parent
592799bb9d
commit
6496f2ccb2
@ -1,2 +1,2 @@
|
|||||||
SOURCES/guestfs-tools-1.48.2.tar.gz
|
SOURCES/guestfs-tools-1.50.1.tar.gz
|
||||||
SOURCES/libguestfs.keyring
|
SOURCES/libguestfs.keyring
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
a4082a350bc8d303ebe31780964e2d72a81378c3 SOURCES/guestfs-tools-1.48.2.tar.gz
|
e1fbf090056a2c559f85df7fffe10d2e28a88c37 SOURCES/guestfs-tools-1.50.1.tar.gz
|
||||||
1bbc40f501a7fef9eef2a39b701a71aee2fea7c4 SOURCES/libguestfs.keyring
|
1bbc40f501a7fef9eef2a39b701a71aee2fea7c4 SOURCES/libguestfs.keyring
|
||||||
|
@ -1,100 +0,0 @@
|
|||||||
From 37c002682a9e5b87d5793f1567c4ddfb8ca72d11 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Laszlo Ersek <lersek@redhat.com>
|
|
||||||
Date: Sun, 10 Apr 2022 13:38:34 +0200
|
|
||||||
Subject: [PATCH] sysprep: remove lvm2's default "system.devices" file
|
|
||||||
|
|
||||||
(Background: lvm2 commit 83fe6e720f42, "device usage based on devices
|
|
||||||
file", 2021-02-23; first released in v2_03_12.)
|
|
||||||
|
|
||||||
"lvm pvscan" may be -- and in RHEL9, will soon be -- restricted to those
|
|
||||||
block devices whose WWIDs are listed in "/etc/lvm/devices/system.devices".
|
|
||||||
This is a problem when cloning a VM, as cloning may change the WWIDs of
|
|
||||||
the domain's disk devices, and then physical volumes underlying the guest
|
|
||||||
filesystems may not be found. Example:
|
|
||||||
<https://bugzilla.redhat.com/show_bug.cgi?id=2059545#c12>.
|
|
||||||
|
|
||||||
Add the "lvm-system-devices" operation for removing this file, so that
|
|
||||||
"lvm pvscan" investigate all block devices for PVs.
|
|
||||||
|
|
||||||
(Note that this operation is independent from "lvm-uuids". The libguestfs
|
|
||||||
appliance creates a pristine LVM_SYSTEM_DIR in "appliance/init" (see
|
|
||||||
libguestfs commit dd162d2cd56a), thus, when "lvm-uuids" calls "g#pvs" and
|
|
||||||
"g#vgs", those APIs can never be affected by an
|
|
||||||
"$LVM_SYSTEM_DIR/devices/system.devices" file.)
|
|
||||||
|
|
||||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2072493
|
|
||||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
|
||||||
Message-Id: <20220410113834.6258-1-lersek@redhat.com>
|
|
||||||
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
|
|
||||||
(cherry picked from commit 4fe8a03cd2d3e4570f4298245bb184ccdc4da0cd)
|
|
||||||
---
|
|
||||||
sysprep/Makefile.am | 1 +
|
|
||||||
.../sysprep_operation_lvm_system_devices.ml | 44 +++++++++++++++++++
|
|
||||||
2 files changed, 45 insertions(+)
|
|
||||||
create mode 100644 sysprep/sysprep_operation_lvm_system_devices.ml
|
|
||||||
|
|
||||||
diff --git a/sysprep/Makefile.am b/sysprep/Makefile.am
|
|
||||||
index 0e3afc8a0..7d5e8aadf 100644
|
|
||||||
--- a/sysprep/Makefile.am
|
|
||||||
+++ b/sysprep/Makefile.am
|
|
||||||
@@ -46,6 +46,7 @@ operations = \
|
|
||||||
ipa_client \
|
|
||||||
kerberos_data \
|
|
||||||
kerberos_hostkeytab \
|
|
||||||
+ lvm_system_devices \
|
|
||||||
lvm_uuids \
|
|
||||||
logfiles \
|
|
||||||
machine_id \
|
|
||||||
diff --git a/sysprep/sysprep_operation_lvm_system_devices.ml b/sysprep/sysprep_operation_lvm_system_devices.ml
|
|
||||||
new file mode 100644
|
|
||||||
index 000000000..b41fa5dbc
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/sysprep/sysprep_operation_lvm_system_devices.ml
|
|
||||||
@@ -0,0 +1,44 @@
|
|
||||||
+(* virt-sysprep
|
|
||||||
+ * Copyright (C) 2012-2022 Red Hat Inc.
|
|
||||||
+ *
|
|
||||||
+ * This program is free software; you can redistribute it and/or modify
|
|
||||||
+ * it under the terms of the GNU General Public License as published by
|
|
||||||
+ * the Free Software Foundation; either version 2 of the License, or
|
|
||||||
+ * (at your option) any later version.
|
|
||||||
+ *
|
|
||||||
+ * This program is distributed in the hope that it will be useful,
|
|
||||||
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
+ * GNU General Public License for more details.
|
|
||||||
+ *
|
|
||||||
+ * You should have received a copy of the GNU General Public License along
|
|
||||||
+ * with this program; if not, write to the Free Software Foundation, Inc.,
|
|
||||||
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
||||||
+ *)
|
|
||||||
+
|
|
||||||
+open Sysprep_operation
|
|
||||||
+open Common_gettext.Gettext
|
|
||||||
+
|
|
||||||
+module G = Guestfs
|
|
||||||
+
|
|
||||||
+let system_devices_file = "/etc/lvm/devices/system.devices"
|
|
||||||
+
|
|
||||||
+let rec lvm_system_devices_perform g root side_effects =
|
|
||||||
+ let typ = g#inspect_get_type root in
|
|
||||||
+ if typ = "linux" then g#rm_f system_devices_file
|
|
||||||
+
|
|
||||||
+let op = {
|
|
||||||
+ defaults with
|
|
||||||
+ name = "lvm-system-devices";
|
|
||||||
+ enabled_by_default = true;
|
|
||||||
+ heading = s_"Remove LVM2 system.devices file";
|
|
||||||
+ pod_description =
|
|
||||||
+ Some (s_"On Linux guests, LVM2's scanning for physical volumes (PVs) may \
|
|
||||||
+ be restricted to those block devices whose WWIDs are listed in \
|
|
||||||
+ C<" ^ system_devices_file ^ ">. When cloning VMs, WWIDs may \
|
|
||||||
+ change, breaking C<lvm pvscan>. Remove \
|
|
||||||
+ C<" ^ system_devices_file ^ ">.");
|
|
||||||
+ perform_on_filesystems = Some lvm_system_devices_perform;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+let () = register_operation op
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -1,347 +0,0 @@
|
|||||||
From 5792f2e95bcddf476f2fe37e0bc4d97bd881d8fa Mon Sep 17 00:00:00 2001
|
|
||||||
From: Laszlo Ersek <lersek@redhat.com>
|
|
||||||
Date: Tue, 10 May 2022 12:50:46 +0200
|
|
||||||
Subject: [PATCH] adopt inversion of SELinux relabeling in virt-customize
|
|
||||||
|
|
||||||
Remove "--selinux-relabel" options.
|
|
||||||
|
|
||||||
Do not add any "--no-selinux-relabel" options; rely on the internal check
|
|
||||||
for SELinux support instead ("is_selinux_guest" in
|
|
||||||
"common/mlcustomize/SELinux_relabel.ml").
|
|
||||||
|
|
||||||
"--no-selinux-relabel" becomes a real option for virt-sysprep now.
|
|
||||||
(Again?)
|
|
||||||
|
|
||||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1554735
|
|
||||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2075718
|
|
||||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
|
||||||
Message-Id: <20220510105046.15167-1-lersek@redhat.com>
|
|
||||||
Acked-by: Richard W.M. Jones <rjones@redhat.com>
|
|
||||||
[lersek@redhat.com: incorporate common submodule update]
|
|
||||||
(cherry picked from commit 19de3d1c8d4efb53565dbffe532d41ee9d25a832)
|
|
||||||
---
|
|
||||||
builder/templates/make-template.ml | 8 +-------
|
|
||||||
builder/virt-builder.pod | 20 ++++----------------
|
|
||||||
common | 2 +-
|
|
||||||
customize/customize_run.ml | 2 +-
|
|
||||||
customize/test-settings.sh | 3 ---
|
|
||||||
sysprep/main.ml | 2 --
|
|
||||||
sysprep/test-virt-sysprep-docs.sh | 2 +-
|
|
||||||
7 files changed, 8 insertions(+), 31 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/builder/templates/make-template.ml b/builder/templates/make-template.ml
|
|
||||||
index 6786fec19..b40789284 100755
|
|
||||||
--- a/builder/templates/make-template.ml
|
|
||||||
+++ b/builder/templates/make-template.ml
|
|
||||||
@@ -256,8 +256,7 @@ let rec main () =
|
|
||||||
printf "Sysprepping ...\n%!";
|
|
||||||
let cmd =
|
|
||||||
sprintf "virt-sysprep --quiet -a %s%s"
|
|
||||||
- (quote tmpout)
|
|
||||||
- (if is_selinux_os os then " --selinux-relabel" else "") in
|
|
||||||
+ (quote tmpout) in
|
|
||||||
if Sys.command cmd <> 0 then exit 1
|
|
||||||
);
|
|
||||||
|
|
||||||
@@ -480,11 +479,6 @@ and can_sysprep_os = function
|
|
||||||
| Debian _ | Ubuntu _ -> true
|
|
||||||
| FreeBSD _ | Windows _ -> false
|
|
||||||
|
|
||||||
-and is_selinux_os = function
|
|
||||||
- | RHEL _ | Alma _ | CentOS _ | CentOSStream _ | Fedora _ -> true
|
|
||||||
- | Debian _ | Ubuntu _
|
|
||||||
- | FreeBSD _ | Windows _ -> false
|
|
||||||
-
|
|
||||||
and needs_uefi os arch =
|
|
||||||
match os, arch with
|
|
||||||
| Fedora _, Armv7
|
|
||||||
diff --git a/builder/virt-builder.pod b/builder/virt-builder.pod
|
|
||||||
index f7dd6cdad..aeb505296 100644
|
|
||||||
--- a/builder/virt-builder.pod
|
|
||||||
+++ b/builder/virt-builder.pod
|
|
||||||
@@ -131,12 +131,6 @@ To update the installed packages to the latest version:
|
|
||||||
|
|
||||||
virt-builder debian-7 --update
|
|
||||||
|
|
||||||
-For guests which use SELinux, like Fedora and Red Hat Enterprise
|
|
||||||
-Linux, you may need to do SELinux relabelling after installing or
|
|
||||||
-updating packages (see L</SELINUX> below):
|
|
||||||
-
|
|
||||||
- virt-builder fedora-27 --update --selinux-relabel
|
|
||||||
-
|
|
||||||
=head2 Customizing the installation
|
|
||||||
|
|
||||||
There are many options that let you customize the installation. These
|
|
||||||
@@ -972,7 +966,7 @@ command line.
|
|
||||||
|
|
||||||
=item *
|
|
||||||
|
|
||||||
-SELinux relabelling is done (I<--selinux-relabel>).
|
|
||||||
+SELinux relabelling is done unless disabled with I<--no-selinux-relabel>.
|
|
||||||
|
|
||||||
=back
|
|
||||||
|
|
||||||
@@ -1072,8 +1066,7 @@ A typical virt-builder command would be:
|
|
||||||
--install puppet \
|
|
||||||
--append-line '/etc/puppet/puppet.conf:[agent]' \
|
|
||||||
--append-line '/etc/puppet/puppet.conf:server = puppetmaster.example.com/' \
|
|
||||||
- --run-command 'systemctl enable puppet' \
|
|
||||||
- --selinux-relabel
|
|
||||||
+ --run-command 'systemctl enable puppet'
|
|
||||||
|
|
||||||
The precise instructions vary according to the Linux distro. For
|
|
||||||
further information see:
|
|
||||||
@@ -1753,14 +1746,14 @@ two possible strategies it can use to ensure correct labelling:
|
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
-=item Using I<--selinux-relabel>
|
|
||||||
+=item Automatic relabeling
|
|
||||||
|
|
||||||
This runs L<setfiles(8)> just before finalizing the guest, which sets
|
|
||||||
SELinux labels correctly in the disk image.
|
|
||||||
|
|
||||||
This is the recommended method.
|
|
||||||
|
|
||||||
-=item I<--touch> F</.autorelabel>
|
|
||||||
+=item Using I<--no-selinux-relabel> I<--touch> F</.autorelabel>
|
|
||||||
|
|
||||||
Guest templates may already contain a file called F</.autorelabel> or
|
|
||||||
you may touch it.
|
|
||||||
@@ -1771,11 +1764,6 @@ them, which is normal and harmless.
|
|
||||||
|
|
||||||
=back
|
|
||||||
|
|
||||||
-Please note that if your guest uses SELinux, and you are doing operations
|
|
||||||
-on it which might create new files or change existing ones, you are
|
|
||||||
-recommended to use I<--selinux-relabel>. This will help in making sure
|
|
||||||
-that files have the right SELinux labels.
|
|
||||||
-
|
|
||||||
=head1 MACHINE READABLE OUTPUT
|
|
||||||
|
|
||||||
The I<--machine-readable> option can be used to make the output more
|
|
||||||
Submodule common 0a231b3e6..48527b876:
|
|
||||||
diff --git a/common/mlcustomize/customize-options.pod b/common/mlcustomize/customize-options.pod
|
|
||||||
index 71b545d..a83c80a 100644
|
|
||||||
--- a/common/mlcustomize/customize-options.pod
|
|
||||||
+++ b/common/mlcustomize/customize-options.pod
|
|
||||||
@@ -206,6 +206,19 @@ the image was built, use this option.
|
|
||||||
|
|
||||||
See also: L</LOG FILE>.
|
|
||||||
|
|
||||||
+=item B<--no-selinux-relabel>
|
|
||||||
+
|
|
||||||
+Do not attempt to correct the SELinux labels of files in the guest.
|
|
||||||
+
|
|
||||||
+In such guests that support SELinux, customization automatically
|
|
||||||
+relabels files so that they have the correct SELinux label. (The
|
|
||||||
+relabeling is performed immediately, but if the operation fails,
|
|
||||||
+customization will instead touch F</.autorelabel> on the image to
|
|
||||||
+schedule a relabel operation for the next time the image boots.) This
|
|
||||||
+option disables the automatic relabeling.
|
|
||||||
+
|
|
||||||
+The option is a no-op for guests that do not support SELinux.
|
|
||||||
+
|
|
||||||
=item B<--password> USER:SELECTOR
|
|
||||||
|
|
||||||
Set the password for C<USER>. (Note this option does I<not>
|
|
||||||
@@ -297,16 +310,6 @@ It cannot delete directories, only regular files.
|
|
||||||
|
|
||||||
=back
|
|
||||||
|
|
||||||
-=item B<--selinux-relabel>
|
|
||||||
-
|
|
||||||
-Relabel files in the guest so that they have the correct SELinux label.
|
|
||||||
-
|
|
||||||
-This will attempt to relabel files immediately, but if the operation fails
|
|
||||||
-this will instead touch F</.autorelabel> on the image to schedule a
|
|
||||||
-relabel operation for the next time the image boots.
|
|
||||||
-
|
|
||||||
-You should only use this option for guests which support SELinux.
|
|
||||||
-
|
|
||||||
=item B<--sm-attach> SELECTOR
|
|
||||||
|
|
||||||
Attach to a pool using C<subscription-manager>.
|
|
||||||
diff --git a/common/mlcustomize/customize-synopsis.pod b/common/mlcustomize/customize-synopsis.pod
|
|
||||||
index 5f18540..2520853 100644
|
|
||||||
--- a/common/mlcustomize/customize-synopsis.pod
|
|
||||||
+++ b/common/mlcustomize/customize-synopsis.pod
|
|
||||||
@@ -12,5 +12,5 @@
|
|
||||||
[--truncate-recursive PATH] [--timezone TIMEZONE] [--touch FILE]
|
|
||||||
[--uninstall PKG,PKG..] [--update] [--upload FILE:DEST]
|
|
||||||
[--write FILE:CONTENT] [--no-logfile]
|
|
||||||
- [--password-crypto md5|sha256|sha512] [--selinux-relabel]
|
|
||||||
+ [--password-crypto md5|sha256|sha512] [--no-selinux-relabel]
|
|
||||||
[--sm-credentials SELECTOR]
|
|
||||||
diff --git a/common/mlcustomize/customize_cmdline.ml b/common/mlcustomize/customize_cmdline.ml
|
|
||||||
index 9326baa..5d404e8 100644
|
|
||||||
--- a/common/mlcustomize/customize_cmdline.ml
|
|
||||||
+++ b/common/mlcustomize/customize_cmdline.ml
|
|
||||||
@@ -109,8 +109,8 @@ and flags = {
|
|
||||||
(* --no-logfile *)
|
|
||||||
password_crypto : Password.password_crypto option;
|
|
||||||
(* --password-crypto md5|sha256|sha512 *)
|
|
||||||
- selinux_relabel : bool;
|
|
||||||
- (* --selinux-relabel *)
|
|
||||||
+ no_selinux_relabel : bool;
|
|
||||||
+ (* --no-selinux-relabel *)
|
|
||||||
sm_credentials : Subscription_manager.sm_credentials option;
|
|
||||||
(* --sm-credentials SELECTOR *)
|
|
||||||
}
|
|
||||||
@@ -121,7 +121,7 @@ let rec argspec () =
|
|
||||||
let ops = ref [] in
|
|
||||||
let scrub_logfile = ref false in
|
|
||||||
let password_crypto = ref None in
|
|
||||||
- let selinux_relabel = ref false in
|
|
||||||
+ let no_selinux_relabel = ref false in
|
|
||||||
let sm_credentials = ref None in
|
|
||||||
|
|
||||||
let rec get_ops () = {
|
|
||||||
@@ -131,7 +131,7 @@ let rec argspec () =
|
|
||||||
and get_flags () = {
|
|
||||||
scrub_logfile = !scrub_logfile;
|
|
||||||
password_crypto = !password_crypto;
|
|
||||||
- selinux_relabel = !selinux_relabel;
|
|
||||||
+ no_selinux_relabel = !no_selinux_relabel;
|
|
||||||
sm_credentials = !sm_credentials;
|
|
||||||
}
|
|
||||||
in
|
|
||||||
@@ -459,11 +459,11 @@ let rec argspec () =
|
|
||||||
),
|
|
||||||
Some "md5|sha256|sha512", "When the virt tools change or set a password in the guest, this\noption sets the password encryption of that password to\nC<md5>, C<sha256> or C<sha512>.\n\nC<sha256> and C<sha512> require glibc E<ge> 2.7 (check crypt(3) inside\nthe guest).\n\nC<md5> will work with relatively old Linux guests (eg. RHEL 3), but\nis not secure against modern attacks.\n\nThe default is C<sha512> unless libguestfs detects an old guest that\ndidn't have support for SHA-512, in which case it will use C<md5>.\nYou can override libguestfs by specifying this option.\n\nNote this does not change the default password encryption used\nby the guest when you create new user accounts inside the guest.\nIf you want to do that, then you should use the I<--edit> option\nto modify C</etc/sysconfig/authconfig> (Fedora, RHEL) or\nC</etc/pam.d/common-password> (Debian, Ubuntu).";
|
|
||||||
(
|
|
||||||
- [ L"selinux-relabel" ],
|
|
||||||
- Getopt.Set selinux_relabel,
|
|
||||||
- s_"Relabel files with correct SELinux labels"
|
|
||||||
+ [ L"no-selinux-relabel" ],
|
|
||||||
+ Getopt.Set no_selinux_relabel,
|
|
||||||
+ s_"Do not relabel files with correct SELinux labels"
|
|
||||||
),
|
|
||||||
- None, "Relabel files in the guest so that they have the correct SELinux label.\n\nThis will attempt to relabel files immediately, but if the operation fails\nthis will instead touch F</.autorelabel> on the image to schedule a\nrelabel operation for the next time the image boots.\n\nYou should only use this option for guests which support SELinux.";
|
|
||||||
+ None, "Do not attempt to correct the SELinux labels of files in the guest.\n\nIn such guests that support SELinux, customization automatically\nrelabels files so that they have the correct SELinux label. (The\nrelabeling is performed immediately, but if the operation fails,\ncustomization will instead touch F</.autorelabel> on the image to\nschedule a relabel operation for the next time the image boots.) This\noption disables the automatic relabeling.\n\nThe option is a no-op for guests that do not support SELinux.";
|
|
||||||
(
|
|
||||||
[ L"sm-credentials" ],
|
|
||||||
Getopt.String (
|
|
||||||
diff --git a/common/mlcustomize/customize_cmdline.mli b/common/mlcustomize/customize_cmdline.mli
|
|
||||||
index 14eda49..7ee882a 100644
|
|
||||||
--- a/common/mlcustomize/customize_cmdline.mli
|
|
||||||
+++ b/common/mlcustomize/customize_cmdline.mli
|
|
||||||
@@ -101,8 +101,8 @@ and flags = {
|
|
||||||
(* --no-logfile *)
|
|
||||||
password_crypto : Password.password_crypto option;
|
|
||||||
(* --password-crypto md5|sha256|sha512 *)
|
|
||||||
- selinux_relabel : bool;
|
|
||||||
- (* --selinux-relabel *)
|
|
||||||
+ no_selinux_relabel : bool;
|
|
||||||
+ (* --no-selinux-relabel *)
|
|
||||||
sm_credentials : Subscription_manager.sm_credentials option;
|
|
||||||
(* --sm-credentials SELECTOR *)
|
|
||||||
}
|
|
||||||
diff --git a/common/mlcustomize/test-firstboot.sh b/common/mlcustomize/test-firstboot.sh
|
|
||||||
index b906997..24c67f3 100755
|
|
||||||
--- a/common/mlcustomize/test-firstboot.sh
|
|
||||||
+++ b/common/mlcustomize/test-firstboot.sh
|
|
||||||
@@ -61,9 +61,6 @@ case "$guestname" in
|
|
||||||
extra[${#extra[*]}]='/etc/inittab:
|
|
||||||
s,^#([1-9].*respawn.*/sbin/getty.*),$1,'
|
|
||||||
;;
|
|
||||||
- fedora*|rhel*|centos*)
|
|
||||||
- extra[${#extra[*]}]='--selinux-relabel'
|
|
||||||
- ;;
|
|
||||||
*)
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
diff --git a/common/mlcustomize/test-selinuxrelabel.sh b/common/mlcustomize/test-selinuxrelabel.sh
|
|
||||||
index 86278c6..caf7521 100755
|
|
||||||
--- a/common/mlcustomize/test-selinuxrelabel.sh
|
|
||||||
+++ b/common/mlcustomize/test-selinuxrelabel.sh
|
|
||||||
@@ -41,13 +41,12 @@ virt-builder "$guestname" --quiet -o "$disk"
|
|
||||||
# Test #1: relabel with the default configuration works.
|
|
||||||
rm -f "$disk_overlay"
|
|
||||||
guestfish -- disk-create "$disk_overlay" qcow2 -1 backingfile:"$disk"
|
|
||||||
-virt-customize -a "$disk" --selinux-relabel
|
|
||||||
+virt-customize -a "$disk"
|
|
||||||
|
|
||||||
# Test #2: relabel with no SELINUXTYPE in the configuration.
|
|
||||||
rm -f "$disk_overlay"
|
|
||||||
guestfish -- disk-create "$disk_overlay" qcow2 -1 backingfile:"$disk"
|
|
||||||
virt-customize -a "$disk" \
|
|
||||||
- --edit /etc/selinux/config:"s,^SELINUXTYPE=,#&,g" \
|
|
||||||
- --selinux-relabel
|
|
||||||
+ --edit /etc/selinux/config:"s,^SELINUXTYPE=,#&,g"
|
|
||||||
|
|
||||||
rm "$disk" "$disk_overlay"
|
|
||||||
diff --git a/common/options/uri.c b/common/options/uri.c
|
|
||||||
index 6b696fc..84d393c 100644
|
|
||||||
--- a/common/options/uri.c
|
|
||||||
+++ b/common/options/uri.c
|
|
||||||
@@ -135,7 +135,7 @@ parse (const char *arg, char **path_ret, char **protocol_ret,
|
|
||||||
socket = query_get (uri, "socket");
|
|
||||||
|
|
||||||
if (uri->server && STRNEQ (uri->server, "") && socket) {
|
|
||||||
- fprintf (stderr, _("%s: %s: cannot both a server name and a socket query parameter\n"),
|
|
||||||
+ fprintf (stderr, _("%s: %s: cannot have both a server name and a socket query parameter\n"),
|
|
||||||
getprogname (), arg);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
@@ -347,6 +347,7 @@ make_server (xmlURIPtr uri, const char *socket, char ***ret)
|
|
||||||
*ret = malloc (sizeof (char *) * 2);
|
|
||||||
if (*ret == NULL) {
|
|
||||||
perror ("malloc");
|
|
||||||
+ free (server);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
(*ret)[0] = server;
|
|
||||||
diff --git a/customize/customize_run.ml b/customize/customize_run.ml
|
|
||||||
index f2ee20413..99b5fe14d 100644
|
|
||||||
--- a/customize/customize_run.ml
|
|
||||||
+++ b/customize/customize_run.ml
|
|
||||||
@@ -415,7 +415,7 @@ let run (g : G.guestfs) root (ops : ops) =
|
|
||||||
warning (f_"passwords could not be set for this type of guest")
|
|
||||||
);
|
|
||||||
|
|
||||||
- if ops.flags.selinux_relabel then (
|
|
||||||
+ if not ops.flags.no_selinux_relabel then (
|
|
||||||
message (f_"SELinux relabelling");
|
|
||||||
SELinux_relabel.relabel g
|
|
||||||
);
|
|
||||||
diff --git a/customize/test-settings.sh b/customize/test-settings.sh
|
|
||||||
index ed4c90f2e..e8b492dd1 100755
|
|
||||||
--- a/customize/test-settings.sh
|
|
||||||
+++ b/customize/test-settings.sh
|
|
||||||
@@ -61,9 +61,6 @@ case "$guestname" in
|
|
||||||
extra[${#extra[*]}]='/etc/inittab:
|
|
||||||
s,^#([1-9].*respawn.*/sbin/getty.*),$1,'
|
|
||||||
;;
|
|
||||||
- fedora*|rhel*|centos*)
|
|
||||||
- extra[${#extra[*]}]='--selinux-relabel'
|
|
||||||
- ;;
|
|
||||||
*)
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
diff --git a/sysprep/main.ml b/sysprep/main.ml
|
|
||||||
index 087d1a17f..b760618ad 100644
|
|
||||||
--- a/sysprep/main.ml
|
|
||||||
+++ b/sysprep/main.ml
|
|
||||||
@@ -132,8 +132,6 @@ let main () =
|
|
||||||
[ L"mount-options" ], Getopt.Set_string (s_"opts", mount_opts), s_"Set mount options (eg /:noatime;/var:rw,noatime)";
|
|
||||||
[ L"network" ], Getopt.Set network, s_"Enable appliance network";
|
|
||||||
[ L"no-network" ], Getopt.Clear network, s_"Disable appliance network (default)";
|
|
||||||
- [ L"no-selinux-relabel" ], Getopt.Unit (fun () -> ()),
|
|
||||||
- s_"Compatibility option, does nothing";
|
|
||||||
[ L"operation"; L"operations" ], Getopt.String (s_"operations", set_operations), s_"Enable/disable specific operations";
|
|
||||||
] in
|
|
||||||
let args = basic_args @ Sysprep_operation.extra_args () in
|
|
||||||
diff --git a/sysprep/test-virt-sysprep-docs.sh b/sysprep/test-virt-sysprep-docs.sh
|
|
||||||
index 51500b5e9..9d0298d68 100755
|
|
||||||
--- a/sysprep/test-virt-sysprep-docs.sh
|
|
||||||
+++ b/sysprep/test-virt-sysprep-docs.sh
|
|
||||||
@@ -25,4 +25,4 @@ $top_srcdir/podcheck.pl "$srcdir/virt-sysprep.pod" virt-sysprep \
|
|
||||||
--path $top_srcdir/common/options \
|
|
||||||
--insert sysprep-extra-options.pod:__EXTRA_OPTIONS__ \
|
|
||||||
--insert sysprep-operations.pod:__OPERATIONS__ \
|
|
||||||
- --ignore=--dryrun,--dump-pod,--dump-pod-options,--no-selinux-relabel
|
|
||||||
+ --ignore=--dryrun,--dump-pod,--dump-pod-options
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
@ -1,101 +0,0 @@
|
|||||||
From 10e2f3fc7eef6da4d741f7617e80d028257d9884 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Laszlo Ersek <lersek@redhat.com>
|
|
||||||
Date: Wed, 25 May 2022 13:06:01 +0200
|
|
||||||
Subject: [PATCH] update common submodule
|
|
||||||
|
|
||||||
Shortlog for 48527b8768d7..f8de5508fe75:
|
|
||||||
|
|
||||||
Laszlo Ersek (1):
|
|
||||||
mlcustomize: refresh generated files
|
|
||||||
|
|
||||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2089748
|
|
||||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
|
||||||
(cherry picked from commit 273de755dfe7eb0f1e81dc62463c125e8bed0cff)
|
|
||||||
---
|
|
||||||
common | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
Submodule common 48527b876..f8de5508f:
|
|
||||||
diff --git a/common/mlcustomize/customize-options.pod b/common/mlcustomize/customize-options.pod
|
|
||||||
index a83c80a..8aafacd 100644
|
|
||||||
--- a/common/mlcustomize/customize-options.pod
|
|
||||||
+++ b/common/mlcustomize/customize-options.pod
|
|
||||||
@@ -310,6 +310,10 @@ It cannot delete directories, only regular files.
|
|
||||||
|
|
||||||
=back
|
|
||||||
|
|
||||||
+=item B<--selinux-relabel>
|
|
||||||
+
|
|
||||||
+This is a compatibility option that does nothing.
|
|
||||||
+
|
|
||||||
=item B<--sm-attach> SELECTOR
|
|
||||||
|
|
||||||
Attach to a pool using C<subscription-manager>.
|
|
||||||
diff --git a/common/mlcustomize/customize-synopsis.pod b/common/mlcustomize/customize-synopsis.pod
|
|
||||||
index 2520853..9e2c4b2 100644
|
|
||||||
--- a/common/mlcustomize/customize-synopsis.pod
|
|
||||||
+++ b/common/mlcustomize/customize-synopsis.pod
|
|
||||||
@@ -13,4 +13,4 @@
|
|
||||||
[--uninstall PKG,PKG..] [--update] [--upload FILE:DEST]
|
|
||||||
[--write FILE:CONTENT] [--no-logfile]
|
|
||||||
[--password-crypto md5|sha256|sha512] [--no-selinux-relabel]
|
|
||||||
- [--sm-credentials SELECTOR]
|
|
||||||
+ [--selinux-relabel] [--sm-credentials SELECTOR]
|
|
||||||
diff --git a/common/mlcustomize/customize_cmdline.ml b/common/mlcustomize/customize_cmdline.ml
|
|
||||||
index 5d404e8..a17bed4 100644
|
|
||||||
--- a/common/mlcustomize/customize_cmdline.ml
|
|
||||||
+++ b/common/mlcustomize/customize_cmdline.ml
|
|
||||||
@@ -111,6 +111,8 @@ and flags = {
|
|
||||||
(* --password-crypto md5|sha256|sha512 *)
|
|
||||||
no_selinux_relabel : bool;
|
|
||||||
(* --no-selinux-relabel *)
|
|
||||||
+ selinux_relabel_ignored : bool;
|
|
||||||
+ (* --selinux-relabel *)
|
|
||||||
sm_credentials : Subscription_manager.sm_credentials option;
|
|
||||||
(* --sm-credentials SELECTOR *)
|
|
||||||
}
|
|
||||||
@@ -122,6 +124,7 @@ let rec argspec () =
|
|
||||||
let scrub_logfile = ref false in
|
|
||||||
let password_crypto = ref None in
|
|
||||||
let no_selinux_relabel = ref false in
|
|
||||||
+ let selinux_relabel_ignored = ref false in
|
|
||||||
let sm_credentials = ref None in
|
|
||||||
|
|
||||||
let rec get_ops () = {
|
|
||||||
@@ -132,6 +135,7 @@ let rec argspec () =
|
|
||||||
scrub_logfile = !scrub_logfile;
|
|
||||||
password_crypto = !password_crypto;
|
|
||||||
no_selinux_relabel = !no_selinux_relabel;
|
|
||||||
+ selinux_relabel_ignored = !selinux_relabel_ignored;
|
|
||||||
sm_credentials = !sm_credentials;
|
|
||||||
}
|
|
||||||
in
|
|
||||||
@@ -464,6 +468,12 @@ let rec argspec () =
|
|
||||||
s_"Do not relabel files with correct SELinux labels"
|
|
||||||
),
|
|
||||||
None, "Do not attempt to correct the SELinux labels of files in the guest.\n\nIn such guests that support SELinux, customization automatically\nrelabels files so that they have the correct SELinux label. (The\nrelabeling is performed immediately, but if the operation fails,\ncustomization will instead touch F</.autorelabel> on the image to\nschedule a relabel operation for the next time the image boots.) This\noption disables the automatic relabeling.\n\nThe option is a no-op for guests that do not support SELinux.";
|
|
||||||
+ (
|
|
||||||
+ [ L"selinux-relabel" ],
|
|
||||||
+ Getopt.Set selinux_relabel_ignored,
|
|
||||||
+ s_"Compatibility option doing nothing"
|
|
||||||
+ ),
|
|
||||||
+ None, "This is a compatibility option that does nothing.";
|
|
||||||
(
|
|
||||||
[ L"sm-credentials" ],
|
|
||||||
Getopt.String (
|
|
||||||
diff --git a/common/mlcustomize/customize_cmdline.mli b/common/mlcustomize/customize_cmdline.mli
|
|
||||||
index 7ee882a..7d14e78 100644
|
|
||||||
--- a/common/mlcustomize/customize_cmdline.mli
|
|
||||||
+++ b/common/mlcustomize/customize_cmdline.mli
|
|
||||||
@@ -103,6 +103,8 @@ and flags = {
|
|
||||||
(* --password-crypto md5|sha256|sha512 *)
|
|
||||||
no_selinux_relabel : bool;
|
|
||||||
(* --no-selinux-relabel *)
|
|
||||||
+ selinux_relabel_ignored : bool;
|
|
||||||
+ (* --selinux-relabel *)
|
|
||||||
sm_credentials : Subscription_manager.sm_credentials option;
|
|
||||||
(* --sm-credentials SELECTOR *)
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -0,0 +1,480 @@
|
|||||||
|
From ec06f62df5340cd0a9466a532aa9806fb0e2e560 Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||||
|
Date: Sat, 18 Feb 2023 12:04:04 +0000
|
||||||
|
Subject: [PATCH] drivers: Look up vendor and device names in PCI and USB IDs
|
||||||
|
database
|
||||||
|
|
||||||
|
(cherry picked from commit ca21ee4918cd7d4472bd875a495752a03a03fa87)
|
||||||
|
---
|
||||||
|
.gitignore | 1 +
|
||||||
|
configure.ac | 1 +
|
||||||
|
drivers/Makefile.am | 6 +-
|
||||||
|
drivers/drivers.ml | 31 +++++
|
||||||
|
drivers/hwdata.ml | 187 +++++++++++++++++++++++++++
|
||||||
|
drivers/hwdata.mli | 31 +++++
|
||||||
|
drivers/hwdata_config.ml.in | 26 ++++
|
||||||
|
drivers/hwdata_config.mli | 35 +++++
|
||||||
|
drivers/test-virt-drivers-windows.sh | 13 +-
|
||||||
|
m4/guestfs-libraries.m4 | 3 +
|
||||||
|
po/POTFILES-ml | 2 +
|
||||||
|
11 files changed, 333 insertions(+), 3 deletions(-)
|
||||||
|
create mode 100644 drivers/hwdata.ml
|
||||||
|
create mode 100644 drivers/hwdata.mli
|
||||||
|
create mode 100644 drivers/hwdata_config.ml.in
|
||||||
|
create mode 100644 drivers/hwdata_config.mli
|
||||||
|
|
||||||
|
diff --git a/.gitignore b/.gitignore
|
||||||
|
index b0ada2e3c..c0ca330a3 100644
|
||||||
|
--- a/.gitignore
|
||||||
|
+++ b/.gitignore
|
||||||
|
@@ -95,6 +95,7 @@ Makefile.in
|
||||||
|
/customize/virt-customize
|
||||||
|
/df/virt-df
|
||||||
|
/drivers/.depend
|
||||||
|
+/drivers/hwdata_config.ml
|
||||||
|
/drivers/virt-drivers
|
||||||
|
/diff/virt-diff
|
||||||
|
/edit/virt-edit
|
||||||
|
diff --git a/configure.ac b/configure.ac
|
||||||
|
index 34c66b80e..e9fadcc9b 100644
|
||||||
|
--- a/configure.ac
|
||||||
|
+++ b/configure.ac
|
||||||
|
@@ -138,6 +138,7 @@ AC_CONFIG_FILES([Makefile
|
||||||
|
df/Makefile
|
||||||
|
diff/Makefile
|
||||||
|
drivers/Makefile
|
||||||
|
+ drivers/hwdata_config.ml
|
||||||
|
edit/Makefile
|
||||||
|
format/Makefile
|
||||||
|
get-kernel/Makefile
|
||||||
|
diff --git a/drivers/Makefile.am b/drivers/Makefile.am
|
||||||
|
index d27fc2e27..7e0ef659c 100644
|
||||||
|
--- a/drivers/Makefile.am
|
||||||
|
+++ b/drivers/Makefile.am
|
||||||
|
@@ -27,9 +27,13 @@ EXTRA_DIST = \
|
||||||
|
virt-drivers.pod
|
||||||
|
|
||||||
|
SOURCES_MLI = \
|
||||||
|
- drivers.mli
|
||||||
|
+ drivers.mli \
|
||||||
|
+ hwdata_config.mli \
|
||||||
|
+ hwdata.mli
|
||||||
|
|
||||||
|
SOURCES_ML = \
|
||||||
|
+ hwdata_config.ml \
|
||||||
|
+ hwdata.ml \
|
||||||
|
drivers.ml
|
||||||
|
|
||||||
|
SOURCES_C = \
|
||||||
|
diff --git a/drivers/drivers.ml b/drivers/drivers.ml
|
||||||
|
index 57cfb557c..f02165fa4 100644
|
||||||
|
--- a/drivers/drivers.ml
|
||||||
|
+++ b/drivers/drivers.ml
|
||||||
|
@@ -235,8 +235,14 @@ and windows_hardware_to_xml = function
|
||||||
|
(Option.map (fun v -> ("class", sprintf "%06LX" v)) pci_class);
|
||||||
|
List.may_push_back attrs
|
||||||
|
(Option.map (fun v -> ("vendor", sprintf "%04LX" v)) pci_vendor);
|
||||||
|
+ let vendorname = get_pci_vendor pci_vendor in
|
||||||
|
+ List.may_push_back attrs
|
||||||
|
+ (Option.map (fun v -> "vendorname", v) vendorname);
|
||||||
|
List.may_push_back attrs
|
||||||
|
(Option.map (fun v -> ("device", sprintf "%04LX" v)) pci_device);
|
||||||
|
+ let devicename = get_pci_device pci_vendor pci_device in
|
||||||
|
+ List.may_push_back attrs
|
||||||
|
+ (Option.map (fun v -> "devicename", v) devicename);
|
||||||
|
List.may_push_back attrs
|
||||||
|
(Option.map (fun v -> ("subsystem", sprintf "%08LX" v)) pci_subsys);
|
||||||
|
List.may_push_back attrs
|
||||||
|
@@ -261,8 +267,14 @@ and windows_hardware_to_xml = function
|
||||||
|
let attrs = ref [] in
|
||||||
|
List.may_push_back attrs
|
||||||
|
(Option.map (fun v -> ("vendor", sprintf "%04LX" v)) usb_vendor);
|
||||||
|
+ let vendorname = get_usb_vendor usb_vendor in
|
||||||
|
+ List.may_push_back attrs
|
||||||
|
+ (Option.map (fun v -> "vendorname", v) vendorname);
|
||||||
|
List.may_push_back attrs
|
||||||
|
(Option.map (fun v -> ("product", sprintf "%04LX" v)) usb_product);
|
||||||
|
+ let productname = get_usb_device usb_vendor usb_product in
|
||||||
|
+ List.may_push_back attrs
|
||||||
|
+ (Option.map (fun v -> "productname", v) productname);
|
||||||
|
List.may_push_back attrs
|
||||||
|
(Option.map (fun v -> ("revision", sprintf "%02LX" v)) usb_rev);
|
||||||
|
List.may_push_back attrs
|
||||||
|
@@ -272,6 +284,25 @@ and windows_hardware_to_xml = function
|
||||||
|
| Other path ->
|
||||||
|
Comment (sprintf "unknown DeviceId: %s" (String.concat "\\" path))
|
||||||
|
|
||||||
|
+and get_pci_vendor v = get_hwdata'1 Hwdata.pci_vendor v
|
||||||
|
+and get_pci_device v d = get_hwdata'2 Hwdata.pci_device v d
|
||||||
|
+and get_usb_vendor v = get_hwdata'1 Hwdata.usb_vendor v
|
||||||
|
+and get_usb_device v d = get_hwdata'2 Hwdata.usb_device v d
|
||||||
|
+
|
||||||
|
+and get_hwdata'1 f = function
|
||||||
|
+ | Some i64 when i64 >= 0_L && i64 <= 0xffff_L ->
|
||||||
|
+ let i32 = Int64.to_int32 i64 in
|
||||||
|
+ f i32
|
||||||
|
+ | _ -> None
|
||||||
|
+
|
||||||
|
+and get_hwdata'2 f v d =
|
||||||
|
+ match v, d with
|
||||||
|
+ | Some v64, Some d64 when v64 >= 0_L && v64 <= 0xffff_L &&
|
||||||
|
+ d64 >= 0_L && d64 <= 0xffff_L ->
|
||||||
|
+ let v32 = Int64.to_int32 v64 and d32 = Int64.to_int32 d64 in
|
||||||
|
+ f v32 d32
|
||||||
|
+ | _ -> None
|
||||||
|
+
|
||||||
|
(* Main program. *)
|
||||||
|
let main () =
|
||||||
|
let add, ks = parse_cmdline () in
|
||||||
|
diff --git a/drivers/hwdata.ml b/drivers/hwdata.ml
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000..4b46eff68
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/drivers/hwdata.ml
|
||||||
|
@@ -0,0 +1,187 @@
|
||||||
|
+(* virt-drivers
|
||||||
|
+ * Copyright (C) 2009-2023 Red Hat Inc.
|
||||||
|
+ *
|
||||||
|
+ * This program is free software; you can redistribute it and/or modify
|
||||||
|
+ * it under the terms of the GNU General Public License as published by
|
||||||
|
+ * the Free Software Foundation; either version 2 of the License, or
|
||||||
|
+ * (at your option) any later version.
|
||||||
|
+ *
|
||||||
|
+ * This program is distributed in the hope that it will be useful,
|
||||||
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
+ * GNU General Public License for more details.
|
||||||
|
+ *
|
||||||
|
+ * You should have received a copy of the GNU General Public License along
|
||||||
|
+ * with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
|
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
+ *)
|
||||||
|
+
|
||||||
|
+open Std_utils
|
||||||
|
+open Tools_utils
|
||||||
|
+open Common_gettext.Gettext
|
||||||
|
+
|
||||||
|
+open Printf
|
||||||
|
+open Scanf
|
||||||
|
+
|
||||||
|
+module DBKey = struct
|
||||||
|
+ type t =
|
||||||
|
+ | Vendor of int32
|
||||||
|
+ | Device of int32 * int32
|
||||||
|
+ let compare = compare
|
||||||
|
+end
|
||||||
|
+module DB = Map.Make (DBKey)
|
||||||
|
+
|
||||||
|
+let is_4_digit_hex id =
|
||||||
|
+ String.length id = 4 &&
|
||||||
|
+ Char.isxdigit id.[0] &&
|
||||||
|
+ Char.isxdigit id.[1] &&
|
||||||
|
+ Char.isxdigit id.[2] &&
|
||||||
|
+ Char.isxdigit id.[3]
|
||||||
|
+let hex_to_int32 id = sscanf id "%lx" identity
|
||||||
|
+
|
||||||
|
+(* Loads one of the [*.ids] files, returning the entries as a
|
||||||
|
+ * 3 level map. Returns [None] if the file could not be opened
|
||||||
|
+ * or parsed.
|
||||||
|
+ *)
|
||||||
|
+let load filename =
|
||||||
|
+ try
|
||||||
|
+ let lines = read_whole_file filename in
|
||||||
|
+ let lines = String.lines_split lines in
|
||||||
|
+
|
||||||
|
+ (* This loop drops blank lines and comments, splits the fields of
|
||||||
|
+ * the database, and returns [(lineno, indent, key, label) list].
|
||||||
|
+ *)
|
||||||
|
+ let rec loop lineno acc = function
|
||||||
|
+ | [] -> List.rev acc
|
||||||
|
+ (* Blank lines. *)
|
||||||
|
+ | "" :: lines ->
|
||||||
|
+ loop (lineno+1) acc lines
|
||||||
|
+ (* Note that # only starts a comment at the beginning of the line. *)
|
||||||
|
+ | comment :: lines when String.is_prefix comment "#" ->
|
||||||
|
+ loop (lineno+1) acc lines
|
||||||
|
+ (* Otherwise its some data. *)
|
||||||
|
+ | line :: lines ->
|
||||||
|
+ let len = String.length line in
|
||||||
|
+ let indent =
|
||||||
|
+ let rec counttabs i =
|
||||||
|
+ if i < len && line.[i] = '\t' then 1 + counttabs (i+1) else 0
|
||||||
|
+ in
|
||||||
|
+ counttabs 0 in
|
||||||
|
+ let line = String.sub line indent (len - indent) in
|
||||||
|
+
|
||||||
|
+ let n = String.cspan line " \t" in
|
||||||
|
+ let key, label = String.break n line in
|
||||||
|
+ let n = String.span label " \t" in
|
||||||
|
+ let _, label = String.break n label in
|
||||||
|
+
|
||||||
|
+ let acc =
|
||||||
|
+ if key = "" && label = "" then acc
|
||||||
|
+ else (lineno, indent, key, label) :: acc in
|
||||||
|
+
|
||||||
|
+ loop (lineno+1) acc lines
|
||||||
|
+ in
|
||||||
|
+ let lines = loop 1 [] lines in
|
||||||
|
+
|
||||||
|
+ (* Since the format is essentially a space-saving one where
|
||||||
|
+ * vendor name
|
||||||
|
+ * \t device name
|
||||||
|
+ * is short for:
|
||||||
|
+ * vendor name
|
||||||
|
+ * vendor device name
|
||||||
|
+ * pull the fields from previous lines down, resulting in
|
||||||
|
+ * a flat list.
|
||||||
|
+ *)
|
||||||
|
+ let rec loop keys acc = function
|
||||||
|
+ | [] -> List.rev acc
|
||||||
|
+ | (lineno, indent, key, label) :: lines ->
|
||||||
|
+ let prefix = List.take indent keys in
|
||||||
|
+ let keys = prefix @ [ key ] in
|
||||||
|
+ let acc = (lineno, keys, label) :: acc in
|
||||||
|
+ loop keys acc lines
|
||||||
|
+ in
|
||||||
|
+ let lines = loop [] [] lines in
|
||||||
|
+
|
||||||
|
+ (*
|
||||||
|
+ List.iter (
|
||||||
|
+ fun (lineno, keys, label) ->
|
||||||
|
+ eprintf "[%s] -> %s # line %d\n"
|
||||||
|
+ (String.concat ";" keys) label lineno
|
||||||
|
+ ) lines;
|
||||||
|
+ *)
|
||||||
|
+
|
||||||
|
+ (* Now we can finally process the database.
|
||||||
|
+ *
|
||||||
|
+ * We currently ignore the [C] (class) and other records
|
||||||
|
+ * that appear at the end of the file. We might want to
|
||||||
|
+ * try parsing these in future. It will require changes to
|
||||||
|
+ * the code above because the label isn't parsed right.
|
||||||
|
+ *)
|
||||||
|
+ let db =
|
||||||
|
+ List.fold_left (
|
||||||
|
+ fun db (lineno, keys, label) ->
|
||||||
|
+ let loc = filename, lineno in
|
||||||
|
+ match keys with
|
||||||
|
+ | [vendor] when is_4_digit_hex vendor ->
|
||||||
|
+ let vendor = hex_to_int32 vendor in
|
||||||
|
+ DB.add (Vendor vendor) (label, loc) db
|
||||||
|
+ | [vendor; device] when is_4_digit_hex vendor &&
|
||||||
|
+ is_4_digit_hex device ->
|
||||||
|
+ let vendor = hex_to_int32 vendor in
|
||||||
|
+ let device = hex_to_int32 device in
|
||||||
|
+ DB.add (Device (vendor, device)) (label, loc) db
|
||||||
|
+ | _ ->
|
||||||
|
+ db
|
||||||
|
+ ) DB.empty lines in
|
||||||
|
+
|
||||||
|
+ Some db
|
||||||
|
+ with exn ->
|
||||||
|
+ warning (f_"hwdata: %s: %s") filename (Printexc.to_string exn);
|
||||||
|
+ None
|
||||||
|
+
|
||||||
|
+(* Lazily load the PCI database, if present. *)
|
||||||
|
+let pci_db =
|
||||||
|
+ let filename = Hwdata_config.pci_ids in
|
||||||
|
+ lazy (match filename with None -> None | Some filename -> load filename)
|
||||||
|
+
|
||||||
|
+(* Look up PCI vendor and device ID. *)
|
||||||
|
+let pci_vendor vendor =
|
||||||
|
+ let db = Lazy.force pci_db in
|
||||||
|
+ match db with
|
||||||
|
+ | None -> None
|
||||||
|
+ | Some db ->
|
||||||
|
+ match DB.find_opt (Vendor vendor) db with
|
||||||
|
+ | None -> None
|
||||||
|
+ | Some (label, _) -> Some label
|
||||||
|
+
|
||||||
|
+let pci_device vendor device =
|
||||||
|
+ let db = Lazy.force pci_db in
|
||||||
|
+ match db with
|
||||||
|
+ | None -> None
|
||||||
|
+ | Some db ->
|
||||||
|
+ match DB.find_opt (Device (vendor, device)) db with
|
||||||
|
+ | None -> None
|
||||||
|
+ | Some (label, _) -> Some label
|
||||||
|
+
|
||||||
|
+(* Lazily load the USB database, if present. *)
|
||||||
|
+let usb_db =
|
||||||
|
+ let filename = Hwdata_config.usb_ids in
|
||||||
|
+ lazy (match filename with None -> None | Some filename -> load filename)
|
||||||
|
+
|
||||||
|
+(* Look up USB vendor and device ID. *)
|
||||||
|
+let usb_vendor vendor =
|
||||||
|
+ let db = Lazy.force usb_db in
|
||||||
|
+ match db with
|
||||||
|
+ | None -> None
|
||||||
|
+ | Some db ->
|
||||||
|
+ match DB.find_opt (Vendor vendor) db with
|
||||||
|
+ | None -> None
|
||||||
|
+ | Some (label, _) -> Some label
|
||||||
|
+
|
||||||
|
+let usb_device vendor device =
|
||||||
|
+ let db = Lazy.force usb_db in
|
||||||
|
+ match db with
|
||||||
|
+ | None -> None
|
||||||
|
+ | Some db ->
|
||||||
|
+ match DB.find_opt (Device (vendor, device)) db with
|
||||||
|
+ | None -> None
|
||||||
|
+ | Some (label, _) -> Some label
|
||||||
|
diff --git a/drivers/hwdata.mli b/drivers/hwdata.mli
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000..972dfe1f6
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/drivers/hwdata.mli
|
||||||
|
@@ -0,0 +1,31 @@
|
||||||
|
+(* virt-drivers
|
||||||
|
+ * Copyright (C) 2013-2023 Red Hat Inc.
|
||||||
|
+ *
|
||||||
|
+ * This program is free software; you can redistribute it and/or modify
|
||||||
|
+ * it under the terms of the GNU General Public License as published by
|
||||||
|
+ * the Free Software Foundation; either version 2 of the License, or
|
||||||
|
+ * (at your option) any later version.
|
||||||
|
+ *
|
||||||
|
+ * This program is distributed in the hope that it will be useful,
|
||||||
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
+ * GNU General Public License for more details.
|
||||||
|
+ *
|
||||||
|
+ * You should have received a copy of the GNU General Public License along
|
||||||
|
+ * with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
|
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
+ *)
|
||||||
|
+
|
||||||
|
+(** Look up PCI and USB vendor and device IDs. *)
|
||||||
|
+
|
||||||
|
+val pci_vendor : int32 -> string option
|
||||||
|
+(** Look up the PCI vendor ID. If found, return the name. *)
|
||||||
|
+
|
||||||
|
+val pci_device : int32 -> int32 -> string option
|
||||||
|
+(** Look up the PCI vendor & device ID. If found, return the name. *)
|
||||||
|
+
|
||||||
|
+val usb_vendor : int32 -> string option
|
||||||
|
+(** Look up the USB vendor ID. If found, return the name. *)
|
||||||
|
+
|
||||||
|
+val usb_device : int32 -> int32 -> string option
|
||||||
|
+(** Look up the USB vendor & device ID. If found, return the name. *)
|
||||||
|
diff --git a/drivers/hwdata_config.ml.in b/drivers/hwdata_config.ml.in
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000..fa792c086
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/drivers/hwdata_config.ml.in
|
||||||
|
@@ -0,0 +1,26 @@
|
||||||
|
+(* virt-drivers
|
||||||
|
+ * @configure_input@
|
||||||
|
+ * Copyright (C) 2009-2023 Red Hat Inc.
|
||||||
|
+ *
|
||||||
|
+ * This program is free software; you can redistribute it and/or modify
|
||||||
|
+ * it under the terms of the GNU General Public License as published by
|
||||||
|
+ * the Free Software Foundation; either version 2 of the License, or
|
||||||
|
+ * (at your option) any later version.
|
||||||
|
+ *
|
||||||
|
+ * This program is distributed in the hope that it will be useful,
|
||||||
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
+ * GNU General Public License for more details.
|
||||||
|
+ *
|
||||||
|
+ * You should have received a copy of the GNU General Public License along
|
||||||
|
+ * with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
|
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
+ *)
|
||||||
|
+
|
||||||
|
+open Std_utils
|
||||||
|
+
|
||||||
|
+let dir = "@HWDATA_PKGDATADIR@"
|
||||||
|
+let dir = if dir = "" then None else Some dir
|
||||||
|
+
|
||||||
|
+let pci_ids = Option.map (fun d -> d // "pci.ids") dir
|
||||||
|
+let usb_ids = Option.map (fun d -> d // "usb.ids") dir
|
||||||
|
diff --git a/drivers/hwdata_config.mli b/drivers/hwdata_config.mli
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000..877e9e28a
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/drivers/hwdata_config.mli
|
||||||
|
@@ -0,0 +1,35 @@
|
||||||
|
+(* virt-drivers
|
||||||
|
+ * Copyright (C) 2013-2023 Red Hat Inc.
|
||||||
|
+ *
|
||||||
|
+ * This program is free software; you can redistribute it and/or modify
|
||||||
|
+ * it under the terms of the GNU General Public License as published by
|
||||||
|
+ * the Free Software Foundation; either version 2 of the License, or
|
||||||
|
+ * (at your option) any later version.
|
||||||
|
+ *
|
||||||
|
+ * This program is distributed in the hope that it will be useful,
|
||||||
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
+ * GNU General Public License for more details.
|
||||||
|
+ *
|
||||||
|
+ * You should have received a copy of the GNU General Public License along
|
||||||
|
+ * with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
|
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
+ *)
|
||||||
|
+
|
||||||
|
+val dir : string option
|
||||||
|
+(** [pkgdatadir] variable defined by hwdata.pc
|
||||||
|
+
|
||||||
|
+ This is the name of the directory containing [pci.ids] and
|
||||||
|
+ related files which contain the PCI IDs. *)
|
||||||
|
+
|
||||||
|
+val pci_ids : string option
|
||||||
|
+(** Path to the [pci.ids] file.
|
||||||
|
+
|
||||||
|
+ Note at runtime this is an optional dependency, so it may
|
||||||
|
+ not at exist even if not [None]. *)
|
||||||
|
+
|
||||||
|
+val usb_ids : string option
|
||||||
|
+(** Path to the [usb.ids] file.
|
||||||
|
+
|
||||||
|
+ Note at runtime this is an optional dependency, so it may
|
||||||
|
+ not at exist even if not [None]. *)
|
||||||
|
diff --git a/drivers/test-virt-drivers-windows.sh b/drivers/test-virt-drivers-windows.sh
|
||||||
|
index df3f36c64..4131f6e5e 100755
|
||||||
|
--- a/drivers/test-virt-drivers-windows.sh
|
||||||
|
+++ b/drivers/test-virt-drivers-windows.sh
|
||||||
|
@@ -22,9 +22,18 @@ $TEST_FUNCTIONS
|
||||||
|
skip_if_skipped
|
||||||
|
skip_unless_phony_guest windows.img
|
||||||
|
|
||||||
|
-rm -f actual-windows.xml
|
||||||
|
+rm -f actual-windows.xml actual-windows.xml.bak
|
||||||
|
|
||||||
|
$VG virt-drivers --format=raw -a ../test-data/phony-guests/windows.img > actual-windows.xml
|
||||||
|
+
|
||||||
|
+# We can't predict if hwdata is available, so we don't know if
|
||||||
|
+# vendorname and devicename fields will be present. If present,
|
||||||
|
+# remove them before comparison.
|
||||||
|
+mv actual-windows.xml actual-windows.xml.bak
|
||||||
|
+sed -e "s/ vendorname='\([^']*\)'//g" \
|
||||||
|
+ -e "s/ devicename='\([^']*\)'//g" \
|
||||||
|
+ < actual-windows.xml.bak > actual-windows.xml
|
||||||
|
+
|
||||||
|
diff -ur -I "generated by" expected-windows.xml actual-windows.xml
|
||||||
|
|
||||||
|
-rm actual-windows.xml
|
||||||
|
+rm actual-windows.xml actual-windows.xml.bak
|
||||||
|
diff --git a/m4/guestfs-libraries.m4 b/m4/guestfs-libraries.m4
|
||||||
|
index 2d252bf9e..32f93afda 100644
|
||||||
|
--- a/m4/guestfs-libraries.m4
|
||||||
|
+++ b/m4/guestfs-libraries.m4
|
||||||
|
@@ -169,3 +169,6 @@ PKG_CHECK_MODULES([JANSSON], [jansson >= 2.7])
|
||||||
|
|
||||||
|
dnl Check for libosinfo (mandatory)
|
||||||
|
PKG_CHECK_MODULES([LIBOSINFO], [libosinfo-1.0])
|
||||||
|
+
|
||||||
|
+dnl Check for hwdata directory (containing pci.ids) (optional, for virt-drivers)
|
||||||
|
+PKG_CHECK_VAR([HWDATA_PKGDATADIR], [hwdata], [pkgdatadir])
|
||||||
|
diff --git a/po/POTFILES-ml b/po/POTFILES-ml
|
||||||
|
index 73984796f..7632f374d 100644
|
||||||
|
--- a/po/POTFILES-ml
|
||||||
|
+++ b/po/POTFILES-ml
|
||||||
|
@@ -79,6 +79,8 @@ dib/output_format_tgz.ml
|
||||||
|
dib/output_format_vhd.ml
|
||||||
|
dib/utils.ml
|
||||||
|
drivers/drivers.ml
|
||||||
|
+drivers/hwdata.ml
|
||||||
|
+drivers/hwdata_config.ml
|
||||||
|
get-kernel/get_kernel.ml
|
||||||
|
resize/resize.ml
|
||||||
|
sparsify/cmdline.ml
|
@ -0,0 +1,203 @@
|
|||||||
|
From a55dcd5162e51a952ee6c23c4a89c1b098f304f4 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Fri, 19 May 2023 17:55:05 +0200
|
||||||
|
Subject: [PATCH] update common submodule
|
||||||
|
|
||||||
|
Laszlo Ersek (2):
|
||||||
|
options/keys: key_store_import_key(): un-constify "key" parameter
|
||||||
|
options/keys: introduce unescape_device_mapper_lvm()
|
||||||
|
|
||||||
|
Richard W.M. Jones (1):
|
||||||
|
mlcustomize/SELinux_relabel.ml: Use Array.mem
|
||||||
|
|
||||||
|
Roman Kagan (1):
|
||||||
|
mlcustomize: skip SELinux relabeling if it's disabled
|
||||||
|
|
||||||
|
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2168506
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-Id: <20230519155507.369494-2-lersek@redhat.com>
|
||||||
|
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
|
||||||
|
(cherry picked from commit 4ddcae7e8543d2a63d907729d5b0d22f659d071f)
|
||||||
|
---
|
||||||
|
common | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
Submodule common 70c10a079..b636c3f20:
|
||||||
|
diff --git a/common/options/options.h b/common/options/options.h
|
||||||
|
index 94573ee06..94e8b9eef 100644
|
||||||
|
--- a/common/options/options.h
|
||||||
|
+++ b/common/options/options.h
|
||||||
|
@@ -169,7 +169,8 @@ extern struct matching_key *get_keys (struct key_store *ks, const char *device,
|
||||||
|
const char *uuid, size_t *nr_matches);
|
||||||
|
extern void free_keys (struct matching_key *keys, size_t nr_matches);
|
||||||
|
extern struct key_store *key_store_add_from_selector (struct key_store *ks, const char *selector);
|
||||||
|
-extern struct key_store *key_store_import_key (struct key_store *ks, const struct key_store_key *key);
|
||||||
|
+extern struct key_store *key_store_import_key (struct key_store *ks,
|
||||||
|
+ struct key_store_key *key);
|
||||||
|
extern bool key_store_requires_network (const struct key_store *ks);
|
||||||
|
extern void free_key_store (struct key_store *ks);
|
||||||
|
|
||||||
|
diff --git a/common/mlcustomize/SELinux_relabel.ml b/common/mlcustomize/SELinux_relabel.ml
|
||||||
|
index 5ecf7bd7e..2f3a09bf7 100644
|
||||||
|
--- a/common/mlcustomize/SELinux_relabel.ml
|
||||||
|
+++ b/common/mlcustomize/SELinux_relabel.ml
|
||||||
|
@@ -24,10 +24,6 @@ open Printf
|
||||||
|
|
||||||
|
module G = Guestfs
|
||||||
|
|
||||||
|
-(* Simple reimplementation of Array.mem, available only with OCaml >= 4.03. *)
|
||||||
|
-let array_find a l =
|
||||||
|
- List.mem a (Array.to_list l)
|
||||||
|
-
|
||||||
|
let rec relabel (g : G.guestfs) =
|
||||||
|
(* Is the guest using SELinux? (Otherwise this is a no-op). *)
|
||||||
|
if is_selinux_guest g then (
|
||||||
|
@@ -59,14 +55,24 @@ and use_setfiles g =
|
||||||
|
g#aug_load ();
|
||||||
|
debug_augeas_errors g;
|
||||||
|
|
||||||
|
+ let config_path = "/files/etc/selinux/config" in
|
||||||
|
+ let config_keys = g#aug_ls config_path in
|
||||||
|
+ (* SELinux may be disabled via a setting in config file *)
|
||||||
|
+ let selinux_disabled =
|
||||||
|
+ let selinuxmode_path = config_path ^ "/SELINUX" in
|
||||||
|
+ if Array.mem selinuxmode_path config_keys then
|
||||||
|
+ g#aug_get selinuxmode_path = "disabled"
|
||||||
|
+ else
|
||||||
|
+ false in
|
||||||
|
+ if selinux_disabled then
|
||||||
|
+ failwith "selinux disabled";
|
||||||
|
+
|
||||||
|
(* Get the SELinux policy name, eg. "targeted", "minimum".
|
||||||
|
* Use "targeted" if not specified, just like libselinux does.
|
||||||
|
*)
|
||||||
|
let policy =
|
||||||
|
- let config_path = "/files/etc/selinux/config" in
|
||||||
|
let selinuxtype_path = config_path ^ "/SELINUXTYPE" in
|
||||||
|
- let keys = g#aug_ls config_path in
|
||||||
|
- if array_find selinuxtype_path keys then
|
||||||
|
+ if Array.mem selinuxtype_path config_keys then
|
||||||
|
g#aug_get selinuxtype_path
|
||||||
|
else
|
||||||
|
"targeted" in
|
||||||
|
diff --git a/common/options/keys.c b/common/options/keys.c
|
||||||
|
index 48f1bc7c7..52b273690 100644
|
||||||
|
--- a/common/options/keys.c
|
||||||
|
+++ b/common/options/keys.c
|
||||||
|
@@ -260,8 +260,107 @@ key_store_add_from_selector (struct key_store *ks, const char *selector)
|
||||||
|
return key_store_import_key (ks, &key);
|
||||||
|
}
|
||||||
|
|
||||||
|
+/* Turn /dev/mapper/VG-LV into /dev/VG/LV, in-place. */
|
||||||
|
+static void
|
||||||
|
+unescape_device_mapper_lvm (char *id)
|
||||||
|
+{
|
||||||
|
+ static const char dev[] = "/dev/", dev_mapper[] = "/dev/mapper/";
|
||||||
|
+ const char *input_start;
|
||||||
|
+ char *output;
|
||||||
|
+ enum { M_SCAN, M_FILL, M_DONE } mode;
|
||||||
|
+
|
||||||
|
+ if (!STRPREFIX (id, dev_mapper))
|
||||||
|
+ return;
|
||||||
|
+
|
||||||
|
+ /* Start parsing "VG-LV" from "id" after "/dev/mapper/". */
|
||||||
|
+ input_start = id + (sizeof dev_mapper - 1);
|
||||||
|
+
|
||||||
|
+ /* Start writing the unescaped "VG/LV" output after "/dev/". */
|
||||||
|
+ output = id + (sizeof dev - 1);
|
||||||
|
+
|
||||||
|
+ for (mode = M_SCAN; mode < M_DONE; ++mode) {
|
||||||
|
+ char c;
|
||||||
|
+ const char *input = input_start;
|
||||||
|
+ const char *hyphen_buffered = NULL;
|
||||||
|
+ bool single_hyphen_seen = false;
|
||||||
|
+
|
||||||
|
+ do {
|
||||||
|
+ c = *input;
|
||||||
|
+
|
||||||
|
+ switch (c) {
|
||||||
|
+ case '-':
|
||||||
|
+ if (hyphen_buffered == NULL)
|
||||||
|
+ /* This hyphen may start an escaped hyphen, or it could be the
|
||||||
|
+ * separator in VG-LV.
|
||||||
|
+ */
|
||||||
|
+ hyphen_buffered = input;
|
||||||
|
+ else {
|
||||||
|
+ /* This hyphen completes an escaped hyphen; unescape it. */
|
||||||
|
+ if (mode == M_FILL)
|
||||||
|
+ *output++ = '-';
|
||||||
|
+ hyphen_buffered = NULL;
|
||||||
|
+ }
|
||||||
|
+ break;
|
||||||
|
+
|
||||||
|
+ case '/':
|
||||||
|
+ /* Slash characters are forbidden in VG-LV anywhere. If there's any,
|
||||||
|
+ * we'll find it in the first (i.e., scanning) phase, before we output
|
||||||
|
+ * anything back to "id".
|
||||||
|
+ */
|
||||||
|
+ assert (mode == M_SCAN);
|
||||||
|
+ return;
|
||||||
|
+
|
||||||
|
+ default:
|
||||||
|
+ /* Encountered a non-slash, non-hyphen character -- which also may be
|
||||||
|
+ * the terminating NUL.
|
||||||
|
+ */
|
||||||
|
+ if (hyphen_buffered != NULL) {
|
||||||
|
+ /* The non-hyphen character comes after a buffered hyphen, so the
|
||||||
|
+ * buffered hyphen is supposed to be the single hyphen that separates
|
||||||
|
+ * VG from LV in VG-LV. There are three requirements for this
|
||||||
|
+ * separator: (a) it must be unique (we must not have seen another
|
||||||
|
+ * such separator earlier), (b) it must not be at the start of VG-LV
|
||||||
|
+ * (because VG would be empty that way), (c) it must not be at the end
|
||||||
|
+ * of VG-LV (because LV would be empty that way). Should any of these
|
||||||
|
+ * be violated, we'll catch that during the first (i.e., scanning)
|
||||||
|
+ * phase, before modifying "id".
|
||||||
|
+ */
|
||||||
|
+ if (single_hyphen_seen || hyphen_buffered == input_start ||
|
||||||
|
+ c == '\0') {
|
||||||
|
+ assert (mode == M_SCAN);
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* Translate the separator hyphen to a slash character. */
|
||||||
|
+ if (mode == M_FILL)
|
||||||
|
+ *output++ = '/';
|
||||||
|
+ hyphen_buffered = NULL;
|
||||||
|
+ single_hyphen_seen = true;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* Output the non-hyphen character (including the terminating NUL)
|
||||||
|
+ * regardless of whether there was a buffered hyphen separator (which,
|
||||||
|
+ * by now, we'll have attempted to translate and flush).
|
||||||
|
+ */
|
||||||
|
+ if (mode == M_FILL)
|
||||||
|
+ *output++ = c;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ ++input;
|
||||||
|
+ } while (c != '\0');
|
||||||
|
+
|
||||||
|
+ /* We must have seen the VG-LV separator. If that's not the case, we'll
|
||||||
|
+ * catch it before modifying "id".
|
||||||
|
+ */
|
||||||
|
+ if (!single_hyphen_seen) {
|
||||||
|
+ assert (mode == M_SCAN);
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
struct key_store *
|
||||||
|
-key_store_import_key (struct key_store *ks, const struct key_store_key *key)
|
||||||
|
+key_store_import_key (struct key_store *ks, struct key_store_key *key)
|
||||||
|
{
|
||||||
|
struct key_store_key *new_keys;
|
||||||
|
|
||||||
|
@@ -278,6 +377,7 @@ key_store_import_key (struct key_store *ks, const struct key_store_key *key)
|
||||||
|
error (EXIT_FAILURE, errno, "realloc");
|
||||||
|
|
||||||
|
ks->keys = new_keys;
|
||||||
|
+ unescape_device_mapper_lvm (key->id);
|
||||||
|
ks->keys[ks->nr_keys] = *key;
|
||||||
|
++ks->nr_keys;
|
||||||
|
|
@ -0,0 +1,88 @@
|
|||||||
|
From 9ac1ea9d5269c72874ea662cd70803b3781d0876 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Fri, 19 May 2023 17:55:06 +0200
|
||||||
|
Subject: [PATCH] inspector: rename VGs and LVs in LUKS-on-LVM test
|
||||||
|
|
||||||
|
In preparation for a subsequent patch, rename "VG" to "Volume-Group", and
|
||||||
|
"LV<n>" to "Logical-Volume-<n>", in the LUKS-on-LVM virt-inspector test.
|
||||||
|
|
||||||
|
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2168506
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-Id: <20230519155507.369494-3-lersek@redhat.com>
|
||||||
|
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
|
||||||
|
(cherry picked from commit 46a381efcf2bf74f1534ecb198f9570ee5baaccd)
|
||||||
|
---
|
||||||
|
inspector/test-virt-inspector-luks-on-lvm.sh | 11 +++----
|
||||||
|
test-data/phony-guests/make-fedora-img.pl | 30 +++++++++++---------
|
||||||
|
2 files changed, 23 insertions(+), 18 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/inspector/test-virt-inspector-luks-on-lvm.sh b/inspector/test-virt-inspector-luks-on-lvm.sh
|
||||||
|
index b9989433d..35454e630 100755
|
||||||
|
--- a/inspector/test-virt-inspector-luks-on-lvm.sh
|
||||||
|
+++ b/inspector/test-virt-inspector-luks-on-lvm.sh
|
||||||
|
@@ -36,14 +36,15 @@ if [ "$(guestfish version | grep minor | awk '{print $2}')" -lt 47 ]; then
|
||||||
|
fi
|
||||||
|
|
||||||
|
f=../test-data/phony-guests/fedora-luks-on-lvm.img
|
||||||
|
-keys=(--key /dev/VG/Root:key:FEDORA-Root
|
||||||
|
- --key /dev/VG/LV1:key:FEDORA-LV1
|
||||||
|
- --key /dev/VG/LV2:key:FEDORA-LV2
|
||||||
|
- --key /dev/VG/LV3:key:FEDORA-LV3)
|
||||||
|
+keys=(--key /dev/Volume-Group/Root:key:FEDORA-Root
|
||||||
|
+ --key /dev/Volume-Group/Logical-Volume-1:key:FEDORA-LV1
|
||||||
|
+ --key /dev/Volume-Group/Logical-Volume-2:key:FEDORA-LV2
|
||||||
|
+ --key /dev/Volume-Group/Logical-Volume-3:key:FEDORA-LV3)
|
||||||
|
|
||||||
|
# Ignore zero-sized file.
|
||||||
|
if [ -s "$f" ]; then
|
||||||
|
- uuid_root=$(guestfish --ro -i -a "$f" "${keys[@]}" luks-uuid /dev/VG/Root)
|
||||||
|
+ uuid_root=$(guestfish --ro -i -a "$f" "${keys[@]}" \
|
||||||
|
+ luks-uuid /dev/Volume-Group/Root)
|
||||||
|
b=$(basename "$f")
|
||||||
|
$VG virt-inspector "${keys[@]}" --format=raw -a "$f" > "actual-$b.xml"
|
||||||
|
# Check the generated output validate the schema.
|
||||||
|
diff --git a/test-data/phony-guests/make-fedora-img.pl b/test-data/phony-guests/make-fedora-img.pl
|
||||||
|
index ffa7e0f10..9721ce4a9 100755
|
||||||
|
--- a/test-data/phony-guests/make-fedora-img.pl
|
||||||
|
+++ b/test-data/phony-guests/make-fedora-img.pl
|
||||||
|
@@ -224,23 +224,27 @@ EOF
|
||||||
|
|
||||||
|
# Create the Volume Group on /dev/sda2.
|
||||||
|
$g->pvcreate ('/dev/sda2');
|
||||||
|
- $g->vgcreate ('VG', ['/dev/sda2']);
|
||||||
|
- $g->lvcreate ('Root', 'VG', 256);
|
||||||
|
- $g->lvcreate ('LV1', 'VG', 32);
|
||||||
|
- $g->lvcreate ('LV2', 'VG', 32);
|
||||||
|
- $g->lvcreate ('LV3', 'VG', 64);
|
||||||
|
+ $g->vgcreate ('Volume-Group', ['/dev/sda2']);
|
||||||
|
+ $g->lvcreate ('Root', 'Volume-Group', 256);
|
||||||
|
+ $g->lvcreate ('Logical-Volume-1', 'Volume-Group', 32);
|
||||||
|
+ $g->lvcreate ('Logical-Volume-2', 'Volume-Group', 32);
|
||||||
|
+ $g->lvcreate ('Logical-Volume-3', 'Volume-Group', 64);
|
||||||
|
|
||||||
|
# Format each Logical Group as a LUKS device, with a different password.
|
||||||
|
- $g->luks_format ('/dev/VG/Root', 'FEDORA-Root', 0);
|
||||||
|
- $g->luks_format ('/dev/VG/LV1', 'FEDORA-LV1', 0);
|
||||||
|
- $g->luks_format ('/dev/VG/LV2', 'FEDORA-LV2', 0);
|
||||||
|
- $g->luks_format ('/dev/VG/LV3', 'FEDORA-LV3', 0);
|
||||||
|
+ $g->luks_format ('/dev/Volume-Group/Root', 'FEDORA-Root', 0);
|
||||||
|
+ $g->luks_format ('/dev/Volume-Group/Logical-Volume-1', 'FEDORA-LV1', 0);
|
||||||
|
+ $g->luks_format ('/dev/Volume-Group/Logical-Volume-2', 'FEDORA-LV2', 0);
|
||||||
|
+ $g->luks_format ('/dev/Volume-Group/Logical-Volume-3', 'FEDORA-LV3', 0);
|
||||||
|
|
||||||
|
# Open the LUKS devices. This creates nodes like /dev/mapper/*-luks.
|
||||||
|
- $g->cryptsetup_open ('/dev/VG/Root', 'FEDORA-Root', 'Root-luks');
|
||||||
|
- $g->cryptsetup_open ('/dev/VG/LV1', 'FEDORA-LV1', 'LV1-luks');
|
||||||
|
- $g->cryptsetup_open ('/dev/VG/LV2', 'FEDORA-LV2', 'LV2-luks');
|
||||||
|
- $g->cryptsetup_open ('/dev/VG/LV3', 'FEDORA-LV3', 'LV3-luks');
|
||||||
|
+ $g->cryptsetup_open ('/dev/Volume-Group/Root',
|
||||||
|
+ 'FEDORA-Root', 'Root-luks');
|
||||||
|
+ $g->cryptsetup_open ('/dev/Volume-Group/Logical-Volume-1',
|
||||||
|
+ 'FEDORA-LV1', 'LV1-luks');
|
||||||
|
+ $g->cryptsetup_open ('/dev/Volume-Group/Logical-Volume-2',
|
||||||
|
+ 'FEDORA-LV2', 'LV2-luks');
|
||||||
|
+ $g->cryptsetup_open ('/dev/Volume-Group/Logical-Volume-3',
|
||||||
|
+ 'FEDORA-LV3', 'LV3-luks');
|
||||||
|
|
||||||
|
# Phony root filesystem.
|
||||||
|
$g->mkfs ('ext2', '/dev/mapper/Root-luks', blocksize => 4096, label => 'ROOT');
|
@ -1,53 +0,0 @@
|
|||||||
From 493060f2ee3d5c1c8d6192bbfd307e0b720f6c11 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Laszlo Ersek <lersek@redhat.com>
|
|
||||||
Date: Wed, 29 Jun 2022 15:38:46 +0200
|
|
||||||
Subject: [PATCH] update common submodule for CVE-2022-2211 fix
|
|
||||||
|
|
||||||
$ git shortlog 9e990f3e4530..35467027f657
|
|
||||||
|
|
||||||
Laszlo Ersek (1):
|
|
||||||
options: fix buffer overflow in get_keys() [CVE-2022-2211]
|
|
||||||
|
|
||||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
|
||||||
(cherry picked from commit b2e7de29b413d531c9540eb46878170e357f4b62)
|
|
||||||
---
|
|
||||||
common | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
Submodule common 9e990f3e4..35467027f:
|
|
||||||
diff --git a/common/options/keys.c b/common/options/keys.c
|
|
||||||
index 798315c..d27a712 100644
|
|
||||||
--- a/common/options/keys.c
|
|
||||||
+++ b/common/options/keys.c
|
|
||||||
@@ -128,17 +128,23 @@ read_first_line_from_file (const char *filename)
|
|
||||||
char **
|
|
||||||
get_keys (struct key_store *ks, const char *device, const char *uuid)
|
|
||||||
{
|
|
||||||
- size_t i, j, len;
|
|
||||||
+ size_t i, j, nmemb;
|
|
||||||
char **r;
|
|
||||||
char *s;
|
|
||||||
|
|
||||||
/* We know the returned list must have at least one element and not
|
|
||||||
* more than ks->nr_keys.
|
|
||||||
*/
|
|
||||||
- len = 1;
|
|
||||||
- if (ks)
|
|
||||||
- len = MIN (1, ks->nr_keys);
|
|
||||||
- r = calloc (len+1, sizeof (char *));
|
|
||||||
+ nmemb = 1;
|
|
||||||
+ if (ks && ks->nr_keys > nmemb)
|
|
||||||
+ nmemb = ks->nr_keys;
|
|
||||||
+
|
|
||||||
+ /* make room for the terminating NULL */
|
|
||||||
+ if (nmemb == (size_t)-1)
|
|
||||||
+ error (EXIT_FAILURE, 0, _("size_t overflow"));
|
|
||||||
+ nmemb++;
|
|
||||||
+
|
|
||||||
+ r = calloc (nmemb, sizeof (char *));
|
|
||||||
if (r == NULL)
|
|
||||||
error (EXIT_FAILURE, errno, "calloc");
|
|
||||||
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -0,0 +1,48 @@
|
|||||||
|
From d8d1e7213716835f263a4f20d9e6cf8719c210c0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Fri, 19 May 2023 17:55:07 +0200
|
||||||
|
Subject: [PATCH] inspector: test /dev/mapper/VG-LV translation in LUKS-on-LVM
|
||||||
|
test
|
||||||
|
|
||||||
|
In the LUKS-on-LVM virt-inspector test, run virt-inspector one more time,
|
||||||
|
now with such "--key" options that exercise the recent "/dev/mapper/VG-LV"
|
||||||
|
-> "/dev/VG/LV" translation (unescaping) from libguestfs-common. Verify
|
||||||
|
that virt-inspector outputs the same XML as it did when we passed it the
|
||||||
|
"/dev/VG/LV" format "--key" options.
|
||||||
|
|
||||||
|
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2168506
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-Id: <20230519155507.369494-4-lersek@redhat.com>
|
||||||
|
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
|
||||||
|
(cherry picked from commit 569bd1dd29da7f3a7b3399ad85340f84d59b3a10)
|
||||||
|
---
|
||||||
|
inspector/test-virt-inspector-luks-on-lvm.sh | 11 +++++++++++
|
||||||
|
1 file changed, 11 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/inspector/test-virt-inspector-luks-on-lvm.sh b/inspector/test-virt-inspector-luks-on-lvm.sh
|
||||||
|
index 35454e630..13b25e338 100755
|
||||||
|
--- a/inspector/test-virt-inspector-luks-on-lvm.sh
|
||||||
|
+++ b/inspector/test-virt-inspector-luks-on-lvm.sh
|
||||||
|
@@ -41,6 +41,11 @@ keys=(--key /dev/Volume-Group/Root:key:FEDORA-Root
|
||||||
|
--key /dev/Volume-Group/Logical-Volume-2:key:FEDORA-LV2
|
||||||
|
--key /dev/Volume-Group/Logical-Volume-3:key:FEDORA-LV3)
|
||||||
|
|
||||||
|
+keys_mapper=(--key /dev/mapper/Volume--Group-Root:key:FEDORA-Root
|
||||||
|
+ --key /dev/mapper/Volume--Group-Logical--Volume--1:key:FEDORA-LV1
|
||||||
|
+ --key /dev/mapper/Volume--Group-Logical--Volume--2:key:FEDORA-LV2
|
||||||
|
+ --key /dev/mapper/Volume--Group-Logical--Volume--3:key:FEDORA-LV3)
|
||||||
|
+
|
||||||
|
# Ignore zero-sized file.
|
||||||
|
if [ -s "$f" ]; then
|
||||||
|
uuid_root=$(guestfish --ro -i -a "$f" "${keys[@]}" \
|
||||||
|
@@ -53,4 +58,10 @@ if [ -s "$f" ]; then
|
||||||
|
# are any differences.
|
||||||
|
sed -e "s/ROOTUUID/$uuid_root/" < "$srcdir/expected-$b.xml" \
|
||||||
|
| diff -u - "actual-$b.xml"
|
||||||
|
+
|
||||||
|
+ # Re-run virt-inspector with keys using the /dev/mapper/VG-LV format; verify
|
||||||
|
+ # only that the XML output matches the output from the previous
|
||||||
|
+ # virt-inspector invocation (which used the /dev/VG/LV format).
|
||||||
|
+ $VG virt-inspector "${keys_mapper[@]}" --format=raw -a "$f" \
|
||||||
|
+ | diff -u "actual-$b.xml" -
|
||||||
|
fi
|
@ -1,59 +0,0 @@
|
|||||||
From 77a10b30f6f6fdb1648b12f68147e6a894526802 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Laszlo Ersek <lersek@redhat.com>
|
|
||||||
Date: Tue, 28 Jun 2022 13:57:00 +0200
|
|
||||||
Subject: [PATCH] get-kernel, sparsify: set networking for "--key ID:clevis"
|
|
||||||
|
|
||||||
Call the OCaml-language helper "key_store_requires_network" in those OCaml
|
|
||||||
utilities that pass "~key_opts:true" to "create_standard_options", and do
|
|
||||||
not have any code related to networking yet.
|
|
||||||
|
|
||||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453
|
|
||||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
|
||||||
Message-Id: <20220628115702.5584-3-lersek@redhat.com>
|
|
||||||
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
|
|
||||||
(cherry picked from commit 4f66f0892e6fd75d10dcfa2f9e94b3e32bdb906e)
|
|
||||||
---
|
|
||||||
get-kernel/get_kernel.ml | 1 +
|
|
||||||
sparsify/copying.ml | 1 +
|
|
||||||
sparsify/in_place.ml | 1 +
|
|
||||||
3 files changed, 3 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/get-kernel/get_kernel.ml b/get-kernel/get_kernel.ml
|
|
||||||
index e485cf495..9c2aa17c2 100644
|
|
||||||
--- a/get-kernel/get_kernel.ml
|
|
||||||
+++ b/get-kernel/get_kernel.ml
|
|
||||||
@@ -176,6 +176,7 @@ let main () =
|
|
||||||
(* Connect to libguestfs. *)
|
|
||||||
let g = open_guestfs () in
|
|
||||||
add g;
|
|
||||||
+ g#set_network (key_store_requires_network ks);
|
|
||||||
g#launch ();
|
|
||||||
|
|
||||||
(* Decrypt the disks. *)
|
|
||||||
diff --git a/sparsify/copying.ml b/sparsify/copying.ml
|
|
||||||
index 39d06c94c..21a603d63 100644
|
|
||||||
--- a/sparsify/copying.ml
|
|
||||||
+++ b/sparsify/copying.ml
|
|
||||||
@@ -187,6 +187,7 @@ You can ignore this warning or change it to a hard failure using the
|
|
||||||
let machine_readable = machine_readable () <> None in
|
|
||||||
Progress.set_up_progress_bar ~machine_readable g
|
|
||||||
);
|
|
||||||
+ g#set_network (key_store_requires_network ks);
|
|
||||||
g#launch ();
|
|
||||||
|
|
||||||
g in
|
|
||||||
diff --git a/sparsify/in_place.ml b/sparsify/in_place.ml
|
|
||||||
index 00f0e0564..0eec63e6f 100644
|
|
||||||
--- a/sparsify/in_place.ml
|
|
||||||
+++ b/sparsify/in_place.ml
|
|
||||||
@@ -58,6 +58,7 @@ let run disk format ignores zeroes ks =
|
|
||||||
let machine_readable = machine_readable () <> None in
|
|
||||||
Progress.set_up_progress_bar ~machine_readable g
|
|
||||||
);
|
|
||||||
+ g#set_network (key_store_requires_network ks);
|
|
||||||
g#launch ();
|
|
||||||
|
|
||||||
(* If discard is not supported in the appliance, we must return exit
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -1,47 +0,0 @@
|
|||||||
From fe59e93b27e3bc17b5cc0874e103330e0000b210 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Laszlo Ersek <lersek@redhat.com>
|
|
||||||
Date: Tue, 28 Jun 2022 13:57:01 +0200
|
|
||||||
Subject: [PATCH] customize: add reminder about "--key ID:clevis"
|
|
||||||
|
|
||||||
virt-customize already enables appliance networking by default;
|
|
||||||
conversely, if the user passes "--no-network", we shouldn't override that
|
|
||||||
for the sake of "--key ID:clevis". Add comments about clevis to the code.
|
|
||||||
|
|
||||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453
|
|
||||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
|
||||||
Message-Id: <20220628115702.5584-4-lersek@redhat.com>
|
|
||||||
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
|
|
||||||
(cherry picked from commit e52aea48cbcea3f3b538db0573b58517cbc33da0)
|
|
||||||
---
|
|
||||||
customize/customize_main.ml | 7 +++++++
|
|
||||||
1 file changed, 7 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/customize/customize_main.ml b/customize/customize_main.ml
|
|
||||||
index 8a022342f..32b7eebdd 100644
|
|
||||||
--- a/customize/customize_main.ml
|
|
||||||
+++ b/customize/customize_main.ml
|
|
||||||
@@ -52,7 +52,11 @@ let main () =
|
|
||||||
let libvirturi = ref "" in
|
|
||||||
let memsize = ref None in
|
|
||||||
let set_memsize arg = memsize := Some arg in
|
|
||||||
+
|
|
||||||
+ (* Note that [--key ID:clevis] depends on this default. See more below, near
|
|
||||||
+ * [g#set_network network]. *)
|
|
||||||
let network = ref true in
|
|
||||||
+
|
|
||||||
let smp = ref None in
|
|
||||||
let set_smp arg = smp := Some arg in
|
|
||||||
|
|
||||||
@@ -159,6 +163,9 @@ read the man page virt-customize(1).
|
|
||||||
let g = open_guestfs () in
|
|
||||||
Option.may g#set_memsize memsize;
|
|
||||||
Option.may g#set_smp smp;
|
|
||||||
+ (* [--no-network] from the command line takes precedence over the automatic
|
|
||||||
+ * network enablement for [--key ID:clevis], so here we intentionally don't check
|
|
||||||
+ * [key_store_requires_network opthandle.ks]. *)
|
|
||||||
g#set_network network;
|
|
||||||
|
|
||||||
(* Add disks. *)
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -1,67 +0,0 @@
|
|||||||
From c2917c9a7f0c23b94d30af2a5a14e67c46e38242 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Laszlo Ersek <lersek@redhat.com>
|
|
||||||
Date: Tue, 28 Jun 2022 13:57:02 +0200
|
|
||||||
Subject: [PATCH] sysprep: set networking for "--key ID:clevis"
|
|
||||||
|
|
||||||
Similarly to virt-customize, virt-sysprep has prior "--network" and
|
|
||||||
"--no-network" options. Unlike virt-customize though, virt-sysprep
|
|
||||||
defaults to disabling the appliance network. Therefore we can't tell
|
|
||||||
whether the network is disabled "by default" or because the user requested
|
|
||||||
it.
|
|
||||||
|
|
||||||
That's a problem: "--key ID:clevis" is supposed to override the former,
|
|
||||||
but not the latter. Add a separate option for tracking "--no-network", and
|
|
||||||
only if "--no-network" is absent, permit "--network" or "--key ID:clevis"
|
|
||||||
to turn on the network.
|
|
||||||
|
|
||||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453
|
|
||||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
|
||||||
Message-Id: <20220628115702.5584-5-lersek@redhat.com>
|
|
||||||
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
|
|
||||||
(cherry picked from commit 1cce13223e9321d1ef333d6ae356c24203990a4a)
|
|
||||||
---
|
|
||||||
sysprep/main.ml | 7 +++++--
|
|
||||||
1 file changed, 5 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/sysprep/main.ml b/sysprep/main.ml
|
|
||||||
index b760618ad..1f722dfb0 100644
|
|
||||||
--- a/sysprep/main.ml
|
|
||||||
+++ b/sysprep/main.ml
|
|
||||||
@@ -44,6 +44,7 @@ let main () =
|
|
||||||
let libvirturi = ref "" in
|
|
||||||
let mount_opts = ref "" in
|
|
||||||
let network = ref false in
|
|
||||||
+ let no_network = ref false in
|
|
||||||
let operations = ref None in
|
|
||||||
|
|
||||||
let format = ref "auto" in
|
|
||||||
@@ -131,7 +132,7 @@ let main () =
|
|
||||||
[ L"list-operations" ], Getopt.Unit list_operations, s_"List supported operations";
|
|
||||||
[ L"mount-options" ], Getopt.Set_string (s_"opts", mount_opts), s_"Set mount options (eg /:noatime;/var:rw,noatime)";
|
|
||||||
[ L"network" ], Getopt.Set network, s_"Enable appliance network";
|
|
||||||
- [ L"no-network" ], Getopt.Clear network, s_"Disable appliance network (default)";
|
|
||||||
+ [ L"no-network" ], Getopt.Set no_network, s_"Disable appliance network (default)";
|
|
||||||
[ L"operation"; L"operations" ], Getopt.String (s_"operations", set_operations), s_"Enable/disable specific operations";
|
|
||||||
] in
|
|
||||||
let args = basic_args @ Sysprep_operation.extra_args () in
|
|
||||||
@@ -188,6 +189,7 @@ read the man page virt-sysprep(1).
|
|
||||||
(* Dereference the rest of the args. *)
|
|
||||||
let dryrun = !dryrun in
|
|
||||||
let network = !network in
|
|
||||||
+ let no_network = !no_network in
|
|
||||||
let operations = !operations in
|
|
||||||
|
|
||||||
(* At this point we know which operations are enabled. So call the
|
|
||||||
@@ -208,7 +210,8 @@ read the man page virt-sysprep(1).
|
|
||||||
|
|
||||||
(* Connect to libguestfs. *)
|
|
||||||
let g = open_guestfs () in
|
|
||||||
- g#set_network network;
|
|
||||||
+ g#set_network (not no_network &&
|
|
||||||
+ (network || key_store_requires_network opthandle.ks));
|
|
||||||
add g dryrun;
|
|
||||||
g#launch ();
|
|
||||||
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -1,87 +0,0 @@
|
|||||||
From d15d829d20c1a0d21da584257c4634517d4271d1 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Laszlo Ersek <lersek@redhat.com>
|
|
||||||
Date: Thu, 14 Jul 2022 12:40:04 +0200
|
|
||||||
Subject: [PATCH] sysprep: make an effort to cope with LUKS-on-LVM
|
|
||||||
|
|
||||||
If the guest disk uses the LUKS-on-LVM scheme, then sysprep has a problem:
|
|
||||||
|
|
||||||
- the "fs-uuids" blockdev operation depends on the decrypted LUKS devices
|
|
||||||
being open,
|
|
||||||
|
|
||||||
- the "lvm-uuids" blockdev operation depends on the same devices being
|
|
||||||
closed.
|
|
||||||
|
|
||||||
Attempt to deal with this in "lvm-uuids".
|
|
||||||
|
|
||||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2106286
|
|
||||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
|
||||||
Message-Id: <20220714104005.8334-2-lersek@redhat.com>
|
|
||||||
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
|
|
||||||
(cherry picked from commit 361a447bcb7aef399abad8075ee41197c4071f71)
|
|
||||||
---
|
|
||||||
sysprep/sysprep_operation_lvm_uuids.ml | 42 +++++++++++++++++++++++++-
|
|
||||||
1 file changed, 41 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/sysprep/sysprep_operation_lvm_uuids.ml b/sysprep/sysprep_operation_lvm_uuids.ml
|
|
||||||
index c67b21487..5fc623039 100644
|
|
||||||
--- a/sysprep/sysprep_operation_lvm_uuids.ml
|
|
||||||
+++ b/sysprep/sysprep_operation_lvm_uuids.ml
|
|
||||||
@@ -30,7 +30,46 @@ let rec lvm_uuids_perform g root side_effects =
|
|
||||||
try g#available [|"lvm2"|]; true with G.Error _ -> false in
|
|
||||||
if has_lvm2_feature then (
|
|
||||||
let has_pvs, has_vgs = g#pvs () <> [||], g#vgs () <> [||] in
|
|
||||||
- if has_pvs || has_vgs then g#vg_activate_all false;
|
|
||||||
+ if has_pvs || has_vgs then (
|
|
||||||
+ try g#vg_activate_all false
|
|
||||||
+ with G.Error _ as exn ->
|
|
||||||
+ (* If the "luks" feature is not available, re-raise the exception. *)
|
|
||||||
+ (try g#available [|"luks"|] with G.Error _ -> raise exn);
|
|
||||||
+
|
|
||||||
+ (* Assume VG deactivation failed due to the guest using the
|
|
||||||
+ * FS-on-LUKS-on-LVM scheme.
|
|
||||||
+ *
|
|
||||||
+ * By now, we have unmounted filesystems, but the decrypted LUKS
|
|
||||||
+ * devices still keep the LVs open. Therefore, attempt closing all
|
|
||||||
+ * decrypted LUKS devices that were opened by inspection (i.e., device
|
|
||||||
+ * nodes with pathnames like "/dev/mapper/luks-<uuid>"). Closing the
|
|
||||||
+ * decrypted LUKS devices should remove the references from their
|
|
||||||
+ * underlying LVs, and then VG deactivation should succeed too.
|
|
||||||
+ *
|
|
||||||
+ * Note that closing the decrypted LUKS devices prevents the
|
|
||||||
+ * blockdev-level manipulation of those filesystems that reside on
|
|
||||||
+ * said decrypted LUKS devices, such as the "fs-uuids" operation. But
|
|
||||||
+ * that should be OK, as we order the present operation after all
|
|
||||||
+ * other block device ops.
|
|
||||||
+ *
|
|
||||||
+ * In case the guest uses the FS-on-LVM-on-LUKS scheme, then the
|
|
||||||
+ * original VG deactivation must have failed for a different reason.
|
|
||||||
+ * (As we have unmounted filesystems earlier, and LUKS is below, not
|
|
||||||
+ * on top of, LVM.) The LUKS-closing attempts below will fail then,
|
|
||||||
+ * due to LVM keeping the decrypted LUKS devices open. This failure is
|
|
||||||
+ * harmless and can be considered a no-op. The final, retried VG
|
|
||||||
+ * deactivation should reproduce the original failure.
|
|
||||||
+ *)
|
|
||||||
+ let luks_re = PCRE.compile ("^/dev/mapper/luks" ^
|
|
||||||
+ "-[[:xdigit:]]{8}" ^
|
|
||||||
+ "(?:-[[:xdigit:]]{4}){3}" ^
|
|
||||||
+ "-[[:xdigit:]]{12}$")
|
|
||||||
+ and dmdevs = Array.to_list (g#list_dm_devices ()) in
|
|
||||||
+ let plaintext_devs = List.filter (PCRE.matches luks_re) dmdevs in
|
|
||||||
+ List.iter (fun dev -> try g#cryptsetup_close dev with _ -> ())
|
|
||||||
+ plaintext_devs;
|
|
||||||
+ g#vg_activate_all false
|
|
||||||
+ );
|
|
||||||
if has_pvs then g#pvchange_uuid_all ();
|
|
||||||
if has_vgs then g#vgchange_uuid_all ();
|
|
||||||
if has_pvs || has_vgs then g#vg_activate_all true
|
|
||||||
@@ -39,6 +78,7 @@ let rec lvm_uuids_perform g root side_effects =
|
|
||||||
|
|
||||||
let op = {
|
|
||||||
defaults with
|
|
||||||
+ order = 99; (* Run it after other block device ops. *)
|
|
||||||
name = "lvm-uuids";
|
|
||||||
enabled_by_default = true;
|
|
||||||
heading = s_"Change LVM2 PV and VG UUIDs";
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -1,39 +0,0 @@
|
|||||||
From 0b92347337e9201140ed2daf77a934c731de6630 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Laszlo Ersek <lersek@redhat.com>
|
|
||||||
Date: Thu, 14 Jul 2022 12:40:05 +0200
|
|
||||||
Subject: [PATCH] sysprep: advise against cloning VMs with internal full disk
|
|
||||||
encryption
|
|
||||||
|
|
||||||
This is relevant for sysprep because we recommend sysprep for facilitating
|
|
||||||
cloning.
|
|
||||||
|
|
||||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2106286
|
|
||||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
|
||||||
Message-Id: <20220714104005.8334-3-lersek@redhat.com>
|
|
||||||
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
|
|
||||||
(cherry picked from commit b49ee909f5d1a0d7b5c668335b9098ca8ff85bfd)
|
|
||||||
---
|
|
||||||
sysprep/virt-sysprep.pod | 7 +++++++
|
|
||||||
1 file changed, 7 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/sysprep/virt-sysprep.pod b/sysprep/virt-sysprep.pod
|
|
||||||
index deeb5341e..232b9f24b 100644
|
|
||||||
--- a/sysprep/virt-sysprep.pod
|
|
||||||
+++ b/sysprep/virt-sysprep.pod
|
|
||||||
@@ -519,6 +519,13 @@ Either or both options can be used multiple times on the command line.
|
|
||||||
|
|
||||||
=head1 SECURITY
|
|
||||||
|
|
||||||
+Virtual machines that employ full disk encryption I<internally to the
|
|
||||||
+guest> should not be considered for cloning and distribution, as it
|
|
||||||
+provides multiple parties with the same internal volume key, enabling
|
|
||||||
+any one such party to decrypt all the other clones. Refer to the L<LUKS
|
|
||||||
+FAQ|https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/FAQ.md> for
|
|
||||||
+details.
|
|
||||||
+
|
|
||||||
Although virt-sysprep removes some sensitive information from the
|
|
||||||
guest, it does not pretend to remove all of it. You should examine
|
|
||||||
the L</OPERATIONS> above and the guest afterwards.
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -1,144 +0,0 @@
|
|||||||
From 3576da023fb42ceaea80b81aebad345de606a332 Mon Sep 17 00:00:00 2001
|
|
||||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
|
||||||
Date: Fri, 15 Jul 2022 08:55:53 +0100
|
|
||||||
Subject: [PATCH] builder, dib: Replace On_exit.rmdir with On_exit.rm_rf
|
|
||||||
|
|
||||||
Update common submodule.
|
|
||||||
|
|
||||||
(cherry picked from commit f5baf83e464c276d3dae6f8e878b8f47fe0d43d9)
|
|
||||||
---
|
|
||||||
builder/builder.ml | 2 +-
|
|
||||||
builder/index_parser_tests.ml | 2 +-
|
|
||||||
builder/repository_main.ml | 2 +-
|
|
||||||
common | 2 +-
|
|
||||||
dib/dib.ml | 2 +-
|
|
||||||
5 files changed, 5 insertions(+), 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/builder/builder.ml b/builder/builder.ml
|
|
||||||
index 2c9c83085..e34aae6c7 100644
|
|
||||||
--- a/builder/builder.ml
|
|
||||||
+++ b/builder/builder.ml
|
|
||||||
@@ -182,7 +182,7 @@ let main () =
|
|
||||||
* create.
|
|
||||||
*)
|
|
||||||
let tmpdir = Mkdtemp.temp_dir "virt-builder." in
|
|
||||||
- On_exit.rmdir tmpdir;
|
|
||||||
+ On_exit.rm_rf tmpdir;
|
|
||||||
|
|
||||||
(* Download the sources. *)
|
|
||||||
let downloader = Downloader.create ~curl:cmdline.curl ~cache ~tmpdir in
|
|
||||||
diff --git a/builder/index_parser_tests.ml b/builder/index_parser_tests.ml
|
|
||||||
index 39983faba..5262a1607 100644
|
|
||||||
--- a/builder/index_parser_tests.ml
|
|
||||||
+++ b/builder/index_parser_tests.ml
|
|
||||||
@@ -28,7 +28,7 @@ open Tools_utils
|
|
||||||
|
|
||||||
let tmpdir =
|
|
||||||
let tmpdir = Mkdtemp.temp_dir "guestfs-tests." in
|
|
||||||
- On_exit.rmdir tmpdir;
|
|
||||||
+ On_exit.rm_rf tmpdir;
|
|
||||||
tmpdir
|
|
||||||
|
|
||||||
let dummy_sigchecker = Sigchecker.create ~gpg:"gpg"
|
|
||||||
diff --git a/builder/repository_main.ml b/builder/repository_main.ml
|
|
||||||
index c5b656310..c24729c4c 100644
|
|
||||||
--- a/builder/repository_main.ml
|
|
||||||
+++ b/builder/repository_main.ml
|
|
||||||
@@ -420,7 +420,7 @@ let main () =
|
|
||||||
(* Create a temporary folder to work in *)
|
|
||||||
let tmpdir = Mkdtemp.temp_dir ~base_dir:cmdline.repo
|
|
||||||
"virt-builder-repository." in
|
|
||||||
- On_exit.rmdir tmpdir;
|
|
||||||
+ On_exit.rm_rf tmpdir;
|
|
||||||
|
|
||||||
let tmprepo = tmpdir // "repo" in
|
|
||||||
mkdir_p tmprepo 0o700;
|
|
||||||
Submodule common af6cb55bc..fd964c1ba:
|
|
||||||
diff --git a/common/mlcustomize/guest_packages.ml b/common/mlcustomize/guest_packages.ml
|
|
||||||
index 4c3c34e..7c29a2a 100644
|
|
||||||
--- a/common/mlcustomize/guest_packages.ml
|
|
||||||
+++ b/common/mlcustomize/guest_packages.ml
|
|
||||||
@@ -73,9 +73,9 @@ let install_command packages package_management =
|
|
||||||
| "zypper" -> sprintf "zypper -n in -l %s" quoted_args
|
|
||||||
|
|
||||||
| "unknown" ->
|
|
||||||
- error_unknown_package_manager (s_"--install")
|
|
||||||
+ error_unknown_package_manager "--install"
|
|
||||||
| pm ->
|
|
||||||
- error_unimplemented_package_manager (s_"--install") pm
|
|
||||||
+ error_unimplemented_package_manager "--install" pm
|
|
||||||
|
|
||||||
let update_command package_management =
|
|
||||||
match package_management with
|
|
||||||
@@ -103,9 +103,9 @@ let update_command package_management =
|
|
||||||
| "zypper" -> "zypper -n update -l"
|
|
||||||
|
|
||||||
| "unknown" ->
|
|
||||||
- error_unknown_package_manager (s_"--update")
|
|
||||||
+ error_unknown_package_manager "--update"
|
|
||||||
| pm ->
|
|
||||||
- error_unimplemented_package_manager (s_"--update") pm
|
|
||||||
+ error_unimplemented_package_manager "--update" pm
|
|
||||||
|
|
||||||
let uninstall_command packages package_management =
|
|
||||||
let quoted_args = String.concat " " (List.map quote packages) in
|
|
||||||
@@ -127,6 +127,6 @@ let uninstall_command packages package_management =
|
|
||||||
| "zypper" -> sprintf "zypper -n rm %s" quoted_args
|
|
||||||
|
|
||||||
| "unknown" ->
|
|
||||||
- error_unknown_package_manager (s_"--uninstall")
|
|
||||||
+ error_unknown_package_manager "--uninstall"
|
|
||||||
| pm ->
|
|
||||||
- error_unimplemented_package_manager (s_"--uninstall") pm
|
|
||||||
+ error_unimplemented_package_manager "--uninstall" pm
|
|
||||||
diff --git a/common/mltools/on_exit.ml b/common/mltools/on_exit.ml
|
|
||||||
index 53ccb68..cae12e7 100644
|
|
||||||
--- a/common/mltools/on_exit.ml
|
|
||||||
+++ b/common/mltools/on_exit.ml
|
|
||||||
@@ -52,7 +52,7 @@ let do_actions () =
|
|
||||||
List.iter (do_action (fun file -> Unix.unlink file)) !files;
|
|
||||||
List.iter (do_action (
|
|
||||||
fun dir ->
|
|
||||||
- let cmd = sprintf "rm -rf %s" (Filename.quote dir) in
|
|
||||||
+ let cmd = sprintf "rm -rf -- %s" (Filename.quote dir) in
|
|
||||||
ignore (Tools_utils.shell_command cmd)
|
|
||||||
)
|
|
||||||
) !rmdirs;
|
|
||||||
@@ -102,7 +102,7 @@ let unlink filename =
|
|
||||||
register ();
|
|
||||||
List.push_front filename files
|
|
||||||
|
|
||||||
-let rmdir dir =
|
|
||||||
+let rm_rf dir =
|
|
||||||
register ();
|
|
||||||
List.push_front dir rmdirs
|
|
||||||
|
|
||||||
diff --git a/common/mltools/on_exit.mli b/common/mltools/on_exit.mli
|
|
||||||
index a02e3db..9bcf104 100644
|
|
||||||
--- a/common/mltools/on_exit.mli
|
|
||||||
+++ b/common/mltools/on_exit.mli
|
|
||||||
@@ -47,7 +47,7 @@ val f : (unit -> unit) -> unit
|
|
||||||
val unlink : string -> unit
|
|
||||||
(** Unlink a single temporary file on exit. *)
|
|
||||||
|
|
||||||
-val rmdir : string -> unit
|
|
||||||
+val rm_rf : string -> unit
|
|
||||||
(** Recursively remove a temporary directory on exit (using [rm -rf]). *)
|
|
||||||
|
|
||||||
val kill : ?signal:int -> int -> unit
|
|
||||||
diff --git a/dib/dib.ml b/dib/dib.ml
|
|
||||||
index f5ce604c8..a4ba36040 100644
|
|
||||||
--- a/dib/dib.ml
|
|
||||||
+++ b/dib/dib.ml
|
|
||||||
@@ -550,7 +550,7 @@ let main () =
|
|
||||||
let image_basename_d = image_basename ^ ".d" in
|
|
||||||
|
|
||||||
let tmpdir = Mkdtemp.temp_dir "dib." in
|
|
||||||
- On_exit.rmdir tmpdir;
|
|
||||||
+ On_exit.rm_rf tmpdir;
|
|
||||||
let auxtmpdir = tmpdir // "in_target.aux" in
|
|
||||||
do_mkdir auxtmpdir;
|
|
||||||
let hookstmpdir = auxtmpdir // "hooks" in
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -1,340 +0,0 @@
|
|||||||
From 1bbc3f0f3f61f00230ed5edab0cdd72729423b58 Mon Sep 17 00:00:00 2001
|
|
||||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
|
||||||
Date: Mon, 10 Oct 2022 13:54:52 +0100
|
|
||||||
Subject: [PATCH] customize: Support Rocky Linux
|
|
||||||
|
|
||||||
Also updates common submodule with equivalent fix for
|
|
||||||
common/mlcustomize
|
|
||||||
|
|
||||||
Reported-by: Harry Benson
|
|
||||||
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2133443
|
|
||||||
(cherry picked from commit 8858fc63e63ae3f7c76d3ca96cbf63f43e76c834)
|
|
||||||
---
|
|
||||||
common | 2 +-
|
|
||||||
customize/hostname.ml | 3 ++-
|
|
||||||
customize/password.ml | 3 ++-
|
|
||||||
customize/random_seed.ml | 3 ++-
|
|
||||||
4 files changed, 7 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
Submodule common fd964c1ba..85f3e4d08:
|
|
||||||
diff --git a/common/mlcustomize/firstboot.ml b/common/mlcustomize/firstboot.ml
|
|
||||||
index 5c7fd0d..0c76283 100644
|
|
||||||
--- a/common/mlcustomize/firstboot.ml
|
|
||||||
+++ b/common/mlcustomize/firstboot.ml
|
|
||||||
@@ -151,7 +151,8 @@ WantedBy=%s
|
|
||||||
|
|
||||||
and install_sysvinit_service g root distro major =
|
|
||||||
match distro with
|
|
||||||
- | "fedora"|"rhel"|"centos"|"scientificlinux"|"oraclelinux"|"redhat-based" ->
|
|
||||||
+ | "fedora"|"rhel"|"centos"|"scientificlinux"|"oraclelinux"|"rocky"|
|
|
||||||
+ "redhat-based" ->
|
|
||||||
install_sysvinit_redhat g
|
|
||||||
| "opensuse"|"sles"|"suse-based" ->
|
|
||||||
install_sysvinit_suse g
|
|
||||||
diff --git a/common/mlpcre/pcre-c.c b/common/mlpcre/pcre-c.c
|
|
||||||
index f780832..6d119ae 100644
|
|
||||||
--- a/common/mlpcre/pcre-c.c
|
|
||||||
+++ b/common/mlpcre/pcre-c.c
|
|
||||||
@@ -278,7 +278,6 @@ guestfs_int_pcre_sub (value nv)
|
|
||||||
CAMLparam1 (nv);
|
|
||||||
const int n = Int_val (nv);
|
|
||||||
CAMLlocal1 (strv);
|
|
||||||
- CLEANUP_FREE char *str = NULL;
|
|
||||||
const struct last_match *m = pthread_getspecific (last_match);
|
|
||||||
PCRE2_SIZE len;
|
|
||||||
int r;
|
|
||||||
diff --git a/common/mltools/on_exit.ml b/common/mltools/on_exit.ml
|
|
||||||
index cae12e7..f8ef74e 100644
|
|
||||||
--- a/common/mltools/on_exit.ml
|
|
||||||
+++ b/common/mltools/on_exit.ml
|
|
||||||
@@ -23,39 +23,39 @@ open Common_gettext.Gettext
|
|
||||||
open Unix
|
|
||||||
open Printf
|
|
||||||
|
|
||||||
-(* List of files to unlink. *)
|
|
||||||
-let files = ref []
|
|
||||||
+type action =
|
|
||||||
+ | Unlink of string (* filename *)
|
|
||||||
+ | Rm_rf of string (* directory *)
|
|
||||||
+ | Kill of int * int (* signal, pid *)
|
|
||||||
+ | Fn of (unit -> unit) (* generic function *)
|
|
||||||
|
|
||||||
-(* List of directories to remove. *)
|
|
||||||
-let rmdirs = ref []
|
|
||||||
-
|
|
||||||
-(* List of PIDs to kill. *)
|
|
||||||
-let kills = ref []
|
|
||||||
-
|
|
||||||
-(* List of functions to call. *)
|
|
||||||
-let fns = ref []
|
|
||||||
+(* List of (priority, action). *)
|
|
||||||
+let actions = ref []
|
|
||||||
|
|
||||||
(* Perform a single exit action, printing any exception but
|
|
||||||
* otherwise ignoring failures.
|
|
||||||
*)
|
|
||||||
-let do_action f arg =
|
|
||||||
- try f arg with exn -> debug "%s" (Printexc.to_string exn)
|
|
||||||
+let do_action action =
|
|
||||||
+ try
|
|
||||||
+ match action with
|
|
||||||
+ | Unlink file -> Unix.unlink file
|
|
||||||
+ | Rm_rf dir ->
|
|
||||||
+ let cmd = sprintf "rm -rf -- %s" (Filename.quote dir) in
|
|
||||||
+ ignore (Tools_utils.shell_command cmd)
|
|
||||||
+ | Kill (signal, pid) ->
|
|
||||||
+ kill pid signal
|
|
||||||
+ | Fn f -> f ()
|
|
||||||
+ with exn -> debug "%s" (Printexc.to_string exn)
|
|
||||||
|
|
||||||
(* Make sure the actions are performed only once. *)
|
|
||||||
let done_actions = ref false
|
|
||||||
|
|
||||||
-(* Perform the exit actions. *)
|
|
||||||
+(* Perform the exit actions in priority order (lowest prio first). *)
|
|
||||||
let do_actions () =
|
|
||||||
if not !done_actions then (
|
|
||||||
- List.iter (do_action (fun f -> f ())) !fns;
|
|
||||||
- List.iter (do_action (fun (signal, pid) -> kill pid signal)) !kills;
|
|
||||||
- List.iter (do_action (fun file -> Unix.unlink file)) !files;
|
|
||||||
- List.iter (do_action (
|
|
||||||
- fun dir ->
|
|
||||||
- let cmd = sprintf "rm -rf -- %s" (Filename.quote dir) in
|
|
||||||
- ignore (Tools_utils.shell_command cmd)
|
|
||||||
- )
|
|
||||||
- ) !rmdirs;
|
|
||||||
+ let actions = List.sort (fun (a, _) (b, _) -> compare a b) !actions in
|
|
||||||
+ let actions = List.map snd actions in
|
|
||||||
+ List.iter do_action actions
|
|
||||||
);
|
|
||||||
done_actions := true
|
|
||||||
|
|
||||||
@@ -94,18 +94,18 @@ let register () =
|
|
||||||
);
|
|
||||||
registered := true
|
|
||||||
|
|
||||||
-let f fn =
|
|
||||||
+let f ?(prio = 5000) fn =
|
|
||||||
register ();
|
|
||||||
- List.push_front fn fns
|
|
||||||
+ List.push_front (prio, Fn fn) actions
|
|
||||||
|
|
||||||
-let unlink filename =
|
|
||||||
+let unlink ?(prio = 5000) filename =
|
|
||||||
register ();
|
|
||||||
- List.push_front filename files
|
|
||||||
+ List.push_front (prio, Unlink filename) actions
|
|
||||||
|
|
||||||
-let rm_rf dir =
|
|
||||||
+let rm_rf ?(prio = 5000) dir =
|
|
||||||
register ();
|
|
||||||
- List.push_front dir rmdirs
|
|
||||||
+ List.push_front (prio, Rm_rf dir) actions
|
|
||||||
|
|
||||||
-let kill ?(signal = Sys.sigterm) pid =
|
|
||||||
+let kill ?(prio = 5000) ?(signal = Sys.sigterm) pid =
|
|
||||||
register ();
|
|
||||||
- List.push_front (signal, pid) kills
|
|
||||||
+ List.push_front (prio, Kill (signal, pid)) actions
|
|
||||||
diff --git a/common/mltools/on_exit.mli b/common/mltools/on_exit.mli
|
|
||||||
index 9bcf104..66a8554 100644
|
|
||||||
--- a/common/mltools/on_exit.mli
|
|
||||||
+++ b/common/mltools/on_exit.mli
|
|
||||||
@@ -28,6 +28,12 @@
|
|
||||||
killing another process, so we provide simple
|
|
||||||
wrappers for those common actions here.
|
|
||||||
|
|
||||||
+ Actions can be ordered by setting the optional [?prio]
|
|
||||||
+ parameter in the range 0..9999. By default actions
|
|
||||||
+ have priority 5000. Lower numbered actions run first.
|
|
||||||
+ Higher numbered actions run last. So to have an action
|
|
||||||
+ run at the very end before exit you might use [~prio:9999]
|
|
||||||
+
|
|
||||||
Note this module registers signal handlers for
|
|
||||||
SIGINT, SIGQUIT, SIGTERM and SIGHUP. This means
|
|
||||||
that any program that links with mltools.cmxa
|
|
||||||
@@ -39,18 +45,20 @@
|
|
||||||
Your cleanup action might no longer run unless the
|
|
||||||
program calls {!Stdlib.exit}. *)
|
|
||||||
|
|
||||||
-val f : (unit -> unit) -> unit
|
|
||||||
+val f : ?prio:int -> (unit -> unit) -> unit
|
|
||||||
(** Register a function [f] which runs when the program exits.
|
|
||||||
Similar to [Stdlib.at_exit] but also runs if the program is
|
|
||||||
- killed with a signal that we can catch. *)
|
|
||||||
+ killed with a signal that we can catch.
|
|
||||||
|
|
||||||
-val unlink : string -> unit
|
|
||||||
+ [?prio] is the priority, default 5000. See the description above. *)
|
|
||||||
+
|
|
||||||
+val unlink : ?prio:int -> string -> unit
|
|
||||||
(** Unlink a single temporary file on exit. *)
|
|
||||||
|
|
||||||
-val rm_rf : string -> unit
|
|
||||||
+val rm_rf : ?prio:int -> string -> unit
|
|
||||||
(** Recursively remove a temporary directory on exit (using [rm -rf]). *)
|
|
||||||
|
|
||||||
-val kill : ?signal:int -> int -> unit
|
|
||||||
+val kill : ?prio:int -> ?signal:int -> int -> unit
|
|
||||||
(** Kill [PID] on exit. The signal sent defaults to [Sys.sigterm].
|
|
||||||
|
|
||||||
Use this with care since you can end up unintentionally killing
|
|
||||||
diff --git a/common/options/decrypt.c b/common/options/decrypt.c
|
|
||||||
index 97c8b88..19fe93c 100644
|
|
||||||
--- a/common/options/decrypt.c
|
|
||||||
+++ b/common/options/decrypt.c
|
|
||||||
@@ -38,6 +38,10 @@
|
|
||||||
|
|
||||||
#include "options.h"
|
|
||||||
|
|
||||||
+#ifndef __clang__
|
|
||||||
+#pragma GCC diagnostic ignored "-Wstringop-overflow"
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
static void
|
|
||||||
append_char (size_t *idx, char *buffer, char c)
|
|
||||||
{
|
|
||||||
@@ -55,6 +59,8 @@ append_char (size_t *idx, char *buffer, char c)
|
|
||||||
++*idx;
|
|
||||||
}
|
|
||||||
|
|
||||||
+
|
|
||||||
+
|
|
||||||
/**
|
|
||||||
* Make a LUKS map name from the partition or logical volume name, eg.
|
|
||||||
* C<"/dev/vda2" =E<gt> "cryptvda2">, or C<"/dev/vg-ssd/lv-root7" =E<gt>
|
|
||||||
@@ -196,8 +202,8 @@ decrypt_mountables (guestfs_h *g, const char * const *mountables,
|
|
||||||
void
|
|
||||||
inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
|
|
||||||
{
|
|
||||||
+ const char *lvm2_feature[] = { "lvm2", NULL };
|
|
||||||
CLEANUP_FREE_STRING_LIST char **partitions = guestfs_list_partitions (g);
|
|
||||||
- CLEANUP_FREE_STRING_LIST char **lvs = NULL;
|
|
||||||
bool need_rescan;
|
|
||||||
|
|
||||||
if (partitions == NULL)
|
|
||||||
@@ -205,13 +211,17 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
|
|
||||||
|
|
||||||
need_rescan = decrypt_mountables (g, (const char * const *)partitions, ks);
|
|
||||||
|
|
||||||
- if (need_rescan) {
|
|
||||||
- if (guestfs_lvm_scan (g, 1) == -1)
|
|
||||||
+ if (guestfs_feature_available (g, (char **) lvm2_feature) > 0) {
|
|
||||||
+ CLEANUP_FREE_STRING_LIST char **lvs = NULL;
|
|
||||||
+
|
|
||||||
+ if (need_rescan) {
|
|
||||||
+ if (guestfs_lvm_scan (g, 1) == -1)
|
|
||||||
+ exit (EXIT_FAILURE);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ lvs = guestfs_lvs (g);
|
|
||||||
+ if (lvs == NULL)
|
|
||||||
exit (EXIT_FAILURE);
|
|
||||||
+ decrypt_mountables (g, (const char * const *)lvs, ks);
|
|
||||||
}
|
|
||||||
-
|
|
||||||
- lvs = guestfs_lvs (g);
|
|
||||||
- if (lvs == NULL)
|
|
||||||
- exit (EXIT_FAILURE);
|
|
||||||
- decrypt_mountables (g, (const char * const *)lvs, ks);
|
|
||||||
}
|
|
||||||
diff --git a/common/utils/guestfs-utils.h b/common/utils/guestfs-utils.h
|
|
||||||
index d568ed3..fdd85ca 100644
|
|
||||||
--- a/common/utils/guestfs-utils.h
|
|
||||||
+++ b/common/utils/guestfs-utils.h
|
|
||||||
@@ -32,6 +32,7 @@
|
|
||||||
#ifndef GUESTFS_UTILS_H_
|
|
||||||
#define GUESTFS_UTILS_H_
|
|
||||||
|
|
||||||
+#include <stdio.h>
|
|
||||||
#include <stdbool.h>
|
|
||||||
|
|
||||||
#include "guestfs-internal-all.h"
|
|
||||||
diff --git a/common/utils/utils.c b/common/utils/utils.c
|
|
||||||
index 70e55cb..0144dc4 100644
|
|
||||||
--- a/common/utils/utils.c
|
|
||||||
+++ b/common/utils/utils.c
|
|
||||||
@@ -654,7 +654,8 @@ guestfs_int_hexdump (const void *data, size_t len, FILE *fp)
|
|
||||||
const char *
|
|
||||||
guestfs_int_strerror (int errnum, char *buf, size_t buflen)
|
|
||||||
{
|
|
||||||
-#ifdef _GNU_SOURCE
|
|
||||||
+#ifdef HAVE_DECL_STRERROR_R
|
|
||||||
+#ifdef STRERROR_R_CHAR_P
|
|
||||||
/* GNU strerror_r */
|
|
||||||
return strerror_r (errnum, buf, buflen);
|
|
||||||
#else
|
|
||||||
@@ -664,4 +665,7 @@ guestfs_int_strerror (int errnum, char *buf, size_t buflen)
|
|
||||||
snprintf (buf, buflen, "error number %d", errnum);
|
|
||||||
return buf;
|
|
||||||
#endif
|
|
||||||
+#else /* !HAVE_DECL_STRERROR_R */
|
|
||||||
+ return strerror (errnum); /* YOLO it. */
|
|
||||||
+#endif
|
|
||||||
}
|
|
||||||
diff --git a/common/windows/windows.c b/common/windows/windows.c
|
|
||||||
index b441097..355d79a 100644
|
|
||||||
--- a/common/windows/windows.c
|
|
||||||
+++ b/common/windows/windows.c
|
|
||||||
@@ -58,8 +58,6 @@ is_windows (guestfs_h *g, const char *root)
|
|
||||||
return w;
|
|
||||||
}
|
|
||||||
|
|
||||||
-#pragma GCC diagnostic push
|
|
||||||
-#pragma GCC diagnostic ignored "-Wanalyzer-null-argument"
|
|
||||||
/**
|
|
||||||
* Resolves C<path> as possible Windows path according to C<root>,
|
|
||||||
* giving a new path that can be used in libguestfs API calls.
|
|
||||||
@@ -125,7 +123,6 @@ windows_path (guestfs_h *g, const char *root, const char *path, int readonly)
|
|
||||||
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
-#pragma GCC diagnostic pop
|
|
||||||
|
|
||||||
static void
|
|
||||||
mount_drive_letter (guestfs_h *g, char drive_letter, const char *root,
|
|
||||||
diff --git a/customize/hostname.ml b/customize/hostname.ml
|
|
||||||
index df64a2dab..fabba3cfd 100644
|
|
||||||
--- a/customize/hostname.ml
|
|
||||||
+++ b/customize/hostname.ml
|
|
||||||
@@ -36,7 +36,8 @@ let rec set_hostname (g : Guestfs.guestfs) root hostname =
|
|
||||||
update_etc_machine_info g hostname;
|
|
||||||
true
|
|
||||||
|
|
||||||
- | "linux", ("rhel"|"centos"|"scientificlinux"|"oraclelinux"|"redhat-based"), v
|
|
||||||
+ | "linux", ("rhel"|"centos"|"scientificlinux"|"oraclelinux"|"rocky"|
|
|
||||||
+ "redhat-based"), v
|
|
||||||
when v >= 7 ->
|
|
||||||
update_etc_hostname g hostname;
|
|
||||||
update_etc_machine_info g hostname;
|
|
||||||
diff --git a/customize/password.ml b/customize/password.ml
|
|
||||||
index 608bf95dc..b37b31fcd 100644
|
|
||||||
--- a/customize/password.ml
|
|
||||||
+++ b/customize/password.ml
|
|
||||||
@@ -160,7 +160,8 @@ and default_crypto g root =
|
|
||||||
let distro = g#inspect_get_distro root in
|
|
||||||
let major = g#inspect_get_major_version root in
|
|
||||||
match distro, major with
|
|
||||||
- | ("rhel"|"centos"|"scientificlinux"|"oraclelinux"|"redhat-based"), v when v >= 9 ->
|
|
||||||
+ | ("rhel"|"centos"|"scientificlinux"|"oraclelinux"|"rocky"|
|
|
||||||
+ "redhat-based"), v when v >= 9 ->
|
|
||||||
`YESCRYPT
|
|
||||||
| ("rhel"|"centos"|"scientificlinux"|"oraclelinux"|"redhat-based"), v when v >= 6 ->
|
|
||||||
`SHA512
|
|
||||||
diff --git a/customize/random_seed.ml b/customize/random_seed.ml
|
|
||||||
index f32d3194e..2dcb700ea 100644
|
|
||||||
--- a/customize/random_seed.ml
|
|
||||||
+++ b/customize/random_seed.ml
|
|
||||||
@@ -47,7 +47,8 @@ let rec set_random_seed (g : Guestfs.guestfs) root =
|
|
||||||
let distro = g#inspect_get_distro root in
|
|
||||||
let file =
|
|
||||||
match typ, distro with
|
|
||||||
- | "linux", ("fedora"|"rhel"|"centos"|"scientificlinux"|"oraclelinux"|"redhat-based") ->
|
|
||||||
+ | "linux", ("fedora"|"rhel"|"centos"|"scientificlinux"|"oraclelinux"|
|
|
||||||
+ "rocky"|"redhat-based") ->
|
|
||||||
Some "/var/lib/random-seed"
|
|
||||||
| "linux", ("debian"|"ubuntu"|"kalilinux") ->
|
|
||||||
Some "/var/lib/urandom/random-seed"
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -1,17 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAmKPVz0RHHJpY2hAYW5u
|
|
||||||
ZXhpYS5vcmcACgkQkXOPc+G3aKBYYxAAm31U2XKvJ164dv92ezjUbQL4D4A+nWh1
|
|
||||||
WGmDmiTFq9IWT8W9U7xw7qT7kzqky+gQBUCGHDQSYiEcdsIlaR7WqdNBfRUHi5lu
|
|
||||||
mrZSMjCfMWaEwTvjtcZrJBmIIP/b/AHfXo/Nxg79MFmSPocfl7RBNpf6HQ7ZnRHW
|
|
||||||
w5P94fJQtOf6Bi9MHc7cwJ/wh7gslOT70puO85igBFbpBUedjINNudl0r7fYUz5I
|
|
||||||
zVxVQuFDYI0+d/UhIBa1ULVTCzlyGn9Rg+9B/B0b2XUZwxXOePusPJ/uK1OUkgue
|
|
||||||
fEtzTzEbl2x90w28+2mbXTyHJWJCKcO36/jII8H8ekF2uREwxgA8qzN6AC4sBwM1
|
|
||||||
o2RiK5LMgqTlPsUP/5lrtAKp9RlXJ76WFnZzt/nSyCTwY+xApbmCQFYWJAaFzAso
|
|
||||||
TAazoyG31AUBhJzBNCoyAsfkb82Lh4++sev8oG8A0qeEvxktFh0tGzfnesFrahfW
|
|
||||||
VwbNbDUFEtTam+8rC667K7/v1FwCfC24BFmq8GZyyE/kmOwRN1jHq9FPYV/0sFLv
|
|
||||||
khkEdR7BWCOGjRS9sP8kN7ApWLHv9gthu9ZtGNA8ms7Gk//WfzMRrhCAWAWyI1kG
|
|
||||||
CG8DuXw63mDpbvY52TBbzD3mKZ30AN8tB4U+j9+PaxwIi0JXqtjJL2ggExCtZMDG
|
|
||||||
W1p4vqAvtB0=
|
|
||||||
=bW2f
|
|
||||||
-----END PGP SIGNATURE-----
|
|
@ -0,0 +1,17 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAmQusKARHHJpY2hAYW5u
|
||||||
|
ZXhpYS5vcmcACgkQkXOPc+G3aKDmZxAAsk+1QC36YwCXF0LgerjrB40a73YZfifN
|
||||||
|
X8jgziSD3jDBVGgRTUWuFRedDEhzHMP4Fa2TGQjQ2MGRQ/Ay9T/frAujaqPtBSN+
|
||||||
|
ixmVLOJl/kHz2S4BZEpdL8T5FvDtXgSBn/3MyWRlBZdLw2jgQ3+ZKsZnCOsu74ej
|
||||||
|
qhHGFCp0xkhUIuVPXRBIPQ6VcbBZn/0/TIHY4gXTaAisb22kLGp/HTyAi6kwiOnx
|
||||||
|
cHgSLalToT3cJqGxZV9EyCF08AlT5zMP6jxYb7Xno1csnq7vQWwN/pCQyqupWeLs
|
||||||
|
BGlGfJ39AgCibXEaIAUU7fZ77rPxDzbrOAuZd3n4Z7cmn0VWTWoUGZlX9gw38nyZ
|
||||||
|
SusH7y/R8WTMLfLkuDsWov/cXRCwCQEWcCyDyVJkshkWhqVAUGKLgHFQsWsne6nc
|
||||||
|
BoMkEst3XR4OlI/XtC4aTHoWDoWSpp/KzfXRsU2/5r/I612AZXzAQFwBeiK5CIHR
|
||||||
|
cDu3KLYqqrJFS4ELxsF8lERiamZq7iKzNGsAwsiA3rEtjpGjzui26e9pSUczxJOT
|
||||||
|
VaduPKcuVJguQok+af3LOm/Xu5k4r99beshuqTpeOPXouKDB67cebI1NAC5d1CyT
|
||||||
|
45ByPZyQcgnvg1mZsBY2/plF/mmg4oh8i58pFg1exXHP9og+C8EBc4W1Cu6Fj4yi
|
||||||
|
ni4oBJbEefM=
|
||||||
|
=65Sq
|
||||||
|
-----END PGP SIGNATURE-----
|
Loading…
Reference in new issue