The customize module includes an --selinux-label option which can run
'fixfiles restore' (on most SELinux guests) or set /.autorelabel (on
some older ones).
Commit 49014f81f3 renamed the old
--selinux-label option to --autorelabel, but note this was not
included in a stable version of libguestfs.
Note this change leaves a bunch of now redundant code for detecting if
we created a new file in the guest.
Split virt-builder into build and customize steps, so that we can spin
off a separate tool called 'virt-customize'. This commit does not in
fact create such a tool, but it moves all the common code into a
library, in the customize/ subdirectory of the source.
Although this is mostly refactoring, it does change the order in which
virt-builder command line arguments are processed, so they are now
processed in the order they appear, not the inflexible fixed order
used before.
Previously we ran them in essentially a random order, although it
might have looked alphabetical in some cases because the modules are
loaded in order.
This changes podwrapper so that the input (POD) files should not
contain an =encoding directive. However they must be UTF-8.
Podwrapper then adds the '=encoding utf8' directive back during final
generation.
This in particular avoids problems with nested =encoding directives in
fragments. These break POD, and are undesirable anyway.
Since virt-sysprep tends to delete a lot of files, adding discard
support to it makes some sense.
Note that this probably won't have any effect for most filesystems
since:
(a) ext4 mounts also need to use -o discard,
(b) ext4, and maybe others, require you to call fstrim explicitly,
they don't discard automatically (except for userspace tools like
mkfs.ext4 but that doesn't apply in this case).
virt-builder added a --selinux-relabel option with a slightly
different meaning.
This commit keeps the old --selinux-relabel / --no-selinux-relabel
options in virt-sysprep, but deprecates them and replaces them with
--autorelabel and --no-autorelabel.
The whole "COPYING AND CLONING" section really needs to be overhauled
too, but first we need to make virt-builder work properly for
customizing templates.
virt-builder and virt-sysprep may make use of
Common_utils.string_random8 (which uses Random.int) for constructing
temporary paths; not initialising the random generator means that every
invocation will reuse the same name used previously (!).
Thus just call Random.self_init, just like virt-sparsify already does.
Expand the test-virt-sysprep-script.sh test to ensure that virt-sysprep
is not affected again by this issue.
Previously callbacks would return a list of flags, such as []
or [`Created_files].
In this commit we introduce two new objects, filesystem_side_effects
and device_side_effects (the latter is not used yet).
The callbacks that create files now need to call
side_effects#created_file ()
instead of returning flags.
There is no functional change in this patch.
Add a new --operation parameter which, similarly to --enable, can be
used to enable operations, but also to remove them, and to add/remove
the default operations and all the available ones.
This allows you to select both locked accounts and disabled
passwords. The two are subtly different concepts.
A locked account [cf. passwd -l] puts "!!" at the beginning of the
shadow password field. Locking is reversible, because the "!!" can
be removed, restoring the original password. Therefore "locked"
acts as a flag in front of an existing selector.
A disabled account has "*" in the password field. Therefore it has no
password.
Note that an account may be both locked and disabled, although this is
probably not useful. The shadow password field will contain "!!*".
It now appears in the respective man pages as:
--root-password selector
or:
--password selector
This avoids confusion from people who think these command line options
take the password directly.
OCaml's buffered 'in_channel' has a 64k buffer, so using it to read a
few bytes from /dev/urandom removes a lot of the system's entropy (for
example /proc/sys/kernel/random/entropy_avail goes from ~3000 to 128).
This patch was originally by Edwin Török for builder.ml. I
generalized it because there are two other places where we did
over-sized reads from /dev/urandom.
Removing this directory breaks Ubuntu guests.
This change adds a utility function which removes only files from a
directory. This is a safer way to clean cache directories etc.
$ virt-sparsify a a
virt-resize: error: you cannot use the same disk image for input and
output
If reporting bugs, run virt-resize with the '-d' option and include the
complete output.
Note (a) it assumes the program is called "virt-resize" which it
isn't, and (b) it assumes the program has a debug option -d which it
doesn't.
This commit changes the error message and adds a -v option to
virt-resize.
We have to include the right header so that guestfs___free_string_list
is declared. Unfortunately that means ensuring -I src is passed to
the compiler in every tool subdirectory.
Also fix (bogus) compiler warning about incorrect type of the
parameter to caml_copy_string_array.
