[arch-commits] Commit in libvirt/repos/community-x86_64 (13 files)
Sergej Pupykin
spupykin at nymeria.archlinux.org
Wed Sep 25 13:45:00 UTC 2013
Date: Wednesday, September 25, 2013 @ 15:45:00
Author: spupykin
Revision: 97608
archrelease: copy trunk to community-x86_64
Added:
libvirt/repos/community-x86_64/0001-Also-store-user-group-ID-values-in-virIdentity.patch
(from rev 97607, libvirt/trunk/0001-Also-store-user-group-ID-values-in-virIdentity.patch)
libvirt/repos/community-x86_64/0002-Ensure-system-identity-includes-process-start-time.patch
(from rev 97607, libvirt/trunk/0002-Ensure-system-identity-includes-process-start-time.patch)
libvirt/repos/community-x86_64/0003-Add-support-for-using-3-arg-pkcheck-syntax-for-proce.patch
(from rev 97607, libvirt/trunk/0003-Add-support-for-using-3-arg-pkcheck-syntax-for-proce.patch)
libvirt/repos/community-x86_64/PKGBUILD
(from rev 97607, libvirt/trunk/PKGBUILD)
libvirt/repos/community-x86_64/libvirt.install
(from rev 97607, libvirt/trunk/libvirt.install)
libvirt/repos/community-x86_64/libvirt.tmpfiles.d
(from rev 97607, libvirt/trunk/libvirt.tmpfiles.d)
libvirt/repos/community-x86_64/libvirtd-guests.conf.d
(from rev 97607, libvirt/trunk/libvirtd-guests.conf.d)
libvirt/repos/community-x86_64/libvirtd.conf.d
(from rev 97607, libvirt/trunk/libvirtd.conf.d)
Deleted:
libvirt/repos/community-x86_64/PKGBUILD
libvirt/repos/community-x86_64/libvirt.install
libvirt/repos/community-x86_64/libvirt.tmpfiles.d
libvirt/repos/community-x86_64/libvirtd-guests.conf.d
libvirt/repos/community-x86_64/libvirtd.conf.d
-----------------------------------------------------------------+
0001-Also-store-user-group-ID-values-in-virIdentity.patch | 156 ++++++++
0002-Ensure-system-identity-includes-process-start-time.patch | 70 +++
0003-Add-support-for-using-3-arg-pkcheck-syntax-for-proce.patch | 159 ++++++++
PKGBUILD | 180 +++++-----
libvirt.install | 38 +-
libvirt.tmpfiles.d | 8
libvirtd-guests.conf.d | 22 -
libvirtd.conf.d | 6
8 files changed, 519 insertions(+), 120 deletions(-)
Copied: libvirt/repos/community-x86_64/0001-Also-store-user-group-ID-values-in-virIdentity.patch (from rev 97607, libvirt/trunk/0001-Also-store-user-group-ID-values-in-virIdentity.patch)
===================================================================
--- 0001-Also-store-user-group-ID-values-in-virIdentity.patch (rev 0)
+++ 0001-Also-store-user-group-ID-values-in-virIdentity.patch 2013-09-25 13:45:00 UTC (rev 97608)
@@ -0,0 +1,156 @@
+From 02432e3afa32e9866fbf1317069b422ef552d1d4 Mon Sep 17 00:00:00 2001
+From: "Daniel P. Berrange" <berrange at redhat.com>
+Date: Thu, 22 Aug 2013 16:00:01 +0100
+Subject: [PATCH 1/3] Also store user & group ID values in virIdentity
+
+Future improvements to the polkit code will require access to
+the numeric user ID, not merely user name.
+
+Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
+---
+ src/rpc/virnetserverclient.c | 18 ++++++++++++++++++
+ src/util/viridentity.c | 23 +++++++++++++++++++----
+ src/util/viridentity.h | 2 ++
+ 3 files changed, 39 insertions(+), 4 deletions(-)
+
+diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c
+index 83d5cf1..f30dd08 100644
+--- a/src/rpc/virnetserverclient.c
++++ b/src/rpc/virnetserverclient.c
+@@ -652,7 +652,9 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
+ char *processid = NULL;
+ char *processtime = NULL;
+ char *username = NULL;
++ char *userid = NULL;
+ char *groupname = NULL;
++ char *groupid = NULL;
+ #if WITH_SASL
+ char *saslname = NULL;
+ #endif
+@@ -672,8 +674,12 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
+
+ if (!(username = virGetUserName(uid)))
+ goto cleanup;
++ if (virAsprintf(&userid, "%d", uid) < 0)
++ goto cleanup;
+ if (!(groupname = virGetGroupName(gid)))
+ goto cleanup;
++ if (virAsprintf(&userid, "%d", gid) < 0)
++ goto cleanup;
+ if (virAsprintf(&processid, "%llu",
+ (unsigned long long)pid) < 0)
+ goto cleanup;
+@@ -710,11 +716,21 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
+ VIR_IDENTITY_ATTR_UNIX_USER_NAME,
+ username) < 0)
+ goto error;
++ if (userid &&
++ virIdentitySetAttr(ret,
++ VIR_IDENTITY_ATTR_UNIX_USER_ID,
++ userid) < 0)
++ goto error;
+ if (groupname &&
+ virIdentitySetAttr(ret,
+ VIR_IDENTITY_ATTR_UNIX_GROUP_NAME,
+ groupname) < 0)
+ goto error;
++ if (groupid &&
++ virIdentitySetAttr(ret,
++ VIR_IDENTITY_ATTR_UNIX_GROUP_ID,
++ groupid) < 0)
++ goto error;
+ if (processid &&
+ virIdentitySetAttr(ret,
+ VIR_IDENTITY_ATTR_UNIX_PROCESS_ID,
+@@ -745,7 +761,9 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
+
+ cleanup:
+ VIR_FREE(username);
++ VIR_FREE(userid);
+ VIR_FREE(groupname);
++ VIR_FREE(groupid);
+ VIR_FREE(processid);
+ VIR_FREE(processtime);
+ VIR_FREE(seccontext);
+diff --git a/src/util/viridentity.c b/src/util/viridentity.c
+index 781f660..03c375b 100644
+--- a/src/util/viridentity.c
++++ b/src/util/viridentity.c
+@@ -133,7 +133,9 @@ int virIdentitySetCurrent(virIdentityPtr ident)
+ virIdentityPtr virIdentityGetSystem(void)
+ {
+ char *username = NULL;
++ char *userid = NULL;
+ char *groupname = NULL;
++ char *groupid = NULL;
+ char *seccontext = NULL;
+ virIdentityPtr ret = NULL;
+ #if WITH_SELINUX
+@@ -147,8 +149,13 @@ virIdentityPtr virIdentityGetSystem(void)
+
+ if (!(username = virGetUserName(getuid())))
+ goto cleanup;
++ if (virAsprintf(&userid, "%d", (int)getuid()) < 0)
++ goto cleanup;
++
+ if (!(groupname = virGetGroupName(getgid())))
+ goto cleanup;
++ if (virAsprintf(&groupid, "%d", (int)getgid()) < 0)
++ goto cleanup;
+
+ #if WITH_SELINUX
+ if (getcon(&con) < 0) {
+@@ -166,16 +173,22 @@ virIdentityPtr virIdentityGetSystem(void)
+ if (!(ret = virIdentityNew()))
+ goto cleanup;
+
+- if (username &&
+- virIdentitySetAttr(ret,
++ if (virIdentitySetAttr(ret,
+ VIR_IDENTITY_ATTR_UNIX_USER_NAME,
+ username) < 0)
+ goto error;
+- if (groupname &&
+- virIdentitySetAttr(ret,
++ if (virIdentitySetAttr(ret,
++ VIR_IDENTITY_ATTR_UNIX_USER_ID,
++ userid) < 0)
++ goto error;
++ if (virIdentitySetAttr(ret,
+ VIR_IDENTITY_ATTR_UNIX_GROUP_NAME,
+ groupname) < 0)
+ goto error;
++ if (virIdentitySetAttr(ret,
++ VIR_IDENTITY_ATTR_UNIX_GROUP_ID,
++ groupid) < 0)
++ goto error;
+ if (seccontext &&
+ virIdentitySetAttr(ret,
+ VIR_IDENTITY_ATTR_SELINUX_CONTEXT,
+@@ -188,7 +201,9 @@ virIdentityPtr virIdentityGetSystem(void)
+
+ cleanup:
+ VIR_FREE(username);
++ VIR_FREE(userid);
+ VIR_FREE(groupname);
++ VIR_FREE(groupid);
+ VIR_FREE(seccontext);
+ VIR_FREE(processid);
+ return ret;
+diff --git a/src/util/viridentity.h b/src/util/viridentity.h
+index 4bae8d6..a240c2d 100644
+--- a/src/util/viridentity.h
++++ b/src/util/viridentity.h
+@@ -29,7 +29,9 @@ typedef virIdentity *virIdentityPtr;
+
+ typedef enum {
+ VIR_IDENTITY_ATTR_UNIX_USER_NAME,
++ VIR_IDENTITY_ATTR_UNIX_USER_ID,
+ VIR_IDENTITY_ATTR_UNIX_GROUP_NAME,
++ VIR_IDENTITY_ATTR_UNIX_GROUP_ID,
+ VIR_IDENTITY_ATTR_UNIX_PROCESS_ID,
+ VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME,
+ VIR_IDENTITY_ATTR_SASL_USER_NAME,
+--
+1.8.3.1
+
Copied: libvirt/repos/community-x86_64/0002-Ensure-system-identity-includes-process-start-time.patch (from rev 97607, libvirt/trunk/0002-Ensure-system-identity-includes-process-start-time.patch)
===================================================================
--- 0002-Ensure-system-identity-includes-process-start-time.patch (rev 0)
+++ 0002-Ensure-system-identity-includes-process-start-time.patch 2013-09-25 13:45:00 UTC (rev 97608)
@@ -0,0 +1,70 @@
+From f26b6e44bf0c3efe8167a528141224ccb7623b4a Mon Sep 17 00:00:00 2001
+From: "Daniel P. Berrange" <berrange at redhat.com>
+Date: Wed, 28 Aug 2013 15:22:05 +0100
+Subject: [PATCH 2/3] Ensure system identity includes process start time
+
+The polkit access driver will want to use the process start
+time field. This was already set for network identities, but
+not for the system identity.
+
+Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
+---
+ src/util/viridentity.c | 16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+
+diff --git a/src/util/viridentity.c b/src/util/viridentity.c
+index 03c375b..f681f85 100644
+--- a/src/util/viridentity.c
++++ b/src/util/viridentity.c
+@@ -35,6 +35,7 @@
+ #include "virthread.h"
+ #include "virutil.h"
+ #include "virstring.h"
++#include "virprocess.h"
+
+ #define VIR_FROM_THIS VIR_FROM_IDENTITY
+
+@@ -142,11 +143,20 @@ virIdentityPtr virIdentityGetSystem(void)
+ security_context_t con;
+ #endif
+ char *processid = NULL;
++ unsigned long long timestamp;
++ char *processtime = NULL;
+
+ if (virAsprintf(&processid, "%llu",
+ (unsigned long long)getpid()) < 0)
+ goto cleanup;
+
++ if (virProcessGetStartTime(getpid(), ×tamp) < 0)
++ goto cleanup;
++
++ if (timestamp != 0 &&
++ virAsprintf(&processtime, "%llu", timestamp) < 0)
++ goto cleanup;
++
+ if (!(username = virGetUserName(getuid())))
+ goto cleanup;
+ if (virAsprintf(&userid, "%d", (int)getuid()) < 0)
+@@ -198,6 +208,11 @@ virIdentityPtr virIdentityGetSystem(void)
+ VIR_IDENTITY_ATTR_UNIX_PROCESS_ID,
+ processid) < 0)
+ goto error;
++ if (processtime &&
++ virIdentitySetAttr(ret,
++ VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME,
++ processtime) < 0)
++ goto error;
+
+ cleanup:
+ VIR_FREE(username);
+@@ -206,6 +221,7 @@ cleanup:
+ VIR_FREE(groupid);
+ VIR_FREE(seccontext);
+ VIR_FREE(processid);
++ VIR_FREE(processtime);
+ return ret;
+
+ error:
+--
+1.8.3.1
+
Copied: libvirt/repos/community-x86_64/0003-Add-support-for-using-3-arg-pkcheck-syntax-for-proce.patch (from rev 97607, libvirt/trunk/0003-Add-support-for-using-3-arg-pkcheck-syntax-for-proce.patch)
===================================================================
--- 0003-Add-support-for-using-3-arg-pkcheck-syntax-for-proce.patch (rev 0)
+++ 0003-Add-support-for-using-3-arg-pkcheck-syntax-for-proce.patch 2013-09-25 13:45:00 UTC (rev 97608)
@@ -0,0 +1,159 @@
+From 4a061ec8fe94857dd21acf401c66195ec51b1234 Mon Sep 17 00:00:00 2001
+From: "Daniel P. Berrange" <berrange at redhat.com>
+Date: Wed, 28 Aug 2013 15:25:40 +0100
+Subject: [PATCH 3/3] Add support for using 3-arg pkcheck syntax for process
+
+With the existing pkcheck (pid, start time) tuple for identifying
+the process, there is a race condition, where a process can make
+a libvirt RPC call and in another thread exec a setuid application,
+causing it to change to effective UID 0. This in turn causes polkit
+to do its permission check based on the wrong UID.
+
+To address this, libvirt must get the UID the caller had at time
+of connect() (from SO_PEERCRED) and pass a (pid, start time, uid)
+triple to the pkcheck program.
+
+Signed-off-by: Colin Walters <walters at redhat.com>
+Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
+---
+ configure.ac | 8 ++++++++
+ daemon/remote.c | 21 +++++++++++++++++---
+ src/access/viraccessdriverpolkit.c | 40 +++++++++++++++++++++++++++++++++-----
+ 3 files changed, 61 insertions(+), 8 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 94a2e19..3dfbb4d 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1184,6 +1184,14 @@ if test "x$with_polkit" = "xyes" || test "x$with_polkit" = "xcheck"; then
+ AC_PATH_PROG([PKCHECK_PATH],[pkcheck], [], [/usr/sbin:$PATH])
+ if test "x$PKCHECK_PATH" != "x" ; then
+ AC_DEFINE_UNQUOTED([PKCHECK_PATH],["$PKCHECK_PATH"],[Location of pkcheck program])
++ AC_MSG_CHECKING([whether pkcheck supports uid value])
++ pkcheck_supports_uid=$($PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1)
++ if test "x$pkcheck_supports_uid" = "xtrue"; then
++ AC_MSG_RESULT([yes])
++ AC_DEFINE_UNQUOTED([PKCHECK_SUPPORTS_UID], 1, [Pass uid to pkcheck])
++ else
++ AC_MSG_RESULT([no])
++ fi
+ AC_DEFINE_UNQUOTED([WITH_POLKIT], 1,
+ [use PolicyKit for UNIX socket access checks])
+ AC_DEFINE_UNQUOTED([WITH_POLKIT1], 1,
+diff --git a/daemon/remote.c b/daemon/remote.c
+index 03d5557..6132091 100644
+--- a/daemon/remote.c
++++ b/daemon/remote.c
+@@ -2731,10 +2731,12 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
+ int status = -1;
+ char *ident = NULL;
+ bool authdismissed = 0;
++ bool supportsuid = 0;
+ char *pkout = NULL;
+ struct daemonClientPrivate *priv =
+ virNetServerClientGetPrivateData(client);
+ virCommandPtr cmd = NULL;
++ static bool polkitInsecureWarned = false;
+
+ virMutexLock(&priv->lock);
+ action = virNetServerClientGetReadonly(client) ?
+@@ -2756,14 +2758,27 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
+ goto authfail;
+ }
+
++ if (timestamp == 0) {
++ VIR_WARN("Failing polkit auth due to missing client (pid=%lld) start time",
++ (long long)callerPid);
++ goto authfail;
++ }
++
+ VIR_INFO("Checking PID %lld running as %d",
+ (long long) callerPid, callerUid);
+
+ virCommandAddArg(cmd, "--process");
+- if (timestamp != 0) {
+- virCommandAddArgFormat(cmd, "%lld,%llu", (long long) callerPid, timestamp);
++# ifdef PKCHECK_SUPPORTS_UID
++ supportsuid = 1;
++# endif
++ if (supportsuid) {
++ virCommandAddArgFormat(cmd, "%lld,%llu,%lu", (long long) callerPid, timestamp, (unsigned long) callerUid);
+ } else {
+- virCommandAddArgFormat(cmd, "%lld", (long long) callerPid);
++ if (!polkitInsecureWarned) {
++ VIR_WARN("No support for caller UID with pkcheck. This deployment is known to be insecure.");
++ polkitInsecureWarned = true;
++ }
++ virCommandAddArgFormat(cmd, "%lld,%llu", (long long) callerPid, timestamp);
+ }
+ virCommandAddArg(cmd, "--allow-user-interaction");
+
+diff --git a/src/access/viraccessdriverpolkit.c b/src/access/viraccessdriverpolkit.c
+index 4c76e64..d980820 100644
+--- a/src/access/viraccessdriverpolkit.c
++++ b/src/access/viraccessdriverpolkit.c
+@@ -72,8 +72,12 @@ static char *
+ virAccessDriverPolkitFormatProcess(const char *actionid)
+ {
+ virIdentityPtr identity = virIdentityGetCurrent();
+- const char *process = NULL;
++ const char *callerPid = NULL;
++ const char *callerTime = NULL;
++ const char *callerUid = NULL;
+ char *ret = NULL;
++ bool supportsuid = 0;
++ static bool polkitInsecureWarned = false;
+
+ if (!identity) {
+ virAccessError(VIR_ERR_ACCESS_DENIED,
+@@ -81,17 +85,43 @@ virAccessDriverPolkitFormatProcess(const char *actionid)
+ actionid);
+ return NULL;
+ }
+- if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, &process) < 0)
++ if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, &callerPid) < 0)
++ goto cleanup;
++ if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME, &callerTime) < 0)
++ goto cleanup;
++ if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_USER_ID, &callerUid) < 0)
+ goto cleanup;
+
+- if (!process) {
++ if (!callerPid) {
+ virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("No UNIX process ID available"));
+ goto cleanup;
+ }
+-
+- if (VIR_STRDUP(ret, process) < 0)
++ if (!callerTime) {
++ virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
++ _("No UNIX process start time available"));
++ goto cleanup;
++ }
++ if (!callerUid) {
++ virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
++ _("No UNIX caller UID available"));
+ goto cleanup;
++ }
++
++#ifdef PKCHECK_SUPPORTS_UID
++ supportsuid = 1;
++#endif
++ if (supportsuid) {
++ if (virAsprintf(&ret, "%s,%s,%s", callerPid, callerTime, callerUid) < 0)
++ goto cleanup;
++ } else {
++ if (!polkitInsecureWarned) {
++ VIR_WARN("No support for caller UID with pkcheck. This deployment is known to be insecure.");
++ polkitInsecureWarned = true;
++ }
++ if (virAsprintf(&ret, "%s,%s", callerPid, callerTime) < 0)
++ goto cleanup;
++ }
+
+ cleanup:
+ virObjectUnref(identity);
+--
+1.8.3.1
+
Deleted: PKGBUILD
===================================================================
--- PKGBUILD 2013-09-25 13:41:26 UTC (rev 97607)
+++ PKGBUILD 2013-09-25 13:45:00 UTC (rev 97608)
@@ -1,83 +0,0 @@
-# $Id$
-# Maintainer: Sergej Pupykin <pupykin.s+arch at gmail.com>
-# Contributor: Jonathan Wiersma <archaur at jonw dot org>
-
-pkgname=libvirt
-pkgver=1.1.2
-pkgrel=1
-pkgdesc="API for controlling virtualization engines (openvz,kvm,qemu,virtualbox,xen,etc)"
-arch=('i686' 'x86_64')
-url="http://libvirt.org/"
-license=('LGPL')
-depends=('e2fsprogs' 'gnutls' 'iptables' 'libxml2' 'parted' 'polkit' 'python2'
- 'avahi' 'yajl' 'libpciaccess' 'udev' 'dbus-core' 'libxau' 'libxdmcp' 'libpcap'
- 'curl' 'libsasl' 'libgcrypt' 'libgpg-error' 'openssl' 'libxcb' 'gcc-libs'
- 'iproute2' 'libnl' 'libx11' 'audit' 'numactl')
-makedepends=('pkgconfig' 'lvm2' 'linux-api-headers' 'dnsmasq')
-optdepends=('bridge-utils: for briged networking (default)'
- 'dnsmasq: for NAT/DHCP for guests'
- 'openbsd-netcat: for remote management over ssh'
- 'qemu'
- 'radvd'
- 'dmidecode'
- 'ebtables')
-options=('emptydirs' '!libtool')
-backup=('etc/conf.d/libvirtd'
- 'etc/conf.d/libvirt-guests'
- 'etc/libvirt/libvirtd.conf'
- 'etc/libvirt/libvirt.conf'
- 'etc/libvirt/qemu.conf'
- 'etc/sasl2/libvirt.conf')
-install="libvirt.install"
-source=("http://libvirt.org/sources/$pkgname-$pkgver.tar.gz"
- libvirtd.conf.d
- libvirtd-guests.conf.d
- libvirt.tmpfiles.d)
-md5sums=('1835bbfa492099bce12e2934870e5611'
- '3ed0e24f5b5e25bf553f5427d64915e6'
- '0a96ed876ffb1fcb9dff5a9b3a609c1e'
- '020971887442ebbf1b6949e031c8dd3f')
-
-build() {
- cd "$srcdir/$pkgname-$pkgver"
-
- # python2 fix
- export PYTHON=`which python2`
- for file in $(find . -name '*.py' -print); do
- sed -i 's_#!.*/usr/bin/python_#!/usr/bin/python2_' $file
- sed -i 's_#!.*/usr/bin/env.*python_#!/usr/bin/env python2_' $file
- done
-
- export LDFLAGS=-lX11
- export RADVD=/usr/bin/radvd
- [ -f Makefile ] || ./configure --prefix=/usr --libexec=/usr/lib/"$pkgname" --sbindir=/usr/bin \
- --with-storage-lvm --without-xen --with-udev --without-hal --disable-static \
- --with-init-script=systemd --with-audit \
- --with-qemu-user=nobody --with-qemu-group=nobody \
- --without-netcf --with-interface
- make
-
- sed -i 's|/etc/sysconfig/|/etc/conf.d/|' daemon/libvirtd.service tools/libvirt-guests.service
- sed -i 's|@sbindir@|/usr/bin|g' src/virtlockd.service
- sed -i 's|#group =.*|group="kvm"|' src/qemu/qemu.conf
-}
-
-package() {
- cd "$srcdir/$pkgname-$pkgver"
-
- make DESTDIR="$pkgdir" install
-
- install -D -m644 "$srcdir"/libvirtd.conf.d "$pkgdir"/etc/conf.d/libvirtd
- install -D -m644 "$srcdir"/libvirtd-guests.conf.d "$pkgdir"/etc/conf.d/libvirt-guests
-
- # systemd stuff
- install -D -m644 "$srcdir"/libvirt.tmpfiles.d "$pkgdir"/usr/lib/tmpfiles.d/libvirt.conf
- mv "$pkgdir"/lib/* "$pkgdir"/usr/lib/
-
- rm -rf \
- "$pkgdir"/var/run \
- "$pkgdir"/etc/sysconfig \
- "$pkgdir"/etc/rc.d/init.d \
- "$pkgdir"/lib \
- "$pkgdir"/etc/sysctl.d
-}
Copied: libvirt/repos/community-x86_64/PKGBUILD (from rev 97607, libvirt/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2013-09-25 13:45:00 UTC (rev 97608)
@@ -0,0 +1,97 @@
+# $Id$
+# Maintainer: Sergej Pupykin <pupykin.s+arch at gmail.com>
+# Contributor: Jonathan Wiersma <archaur at jonw dot org>
+
+pkgname=libvirt
+pkgver=1.1.2
+pkgrel=2
+pkgdesc="API for controlling virtualization engines (openvz,kvm,qemu,virtualbox,xen,etc)"
+arch=('i686' 'x86_64')
+url="http://libvirt.org/"
+license=('LGPL')
+depends=('e2fsprogs' 'gnutls' 'iptables' 'libxml2' 'parted' 'polkit' 'python2'
+ 'avahi' 'yajl' 'libpciaccess' 'udev' 'dbus-core' 'libxau' 'libxdmcp' 'libpcap'
+ 'curl' 'libsasl' 'libgcrypt' 'libgpg-error' 'openssl' 'libxcb' 'gcc-libs'
+ 'iproute2' 'libnl' 'libx11' 'audit' 'numactl')
+makedepends=('pkgconfig' 'lvm2' 'linux-api-headers' 'dnsmasq')
+optdepends=('bridge-utils: for briged networking (default)'
+ 'dnsmasq: for NAT/DHCP for guests'
+ 'openbsd-netcat: for remote management over ssh'
+ 'qemu'
+ 'radvd'
+ 'dmidecode'
+ 'ebtables')
+options=('emptydirs' '!libtool')
+backup=('etc/conf.d/libvirtd'
+ 'etc/conf.d/libvirt-guests'
+ 'etc/libvirt/libvirtd.conf'
+ 'etc/libvirt/libvirt.conf'
+ 'etc/libvirt/qemu.conf'
+ 'etc/sasl2/libvirt.conf')
+install="libvirt.install"
+source=("http://libvirt.org/sources/$pkgname-$pkgver.tar.gz"
+ libvirtd.conf.d
+ libvirtd-guests.conf.d
+ libvirt.tmpfiles.d
+ 0001-Also-store-user-group-ID-values-in-virIdentity.patch
+ 0002-Ensure-system-identity-includes-process-start-time.patch
+ 0003-Add-support-for-using-3-arg-pkcheck-syntax-for-proce.patch)
+md5sums=('1835bbfa492099bce12e2934870e5611'
+ '3ed0e24f5b5e25bf553f5427d64915e6'
+ '0a96ed876ffb1fcb9dff5a9b3a609c1e'
+ '020971887442ebbf1b6949e031c8dd3f'
+ '60912fc049f0e8cf8d89c919ea619415'
+ 'a42387495f75dd918a6c25b36eb3b428'
+ '2dba51f17f37f59585852092e4c86e44')
+
+prepare() {
+ cd "$srcdir/$pkgname-$pkgver"
+ patch -p1 <$srcdir/0001-Also-store-user-group-ID-values-in-virIdentity.patch
+ patch -p1 <$srcdir/0002-Ensure-system-identity-includes-process-start-time.patch
+ patch -p1 <$srcdir/0003-Add-support-for-using-3-arg-pkcheck-syntax-for-proce.patch
+ autoreconf
+}
+
+build() {
+ cd "$srcdir/$pkgname-$pkgver"
+
+ # python2 fix
+ export PYTHON=`which python2`
+ for file in $(find . -name '*.py' -print); do
+ sed -i 's_#!.*/usr/bin/python_#!/usr/bin/python2_' $file
+ sed -i 's_#!.*/usr/bin/env.*python_#!/usr/bin/env python2_' $file
+ done
+
+ export LDFLAGS=-lX11
+ export RADVD=/usr/bin/radvd
+ [ -f Makefile ] || ./configure --prefix=/usr --libexec=/usr/lib/"$pkgname" --sbindir=/usr/bin \
+ --with-storage-lvm --without-xen --with-udev --without-hal --disable-static \
+ --with-init-script=systemd --with-audit \
+ --with-qemu-user=nobody --with-qemu-group=nobody \
+ --without-netcf --with-interface
+ make
+
+ sed -i 's|/etc/sysconfig/|/etc/conf.d/|' daemon/libvirtd.service tools/libvirt-guests.service
+ sed -i 's|@sbindir@|/usr/bin|g' src/virtlockd.service
+ sed -i 's|#group =.*|group="kvm"|' src/qemu/qemu.conf
+}
+
+package() {
+ cd "$srcdir/$pkgname-$pkgver"
+
+ make DESTDIR="$pkgdir" install
+
+ install -D -m644 "$srcdir"/libvirtd.conf.d "$pkgdir"/etc/conf.d/libvirtd
+ install -D -m644 "$srcdir"/libvirtd-guests.conf.d "$pkgdir"/etc/conf.d/libvirt-guests
+
+ # systemd stuff
+ install -D -m644 "$srcdir"/libvirt.tmpfiles.d "$pkgdir"/usr/lib/tmpfiles.d/libvirt.conf
+ mv "$pkgdir"/lib/* "$pkgdir"/usr/lib/
+
+ rm -rf \
+ "$pkgdir"/var/run \
+ "$pkgdir"/etc/sysconfig \
+ "$pkgdir"/etc/rc.d/init.d \
+ "$pkgdir"/lib \
+ "$pkgdir"/etc/sysctl.d
+}
Deleted: libvirt.install
===================================================================
--- libvirt.install 2013-09-25 13:41:26 UTC (rev 97607)
+++ libvirt.install 2013-09-25 13:45:00 UTC (rev 97608)
@@ -1,19 +0,0 @@
-_libvirt_setup() {
- systemd-tmpfiles --create libvirt.conf
-}
-
-post_install() {
- _libvirt_setup || return 1
- echo ">>> See https://wiki.archlinux.org/index.php/Libvirt for more info"
-}
-
-post_upgrade() {
- _libvirt_setup || return 1
- echo ">>> You may need to run 'rm -rf ~/.libvirt'"
- echo ">>> libvirt runs qemu from nobody:nobody by default"
- echo ">>> change it in /etc/libvirt/qemu.conf"
-}
-
-post_remove() {
- rm -f /usr/lib/python[0-9].[0-9]/site-packages/libvirt.pyc
-}
Copied: libvirt/repos/community-x86_64/libvirt.install (from rev 97607, libvirt/trunk/libvirt.install)
===================================================================
--- libvirt.install (rev 0)
+++ libvirt.install 2013-09-25 13:45:00 UTC (rev 97608)
@@ -0,0 +1,19 @@
+_libvirt_setup() {
+ systemd-tmpfiles --create libvirt.conf
+}
+
+post_install() {
+ _libvirt_setup || return 1
+ echo ">>> See https://wiki.archlinux.org/index.php/Libvirt for more info"
+}
+
+post_upgrade() {
+ _libvirt_setup || return 1
+ echo ">>> You may need to run 'rm -rf ~/.libvirt'"
+ echo ">>> libvirt runs qemu from nobody:nobody by default"
+ echo ">>> change it in /etc/libvirt/qemu.conf"
+}
+
+post_remove() {
+ rm -f /usr/lib/python[0-9].[0-9]/site-packages/libvirt.pyc
+}
Deleted: libvirt.tmpfiles.d
===================================================================
--- libvirt.tmpfiles.d 2013-09-25 13:41:26 UTC (rev 97607)
+++ libvirt.tmpfiles.d 2013-09-25 13:45:00 UTC (rev 97608)
@@ -1,4 +0,0 @@
-d /run/libvirt/qemu 0755 root root -
-d /run/libvirt/lxc 0755 root root -
-d /run/libvirt/uml 0755 root root -
-d /run/libvirt/network 0755 root root -
Copied: libvirt/repos/community-x86_64/libvirt.tmpfiles.d (from rev 97607, libvirt/trunk/libvirt.tmpfiles.d)
===================================================================
--- libvirt.tmpfiles.d (rev 0)
+++ libvirt.tmpfiles.d 2013-09-25 13:45:00 UTC (rev 97608)
@@ -0,0 +1,4 @@
+d /run/libvirt/qemu 0755 root root -
+d /run/libvirt/lxc 0755 root root -
+d /run/libvirt/uml 0755 root root -
+d /run/libvirt/network 0755 root root -
Deleted: libvirtd-guests.conf.d
===================================================================
--- libvirtd-guests.conf.d 2013-09-25 13:41:26 UTC (rev 97607)
+++ libvirtd-guests.conf.d 2013-09-25 13:45:00 UTC (rev 97608)
@@ -1,11 +0,0 @@
-LIBVIRTD_STOP_ACTION=suspend
-
-#LIBVIRTD_URI="-c qemu+ssh://user@host/system"
-LIBVIRTD_URI=""
-
-#LIBVIRTD_BYPASS_CACHE="--bypass-cache"
-LIBVIRTD_BYPASS_CACHE=""
-
-LIBVIRTD_START_DELAY=0
-
-LIBVIRTD_SHUTDOWN_TIMEOUT=60
Copied: libvirt/repos/community-x86_64/libvirtd-guests.conf.d (from rev 97607, libvirt/trunk/libvirtd-guests.conf.d)
===================================================================
--- libvirtd-guests.conf.d (rev 0)
+++ libvirtd-guests.conf.d 2013-09-25 13:45:00 UTC (rev 97608)
@@ -0,0 +1,11 @@
+LIBVIRTD_STOP_ACTION=suspend
+
+#LIBVIRTD_URI="-c qemu+ssh://user@host/system"
+LIBVIRTD_URI=""
+
+#LIBVIRTD_BYPASS_CACHE="--bypass-cache"
+LIBVIRTD_BYPASS_CACHE=""
+
+LIBVIRTD_START_DELAY=0
+
+LIBVIRTD_SHUTDOWN_TIMEOUT=60
Deleted: libvirtd.conf.d
===================================================================
--- libvirtd.conf.d 2013-09-25 13:41:26 UTC (rev 97607)
+++ libvirtd.conf.d 2013-09-25 13:45:00 UTC (rev 97608)
@@ -1,3 +0,0 @@
-LIBVIRTD_CONFIG="/etc/libvirt/libvirtd.conf"
-LIBVIRTD_ARGS="-p /var/run/libvirtd.pid"
-KRB5_KTNAME="/etc/libvirt/krb5.tab"
Copied: libvirt/repos/community-x86_64/libvirtd.conf.d (from rev 97607, libvirt/trunk/libvirtd.conf.d)
===================================================================
--- libvirtd.conf.d (rev 0)
+++ libvirtd.conf.d 2013-09-25 13:45:00 UTC (rev 97608)
@@ -0,0 +1,3 @@
+LIBVIRTD_CONFIG="/etc/libvirt/libvirtd.conf"
+LIBVIRTD_ARGS="-p /var/run/libvirtd.pid"
+KRB5_KTNAME="/etc/libvirt/krb5.tab"
More information about the arch-commits
mailing list