There seems to be some problem that this package does not build from
source, but as we don't currently have any hardware that supports thise,
there is no point in debugging it.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 8.10.0 to 10.0.0
- Update of rootfile
- Changelog is too large to include here. Details can be found in the NEWS.rst file in the
source tarball
CVE-2023-3750 was fixed in version 9.6.0
Fix race condition in storage driver leading to a crash
In **libvirt-8.3** a bug was introduced which in rare cases could cause
``libvirtd`` or ``virtstoraged`` to crash if multiple clients attempted to
look up a storage volume by key, path or target path, while other clients
attempted to access something from the same storage pool.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 8.9.0 to 8.10.0
- Update of rootfile
- Changelog
v8.10.0 (2022-12-01)
**New features**
* Tool for validating SEV firmware boot measurement of QEMU VMs
The ``virt-qemu-sev-validate`` program will compare a reported SEV/SEV-ES
domain launch measurement, to a computed launch measurement. This
determines whether the domain has been tampered with during launch.
* Support for SGX EPC (enclave page cache)
Users can add a ``<memory model='sgx-epc'>`` device to lauch a VM with
``Intel Software Guard Extensions``.
* Support migration of vTPM state of QEMU vms on shared storage
Pass ``--migration`` option if appropriate in order for ``swtpm`` to
properly migrate on shared storage.
**Improvements**
* Mark close callback (un-)register API as high priority
High priority APIs use a separate thread pool thus can help in eliminating
problems with stuck VMs. Marking the close callback API as high priority
allows ``virsh`` to properly connect to the daemon in case the normal
priority workers are stuck allowing other high priority API usage.
* Updated x86 CPU features
The following features for the x86 platform were added:
``v-vmsave-vmload``, ``vgif``, ``avx512-vp2intersect``, ``avx512-fp16``,
``serialize``, ``tsx-ldtrk``, ``arch-lbr``, ``xfd``, ``intel-pt-lip``,
``avic``, ``sgx``, ``sgxlc``, ``sgx-exinfo``, ``sgx1``, ``sgx2``,
``sgx-debug``, ``sgx-mode64``, ``sgx-provisionkey``, ``sgx-tokenkey``,
``sgx-kss``, ``bus-lock-detect``, ``pks``, ``amx``.
* Add support for ``hv-avic`` Hyper-V enlightenment
``qemu-6.2`` introduced support for the ``hv-avic`` enlightenment which
allows to use Hyper-V SynIC with hardware APICv/AVIC enabled.
* qemu: Run memory preallocation with numa-pinned threads
Run the thread allocating memory in the proper NUMA node to reduce overhead.
* RPM packaging changes
- add optional dependancy of ``libvirt-daemon`` on ``libvirt-client``
The ``libvirt-guests.`` tool requires the ``virsh`` client to work
properly, but we don't want to require the installation of the daemon
if the tool is not used.
- relax required ``python3-libvirt`` version for ``libvirt-client-qemu``
The ``virt-qemu-qmp-proxy`` tool requires python but doesn't strictly
need the newest version. Remove the strict versioning requirement in
order to prevent cyclic dependency when building.
**Bug fixes**
* Skip initialization of ``cache`` capabilities if host doesn't support them
Hypervisor drivers would fail to initialize on ``aarch64`` hosts with
following error ::
virStateInitialize:657 : Initialisation of cloud-hypervisor state driver failed: no error
which prevented the startup of the daemon.
* Allow incoming connections to guests on routed networks w/firewalld
A change in handling of implicit rules in ``firewalld 1.0.0`` broke
incomming connections to VMs when using ``routed`` network. This is fixed
by adding a new ``libvirt-routed`` zone configured to once again allow
incoming sessions to guests on routed networks.
* Fix infinite loop in nodedev driver
Certain udev entries might be of a size that makes libudev emit EINVAL
which caused a busy loop burning CPU. Fix it by ignoring the return code.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 7.10.0 to 8.9.0
- Update of rootfile
- Removal of sheepdog_storage option in ./configure as it has been removed from libvirt
- Removal of libvirt-7.10.0-fix-glibc-headers.patch as contents are now built in to source
tarball.
- Changelog is too large to include here. Details can be found in the NEWS.rst file in
the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Historically, the MD5 checksums in our LFS files serve as a protection
against broken downloads, or accidentally corrupted source files.
While the sources are nowadays downloaded via HTTPS, it make sense to
beef up integrity protection for them, since transparently intercepting
TLS is believed to be feasible for more powerful actors, and the state
of the public PKI ecosystem is clearly not helping.
Therefore, this patch switches from MD5 to BLAKE2, updating all LFS
files as well as make.sh to deal with this checksum algorithm. BLAKE2 is
notably faster (and more secure) than SHA2, so the performance penalty
introduced by this patch is negligible, if noticeable at all.
In preparation of this patch, the toolchain files currently used have
been supplied with BLAKE2 checksums as well on
https://source.ipfire.org/.
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremeripfire.org>
Bumping across one of our scripts with very long trailing whitespaces, I
thought it might be a good idea to clean these up. Doing so, some
missing or inconsistent licence headers were fixed.
There is no need in shipping all these files en bloc, as their
functionality won't change.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
* Add a Summary and Services field to all pak lfs files
* Replace occurances of INSTALL_INITSCRIPT with new INSTALL_INITSCRIPTS
macro in all pak lfs files.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 6.5.0 to 7.10.0 (17 releases between these versions)
- Update of rootfile
- Update of patch as source file contents changed enough that old patch failed to work
- Build changed to meson/ninja as autotools option has been removed
- Most of the existing options were available as meson options - look in
meson_options.txt file in the source tarball.
Three options were not available with meson
--with-virtualport
--with-macvtap
--without-dbus
- Changelog is too large to include here (~1200 lines) but the detail can be seen in the
NEWS.rst file in the source tarball. Many bug fixes identified in the changelog
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
This patch removes support for i586 according to the decision being
taken over a year ago.
It removes the architecture from the build system and removes all
required hacks and other quirks that have been necessary before.
There is no need to ship any changed files to the remaining
architectures as the removed code branches have not been used.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Not sure why this has ever been there. This simply makes it
nicer to read and edit because we can have line-breaks now.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
The patch which adjusts the options for IPFire in the libvirtd.conf does
not apply in a newer version of libvirt. Creating this patch is harder
than to use a separate config file.
This separate config file also enables us to adjust options much faster.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
When I try to build libvirt a second-time without ./make.sh clean
between the two builds, libvirt tries to link against Wireshark and
fails.
This configure option solves the problem.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Most of these files still used old dates and/or domain names for contact
mail addresses. This is now replaced by an up-to-date copyright line.
Just some housekeeping... :-)
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch update the libvirt library to version 3.1.0
We can not update to the latest version in the moment because version
3.2.0 has a annoying bug.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The virtlogd could only be restarted when the daemons run. The update.sh
script tried to restart the daemon no matter if the daemons run or not.
This behaviour produce problems.
An If statement now checks if the daemon runs or not and execute the
command that is suitable for the situation.
Fixes: #11172
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is the update of libvirt to the latest version 2.1.
The most important change from a packager view is the new virtlogd
daemon.
This daemon handles the qemu output and wrote it to log files.
The require some changes:
- A new init script to start, stop restart the daemon called virtlogd.
The daemon is restart with SIGUSR1 (this is important because the daemon
keeps all pipelines etc. open).
This introduces a problem with the uninstall.sh install.sh script.
It is not possible to stop the daemon while virtual machines are
running, so the script update.sh execute from now not uninstall.sh and
install.sh instead it contains all steps from uninstall.sh install.sh
expect the start / stop routine for virtlogd. The daemon is just
restarted after the update, which makes sure that all changes take
effect.
- new symlinks in the uninstall.sh and install.sh script and some root
file changes because of the new virtlogd init script.
- the archive format changes from tar.gz to tar.xz
For Changelogs see:
https://libvirt.org/news-2015.htmlhttps://libvirt.org/news.html (2017 and later:
https://libvirt.org/news-2016.html )
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
If the kernel module vhot_net is loaded, the performance of virtio
networking is better then without vhost_net.
So the module is loaded before libvirtd ist started to get the benefit
of vhost_net.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The directory /etc/libvirt is backed up on uninstallation and is
restored on installation.
Alle Files in /var are commented in the rootfile so they are not
removed on uninstallation.
Because of the fact that the directories are not shipped with the
package they were created at installation time.
The permissions of 3 directories are changed because the qemu user is
nobody and the qemu group is kvm, so the permissions must be nobody:kvm
Fixes: #11151
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The libvirt daemon was not started after installation because the
initscritp is named 'libvirtd' not like the package 'libvirt'.
The same problem appear in the uninstall.sh. The service was not
stopped.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Changes the libvirt user to nobody and the group to kvm this is a bit
safer as to use root for both.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
It is possible to communicate per ssh via a socket with libvirt. It is
not a good idea to do this as root, so the remote user is now
libvirt-remote. Only this user or users in the group libvirt-remote can
communicate with the socket.
The user libvirt-remote is created without a password. The users have to
set a password for this user after installation.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
