import nbdkit-1.32.5-4.el9

.gitignore

@@ -0,0 +1,2 @@
+SOURCES/libguestfs.keyring
+SOURCES/nbdkit-1.32.5.tar.gz

.nbdkit.metadata

@@ -0,0 +1,2 @@
+cc1b37b9cfafa515aab3eefd345ecc59aac2ce7b SOURCES/libguestfs.keyring
+c8260e2f6fb16a16cefe0cf670fc5a0f41dd7110 SOURCES/nbdkit-1.32.5.tar.gz

SOURCES/0001-ssh-Remove-left-over-comment.patch

@@ -0,0 +1,31 @@
+From e0e592775911ebe2178b04b4b20f95fea2f2fe9c Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Thu, 5 Jan 2023 16:05:33 +0000
+Subject: [PATCH] ssh: Remove left over comment
+
+This comment was left over from when I copied the libssh example code.
+It adds no value so remove it.
+
+(cherry picked from commit c93a8957efcc26652b31f5bc359dfd3c4019b4f8)
+---
+ plugins/ssh/ssh.c | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/plugins/ssh/ssh.c b/plugins/ssh/ssh.c
+index 6cf40c26..aaa7c2b9 100644
+--- a/plugins/ssh/ssh.c
++++ b/plugins/ssh/ssh.c
+@@ -356,10 +356,6 @@ authenticate (struct ssh_handle *h)
+     if (rc == SSH_AUTH_SUCCESS) return 0;
+   }
+ 
+-  /* Example code tries keyboard-interactive here, but we cannot use
+-   * that method from a server.
+-   */
+-
+   if (password != NULL && (method & SSH_AUTH_METHOD_PASSWORD)) {
+     rc = authenticate_password (h->session, password);
+     if (rc == SSH_AUTH_SUCCESS) return 0;
+-- 
+2.31.1
+

SOURCES/0002-ssh-Improve-the-error-message-when-all-authenticatio.patch

@@ -0,0 +1,68 @@
+From 916f90972af60576591dea4a4f1d07e4dae6d9cf Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Thu, 5 Jan 2023 11:29:32 +0000
+Subject: [PATCH] ssh: Improve the error message when all authentication
+ methods fail
+
+The current error message:
+
+  nbdkit: ssh[1]: error: all possible authentication methods failed
+
+is confusing and non-actionable.  It's hard even for experts to
+understand the relationship between the authentication methods offered
+by a server and what we require.
+
+Try to improve the error message in some common situations, especially
+where password authentication on the server side is disabled but the
+client supplied a password=... parameter.  After this change, you will
+see an actionable error:
+
+  nbdkit: ssh[1]: error: the server does not offer password
+  authentication but you tried to use a password; if you have root
+  access to the server, try editing 'sshd_config' and setting
+  'PasswordAuthentication yes'; otherwise try setting up public key
+  authentication
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2158300
+Reviewed-by: Laszlo Ersek <lersek@redhat.com>
+(cherry picked from commit bea88cff5ac9c42f1a068ad24d43d5ed0506edaa)
+---
+ plugins/ssh/ssh.c | 22 ++++++++++++++++++++++
+ 1 file changed, 22 insertions(+)
+
+diff --git a/plugins/ssh/ssh.c b/plugins/ssh/ssh.c
+index aaa7c2b9..5a132d8f 100644
+--- a/plugins/ssh/ssh.c
++++ b/plugins/ssh/ssh.c
+@@ -361,6 +361,28 @@ authenticate (struct ssh_handle *h)
+     if (rc == SSH_AUTH_SUCCESS) return 0;
+   }
+ 
++  /* All compatible methods were tried and none worked.  Come up with
++   * an actionable diagnostic message if we recognise the problem.
++   */
++  if (!(method & SSH_AUTH_METHOD_PUBLICKEY) && password == NULL) {
++    nbdkit_error ("the server does not offer public key authentication; "
++                  "try using the password=... parameter");
++    return -1;
++  }
++  if ((method & SSH_AUTH_METHOD_PASSWORD) && password != NULL) {
++    nbdkit_error ("password authentication failed, "
++                  "is the username and password correct?");
++    return -1;
++  }
++  if (!(method & SSH_AUTH_METHOD_PASSWORD) && password != NULL) {
++    nbdkit_error ("the server does not offer password authentication "
++                  "but you tried to use a password; if you have root access "
++                  "to the server, try editing 'sshd_config' and setting "
++                  "'PasswordAuthentication yes'; otherwise try setting up "
++                  "public key authentication");
++    return -1;
++  }
++
+   nbdkit_error ("all possible authentication methods failed");
+   return -1;
+ }
+-- 
+2.31.1
+

SOURCES/0003-luks-Avoid-crash-when-image-does-not-contain-a-LUKS-.patch

@@ -0,0 +1,44 @@
+From dc86950fff020688a17b6ff0dbfea7bdb0d8f1b9 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Tue, 10 Jan 2023 08:39:11 +0000
+Subject: [PATCH] luks: Avoid crash when image does not contain a LUKS header
+
+We attempt to load the LUKS header in the prepare() callback.  If this
+fails, h->h will be NULL and we'll crash in close() when we attempt to
+access and free h->h->masterkey.
+
+This crash could have been triggered another way: if open() followed
+by close() was called, without prepare() or other callbacks.
+
+Reported-by: Ming Xie
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2159581
+(cherry picked from commit cad4b96b17ed4ad7882100efa0d9073ac9d8b11c)
+---
+ filters/luks/luks-encryption.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/filters/luks/luks-encryption.c b/filters/luks/luks-encryption.c
+index 26f81e7b..6f33e76e 100644
+--- a/filters/luks/luks-encryption.c
++++ b/filters/luks/luks-encryption.c
+@@ -856,11 +856,13 @@ load_header (nbdkit_next *next, const char *passphrase)
+ void
+ free_luks_data (struct luks_data *h)
+ {
+-  if (h->masterkey) {
+-    memset (h->masterkey, 0, h->phdr.master_key_len);
+-    free (h->masterkey);
++  if (h) {
++    if (h->masterkey) {
++      memset (h->masterkey, 0, h->phdr.master_key_len);
++      free (h->masterkey);
++    }
++    free (h);
+   }
+-  free (h);
+ }
+ 
+ uint64_t
+-- 
+2.31.1
+

SOURCES/0004-curl-Enable-multi-conn-for-read-only-connections.patch

@@ -0,0 +1,95 @@
+From 3f74004478d3590840d7eba97a590b7ec954957f Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Thu, 2 Feb 2023 13:59:32 +0000
+Subject: [PATCH] curl: Enable multi-conn for read-only connections
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Comparing before and after this commit shows approximately double the
+performance.  In other tests this allowed us to download files from
+web servers at line speed.
+
+  Benchmark 1:  nbdkit -r curl file:/var/tmp/jammy-server-cloudimg-amd64.raw --run "nbdcopy -p \$uri null:"
+    Time (mean ± σ):     943.8 ms ±  18.8 ms    [User: 316.2 ms, System: 1029.7 ms]
+    Range (min … max):   923.7 ms … 989.2 ms    10 runs
+
+  Benchmark 2:  ~/d/nbdkit/nbdkit -r curl file:/var/tmp/jammy-server-cloudimg-amd64.raw --run "nbdcopy -p \$uri null:"
+    Time (mean ± σ):     455.0 ms ±   6.2 ms    [User: 542.2 ms, System: 1824.7 ms]
+    Range (min … max):   449.1 ms … 471.6 ms    10 runs
+
+  Summary
+    ' ~/d/nbdkit/nbdkit -r curl file:/var/tmp/jammy-server-cloudimg-amd64.raw --run "nbdcopy -p \$uri null:" ' ran
+      2.07 ± 0.05 times faster than ' nbdkit -r curl file:/var/tmp/jammy-server-cloudimg-amd64.raw --run "nbdcopy -p \$uri null:" '
+
+Multi-conn is enabled only when we know the connection is read-only:
+
+  $ ./nbdkit -r curl file:/var/tmp/jammy-server-cloudimg-amd64.raw --run ' nbdinfo $uri ' | grep can_multi_conn
+	can_multi_conn: true
+  $ ./nbdkit curl file:/var/tmp/jammy-server-cloudimg-amd64.raw --run ' nbdinfo $uri ' | grep can_multi_conn
+	can_multi_conn: false
+
+See also:
+https://listman.redhat.com/archives/libguestfs/2023-February/030581.html
+
+Reviewed-by: Eric Blake <eblake@redhat.com>
+(cherry picked from commit bb0f93ad7b9de451874d0c54188bf69cd37c5409)
+---
+ plugins/curl/curl.c     | 14 ++++++++++++++
+ plugins/curl/curldefs.h |  1 +
+ 2 files changed, 15 insertions(+)
+
+diff --git a/plugins/curl/curl.c b/plugins/curl/curl.c
+index e89bea99..eeba5aa4 100644
+--- a/plugins/curl/curl.c
++++ b/plugins/curl/curl.c
+@@ -455,6 +455,7 @@ curl_open (int readonly)
+     nbdkit_error ("calloc: %m");
+     return NULL;
+   }
++  h->readonly = readonly;
+ 
+   h->c = curl_easy_init ();
+   if (h->c == NULL) {
+@@ -764,6 +765,18 @@ curl_get_size (void *handle)
+   return h->exportsize;
+ }
+ 
++/* Multi-conn is safe for read-only connections, but HTTP does not
++ * have any concept of flushing so we cannot use it for read-write
++ * connections.
++ */
++static int
++curl_can_multi_conn (void *handle)
++{
++  struct curl_handle *h = handle;
++
++  return !! h->readonly;
++}
++
+ /* NB: The terminology used by libcurl is confusing!
+  *
+  * WRITEFUNCTION / write_cb is used when reading from the remote server
+@@ -907,6 +920,7 @@ static struct nbdkit_plugin plugin = {
+   .open              = curl_open,
+   .close             = curl_close,
+   .get_size          = curl_get_size,
++  .can_multi_conn    = curl_can_multi_conn,
+   .pread             = curl_pread,
+   .pwrite            = curl_pwrite,
+ };
+diff --git a/plugins/curl/curldefs.h b/plugins/curl/curldefs.h
+index f3095f92..9d4949f3 100644
+--- a/plugins/curl/curldefs.h
++++ b/plugins/curl/curldefs.h
+@@ -64,6 +64,7 @@ extern const char *user_agent;
+ /* The per-connection handle. */
+ struct curl_handle {
+   CURL *c;
++  int readonly;
+   bool accept_range;
+   int64_t exportsize;
+   char errbuf[CURL_ERROR_SIZE];
+-- 
+2.31.1
+

SOURCES/copy-patches.sh

@@ -0,0 +1,55 @@
+#!/bin/bash -
+
+set -e
+
+# Maintainer script to copy patches from the git repo to the current
+# directory.  Use it like this:
+#   ./copy-patches.sh
+
+rhel_version=9.2
+
+# Check we're in the right directory.
+if [ ! -f nbdkit.spec ]; then
+    echo "$0: run this from the directory containing 'nbdkit.spec'"
+    exit 1
+fi
+
+git_checkout=$HOME/d/nbdkit-rhel-$rhel_version
+if [ ! -d $git_checkout ]; then
+    echo "$0: $git_checkout does not exist"
+    echo "This script is only for use by the maintainer when preparing a"
+    echo "nbdkit release on RHEL."
+    exit 1
+fi
+
+# Get the base version of nbdkit.
+version=`grep '^Version:' nbdkit.spec | awk '{print $2}'`
+tag="v$version"
+
+# Remove any existing patches.
+git rm -f [0-9]*.patch ||:
+rm -f [0-9]*.patch
+
+# Get the patches.
+(cd $git_checkout; rm -f [0-9]*.patch; git format-patch -N $tag)
+mv $git_checkout/[0-9]*.patch .
+
+# Remove any not to be applied.
+rm -f *NOT-FOR-RPM*.patch
+
+# Add the patches.
+git add [0-9]*.patch
+
+# Print out the patch lines.
+echo
+echo "--- Copy the following text into nbdkit.spec file"
+echo
+
+echo "# Patches."
+for f in [0-9]*.patch; do
+    n=`echo $f | awk -F- '{print $1}'`
+    echo "Patch$n:     $f"
+done
+
+echo
+echo "--- End of text"

SOURCES/nbdkit-1.32.5.tar.gz.sig

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAmO0P9URHHJpY2hAYW5u
+ZXhpYS5vcmcACgkQkXOPc+G3aKBj/w/+MahWvHpk6oOoif9pvshQ5ZXWWH8+4DCZ
+fMPQPRuU3j64tj2kUrp87zChVPkQv27v+RuQcs5OuhfB/nvCIJiK6dSMq6KQmIv2
+b3LieGAuIlhr89YIGQRi7j+R8iWiQgm+dT6BNeu3n7kbpEbJPPUHhz2YNlw1x/LJ
+mfSEh+0HXKKz7HsCDwUCenq/pCPyD4p9x0UB0xqDT7PLg3qGwpHCMTuslrX3alOu
+EYl+NDr9q266IQYGUh1zpSkobLNLvHI+TFyYEvytDnU4MylyslOdDIsA89E/y29r
+rSMl9edDjhQ/h51In1Q8rKmlXFrcwDeRUywybn09m1gu++bxls5W1LFAZvp/YBa+
+nWYv3o58epJSbhEL6NO5fl88Ea5JJYqhB+I1ezud/nJ3Uu/t9C7m69Mt96U5NhQ5
+9irjO1Przz/3ft9+t7hW2u3MFNrEA/u1+e/Jnyr4+g8ZYmM1V7hQWqGwjO09zUZT
+5xR41WHxG3ZbuUOv5r5Xt7Xvp1tiiWxiyEWOBydQwsnV9yZR/G2m3eWFE5H315r+
+qGQXbr41mnsUAG6G8VXsNwK8cu3YQkZBHm4et4wFmvI6C1n2I7jhQBoXkdi9BKj9
+Rh/h3DDmYB2Ud6G/ApWwfRFhSPM/apuUYfuYlXPKteFhtPjfbNSlHkm4hr1lFbK/
++X9eYoD9410=
+=qSZX
+-----END PGP SIGNATURE-----

SOURCES/nbdkit-find-provides

@@ -0,0 +1,23 @@
+#!/bin/bash -
+
+# Generate RPM provides automatically for nbdkit packages and filters.
+# Copyright (C) 2009-2022 Red Hat Inc.
+
+# To test:
+# find /usr/lib64/nbdkit/plugins | ./nbdkit-find-provides VER REL
+# find /usr/lib64/nbdkit/filters | ./nbdkit-find-provides VER REL
+
+ver="$1"
+rel="$2"
+
+function process_file
+{
+    if [[ $1 =~ /plugins/nbdkit-.*-plugin ]] ||
+       [[ $1 =~ /filters/nbdkit-.*-filter ]]; then
+        echo "Provides:" "$(basename $1 .so)" "=" "$ver-$rel"
+    fi
+}
+
+while read line; do
+    process_file "$line"
+done

SOURCES/nbdkit.attr

@@ -0,0 +1,3 @@
+%__nbdkit_provides %{_rpmconfigdir}/nbdkit-find-provides %{version} %{release}
+%__nbdkit_path     %{_libdir}/nbdkit/(plugins|filters)/nbdkit-.*-(plugin|filter)(\.so)?$
+%__nbdkit_flags    exeonly