Pass to --commands-from-file the name of a file containing customization
commands in each line, as if they were specified as command line
arguments.
This eases the reuse of commands among different
builder/customize/sysprep invocations.
Just like --long-options, it makes it possible to know which short
options are supported by each tool; this can help improving the bash
completion, for example.
Commit fd70cdc3c5 passes the -annot flag
to the compiler, generating *.annot files (containing type information
used by emacs and IDEs). Remove these files when doing 'make clean'.
Hardcoding -ltinfo breaks on distros that do not build the sep library
(which is the default ncurses behavior). Use pkg-config to look up the
right libraries regardless of how the distro built things.
In tools except guestfish, we don't use ncurses, or even curses, just
2 termcap functions and a global variable. These are provided by
libtinfo, so just link to that.
In guestfish we use readline which needs ncurses. Leave that alone.
If a script does not finish, hangs, etc, it would be executed again at
the next boot, since the injected firstboot.sh helper removes it only
after it finished.
Before executing a script, move it to another internal subdirectory
(scripts-done) and execute it from there, so it is not run again by
firstboot.sh. The downside is that now scripts are executed only once
at all, so if a script fails it will not be attempted at the next boot.
Also, remove all the files found in scripts-done, as they have been run
(or at least attempted) in a previous boot.
This fixes RHBZ#1159651.
This adds a customize option:
virt-customize --ssh-inject USER
virt-customize --ssh-inject USER:string:KEY_STRING
virt-customize --ssh-inject USER:file:FILENAME
(ditto for virt-builder and virt-sysprep)
In each case this injects into the guest user USER
a) the current (host) user's ssh pubkey
b) the key specified as KEY_STRING
c) the key in FILENAME
adding it to ~USER/.ssh/authorized_keys in the guest.
For example:
virt-builder fedora-20 --ssh-inject root
will add the local user's ssh pubkey into the root account of the
newly created guest. Or:
virt-customize -a disk.img \
--ssh-inject 'mary:string:ssh-rsa AAAA.... mary@localhost'
adds the given ssh pubkey to mary's account in the guest.
This doesn't set the SELinux labels correctly on newly created files
and directories, so you have to use --selinux-relabel (probably we
should fix this as part of the general effort to fix SELinux
relabelling). However it should preserve the labels if the
~/.ssh/authorized_keys file already exists.
Most of this work is based on a patch sent to the mailing list by
Richard W.M. Jones <rjones@redhat.com>:
https://www.redhat.com/archives/libguestfs/2014-November/msg00000.html
Add a Customize_utils module. This contains common error/warning/info
functions, and also quote = Filename.quote.
Examine every existing call to printf/eprintf and change where
necessary so that:
- error is used instead of eprintf + exit 1
- warning no longer needs ~prog argument (it is added by Utils module)
- any verbose output should go to stdout, not stderr
- info is used to print general informational messages
Also, don't pass ~prog parameter around. Instead we just get it from
the executable name.
uri-c.c and perl_edit-c.c end up (directly or indirectly) including
guestfs-internal-frontend.h, which in turns includes libvirt/libvirt.h;
hence, make sure to use the libvirt CFLAGS.
When saving a configuration file, Augeas creates a new file and
replaces the old one with it; this creates a /etc/shadow file without
the SELinux xattrs, since they are missing.
Thus, create a temporary file with all the attributes of /etc/shadow, so
all the attributes of it (permissions and xattrs, among others) can be
restored properly on the new /etc/shadow.
As side effect, if a guest is already properly SELinux-labelled, then
there should be no more need to relabel it to make sure /etc/shadow
still has the right SELinux xattrs.
All tests run under the ./run binary. For a long time the ./run
binary has set the $PATH environment variable to contain all of the
directories with binaries in them.
Therefore there is no reason to use ../fish/guestfish instead of just
plain guestfish (and the same applies to other built binaries).
In most C tools, virt-sysprep and virt-customize, you have to put the
--format parameter before the corresponding -a parameter. ie. The
following is correct:
guestfish --format qcow2 -a disk1 -a disk2
But the following is incorrect. The --format parameter is dangling
and prior to this commit would have been silently ignored:
guestfish -a disk1 -a disk2 --format qcow2
After this change, dangling --format parameters now lead to an error:
guestfish: --format parameter must appear before -a parameter
In virt-customize, also check that --attach-format parameter appears
before --attach parameter.
Thanks: Lingfei Kong
When setting the password for a locked account, make sure to still write
the password after the "!!" marker, otherwise the account will have no
password.
In v2v, 'stringMap.ml' has no corresponding *.mli file. ocamldep does
not generate a *.cmi dependency for such modules, and this can result
in parallel builds failing rarely because:
(1) stringMap.ml is built (which has the side-effect of generating
stringMap.cmi)
(2) at the same time, types.mli is compiled. types.mli depends on
stringMap.cmi, but it is half way through being created by (1).
There is no dependency to serialize (1) and (2).
The resulting error is:
File "types.mli", line 1:
Error: Corrupted compiled interface
stringMap.cmi
Using 'ocamldep -all' generates extra deps for the *.cmi files, and
otherwise appears to be safe, so use it.
There are currently a few upstream OCaml bugs with dependencies and
parallel builds:
http://caml.inria.fr/mantis/view.php?id=3190http://caml.inria.fr/mantis/view.php?id=4991http://caml.inria.fr/mantis/view.php?id=5000
It's not clear which of these apply here.
The C code didn't have -Werror enabled (when configured) and didn't
enable the full set of warnings we would want.
However OCaml-C bindings commonly declare functions which are
called directly from OCaml, eg:
external parse_memory : string -> doc = "v2v_xml_parse_memory"
value v2v_xml_parse_memory (value xmlv)
These do not require prototypes as no other C code will call them, so
we have to switch off the GCC -Werror=missing-prototypes flag for
these files.
Also fixes some confusion between _CPPFLAGS and _CFLAGS.
In OCaml 4.02, the 'string' type can be made immutable. All String.*
functions that are concerned with creating or mutating strings now
give a warning like this:
Warning 3: deprecated feature: String.unsafe_set
Disable this warning since we don't want to turn on immutable strings
yet.
virt-customize:
virt-sparsify:
virt-sysprep:
virt-v2v:
- These tools consistently used -v to mean verbose/debugging
and -x to mean enable libguestfs tracing.
virt-builder:
virt-resize:
- These two tools did not recognize -x at all, and used -v
to enable libguestfs tracing and general debugging.
- This commit changes these two tools to consume -v/-x
consistently with the other tools.
Unfortunately this has a cascade of effects through the code.
So far, passwords in URLs (eg http://user:password@host..) have been
handled as part of the username, and thus passing
add-drive path username:username:password ...
instead of
add-drive path username:username secret:password ...
Fix the parsing of URLs to handle passwords as separate elements,
properly passing it as "secret" parameter for add-drive, and properly
readd it when building URLs in the direct backend.
Furthmore, to keep curl- and ssh-based qemu drivers working with
authenticated resources, make sure they can accept secrets.
Reported in comment #1 of RHBZ#1092583.
The OCaml compiler isn't happy when two modules have the same name in
different directories. Since customize/ contains a library of modules
used in other directories, and since those directories may have
main.ml files too, we need to rename 'customize/main.ml' to
'customize/customize_main.ml'.
This adds the following options to virt-customize:
--attach
--attach-format
-m / --memsize
--network / --no-network
--smp
This fixes commit 2b208d84db.
