Require qemu >= 1.3.0, the first version that supported
`qemu-img --output=json'.
This means we require yajl (for parsing the JSON output of qemu-img),
and that in turn has consequences elsewhere.
It's a bitmask, so unsigned is the right choice. eg. We can more
easily print it using %x.
This patch changes the size of the fd mask and the values of the
COMMAND_FLAG_* constants, but since these are internal definitions
that doesn't matter.
- add a flag to request chroot for the process, which is done only as
very last (before chdir) operation before exec'ing the process in the
child: this avoids using CHROOT_IN & CHROOT_OUT around command*
invocations, and reduces the code spent in chroot mode
- add failure checks for dup2, open, and chdir done in child, not
proceeding to executing the process if they fail
- open /dev/null without O_CLOEXEC, so it stays available for the
exec'ed process, and thus we don't need to provide an own fd for stdin
Followup of commit fd2f175ee7, thanks also
to the notes and hints provided by Mateusz Guzik.
When running commands in the mounted guest (using the "command" API, and
APIs based on it), provide the /dev/null from the appliance as open fd
for stdin. Commands usually assume stdin is open if they didn't close
it explicitly, so this should avoid crashes or misbehavings due to that.
When a disk image uses LVM thinp (thin provisioning), the guestfs_lvs
API would return the thinp pools. This confused other APIs because
thinp pools don't have corresponding /dev/VG/LV device nodes.
Filter the LVs that are returned using "lv_role=public".
Thanks: Fabian Deutsch
I enabled the -Wshadow warning temporarily in order to do these fixes,
but had to disable it again afterwards. The reason is that this warns
about shadowing globals, which is sort of a good thing, but because we
have a global called "verbose" just about everywhere, and at the same
time we baked a function argument called "verbose" into several
unchangable APIs, well, we're stuck without being able to use this
warning.
This seemingly redundant change avoids a gcc warning/error:
error: cannot optimize possibly infinite loops
See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=34114#c3 and
following for an explanation.
Of course gcc is completely wrong and stupid here, because there's no
possibility on current or future hardware that an array of size
SSIZE_MAX could be allocated since it would by definition occupy at
least all addressible memory (if it was an array of bytes, which this
isn't), leaving no room for the code that is being compiled.
Refactor the internal_feature_available to return the result for just
one group, so it is easier to know on the library side what was the
actual error, and which group refers to; drop internal_available, as no
more needed after this.
On the library side, implement in available and feature_available the
real logic to iterate through the requested group, and error out or
return whether the groups are available. This also introduces caching
for the features, so each needs to be queried just once in each
appliance run.
The result of this is that there should be much less communication with
the daemon to know about available features; the downside is that
queries for more than one group at once, not already cached, will be
cause more queries to the daemon.
Rename the current available and feature_available into internal daemon
functions, and provide non-daemon functions wrapping them at library
side. This will make it possible to e.g. add caching for them.
Should be only refactoring, no actual behaviour change.
Remove man pages and other pages which 'make clean' did not remove
before.
To evaluate which pages could be removed, I did a full build and
check, and then ran 'make clean' followed by 'git clean -xdf'. By
examining the output of the git clean command I could see which files
were being missed.
Files that are _not_ removed by make clean or make distclean:
- generator-built files
- Makefile, Makefile.in, .deps, .depend
- any ./configure output files (maybe they should be?)
Move the random set of HTML files we build from html/ into
the website/ directory.
Also in the website/ directory, put the index.html file from
http://libguestfs.org, which was previously not under version control.
It is generated from index.html.in so we can automatically add the
current version and release date.
Also in the website/ directory, put various CSS file, images, etc.
which are required by the website and were also previously not under
version control.
Change the 'make website' rule to 'make maintainer-upload-website'.
As the name suggests, it is only useful for the maintainer, and will
fail with an error for anyone else.
There is GUESTFSD_EXT_CMD defining a string for udevadm (so it is marked
as "used tool" in the appliance), but it is not actually used when
starting udevadm.
There should be no behaviour change.
We don't support RHEL 5 upstream (see the 'oldlinux' branch for a
version that works with RHEL 5). Therefore remove a bunch of hacks
that were only needed on RHEL 5.
Because of previous automated commits, such as changing 'guestfs___'
-> 'guestfs_int_', several function calls no longer lined up with
their parameters, and some lines were too long.
The bulk of this commit was done using emacs batch mode and the
technique described here:
http://www.cslab.pepperdine.edu/warford/BatchIndentationEmacs.html
The changes suggested by emacs were then reviewed by hand.
If either zcat or cpio fails when spawned in initrd-list, pclose will
return the actual return value of it, but reply_with_perror still uses
errno regardless; thus, the reported error is:
libguestfs: error: initrd_list: pclose: Success
which is not much helpful.
Instead, when pclose returns > 0, extract the actual return value of the
subprocess, and print that. Thus now we get for example:
libguestfs: error: initrd_list: pclose: command failed with return code 1
Updating gnulib has caused -Wformat-signedness to be enabled. This
has revealed many problems in C format strings. The fixes here fall
into the following main categories:
- Using %d with an unsigned parameter.
- %x and %o expect an unsigned argument.
- uid_t and gid_t are unsigned on Linux. The safe way to print these
is to cast them to uintmax_t and then print them using the %ju
modifier (see http://stackoverflow.com/a/1401581).
- Using %d to print an enum. Since enums may be either char or int,
I fixed this by casting the enum to int.
- strtol_error & lzma_ret are both unsigned types.
This refines the previous commit by shutting down the daemon cleanly
at the end of the test (assuming the test was successful). It
repurposes the 'internal_exit' API for this, which was previously used
by the now defunct --enable-valgrind-daemon functionality.
Instead of parsing /proc/cmdline from the daemon, move all of that
parsing into the init script, and pass the argument via the daemon
command line.
For example, previously the daemon and init script both looked for
guestfs_network=1 in /proc/cmdline. Now the init script still looks
for it, and if found it runs `guestfsd --network'.
This option, used for testing, causes the daemon to create the Unix
domain socket (from guestfs_channel), listen on it, and accept a
single connection.
