Commit 133a491677 ("Use guestfsd binary to auto-generate library
dependencies for appliance", October 2020) removed explicit
dependencies for various system packages that the daemon links
directly to, ie. all of these libraries:
$ objdump -p daemon/guestfsd | grep NEEDED | sort
NEEDED libacl.so.1
NEEDED libaugeas.so.0
NEEDED libcap.so.2
NEEDED libc.so.6
NEEDED libgcc_s.so.1
NEEDED libhivex.so.0
NEEDED libjansson.so.4
NEEDED libm.so.6
NEEDED libpcre2-8.so.0
NEEDED librpm.so.9
NEEDED libselinux.so.1
NEEDED libsystemd.so.0
NEEDED libtirpc.so.3
(plus libyara which I don't have installed.)
This avoids having to update these dependencies if they change, eg.
when we switched from PCRE to PCRE2 we did not need to update this
file.
However the same commit also incorrectly removed two apparent library
packages (libldm, libxml2) which the daemon does not link to, but
which we'd like to pull in because of tools they provide, in
particular ldmtool.
Re-add those two explicit dependencies.
Fixes: commit 133a491677
Many warnings such as:
src/session.c: In function 'guestfs_session_internal_test_rstruct':
src/session.c:14755:7: warning: the comparison will always evaluate as 'true' for the address of 'pv_uuid' will never be NULL [-Waddress]
14755 | if (ret->pv_uuid) memcpy (s->pv_uuid, ret->pv_uuid, sizeof (s->pv_uuid));
| ^~~
In file included from src/session.c:40:
../include/guestfs.h:551:8: note: 'pv_uuid' declared here
551 | char pv_uuid[32]; /* this is NOT nul-terminated, be careful when printing */
| ^~~~~~~
Deprecation warnings include:
src/optargs-xfs_growfs.c: In function 'guestfs_xfs_growfs_init':
src/optargs-xfs_growfs.c:311:13: warning: Deprecated pre-processor symbol: replace with "G_ADD_PRIVATE"
311 | o->priv = GUESTFS_XFS_GROWFS_GET_PRIVATE (o);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This is based on the same change made here:
https://github.com/nzjrs/osm-gps-map/pull/78/files
setenv can call malloc and is not safe to call here. Glibc is usually
tolerant of this and we haven't had problems before, but if you use
GLIBC_TUNABLES glibc.malloc.check=1 (or any alternate malloc / libc
which serializes) then you would see hangs if starting multiple
libguestfs handles from different threads at the same time.
This commit also updates the common submodule to pick up:
commit 3c64bcdeaf684f05f46f3928b55aadafdfe72720
Author: Richard W.M. Jones <rjones@redhat.com>
Date: Fri Oct 14 11:07:21 2022 +0100
utils: Add function for copying the environment and adding new entries
libguestfs is currently calling setenv at an unsafe location between
fork and exec. To fix this we need a way to copy and modify the
environment before fork and then we can pass the modified environ to
execve-like functions. nbdkit already does the same so use that code.
This function is copied and adapted from here under a compatible license:
https://gitlab.com/nbdkit/nbdkit/-/blob/master/common/utils/environ.c
Thanks: Siddhesh Poyarekar
Downstream patched openssl in Fedora 37+ broke unless
/etc/crypto-policies/back-ends/opensslcnf.conf is present. Files in
this directory are generated by %post rules that use scripting
languages so cannot easily be created by supermin.
Add a symlink to the DEFAULT policy file if the configuration file
doesn't exist.
A symptom of this problem is the error:
Requested hash sha256 is not supported.
Failed to set pbkdf parameters.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2133884
Updates: commit d6ba398825
Downstream patched openssl in Fedora 37+ broke unless
/etc/crypto-policies/back-ends/opensslcnf.conf is present. Files in
this directory are generated by %post rules that use scripting
languages so cannot easily be created by supermin.
Force a copy of the host files into the appliance. This is not ideal
and is hopefully a temporary fix until Fedora's openssl is fixed.
A symptom of this problem is the error:
Requested hash sha256 is not supported.
Failed to set pbkdf parameters.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2133884
If the LVM ("lvm2") feature is not available, these calls would fail.
Really they ought to be part of the "lvm2" optgroup which would cause
the generator to call reply_with_unavailable_feature and generate the
correct ENOTSUP error. When vgscan was originally added in 2010 it
was not added to the optgroup, and when lvm_scan was later added in
2018 and deprecating vgscan, the same mistake was copied.
Before this commit they will try to run the lvm pvscan command which
will fail returning some other error (instead of ENOTSUP).
Fix this by turning the calls into no-ops if the LVM feature is not
available, since scanning for LVM objects when there is no LVM can be
safely turned into a no-op.
See also
https://listman.redhat.com/archives/libguestfs/2022-September/thread.html#29908
Also this updates the common module to pick up a related fix:
commit 4b4a5b84647b1496d034bcdff910930ca5f5c486
Author: Richard W.M. Jones <rjones@redhat.com>
Date: Fri Sep 23 15:18:43 2022 +0100
options: Don't attempt to scan LVs if "lvm2" feature is not available
Reported-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Fixes: 55dfcb2211 ("New API: lvm_scan, deprecate vgscan")
Fixes: 9752039e52 ("New API: vgscan")
gnulib itself has a replacement for <unistd.h> which redefines pipe2
as rpl_pipe2 (etc), which is why the apparently recursive call in the
implementation of pipe2 isn't actually recursive. Since I didn't copy
that file, none of that worked and instead on platforms which have
pipe2 it recursed.
Reported-by: Laszlo Ersek
Fixes: commit 908e41e556
commit 9d40590852e0755d4719adf97122758fa98e90f9
Author: Richard W.M. Jones <rjones@redhat.com>
Date: Tue Aug 16 16:19:29 2022 +0100
options/decrypt.c: Ignore #pragma GCC with clang
Added in 2021 as a workaround for GCC 11 and since fixed upstream.
On macOS (clang):
tilde.c:43:32: error: unknown warning group '-Wanalyzer-null-argument', ignored [-Werror,-Wunknown-warning-option]
^
tilde.c:86:32: error: unknown warning group '-Wanalyzer-null-argument', ignored [-Werror,-Wunknown-warning-option]
^
2 errors generated.
These were added for GCC 11. The problem has been fixed in GCC 12.
On macOS (clang) these produced errors like this:
tsk.c:75:32: error: unknown warning group '-Wanalyzer-file-leak', ignored [-Werror,-Wunknown-warning-option]
^
On macOS, several pages of errors like:
In file included from readdir.c:26:
/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include/rpc/xdr.h:126:3: error: type name requires a specifier or qualifier
bool_t (*x_getlong)(struct __rpc_xdr *, int *);
^
launch.c:191:3: error: implicit declaration of function 'sigemptyset' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
sigemptyset (&sigset);
^
launch.c:192:3: error: implicit declaration of function 'sigaddset' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
sigaddset (&sigset, SIGTERM);
^
launch.c:193:3: error: implicit declaration of function 'sigprocmask' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
sigprocmask (SIG_UNBLOCK, &sigset, NULL);
^
3 errors generated.
commit 1bf092f3c22e93c152de9dea3f5c13df23dc571c
Author: Richard W.M. Jones <rjones@redhat.com>
Date: Tue Aug 16 15:08:40 2022 +0100
utils: Include <stdio.h> for FILE*
These were added in libguestfs 1.14, but never really used. Only a
handful of probes were available. When I was benchmarking libguestfs
in 2016 I didn't even use these probes because better/simpler
techniques were available.
The macOS rpcgen actually generates calls to xdr_uint64_t but doesn't
define them. Despite this we can just use xdr_int64_t instead since
it's just byte swapping.
We have traditionally used custom printf formatters %Q and %R, where
%Q replaces the argument with a shell-quoted string, and %R replaces
the argument with a sysroot-prefixed shell-quoted string. They are
actually pretty useful, but unfortunately only supported by glibc.
We only used them in about a dozen places in the daemon (much code
having been replaced by OCaml which does not need them).
In every remaining case we were constructing a command using code like
this:
asprintf_nowarn (&cmd,
"cd %Q && find -print0 | %s -0 -o -H %s --quiet", ...);
We can replace this with:
char *cmd;
size_t cmd_size;
fp = open_memstream (&cmd, &cmd_size);
fprintf (fp, "cd ");
shell_quote (dir, fp);
fprintf (fp, " && find -print0 | %s -0 -o -H %s --quiet", ...);
fclose (fp);
This code is attempting to construct a grub-install command like:
grub-install --root-directory=/sysroot/boot /dev/sda
In fact it was adding quoting to the --root-directory parameter where
it was not needed (because our "command" function uses exec).
Remove use of %R here (to avoid the extra quoting) and just use the
sysroot prefix directly.
This is required so we can determine the file architecture of
zstd-compressed Linux kernel modules as used by OpenSUSE and maybe
other distros in future.
Note that zstd becomes a required package, but it is widely available
in current Linux distros.
The package names come from https://pkgs.org/download/zstd and my own
research.
OCaml is required to compile libguestfs, however we should still be
able to disable the OCaml bindings. This didn't work because using
--disable-ocaml caused various configure tests to be skipped which are
required to compile the daemon. In particular the check for
caml_alloc_initialized_string, resulting in this error:
pcre-c.c:47:1: error: static declaration of ‘caml_alloc_initialized_string’ follows non-static declaration
caml_alloc_initialized_string (mlsize_t len, const char *p)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Also OCaml gettext is not required by libguestfs. There are no *.ml
files used by libguestfs which require translation.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2108425
Fixes: https://bugs.gentoo.org/820053
Fixes: commit 733d2182b6
qemu (7.0) does not support -cpu max for TCG.
Note this change is necessary but not sufficient for getting
libguestfs to run on RISC-V, because there is also currently no
working path to make -kernel work.
Previously we noted in a comment that stat("hello.txt") is cached (and
not called again), so the test of the link count failed. Something
has changed, possibly in the kernel, but it results in even more
aggressive caching so that an earlier, similar test also fails in the
same way. I checked by enabling debugging that the stat call doesn't
result in guestfs_lstatns being called, and the old value for the
statbuf was being returned.
Call the C-language helper key_store_requires_network() in guestfish and
guestmount.
(Short log for the "common" submodule, commit range
35467027f657..af6cb55bc58a:
Laszlo Ersek (12):
options: fix UUID comparison logic bug in get_keys()
mltools/tools_utils: remove unused function "key_store_to_cli"
mltools/tools_utils: allow multiple "--key" options for OCaml tools too
options: replace NULL-termination with number-of-elements in get_keys()
options: wrap each passphrase from get_keys() into a struct
options: add back-end for LUKS decryption with Clevis+Tang
options: introduce selector type "key_clevis"
options: generalize "--key" selector parsing for C-language utilities
mltools/tools_utils-c: handle internal type error with abort()
mltools/tools_utils: generalize "--key" selector parsing for OCaml utils
options, mltools/tools_utils: parse "--key ID:clevis" options
options, mltools/tools_utils: add helper for network dependency
).
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
Message-Id: <20220630122048.19335-4-lersek@redhat.com>
