Always close the file (ignoring its result) after a parsing, and cleanup
the parse_context object before any exit().
This eases the debugging of memory issues in the actual parser.
This changes podwrapper so that the input (POD) files should not
contain an =encoding directive. However they must be UTF-8.
Podwrapper then adds the '=encoding utf8' directive back during final
generation.
This in particular avoids problems with nested =encoding directives in
fragments. These break POD, and are undesirable anyway.
Switch the lex/yacc parser into reentrant mode, to ease the handling of
parsing-specific data; introduce a new parser_context struct for that,
which is added as extra data to the parser.
This should cause no behaviour changes in the parsing, just no more
global variables used for getting data in/out the parser.
So far the failure of some test would have not reported a non-zero
return value by run-tests.php. Since now all the PHP tests pass, we can
ask for failures to be fatal, by exporting REPORT_EXIT_STATUS=1 for
run-tests.php.
We have generally forbidden declaration-after-statement in our code
(although there are plenty of places that do it). In any case this
warning is not in the default set, so we don't need to turn off the
warning.
RHEL 6-era bash cannot handle the multi-line $(...) expression in the
original code. Rewrite the test so it is semantically the same but
doesn't have the expression that old bash can't handle.
The output of test-virt-rescue.pl contains non-ASCII chars which give
troubles when being XSLT-transformed, so just avoid its output to leave
the rest of the resulting XML well-formed.
If the RUN_OUTPUT_FILE environment variable is set, "run" will output
to the file indicated by that snippets of XML with the results and
outputs of the tests run.
Together with the run-xml-to-junit.sh (and its associated
run-xml-to-junit.xsl style sheet) it is possible to convert that output
file to a jUnit-like XML file, which could be used in CI systems.
It's reasonable to expect megabytes will be freed up and given back to
the host. Previously we just tested that at least 1 block was
released. This test checks that at least 1000 blocks are released
(since stat(2) returns blocks of 512 bytes: 512 bytes * 1000 = approx 0.5 MB).
Properly initialize the variables for them to NULL, so there is no crash
because of trying to use rubbish pointers.
Kind of followup of commit 289fd29f0b.
Since the default PHP test runner ignores a good number of environment
variables to potentially tampering the test suite execution, create a
custom php-for-tests.sh script which does nothing more than sourcing the
custom environment that our run-php-tests.sh outputs and running the
actual "php" executable (the one found by configure).
This fixes the loading of the guestfs_php.so module in the test suite,
as the libguestfs.so.0 library can be found by that module.
Commit 71dfd73042 broke 'make clean' in
the appliance subdirectory, so it would remove all the supermin.d/*
files, but without removing stamp-supermin so you couldn't rebuild
supermin.d/ with a 'make' afterwards.
In any case, 'make clean' is not supposed to delete the appliance
(which is expensive to rebuild).
Fix this so that 'make clean' doesn't remove supermin.d/* files.
'make distclean' can be used to delete this, and since it also removes
stamp-supermin, it will be recreated properly by 'make'.
Since virt-sysprep tends to delete a lot of files, adding discard
support to it makes some sense.
Note that this probably won't have any effect for most filesystems
since:
(a) ext4 mounts also need to use -o discard,
(b) ext4, and maybe others, require you to call fstrim explicitly,
they don't discard automatically (except for userspace tools like
mkfs.ext4 but that doesn't apply in this case).
Allow callers to specify that all the disks from a domain are added
with a specific cachemode (instead of always having to use the
default, writeback).
This adds a discard parameter to guestfs_add_drive_opts which
approximately maps to the discard=ignore|unmap parameter supported by
qemu.
If discard is set to "enable" then we force discard=unmap (and try to
fail if it is not possible). If discard is set to the more useful
"besteffort" option, then we enable discard if possible. The default
is "disable".
Add the possibility to choose which architecture use to build the wanted
image (--arch). Since this implies that running commands on the guest is
usually not possible when the architecture is different than the host
one, virt-builder will nevertheless try to check whether the host is
compatible with the guest, allowing to run commands only in that case.
The caching scheme is adapted to account for the architecture (with
--print-cache showing the architecture as well).
Group together all the various parameters (except the guestfs handle)
passed to the create_drive_*, to avoid passing all of them at every
function call.
This is mostly an internal refatoring with no behaviour change.
RWMJ:
- Patch taken from Debian downstream package.
- The default in the original patch was to disable the tests. I have
changed this to default to enable them instead.
- Removed AC_SUBST as the variable was not being used.
If appliance is disabled, the whole appliance/ subdirectory is
skipped.
If appliance is enabled, we can assume that the daemon is enabled too
(see previous commit) so we don't need the conditional code. That
conditional code didn't work since the supermin 5 rewrite.
See top of configure.ac:
> # NB: AC_CHECK_PROG(S) or AC_PATH_PROG(S)?
> # Use AC_CHECK_PROG(S) for programs which are only used during build.
> # Use AC_PATH_PROG(S) for program names which are compiled into the
> # binary and used at run time. The reason is so that we know which
> # programs the binary actually uses.
/proc/sys/kernel/hotplug is an obsolete interface for processing
hotplug events. It is not used by modern kernels, which should set
this path to the empty string (because they have
CONFIG_UEVENT_HELPER_PATH="").
Unfortunately our udev initialization code did:
echo -e '\000\000\000\000' > /proc/sys/kernel/hotplug
which was intended to set this file to \0 bytes. However on Debian,
where /bin/sh is "dash", not "bash", this writes "-e" to this file,
which breaks udev events.
Thanks: Peter Rajnoha for solving this.
https://bugzilla.redhat.com/show_bug.cgi?id=1020806#c10
Update the documentation according to the new .conf files structure, the
drop of VIRT_BUILDER_SOURCE and VIRT_BUILDER_FINGERPRINT, the drop of
hardcoded source and its key, etc.
Sigchecker can still import keys from the user's keyring, so there is no
need to hardcode fingerprint and key of the index hosted on
libguestfs.org (which is now pointed to using a .conf file).
Drop these two environment variables, and the implicit hardcoded source
hosted at libguestfs.org.
This means all the sources must be provided as .conf files, or at each
invocation with --source.
Introduce and use simple .conf files to configure the sources of indexes
for virt-builder. The location of these files is in XDG_CONFIG_DIRS /
XDG_CONFIG_HOME, so it can be easily overridden.
There are three .conf(.in) files shipped with this commit:
- "test-index.conf.in" (in "test-config"), which points to the
"test-index" index (used in tests only); the tests are adapted to
point to the hierarchy containing this .conf
- "libguestfs.conf.in" (in "test-website"), which points to the local
"index.asc" (i.e. the offline copy of the libguestfs.org index);
run(.in) will point to the hierarchy providing this .conf
- "libguestfs.conf.in" (directly among the other sources), which points
to the online "index.asc" and it is installed in sysconfdir, along
with the key of this repository
The tests are adapted, other than to the different way to pick sources,
to the different output of --list, as "test-index" is not signed.
Use Sigchecker.gpgkey_type instead of just string as type in the
sources list; adapt the listing code (and its expected output) to that.
No behaviour change which eases a bit the addition of new sources with
other key types.
Move in an own module the code which calls the C
virt_builder_parse_index and does the array -> list conversion of the
result. This way this code can be easily called also in places different
than Index_parser without the need to copy the types mapping, etc.
Just code motion, no actual behaviour changes.
Introduce a mandatory arch= key in all the entries of index files, to
identify which architecture is each. Adapt the long and JSON list
outputs to print also this new field.
This introduces an incompatibility with index files created with
virt-builder < 1.26, as they will be rejected until entries will have
the arch= key added (which is ignored by older virt-builder, so adding
it will not create backward-compatibility issues).
Extend Sigchecker so it allows both fingerprints (to be imported from
user's keyring, as before) and keys stored in files. To simplify this
process (and have the fingerprint always around), the key is imported
on Sigchecker.create time, instead of lazily at the first verification.
Create a temporary directory and tell gpg to use it as homedir, so
imported keys do not get into the user's keyring. This also avoid
importing the default key when a different one is needed to check the
signature.
The only exception is when a non-default fingerprint is used: in this
case, that key is read from the user's keyring, since it is where it is.
Even though so far there is just one possible setting to read, isolate
in an own function the code to parse a configuration file and read the
settings out of it.
Now there's a new config_t handle used every time, but since config_read
would reset an handle completely, there is no behaviour change.
Look for use of external_functions and fish_functions and replace with
use of external_functions_sorted and fish_functions_sorted where
possible. This ensures that the output of the generator is sorted as
far as possible.
I also checked for uses of internal_functions and documented_functions
but those are not used. The *_sorted versions are always used
instead.
CC virt_index_validate-index-validate.o
index-scan.c:1270:17: warning: 'yyunput' defined but not used [-Wunused-function]
static void yyunput (int c, register char * yy_bp )
^
CCLD virt-index-validate
By using %option nounput we can prevent this from being generated in
the first place.
This is just a whitespace change.
This was done by running the following command and then fixing a
couple of places where it got it wrong:
perl -pi.bak -e 'unless (m/#define/) { s/([a-zA-Z0-9])\(/$1 (/g }' \
generator/gobject.ml
The warning only appears when we set CFLAGS to be the same as used by
RPM, which you can do by setting:
CFLAGS="$(rpm --eval '%{__global_cflags}')"
before running ./configure.
FWIW the current value of that RPM expression (in Fedora 20) is:
-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches
It is not clear which option precisely enables the warning.
If calling guestfs_list_filesystems with a disk image containing a
corrupt btrfs volume, the library would segfault. There was a missing
check for a NULL return from guestfs_btrfs_subvolume_list.
This adds a check, returning the real error up through the stack and
out of guestfs_list_filesystems.
This is potentially a denial of service if processing disk images from
untrusted sources, but is not exploitable.
Thanks: Jeff Bastian for reporting the bug.
Small refactor of Downloader.download_to to allow different download
actions depending on the protocol of the URI (which is now parsed).
No actual behaviour changes, just mostly code motion.
Switch the type of the "guid" parameter from "String" to "GUID"; this
adds the validation of the GUID as such, rejecting straight away invalid
GUIDs which otherwise could be handled badly by low-level tools (such as
sgdisk).
Add a couple of easy tests (taken from RHBZ#1008417) to
part_set_gpt_type about this.
Isolate in an own function the code that runs sgdisk and parse a field
of it (using an extraction function passed as parameter), using it for
the GUID type.
This is just code motion, no actual behaviour changes.
If there is a GPT partition layout, then what should be read and
restored for each partition is the GPT type and not the MBR ID.
Related to RHBZ#1060404.
This adds:
- GUESTFISH_INIT
- GUESTFISH_OUTPUT
- GUESTFISH_RESTORE
which along with existing GUESTFISH_PS1 allow you to fine control the
colour of the output.
Output all the translations available for the notes in the "verbose"
output and the JSON output, while trying to match the system langauge in
the "show notes" output.
The JSON output is slightly changed to handle translations, with the
"untranslated" notes being matched as "C". The version is not bumped
though, since there have been no stable releases with the former output
yet.
virt-builder added a --selinux-relabel option with a slightly
different meaning.
This commit keeps the old --selinux-relabel / --no-selinux-relabel
options in virt-sysprep, but deprecates them and replaces them with
--autorelabel and --no-autorelabel.
The whole "COPYING AND CLONING" section really needs to be overhauled
too, but first we need to make virt-builder work properly for
customizing templates.
The previous translation from Perl slavishly followed the Perl code a
bit too much and used a named pipe to communicate between the
uncompressing subprocess and libguestfs tar-in. From C we can use an
anonymous pipe instead.
This updates commit d3512deb67.
Otherwise it moans about:
mkfs: ntfs: /dev/sda: /dev/sda is entire device, not just one partition.
Refusing to make a filesystem here!
This has been happening for a while, so I don't know why we didn't
notice it before. It even happens on RHEL 6.
A simple reproducer is:
virt-make-fs -t ntfs any-tarball.tar.gz test.img
Strictly speaking this reduces the number of formats that virt-make-fs
can output to, but it's likely that no one cares and if they do we can
add new formats in future.
The following commit managed to not actually add the --foreground
option to the timeout command, just test for it. Add it this time.
commit 6814888774
Author: Richard W.M. Jones <rjones@redhat.com>
Date: Thu Dec 19 08:21:53 2013 +0000
run: Use timeout --foreground option.
If timeout doesn't have this option (RHEL 6) don't use timeout at all.
Attempt to fix RHBZ#1025269.
Commit 72afcf450a was partially
incorrect. If the guest userspace is expecting /selinux to exist,
then we should bind-mount /sys/fs/selinux from the appliance kernel
there.
virt-builder and virt-sysprep may make use of
Common_utils.string_random8 (which uses Random.int) for constructing
temporary paths; not initialising the random generator means that every
invocation will reuse the same name used previously (!).
Thus just call Random.self_init, just like virt-sparsify already does.
Expand the test-virt-sysprep-script.sh test to ensure that virt-sysprep
is not affected again by this issue.
All it did was checking for a libvirt version, which is what
libvirt-is-version now does; hence remove the C part, and use guestfish,
ignoring the launch failure (as the C test did).
This adds the --selinux-relabel option which enables selinux in the
appliance and runs:
if load_policy && fixfiles restore; then
rm -f /.autorelabel
else
touch /.autorelabel
fi
at the end of installation.
When possible this fixes SELinux labels in the guest and makes the
autorelabel step unnecessary.
Notes:
- The previous commit is required so that load_policy works.
- During the build, SELinux is enabled but no policy is loaded. This
works because SELinux is in permissive mode.
- This flag does not work if the appliance kernel and the guest have
greatly differing versions, eg. a RHEL 6 guest with a Fedora 20
appliance. This is because SELinux changes the policy format and
breaks backwards compatibility. You would see errors like this:
libsepol.policydb_write: policy version 15 cannot support MLS
libsepol.policydb_to_image: could not compute policy length
libsepol.policydb_to_image: could not create policy image
SELinux: Could not downgrade policy file /etc/selinux/targeted/policy/policy.24, searching for an older version.
SELinux: Could not open policy file <= /etc/selinux/targeted/policy/policy.24: No such file or directory
These errors are ignored (they go to the log file) and relabelling
is done at boot instead.
- It's not clear if loading guest policy is safe. You should trust
the virt-builder templates and to use libguestfs confinement for
additional protection.
Even though we are already bind-mounting /sys, it is necessary to also
bind-mount /sys/fs/selinux in order for SELinux commands (in
particular, 'load_policy') to work.
This fixes/reverts commit 7367729ec7.
It is never normally valid to use the mount-local* APIs when you
haven't mounted some filesystems in the libguestfs namespace.
If you try it, it results in some odd errors. The mount-local-run
call is successful, but subsequent operations fail:
$ mkdir -p /tmp/mnt
$ guestfish -x -N fs mount-local /tmp/mnt : mount-local-run
libguestfs: error: lstat: lstat_stub: you must call 'mount' first to mount the root filesystem
libguestfs: error: lstat: lstat_stub: you must call 'mount' first to mount the root filesystem
With this commit, the mount-local-run call gives an error:
libguestfs: error: you must call 'guestfs_mount' first to mount a filesystem on '/'.
Note: '/tmp/mnt' is still mounted. Use 'guestunmount /tmp/mnt' to clean up.
The error is implemented by calling guestfs_exists (g, "/") which has
the side effect of running the NEED_ROOT macro in the daemon. (There
is no simple equivalent of NEED_ROOT on the library side.)
This fixes the handling of paths for the protocols named above, with
respect to leading '/' (or not) on the volume/export name.
See previous commits which did the same fixes for Ceph:
commit 53a3ff9c00
commit 992a6b2970
If we rely on OCaml's internal exception printing, then it will
truncate error messages like this:
Fatal error: exception Guestfs.Error("could not create appliance
through libvirt.
Try running qemu directly without libvirt using this environment
variable: export LIBGUESTFS_BACKEND=direct
Original error from libvirt: unable to set security context
'unconfined_u:object_r:svi
note the truncation here ^^^^^^^
Instead of using the internal exception printing, wrap the whole
program in a 'main ()' function and add an exception handler.
This large change is non-functional apart from the addition of the
exception handlers at the end.
This tests that libvirt domain XML (ie. guestfish -d option) is parsed
correctly and results in the correct qemu command line when using the
direct backend.
This is a good end-to-end test of various layers.
This is valid for some network drives, for example:
<source protocol='nbd'>
<host name='foo' port='1234'/>
</source>
We pass an empty string as path to the guestfs_add_drive_opts API in
this case.
This is valid for some network drives:
<source protocol='rbd' name='abc-def/ghi-jkl'/>
instead of this:
<source protocol='rbd' name='abc-def/ghi-jkl'>
<host name='foo' port='1234'/>
</source>
Allow both forms.
The path at the API level (for guestfs_add_drive_opts) is:
pool/disk
The URI syntax is either rbd:///pool/disk or rbd://server:port/pool/disk.
Because of the way URI parsing works we may need to remove a leading
'/' character before passing the path down to the API.
The path at the protocol level is:
pool/disk
(with no leading '/' character). This is now what you have to pass to
guestfs_add_drive_opts.
Also Ceph can be called with no explicit servers (it uses the contents
of /etc/ceph/ceph.conf instead). So allow zero servers to be used.
Switch the internal storage for the notes of each entry to a sorted list
with all the subkeys available (which should represent the translations
to various languages).
The current outputs are the same (i.e. still the untranslated notes), so
this is just internal refactoring/preparation.
Because EXTRA_DIST simply used $(TESTS), and because the list of tests
includes C binaries, these were included in the tarball (actually not
binaries, but libtool scripts, but it's still undesirable).
virt-sparsify doesn't work if the output is a block device, and cannot
possibly work if the output is a char device. Currently if you try
this it actually overwrites (deletes) the output device which is not
exactly desirable. Therefore throw an error and exit.
'chmod --reference' is not available on Mac OS X.
Keeping the original file and directing edits into it preserves permissions and removes the need to chmod.
(Tried 'sed -i' for inplace editing but unfortunately it isn't portable either.)
The index files already allowed the 'key[subkey]=...' syntax for keys,
but considering such string as whole key. Proper split the parsing and
the handling of the subkeys, so they can be searched a bit easier.
This causes no actual behaviour changes, it is just internal
micro-refactoring. (Thanks Rich for the hints, too.)
Previously callbacks would return a list of flags, such as []
or [`Created_files].
In this commit we introduce two new objects, filesystem_side_effects
and device_side_effects (the latter is not used yet).
The callbacks that create files now need to call
side_effects#created_file ()
instead of returning flags.
There is no functional change in this patch.
Improve the index grammar to allow more than one empty line between
sections, and to allow any number of empty lines at the end of the file
(after the last section).
0.10.2+ is still available on some recent-ish stable distros (like
Fedora 19, Ubuntu 13.04), and should work fine for guestfs.
This reverts commit 6b3e05e8da.
By using:
export LIBGUESTFS_BACKEND_SETTINGS=force_tcg
you can force the libvirt backend to use TCG (software emulation)
instead of KVM (hardware accelerated virtualization).
By using:
export LIBGUESTFS_BACKEND=direct
export LIBGUESTFS_BACKEND_SETTINGS=force_tcg
you can force the direct backend to use TCG (software emulation)
instead of KVM (hardware accelerated virtualization).
This is sometimes useful, especially if you are trying to use
nested KVM on Intel.
Allow settings (an arbitrary list of strings) to be passed to the
current backend. This will allow us to tweak how the backend works,
eg. by forcing TCG.
tests/nbd/test-nbd.pl contains a hack (a call to sleep) to wait
for qemu-nbd to start up in another process.
This sleep was previously located before the call to $g->launch()
since that is where (previous to commit 4a0f5ed382) the backend would
have connected to the NBD server.
However in the new code, an initial NBD connection test is done when
the drive is added (ie. $g->add_drive (..., protocol=>"nbd")), which
duly failed intermittently because the qemu-nbd server had not opened
its socket yet.
Move the wait earlier -- just after the fork -- to avoid this.
This updates commit 4a0f5ed382.
In some places we turn relative paths passed by the caller into
absolute paths: for example in the libvirt backend, all relative paths
to disk images have to be turned into absolute paths (by calling
realpath) because otherwise libvirt doesn't work.
This has the potential to break things, especially considering that
qemu uses the path passed to it in order to resolve the relative paths
of backing files.
For example consider the case where 'overlay' is a symbolic link to
/dev/dm-1, but /dev/dm-1 contains a qcow2 which references './backing'
as its backing file. If we rewrote 'overlay' to '/dev/dm-1', then
qemu would try to look up '/dev/backing' for the backing file and
fail.
See also:
https://bugzilla.redhat.com/show_bug.cgi?id=1053684https://www.redhat.com/archives/libguestfs/2014-January/thread.html#00087
This fixes commit 4a0f5ed382.
A simple test of this:
guestfish <<EOF
add-drive "" readonly:1 format:raw protocol:nbd server:localhost:10000
EOF
which would core dump.
qemu has broken snapshot=on ... again.
Change the way that drives are created so that the backend no longer
has to use snapshot=on, <transient/> (which never worked), or UML's
corresponding COW-creation feature (also broken).
Instead of that, the src/drives.c code will create overlays when
required by calling into a new backend operation 'create_cow_overlay'.
This operation runs 'qemu-img create -b' or 'uml_mkcow' as determined
by the backend, and returns the name of the overlay.
The format of the overlay is still backend-specific because qemu needs
to use qcow2 and UML needs to use COW.
This patch also includes some factorization of the libvirt XML code.
This also drops the drv->priv (private per-drive data) field, since it
is no longer used by any backend.
This also moves the guestfs___drive_source_qemu_param utility
function, used & shared by the direct & libvirt backends only, into
src/launch-direct.c (from src/drives.c).
In some tests we were specifying qcow2 as the image format when adding
a disk, but actually passing a raw format image.
Libguestfs previously did not detect this until guestfs_launch, but it
was still a bug to pass an incorrect format to guestfs_add_drive_opts.
It only worked because these tests never call guestfs_launch.
A later commit in this series will cause this to be detected
(sometimes) during guestfs_add_drive_opts.
Switch from a boolean for the short/long list output to labels for the
actual format. Also, split the output of each list format to an own
function for easier maintaineance.
Not all the fields of struct stat are actually filled by us. This caused
rubbish to appear in the microseconds fields, which were then used as
base when changing atime/ctime (with e.g. touch), triggering EINVAL by
futimens/utimensat when those rubbish values were out of the range
allowed for microseconds.
Add a new --operation parameter which, similarly to --enable, can be
used to enable operations, but also to remove them, and to add/remove
the default operations and all the available ones.
Previously the list was reversed. Note this doesn't have any effect
on how the packages are installed since the guest package manager
doesn't care about the order.
This is too complex to implement directly in virt-builder.
Instead we just document how to do it for some common Linux distros
using --run-command, --edit etc.
Move in an own function the code that does the (l)listxattrs allocating
the buffer of the right legth, as it will be useful later.
No functional changes, just code motion.
Instead of enable them when having one of the two headers for it but
still checking for the HAVE_* availability of each *xattr() function
used, just enable the linuxxattrs as a whole when having any of the
needed headers (like before) and all the needed functions.
This might cause the linuxxattrs to not be available anymore on systems
without the whole set of *xattr() functions implemented, but OTOH it
simplifies the xattr.c implementations.
It now matches the documentation:
"Select the size of the output disk, [...]
Virt-builder will resize filesystems inside the disk image
automatically.
If the size is not specified, then one of two things happens. If
the output is a file, then the size is the same as the template. If
the output is a device, partition, etc then the size of that device
is used."
This also adds checks to make sure that users don't try to shrink a
disk (which is not possible), and they don't try to resize larger than
the output block device.
This means there will be no default hypervisor, and effectively the
user will always have to specify one (eg. by setting LIBGUESTFS_HV or
calling guestfs_set_hv).
This is useful on platforms where qemu doesn't work, or where qemu is
not needed (eg. if you want to use UML, or you just want to compile
libguestfs without using/testing it).
The .new method was unintentionally broken in
commit 9466060201.
This fixes the .new method and allows it to be called with multiple
parameters, so you can use:
Guestfs::Guestfs.new
Guestfs::Guestfs.new()
Guestfs::Guestfs.new(:close_on_exit => false)
etc.
For backwards compatibility, Guestfs::create may still be used.
This commit also adds regression tests:
- Use .new method in regular tests. (Because this was not done
before, we didn't catch the breakage.)
- Test that ::create still works.
- Test that args can be passed to .new method.
Added in 2392fae680 and removed in
be025369ad622867ecf08d5c9170e8e59d2d6294; now they should work with any
backend, as the device names are normalised and not change the guestfish
output depending on the used backend.
Thanks Richard for the hints.
Instead of:
libguestfs: error: could not create appliance through libvirt.
Try using the direct backend to run qemu directly without libvirt,
by setting the LIBGUESTFS_BACKEND=direct environment variable.: internal error: process exited while connecting to monitor: qemu-system-x86_64: -drive file=/tmp/libguestfs3RnJSd/snapshot2,if=none,id=drive-scsi0-0-0-0,format=qcow2,cache=writeback: could not open disk image /tmp/libguestfs3RnJSd/snapshot2: Could not open backing file: Could not open '/home/lsm5/fimagebuilder/fedora-imagebuilder/fedora-imagebuilder-sda.qcow2': Permission denied
it will now say:
libguestfs: error: could not create appliance through libvirt.
Try running qemu directly without libvirt using this environment variable:
export LIBGUESTFS_BACKEND=direct
Original error from libvirt: internal error: process exited while connecting to monitor: qemu-system-x86_64: -drive file=/tmp/libguestfs3RnJSd/snapshot2,if=none,id=drive-scsi0-0-0-0,format=qcow2,cache=writeback: could not open disk image /tmp/libguestfs3RnJSd/snapshot2: Could not open backing file: Could not open '/home/lsm5/fimagebuilder/fedora-imagebuilder/fedora-imagebuilder-sda.qcow2': Permission denied
NULL means that libvirt gets to guess what connection URI we meant.
Currently it guesses qemu:///session for non-root and qemu:///system
for root. Except if LIBVIRT_DEFAULT_URI is set in which case this is
used even if it's not appropriate. Except if Xen is installed in
which case it guesses xen:/// which is not helpful at all.
Instead use qemu:///session (or qemu:///system for root -- that's
likely to be wrong, but we can't help that).
If the user really wants to use NULL and let libvirt guess, then they
can now specify the libvirt:null backend.
See:
https://bugzilla.redhat.com/show_bug.cgi?id=1045033https://bugzilla.redhat.com/show_bug.cgi?id=886915
A good way to test this is:
LIBVIRT_DEFAULT_URI=iambroken libguestfs-test-tool
The libguestfs libvirt backend should (after this commit) ignore
LIBVIRT_DEFAULT_URI. However other parts of libguestfs will still use
it, eg. guestfs_add_drive_opts, guestfish '-d' option.
A single file can have multiple xattrs. Previously these were
returned in the same order as the kernel returns them. However it is
more useful if they are sorted by attribute name.
The wrong pointer was passed to the visitor_function, resulting in it
seeing the placeholder xattr entry (the one which stores the length of
the list of xattrs - see
http://libguestfs.org/guestfs.3.html#guestfs_lxattrlist ).
virt-ls doesn't list xattrs at the moment, hence this bug was not seen
before.
This is essentially just code motion, except:
(1) It cleans up a few variable declarations which were implicitly
used by the old macro that aren't needed any more.
(2) The options are reordered alphabetically.
The current add_cdrom way basically appends a new raw "-cdrom /path"
parameter to the qemu invocation (even when using libvirt as backend),
hence such images are seen as "CD-ROM drives" inside the appliance.
However, there is no need for such particular behaviour, as they need to
be handled as normal (read-only) drives.
Adding CD-ROM disk images as drives also changes the device names used
for them inside the appliance from /dev/srN to the usual e.g. /dev/sdX.
These changes fix different issues:
- it is possible to start guestfish without adding disks with -a, then
just add-cdrom and run
- list-devices does not cause guestfsd to crash when sorting the list
of devices (exposed by the test case in RHBZ#563450)
- the result of list-devices now reflects the order images were added
(RHBZ#563450)
add_cdrom is still deprecated, but now in favour of add_drive_ro
(instead of add_drive), with its documentation reflecting that.
Add two small regression tests for the fixes described above.
virt-builder --output /dev/null is tempting, but not possible, and
might result in /dev/null being deleted(!) Check for this case and
prevent it happening.
Previously we would use the virt-resize --no-sparse option if the
final output file was a block device. This is safe, but unnecessary
for example if virt-resize was used as an intermediate step. So only
use this option if virt-resize is actually writing to the block
device.
The original template might be, say, xz-compressed raw of a certain
size. We need to work out how to convert it to, say, qcow2 with a
larger size, in as few operations as possible.
Instead of using a nasty aggregation of special cases to do this, use
a breadth-first search over all possible trees to try to find an
optimal plan.
(Actually the current implementation isn't optimal, but it's fine for
virt-builder.)
It seems that FUSE can invoke flush to make sure the pending changes
(e.g. to the attributes) of a file are set. Since a missing flush
implementation is handled as if it were returning ENOSYS, this can cause
issues later.
To overcome this, just provide a stub implementation which does nothing,
since we have nothing to do and don't want to have FUSE error out.
Furthermore, uncomment the timestamp checks in test-fuse.sh, since now
they should be working fine.
This avoids:
xgettext: error while opening "libguestfs.pot-t" for reading: No such file or directory
which I observed with xgettext (GNU gettext-tools) 0.18.3
If you use virt-make-fs to create a partitionless FAT-formatted disk
image then currently you will get an error:
$ virt-make-fs --type=fat . /tmp/test.img
'mkfs' (create filesystem) operation failed.
Instead of 'fat', try 'vfat' (long filenames) or 'msdos' (short filenames).
mkfs: fat: /dev/sda: mkfs.fat: Device partition expected, not making filesystem on entire device '/dev/sda' (use -I to override) at /usr/bin/virt-make-fs line 508, <PIPE> line 1.
...propagated at /usr/bin/virt-make-fs line 518, <PIPE> line 1.
With this patch, the error goes away and partitionless disks can be
created.
When receive_file_data calls guestfs___recv_from_daemon, and that
function returns -1, it adds the following error to the handle:
receive_file_data: parse error in reply callback
However this hides a more specific error message which was already
added by guestfs___recv_from_daemon.
When chunked encoding fails, the following error is added to
the handle:
[filename]: error in chunked encoding
However all paths returning -1 from receive_file_data already set a
more specific error, which this error hides.
The latter is a better way to disable the qemu display output as we
need to, without enabling extra devices (which are disabled already,
anyway).
Also, related to the change above, ban the -display parameter from the
ones that can be supplied by the user.
Don't change "os-version" to "OS version". It's intended to be the
same as the virt-builder man page, which consistently calls this the
"os-version" string.
This partially reverts commit ee0e56f43e.
Fix the dependencies of the libguestfs.pot target: other than using the
right make variables holding the contents of the POTFILES, depend also
on the POTFILES themselves.
- when a command needs no parameters, tell that explicitly instead of
"command should have 0 parameters"
- use gettext's plural form when printing the number of required
arguments
- improve the error message for a variable number of parameters limited
only in the maximum number of them, using also a plural form
Extracting separately the pot for the various languages and then
creating manually the global pot (by manually joining the above ones
after having stripped their headers) is wrong, since other than being
an hack it can create an invalid pot when the same message appears in
sources written in different languages.
Instead, a cleaner and safer solution is to first let ocaml-gettext
(if available) extract the messages for the ml files, and then use
xgettext to extract the messages for the other languages, joining the
new messages to the existing (or not) pot file.
Check for /boot/loader.rc as "install disc" detection, using it to mark
FreeBSD install discs.
Also, check for /mfsroot.gz to see whether such disc is also a live one.
See also RHBZ#1033207.
/etc/fstab in installation discs of FreeBSD can have an entry pointing
to the mounted CD itself; skip it as it is done with other CD devices in
check_fstab.
Although this test only specifically tests the direct backend, the
same code is shared with the libvirt backend in some circumstances
(eg. creating readonly drives). So this is testing a bit of both.
This allows you to select both locked accounts and disabled
passwords. The two are subtly different concepts.
A locked account [cf. passwd -l] puts "!!" at the beginning of the
shadow password field. Locking is reversible, because the "!!" can
be removed, restoring the original password. Therefore "locked"
acts as a flag in front of an existing selector.
A disabled account has "*" in the password field. Therefore it has no
password.
Note that an account may be both locked and disabled, although this is
probably not useful. The shadow password field will contain "!!*".
It now appears in the respective man pages as:
--root-password selector
or:
--password selector
This avoids confusion from people who think these command line options
take the password directly.
If libselinux was detected, it was not added to the linker command
line. This still worked (at least on Fedora) because some other
library pulls in the dependency implicitly, possibly libvirt. However
this broke on Arch:
https://aur.archlinux.org/packages/libguestfs/
Reported by and thanks: Antoni Segura Puimedon.
Char.code (input_char chan) mod nr_chars has modulo bias because
the original interval is not a multiple of the destination interval,
i.e. 256 mod nr_chars != 0.
One way to fix this is to keep generating random numbers until they fall outside
the interval where modulo bias occurs, that is accept only c=[256 % nr_chars, 256).
That interval maps back to [0, nr_chars), and has a length of
(256 - 256 % nr_chars), which is a multiple of nr_chars.
RWMJ:
- Modify the code so it goes into a utility library.
- Use the same code across virt-builder and virt-sysprep.
OCaml's buffered 'in_channel' has a 64k buffer, so using it to read a
few bytes from /dev/urandom removes a lot of the system's entropy (for
example /proc/sys/kernel/random/entropy_avail goes from ~3000 to 128).
This patch was originally by Edwin Török for builder.ml. I
generalized it because there are two other places where we did
over-sized reads from /dev/urandom.
RWMJ:
- Renamed the script from sl.sh -> scientificlinux.sh
- The output file is called scientificlinux-$version
- I fixed some whitespace issues so it's now similar to the CentOS script.
index-parser-c.c depends on index-parse.h being created first.
However without an explicit dependency, this is not done (and implicit
deps don't work because automake doesn't sufficiently understand OCaml
programs).
This fixes commit a4800e2d4f.
Instead of calling out to the pxzcat program, use an internal
implementation. This requires liblzma to be available at build time.
If it's not available, fall back to using regular xzcat.
It is intended that eventually this code will go away when regular
xzcat / unxz is able to use threads.
The device name prefix for IDE hard drives used to be `ad' but now
is `ada' (http://www.freebsd.org/doc/handbook/disks-naming.html).
For virtio hard drives it is `vtbd'.
Under an MBR partition table a slice will be used, so the name of
the first partitions will be either `ada0s1a' or `vtbd0s1a'. Under a
GPT partition table, where no slice is needed, the name of the first
partition will be either `ada0p1' or `vtbd0p1'.
Signed-off-by: Nikos Skalkotos <skalkoto@grnet.gr>
This is for backwards compatibility with virt-builder 1.24.0 which
could not parse a key that contains square brackets and numbers.
This updates commit 4b73e0be29.
Users can now specify multiple source paths, eg:
virt-builder --source http://example.com/foo \
--source http://example.com/bar
to get templates from multiple places.
There is still only one built-in path, but we can add more later.
We don't need to sign individual templates, provided the signed index
file contains the cryptographically secure checksums of the templates.
Since the index file cannot be interfered with and the checksums
cannot be spoofed, this is sufficient to ensure the integrity of the
templates.
Note the template signatures are now deprecated and will be removed in
libguestfs 1.26. To avoid any backwards compatibility issues, I will
backport the relevant changes to the stable-1.24 branch.
Thanks Dennis Gilmore for pointing out that we could do this.
Instead of typing:
./run ./fish/guestfish ...
you can now use:
./run guestfish ...
This is shorter, but there are also two good reasons for this change:
It never made any sense to run the system-installed guestfish (or
other) binary. It would be unlikely to work. Also binaries in
libguestfs should be able to call other binaries freely without adding
special exceptions (which we had before this change).
For systemd:
Currently stdout+stderr go to the journal (these are effectively
empty unless there are gross errors). The output of the commands
goes to the log file.
With this change, the output goes to the journal, the console and
the log file.
For SysV-init:
Currently stdout+stderr go to the console (but these are effectively
empty). The output of the commands goes to the log file.
With this change, the output goes to the console and the log file.
If:
- the output is a regular file
- the output format is raw
- the user didn't specify the --size option
then we don't need to run virt-resize. Simply uncompress
the template directly to the output file.
When using the guestfish --remote or guestfish --listen options,
guestfish would create a socket in a known location
(/tmp/.guestfish-$UID/socket-$PID).
The location has to be a known one in order for both ends to
communicate. However no checking was done that the containing
directory (/tmp/.guestfish-$UID) is owned by the user. Thus another
user could create this directory and potentially modify sockets owned
by another user's guestfish client or server.
This commit fixes the issue by creating the directory unconditionally,
and then checking that the directory has the correct owner and
permissions, thus preventing another user from creating the directory
first.
If guestfish sees a suspicious socket directory it will print an error
like this and exit with an error status:
guestfish: '/tmp/.guestfish-1000' is not a directory or has insecure owner or permissions
Thanks: Michael Scherer for discovering this issue.
Version 2:
- Add assigned CVE number.
- Update documentation.
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
This is not part of the automated test suite. It's a manual test run
by the maintainer which must be run on each new guest to ensure that
all the virt-builder features work on the new guest.
Since this is essential for security, be much more proactive about
trying to create a random seed file, even for guests which have buggy
installers that don't create this file during installation.
This commit removes a lot of cruft from old RHEL which was required to
start udev. Instead we run the daemon directly.
Also it removes the fallback path which created some device nodes in
/dev by hand. This likely did not work. This also removes the
dependency on MAKEDEV which is long gone from most distros.
This is required for Ubuntu, since the /etc/init.d/udev script didn't
actually work. The most common symptom was that /dev/virtio-ports/*
was not created because udev didn't process the cold start events.
This should be safe, and avoids the whole issue of whether a guest
uses systemd or not. Also it is possible to switch init systems
(eg. by specifying init= on the command line) so it's not even clear
if a guest "is" systemd.
Thanks: Tom Gundersen on #systemd.
This updates/fixes commit 596de56a43.
Ubuntu 13.10 has /etc/systemd but uses Upstart. This confuses the
script because it assumed that if you have /etc/systemd then you are
using systemd. Ubuntu includes systemd services (inherited from
Debian) but they just don't run.
If the output is a block device:
- Detect the size of the output device.
- Don't attempt to delete the output device on failure.
- Turn off sparse copying in virt-resize.
Some --install requests may pull in packages that start daemons (dbus
being a favourite daemon apparently). These daemons will prevent the
disks from being unmounted and everything being cleaned up at the end.
Add some experimental code to kill these daemons.
Because we're not running msgmerge but concatenating the PO files, you
can get duplicate messages (in this case "no"), resulting in this
error:
libguestfs.pot:6142: duplicate message definition...
libguestfs.pot:3285: ...this is the location of the first definition
Just work around this for now.
Commit c598e14052 exports
LD_PRELOAD=/lib64/libSegFault.so so that guestfsd and processes that
it runs will produce descriptive stack traces.
However it exports it to everything including the virt-rescue shell.
But if we are chrooting into a guest which doesn't have this file (or
indeed any guest) we should not use LD_PRELOAD.
Therefore unset LD_PRELOAD in the rescue shell.
See also related commit 21e5fc811e.
Previously a command such as:
virt-builder --cache /tmp/cache --delete-cache
would delete ~/.cache/virt-builder (the default cachedir).
It's obviously meant to delete /tmp/cache, which this commit fixes.
The third parameter (number of bytes to copy) was given as an offset
relative to dest, when it should be relative to src. This fixes some
valgrind warnings I happened across.
On Debian, /dev/kvm is mode 0660 and group kvm, so users need to add
themselves to the kvm group otherwise things are going to be very slow
(this is Debian bug 640328).
Since 'device' is assigned repeatedly, and because
device_name_translation allocates a new string each time, we have to
free it in the loop and along error paths.
Found by ./configure --enable-valgrind-daemon.
This adds a new internal API: internal_exit
Only when valgrinding the daemon, have the library call internal_exit
along the close path, and close the sockets first. This ensures we
will see normal valgrind messages (we were only seeing valgrind aborts
before).
Note this is not used in production builds.
The latter function is only available in OCaml >= 4.00 whereas
Filename.temp_dir_name has been around since OCaml 3.09.1. In this
case it doesn't make any difference which one we use.
When the user has enabled the network (not the default) we upload
/etc/resolv.conf from the host to the appliance /etc/resolv.conf
so that programs in the appliance can contact nameservers.
Commit 9521422ce6 previously changed the
behaviour to copy /etc/resolv.conf into the sysroot when running
commands.
Add a constant fixed timeout for launch (currently 20 minutes, we'll
make it configurable if needed in the future). If the appliance takes
longer than this to connect back, we time out assuming that the kernel
has hung during boot.
This call never did anything. Don't use it. Also I have submitted a
patch upstream to remove the corresponding option from blockdev.
See RHBZ#1002825 for an explanation of why this call was always
useless.
Thanks: Masayoshi Mizuma
When you try to run commands for an Ubuntu guest, they fail because in
Ubuntu /etc/resolv.conf is a symlink to /run/... and this turns out
to be a dangling symlink when the Ubuntu guest is mounted up under the
appliance.
Therefore even if the network is enabled, any command which tries to
do name resolution will fail.
Ideally we would like to bind-mount the appliance /etc/resolv.conf
into the sysroot. However this is not possible because mount is buggy
(see comment). So instead we use a complex hack to achieve the same
ends.
Note this is only done if the network is enabled and if /etc in the
guest actually exists. The original /etc/resolv.conf is restored
as soon as the command has run.
Using guestfs_exists on a symlink which existed but pointed to a
non-existent file was returning false. However exists obviously
should not be following the symlink in the first place.
Removing this directory breaks Ubuntu guests.
This change adds a utility function which removes only files from a
directory. This is a safer way to clean cache directories etc.
The 'virt-builder --format' option translates to the
'virt-resize --output-format' option, because it specifies the output
format.
On the contrary, the 'virt-resize --format' option (the input format)
is always 'raw'.
This also makes a minor rearrangement so that the random seed, root
password, hostname setting all happen before package installation.
This keeps these configuration changes together and means that the
packages that are installed can act differently based on hostname
(which is conceivable).
$ virt-sparsify a a
virt-resize: error: you cannot use the same disk image for input and
output
If reporting bugs, run virt-resize with the '-d' option and include the
complete output.
Note (a) it assumes the program is called "virt-resize" which it
isn't, and (b) it assumes the program has a debug option -d which it
doesn't.
This commit changes the error message and adds a -v option to
virt-resize.
Commit c598e14052 exports
LD_PRELOAD=/lib64/libSegFault.so so that guestfsd and processes that
it runs will produce descriptive stack traces.
However if we chroot into /sysroot (ie. CHROOT_IN/CHROOT_OUT) and if
the libSegFault.so library does not exist inside the chroot (as is the
case on Debian guests) then we cannot run any processes. In any case
we *don't* want to necessarily run this library from the guest.
The proper way to fix this is to confine all chrooting to a
subprocess, but that's a big change to guestfsd which we'll have to do
one day. For now, unset LD_PRELOAD once guestfsd starts up.
The old parser had several problems: firstly it called the error path
sometimes without calling reply_with_error causing a protocol hang.
More seriously it had hard-coded line numbers, and since Fedora 21 the
output of xfs_info has changed, moving lines around.
Change the parser to be more robust against added fields by using the
first name on the line as the section name, thus 'bsize=' is
interpreted differently depending on whether it appears in the "data"
section or the "naming" section.
Ensure also that we don't call the error path without calling
reply_with_error, which is a side-effect of the above change.
When 'mount -o loop' and similar commands are used, the loop module is
loaded automatically by the kernel when /dev/loop-control is accessed.
/dev/loop-control is created semi-statically by an unholy and
overcomplex combination of kmod static-nodes and systemd-tmpfiles
(instead of using, say, just udev or even just a simple series of
mknod commands).
tests/c-api would fail from time to time if --enable-valgrind-daemon
was configured. There was no obvious memory leak. It looks as if the
overhead of valgrind was sufficient to break long-running tests such
as this one.
<cpu model="host-passthrough"> really passes -cpu host to qemu, which
is what we want since we don't care about live migration or ABI
stability.
This should avoid http://bugzilla.redhat.com/870071 .
Note this "taints" the libvirt domain. We don't particularly care
about that, and the reason for the tainting doesn't seem to make much
sense anyway.
This updates commit 6f76fdb41e.
We have to include the right header so that guestfs___free_string_list
is declared. Unfortunately that means ensuring -I src is passed to
the compiler in every tool subdirectory.
Also fix (bogus) compiler warning about incorrect type of the
parameter to caml_copy_string_array.
qemu does in fact fix up the device tree with the correct memory size
supplied by -m <ramsize> so the comment was incorrect.
This updates commit 8d273a2715.
It is thought that qemu-system-arm -m <ramsize> could conflict with
the actual memory that Linux thinks is available (from the device tree).
Thanks: Marc Zyngier
guestfs_case_sensitive_path does not test for file existence. We have
to test for it explicitly.
This updates commit 9ea6e97014. See the
description of that commit for more details.
qemu-system-ppc64 lets you add the IDE interface to the appliance, but
the appliance kernel ignores it (and consequently can't find the
appliance disk so it all goes wrong). Best to just disallow this.
Also skip tests that try using iface = 'ide'.
ARM doesn't support IDE. (Well, that's not entirely true as I found a
reference to one extremely obscure ARM board that had IDE disks, but
qemu-system-arm doesn't appear to support them).
iface=virtio means use (old) virtio-blk. Since there's an existing
path for using virtio-blk, use that instead of adding if=virtio (which
will fail on ARM).
If supermin-helper >= 4.1.5 is found, use the new-style syntax and if
the architecture requires it (only ARM for now) implement device
trees.
This means we pass a supermin-helper --dtb option to find the right
device tree (currently Versatile Express A9, since that's what we pass
to qemu in the -M option). This makes supermin-helper find a
compatible device tree file.
Also that we pass the corresponding dtb file to qemu via the qemu -dtb
option, or to libvirt via the <dtb> element.
Currently this uses the Versatile Express A9 (vexpress-a9) machine
type, which is not ideal long-term. However it includes such things
as virtio-mmio and so virtio things should work.
Note that -M vexpress-a15 does not work with qemu (from git on
2013-09-05 + Fedora kernel 3.11.0). There are no boot messages.
For virtio-scsi, this is the same as always:
-drive ...,iface=none -device scsi-hd
For virtio-blk, this now uses:
-drive ...,iface=none -device virtio-blk
If we do not want to keep the original firewall rules, enable
this operation to remove these rules automatically.
Signed-off-by: Wanlong Gao <gaowanlong@cn.fujitsu.com>
RWMJ:
- Updated po-file.
- Change documentation to note that it's disabled by default
and in theory could make the guest exploitable.
Even though this doesn't stop the compile phase, I find it a bit
distracting that this is what I get with bootstrap:
../.gnulib/gnulib-tool: *** cannot find ./configure.ac - make sure you
run gnulib-tool from within your package's directory
../.gnulib/gnulib-tool: *** Stop.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
The macro _FORTIFY_SOURCE might be already defined by environment in
which case it shouldn't be overriden (might be if it has lower value).
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
It's an enum, not a macro, and in any case it has been present in
augeas.h since 0.10.0, and the minimum version that libguestfs
requires is 1.0.0.
This fixes commit 3d132f2920.
This commit adds an optional 'cachemode' parameter to the 'add_drive'
API to control caching. This corresponds approximately to the
'-drive ...,cache=' parameter in qemu, but the choices are much more
restrictive, just 'writeback' or 'unsafe', for reasons outlined below.
The caching modes supported by recent QEMU are:
writeback:
- Reports data writes completed when data is present in the host
page cache.
Only safe provided guest correctly issues flush operations.
writethrough:
- Reports data writes completed only when each write has been
flushed to disk. Performance is reported as not good.
none:
- Uses O_DIRECT (avoids all interaction with host cache), but does
not ensure every write is flushed to disk.
Only safe provided guest correctly issues flush operations.
directsync:
- Uses O_DIRECT (avoids all interaction with host cache), and
ensures every write has been flushed to disk.
unsafe:
- No special handling.
Since the libguestfs appliance kernel always issues flush operations
(eg. for filesystem journalling and for sync) the following modes can
be ignored: 'directsync', 'writethrough'.
That leaves 'writeback', 'none' and 'unsafe'. However 'none' is both
a constant source of pain (RHBZ#994517), is inefficient because it
doesn't use the host cache, and does not give us any safety guarantees
over and above 'writeback'. Therefore we should ignore 'none'.
This leaves 'writeback' (safe) and 'unsafe' (fast, useful for scratch
disks), which is what we implement in this patch.
Note that the previous behaviour was to use 'none' if possible, else
to use 'writeback'. The new behaviour is to use 'writeback' only
which is (in safety terms) equivalent to 'none', and also faster and
less painful (RHBZ#994517).
This patch also allows you to specify a cache mode for network drives
which also previously defaulted to 'writeback'.
There is a considerable performance benefit to using unsafe (for
scratch disks only, of course). The C API tests only use scratch
disks (since they are just tests, the final state of the disk doesn't
matter), and this decreases total run time from 202 seconds to 163
seconds, about 25% faster.
Test whether qcow2 features are possible in qemu-img instead of
assuming they are by keying off the version.
Also use the 'lazy_refcounts' flag, if available. It may make writing
to the overlay file marginally faster (however I tested it and there
was no measurable difference).
If you don't have a ^C (SIGINT) signal handler at all, then at_exit
handlers are not called so you end up leaving the large temporary
overlay file lying around. That was fixed, incorrectly, by
commit 7283a5a276.
However the code now would delete the overlay file in the SIGINT
handler but otherwise continue running until basically it tries to
read the overlay file (now deleted) and fails. So it kind of worked,
by accident.
Fix this so that the signal handler calls exit, thus ensuring both
that the exit handler is called (to delete the file) and that the
program actually exits as soon as possible.
This also refactors the unlink_on_exit function into a utility.
Libguestfs won't work if you try to use it with supermin < 4.1.4
because the logic for detecting if compressed images can be used was
wrong (it was always enabled, instead of disabled for supermin < 4.1.4).
You can now use virt-format or virt-make-fs --label option to set a
label for a DOS filesystem:
$ ./run ./format/virt-format -a /tmp/test.img --filesystem=vfat --label=BOOT
$ ./run ./cat/virt-filesystems -a /tmp/test.img --all --long -h
Name Type VFS Label MBR Size Parent
/dev/sda1 filesystem vfat BOOT - 1.0G -
/dev/sda1 partition - - 0b 1.0G /dev/sda
/dev/sda device - - - 1.0G -
This also contains a small code refactoring.
Thanks: Gerd Hoffmann (kraxel)
Code like:
CLEANUP_FREE char *buf;
/* some code which might return early */
buf = malloc (10);
is a potential bug because the free (*buf) might be called when buf is
an uninitialized pointer. Initialize buf = NULL to avoid this.
Several of these are bugs, most are not bugs (because there is no
early return statement before the variable gets initialized).
However the compiler can elide the initialization, and even if it does
not the performance "penalty" is miniscule, and correctness is better.
When using guestfish --remote, libguestfs is not the parent of qemu,
so waitpid is expected to return -ECHILD. And indeed guestfish --remote
would print a bogus error message in this case:
libguestfs: error: waitpid (qemu): No child processes
If the parent process forked into the background, then it should have
called 'set_recovery_proc 0' so we can use this to determine if we
need to wait for qemu.
Thanks: Kazuya Saito for reporting and identifying the issue.
This was accidentally moved by this commit:
commit b8b5ed65c2
Author: Richard W.M. Jones <rjones@redhat.com>
Date: Wed May 23 11:46:23 2012 +0100
FAQ: Add section about using libguestfs in closed source programs.
Refactor the direct & uml backends to safely create the qemu & vmlinux
command lines.
Don't do malloc-after-fork, which is not safe. Do all the allocation
in the main process before the fork.
Use stringsbuf to simplify the code.
Instead of hard-coding the list of backends into the core of
libguestfs in many places, make each backend into a true module which
registers itself with the core when the library is loaded.
This is a step towards making backends into loadable modules, but it
doesn't actually do that.
This is just code motion.
It's fairly pointless to do this with TCG, since all we would be doing
is emulating a more complicated processor slowly. Also it may be the
cause of subtle problems we see during testing.
This updates commit 6f76fdb41e.
qemu -cpu \? documents this as:
host KVM processor with all supported host features (only available in KVM mode)
And indeed if you try it with TCG you'll get this error:
Unable to find CPU definition: host
This fixes commit 038ed0a08e.
These run the test suite using User-Mode Linux. Currently you have to
set LIBGUESTFS_QEMU to point to the vmlinux binary, but perhaps we
can solve that in future.
For reasons not fully understood, if md is linked into the kernel (and
not a module), a /dev/md0 device node is created. However this is not
a real RAID device. For example running mdadm --detail /dev/md0 will
fail on it.
Check the /dev/md<X> devices are real RAID devices before returning
them from the list-md-devices API.
This would have broken the function if we were comparing mixed
/dev/sda and /dev/ubda (ie different length) strings. Which we never
normally do, luckily.
If qemu goes away it is (more in theory than in reality) possible for
log messages to be lost in the kernel's socket buffer.
This turns out to matter more for User-Mode Linux.
Previously device name translation worked on the string in-place.
This worked fine because the device strings always come from XDR where
they are dynamically allocated. However it wouldn't work if the
translated name had to be longer than the original, specifically for
/dev/sd -> /dev/ubd (for User Mode Linux).
Therefore this commit changes the generator so that
device_name_translation and parse_btrfsvol (which depends on it)
allocate the new device name instead of overwriting it.
These macros are pretty horrible to use, with unexpected side-effects.
Move them exclusively into the generated code and rewrite the one
place in the general C code which used them.
There's no functional change in this code.
Using ./configure --enable-valgrind-daemon breaks valgrinding of the
library because guestfs_close wouldn't call guestfs_shutdown in that
case, resulting in some resources owned by the backend being leaked.
After this commit, --enable-valgrind-daemon will shut down the handle
normally.
This updates commit 55e3b8711f.
Don't add the "valgrind channel" to the appliance.
Just dump out the valgrind.log to stderr while the daemon is running.
Ensure that if valgrind tests fail in the appliance, that we don't
exit with success in the library by checking for a canary message in
the verbose daemon logs.
This allows the option to be used routinely by developers.
This is also called implicitly from internal_autosync, ensuring that
exit won't fail because of an open handle.
libguestfs: error: internal_autosync: umount: /sysroot: umount: /sysroot: target is busy.
(In some cases useful info about processes that use
the device is found by lsof(8) or fuser(1))
The code in do_part_get_bootable() assumes that if a partition has the
bootable flag set, then that is the only flag. It compares the entire
flags field with the string "boot". However, the boot flag isn't
always the only flag. For instance, POWER systems typically have a
bootable partition of type 0x41 (PPC PReP boot), which parted -m
displays as:
# parted -m -- f18.img unit b print
BYT;
/root/f18.img:16106127360B:file:512:512:msdos::;
1:1048576B:5242879B:4194304B:::boot, prep;
That is, the flags field contains "boot, prep", and thus libguestfs
fails to see that this partition is bootable. Ultimately this causes
virt-resize to fail to set the bootable flag on the boot partition of
the destination image, resulting in an image that won't boot.
This patch fixes the problem by searching for the string "boot" within
the flags field, instead of comparing the whole flags field.
'-cpu host' makes the CPU look like the host CPU. This is useful
because it means the appliance can use all the host CPU's features,
eg. for fast checksumming or MD XORing.
'kvmclock' is the paravirtualized clock for qemu/KVM. It's much more
stable than relying on tsc or a virtualized device such as HPET, and
clock instability is one of the problems we have encountered when
running libguestfs on a heavily loaded machine, especially in a nested VM.
Note that we require qemu >= 1.2 (and have for a while) which has long
supported both of these options.
- Use 'op' instead of 'xxx_op' for operation table.
- Add a 'defaults' for the operation table and remove any default
values.
This is just code motion and there is no functional change.
This adds a virt-sysprep 'password' operation which adds the
following command line options:
--root-password Set the guest's root password.
--password Set any guest password.
Disable this operation because it is more likely than not to break
Linux guests.
To fix this properly will involve finding all the places in the guest
where the UUIDs are used to locate and mount filesystems,
eg. /etc/fstab and possibly initramfs.
This updates commit 8965368eb8.
journal.c: In function 'do_journal_skip':
journal.c:134:5: error: format '%zd' expects argument of type 'signed size_t', but argument 3 has type 'int64_t' [-Werror=format=]
reply_with_perror_errno (-r, "failed to skip %zd journal entries", skip);
^
This fixes commit 5cb7f294f6.
This adds simple support for reading the journal files from guests
that use the systemd journal.
The new APIs are:
journal-open
journal-close
journal-next
journal-skip
journal-get
journal-get-data-threshold
journal-set-data-threshold
internal-journal-get
More complex journal support (eg. for seeking within the journal,
support for cursors) could be added later.
Although g->tmpdir is always set after launch, and none of these calls
should be used before launch, it's always possible that a caller would
use one of these APIs before launching the handle.
If guestfs___lazy_make_tmpdir is not called, then g->tmpdir is NULL,
and the constructed filename would look like "(null)/...".
In fact it's possible to observe this error (although it seems to have
no especially bad effects):
$ strace guestfish ls / |& fgrep '(null)'
unlink("(null)/ls1") = -1 ENOENT (No such file or directory)
The FileIn/FileOut parameters are not passed through to the daemon.
Previously we generated incorrect RPC code (an empty 'struct
guestfs_<fn>_args') because we didn't account for these FileIn/FileOut
parameters correctly.
Review every test(!) to ensure that it:
- Doesn't use a generic name (eg. "test1.img", "test.out") for any
temporary file it needs.
- Does instead use a unique name or a temporary name (eg. a name like
"name-of-the-test.img", or a scratch disk).
- Does not use 'rm -f' to clean up its temporary files (so we can
detect errors if the wrong temporary file is created or removed).
This allows tests to be run in parallel, so they don't stomp on each
other's temporary files.
Although autodetecting is safe (we always have just created a drive),
it saves a little bit of time if we don't have to run qemu-img to
detect the disk format with the libvirt backend.
Note that for prepared drives the format is always raw and we don't
anticipate creating drives in other formats.
Implement 'set-label' for XFS filesystems.
Fix the call for btrfs. Previous
commit d5817537fa added some bogus
documentation implying this call would work for btrfs, but it did
not.
Add tests.
Replaces code such as:
fd = open "test1.img"
ftruncate fd, size
close fd
g.add_drive "test1.img"
with the shorter and simpler:
g.add_drive_scratch size
Previously if the 'qemu-img info --output json' command failed, then
the stdout callback would be called first with a zero-length buffer.
Since a zero-length buffer cannot be valid JSON (in this context)
don't produce a separate error message.
However do catch the case when qemu-img info might produce no output
and no error (if that were to happen -- it does not happen at the
moment).
$ guestfish disk-format /etc/nosuchfile
Instead of this obscure double error message:
libguestfs: error: qemu-img info: JSON parse error: parse error: premature EOF
(right here) ------^
libguestfs: error: qemu-img info: /etc/nosuchfile: qemu-img info exited with error status 1.
To see full error messages you may need to enable debugging.
See http://libguestfs.org/guestfs-faq.1.html#debugging-libguestfs
You will now see this simpler error:
libguestfs: error: disk info: /etc/nosuchfile: No such file or directory
Thanks: Bo Fan.
No single test should run longer than 1 hour even on the slowest of
hardware. We are having a problem in Koji where a test hangs and then
we end up losing the output completely, so a timeout + print the log
to that point is much better.
It was using the installed copy of libguestfs not the local copy.
We can't encode the paths in guestfs.go, since this source file gets
copied into the install directory where those paths would not make
sense. Instead we have to use CGO_CFLAGS and CGO_LDFLAGS to
communicate the right flags to go when doing the local build and test.
By specifying a cleanup function we can ensure that Augeas and hivex
functions can be tested.
There is no functional change here, verified by diffing the generated
file tests/c-api/tests.c before and after.
Add a utility function (fstype_is_extfs) to match ext2/3/4 filesystem
names. This is used in a couple of places.
When passing the mke2fs -t parameter, verify that the request is for
an ext2/3/4 filesystem. Previously we did not check this, and neither
did mke2fs when the -F flag was also used.
Since we don't usually move the first partition, if the first
partition has an unusually large offset from the start of the disk,
then the unpartitioned space in front of that partition counts as
partitioning overhead. However the previous surplus calculation was
not taking that into account.
This was a problem for certain Ubuntu images which are partitioned
with an 8 MB gap before the first partition.
Thanks: David Hart.
Also add an example from a real RHEL 6 guest.
Remove rules for building these XML files which are no longer
relevant. These files were built by running virt-inspector on real
guests, and then edited to remove excessive <application> sections.
Commit e71b2c11f5 broke inspection of
Fedora guests because guestfs_is_file returns false for
/etc/redhat-release (it's a symlink to a file, not a file).
We fix this by using the new followsymlinks flag added in the
previous commit. Thus guestfs_is_file becomes
guestfs_is_file_opts (g, filename, GUESTFS_IS_FILE_OPTS_FOLLOWSYMLINKS, 1, -1)
which checks if it's a file or a symlink to a file.
This fixes commit e71b2c11f5.
This adds an extra optional boolean 'followsymlinks' flag to those 6
is-* APIs. If the flag is true, then symlinks are followed, ie. we
use stat instead of lstat in the test.
For the rationale behind this change, see:
https://bugzilla.redhat.com/show_bug.cgi?id=974489
Commit 864ef706a8 (in Aug 2012) broke
the deprecated txz-out API. Because of a thinko during this commit,
instead of producing xz files it produces bzip2 files.
Fix this API again.
Thanks: Bo Fan / Red Hat QA team.
Fix a bogus warning introduced by
5abb196de8. If a non-windows partition
hasn't been detected as something else and falls through to windows
detection, inspection would display a bogus warning about missing
/boot.ini.
RWMJ: Test if guestfs_is_file > 0, in case it returns an error.
This change refactors guestfs___has_windows_systemroot to
guestfs___get_windows_systemroot. The new function returns a
dynamically allocated char * which must be freed.
The new function is no less efficient than before, as it returns the
result of guestfs___case_sensitive_path_silently, which is required
anyway. The new code is slightly more efficient than before, as it
re-uses the result of this testing in guestfs___check_windows_root
rather than running it again.
This file is mainly a central place to:
- include localenv if it exists, and
- define the RHEL 5 backwards compatibility macros, instead of
spreading them over every other file.
This has to run on every build, so:
- Use two grep commands instead of lots.
- Remove unnecessary use of sed.
- Remove some obsolete directories that haven't existed for a long time.
Previously, every subdirectory that contained generated files would
cause a recursion into the ../generator directory. This was slow and
unnecessary. Only recurse if the generator actually needs to be
rerun.
Note this changes the semantics slightly: For example if you added a
new action and just ran `make -C ocaml' then previously the generator
would be rerun, but now it would not. However I'm not convinced the
previous semantics were that useful, particularly considering that
with this change a simple `make' is much faster.
Yet another protocol bug!
If the daemon cancels, then the library should send a cancellation
chunk. It normally does this during the loop where it is uploading a
file. However due to an oversight or possibly a regression when we
modularized the socket code, the library did not send a cancellation
chunk if the daemon cancelled just before the end of file was sent.
This commit fixes this.
The public-facing functions like 'guestfs_*' are implemented as
wrappers around implementation functions like 'guestfs__*' (for
library-side functions only).
Don't call from one 'guestfs__*' function to another. It prevents
ENTER events from being caught, especially where a deprecated function
calls another implementation.
Most code was not doing this, but there were still some places left
where it was done.
The timeout lets us read remote images without timing out.
The noop scheduler lets the host do scheduling. This generally makes
sense for mixed workloads because the host has a global view of the
system, and often has more compute power too.
virtio-blk is obsolete so we don't need to bother optimizing it.
People should use virtio-scsi instead.
Also virtio-blk should choose the optimal settings itself.
This was originally added to fix this bug:
https://bugzilla.redhat.com/show_bug.cgi?id=509383
This runs all of the check* rules. Since this includes 'make check',
'make check-all' is not quite equivalent to the old 'make extra-tests'
which was removed in the previous commit.
The following commit:
commit 5a3da36626
Author: Richard W.M. Jones <rjones@redhat.com>
Date: Thu Jan 24 17:07:38 2013 +0000
inspect: Use CLEANUP_* macros in inspection code.
can cause a double-free along an error path when certain guest files
are empty where we expected those files to contain at least one line.
This causes virt-inspector to crash when run on these guests.
The following is a test case which demonstrates the crash.
`f20rawhidex64' is a Fedora guest, but with small adjustments to the
test you could use any Linux guest for this test.
$ qemu-img create -f qcow2 -b f20rawhidex64 /tmp/test.qcow2
Formatting '/tmp/test.qcow2', fmt=qcow2 size=21474836480 backing_file='f20rawhidex64' encryption=off cluster_size=65536 lazy_refcounts=off
$ guestfish -i -a /tmp/test.qcow2 -- rm /etc/redhat-release : touch /etc/redhat-release
$ virt-inspector /tmp/test.qcow2
*** glibc detected *** virt-inspector: double free or corruption (fasttop): 0x00007f18bc9925a0 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x34ecc7ca8e)[0x7f18b8e64a8e]
/lib64/libguestfs.so.0(+0x3f91898078)[0x7f18ba13c078]
/lib64/libguestfs.so.0(+0x3f91899761)[0x7f18ba13d761]
/lib64/libguestfs.so.0(+0x3f91896d12)[0x7f18ba13ad12]
/lib64/libguestfs.so.0(+0x3f91894140)[0x7f18ba138140]
/lib64/libguestfs.so.0(guestfs_inspect_os+0x35)[0x7f18ba0bcc35]
virt-inspector(main+0x547)[0x7f18ba7c57d7]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7f18b8e09a05]
virt-inspector(+0x6665)[0x7f18ba7c7665]
This is a denial of service, but not likely to be exploitable.
(Found by Coverity)
Actually if you don't specify the port, currently libvirt gives
an error:
libguestfs: error: could not create appliance through libvirt: XML
error: missing port for host [code=27 domain=20]
However I think that is a bug in libvirt:
https://bugzilla.redhat.com/show_bug.cgi?id=965142
Because OStringList is an optarg, we must specify "a!" to
zend_parse_parameters.
However zend_parse_parameters still returns this as a *long* rather
than a NULL (or empty array) so positively check that it has returned
an array.
At least libpython2.7-dev and libpython3.3-dev on current
Debian/unstable ship with pkg-config files. As with the pkg-config
check for Lua, we check for versioned and an unversioned .pc files.
Modern qemu can now handle this properly. ':' is only special if what
precedes it looks like a transport, so:
qemu-system-x86_64 -drive foo:bar .. fails
qemu-system-x86_64 -drive ./foo:bar .. works
Thus by adding ./ in front of relative paths that contain ':' we can
work around this.
In addition, this broke iscsi:// URIs because iSCSI target names
routinely contain ':' characters.
This avoids confusion when using URIs in guestfish, since the path
will always start with a '/', and we don't otherwise know if we should
remove it or not. By forcing the '/' to always be there, we deal with
this problem in the API instead.
- Don't use fixed names for the disks. This will allow us to
parallelize this test.
- Add a new "GETKEY:<key>" String parameter which can retrieve keys
from the handle. The temporary disk names are stored as keys.
- Don't test the close callback. However this uses the close callback
mechanism to delete the temporary disks, and in any case close
callbacks are well tested by the language binding tests.
- The generated code now produces a static array of tests (instead of
a 'perform_tests' function), making it possible to parallelize.
Set ERL_LIBS and also create a phony 'ebin' directory for the
guestfs.beam (library) so that the tests run against the local copy
not the installed version, and so that separated builds work.
This was revealed by the regression test for RHBZ#664558.
Unfortunately because Ruby tests had been silently disabled,
this regression test was never run.
Despite this change, separated builds are still broken, apparently
because ExtUtils::MakeMaker doesn't support this sort of
configuration, or else we're using it wrong.
Since tests involving FileIn will often wish to read from local files,
it makes sense that they would want to open files in $srcdir.
Therefore allow such paths to be prefixed by "$srcdir" which is
substituted at run time by the same named environment variable (set by
automake).
This fixes separated builds in tests/c-api directory.
Previously the generator binary was (deliberately) placed into the
source directory. However there was no real reason for this to
happen. Always put the build products into the builddir.
Since stamp-generator is a Makefile thing, make it in the Makefile,
not in the generator itself.
Also this ensures stamp-generator is created in the builddir, not in
the source directory (fixing separated builds).
Because the generator subdirectory is cleaned first, and other
directories recurse into the generator directory, 'make distclean'
would fail (because generator/Makefile would be deleted by that
point).
Change subdirs-rules.mk so it doesn't fail if generator/Makefile has
been deleted already.
The previous test for grub-install hard-coded /dev/vda (ie. assuming
virtio-blk instead of more modern virtio-scsi).
This changes the test to hard-code /dev/sda instead. However this
change is still not correct since /dev/sda will be adjusted by block
device name translation in the call to grub-install, but not what is
written to /boot/grub/device.map.
Since we no longer support grub-install on Fedora, this won't affect
things, but Ubuntu still has a 'grub-install' command (although it's
actually from grub2).
This works around the following warning:
virt-ls.c: In function 'show_file':
virt-ls.c:574:1: error: stack protector not protecting function: all local arrays are less than 4 bytes long [-Werror=stack-protector]
With recent GCC, you get this warning:
tests-main.c: In function 'skipped':
tests-main.c:256:3: error: function might be possible candidate for 'gnu_printf' format attribute [-Werror=suggest-attribute=format]
This is safer, because otherwise a URI could contain some clever
"unix:..." string as the hostname, tricking qemu into opening a Unix
domain socket at an uncontrolled location.
This fixes commit 349300af08.
libxml2 is very commonly available on Linux distros and has also been
ported (and is widely available) on Mac OS X and Windows. Therefore
simply require libxml2, and remove a lot of conditional code.
Add a remote drive by doing:
guestfish -a ssh://example.com/path/to/disk.img
There are several different protocols supported, as explained in the
man page.
This affects all virt-* tools that use the common guestfish options
parsing code.
This adds helper C functions 'is_string_list' and 'is_device_list'
allowing these tests to be carried out in generic C code instead of as
specialized tests.
Instead of using the various 'TestOutput', 'TestOutputList' etc
macros, it makes better sense to let the tests contain fragments of C
code to perform the checks.
Several new macros are added:
- 'TestResult': This macro takes a C expression which is evaluated to
test the result of commands. For example to compare if a string
result has some value:
TestResult (* command sequence *), "STREQ (ret, \"abcd\")"
The variable "ret" contains the result from the last command in the
sequence. But also, variables "ret1", "ret2", etc contain the results
from the last but one command, the command before that, and so forth,
allowing much more flexible tests to be written.
- 'TestResultTrue', 'TestResultFalse': Wrappers that test the last
command for true/false.
It's simpler to use the glibc 'program_invocation_short_name(3)'
feature, and fall back to a generic solution. Also remove risky
assignments to argv[0].
These set or get the program name in the handle. Most programs
will never need to call this, since we set this, if possible,
using the glibc 'program_invocation_short_name(3)' feature.
- /usr/lib{,64}/gconv/*:
This is the iconv data, required for APIs like iconv_open to work. In
particular, the mtools 'mcopy' program fails completely if it cannot
use iconv. 'mcopy' is used by SYSLINUX to copy files to the disk.
The error you would have seen is:
Error converting to codepage 850 Invalid argument
Cannot initialize 'S:'
Bad target s:/ldlinux.sys
- /usr/bin/localedef and /usr/sbin/build-locale-archive:
These are not really needed, but both are simply small binaries so we
might as well not delete them.
Setting the 'sparse' optional boolean causes writes to be omitted if
the block to be written contains all zero bytes.
This should help with sparse backing files (eg. raw, qcow2, dm-thin, etc).
Also, modify virt-resize to use this option by default when copying
devices. The savings in virt-resize can be quite startling, eg
'du -sh' (ie. true size) of a resized disk image:
8.1G /tmp/f15x32-resized.img # before this change
3.2G /tmp/f15x32-resized.img # after this change
This API is an easier to use version of the existing guestfs_available,
because the new API returns true/false instead of throwing an error
when a feature from the list is not available.
In truth we've had this implementation internally in the library
and several tools and in Sys::Guestfs::Lib for a long time. This
change just turns it into a publicly consumable API.
This directory (containing HTML documentation) can be removed
completely when making clean. CLEANFILES cannot recursively remove a
directory, so use a clean-local rule instead.
Rules such as 'make check-valgrind' are implemented using a for-loop.
They would always exit after the first error, even if 'make -k' was
used at the top-level. Since 'make -k'-style behaviour is generally
more useful, change these for-loops so they run all the tests, and
report errors at the end.
Current code wrote a single valgrind.log in the top-level directory.
This was overwritten with each valgrinded program, which wasn't much
use. The new version writes multiple separate valgrind-*.log files
containing the date and PID (so each is unique).
It would nice if valgrind could delete log files that don't contain
errors, but this doesn't appear to be possible.
This large, but mainly mechanical commit, renames "attach method"
everywhere to "backend".
Backwards compatibility of the API (guestfs_{set,get}_attach_method)
and environment (LIBGUESTFS_ATTACH_METHOD) is maintained, but in new
code use guestfs_{set,get}_backend and LIBGUESTFS_BACKEND instead.
The default backend (launching qemu directly) is now called 'direct'
instead of 'appliance', although you can still use 'appliance' as a
synonym.
In virt-df and virt-alignment-scan, ensure that errors that happen in
worker threads are propagated all the way up and result in
exit(EXIT_FAILURE).
Note that this makes the align/test-virt-alignment-scan-guests.sh test
fail (for a genuine reason). This is fixed in the following commit.
This updates commit 8b90f55dc7.
If using (eg) virtio-blk, the canonical name won't work unless device
name translation is done first.
This fixes commit 47b929b7893b3a76ff22760d245cb80720ae6345..
In particular, building virt-sysprep is slow because there are so many
modules. Enable parallel builds. If it breaks, we should fix it, not
work around it.
We only have to serialize the two calls to ocamlmklib, since both will
try to create a file called 'libmlguestfs.a'. Apart from that,
parallel builds here should be fine.
For example:
$ guestfish --long-options
--add
--cmd-help
--connect
--csh
--domain
--echo-keys
[etc.]
The idea of this is to make it easier to write a bash completion
script that accurately expands --<TAB> options for each command.
ISO apparently specified a limit of 4096 bytes/characters for strings.
The description of the guestfish command 'add-drive' is now longer
than this limit, causing this warning.
Turn off this warning, since GCC has no problems with these strings.
This changes the existing (non-published-in-stable) API for
add_drives{_opt} so that instead of having separate 'server' and
'port' parameters, now we have a single 'server' parameter which is a
list of strings.
This is so we will be able to cope with protocols such as Ceph which
allows multiple servers, or Sheepdog which can use an implicit local
server (ie. zero servers specified).
NBD still requires exactly one server.
This warning is actively dangerous. Because it forces you to use a
'default:' case in every switch statement, it means you can no longer
detect missing cases in enums.
You can now add remote NBD drives using:
><fs> add-drive "" format:raw protocol:nbd server:localhost
(Note that you also need to add port:NNNN if the server is running on
a non-standard port).
The corresponding qemu-nbd service can be started by doing:
qemu-nbd disk.img -t
This commit also adds a test.
It causes plenty of problems with people have multiple parallel
versions of libguestfs installed, and there's no benefit because you
can easily run libguestfs and tools from the build directory.
As with Perl, you can now set INSTALLDIRS to control where Ruby places
its files (ie. in the site dir, which is the default, or in the vendor
dir).
The difference in file layout between 'make install' and
'make INSTALLDIRS=vendor install' is shown below (for Fedora 18).
--- /tmp/site 2013-03-14 12:14:35.740015694 +0000
+++ /tmp/vendor 2013-03-14 12:14:13.668093944 +0000
@@ -119,21 +119,20 @@
./usr/lib64/ocaml/guestfs/mlguestfs.cmxa
./usr/lib64/ocaml/stublibs/dllmlguestfs.so
./usr/lib64/ocaml/stublibs/dllmlguestfs.so.owner
-./usr/lib64/perl5/auto/Sys/Guestfs/Guestfs.bs
-./usr/lib64/perl5/auto/Sys/Guestfs/Guestfs.so
-./usr/lib64/perl5/auto/Sys/Guestfs/.packlist
./usr/lib64/perl5/perllocal.pod
-./usr/lib64/perl5/Sys/bindtests.pl
-./usr/lib64/perl5/Sys/Guestfs/Lib.pm
-./usr/lib64/perl5/Sys/Guestfs.pm
+./usr/lib64/perl5/vendor_perl/auto/Sys/Guestfs/Guestfs.bs
+./usr/lib64/perl5/vendor_perl/auto/Sys/Guestfs/Guestfs.so
+./usr/lib64/perl5/vendor_perl/auto/Sys/Guestfs/.packlist
+./usr/lib64/perl5/vendor_perl/Sys/bindtests.pl
+./usr/lib64/perl5/vendor_perl/Sys/Guestfs/Lib.pm
+./usr/lib64/perl5/vendor_perl/Sys/Guestfs.pm
./usr/lib64/php/modules/guestfs_php.so
./usr/lib64/pkgconfig/libguestfs-gobject-1.0.pc
./usr/lib64/pkgconfig/libguestfs.pc
./usr/lib64/python2.7/site-packages/guestfs.py
./usr/lib64/python2.7/site-packages/libguestfsmod.la
./usr/lib64/python2.7/site-packages/libguestfsmod.so
-./usr/local/lib64/ruby/site_ruby/_guestfs.so
-./usr/local/share/ruby/site_ruby/guestfs.rb
+./usr/lib64/ruby/vendor_ruby/_guestfs.so
./usr/sbin/libguestfs-make-fixed-appliance
./usr/share/doc/libguestfs/example-debian-netinst-cd.xml
./usr/share/doc/libguestfs/example-debian.xml
@@ -406,3 +405,4 @@
./usr/share/man/uk/man3/guestfs-perl.3
./usr/share/man/uk/man3/guestfs-python.3
./usr/share/man/uk/man3/guestfs-ruby.3
+./usr/share/ruby/vendor_ruby/guestfs.rb
For prompting me to fix this, thanks: Hilko Bengen.
This adds a common utility function (guestfs___exit_status_to_string)
and a common error function (guestfs___external_command_failed), and
uses them all over the library and tools when converting exit status
in error messages etc.
This allows custom parameters to modify parameters added by
libguestfs, eg. by doing:
-set drive.hd0.file=rbd:foo/bar
[infernix adds the comment below:]
This works for recent versions of QEMU. The way to use this is:
guestfish
><fs> add-drive /dev/null
><fs> config -set drive.hd0.file=rbd:pool/volume
><fs> run
This will probably work for more types (sheepdog, iscsi et al), but
with the caveat that the libguestfs layers are bypassed so you'll
*always* end up directly accessing the disk in rw mode.
Prefix functions in this file with old_parser_... to make it clear
this is the old / slightly unsafe human output parser, which is
shortly to be replaced by a safer JSON parser.
This is just code motion.
- Use ./run script to run the tests.
- Set environment variables correctly, including $PATH.
- Test the locally built, not installed, copy of libguestfs.
The values of CONFIG, LAUNCHING and READY and (kind of) exposed
through the API so shouldn't change.
Use a bad sentinel for NO_HANDLE since that indicates a serious error.
Ruby ships its own config.h which may or may not define the same
relevant constants as our autoconf-generated config.h. Instead of
trying to specify the exact path to the wanted header file we may just
as well simply use Ruby's autoconf-inspired checks and macros.
This creates an abstract layer below the protocol code which handles
the socket operations. This will make it easier to introduce libvirt
virSocketPtr operations in future.
In the handle, g->conn contains the connection to the appliance.
g->conn is NULL when we're not connected.
poll(2) is used instead of select(2).
All error messages about launch failing or the appliance unexpectedly
dying are handled by two common error message functions, and these
contain a better explanation of what to do.
The earlier (pipe-based) code never set this flag, but that was a bug,
potentially allowing the file descriptor to be leaked to subprocesses.
Set the FD_CLOEXEC flag, but also ensure it is cleared in the child
process just before qemu is exec'd (otherwise qemu would not have a
console).
The libvirt backend already uses a Unix socket for the appliance
console, and so for the libvirt backend the fields g->fd[0] == g->fd[1].
Change the appliance backend to use a socketpair, so we need just a
single file descriptor for qemu stdin/stdout (ie. appliance console).
Consequently we can remove the array int fd[2] in the handle and
replace it with a single file descriptor.
When debugging is enabled, this prints out the permissions (ie.
ls -laZ) of the appliance and sockets directories. This should be
helpful for debugging RHBZ#913774.
Since qemu connects to both, there was no point at all in having these
sockets be readable by other, nor executable by anyone.
The sockets should now end up as:
srw-rw---- root.qemu
Despite what the documentation may have said, it certainly was not
safe to call guestfs_umount_local from another thread.
guestfs_umount_local could generate events, call the error handler, or
access other fields in the handle, with no locking at all.
We should aim to make guestfs_umount_local thread-safe in future.
See also:
https://bugzilla.redhat.com/show_bug.cgi?id=917706
This function is now generated, so bindings in various languages
are made automatically.
Note that the function previously returned void, but now it returns
int (although always 0). We don't believe that this is an ABI break
since existing programs will continue to work.
Non-daemon functions normally have a wrapper function called
eg. guestfs_name. The "real" (ie. hand-written) function is called
eg. guestfs__name. The wrapper deals with checking parameters and
doing trace messages.
This commit allows the wrapper function to be omitted. The reason is
so that we can handle a few functions that have to be thread-safe
(currently just: guestfs_user_cancel). The wrapper is not thread safe
because it can call events and/or the error handler.
libxml2 xmlXPathEvalExpression can return an unusual nodeset:
$1 = {type = XPATH_NODESET, nodesetval = 0x0, boolval = 0, floatval = 0,
stringval = 0x0, user = 0x0, index = 0, user2 = 0x0, index2 = 0}
Note that the nodeset is non-NULL, but the nodesetval is NULL.
Check every call site and fix those that don't deal with this
correctly.
When adding a domain (ie. guestfs_add_domain), read the SELinux
<label/> and <imagelabel/> from the guest and use them for the
appliance. The appliance is statically labelled the same as the
guest, so it is able to read its disks.
However tell libvirt not to try relabelling the disks, to prevent
libvirt from disturbing the existing labels on the disks (in
particular when the libvirt connection is closed, we don't want
libvirt to try to restore some other label on the disks).
Updated with feedback from Matthew Booth.
When a disk is opened readonly, the libvirt attach-method privately
creates a qcow2 overlay on top.
This commit lets that overlay get an SELinux label, and sets it to the
imagelabel specified by guestfs_internal_set_libvirt_selinux_label.
The above only applies to the libvirt attach-method.
If set, this causes <seclabel model=selinux relabel=no> to be added to
the disk element in the libvirt XML.
It has no effect *except* on the libvirt attach method when SELinux
and sVirt is being used.
This internal API sets two SELinux labels in the handle (the process
label and the image label -- they are closely related).
If using the libvirt attach-method with SELinux and sVirt, then this
will cause the following XML to be added to the appliance definition:
<seclabel type=static model=selinux relabel=yes>
<label>[LABEL HERE]</label>
<imagelabel>[IMAGELABEL HERE]</imagelabel>
</seclabel>
It is ignored by other attach-methods.
libguestfs handles are not thread safe, and it's not safe even to read
settings from the handle from multiple threads (eg. guestfs_get_trace).
Stop doing this in the parallel library. This caused fairly
reproducible segfaults when you enabled '-x' and/or '-v'.
This fixes commit 34e77af1bf.
This function is no longer called from anywhere outside the library,
or even outside libvirt-domain.c.
This is just code motion, except for the size_t changes which are
required in order to avoid signed overflow optimization error:
assuming signed overflow does not occur when simplifying conditional
to constant [-Werror=strict-overflow]
You can now run virt-df and virt-alignment-scan on all of the test
guests by doing:
./run ./df/virt-df -c test:///path/to/tests/guests/guests.xml
./run ./align/virt-alignment-scan -c test:///path/to/tests/guests/guests.xml
which is kinda cool.
Previously when you asked virt-df to show stats for all your libvirt
guests, it used a single appliance and tried to attach as many disks
as possible to it, even disks from different guests.
However this has been problematic: Not only is the code to do this
horrendously complex, but it's also insecure, and it doesn't interact
well with sVirt labels (see RHBZ#912499 comment 7).
In the meantime we discovered that running parallel appliances gives
you most of the performance of using a single appliance, but with a
lot less complexity and better guest isolation (see the documentation
in commit 680450f3b4).
Therefore this is a partial rewrite of virt-df so that in this case it
now uses parallel appliances.
Notes:
The '--one-per-guest' option is now the default and only way to do
things; this option now does nothing.
By default, the amount of parallelism to use is controlled by the
amount of free memory seen when virt-df starts up (subject to some
minima and maxima). The user can control this through new command
line option '-P'.
This mini-library runs the 'free -m' command and greps the output to
estimate the max. number of libguestfs appliances we could run in
parallel in the remaining free memory.
(Not entirely sure whether using Gnulib to replace standard functions
is a good idea at all.)
link with libgnu:
CCLD libguestfs-test-tool
libguestfs_test_tool-test-tool.o: In function `main':
/home/bengen/src/deb/pkg-libvirt/libguestfs/debian/build-default/test-tool/../../../test-tool/test-tool.c:103: undefined reference to `rpl_getopt_long'
/home/bengen/src/deb/pkg-libvirt/libguestfs/debian/build-default/test-tool/../../../test-tool/test-tool.c:113: undefined reference to `rpl_optarg'
/home/bengen/src/deb/pkg-libvirt/libguestfs/debian/build-default/test-tool/../../../test-tool/test-tool.c:125: undefined reference to `rpl_optarg'
/home/bengen/src/deb/pkg-libvirt/libguestfs/debian/build-default/test-tool/../../../test-tool/test-tool.c:126: undefined reference to `rpl_optarg'
/home/bengen/src/deb/pkg-libvirt/libguestfs/debian/build-default/test-tool/../../../test-tool/test-tool.c:109: undefined reference to `rpl_optarg'
libguestfs_test_tool-test-tool.o: In function `set_qemu':
/home/bengen/src/deb/pkg-libvirt/libguestfs/debian/build-default/test-tool/../../../test-tool/test-tool.c:382: undefined reference to `rpl_perror'
/home/bengen/src/deb/pkg-libvirt/libguestfs/debian/build-default/test-tool/../../../test-tool/test-tool.c:366: undefined reference to `rpl_perror'
libguestfs_test_tool-test-tool.o: In function `make_files':
/home/bengen/src/deb/pkg-libvirt/libguestfs/debian/build-default/test-tool/../../../test-tool/test-tool.c:416: undefined reference to `rpl_perror'
/home/bengen/src/deb/pkg-libvirt/libguestfs/debian/build-default/test-tool/../../../test-tool/test-tool.c:428: undefined reference to `rpl_perror'
CC guestfsd-9p.o
In file included from ../../../daemon/9p.c:32:0:
../../../daemon/daemon.h:33:34: fatal error: guestfs-internal-all.h: No such file or directory
This involves adding a new test API which crashes the appliance in the
middle of a simulated upload, then a test which uses that API to test
for the libguestfs (library-side) crash.
Instead of the segfault you now get a more informative error:
*stdin*:0: libguestfs: error: connection to daemon was closed unexpectedly.
This usually means the libguestfs appliance crashed. Please enable
debugging (LIBGUESTFS_DEBUG=1) and rerun the command, then look at the
debug messages output prior to this error.
libguestfs: error: /dev/stdout: write: Broken pipe
libguestfs: error: file receive cancelled by daemon
It should be possible to add the guestfs___free_string_list to
dllmlguestfs.so, but I cannot work out exactly how to do this. As a
result we end up using src/utils.c directly.
The libutils convenience library is a place for code shared between
the main library, language bindings and virt tools. Note that the
code is statically linked into both the library, each binding and each
tool, but this is an improvement because (a) the source is shared and
(b) libguestfs.so can export fewer private functions.
Currently it contains the cleanup functions, and the functions
guestfs___free_string_list function and guestfs___for_each_disk.
guestfs___for_each_disk has changed so that it no longer
unconditionally sets the error in the guestfs handle. Instead callers
can control error handling.
These are internal functions. Very old versions of libguestfs used to
export them, but they haven't been (and shouldn't be) exported for a
long time.
Also remove the unused guestfs_error function.
Earlier versions of automake complain if they get a configuration
parameter which they don't understand. The error is:
configure.ac:27: error: option 'serial-tests' not recognized
Use some m4 hackery to work around this.
It was failing to clean up and close the 'struct command' buffer,
because commit 94d90f03e2 added an
incomplete patch to use CLEANUP_CMD_CLOSE.
This fixes commit 94d90f03e2.
btrfs_subvolume_list can now take either the path of a mounted btrfs
filesystem, or a mountable describing the location of a btrfs
filesystem, or one of its volumes. In the latter case, the filesystem
will be automatically mounted outside of /sysroot before running the
btrfs tool, and unmounted afterwards.
There are now two forms of the 'debug progress' command:
(1) debug progress <n> (the original form) generates ordinary
rate-limited progress messages for <n> seconds.
(2) debug progress <n> <rate> generates progress messages every <rate>
microseconds for <n> seconds.
The second form omit the usual rate-limiting, and so wouldn't
be generated like this from an ordinary API call. However this
is useful for testing events (see RHBZ#909624).
Note that you have to use this as follows:
#if defined(__GNUC__) && GUESTFS_GCC_VERSION >= x0y0z /* gcc >= x.y.z */
since GUESTFS_GCC_VERSION is not defined unless it's GCC.
A Mountable is passed from the library to the daemon as a string. The daemon
stub parses it into a mountable_t, which it passes to the implementation.
Update all implementations which now take a mountable_t.
This change updates the api style of all apis which should take Mountable
descriptions rather than block devices. It also updates the documentation
accordingly, but doesn't implement any functional changes.
Because of evolution of the code, if the user used the --qemu or
--qemudir options, libguestfs-test-tool would segfault because
guestfs_set_qemu was being called before the guestfs handle was
opened.
Change the code so this doesn't happen, and also remove the global 'g'
variable to make the code a bit more robust.
Bug found by Amit Shah.
The second parameter passed into getline(3) is the size of the
allocated buffer, *NOT* the length of the returned line. This can be
confusing, so rename this parameter as 'allocsize' consistently
throughout the code.
This is just code motion.
This was disturbing to some users, but other users saw the warning
when it was really something they should pay attention to. Make it
clear that it's a warning, unless people are really using SELinux +
sVirt.
Thanks: Richard Harman.
For example:
{
CLEANUP_FREE_STAT struct guestfs_stat *stat = guestfs_stat (g, "/foo");
// stat is freed automatically when we leave the scope.
}
The new header file "guestfs-internal-frontend-cleanups.h"
includes definitions for these. It should not be included
directly.
Partition number was being passed to guestfs___check_for_filesystem_on
based on an index in list_partition. However, this ignores the
possibility of multiple block devices.
This change makes guestfs___check_for_filesystem_on examine the
passed-in device directly to determine if it is a whole device, or
what its partition number is.
The output of btrfs subvolume list has changed in F18 to include generation,
which breaks the parsing in btrfs_subvolume_list. This change replaces sscanf
with a more robust regular expression. The new regular expression should also
handle the addition of future unexpected columns.
The visibility field in action replaces in_fish, in_docs and internal.
The defined types are:
VPublic:
A public API. This is exported and documented in all language
bindings, and in guestfish.
VStateTest:
A public API which queries the library state machine. It is exported
and documented in all language bindings, but not guestfish.
VBindTest:
An internal API used only for testing language bindings. It is
guarded by GUESTFS_PRIVATE in the C api, but exported by all other
language bindings as it is required for testing. If language
bindings offer any way to guard use of these apis, that mechanism
should be used. It is not documented anywhere.
VDebug:
A debugging API. It is exported by all language bindings, and in
guestfish, but is not documented anywhere.
VInternal:
An internal-only API. It is guarded by GUESTFS_PRIVATE in the C api,
and not exported at all in any other language binding. It is not
documented anywhere.
Replace selected calls to 'perror (filename)' with:
fprintf (stderr, "syscall: %s: %m\n", filename);
so that more information is available about precisely which syscall
failed.
Note this is *not* reply_with_perror. These messages are only printed
in verbose output, for the benefit of debugging.
Previously I noticed that bfan used this command without any error:
><fs> hivex-open /WINDOWS/system32/config/software write:ture
^^^^^^^^^^
This was because the code allowed any string to be evaluated as a
boolean.
The new code is stricter. It allows the following strings only case
insensitive (everything else is an error):
1
true
t
yes
y
on
0
false
f
no
n
off
Not to be confused with the libxml2 macro 'BAD_CAST' which converts
from 'signed char *' to 'unsigned char *'.
The 'bad_cast' function was defined and used all over the place as a
replacement for a '(char *)' cast. I think it is better to make these
casts explicit, instead of hiding them in an obscure function.
This commit rearranges the internal header files.
"src/guestfs-internal.h" is just for the library, as before.
"src/guestfs-internal-frontend.h" is for use by all library, bindings,
tools C code, but NOT the daemon.
"src/guestfs-internal-all.h" is for use by all C code including the
daemon.
This is just code motion, but it has some important consequences:
(1) We can use the CLEANUP_* macros in bindings and tools code.
(2) We can get rid of TMP_TEMPLATE_ON_STACK.
(3) We will (in future) be able to stop bindings and tools code from
using the safe_* allocation functions (which are NOT safe to use
outside the library alone).
qemu-wrapper isn't regenerated if QEMUDIR is changed, so just
delete it and force regeneration.
Additionally we can drop the silent binary check, since
check-with-upstream-qemu-1 already does a similar test with --version
that will actually report an error to the user.
Certain functions are intended to be internal only, but we currently
export them anyway. This change moves them into a separate section of
guestfs.h protected by a GUESTFS_PRIVATE variable. This change also
enables private structs, but doesn't implement any.
This change only affects the C api. Language bindings aren't affected,
but probably should be in the future.
Without this change all the tests in the haskell bindings are rebuilt
every time. The primary motivation for this change is to fix this.
The fix for the above also allows parallel builds to be re-enabled.
Use the macro like this to create temporary variables which are
automatically cleaned up when the scope is exited:
{
CLEANUP_FREE char *foo = safe_strdup (bar);
...
// no need to call free (foo)!
}
The following code is also valid. The initialization of foo as 'NULL'
prevents any chance of free being called on an uninitialized pointer.
It may not be required in all cases.
{
CLEANUP_FREE char *foo = NULL;
...
foo = safe_malloc (100);
...
// no need to call free (foo)!
}
This is also valid:
{
CLEANUP_FREE char *foo = ..., *bar = ...;
...
// no need to call free (foo) or free (bar)!
}
The CLEANUP_FREE_STRING_LIST macro calls guestfs___free_string_list
on its argument. The argument may be NULL.
The CLEANUP_HASH_FREE macro calls hash_free on its argument. The
argument may be NULL.
Important implementation note:
------------------------------
On GCC and LLVM, this is implemented using __attribute__((cleanup(...))).
There is no known way to implement this macro on other C compilers, so
this construct will cause a resource leak.
Important note about close/fclose:
----------------------------------
We did NOT implement 'CLEANUP_CLOSE' or 'CLEANUP_FCLOSE' macros. The
reason is that I am not convinced that these can be used safely. It
would be OK to use these to collect file handles along failure paths,
but you would still want a regular call to 'close'/'fclose' since you
must test for errors, and so you end up having to do:
if (close (fd) == -1) {
// failure case
// avoid double-close in cleanup handler:
fd = -1;
...
}
// avoid double-close in cleanup handler:
fd = -1;
...
This is just code motion, but it allows us to read this flag inside
the 'construct_libvirt_xml_seclabel' function in future (as a possible
way to fix RHBZ#890291).
When debugging is enabled, this produces output like below. This is
useful when diagnosing what URI libguestfs is using.
libguestfs: opening libvirt handle: URI = NULL, auth = virConnectAuthPtrDefault, flags = 0
libguestfs: successfully opened libvirt handle: conn = 0xb05580
guestfs_last_errno (g) == 0 doesn't mean "no error". It means the
errno was not captured. In this case we have to substitute some sort
of errno, so choose EINVAL arbitrarily.
The reasons to do this are twofold:
(a) It's probably a tiny bit faster.
(b) It lets us capture the real errno if the link(2) syscall fails.
The errno is also passed through guestmount, fixing RHBZ#895905:
+ guestmount -a test1.img -m /dev/sda1:/ -m /dev/sda2:/boot /tmp/mnt
+ touch /tmp/mnt/foo
+ cd /tmp/mnt
+ ln foo boot/foo
ln: failed to create hard link ‘boot/foo’ => ‘foo’: Invalid cross-device link
cp will fail if /etc/lvm is an empty directory. Copy the entire
directory and adjust environment variable.
Signed-off-by: Olaf Hering <olaf@aepfle.de>
RWMJ:
- Fixed a couple of whitespace issues.
Using // coverity[...] or /* coverity[...] */ comments in the source
it is possible to suppress specific Coverity errors. The suppressed
error should occur in the line following the comment.
In this case I have suppressed two false positives from Coverity:
(a) We deliberately assign to a NULL pointer in order to cause a
segfault, for testing how the library reacts when this happens.
Coverity flags this, but it is not an error in this case.
(b) Coverity does not model global variables (a known shortcoming).
Therefore the code 'errno = posix_memalign (...)' cannot be modelled
by Coverity, even though the code is correct. Coverity raises a false
positive about this.
(Thanks Kamil Dudka, Coverity)
If there was no quoting character, the options could run off the end
of the string and into whatever string which happened to be following
in memory.
This bug was revealed when libguestfs was compiled on arm.
For the rationale behind this renaming, see:
b8cbe191d0
You can still, for the time being, use
./configure --with-febootstrap-yum-config
but it's preferred to switch to the new option. The new option is
identical, just renamed.
Qe still pass the deprecated --yum-config option to febootstrap
itself, since both old and new febootstrap support this.
For some reason the fs->device field was not set for swap devices.
Apparently this did not matter before (this bug has existed since at
least libguestfs 1.16), but in commit 6ee80b8dac we started to depend
on the fs->device field being non-NULL. This resulted in segfaults
when inspecting any guest which had a swap device, eg:
#0 __strcmp_sse42 () at ../sysdeps/x86_64/multiarch/strcmp-sse42.S:164
#1 0x00007ffff7d740cb in parent_device_already_probed (g=0x703a70,
partition=0x6f79b0 "/dev/vda4") at inspect.c:156
#2 0x00007ffff7d73e00 in guestfs__inspect_os (g=0x703a70) at inspect.c:83
#3 0x00007ffff7cee11d in guestfs_inspect_os (g=0x703a70) at actions-1.c:397
This commit sets fs->device to the device name.
(Thanks Matthew Booth for first noticing this problem.)
If ntfs-3g is not installed, then tests/guests creates a 'windows.img'
file which is zero-sized.
This is problematical because other tests which use this image will
fail at best, or hit RHBZ#847549 (qemu/virtio-scsi bug) at worst.
Change the tests which use windows.img so they skip if 'windows.img'
has zero size.
If you want to selectively run tests, or if the test suite fails half
way through, use:
make print-subdirs
to print the subdirectories, select the ones you want to run / the
remaining ones, and do:
make check SUBDIRS="..."
NOTE: This file is automatically generated from "update-bugs.sh".
Last updated: 2012-12-17
Last updated: 2014-03-20
This contains a local list of the bugs that are open against
libguestfs. Bugs are tracked in the Red Hat Bugzilla database
@@ -29,57 +29,27 @@ Bugs in NEW or ASSIGNED state are open and waiting for someone to fix.
554829 NEW https://bugzilla.redhat.com/show_bug.cgi?id=554829
SELinux handling could be done better.
563450 NEW https://bugzilla.redhat.com/show_bug.cgi?id=563450
list-devices returns devices of different types out of order
572337 NEW https://bugzilla.redhat.com/show_bug.cgi?id=572337
libguestfs should support gptsync
578103 NEW https://bugzilla.redhat.com/show_bug.cgi?id=578103
[RFE] Tool to Compare Windows Registry Entries
593511 NEW https://bugzilla.redhat.com/show_bug.cgi?id=593511
[RFE] function to get partition name
604041 NEW https://bugzilla.redhat.com/show_bug.cgi?id=604041
guestmount absolute symlinks don't work
624334 NEW https://bugzilla.redhat.com/show_bug.cgi?id=624334
blockdev-setbsz succeeds, but does not affect blockdev-getbsz
624335 NEW https://bugzilla.redhat.com/show_bug.cgi?id=624335
blockdev-setbsz succeeds, but does not affect blockdev-getbsz
637251 NEW https://bugzilla.redhat.com/show_bug.cgi?id=637251
virt-inspector fails to recognize data-only NTFS disk image
660687 NEW https://bugzilla.redhat.com/show_bug.cgi?id=660687
guestmount: "touch" command fails: touch: setting times of `timestamp': Invalid argument
672485 NEW https://bugzilla.redhat.com/show_bug.cgi?id=672485
[RFE] virt-edit/tar/inspector do not support encrypted system
693064 NEW https://bugzilla.redhat.com/show_bug.cgi?id=693064
Symbolic links on ntfs-3g are not followed correctly by some commands
696445 NEW https://bugzilla.redhat.com/show_bug.cgi?id=696445
Backport virt-inspector for virt-v2v
696451 NEW https://bugzilla.redhat.com/show_bug.cgi?id=696451
libguestfs: unknown filesystem label SWAP-sda2
700342 NEW https://bugzilla.redhat.com/show_bug.cgi?id=700342
virt-inspector resports unknown filesystem UUID
709326 NEW https://bugzilla.redhat.com/show_bug.cgi?id=709326
virt-inspector cannot detect ReactOS
737261 NEW https://bugzilla.redhat.com/show_bug.cgi?id=737261
libguestfs grub-install API needs grub1
745282 NEW https://bugzilla.redhat.com/show_bug.cgi?id=745282
[RFE] Support to use virt-filesystems with remote libvirt systems
745576 NEW https://bugzilla.redhat.com/show_bug.cgi?id=745576
libguestfs (or qemu?) hangs if sparse file runs out of disk space
@@ -95,33 +65,21 @@ Bugs in NEW or ASSIGNED state are open and waiting for someone to fix.
790837 NEW https://bugzilla.redhat.com/show_bug.cgi?id=790837
Use of atexit to clean up handles is wrong in multithreaded programs
803643 NEW https://bugzilla.redhat.com/show_bug.cgi?id=803643
inspect-is-multipart return false when inspection results should be true
803650 NEW https://bugzilla.redhat.com/show_bug.cgi?id=803650
inspect-is-live return false when inspection results should be true
803657 NEW https://bugzilla.redhat.com/show_bug.cgi?id=803657
[RFE] inspect-is-netinst : support more distributions
805417 NEW https://bugzilla.redhat.com/show_bug.cgi?id=805417
RFE: support inspection of installation ISOs of WinVista, Win7, Win2008 & Win2008r2
806179 NEW https://bugzilla.redhat.com/show_bug.cgi?id=806179
RFE: support inspection of icon for more Windows guests
808193 NEW https://bugzilla.redhat.com/show_bug.cgi?id=808193
g.launch() crashes on RHEL 5
812970 NEW https://bugzilla.redhat.com/show_bug.cgi?id=812970
virt-rescue cannot set ><rescue> prompt, on Ubuntu 12.04
813290 NEW https://bugzilla.redhat.com/show_bug.cgi?id=813290
mdadm (md-detail) test occasionally fails with 'md device /dev/md125 does not appear to be active.'
815149 NEW https://bugzilla.redhat.com/show_bug.cgi?id=815149
virt-alignment-scan gives error "part_list: could not parse row from output of parted print command: /dev/vda:4194304B:virtblk:512:512:msdos:Virtio Block Device"
819086 NEW https://bugzilla.redhat.com/show_bug.cgi?id=819086
look for qemu-kvm on /usr/libexec
822538 NEW https://bugzilla.redhat.com/show_bug.cgi?id=822538
libguestfs tools hang on qcow2 encrypted disks
@@ -140,48 +98,192 @@ Bugs in NEW or ASSIGNED state are open and waiting for someone to fix.
835622 NEW https://bugzilla.redhat.com/show_bug.cgi?id=835622
RFE: virt-sparsify should be able to sparsify onto a thin-provisioned LV
837941 NEW https://bugzilla.redhat.com/show_bug.cgi?id=837941
Data loss when writing to qcow2-format disk files
838081 NEW https://bugzilla.redhat.com/show_bug.cgi?id=838081
ocaml/t/guestfs_500_parallel_mount_local crashes in caml_thread_reinitialize
845234 NEW https://bugzilla.redhat.com/show_bug.cgi?id=845234
RFE: virt-ls on Windows guest doesn't support drive letters
846676 NEW https://bugzilla.redhat.com/show_bug.cgi?id=846676
guestfs_launch() hangs with Debian qemu-kvm 1.1.0
848464 NEW https://bugzilla.redhat.com/show_bug.cgi?id=848464
gobject javascript bindings cannot use 64 bit integers
857763 NEW https://bugzilla.redhat.com/show_bug.cgi?id=857763
libguestfs 'file-architecture' returns 'ARM' for arm binaries
863696 NEW https://bugzilla.redhat.com/show_bug.cgi?id=863696
[F18] libguestfs fails to mount a disk image file(in this case qcow2) as 'root'
864871 NEW https://bugzilla.redhat.com/show_bug.cgi?id=864871
libvirt error: could not create appliance through libvirt: unable to set security context 'unconfined_u:object_r:svirt_image_t:s0:cXXX,cYYY' on '.../console.sock'
865923 NEW https://bugzilla.redhat.com/show_bug.cgi?id=865923
Check that new qemu -machine option doesn't break libguestfs.
866994 NEW https://bugzilla.redhat.com/show_bug.cgi?id=866994
tgz-out causes memory leak in guestfsd
869179 NEW https://bugzilla.redhat.com/show_bug.cgi?id=869179
libguestfs fail to startup on latest rhel7 tree
880806 NEW https://bugzilla.redhat.com/show_bug.cgi?id=880806
virt-df with two -a options displays incorrect disk image name
887812 NEW https://bugzilla.redhat.com/show_bug.cgi?id=887812
libldm functionality is missing from Fedora 18 build of libguestfs
887826 NEW https://bugzilla.redhat.com/show_bug.cgi?id=887826
RFE: virt-sparsify cannot handle multi-disk virtual machines (eg. if they use LVM, MD, LDM, etc)
891909 NEW https://bugzilla.redhat.com/show_bug.cgi?id=891909
Can't make install with non-standard prefix as non-root
895898 NEW https://bugzilla.redhat.com/show_bug.cgi?id=895898
RFE: Allow interface to be specified with libvirt attach-method
895946 NEW https://bugzilla.redhat.com/show_bug.cgi?id=895946
Got incorrect block count number when resize ntfs file system via "ntfsresize_opts"
903987 NEW https://bugzilla.redhat.com/show_bug.cgi?id=903987
Command "acl-set-file" is inconvenient to use
906766 NEW https://bugzilla.redhat.com/show_bug.cgi?id=906766
virt-resize cannot resize RHEL 5 guest with GPT partition table type
906777 NEW https://bugzilla.redhat.com/show_bug.cgi?id=906777
In tests, set_label sometimes fails
910115 NEW https://bugzilla.redhat.com/show_bug.cgi?id=910115
RFE: support ntfsresize --bad-sectors option in virt-resize
910269 NEW https://bugzilla.redhat.com/show_bug.cgi?id=910269
Tracker: Bugs in other packages that stop libguestfs working
913815 NEW https://bugzilla.redhat.com/show_bug.cgi?id=913815
febootstrap: no ext2 root device found when running libguestfs-test-tools
917706 NEW https://bugzilla.redhat.com/show_bug.cgi?id=917706
guestfs_umount_local is not thread safe
920617 NEW https://bugzilla.redhat.com/show_bug.cgi?id=920617
RFE: virt-inspector (or another tool) should produce OVF output for oVirt / RHEV
927447 NEW https://bugzilla.redhat.com/show_bug.cgi?id=927447
[suse] virt tools hang on disk image, but libguestfs-test-tool runs OK
972292 NEW https://bugzilla.redhat.com/show_bug.cgi?id=972292
lgetxattrs can't show the file attribute list with ntfs FS in rhel7
972294 NEW https://bugzilla.redhat.com/show_bug.cgi?id=972294
lsetxattr/lgetxattr doesn't work to softlink file with ntfs FS in rhel7
973138 NEW https://bugzilla.redhat.com/show_bug.cgi?id=973138
RFE: sh & debug sh should be able to capture all output and error return code
979392 NEW https://bugzilla.redhat.com/show_bug.cgi?id=979392
[abrt] virt-manager crash from libguestfs launch_libvirt
980790 NEW https://bugzilla.redhat.com/show_bug.cgi?id=980790
fstrim returns error "FITRIM ioctl failed: Inappropriate ioctl for device"
982516 NEW https://bugzilla.redhat.com/show_bug.cgi?id=982516
sh "rpm -Va" fails because apparently /dev/shm is not created/bind-mounted correctly
982979 NEW https://bugzilla.redhat.com/show_bug.cgi?id=982979
Disable fstrim API/command in RHEL 6
983969 NEW https://bugzilla.redhat.com/show_bug.cgi?id=983969
RFE: virt-sysprep should be SELinux-aware
986242 NEW https://bugzilla.redhat.com/show_bug.cgi?id=986242
golang bindings cannot be compiled if golang-guestfs package is installed
987829 NEW https://bugzilla.redhat.com/show_bug.cgi?id=987829
virt-resize error: "lvm_set_filter: vgchange: Couldn't find device with uuid .. Refusing activation of partial LV"
988100 NEW https://bugzilla.redhat.com/show_bug.cgi?id=988100
RFE: journal reader in guestfish
991641 NEW https://bugzilla.redhat.com/show_bug.cgi?id=991641
virt-sysprep fs-uuids plugin doesn't update UUIDs in fstab, elsewhere
991830 NEW https://bugzilla.redhat.com/show_bug.cgi?id=991830
virt-resize throws ambiguous error when /dev/mapper/VG-LV path is used
994965 NEW https://bugzilla.redhat.com/show_bug.cgi?id=994965
libguestfs doesn't work on armv7hl
997160 NEW https://bugzilla.redhat.com/show_bug.cgi?id=997160
virt-sysprep prints: filesize: /etc/mdadm.conf: No such file or directory
998065 NEW https://bugzilla.redhat.com/show_bug.cgi?id=998065
libguestfs kernel hang in RHEL 6.5
1019388 NEW https://bugzilla.redhat.com/show_bug.cgi?id=1019388
firstboot scripts (virt-builder, virt-sysprep) don't work for Debian 6 & 7 guests
1021149 NEW https://bugzilla.redhat.com/show_bug.cgi?id=1021149
Rebase libguestfs to 1.24 in RHEL 7.1
1023630 NEW https://bugzilla.redhat.com/show_bug.cgi?id=1023630
enable-valgrind-daemon option breaks UML
1025942 NEW https://bugzilla.redhat.com/show_bug.cgi?id=1025942
Parallel virt-df and virt-alignment-scan tests sometimes deadlock
1027526 NEW https://bugzilla.redhat.com/show_bug.cgi?id=1027526
RFE: Labels for logical partitions lost in Windows 2003 after virt-resize for primary partition
1028676 NEW https://bugzilla.redhat.com/show_bug.cgi?id=1028676
Add virt-builder to RHEL 7.1
1029134 NEW https://bugzilla.redhat.com/show_bug.cgi?id=1029134
Broken links in virt-builder web man page
1033573 NEW https://bugzilla.redhat.com/show_bug.cgi?id=1033573
libguestfs inspection does not recognize NAS4Free OS installed on QCOW2 image
1035320 NEW https://bugzilla.redhat.com/show_bug.cgi?id=1035320
test faild during build
1040912 NEW https://bugzilla.redhat.com/show_bug.cgi?id=1040912
[ARM] mount-local / FUSE support does not seem to work at all
1041552 NEW https://bugzilla.redhat.com/show_bug.cgi?id=1041552
virt-sysprep should remove Pegasus certificates
1042780 NEW https://bugzilla.redhat.com/show_bug.cgi?id=1042780
Support the virt-sysprep --delete option
1051694 NEW https://bugzilla.redhat.com/show_bug.cgi?id=1051694
libguestfs FTBFS on Ubuntu saucy
1056047 NEW https://bugzilla.redhat.com/show_bug.cgi?id=1056047
virt-df generates no output for Solaris 11 x86_64 guest.
1056558 NEW https://bugzilla.redhat.com/show_bug.cgi?id=1056558
virt-sparsify overwrites block devices if used as output files
1057510 NEW https://bugzilla.redhat.com/show_bug.cgi?id=1057510
mount-local should give a clearer error if root is not mounted
1057873 NEW https://bugzilla.redhat.com/show_bug.cgi?id=1057873
elseifi=len1||j=len2thenfalse(* no match - different lengths *)
else(
letx1=getxdigitfp1.[i]andx2=getxdigitfp2.[j]in
matchx1,x2with
|Somex1,Somex2whenx1=x2->loop(i+1)(j+1)
|Somex1,Somex2->false(* no match - different content *)
|Some_,None->loopi(j+1)
|None,Some_->loop(i+1)j
|None,None->loop(i+1)(j+1)
)
in
loop00
andgetxdigit=function
|'0'..'9'asc->Some(Char.codec-Char.code'0')
|'a'..'f'asc->Some(Char.codec-Char.code'a')
|'A'..'F'asc->Some(Char.codec-Char.code'A')
|_->None
letrecverifytfilename=
ift.check_signaturethen(
letargs=quotefilenamein
do_verifytargs
)
andverify_detachedtfilenamesigfile=
ift.check_signaturethen(
matchsigfilewith
|None->
eprintf(f_"virt-builder: error: there is no detached signature file\nThis probably means the index file is missing a sig=... line.\nYou can use --no-check-signature to ignore this error, but that means\nyou are susceptible to man-in-the-middle attacks.\n");
eprintf(f_"virt-builder: error: GPG failure: could not verify digital signature of file\nTry:\n - Use the '-v' option and look for earlier error messages.\n - Delete the cache: virt-builder --delete-cache\n - Check no one has tampered with the website or your network!\n");
eprintf(f_"virt-builder: error: fingerprint of signature does not match the expected fingerprint!\n found fingerprint: %s\n expected fingerprint: %s\n")
eprintf(f_"virt-builder: error: could not run sha512sum command to verify checksum\n");
exit1
);
letcsum_actual=read_whole_filecsum_filein
letcsum_actual=
letlen=String.lengthcsum_actualin
iflen>0&&csum_actual.[len-1]='\n'then
String.subcsum_actual0(len-1)
else
csum_actualin
ifcsum<>csum_actualthen(
eprintf(f_"virt-builder: error: checksum of template did not match the expected checksum!\n found checksum: %s\n expected checksum: %s\nTry:\n - Use the '-v' option and look for earlier error messages.\n - Delete the cache: virt-builder --delete-cache\n - Check no one has tampered with the website or your network!\n")
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
