill -HUP $MAINPID
132 + KillMode=process
133 +diff --git a/src/network/virtnetworkd.service.in b/src/network/virtnetworkd.service.in
134 +index 05ce672b73..ee4cd9bca1 100644
135 +--- a/src/network/virtnetworkd.service.in
136 ++++ b/src/network/virtnetworkd.service.in
137 +@@ -17,7 +17,6 @@ Documentation=https://libvirt.org
138 + [Service]
139 + Type=notify
140 + Environment=VIRTNETWORKD_ARGS="--timeout 120"
141 +-EnvironmentFile=-@sysconfdir@/sysconfig/virtnetworkd
142 + ExecStart=@sbindir@/virtnetworkd $VIRTNETWORKD_ARGS
143 + ExecReload=/bin/kill -HUP $MAINPID
144 + Restart=on-failure
145 +diff --git a/src/node_device/virtnodedevd.service.in b/src/node_device/virtnodedevd.service.in
146 +index cd9de362fd..7693aa52c4 100644
147 +--- a/src/node_device/virtnodedevd.service.in
148 ++++ b/src/node_device/virtnodedevd.service.in
149 +@@ -14,7 +14,6 @@ Documentation=https://libvirt.org
150 + [Service]
151 + Type=notify
152 + Environment=VIRTNODEDEVD_ARGS="--timeout 120"
153 +-EnvironmentFile=-@sysconfdir@/sysconfig/virtnodedevd
154 + ExecStart=@sbindir@/virtnodedevd $VIRTNODEDEVD_ARGS
155 + ExecReload=/bin/kill -HUP $MAINPID
156 + Restart=on-failure
157 +diff --git a/src/nwfilter/virtnwfilterd.service.in b/src/nwfilter/virtnwfilterd.service.in
158 +index ab65419e0c..16d8b377b0 100644
159 +--- a/src/nwfilter/virtnwfilterd.service.in
160 ++++ b/src/nwfilter/virtnwfilterd.service.in
161 +@@ -14,7 +14,6 @@ Documentation=https://libvirt.org
162 + [Service]
163 + Type=notify
164 + Environment=VIRTNWFILTERD_ARGS="--timeout 120"
165 +-EnvironmentFile=-@sysconfdir@/sysconfig/virtnwfilterd
166 + ExecStart=@sbindir@/virtnwfilterd $VIRTNWFILTERD_ARGS
167 + ExecReload=/bin/kill -HUP $MAINPID
168 + Restart=on-failure
169 +diff --git a/src/qemu/virtqemud.service.in b/src/qemu/virtqemud.service.in
170 +index 5ad968ace9..c63147d31f 100644
171 +--- a/src/qemu/virtqemud.service.in
172 ++++ b/src/qemu/virtqemud.service.in
173 +@@ -21,7 +21,6 @@ Documentation=https://libvirt.org
174 + [Service]
175 + Type=notify
176 + Environment=VIRTQEMUD_ARGS="--timeout 120"
177 +-EnvironmentFile=-@sysconfdir@/sysconfig/virtqemud
178 + ExecStart=@sbindir@/virtqemud $VIRTQEMUD_ARGS
179 + ExecReload=/bin/kill -HUP $MAINPID
180 + KillMode=process
181 +diff --git a/src/remote/libvirtd.service.in b/src/remote/libvirtd.service.in
182 +index 5d4d412fcc..27cfc34b90 100644
183 +--- a/src/remote/libvirtd.service.in
184 ++++ b/src/remote/libvirtd.service.in
185 +@@ -29,7 +29,6 @@ Documentation=https://libvirt.org
186 + [Service]
187 + Type=notify
188 + Environment=LIBVIRTD_ARGS="--timeout 120"
189 +-EnvironmentFile=-@sysconfdir@/sysconfig/libvirtd
190 + ExecStart=@sbindir@/libvirtd $LIBVIRTD_ARGS
191 + ExecReload=/bin/kill -HUP $MAINPID
192 + KillMode=process
193 +diff --git a/src/remote/virtproxyd.service.in b/src/remote/virtproxyd.service.in
194 +index f9bb6b84a9..0eddf5ee93 100644
195 +--- a/src/remote/virtproxyd.service.in
196 ++++ b/src/remote/virtproxyd.service.in
197 +@@ -14,7 +14,6 @@ Documentation=https://libvirt.org
198 + [Service]
199 + Type=notify
200 + Environment=VIRTPROXYD_ARGS="--timeout 120"
201 +-EnvironmentFile=-@sysconfdir@/sysconfig/virtproxyd
202 + ExecStart=@sbindir@/virtproxyd $VIRTPROXYD_ARGS
203 + ExecReload=/bin/kill -HUP $MAINPID
204 + Restart=on-failure
205 +diff --git a/src/secret/virtsecretd.service.in b/src/secret/virtsecretd.service.in
206 +index 6d298c5334..92e54f175f 100644
207 +--- a/src/secret/virtsecretd.service.in
208 ++++ b/src/secret/virtsecretd.service.in
209 +@@ -14,7 +14,6 @@ Documentation=https://libvirt.org
210 + [Service]
211 + Type=notify
212 + Environment=VIRTSECRETD_ARGS="--timeout 120"
213 +-EnvironmentFile=-@sysconfdir@/sysconfig/virtsecretd
214 + ExecStart=@sbindir@/virtsecretd $VIRTSECRETD_ARGS
215 + ExecReload=/bin/kill -HUP $MAINPID
216 + Restart=on-failure
217 +diff --git a/src/storage/virtstoraged.service.in b/src/storage/virtstoraged.service.in
218 +index eda4d86d37..abe91e3d80 100644
219 +--- a/src/storage/virtstoraged.service.in
220 ++++ b/src/storage/virtstoraged.service.in
221 +@@ -16,7 +16,6 @@ Documentation=https://libvirt.org
222 + [Service]
223 + Type=notify
224 + Environment=VIRTSTORAGED_ARGS="--timeout 120"
225 +-EnvironmentFile=-@sysconfdir@/sysconfig/virtstoraged
226 + ExecStart=@sbindir@/virtstoraged $VIRTSTORAGED_ARGS
227 + ExecReload=/bin/kill -HUP $MAINPID
228 + Restart=on-failure
229 +diff --git a/src/vbox/virtvboxd.service.in b/src/vbox/virtvboxd.service.in
230 +index 6f447276e9..54fbd0be4a 100644
231 +--- a/src/vbox/virtvboxd.service.in
232 ++++ b/src/vbox/virtvboxd.service.in
233 +@@ -15,7 +15,6 @@ Documentation=https://libvirt.org
234 + [Service]
235 + Type=notify
236 + Environment=VIRTVBOXD_ARGS="--timeout 120"
237 +-EnvironmentFile=-@sysconfdir@/sysconfig/virtvboxd
238 + ExecStart=@sbindir@/virtvboxd $VIRTVBOXD_ARGS
239 + ExecReload=/bin/kill -HUP $MAINPID
240 + Restart=on-failure
241 +diff --git a/tools/libvirt-guests.service.in b/tools/libvirt-guests.service.in
242 +index 3cf6476196..5668009ae4 100644
243 +--- a/tools/libvirt-guests.service.in
244 ++++ b/tools/libvirt-guests.service.in
245 +@@ -20,7 +20,7 @@ Documentation=man:libvirt-guests(8)
246 + Documentation=https://libvirt.org
247 +
248 + [Service]
249 +-EnvironmentFile=-@sysconfdir@/sysconfig/libvirt-guests
250 ++EnvironmentFile=-/etc/libvirt/libvirt-guests.conf
251 + # Hack just call traditional service until we factor
252 + # out the code
253 + ExecStart=@libexecdir@/libvirt-guests.sh start
254 +--
255 +2.34.1
256 +
257
258 diff --git a/app-emulation/libvirt/files/libvirt-8.2.0-fix-paths-for-apparmor.patch b/app-emulation/libvirt/files/libvirt-8.2.0-fix-paths-for-apparmor.patch
259 new file mode 100644
260 index 000000000000..331a49aa4497
261 --- /dev/null
262 +++ b/app-emulation/libvirt/files/libvirt-8.2.0-fix-paths-for-apparmor.patch
263 @@ -0,0 +1,140 @@
264 +From afcb8e32343d662d74ccb7b6596ddf03104c8e41 Mon Sep 17 00:00:00 2001
265 +Message-Id: <afcb8e32343d662d74ccb7b6596ddf03104c8e41.1646212419.git.mprivozn@××××××.com>
266 +From: Michal Privoznik <mprivozn@××××××.com>
267 +Date: Wed, 2 Mar 2022 10:12:44 +0100
268 +Subject: [PATCH] libvirt-8.2.0-fix-paths-for-apparmor.patch
269 +
270 +Signed-off-by: Michal Privoznik <mprivozn@××××××.com>
271 +---
272 + src/security/apparmor/libvirt-qemu | 1 +
273 + src/security/apparmor/meson.build | 6 +-
274 + .../usr.lib.libvirt.virt-aa-helper.in | 75 -------------------
275 + .../usr.lib.libvirt.virt-aa-helper.local | 1 -
276 + 4 files changed, 4 insertions(+), 79 deletions(-)
277 + delete mode 100644 src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in
278 + delete mode 100644 src/security/apparmor/usr.lib.libvirt.virt-aa-helper.local
279 +
280 +diff --git a/src/security/apparmor/libvirt-qemu b/src/security/apparmor/libvirt-qemu
281 +index 8cd76d48ec..39f8f04c03 100644
282 +--- a/src/security/apparmor/libvirt-qemu
283 ++++ b/src/security/apparmor/libvirt-qemu
284 +@@ -95,6 +95,7 @@
285 + /usr/share/sgabios/** r,
286 + /usr/share/slof/** r,
287 + /usr/share/vgabios/** r,
288 ++ /usr/share/seavgabios/** r,
289 +
290 + # pki for libvirt-vnc and libvirt-spice (LP: #901272, #1690140)
291 + /etc/pki/CA/ r,
292 +diff --git a/src/security/apparmor/meson.build b/src/security/apparmor/meson.build
293 +index 990f00b4f3..2a2235c89a 100644
294 +--- a/src/security/apparmor/meson.build
295 ++++ b/src/security/apparmor/meson.build
296 +@@ -1,5 +1,5 @@
297 + apparmor_gen_profiles = [
298 +- 'usr.lib.libvirt.virt-aa-helper',
299 ++ 'usr.libexec.libvirt.virt-aa-helper',
300 + 'usr.sbin.libvirtd',
301 + 'usr.sbin.virtqemud',
302 + 'usr.sbin.virtxend',
303 +@@ -34,7 +34,7 @@ install_data(
304 + )
305 +
306 + install_data(
307 +- 'usr.lib.libvirt.virt-aa-helper.local',
308 ++ 'usr.libexec.libvirt.virt-aa-helper.local',
309 + install_dir: apparmor_dir / 'local',
310 +- rename: 'usr.lib.libvirt.virt-aa-helper',
311 ++ rename: 'usr.libexec.libvirt.virt-aa-helper',
312 + )
313 +diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in
314 +deleted file mode 100644
315 +index ff1d46bebe..0000000000
316 +--- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in
317 ++++ /dev/null
318 +@@ -1,75 +0,0 @@
319 +-#include <tunables/global>
320 +-
321 +-profile virt-aa-helper @libexecdir@/virt-aa-helper {
322 +- #include <abstractions/base>
323 +- #include <abstractions/openssl>
324 +-
325 +- # needed for searching directories
326 +- capability dac_override,
327 +- capability dac_read_search,
328 +-
329 +- # needed for when disk is on a network filesystem
330 +- network inet,
331 +- network inet6,
332 +-
333 +- deny @{PROC}/[0-9]*/mounts r,
334 +- @{PROC}/[0-9]*/net/psched r,
335 +- owner @{PROC}/[0-9]*/status r,
336 +- @{PROC}/filesystems r,
337 +-
338 +- # Used when internally running another command (namely apparmor_parser)
339 +- @{PROC}/@{pid}/fd/ r,
340 +-
341 +- # allow reading libnl's classid file
342 +- @sysconfdir@/libnl{,-3}/classid r,
343 +-
344 +- # for gl enabled graphics
345 +- /dev/dri/{,*} r,
346 +-
347 +- # for hostdev
348 +- /sys/devices/ r,
349 +- /sys/devices/** r,
350 +- /sys/bus/usb/devices/ r,
351 +- deny /dev/sd* r,
352 +- deny /dev/vd* r,
353 +- deny /dev/dm-* r,
354 +- deny /dev/drbd[0-9]* r,
355 +- deny /dev/dasd* r,
356 +- deny /dev/nvme* r,
357 +- deny /dev/zd[0-9]* r,
358 +- deny /dev/mapper/ r,
359 +- deny /dev/mapper/* r,
360 +-
361 +- @libexecdir@/virt-aa-helper mr,
362 +- /{usr/,}sbin/apparmor_parser Ux,
363 +-
364 +- @sysconfdir@/apparmor.d/libvirt/* r,
365 +- @sysconfdir@/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* rw,
366 +-
367 +- # for backingstore -- allow access to non-hidden files in @{HOME} as well
368 +- # as storage pools
369 +- audit deny @{HOME}/.* mrwkl,
370 +- audit deny @{HOME}/.*/ rw,
371 +- audit deny @{HOME}/.*/** mrwkl,
372 +- audit deny @{HOME}/bin/ rw,
373 +- audit deny @{HOME}/bin/** mrwkl,
374 +- @{HOME}/ r,
375 +- @{HOME}/** r,
376 +- /var/lib/libvirt/images/ r,
377 +- /var/lib/libvirt/images/** r,
378 +- /var/lib/nova/instances/_base/* r,
379 +- /{media,mnt,opt,srv}/** r,
380 +- # For virt-sandbox
381 +- /{,var/}run/libvirt/**/[sv]d[a-z] r,
382 +-
383 +- /**.img r,
384 +- /**.raw r,
385 +- /**.qcow{,2} r,
386 +- /**.qed r,
387 +- /**.vmdk r,
388 +- /**.vhd r,
389 +- /**.[iI][sS][oO] r,
390 +- /**/disk{,.*} r,
391 +-
392 +- #include <local/usr.lib.libvirt.virt-aa-helper>
393 +-}
394 +diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.local b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.local
395 +deleted file mode 100644
396 +index c0990e51d0..0000000000
397 +--- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.local
398 ++++ /dev/null
399 +@@ -1 +0,0 @@
400 +-# Site-specific additions and overrides for 'usr.lib.libvirt.virt-aa-helper'
401 +--
402 +2.34.1
403 +
404
405 diff --git a/app-emulation/libvirt/files/libvirt-8.2.0-qemu-segmentation-fault-in-virtqemud-executing-qemuD.patch b/app-emulation/libvirt/files/libvirt-8.2.0-qemu-segmentation-fault-in-virtqemud-executing-qemuD.patch
406 new file mode 100644
407 index 000000000000..f37ec7065afd
408 --- /dev/null
409 +++ b/app-emulation/libvirt/files/libvirt-8.2.0-qemu-segmentation-fault-in-virtqemud-executing-qemuD.patch
410 @@ -0,0 +1,50 @@
411 +From 823a62ec8aac4fb75e6e281164f3eb56ae47597c Mon Sep 17 00:00:00 2001
412 +Message-Id: <823a62ec8aac4fb75e6e281164f3eb56ae47597c.1646211032.git.mprivozn@××××××.com>
413 +From: Boris Fiuczynski <fiuczy@×××××××××.com>
414 +Date: Tue, 1 Mar 2022 18:47:59 +0100
415 +Subject: [PATCH] qemu: segmentation fault in virtqemud executing
416 + qemuDomainUndefineFlags
417 +
418 +Commit 5adfb3472342741c443ac91dee0abb18b5a3d038 causes a segmentation fault.
419 +
420 +Stack trace of thread 664419:
421 + #0 0x000003ff62ec553c in qemuDomainUndefineFlags (dom=0x3ff6c002810, flags=<optimized out>) at ../src/qemu/qemu_driver.c:6618
422 + #1 0x000003ff876a7e5c in virDomainUndefineFlags (domain=domain@entry=0x3ff6c002810, flags=<optimized out>) at ../src/libvirt-domain.c:6519
423 + #2 0x000002aa2b64a808 in remoteDispatchDomainUndefineFlags (server=0x2aa2c3d7880, msg=0x2aa2c3d2770, args=<optimized out>, rerr=0x3ff8287b950, client=<optimized out>)
424 + at src/remote/remote_daemon_dispatch_stubs.h:13080
425 + #3 remoteDispatchDomainUndefineFlagsHelper (server=0x2aa2c3d7880, client=<optimized out>, msg=0x2aa2c3d2770, rerr=0x3ff8287b950, args=<optimized out>, ret=0x0)
426 + at src/remote/remote_daemon_dispatch_stubs.h:13059
427 + #4 0x000003ff8758bbf4 in virNetServerProgramDispatchCall (msg=0x2aa2c3d2770, client=0x2aa2c3e3050, server=0x2aa2c3d7880, prog=0x2aa2c3d8010)
428 + at ../src/rpc/virnetserverprogram.c:428
429 + #5 virNetServerProgramDispatch (prog=0x2aa2c3d8010, server=server@entry=0x2aa2c3d7880, client=0x2aa2c3e3050, msg=0x2aa2c3d2770) at ../src/rpc/virnetserverprogram.c:302
430 + #6 0x000003ff8758c260 in virNetServerProcessMsg (msg=<optimized out>, prog=<optimized out>, client=<optimized out>, srv=0x2aa2c3d7880) at ../src/rpc/virnetserver.c:140
431 + #7 virNetServerHandleJob (jobOpaque=0x2aa2c3e2d30, opaque=0x2aa2c3d7880) at ../src/rpc/virnetserver.c:160
432 + #8 0x000003ff874c49aa in virThreadPoolWorker (opaque=<optimized out>) at ../src/util/virthreadpool.c:164
433 + #9 0x000003ff874c3f62 in virThreadHelper (data=<optimized out>) at ../src/util/virthread.c:256
434 + #10 0x000003ff86c1cf8c in start_thread () from /lib64/libc.so.6
435 + #11 0x000003ff86c9650e in thread_start () from /lib64/libc.so.6
436 +
437 +Signed-off-by: Boris Fiuczynski <fiuczy@×××××××××.com>
438 +Reviewed-by: Jim Fehlig <jfehlig@××××.com>
439 +Reviewed-by: Michal Privoznik <mprivozn@××××××.com>
440 +Signed-off-by: Michal Privoznik <mprivozn@××××××.com>
441 +---
442 + src/qemu/qemu_driver.c | 2 +-
443 + 1 file changed, 1 insertion(+), 1 deletion(-)
444 +
445 +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
446 +index bcd9bdb436..8337eed510 100644
447 +--- a/src/qemu/qemu_driver.c
448 ++++ b/src/qemu/qemu_driver.c
449 +@@ -6615,7 +6615,7 @@ qemuDomainUndefineFlags(virDomainPtr dom,
450 + }
451 + }
452 +
453 +- if (vm->def->os.loader->nvram) {
454 ++ if (vm->def->os.loader && vm->def->os.loader->nvram) {
455 + nvram_path = g_strdup(vm->def->os.loader->nvram);
456 + } else if (vm->def->os.firmware == VIR_DOMAIN_OS_DEF_FIRMWARE_EFI) {
457 + qemuDomainNVRAMPathFormat(cfg, vm->def, &nvram_path);
458 +--
459 +2.34.1
460 +
461
462 diff --git a/app-emulation/libvirt/libvirt-8.1.0.ebuild b/app-emulation/libvirt/libvirt-8.1.0.ebuild
463 new file mode 100644
464 index 000000000000..fb02517f617a
465 --- /dev/null
466 +++ b/app-emulation/libvirt/libvirt-8.1.0.ebuild
467 @@ -0,0 +1,337 @@
468 +# Copyright 1999-2022 Gentoo Authors
469 +# Distributed under the terms of the GNU General Public License v2
470 +
471 +EAPI=7
472 +
473 +PYTHON_COMPAT=( python3_{8..10} )
474 +
475 +inherit meson bash-completion-r1 linux-info python-any-r1 readme.gentoo-r1 tmpfiles verify-sig
476 +
477 +if [[ ${PV} = *9999* ]]; then
478 + inherit git-r3
479 + EGIT_REPO_URI="https://gitlab.com/libvirt/libvirt.git"
480 + EGIT_BRANCH="master"
481 + SRC_URI=""
482 + SLOT="0"
483 +else
484 + SRC_URI="https://libvirt.org/sources/${P}.tar.xz
485 + verify-sig? ( https://libvirt.org/sources/${P}.tar.xz.asc )"
486 + KEYWORDS="~amd64 ~arm64 ~ppc64 ~x86"
487 + SLOT="0/${PV}"
488 +fi
489 +
490 +DESCRIPTION="C toolkit to manipulate virtual machines"
491 +HOMEPAGE="https://www.libvirt.org/ https://gitlab.com/libvirt/libvirt/"
492 +LICENSE="LGPL-2.1"
493 +VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/libvirt.org.asc
494 +IUSE="
495 + apparmor audit bash-completion +caps dtrace firewalld fuse glusterfs
496 + iscsi iscsi-direct +libvirtd lvm libssh lxc nfs nls numa openvz
497 + parted pcap policykit +qemu rbd sasl selinux +udev
498 + virtualbox +virt-network wireshark-plugins xen zfs
499 +"
500 +
501 +REQUIRED_USE="
502 + firewalld? ( virt-network )
503 + libvirtd? ( || ( lxc openvz qemu virtualbox xen ) )
504 + lxc? ( caps libvirtd )
505 + openvz? ( libvirtd )
506 + qemu? ( libvirtd )
507 + virt-network? ( libvirtd )
508 + virtualbox? ( libvirtd )
509 + xen? ( libvirtd )"
510 +
511 +BDEPEND="
512 + app-text/xhtml1
513 + dev-lang/perl
514 + dev-libs/libxslt
515 + dev-perl/XML-XPath
516 + dev-python/docutils
517 + virtual/pkgconfig
518 + bash-completion? ( >=app-shells/bash-completion-2.0 )
519 + verify-sig? ( sec-keys/openpgp-keys-libvirt )"
520 +
521 +# gettext.sh command is used by the libvirt command wrappers, and it's
522 +# non-optional, so put it into RDEPEND.
523 +# We can use both libnl:1.1 and libnl:3, but if you have both installed, the
524 +# package will use 3 by default. Since we don't have slot pinning in an API,
525 +# we must go with the most recent
526 +RDEPEND="
527 + acct-user/qemu
528 + app-misc/scrub
529 + >=dev-libs/glib-2.48.0
530 + dev-libs/libgcrypt:0
531 + dev-libs/libnl:3
532 + >=dev-libs/libxml2-2.7.6
533 + >=net-analyzer/openbsd-netcat-1.105-r1
534 + >=net-libs/gnutls-1.0.25:0=
535 + net-libs/libssh2
536 + net-libs/libtirpc
537 + net-libs/rpcsvc-proto
538 + >=net-misc/curl-7.18.0
539 + sys-apps/dbus
540 + sys-apps/dmidecode
541 + sys-devel/gettext
542 + sys-libs/ncurses:0=
543 + sys-libs/readline:=
544 + virtual/acl
545 + apparmor? ( sys-libs/libapparmor )
546 + audit? ( sys-process/audit )
547 + caps? ( sys-libs/libcap-ng )
548 + dtrace? ( dev-util/systemtap )
549 + firewalld? ( >=net-firewall/firewalld-0.6.3 )
550 + fuse? ( sys-fs/fuse:0= )
551 + glusterfs? ( >=sys-cluster/glusterfs-3.4.1 )
552 + iscsi? ( sys-block/open-iscsi )
553 + iscsi-direct? ( >=net-libs/libiscsi-1.18.0 )
554 + libssh? ( net-libs/libssh )
555 + lvm? ( >=sys-fs/lvm2-2.02.48-r2[-device-mapper-only(-)] )
556 + lxc? ( !sys-apps/systemd[cgroup-hybrid(-)] )
557 + nfs? ( net-fs/nfs-utils )
558 + numa? (
559 + >sys-process/numactl-2.0.2
560 + sys-process/numad
561 + )
562 + parted? (
563 + >=sys-block/parted-1.8[device-mapper]
564 + sys-fs/lvm2[-device-mapper-only(-)]
565 + )
566 + pcap? ( >=net-libs/libpcap-1.0.0 )
567 + policykit? (
568 + acct-group/libvirt
569 + >=sys-auth/polkit-0.9
570 + )
571 + qemu? (
572 + >=app-emulation/qemu-2.11
573 + dev-libs/yajl
574 + )
575 + rbd? ( sys-cluster/ceph )
576 + sasl? ( dev-libs/cyrus-sasl )
577 + selinux? ( >=sys-libs/libselinux-2.0.85 )
578 + virt-network? (
579 + net-dns/dnsmasq[dhcp,ipv6(+),script]
580 + net-firewall/ebtables
581 + >=net-firewall/iptables-1.4.10[ipv6(+)]
582 + net-misc/radvd
583 + sys-apps/iproute2[-minimal]
584 + )
585 + wireshark-plugins? ( net-analyzer/wireshark:= )
586 + xen? (
587 + >=app-emulation/xen-4.9.0
588 + app-emulation/xen-tools:=
589 + )
590 + udev? (
591 + virtual/libudev
592 + >=x11-libs/libpciaccess-0.10.9
593 + )
594 + zfs? ( sys-fs/zfs )"
595 +
596 +DEPEND="${BDEPEND}
597 + ${RDEPEND}
598 + ${PYTHON_DEPS}"
599 +
600 +PATCHES=(
601 + "${FILESDIR}"/${PN}-6.0.0-fix_paths_in_libvirt-guests_sh.patch
602 + "${FILESDIR}"/${PN}-8.2.0-do-not-use-sysconfig.patch
603 + "${FILESDIR}"/${PN}-8.2.0-fix-paths-for-apparmor.patch
604 + "${FILESDIR}"/${PN}-8.2.0-qemu-segmentation-fault-in-virtqemud-executing-qemuD.patch
605 +)
606 +
607 +pkg_setup() {
608 + # Check kernel configuration:
609 + CONFIG_CHECK=""
610 + use fuse && CONFIG_CHECK+="
611 + ~FUSE_FS"
612 +
613 + use lvm && CONFIG_CHECK+="
614 + ~BLK_DEV_DM
615 + ~DM_MULTIPATH
616 + ~DM_SNAPSHOT"
617 +
618 + use lxc && CONFIG_CHECK+="
619 + ~BLK_CGROUP
620 + ~CGROUP_CPUACCT
621 + ~CGROUP_DEVICE
622 + ~CGROUP_FREEZER
623 + ~CGROUP_NET_PRIO
624 + ~CGROUP_PERF
625 + ~CGROUPS
626 + ~CGROUP_SCHED
627 + ~CPUSETS
628 + ~IPC_NS
629 + ~MACVLAN
630 + ~NAMESPACES
631 + ~NET_CLS_CGROUP
632 + ~NET_NS
633 + ~PID_NS
634 + ~POSIX_MQUEUE
635 + ~SECURITYFS
636 + ~USER_NS
637 + ~UTS_NS
638 + ~VETH
639 + ~!GRKERNSEC_CHROOT_MOUNT
640 + ~!GRKERNSEC_CHROOT_DOUBLE
641 + ~!GRKERNSEC_CHROOT_PIVOT
642 + ~!GRKERNSEC_CHROOT_CHMOD
643 + ~!GRKERNSEC_CHROOT_CAPS"
644 +
645 + kernel_is lt 4 7 && use lxc && CONFIG_CHECK+="
646 + ~DEVPTS_MULTIPLE_INSTANCES"
647 +
648 + use virt-network && CONFIG_CHECK+="
649 + ~BRIDGE_EBT_MARK_T
650 + ~BRIDGE_NF_EBTABLES
651 + ~NETFILTER_ADVANCED
652 + ~NETFILTER_XT_CONNMARK
653 + ~NETFILTER_XT_MARK
654 + ~NETFILTER_XT_TARGET_CHECKSUM
655 + ~IP_NF_FILTER
656 + ~IP_NF_MANGLE
657 + ~IP_NF_NAT
658 + ~IP_NF_TARGET_MASQUERADE
659 + ~IP6_NF_FILTER
660 + ~IP6_NF_MANGLE
661 + ~IP6_NF_NAT"
662 + # Bandwidth Limiting Support
663 + use virt-network && CONFIG_CHECK+="
664 + ~BRIDGE_EBT_T_NAT
665 + ~IP_NF_TARGET_REJECT
666 + ~NET_ACT_POLICE
667 + ~NET_CLS_FW
668 + ~NET_CLS_U32
669 + ~NET_SCH_HTB
670 + ~NET_SCH_INGRESS
671 + ~NET_SCH_SFQ"
672 +
673 + ERROR_USER_NS="Optional depending on LXC configuration."
674 +
675 + if [[ -n ${CONFIG_CHECK} ]]; then
676 + linux-info_pkg_setup
677 + fi
678 +
679 + python-any-r1_pkg_setup
680 +}
681 +
682 +src_prepare() {
683 + touch "${S}/.mailmap" || die
684 +
685 + default
686 + python_fix_shebang .
687 +
688 + # Skip fragile tests which relies on pristine environment
689 + # (Breaks because of sandbox environment variables)
690 + # bug #802876
691 + sed -i -e "/commandtest/d" tests/meson.build || die
692 +
693 + # Tweak the init script:
694 + cp "${FILESDIR}/libvirtd.init-r19" "${S}/libvirtd.init" || die
695 + sed -e "s/USE_FLAG_FIREWALLD/$(usex firewalld 'need firewalld' '')/" \
696 + -i "${S}/libvirtd.init" || die "sed failed"
697 +}
698 +
699 +src_configure() {
700 + local emesonargs=(
701 + $(meson_feature apparmor)
702 + $(meson_feature apparmor apparmor_profiles)
703 + $(meson_feature audit)
704 + $(meson_feature caps capng)
705 + $(meson_feature dtrace)
706 + $(meson_feature firewalld)
707 + $(meson_feature fuse)
708 + $(meson_feature glusterfs)
709 + $(meson_feature glusterfs storage_gluster)
710 + $(meson_feature iscsi storage_iscsi)
711 + $(meson_feature iscsi-direct storage_iscsi_direct)
712 + $(meson_feature libvirtd driver_libvirtd)
713 + $(meson_feature libssh)
714 + $(meson_feature lvm storage_lvm)
715 + $(meson_feature lvm storage_mpath)
716 + $(meson_feature lxc driver_lxc)
717 + $(meson_feature nls)
718 + $(meson_feature numa numactl)
719 + $(meson_feature numa numad)
720 + $(meson_feature openvz driver_openvz)
721 + $(meson_feature parted storage_disk)
722 + $(meson_feature pcap libpcap)
723 + $(meson_feature policykit polkit)
724 + $(meson_feature qemu driver_qemu)
725 + $(meson_feature qemu yajl)
726 + $(meson_feature rbd storage_rbd)
727 + $(meson_feature sasl)
728 + $(meson_feature selinux)
729 + $(meson_feature udev)
730 + $(meson_feature virt-network driver_network)
731 + $(meson_feature virtualbox driver_vbox)
732 + $(meson_feature wireshark-plugins wireshark_dissector)
733 + $(meson_feature xen driver_libxl)
734 + $(meson_feature zfs storage_zfs)
735 +
736 + -Dnetcf=disabled
737 + -Dsanlock=disabled
738 +
739 + -Ddriver_esx=enabled
740 + -Dinit_script=systemd
741 + -Dqemu_user=$(usex caps qemu root)
742 + -Dqemu_group=$(usex caps qemu root)
743 + -Ddriver_remote=enabled
744 + -Dstorage_fs=enabled
745 + -Ddriver_vmware=enabled
746 +
747 + --localstatedir="${EPREFIX}/var"
748 + -Drunstatedir="${EPREFIX}/run"
749 + -Ddocdir="${EPREFIX}/usr/share/doc/${PF}"
750 + )
751 +
752 + meson_src_configure
753 +}
754 +
755 +src_test() {
756 + export VIR_TEST_DEBUG=1
757 + # Don't run the syntax check tests, they're fragile and not relevant
758 + # to us downstream anyway.
759 + # We also crank up the timeout (as Fedora does) just to preempt failures
760 + # on slower arches.
761 + meson_src_test --no-suite syntax-check --timeout-multiplier 10
762 +}
763 +
764 +src_install() {
765 + meson_src_install
766 +
767 + # Depending on configuration option, libvirt will create some bogus
768 + # directoreis. They are either not used, or libvirtd is able to create
769 + # them on demand, so let's remove them.
770 + #
771 + # Note, we are using -f here so that rm does not fail or warn if the
772 + # directory is nonexistent.
773 + rm -rf "${D}"/etc/sysconfig
774 + rm -rf "${D}"/var
775 + rm -rf "${D}"/run
776 +
777 + use libvirtd || return 0
778 + # From here, only libvirtd-related instructions, be warned!
779 +
780 + newtmpfiles "${FILESDIR}"/libvirtd.tmpfiles.conf libvirtd.conf
781 +
782 + newinitd "${S}/libvirtd.init" libvirtd
783 + newinitd "${FILESDIR}/libvirt-guests.init-r4" libvirt-guests
784 + newinitd "${FILESDIR}/virtlockd.init-r2" virtlockd
785 + newinitd "${FILESDIR}/virtlogd.init-r2" virtlogd
786 +
787 + newconfd "${FILESDIR}/libvirtd.confd-r5" libvirtd
788 + newconfd "${FILESDIR}/libvirt-guests.confd" libvirt-guests
789 +
790 + DOC_CONTENTS=$(<"${FILESDIR}/README.gentoo-r3")
791 + DISABLE_AUTOFORMATTING=true
792 + readme.gentoo_create_doc
793 +}
794 +
795 +pkg_postinst() {
796 + if [[ -e "${ROOT}"/etc/libvirt/qemu/networks/default.xml ]]; then
797 + touch "${ROOT}"/etc/libvirt/qemu/networks/default.xml || die
798 + fi
799 +
800 + use libvirtd || return 0
801 + # From here, only libvirtd-related instructions, be warned!
802 + tmpfiles_process libvirtd.conf
803 + readme.gentoo_print_elog
804 +}
Report Message
Find on MARC Find on Google Groups