Commit Graph

645 Commits

Author SHA1 Message Date
Daniel P. Berrange 3c647ee4bb Switch to GSSAPI (kerberos) instead of the insecure DIGEST-MD5
RFC 6331 documents a number of serious security weaknesses in
the SASL DIGEST-MD5 mechanism. As such, libvirtd should not
by using it as a default mechanism. GSSAPI is the only other
viable SASL mechanism that can provide secure session encryption
so enable that by defalt as the replacement.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-03-15 18:14:51 +00:00
Philipp Hahn d7dcea6f60 doc: fix writing of QEMU
QEMU should be written all upper or all lower case.
2017-03-08 17:33:07 +01:00
Peter Krempa 27c8e36d60 spec: Modularize the storage driver
Create a new set of sub-packages containing the new storage driver
modules so that certain heavy-weight backends (gluster, rbd) can be
installed separately only if required.

To keep backward compatibility the 'libvirt-driver-storage' package
will be turned into a virtual package pulling in all the new storage
backend sub-packages. The storage driver module will be moved into
libvirt-driver-storage-core including the filesystem backend which is
mandatory.

This then allows to make libvirt-daemon-driver-qemu depend only on the
core of the storage driver.

All other meta-packages still depend on the full storage driver and thus
pull in all the backends.
2017-02-22 09:31:33 +01:00
Peter Krempa 0a6d3e51b4 storage: Turn storage backends into dynamic modules
If driver modules are enabled turn storage driver backends into
dynamically loadable objects. This will allow greater modularity for
binary distributions, where heavyweight dependencies as rbd and gluster
can be avoided by selecting only a subset of drivers if the rest is not
necessary.

The storage modules are installed into 'LIBDIR/libvirt/storage-backend/'
and users can override the location by using
'LIBVIRT_STORAGE_BACKEND_DIR' environment variable.

rpm based distros will at this point install all the backends when
libvirt-daemon-driver-storage package is installed.
2017-02-22 09:31:33 +01:00
Peter Krempa 4fb105f681 spec: Don't check for storage driver backends in configure script
Explicitly enable --with-storage-scsi and disable --without-storage-zfs
and --without-storage-vstorage so that the configure script doesn't
check for them.

Note that --with-storage-dir is enabled by default.
2017-02-22 09:31:33 +01:00
Andrea Bolognani e04bd5b6fc spec: Require libacl when building the QEMU driver
For the namespaces feature to work properly we need to be able
to make a perfect copy of the original /dev, including ACLs.

By adding a BuildRequires on libacl-devel we ensure that ACL
support will be enabled at configure time and made available
to the QEMU driver.
2017-02-14 19:07:43 +01:00
Jiri Denemark cff9de3eb4 spec: Enable qemu driver for RHEL-7 on aarch64
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2017-01-30 10:22:16 +01:00
Peter Krempa dd335d03e8 spec: Depend on the gluster command line tool
The gluster command line tool that is used to lookup storage pool
sources moved from the gluster-client package to gluster-cli.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1349441
2017-01-18 11:05:26 +01:00
Michal Privoznik b64af8f81d libvirt.spec: Package libnss_libvirt_guest.so.2
In 22f7ceb695 I've introduced another NSS module
but forgot to package it in libvirt-nss.rpm.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-12-08 15:25:17 +01:00
Daniel P. Berrange 0be9cea199 test: fix screenshot API impl
When redoing the website we deleted the libvirtLogo.png file
not remembering that the test driver screenshot API impl
relied on it.

Rather than having the test driver use the logo as a side
effect, give it its own dedicated image to use. This is
installed in /usr/share/libvirt/test-screenshot.png and
is taken from a NeXT Cube running WorldWideWeb[1]. The
very first web browser in existance, running on the
hardware it was originally written on.

[1] https://en.wikipedia.org/wiki/WorldWideWeb

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-12-08 10:57:32 +00:00
Nikolay Shirokovskiy 01079727fe libvirtd: systemd: add special target for system shutdown
It is already discussed in "[RFC] daemon: remove hardcode dep on libvirt-guests" [1].

Mgmt can use means to save/restore domains on system shutdown/boot other than
libvirt-guests.service. Thus we need to specify appropriate ordering dependency between
libvirtd, domains and save/restore service. This patch takes approach suggested
in RFC and introduces a systemd target, so that ordering can be built next way:

libvirtd -> domain -> virt-guest-shutdown.target -> save-restore.service.

This way domains are decoupled from specific shutdown service via intermediate
target.

[1] https://www.redhat.com/archives/libvir-list/2016-September/msg01353.html
2016-11-23 11:13:53 +03:00
Pino Toscano e7a7807bd6 spec: enable libssh transport on Fedora 2016-11-15 15:50:51 +01:00
Daniel P. Berrange e3e0f36719 docs: redo style of front page
Use a large logo banner across the front page. Tile the
three lists of links into three panels

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-11-11 12:15:03 +00:00
Andrea Bolognani 11d571eaa7 spec: Run all make jobs in parallel
Commit e8861f6971 changed our spec file to compile and run
tests in parallel. That's a very good step forward, but why
stop there? Let's run *all* make jobs in parallel and really
put those expensive cores to use!

On my laptop, this shaves ~10s off 'make rpm'.
2016-11-07 17:27:23 +01:00
Michal Privoznik e8861f6971 libvirt.spec: Build & run tests in parallel
So far, the main code is built in parallel, which makes it pretty
fast. But with a lots of tests we have now I've noticed this part
takes too much time to build. The problem was that tests were
build and run in a single job.

Also, 'make' in the first hunk is useless. The test suite is not
built due to 'make all' because there's no .git in the sources
unpacked from a tar.xz archive. It's 'make check' which triggers
tests build.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-11-03 21:38:46 +08:00
Andrea Bolognani c9ddecdf44 spec: Drop support for Fedora < 23
We only claim support for OSs that are still supported by the
respective vendors, which means anything older than Fedora 23
is out. Reword the comment a bit to highlight the criteria.
2016-10-19 17:06:41 +02:00
Jiri Denemark 1ee7efef6f spec: Package cputypes.rng
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-09-27 13:27:52 +02:00
Daniel P. Berrange 072e095660 rpm: set TLS priority to @LIBVIRT,SYSTEM on Fedora >= 25
With newest gnutls available in Fedora 25/rawhide, it is
possible to have TLS priority fallbacks, so we can finally
use --tls-priority=@LIBVIRT,SYSTEM

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-08-04 15:59:24 +01:00
Daniel P. Berrange dcd5f59c5f libvirt.spec.in: fix indentation in previous commit
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-07-28 11:48:00 +01:00
Daniel P. Berrange 8035bf718a Fix RPM spec for wireshark on Fedora < 24
This previous commit

  commit cd9fcc8be7
  Author: Michal Privoznik <mprivozn@redhat.com>
  Date:   Wed Jul 27 16:58:32 2016 +0200

    libvirt.spec.in: Adapt to newest wireshark plugindir

Adapted the libvirt spec for wireshark >= 2.1.0 but
this ignored the fact that we enable wireshark from
Fedora 21 and 2.1.0 was only added in Fedora 24

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-07-28 11:02:02 +01:00
Michal Privoznik cd9fcc8be7 libvirt.spec.in: Adapt to newest wireshark plugindir
In the old days, when wireshark plugin was introduced it was
installed under /usr/lib64/wireshark/plugins/$VERSION/ while with
wireshark-2.1.0 this path has changed just to
/usr/lib64/wireshark/plugins. We should teach our spec file about
this change.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-07-27 17:01:18 +02:00
Andrea Bolognani 55d8daa07e spec: Fix indentation
Commit ffc49e579c broke syntax-check:

  cppi: libvirt.spec.in: line 622: not properly indented
  cppi: libvirt.spec.in: line 624: not properly indented
  cppi: libvirt.spec.in: line 640: not properly indented
  cppi: libvirt.spec.in: line 642: not properly indented
  maint.mk: incorrect preprocessor indentation
  cfg.mk:697: recipe for target 'sc_spec_indentation' failed

Indent the new conditionals properly.
2016-07-13 19:02:15 +02:00
Daniel P. Berrange ffc49e579c libvirt.spec.in: require systemd-container on >= f24
The systemd-machined tools libvirt uses were split into a
systemd-container RPM. Without depending on this, libvirt
may silently fallback to the non-systemd cgroup impl which
is not desirable.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-07-13 17:13:07 +01:00
Michal Privoznik 9a6e47c483 spec: Move virt-admin into its own package
The new package for the virt-admin binary is libvirt-admin.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-07-07 07:22:15 +02:00
Michal Privoznik 70b4f0e719 spec: Split libvirt-client
Currently, we have libvirt-client library which serves as a
collection point for all the libraries and client binaries we
have. Therefore we have couple of silly dependencies, for
instance libvirt-daemon depends on libvirt-client. Only because
the shared library is in the client package.
To solve this, new package libvirt-libs is introduced where all
the libraries are going to live. The client package is then set
to depend on this new package, just like the rest of packages
that suffer the same problem.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-07-07 07:22:15 +02:00
Jean-Marc Liger e893d3ca8e libvirt.spec.in: Use libnl-devel for RHEL-6
RHEL-6 still needs to use libnl instead of libnl3, so re-add
the spec conditional mistakenly removed in

  commit 3694e038fd
  Author: Daniel P. Berrange <berrange@redhat.com>
  Date:   Wed May 4 15:43:08 2016 +0100

    libvirt.spec.in: drop Fedora < 20 and RHEL < 6
2016-06-29 17:38:15 +01:00
Erik Skultety d0a9dbc323 spec: distribute admin API within libvirt-client package
With respect to to the following thread
https://www.redhat.com/archives/libvir-list/2016-June/msg01822.html, until we
introduce a new rpm package '-libs' that would allow us to drop daemon's
dependency on the client package, distribute admin API related stuff within
the client package (since it's the best analogy to the virsh client).

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-06-26 00:21:07 +02:00
Martin Kletzander ddc99f11ac spec: Make driver-qemu require driver-storage
Without that we might get similar messages in the log:

  error : virDriverLoadModule:73 : failed to load module
  /usr/lib64/libvirt/connection-driver/libvirt_driver_qemu.so
  /usr/lib64/libvirt/connection-driver/libvirt_driver_qemu.so: undefined
  symbol: virStorageFileCreate

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-06-17 11:15:43 +02:00
Andrea Bolognani 2c51fa6ec4 maint: Switch to xz compressed PAX release archives
This allows us to produce releases that are roughly a third in
size, have no limitation on path length, and are still readable
by all supported platforms.
2016-06-15 18:53:34 +02:00
Daniel P. Berrange 8dfb796080 Use @SYSTEM priority for TLS on Fedora >= 21
In Fedora >= 21, there is a new crypto priority framework
that sets TLS policies globally for all apps. To activate
this with GNUTLS we must request "@SYSTEM" instead of
the traditional "NORMAL" string. The '@' causes gnutls todo
a lookup in its config file for the 'SYSTEM' keyword entry.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-08 13:48:46 +01:00
Daniel P. Berrange c0bc172383 systemd: directly notify systemd instead of using sd_notify
The sd_notify method is used to tell systemd when libvirtd
has finished starting up. All it does is send a datagram
containing the string parameter to systemd on a UNIX socket
named in the NOTIFY_SOCKET environment variable. Rather than
pulling in the systemd libraries for this, just code the
notification directly in libvirt as this is a stable ABI
from systemd's POV which explicitly allows independant
implementations:

See "Reimplementable Independently" column in the
"$NOTIFY_SOCKET Daemon Notifications" row:

https://www.freedesktop.org/wiki/Software/systemd/InterfacePortabilityAndStabilityChart/

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1314881

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-07 09:37:57 +01:00
Cole Robinson e9ef4dfac8 spec: Advertise nvram paths of official fedora edk2 builds
Fedora now ships edk2 firmware in its official repos, so adapt
the nvram path list to match. Eventually we can remove the nightly
links as well once some integration kinks have been worked out,
and documentation updated.

Move the macro building into the %build target, which lets us
build up a shell variable and make things a bit more readable

https://bugzilla.redhat.com/show_bug.cgi?id=1335395
2016-05-27 12:53:50 -04:00
Cole Robinson 90f9193cff spec: Remove %defattr usage
It was only needed for rpm versions that are much older than our
minimally supported distro

Some more details here: https://fedorahosted.org/fpc/ticket/77
2016-05-17 11:34:47 -04:00
Erik Skultety df4d908d30 spec: Fix broken indentation reported by syntax-check
syntax-check complained about broken indentation in libvirt.spec.in which was
broken by commit 3694e038

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-11 20:03:57 +02:00
Daniel P. Berrange 7375948933 libvit.spec.in: Add missing BuildRequires against sheepdog
We were adding a sheepdog requirement at runtime, but forgetting
to turn it on at build time, so the underlying code was never
built.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:38 +01:00
Daniel P. Berrange f008d918ad libvirt.spec.in: remove all changelog entries
The %changelog entries in the RPM are just a poor immitation
of the release notes, which is not what %changelog section
is for. It should be reflecting changes in the RPM packaging,
not changes in the application releases. Further, this bogus
list of changes has to be manually deleted every time we sync
the RPM with Fedora. Remove them, since they serve no useful
purpose.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:38 +01:00
Daniel P. Berrange c3b1c51ed5 libvirt.spec.in: use explicit --with-xxx for all features
Rather than letting the configure script auto-detect features
we expect, use --with-xxx to explicitly mandate them. This
ensures that we get an error upfront when running configure,
rather than a failure later during build or RPM file packaging
time.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:38 +01:00
Daniel P. Berrange 4cc7c987c2 libvirt.spec.in: remove nss plugin conditional
Both RHEL and Fedora build the nss plugin at all times.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:38 +01:00
Daniel P. Berrange 5097fef87d libvirt.spec.in: remove libnl conditional
Both RHEL and Fedora build with libnl3 at all times.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:38 +01:00
Daniel P. Berrange 2c14e90d61 libvirt.spec.in: remove macvtap conditional
Both RHEL and Fedora build with macvtap at all times.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:38 +01:00
Daniel P. Berrange 4c6c4ca40e libvirt.spec.in: remove libpcap conditional
Both RHEL and Fedora build with libpcap at all times.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:38 +01:00
Daniel P. Berrange 01e681c49f libvirt.spec.in: remove nwfilter driver conditional
Both RHEL and Fedora build with the nwfilter driver enabled
at all times

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:38 +01:00
Daniel P. Berrange c8bcff8143 libvirt.spec.in: remove nodedev conditional
Both RHEL and Fedora build with the nodedev driver enabled
at all times.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:38 +01:00
Daniel P. Berrange a659559bb0 libvirt.spec.in: remove most storage conditionals
Both RHEL and Fedora build with the storage driver and
most of its sub-drivers enabled at all times.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:38 +01:00
Daniel P. Berrange 3e4009752f libvirt.spec.in: remove network driver conditiaonl
Both RHEL and Fedora build with the network driver
enabled at all times.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:38 +01:00
Daniel P. Berrange d8a9ae98ca libvirt.spec.in: remove interface driver conditional
Both RHEL and Fedora build with the interface driver
enabled at all times.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:38 +01:00
Daniel P. Berrange 24553e174c libvirt.spec.in: remove selinux conditional
Both RHEL and Fedora build with selinux enabled at all
times.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:38 +01:00
Daniel P. Berrange 46c81bc42a libvirt.spec.in: remove yajl conditional
Both RHEL and Fedora build with yajl enabled at all times.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:38 +01:00
Daniel P. Berrange a770e90809 libvirt.spec.in: remove polkit conditional
Both RHEL and Fedora build with polkit enabled at all
times.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:38 +01:00
Daniel P. Berrange e0db77c38e libvirt.spec.in: remove sasl conditionals
Both RHEL and Fedora build with sasl enabled at all times.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-05-11 16:42:37 +01:00