Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Matthias Maier <tamiko@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: app-emulation/libvirt/files/, app-emulation/libvirt/
Date: Tue, 30 Jan 2018 17:08:42
Message-Id: 1517331790.002a0f6216825de8c045768a5baeeaf862339497.tamiko@gentoo
1 commit: 002a0f6216825de8c045768a5baeeaf862339497
2 Author: aporilel <35788283+aporilel <AT> users <DOT> noreply <DOT> github <DOT> com>
3 AuthorDate: Thu Jan 25 02:23:36 2018 +0000
4 Commit: Matthias Maier <tamiko <AT> gentoo <DOT> org>
5 CommitDate: Tue Jan 30 17:03:10 2018 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=002a0f62
7
8 app-emulation/libvirt: fix apparmor patch
9
10 Fixes: 24cd72c425327c6 ("app-emulation/libvirt: Update apparmor profiles")
11 Closes: https://bugs.gentoo.org/629718
12 Closes: https://github.com/gentoo/gentoo/pull/6954
13
14 Signed-off-by: Matthias Maier <tamiko <AT> gentoo.org>
15
16 .../libvirt-3.10.0-r2-fix_paths_for_apparmor.patch | 77 +++++
17 app-emulation/libvirt/libvirt-3.10.0-r2.ebuild | 382 +++++++++++++++++++++
18 2 files changed, 459 insertions(+)
19
20 diff --git a/app-emulation/libvirt/files/libvirt-3.10.0-r2-fix_paths_for_apparmor.patch b/app-emulation/libvirt/files/libvirt-3.10.0-r2-fix_paths_for_apparmor.patch
21 new file mode 100644
22 index 00000000000..f1360ae4e4e
23 --- /dev/null
24 +++ b/app-emulation/libvirt/files/libvirt-3.10.0-r2-fix_paths_for_apparmor.patch
25 @@ -0,0 +1,77 @@
26 +diff --git a/examples/Makefile.am b/examples/Makefile.am
27 +index ef2f79db3..d8cdb9b3f 100644
28 +--- a/examples/Makefile.am
29 ++++ b/examples/Makefile.am
30 +@@ -23,7 +23,7 @@ EXTRA_DIST = \
31 + apparmor/TEMPLATE.lxc \
32 + apparmor/libvirt-qemu \
33 + apparmor/libvirt-lxc \
34 +- apparmor/usr.lib.libvirt.virt-aa-helper \
35 ++ apparmor/usr.libexec.virt-aa-helper \
36 + apparmor/usr.sbin.libvirtd \
37 + lxcconvert/virt-lxc-convert \
38 + polkit/libvirt-acl.rules \
39 +@@ -70,7 +70,7 @@ admin_logging_SOURCES = admin/logging.c
40 + if WITH_APPARMOR_PROFILES
41 + apparmordir = $(sysconfdir)/apparmor.d/
42 + apparmor_DATA = \
43 +- apparmor/usr.lib.libvirt.virt-aa-helper \
44 ++ apparmor/usr.libexec.virt-aa-helper \
45 + apparmor/usr.sbin.libvirtd \
46 + $(NULL)
47 +
48 +diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
49 +index d4fad85a1..0b22009e5 100644
50 +--- a/examples/apparmor/libvirt-qemu
51 ++++ b/examples/apparmor/libvirt-qemu
52 +@@ -86,6 +86,8 @@
53 + /usr/share/AAVMF/** r,
54 + /usr/share/qemu-efi/** r,
55 + /usr/share/slof/** r,
56 ++ /usr/share/seavgabios/** r,
57 ++ /usr/share/edk2-ovmf/** r,
58 +
59 + # access PKI infrastructure
60 + /etc/pki/libvirt-vnc/** r,
61 +diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper b/examples/apparmor/usr.libexec.virt-aa-helper
62 +similarity index 92%
63 +rename from examples/apparmor/usr.lib.libvirt.virt-aa-helper
64 +rename to examples/apparmor/usr.libexec.virt-aa-helper
65 +index bd6181d00..4086f140a 100644
66 +--- a/examples/apparmor/usr.lib.libvirt.virt-aa-helper
67 ++++ b/examples/apparmor/usr.libexec.virt-aa-helper
68 +@@ -1,7 +1,7 @@
69 + # Last Modified: Mon Apr 5 15:10:27 2010
70 + #include <tunables/global>
71 +
72 +-profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
73 ++profile virt-aa-helper /usr/libexec/virt-aa-helper {
74 + #include <abstractions/base>
75 +
76 + # needed for searching directories
77 +@@ -32,7 +32,7 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
78 + deny /dev/mapper/ r,
79 + deny /dev/mapper/* r,
80 +
81 +- /usr/{lib,lib64}/libvirt/virt-aa-helper mr,
82 ++ /usr/libexec/virt-aa-helper mr,
83 + /{usr/,}sbin/apparmor_parser Ux,
84 +
85 + /etc/apparmor.d/libvirt/* r,
86 +diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd
87 +index 8d61d154e..656a5595b 100644
88 +--- a/examples/apparmor/usr.sbin.libvirtd
89 ++++ b/examples/apparmor/usr.sbin.libvirtd
90 +@@ -84,8 +84,10 @@
91 + audit deny /sys/kernel/security/apparmor/.* rwxl,
92 + /sys/kernel/security/apparmor/profiles r,
93 + /usr/{lib,lib64}/libvirt/* PUxr,
94 +- /usr/{lib,lib64}/libvirt/libvirt_parthelper ix,
95 +- /usr/{lib,lib64}/libvirt/libvirt_iohelper ix,
96 ++ /usr/libexec/virt-aa-helper PUxr,
97 ++ /usr/libexec/libvirt_lxc PUxr,
98 ++ /usr/libexec/libvirt_parthelper ix,
99 ++ /usr/libexec/libvirt_iohelper ix,
100 + /etc/libvirt/hooks/** rmix,
101 + /etc/xen/scripts/** rmix,
102 +
103
104 diff --git a/app-emulation/libvirt/libvirt-3.10.0-r2.ebuild b/app-emulation/libvirt/libvirt-3.10.0-r2.ebuild
105 new file mode 100644
106 index 00000000000..e918ac7a33e
107 --- /dev/null
108 +++ b/app-emulation/libvirt/libvirt-3.10.0-r2.ebuild
109 @@ -0,0 +1,382 @@
110 +# Copyright 1999-2017 Gentoo Foundation
111 +# Distributed under the terms of the GNU General Public License v2
112 +
113 +EAPI=6
114 +
115 +inherit autotools eutils user linux-info systemd readme.gentoo-r1
116 +
117 +if [[ ${PV} = *9999* ]]; then
118 + inherit git-r3
119 + EGIT_REPO_URI="git://libvirt.org/libvirt.git"
120 + SRC_URI=""
121 + KEYWORDS=""
122 + SLOT="0"
123 +else
124 + # Versions with 4 numbers are stable updates:
125 + if [[ ${PV} =~ ^[0-9]+(\.[0-9]+){3} ]]; then
126 + SRC_URI="http://libvirt.org/sources/stable_updates/${P}.tar.xz"
127 + else
128 + SRC_URI="http://libvirt.org/sources/${P}.tar.xz"
129 + fi
130 + KEYWORDS="~amd64 ~arm64 ~x86"
131 + SLOT="0/${PV}"
132 +fi
133 +
134 +DESCRIPTION="C toolkit to manipulate virtual machines"
135 +HOMEPAGE="http://www.libvirt.org/"
136 +LICENSE="LGPL-2.1"
137 +IUSE="
138 + apparmor audit +caps +dbus firewalld fuse glusterfs iscsi +libvirtd lvm
139 + libssh lxc +macvtap nfs nls numa openvz parted pcap phyp policykit
140 + +qemu rbd sasl selinux +udev uml +vepa virtualbox virt-network
141 + wireshark-plugins xen zeroconf zfs
142 +"
143 +
144 +REQUIRED_USE="
145 + firewalld? ( virt-network )
146 + libvirtd? ( || ( lxc openvz qemu uml virtualbox xen ) )
147 + lxc? ( caps libvirtd )
148 + openvz? ( libvirtd )
149 + policykit? ( dbus )
150 + qemu? ( libvirtd )
151 + uml? ( libvirtd )
152 + vepa? ( macvtap )
153 + virt-network? ( libvirtd )
154 + virtualbox? ( libvirtd )
155 + xen? ( libvirtd )"
156 +
157 +# gettext.sh command is used by the libvirt command wrappers, and it's
158 +# non-optional, so put it into RDEPEND.
159 +# We can use both libnl:1.1 and libnl:3, but if you have both installed, the
160 +# package will use 3 by default. Since we don't have slot pinning in an API,
161 +# we must go with the most recent
162 +RDEPEND="
163 + app-misc/scrub
164 + dev-libs/libgcrypt:0
165 + dev-libs/libnl:3
166 + >=dev-libs/libxml2-2.7.6
167 + || ( >=net-analyzer/netcat6-1.0-r2 >=net-analyzer/openbsd-netcat-1.105-r1 )
168 + >=net-libs/gnutls-1.0.25:0=
169 + net-libs/libssh2
170 + net-libs/libtirpc
171 + net-libs/rpcsvc-proto
172 + >=net-misc/curl-7.18.0
173 + sys-apps/dmidecode
174 + >=sys-apps/util-linux-2.17
175 + sys-devel/gettext
176 + sys-libs/ncurses:0=
177 + sys-libs/readline:=
178 + apparmor? ( sys-libs/libapparmor )
179 + audit? ( sys-process/audit )
180 + caps? ( sys-libs/libcap-ng )
181 + dbus? ( sys-apps/dbus )
182 + firewalld? ( net-firewall/firewalld )
183 + fuse? ( >=sys-fs/fuse-2.8.6:= )
184 + glusterfs? ( >=sys-cluster/glusterfs-3.4.1 )
185 + iscsi? ( sys-block/open-iscsi )
186 + libssh? ( net-libs/libssh )
187 + lvm? ( >=sys-fs/lvm2-2.02.48-r2[-device-mapper-only(-)] )
188 + nfs? ( net-fs/nfs-utils )
189 + numa? (
190 + >sys-process/numactl-2.0.2
191 + sys-process/numad
192 + )
193 + parted? (
194 + >=sys-block/parted-1.8[device-mapper]
195 + sys-fs/lvm2[-device-mapper-only(-)]
196 + )
197 + pcap? ( >=net-libs/libpcap-1.0.0 )
198 + policykit? ( >=sys-auth/polkit-0.9 )
199 + qemu? (
200 + >=app-emulation/qemu-0.13.0
201 + dev-libs/yajl
202 + )
203 + rbd? ( sys-cluster/ceph )
204 + sasl? ( dev-libs/cyrus-sasl )
205 + selinux? ( >=sys-libs/libselinux-2.0.85 )
206 + virt-network? (
207 + net-dns/dnsmasq[script]
208 + net-firewall/ebtables
209 + >=net-firewall/iptables-1.4.10[ipv6]
210 + net-misc/radvd
211 + sys-apps/iproute2[-minimal]
212 + )
213 + virtualbox? ( || ( app-emulation/virtualbox >=app-emulation/virtualbox-bin-2.2.0 ) )
214 + wireshark-plugins? ( net-analyzer/wireshark:= )
215 + xen? (
216 + app-emulation/xen
217 + app-emulation/xen-tools:=
218 + )
219 + udev? (
220 + virtual/udev
221 + >=x11-libs/libpciaccess-0.10.9
222 + )
223 + zeroconf? ( >=net-dns/avahi-0.6[dbus] )
224 + zfs? ( sys-fs/zfs )"
225 +
226 +DEPEND="${RDEPEND}
227 + app-text/xhtml1
228 + dev-lang/perl
229 + dev-libs/libxslt
230 + dev-perl/XML-XPath
231 + virtual/pkgconfig"
232 +
233 +PATCHES=(
234 + "${FILESDIR}"/${PN}-1.3.0-do_not_use_sysconf.patch
235 + "${FILESDIR}"/${PN}-1.2.16-fix_paths_in_libvirt-guests_sh.patch
236 + "${FILESDIR}"/${PN}-3.10.0-r2-fix_paths_for_apparmor.patch
237 + "${FILESDIR}"/${PN}-1.3.4-glibc-2.23.patch
238 + "${FILESDIR}"/${PN}-3.1.0-musl-fix-includes.patch # bug #609488
239 +)
240 +
241 +pkg_setup() {
242 + if use qemu; then
243 + enewgroup qemu 77
244 + enewuser qemu 77 -1 -1 "qemu,kvm"
245 + fi
246 +
247 + use policykit && enewgroup libvirt
248 +
249 + # Check kernel configuration:
250 + CONFIG_CHECK=""
251 + use fuse && CONFIG_CHECK+="
252 + ~FUSE_FS"
253 +
254 + use lvm && CONFIG_CHECK+="
255 + ~BLK_DEV_DM
256 + ~DM_MULTIPATH
257 + ~DM_SNAPSHOT"
258 +
259 + use lxc && CONFIG_CHECK+="
260 + ~BLK_CGROUP
261 + ~CGROUP_CPUACCT
262 + ~CGROUP_DEVICE
263 + ~CGROUP_FREEZER
264 + ~CGROUP_NET_PRIO
265 + ~CGROUP_PERF
266 + ~CGROUPS
267 + ~CGROUP_SCHED
268 + ~CPUSETS
269 + ~IPC_NS
270 + ~MACVLAN
271 + ~NAMESPACES
272 + ~NET_CLS_CGROUP
273 + ~NET_NS
274 + ~PID_NS
275 + ~POSIX_MQUEUE
276 + ~SECURITYFS
277 + ~USER_NS
278 + ~UTS_NS
279 + ~VETH
280 + ~!GRKERNSEC_CHROOT_MOUNT
281 + ~!GRKERNSEC_CHROOT_DOUBLE
282 + ~!GRKERNSEC_CHROOT_PIVOT
283 + ~!GRKERNSEC_CHROOT_CHMOD
284 + ~!GRKERNSEC_CHROOT_CAPS"
285 +
286 + kernel_is lt 4 7 && use lxc && CONFIG_CHECK+="
287 + ~DEVPTS_MULTIPLE_INSTANCES"
288 +
289 + use macvtap && CONFIG_CHECK+="
290 + ~MACVTAP"
291 +
292 + use virt-network && CONFIG_CHECK+="
293 + ~BRIDGE_EBT_MARK_T
294 + ~BRIDGE_NF_EBTABLES
295 + ~NETFILTER_ADVANCED
296 + ~NETFILTER_XT_CONNMARK
297 + ~NETFILTER_XT_MARK
298 + ~NETFILTER_XT_TARGET_CHECKSUM"
299 + # Bandwidth Limiting Support
300 + use virt-network && CONFIG_CHECK+="
301 + ~BRIDGE_EBT_T_NAT
302 + ~NET_ACT_POLICE
303 + ~NET_CLS_FW
304 + ~NET_CLS_U32
305 + ~NET_SCH_HTB
306 + ~NET_SCH_INGRESS
307 + ~NET_SCH_SFQ"
308 +
309 + # Handle specific kernel versions for different features
310 + kernel_is lt 3 6 && CONFIG_CHECK+=" ~CGROUP_MEM_RES_CTLR"
311 + if kernel_is ge 3 6; then
312 + CONFIG_CHECK+=" ~MEMCG ~MEMCG_SWAP "
313 + kernel_is lt 4 5 && CONFIG_CHECK+=" ~MEMCG_KMEM "
314 + fi
315 +
316 + ERROR_USER_NS="Optional depending on LXC configuration."
317 +
318 + if [[ -n ${CONFIG_CHECK} ]]; then
319 + linux-info_pkg_setup
320 + fi
321 +}
322 +
323 +src_prepare() {
324 + touch "${S}/.mailmap"
325 +
326 + default
327 +
328 + if [[ ${PV} = *9999* ]]; then
329 + # git checkouts require bootstrapping to create the configure script.
330 + # Additionally the submodules must be cloned to the right locations
331 + # bug #377279
332 + ./bootstrap || die "bootstrap failed"
333 + (
334 + git submodule status | sed 's/^[ +-]//;s/ .*//'
335 + git hash-object bootstrap.conf
336 + ) >.git-module-status
337 + fi
338 +
339 + # Tweak the init script:
340 + cp "${FILESDIR}/libvirtd.init-r16" "${S}/libvirtd.init" || die
341 + sed -e "s/USE_FLAG_FIREWALLD/$(usex firewalld 'need firewalld' '')/" \
342 + -e "s/USE_FLAG_AVAHI/$(usex zeroconf 'use avahi-daemon' '')/" \
343 + -e "s/USE_FLAG_ISCSI/$(usex iscsi 'use iscsid' '')/" \
344 + -e "s/USE_FLAG_RBD/$(usex rbd 'use ceph' '')/" \
345 + -i "${S}/libvirtd.init" || die "sed failed"
346 +
347 + eautoreconf
348 +}
349 +
350 +src_configure() {
351 + local myeconfargs=(
352 + $(use_with apparmor)
353 + $(use_with apparmor apparmor-profiles)
354 + $(use_with audit)
355 + $(use_with caps capng)
356 + $(use_with dbus)
357 + $(use_with firewalld)
358 + $(use_with fuse)
359 + $(use_with glusterfs)
360 + $(use_with glusterfs storage-gluster)
361 + $(use_with iscsi storage-iscsi)
362 + $(use_with libvirtd)
363 + $(use_with libssh)
364 + $(use_with lvm storage-lvm)
365 + $(use_with lvm storage-mpath)
366 + $(use_with lxc)
367 + $(use_with macvtap)
368 + $(use_enable nls)
369 + $(use_with numa numactl)
370 + $(use_with numa numad)
371 + $(use_with openvz)
372 + $(use_with parted storage-disk)
373 + $(use_with pcap libpcap)
374 + $(use_with phyp)
375 + $(use_with policykit polkit)
376 + $(use_with qemu)
377 + $(use_with qemu yajl)
378 + $(use_with rbd storage-rbd)
379 + $(use_with sasl)
380 + $(use_with selinux)
381 + $(use_with udev)
382 + $(use_with uml)
383 + $(use_with vepa virtualport)
384 + $(use_with virt-network network)
385 + $(use_with wireshark-plugins wireshark-dissector)
386 + $(use_with xen)
387 + $(use_with xen xen-inotify)
388 + $(use_with xen libxl)
389 + $(use_with zeroconf avahi)
390 + $(use_with zfs storage-zfs)
391 +
392 + --without-hal
393 + --without-netcf
394 + --without-sanlock
395 + --without-xenapi
396 +
397 + --with-esx
398 + --with-init-script=systemd
399 + --with-qemu-group=$(usex caps qemu root)
400 + --with-qemu-user=$(usex caps qemu root)
401 + --with-remote
402 + --with-storage-fs
403 + --with-vmware
404 +
405 + --disable-static
406 + --disable-werror
407 +
408 + --with-html-subdir=${PF}/html
409 + --localstatedir=/var
410 + )
411 +
412 + if use virtualbox && has_version app-emulation/virtualbox-ose; then
413 + myeconfargs+=( --with-vbox=/usr/lib/virtualbox-ose/ )
414 + else
415 + myeconfargs+=( $(use_with virtualbox vbox) )
416 + fi
417 +
418 + econf "${myeconfargs[@]}"
419 +
420 + if [[ ${PV} = *9999* ]]; then
421 + # Restore gnulib's config.sub and config.guess
422 + # bug #377279
423 + (cd .gnulib && git reset --hard > /dev/null)
424 + fi
425 +}
426 +
427 +src_test() {
428 + cd "${BUILD_DIR}"
429 +
430 + # remove problematic tests, bug #591416, bug #591418
431 + sed -i -e 's#commandtest$(EXEEXT) # #' \
432 + -e 's#virfirewalltest$(EXEEXT) # #' \
433 + -e 's#nwfilterebiptablestest$(EXEEXT) # #' \
434 + -e 's#nwfilterxml2firewalltest$(EXEEXT)$##' \
435 + tests/Makefile
436 +
437 + export VIR_TEST_DEBUG=1
438 + HOME="${T}" emake check || die "tests failed"
439 +}
440 +
441 +src_install() {
442 + emake DESTDIR="${D}" \
443 + SYSTEMD_UNIT_DIR="$(systemd_get_systemunitdir)" install
444 +
445 + find "${D}" -name '*.la' -delete || die
446 +
447 + # Remove bogus, empty directories. They are either not used, or
448 + # libvirtd is able to create them on demand
449 + rm -rf "${D}"/etc/sysconfig
450 + rm -rf "${D}"/var/cache
451 + rm -rf "${D}"/var/run
452 + rm -rf "${D}"/var/log
453 +
454 + use libvirtd || return 0
455 + # From here, only libvirtd-related instructions, be warned!
456 +
457 + systemd_install_serviced \
458 + "${FILESDIR}"/libvirtd.service.conf libvirtd.service
459 +
460 + systemd_newtmpfilesd "${FILESDIR}"/libvirtd.tmpfiles.conf libvirtd.conf
461 +
462 + newinitd "${S}/libvirtd.init" libvirtd || die
463 + newinitd "${FILESDIR}/libvirt-guests.init-r2" libvirt-guests || die
464 + newinitd "${FILESDIR}/virtlockd.init-r1" virtlockd || die
465 + newinitd "${FILESDIR}/virtlogd.init-r1" virtlogd || die
466 +
467 + newconfd "${FILESDIR}/libvirtd.confd-r5" libvirtd || die
468 + newconfd "${FILESDIR}/libvirt-guests.confd" libvirt-guests || die
469 +
470 + DOC_CONTENTS=$(<"${FILESDIR}/README.gentoo-r2")
471 + DISABLE_AUTOFORMATTING=true
472 + readme.gentoo_create_doc
473 +}
474 +
475 +pkg_preinst() {
476 + # we only ever want to generate this once
477 + if [[ -e "${ROOT}"/etc/libvirt/qemu/networks/default.xml ]]; then
478 + rm -rf "${D}"/etc/libvirt/qemu/networks/default.xml
479 + fi
480 +}
481 +
482 +pkg_postinst() {
483 + if [[ -e "${ROOT}"/etc/libvirt/qemu/networks/default.xml ]]; then
484 + touch "${ROOT}"/etc/libvirt/qemu/networks/default.xml
485 + fi
486 +
487 + use libvirtd || return 0
488 + # From here, only libvirtd-related instructions, be warned!
489 +
490 + readme.gentoo_print_elog
491 +}
Report Message
Find on MARC Find on Google Groups