diff options
| author |   Matthias Maier <tamiko@gentoo.org> | 2014-12-11 14:39:33 +0000 |
|---|---|---|
| committer | Matthias Maier <tamiko@gentoo.org> | 2014-12-11 14:39:33 +0000 |
| commit | f26617cc111c982ddbfe7db2622656aa38def7bf (patch) | |
| tree | 6baaf00dfc11b6d5a46a0e253cc00c211f2858b2 | |
| parent | version bump wrt #498730 (diff) | |
| download | historical-f26617cc111c982ddbfe7db2622656aa38def7bf.tar.gz historical-f26617cc111c982ddbfe7db2622656aa38def7bf.tar.bz2 historical-f26617cc111c982ddbfe7db2622656aa38def7bf.zip | |
Apply followup patch as well, CVE-2014-8131, bug #532204
Package-Manager: portage-2.2.15/cvs/Linux x86_64
Manifest-Sign-Key: 0xBD3A97A3
| -rw-r--r-- | app-emulation/libvirt/ChangeLog | 8 | ||||
| -rw-r--r-- | app-emulation/libvirt/Manifest | 30 | ||||
| -rw-r--r-- | app-emulation/libvirt/files/libvirt-1.2.10-cve-2014-8131-part2.patch | 38 | ||||
| -rw-r--r-- | app-emulation/libvirt/libvirt-1.2.10-r2.ebuild | 454 |
4 files changed, 515 insertions, 15 deletions
diff --git a/app-emulation/libvirt/ChangeLog b/app-emulation/libvirt/ChangeLog index a51a5dbca1d5..598ad79bc4d3 100644 --- a/app-emulation/libvirt/ChangeLog +++ b/app-emulation/libvirt/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for app-emulation/libvirt # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/libvirt/ChangeLog,v 1.396 2014/12/11 09:04:07 tamiko Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/libvirt/ChangeLog,v 1.397 2014/12/11 14:39:20 tamiko Exp $ + +*libvirt-1.2.10-r2 (11 Dec 2014) + + 11 Dec 2014; Matthias Maier <tamiko@gentoo.org> + +files/libvirt-1.2.10-cve-2014-8131-part2.patch, +libvirt-1.2.10-r2.ebuild: + Apply followup patch as well, CVE-2014-8131, bug #532204 11 Dec 2014; Matthias Maier <tamiko@gentoo.org> -libvirt-1.2.9-r2.ebuild: drop vulnerable version, CVE-2014-8131, bug #532204 diff --git a/app-emulation/libvirt/Manifest b/app-emulation/libvirt/Manifest index 539b0fc0ffa5..708237ea6516 100644 --- a/app-emulation/libvirt/Manifest +++ b/app-emulation/libvirt/Manifest @@ -2,6 +2,7 @@ Hash: SHA256 AUX libvirt-1.2.10-cve-2014-7823.patch 3066 SHA256 f5574d5b7f02700bd81596b451896163c8dcb1081d568338ed9810dbe0d759ef SHA512 1a13c0fd39671e417b7c338a4d4cada52c83527e726f23a59fb31b3f0777eec3b901761e7a62f07abec0968482a0410c0b28a145290755d68ea02f0b497d981c WHIRLPOOL 8ff93c91d1ab972cf46d90feb9b196e9b0516c3646809448660d200d7fbd205e9507323e63e9afd299ac7393d43f90ff7b1be2fc74ba8f5f64ce6c9ab37a3827 +AUX libvirt-1.2.10-cve-2014-8131-part2.patch 1413 SHA256 c2217f14db504f0366f06db091c5c2d7a433198606a25b0dd791d3b145b4dfdc SHA512 b745c7f62e300433d77785b5a5a66a5584a86a9387d6c2f09493e902f71a62fdc04809fee00ededa948576faff38f529410b53a8228f3a25008e69ece4ea57c2 WHIRLPOOL 07413bbbb743be2965270c08388a405fe6869530169721028de64d588d3d78ca2950ede8dd6438761755ac4d89069b6b87c7c9f8049ec418fba7ee81a8e9d6f7 AUX libvirt-1.2.10-cve-2014-8131.patch 2761 SHA256 1ecbb82ee50dfb91361cb2f55d1dc8e014e08223258dad2a1183d5d844cd7d62 SHA512 36913fbab2ad6499e0386765c106e3592348a77fb8cf10c74353be6299de4a1740a336a2b98efbceed982725cb688f6110e435a4033d9d7141031262a12e0da9 WHIRLPOOL a750d5025385f956a66a177e90332c0f19f7be6097d75bb7b5a2b050a893b0e4638dd1edc04f92219727fa3e069c4e6349ce52cd007472186c72f8c400b107ab AUX libvirt-1.2.9-cve-2014-7823.patch 3250 SHA256 bbc13c3061875de9b9a4c31e061d3797118564ce3c945dda44015d320c4bc8d1 SHA512 851d6662ada92e0566614ae315a0a630c4656349efee01884590856285653a36fd467c81e0f53e3ffc3a55e4106250014d79f0d73cbf39c0c821ac957300c019 WHIRLPOOL b9bfc2b3f09aebd4a6f4e170acd75c8d372c84aa84d5914f3e8807da184c74dca03f117ef621caf6d1e73f2026410b4421c9ea845a092edb95bdcaa34d92bc64 AUX libvirt-1.2.9-do_not_use_sysconf.patch 3879 SHA256 1a0c0b29c481097ee218cc752b11f00193a87a010feefc71ea3f56e041c5844d SHA512 cd8881ed2fd928e4fc122a8615fc328f515181129253cba1124c1faf48549729428113822b56034143e192c44944b1a40e83b960f742db64738e5bc05b9bb371 WHIRLPOOL 9413e40883d98d5d78a2c269786a2f640ec9689744ef431a4e9a092d251d33deda954ad8631520a04a16d8c30ca2e9b28bc8b78562f27267f80740901907a253 @@ -12,23 +13,24 @@ AUX libvirtd.service.conf 401 SHA256 1cfb6f7dec5746364d9a4cccddb4b63f8ccd0ebf8bf AUX virtlockd.init 437 SHA256 0894a839f85dff6f97bde514437935f4c1589ba4f2cbd3e0efe28753698694a1 SHA512 3d7b366736fb98acd26577e29a3c00592e7be038634fc3b51891f557426cd9945bf08a4486f1d62aa91ce7dc7d6bf96d7e57ef06a3a0b4aceb55b9e9c9e9b2da WHIRLPOOL d633a1a7358dbf7bd94d70f44753c9c346adfc78537643e5f379cea017d20e1097998ecfaf87e47e4e0f9216d43a3053af24e3129ecfb8f110f5283a769f368f DIST libvirt-1.2.10.tar.gz 30029503 SHA256 5050f4cea3dd59d3eca25c3d3f16085e10d624ecc18bd35820cd3dac6f46c08e SHA512 9cd5d2a604769cf70e388c367abcde27ee8d6d7043227f17dd2cac92a467ea06547374e1d83c7b1ee4c5322d8b3d9e4cbb6db373efae5eaaceed1b1376cbd09d WHIRLPOOL 986c1fd0128101f936897c97a36d646b8893d9ee0a223d05b004d73408a2720aeb9bb5fe3e4a7c476947021b89d955fb4a1b3a64dfe8dfe0d30dbfe75487b8fe EBUILD libvirt-1.2.10-r1.ebuild 12688 SHA256 47d6a27a388747723581b9f7390618b86660d7c94d403374c99554c1459402bc SHA512 754110bcb5ad22868e847a261f8f9f1a314016851b1e3aa5203878f6d2826627cb0894e8c7609902837c163db664ec3e24c4ed28608cd0de8b54d4040734a5ff WHIRLPOOL c56a59b59ab42a58d54f376828ef8c4bdf6a5d54651fec03c5da68ebf14c13f1f019273eb8c1428ccd31ca22e68c4a44a108362caa7e7db510c0bf3599bf4373 +EBUILD libvirt-1.2.10-r2.ebuild 12742 SHA256 c39f54d9367298ff00fca77bfaa311ac24e019b003dcd1163123a4dfac169958 SHA512 068ea4257082a7bd320019d5ff60455622459fefef405de94e6cb7b75c5fa03a54acd0a714ebf3d958f3ac08a5d850ae788a72911bbf8b8b406e7102f3d674f3 WHIRLPOOL 2e1d4205d261e6aa5b8c8a78ae380a399e096a5dbf43167c5d75ac9594be509c0afef65005fdfa79fb94b9afe1163df0e6c162fb779af9e84db6fc3efe5da9f8 EBUILD libvirt-9999.ebuild 12535 SHA256 0676fabd6df874db39ee2dd2b5fa68371b60b0d35ff7c8a795e946126a8239db SHA512 2de0cb161f528248e61efb192e58e002731a8fc7fef2e2a7133eff9468bdb30362124b1ccc361b38c8db815b17189fdb772ccc623af253acd3686b3b151f33a4 WHIRLPOOL 98f5d988f4e37cef561d6c58385c1002082cee045ae3d39be7cd0ecbcb2e3a3f203772c8e49aefeb373478260efdcd4fb590b4802a512767e7885bdc635fa635 -MISC ChangeLog 23435 SHA256 3151d7c16863e78607f7404965dcba8aaa57575855f464f86cc945f86562f110 SHA512 c1f7e6a187ab6ff1497262386d19b851e7ab84743b88df3857b98f4188b8e0480039d0343a992ed0378ed07336e11d2715c77b6d988a2413794023b98a49b261 WHIRLPOOL 6fe4b11ef0dc598543b4618137427cb549683d787990885a6ad4d4041371faafaaa0e0a8e5353a045d37e6d9a22636ca6f430ec1f39903a59a5eb1a3907a300f +MISC ChangeLog 23657 SHA256 9931353769382f2fd3c883bb5eed6ce4cdecb7b6f146021b83cacde48d6ca5ce SHA512 9fd85e3957fb352414228455fc587efb84b12ba2a49cc3d2acb6acf3754e3f6fcc0c318db5bc23e20e4170c0ed24e8eceb93d2b2dfadf6fef4b15310b1154bcc WHIRLPOOL 851d0f46a2bd19f83991df169ca23157e3117691c6925710c2dccf22b1333eaf05fc4bb077368324b79cd7b759c48ca4a410710ac8ec7d1ba0cbfeccb7a8d27f MISC metadata.xml 3736 SHA256 376b65feea8c2f85dccad2e564cc6111f2dc2de2a3b785a4c10af8c95c4920ee SHA512 93933d1ddfce67739e0647adce2f9253ae596429c794b73562737b508400a0fa7af93eae06808b088888b1d44f421ce4765cc6b56b9b5356140af80ca36bebfc WHIRLPOOL 7ef396db2e624c2798ba30ad4b8099237fb699c5e94cd1470ec6161a068f1e815930a87104545b4b98183784465a9a5f9dc051beb99ef1c5731e61f42f5c7381 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1 -iQIcBAEBCAAGBQJUiV4IAAoJELhOzYlK7nn/+5UP/1jCiL+nmk6hEQhrWl0/aP9r -xOgkrQAPRe3h7xycdAUDreQQy+QeMCppQdK7hVAdMQn/gbL36OBEKcdQY0yy+VxQ -3HplKP0Zd91J8w11s+Go84annQfBdPweNihoFtedgtXhKLb/9Hom8uxE5G8kWkSq -yD35mMhUI57QNgtQkvq5BqKMS3Kpwf+XeNxxK6EdWFLXmuEkg7fQ5Y+jv0in15IH -+u1CMXd1RFJUvc4I0ieKtemOy78H/ZRkZuXKmFclZ9WsCT9/AB+DcJXTGbUdSuj9 -RravG3A1LJiFVGKyeusOi0H4+mWzLQqXZUOMyywB/NwP5WuK4aUCCGgQpxxexoOb -b1w27ZFnnBYQgHsu44u+h3YnhK8iU5gf5K39zWNB6Dngq3HS3+88r/FflF5Iis93 -Vc2Fz29M4vsaR/Oh5JNPnOoq9mL5nhfc/SQTgtnP8XdBc0IWgQRNO2xMHc9JGGQY -wMV3iu2N5N4oHYA1GVCKUQNooZbFb27bVvW3ppospVH9qIwN6iH/m8+pkx01kEki -uooTLaK4Ad3ryUkIYf+q4SdZbrgTbRdUzUWfXzn95uNQKtoyD9v3VzLrawtKRm5e -dXG0htHjFVe6PNCYYrEsZNYCtqfmOYnCA/cPqrIxAIv9b2s79GGGbI70uXjdR6Xj -58DYxZYdrD2xpwgNBXwj -=mI1F +iQIcBAEBCAAGBQJUiayZAAoJELhOzYlK7nn/eecP/2erCPXs3t9rq5JAcKY24Dmt +wx8FvMztzHs+/qyPb3NNFZfMXJTchQqJ78FjbKxPDWDG23ijKK/9d4He/po0QsFr +54iyp/36Waa2cZZsdrBmCuKq5pVw/ItMMgbsLnTfseQdY5Wzxxs0DBi24MgmpdIm +bhX2piOhectjau5t4O/FWep1SG3H3jTp0HIP3J2ke5EzZOPN99EQrr6R11VZgvYD +wS4kgua5bnfjgtawLJIz0isyRWFuEmKkQc0KBHwIwKOjTnSQl0qmv+D6N7dz80Hh +6mLhE2EZcb46YmvkBEBnBHRyQ4TlWhJR1QvzZ0KFJkhNzrry6EyzgFfdksFCctAZ +kgNECDfhn8FSaSepHX9vbFMv1ofp+LNaFBbnqthjzEDvsoingaLCIgmt8HuQI85b +4n5DQ6TfHTbkmd1Gg/7qe6LSW7AR1eLAREQBfwmiamo33/Wrx2MzI18pB83OMCen +0l0igE7vaeaZXpdl3/Knhg0Z2yHdgWcsmOtS+hpavDM+fSiXugW3mxPHvm0ncCMS +LpA1BhAAh7mE7Mh2TgOqSlpwyVqaHItW0wedKq70+nQDaVfcwHwI0qmYrqVZ29/A +Gdr8nxUGQ9nPPhpRLpo2w05VNsOEttybKL4OrCWeEdmNoenbK7AyLhOfmPuGnfgD +/jUo6dcDMlfXEKqW2rOK +=QRRo -----END PGP SIGNATURE----- diff --git a/app-emulation/libvirt/files/libvirt-1.2.10-cve-2014-8131-part2.patch b/app-emulation/libvirt/files/libvirt-1.2.10-cve-2014-8131-part2.patch new file mode 100644 index 000000000000..2f8457a94a4e --- /dev/null +++ b/app-emulation/libvirt/files/libvirt-1.2.10-cve-2014-8131-part2.patch @@ -0,0 +1,38 @@ +From cb104ef734dfea12cb8826dba7e2c98912c4b7e1 Mon Sep 17 00:00:00 2001 +From: Francesco Romani <fromani@redhat.com> +Date: Thu, 11 Dec 2014 08:44:09 +0100 +Subject: [PATCH 17/20] qemu: bulk stats: Fix logic in monitor handling + +A logic bug in qemuConnectGetAllDomainStats makes the code mark the +monitor as available when qemuDomainObjBeginJob fails, instead of when +it succeeds, as the correct flow requires. + +This patch fixes the check and updates the code documentation +accordingly. + +Broken by commit 57023c0a3af4af1c547189c1f6712ed5edeb0c0b. + +Signed-off-by: Francesco Romani <fromani@redhat.com> +--- + src/qemu/qemu_driver.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index 830fca7..df3ba6d 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -18745,9 +18745,9 @@ qemuConnectGetAllDomainStats(virConnectPtr conn, + } + + if (HAVE_JOB(privflags) && +- qemuDomainObjBeginJob(driver, dom, QEMU_JOB_QUERY) < 0) +- /* As it was never requested. Gather as much as possible anyway. */ ++ qemuDomainObjBeginJob(driver, dom, QEMU_JOB_QUERY) == 0) + domflags |= QEMU_DOMAIN_STATS_HAVE_JOB; ++ /* else: without a job it's still possible to gather some data */ + + if (qemuDomainGetStats(conn, dom, stats, &tmp, domflags) < 0) + goto endjob; +-- +2.0.4 + diff --git a/app-emulation/libvirt/libvirt-1.2.10-r2.ebuild b/app-emulation/libvirt/libvirt-1.2.10-r2.ebuild new file mode 100644 index 000000000000..e7f04defc82b --- /dev/null +++ b/app-emulation/libvirt/libvirt-1.2.10-r2.ebuild @@ -0,0 +1,454 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-emulation/libvirt/libvirt-1.2.10-r2.ebuild,v 1.1 2014/12/11 14:39:20 tamiko Exp $ + +EAPI=5 + +AUTOTOOLIZE=yes + +MY_P="${P/_rc/-rc}" + +inherit eutils user autotools linux-info systemd readme.gentoo + +if [[ ${PV} = *9999* ]]; then + inherit git-r3 + EGIT_REPO_URI="git://libvirt.org/libvirt.git" + SRC_URI="" + KEYWORDS="" + SLOT="0" +else + # Versions with 4 numbers are stable updates: + if [[ ${PV} =~ ^[0-9]+(\.[0-9]+){3} ]]; then + SRC_URI="http://libvirt.org/sources/stable_updates/${MY_P}.tar.gz" + else + SRC_URI="http://libvirt.org/sources/${MY_P}.tar.gz" + fi + KEYWORDS="~amd64 ~x86" + SLOT="0/${PV}" +fi +S="${WORKDIR}/${P%_rc*}" + +DESCRIPTION="C toolkit to manipulate virtual machines" +HOMEPAGE="http://www.libvirt.org/" +LICENSE="LGPL-2.1" +IUSE="audit avahi +caps firewalld fuse iscsi +libvirtd lvm lxc +macvtap nfs \ + nls numa openvz parted pcap phyp policykit +qemu rbd sasl \ + selinux +udev uml +vepa virtualbox virt-network wireshark-plugins xen \ + elibc_glibc systemd" +REQUIRED_USE="libvirtd? ( || ( lxc openvz qemu uml virtualbox xen ) ) + lxc? ( caps libvirtd ) + openvz? ( libvirtd ) + qemu? ( libvirtd ) + uml? ( libvirtd ) + vepa? ( macvtap ) + virtualbox? ( libvirtd ) + xen? ( libvirtd ) + virt-network? ( libvirtd ) + firewalld? ( virt-network )" + +# gettext.sh command is used by the libvirt command wrappers, and it's +# non-optional, so put it into RDEPEND. +# We can use both libnl:1.1 and libnl:3, but if you have both installed, the +# package will use 3 by default. Since we don't have slot pinning in an API, +# we must go with the most recent +RDEPEND="sys-libs/readline + sys-libs/ncurses + >=net-misc/curl-7.18.0 + dev-libs/libgcrypt:0 + >=dev-libs/libxml2-2.7.6 + dev-libs/libnl:3 + >=net-libs/gnutls-1.0.25 + net-libs/libssh2 + sys-apps/dmidecode + >=sys-apps/util-linux-2.17 + sys-devel/gettext + >=net-analyzer/netcat6-1.0-r2 + app-misc/scrub + audit? ( sys-process/audit ) + avahi? ( >=net-dns/avahi-0.6[dbus] ) + caps? ( sys-libs/libcap-ng ) + fuse? ( >=sys-fs/fuse-2.8.6 ) + iscsi? ( sys-block/open-iscsi ) + lxc? ( !systemd? ( sys-power/pm-utils ) ) + lvm? ( >=sys-fs/lvm2-2.02.48-r2 ) + nfs? ( net-fs/nfs-utils ) + numa? ( + >sys-process/numactl-2.0.2 + sys-process/numad + ) + openvz? ( sys-kernel/openvz-sources ) + parted? ( + >=sys-block/parted-1.8[device-mapper] + sys-fs/lvm2 + ) + pcap? ( >=net-libs/libpcap-1.0.0 ) + policykit? ( >=sys-auth/polkit-0.9 ) + qemu? ( + >=app-emulation/qemu-0.13.0 + dev-libs/yajl + !systemd? ( sys-power/pm-utils ) + ) + rbd? ( sys-cluster/ceph ) + sasl? ( dev-libs/cyrus-sasl ) + selinux? ( >=sys-libs/libselinux-2.0.85 ) + systemd? ( sys-apps/systemd ) + virtualbox? ( || ( app-emulation/virtualbox >=app-emulation/virtualbox-bin-2.2.0 ) ) + wireshark-plugins? ( net-analyzer/wireshark:= ) + xen? ( app-emulation/xen-tools app-emulation/xen ) + udev? ( virtual/udev >=x11-libs/libpciaccess-0.10.9 ) + virt-network? ( net-dns/dnsmasq[script] + >=net-firewall/iptables-1.4.10 + net-misc/radvd + net-firewall/ebtables + sys-apps/iproute2[-minimal] + firewalld? ( net-firewall/firewalld ) + ) + elibc_glibc? ( || ( >=net-libs/libtirpc-0.2.2-r1 <sys-libs/glibc-2.14 ) )" + +DEPEND="${RDEPEND} + virtual/pkgconfig + app-text/xhtml1 + dev-lang/perl + dev-libs/libxslt" + +DOC_CONTENTS="For the basic networking support (bridged and routed networks) +you don't need any extra software. For more complex network modes +including but not limited to NATed network, you can enable the +'virt-network' USE flag.\n\n +If you are using dnsmasq on your system, you will have +to configure /etc/dnsmasq.conf to enable the following settings:\n\n + bind-interfaces\n + interface or except-interface\n\n +Otherwise you might have issues with your existing DNS server." + +LXC_CONFIG_CHECK=" + ~CGROUPS + ~CGROUP_FREEZER + ~CGROUP_DEVICE + ~CGROUP_CPUACCT + ~CGROUP_SCHED + ~CGROUP_PERF + ~BLK_CGROUP + ~NET_CLS_CGROUP + ~CGROUP_NET_PRIO + ~CPUSETS + ~RESOURCE_COUNTERS + ~NAMESPACES + ~UTS_NS + ~IPC_NS + ~PID_NS + ~NET_NS + ~USER_NS + ~DEVPTS_MULTIPLE_INSTANCES + ~VETH + ~MACVLAN + ~POSIX_MQUEUE + ~SECURITYFS + ~!GRKERNSEC_CHROOT_MOUNT + ~!GRKERNSEC_CHROOT_DOUBLE + ~!GRKERNSEC_CHROOT_PIVOT + ~!GRKERNSEC_CHROOT_CHMOD + ~!GRKERNSEC_CHROOT_CAPS +" + +VIRTNET_CONFIG_CHECK=" + ~BRIDGE_NF_EBTABLES + ~BRIDGE_EBT_MARK_T + ~NETFILTER_ADVANCED + ~NETFILTER_XT_TARGET_CHECKSUM + ~NETFILTER_XT_CONNMARK + ~NETFILTER_XT_MARK +" + +BWLMT_CONFIG_CHECK=" + ~BRIDGE_EBT_T_NAT + ~NET_SCH_HTB + ~NET_SCH_SFQ + ~NET_SCH_INGRESS + ~NET_CLS_FW + ~NET_CLS_U32 + ~NET_ACT_POLICE +" + +MACVTAP_CONFIG_CHECK=" ~MACVTAP" + +LVM_CONFIG_CHECK=" ~BLK_DEV_DM ~DM_SNAPSHOT ~DM_MULTIPATH" + +ERROR_USER_NS="Optional depending on LXC configuration." + +pkg_setup() { + enewgroup qemu 77 + enewuser qemu 77 -1 -1 qemu kvm + + # Some people used the masked ebuild which was not adding the qemu + # user to the kvm group originally. This results in VMs failing to + # start for some users. bug #430808 + egetent group kvm | grep -q qemu + if [[ $? -ne 0 ]]; then + gpasswd -a qemu kvm + fi + + # Handle specific kernel versions for different features + kernel_is lt 3 6 && LXC_CONFIG_CHECK+=" ~CGROUP_MEM_RES_CTLR" + kernel_is ge 3 6 && LXC_CONFIG_CHECK+=" ~MEMCG ~MEMCG_SWAP ~MEMCG_KMEM" + + CONFIG_CHECK="" + use fuse && CONFIG_CHECK+=" ~FUSE_FS" + use lvm && CONFIG_CHECK+="${LVM_CONFIG_CHECK}" + use lxc && CONFIG_CHECK+="${LXC_CONFIG_CHECK}" + use macvtap && CONFIG_CHECK+="${MACVTAP_CONFIG_CHECK}" + use virt-network && CONFIG_CHECK+="${VIRTNET_CONFIG_CHECK}" + # Bandwidth Limiting Support + use virt-network && CONFIG_CHECK+="${BWLMT_CONFIG_CHECK}" + if [[ -n ${CONFIG_CHECK} ]]; then + linux-info_pkg_setup + fi +} + +src_prepare() { + touch "${S}/.mailmap" + + if [[ ${PV} = *9999* ]]; then + # git checkouts require bootstrapping to create the configure script. + # Additionally the submodules must be cloned to the right locations + # bug #377279 + ./bootstrap || die "bootstrap failed" + ( + git submodule status | sed 's/^[ +-]//;s/ .*//' + git hash-object bootstrap.conf + ) >.git-module-status + fi + + epatch \ + "${FILESDIR}"/${PN}-1.2.9-do_not_use_sysconf.patch \ + "${FILESDIR}"/${PN}-1.2.9-fix-firewalld-configuration.patch \ + "${FILESDIR}"/${P}-cve-2014-7823.patch \ + "${FILESDIR}"/${P}-cve-2014-8131.patch \ + "${FILESDIR}"/${P}-cve-2014-8131-part2.patch + + epatch_user + + [[ -n ${AUTOTOOLIZE} ]] && eautoreconf + + # Tweak the init script + local avahi_init= + local iscsi_init= + local rbd_init= + local firewalld_init= + cp "${FILESDIR}/libvirtd.init-r13" "${S}/libvirtd.init" + use avahi && avahi_init='avahi-daemon' + use iscsi && iscsi_init='iscsid' + use rbd && rbd_init='ceph' + use firewalld && firewalld_init='need firewalld' + + sed -e "s/USE_FLAG_FIREWALLD/${firewalld_init}/" -i "${S}/libvirtd.init" + sed -e "s/USE_FLAG_AVAHI/${avahi_init}/" -i "${S}/libvirtd.init" + sed -e "s/USE_FLAG_ISCSI/${iscsi_init}/" -i "${S}/libvirtd.init" + sed -e "s/USE_FLAG_RBD/${rbd_init}/" -i "${S}/libvirtd.init" +} + +src_configure() { + local myconf="" + + ## enable/disable daemon, otherwise client only utils + myconf+=" $(use_with libvirtd)" + + ## enable/disable the daemon using avahi to find VMs + myconf+=" $(use_with avahi)" + + ## hypervisors on the local host + myconf+=" $(use_with xen) $(use_with xen xen-inotify)" + myconf+=" --without-xenapi" + if use xen && has_version ">=app-emulation/xen-tools-4.2.0"; then + myconf+=" --with-libxl" + else + myconf+=" --without-libxl" + fi + myconf+=" $(use_with openvz)" + myconf+=" $(use_with lxc)" + if use virtualbox && has_version app-emulation/virtualbox-ose; then + myconf+=" --with-vbox=/usr/lib/virtualbox-ose/" + else + myconf+=" $(use_with virtualbox vbox)" + fi + myconf+=" $(use_with uml)" + myconf+=" $(use_with qemu)" + myconf+=" $(use_with qemu yajl)" # Use QMP over HMP + myconf+=" $(use_with phyp)" + myconf+=" --with-esx" + myconf+=" --with-vmware" + + ## additional host drivers + myconf+=" $(use_with virt-network network)" + myconf+=" --with-storage-fs" + myconf+=" $(use_with lvm storage-lvm)" + myconf+=" $(use_with iscsi storage-iscsi)" + myconf+=" $(use_with parted storage-disk)" + myconf+=" $(use_with lvm storage-mpath)" + myconf+=" $(use_with rbd storage-rbd)" + myconf+=" $(use_with numa numactl)" + myconf+=" $(use_with numa numad)" + myconf+=" $(use_with selinux)" + myconf+=" $(use_with fuse)" + + # udev for device support details + myconf+=" $(use_with udev)" + myconf+=" --without-hal" + + # linux capability support so we don't need privileged accounts + myconf+=" $(use_with caps capng)" + + ## auth stuff + myconf+=" $(use_with policykit polkit)" + myconf+=" $(use_with sasl)" + + # network bits + myconf+=" $(use_with macvtap)" + myconf+=" $(use_with pcap libpcap)" + myconf+=" $(use_with vepa virtualport)" + myconf+=" $(use_with firewalld)" + + ## other + myconf+=" $(use_enable nls)" + + # user privilege bits fir qemu/kvm + if use caps; then + myconf+=" --with-qemu-user=qemu" + myconf+=" --with-qemu-group=qemu" + else + myconf+=" --with-qemu-user=root" + myconf+=" --with-qemu-group=root" + fi + + # audit support + myconf+=" $(use_with audit)" + + # wireshark dissector + myconf+=" $(use_with wireshark-plugins wireshark-dissector)" + + ## stuff we don't yet support + myconf+=" --without-netcf" + + # locking support + myconf+=" --without-sanlock" + + # systemd unit files + myconf+=" $(use_with systemd systemd-daemon)" + use systemd && myconf+=" --with-init-script=systemd" + + # this is a nasty trick to work around the problem in bug + # #275073. The reason why we don't solve this properly is that + # it'll require us to rebuild autotools (and we don't really want + # to do that right now). The proper solution has been sent + # upstream and should hopefully land in 0.7.7, in the mean time, + # mime the same functionality with this. + case ${CHOST} in + *cygwin* | *mingw* ) + ;; + *) + ac_cv_prog_WINDRES=no + ;; + esac + + econf \ + ${myconf} \ + --disable-static \ + --disable-werror \ + --with-remote \ + --docdir=/usr/share/doc/${PF} \ + --localstatedir=/var + + if [[ ${PV} = *9999* ]]; then + # Restore gnulib's config.sub and config.guess + # bug #377279 + (cd .gnulib && git reset --hard > /dev/null) + fi +} + +src_test() { + # Explicitly allow parallel build of tests + export VIR_TEST_DEBUG=1 + HOME="${T}" emake check || die "tests failed" +} + +src_install() { + emake install \ + DESTDIR="${D}" \ + HTML_DIR=/usr/share/doc/${PF}/html \ + DOCS_DIR=/usr/share/doc/${PF} \ + EXAMPLE_DIR=/usr/share/doc/${PF}/examples \ + SYSTEMD_UNIT_DIR="$(systemd_get_unitdir)" \ + || die "emake install failed" + + find "${D}" -name '*.la' -delete || die + + # Remove bogus, empty directories. They are either not used, or + # libvirtd is able to create them on demand + rm -rf "${D}"/etc/sysconf + rm -rf "${D}"/var/cache + rm -rf "${D}"/var/run + rm -rf "${D}"/var/log + + use libvirtd || return 0 + # From here, only libvirtd-related instructions, be warned! + + use systemd && \ + systemd_install_serviced "${FILESDIR}"/libvirtd.service.conf libvirtd + + newinitd "${S}/libvirtd.init" libvirtd || die + newconfd "${FILESDIR}/libvirtd.confd-r4" libvirtd || die + newinitd "${FILESDIR}/virtlockd.init" virtlockd || die + + readme.gentoo_create_doc +} + +pkg_preinst() { + # we only ever want to generate this once + if [[ -e "${ROOT}"/etc/libvirt/qemu/networks/default.xml ]]; then + rm -rf "${D}"/etc/libvirt/qemu/networks/default.xml + fi + + # We really don't want to use or support old PolicyKit cause it + # screws with the new polkit integration + if has_version sys-auth/policykit; then + rm -rf "${D}"/usr/share/PolicyKit/policy/org.libvirt.unix.policy + fi + + # Only sysctl files ending in .conf work + dodir /etc/sysctl.d + mv "${D}"/usr/lib/sysctl.d/libvirtd.conf "${D}"/etc/sysctl.d/libvirtd.conf +} + +pkg_postinst() { + if [[ -e "${ROOT}"/etc/libvirt/qemu/networks/default.xml ]]; then + touch "${ROOT}"/etc/libvirt/qemu/networks/default.xml + fi + + if ! use policykit; then + elog "To allow normal users to connect to libvirtd you must change the" + elog "unix sock group and/or perms in /etc/libvirt/libvirtd.conf" + fi + + use libvirtd || return 0 + # From here, only libvirtd-related instructions, be warned! + + readme.gentoo_print_elog + + if use caps && use qemu; then + elog "libvirt will now start qemu/kvm VMs with non-root privileges." + elog "Ensure any resources your VMs use are accessible by qemu:qemu" + fi + + if [[ -n "${REPLACING_VERSIONS}" ]]; then + elog "" + elog "The systemd service-file configuration under /etc/sysconfig has" + elog "been removed. Please use" + elog " /etc/systemd/system/libvirt.d/00gentoo.conf" + elog "to control the '--listen' parameter for libvirtd. The configuration" + elog "for the libvirt-guests.service is now found under" + elog " /etc/libvirt/libvirt-guests.conf" + elog "The openrc configuration has not been changed. Thus no action is" + elog "required for the openrc service manager." + elog "" + fi +} |