From patchwork Wed Sep 17 11:09:38 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 9109 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail01.haj.ipfire.org", Issuer "R13" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4cRbdh6W1fz3x5T for ; Wed, 17 Sep 2025 11:10:00 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [IPv6:2001:678:b28::201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail02.haj.ipfire.org", Issuer "E8" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4cRbdb3H5Gz48f for ; Wed, 17 Sep 2025 11:09:55 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4cRbdY294kz337H for ; Wed, 17 Sep 2025 11:09:53 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [IPv6:2001:678:b28::25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail01.haj.ipfire.org", Issuer "R13" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4cRbdR72xTz331L for ; Wed, 17 Sep 2025 11:09:47 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4cRbdQ6HfZz3wN; Wed, 17 Sep 2025 11:09:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1758107387; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=0qBvag9318j304lWTnj1ummc7+9f81uB3jilRTSXZVw=; b=LH0VwH07FH/hZX+FjLo7mR54rXtIwilJnf8w3LbFcL96e7iIwhOdz/IaoD6lBjWeL6uiFS oww4il98TjEht1qZXqkeIOj5xRHZ7TTX9CCYXHa/FsP0rurYwANZwYFAUb2EV3aiEkZCwW Il58oMu7EcyKdzlaAi7sPQsXtPNanrilh1/JZ5bBSTO1kAyVNur4TSW3ghY0XaxHzWL9xo nsydh/+cGrggJMOjzH7wFTTDfzN2OOQurjz1H9QQhdfFtCMb1QC07dCMCebkuGn+04rTPh T2BMWl4qIp43BEDliXRwn0LyGC+3fRvkQVgD96ghFN0HoNy7CgYsSMfIIhjMVg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1758107387; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=0qBvag9318j304lWTnj1ummc7+9f81uB3jilRTSXZVw=; b=SX/B4WNlxEqsPBLKDXT7AYJDQXjkxMvjJa160fng76+Kl8DmeNM2o5+/DOEPHZhveP80Hz TW7GoCmZ2b6QcgCA== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH] libvirt: Update to version 11.7.0 Date: Wed, 17 Sep 2025 13:09:38 +0200 Message-ID: <20250917110940.3378937-8-adolf.belka@ipfire.org> In-Reply-To: <20250917110940.3378937-1-adolf.belka@ipfire.org> References: <20250917110940.3378937-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 - Update from version 11.4.0 to 11.7.0 - Update of rootfile - Changelog 11.7.0 New features * Allow setting the log level of Cloud Hypervisor Users can now configure the verbosity of Cloud Hypervisor by setting the "log_level" option in ch.conf * bhyve: experimental NAT networking support The bhyve driver now has experimental NAT networking support using the Packet Filter (pf) firewall. * bhyve: domain statistics reporting The bhyve driver now supports querying domain block, interface, and memory statistics. Not all statistics fields are supported though. Improvements * bhyve: improve 'efi' configuration autofill When a domain is configured with ````, NVRAM configuration is now autofilled. 11.6.0 New features * Introduce VIR_CONNECT_BASELINE_CPU_IGNORE_HOST flag This new flag for virConnectBaselineHypervisorCPU can be used for computing a baseline CPU on any host. Without the VIR_CONNECT_BASELINE_CPU_IGNORE_HOST flag the baseline API would return reasonable output only when run on one of the hosts that the input CPU definitions were collected from. * Allow control over QEMU TLS priority strings The qemu.conf file now has multiple settings allowing control over the QEMU TLS priority strings, for the different subsystems in QEMU that can support TLS. This can be used to workaround a current bug in GNUTLS that is liable to cause crashes of the source QEMU when performing long running live migration operations with TLS enabled. * Add support for disabling deprecated CPU model features by default for s390 domains. Starting an s390 domain with host-model will now default to setting the ``deprecated_features`` attribute to ``off``, ensuring the domain starts with a migration-compatible CPU model to newer systems. This behavior can be modified by setting the ``default_cpu_deprecated_features`` option in the qemu.conf file. * bhyve: Add TCP console support TCP serial devices can now be configured with ````:: Additionally, number of supported consoles increased to 4. * qemu: Add support for RBD namespaces Allow specifying the 'namespace' within a RBD image pool. Improvements * qemu: Change default SCSI controller model to ``virtio-scsi`` for ARM and RISC-V The previous default of ``lsilogic`` is unsupported by modern operating systems. ``virtio-scsi`` is a more suitable default for ARM and RISC-V ``virt`` machine types. * Clarify documentation of virConnectBaselineHypervisorCPU The documentation makes it clear virConnectBaselineHypervisorCPU is supposed to be called on one of the hosts represented in the input CPU definitions. Otherwise the API will give unexpected results. * Allow specifying zero discard granularity for block devices This can be used to tell some guest operating systems (notably Windows) to not trim the disk. * bhyve: Add timeout handling for bhyveload It is now possible to run ``bhyveload`` with the ``timeout`` tool, which can send ``SIGTERM`` and ``SIGKILL`` signals when timeout is reached. Timeout values are set using the ``bhyveload_timeout`` and ``bhyveload_timeout_kill`` configuration options in ``bhyve.conf``. * nss: Improve debugging Debugging messages from NSS modules can be now enabled by setting the ``LIBVIRT_NSS_DEBUG`` environment variable. So far, there is no special meaning to its value. * rpc: Removed requirement for TLS certificates to support 'key encipherment' With TLS 1.3, key encipherment is not required even for RSA keys. Other key types didn't even support it so they were wrongly refused even in cases when they would work with libvirt. The TLS certificate validation now no longer requires 'key encipherment' to be enabled. Bug fixes * bhyve: Fix resetting of the autostart flag of the domain on destroy. * The nwfilter driver no longer recreates the base iptable/ip6tables chains The nwfilter driver had a impl mistake causing it to recreate the base chains for iptables/ip6tables every time a VM was started. This allowed a small window where traffic might not be fully filtered. It now handles iptables/ip6tables the same way as ebtables, creating the base chains only if they did not already exist. * Fix systemd unit ordering for auto-shutdown of domains via the daemon The ordering of systemd units created by libvirt for individual machines needed to be adapted when the shutdown of VMs on host shutdown is done via the virt daemon itself (rather than ``libvirt-guests.service``) to ensure that the VMs are not terminated before the virt daemon can deal with them. 11.5.0 Removed features * qemu: Don't accept VIR_DUMP_LIVE flag in virDomainCoreDumpWithFormat() Unfortunately, QEMU always pauses vCPUs when doing a core dump. Therefore, there is no way for Libvirt to honor VIR_DUMP_LIVE flag semantics. Instead of silently pretending the flag works, an appropriate error is now reported. New features * vmx: Add support for reporting NVMe disks in the domain XML * qemu: Add support for NVMe disks NVMe disks can now be emulated by using an ``nvme`` bus, but require a serial due to the hypervisor:: qwertyuiop Multiple disks can be represented as different namespaces on the same controller, but they cannot have a different serial number due to the fact that it is the controller which ultimately has the serial number attached to it, but for ease of use it is automatically copied from the disk serial. * esx: Add support for specifying alternative CA bundle for remote peer verification. Users can now use ``cacert`` parameter in the URI to specify a file path with CA certificate(s) that will be used for remote peer certificate validation. * qemu: add support for AMD IOMMU device The ``amd`` model for the ```` device is now supported. New attributes ``passtrhough`` and ``xtsup`` are also supported for this model. Improvements * Include supported console types in domain capabilities Domain capabilities now include information about supported console types, such as:: pty tcp * virsh: Add waiting for domain state via ``virsh await`` The new helper command ``virsh await`` simplifies waiting on domain state which is normally announced via events. Currently two waiting conditions are implemented: ``domain-inactive``, and ``guest-agent-available``. Bug fixes * qemu: Be more forgiving when acquiring QUERY job when formatting domain XML Since ``libvirt-11.0.0`` the ``virDomainGetXMLDesc()`` API used to format domain XML acquires QUERY job. But this caused a regression when the API might timeout for incoming migration. This is now fixed. * qemu: Fix shared filesystem detection on nonexistent paths Since ``libvirt-11.1.0`` nonexistent paths within directories marked as shared filesystem (via the ``shared_filesystems`` option in ``qemu.conf`` would not be properly detected as being on a shared filesystem. * qemu: Properly emulate USB cdrom device CD-ROM devices on USB bus are now properly emulated as such which was not the case since libvirt switched to the modern qemu commandline syntax for storage backends. Signed-off-by: Adolf Belka --- config/rootfiles/packages/libvirt | 13 ++++-- lfs/libvirt | 66 +++++++++++++++---------------- 2 files changed, 41 insertions(+), 38 deletions(-) diff --git a/config/rootfiles/packages/libvirt b/config/rootfiles/packages/libvirt index d265125b0..718debf7e 100644 --- a/config/rootfiles/packages/libvirt +++ b/config/rootfiles/packages/libvirt @@ -1,4 +1,5 @@ #etc/libvirt +etc/libvirt/ch.conf etc/libvirt/libvirt-admin.conf etc/libvirt/libvirt.conf etc/libvirt/libvirtd.conf @@ -87,16 +88,16 @@ usr/bin/virt-xml-validate #usr/lib/libvirt #usr/lib/libvirt-admin.so usr/lib/libvirt-admin.so.0 -usr/lib/libvirt-admin.so.0.11004.0 +usr/lib/libvirt-admin.so.0.11007.0 #usr/lib/libvirt-lxc.so usr/lib/libvirt-lxc.so.0 -usr/lib/libvirt-lxc.so.0.11004.0 +usr/lib/libvirt-lxc.so.0.11007.0 #usr/lib/libvirt-qemu.so usr/lib/libvirt-qemu.so.0 -usr/lib/libvirt-qemu.so.0.11004.0 +usr/lib/libvirt-qemu.so.0.11007.0 #usr/lib/libvirt.so usr/lib/libvirt.so.0 -usr/lib/libvirt.so.0.11004.0 +usr/lib/libvirt.so.0.11007.0 #usr/lib/libvirt/connection-driver usr/lib/libvirt/connection-driver/libvirt_driver_ch.so usr/lib/libvirt/connection-driver/libvirt_driver_interface.so @@ -141,10 +142,12 @@ usr/sbin/virtstoraged #usr/share/augeas/lenses #usr/share/augeas/lenses/libvirt_lockd.aug #usr/share/augeas/lenses/libvirtd.aug +#usr/share/augeas/lenses/libvirtd_ch.aug #usr/share/augeas/lenses/libvirtd_qemu.aug #usr/share/augeas/lenses/tests #usr/share/augeas/lenses/tests/test_libvirt_lockd.aug #usr/share/augeas/lenses/tests/test_libvirtd.aug +#usr/share/augeas/lenses/tests/test_libvirtd_ch.aug #usr/share/augeas/lenses/tests/test_libvirtd_qemu.aug #usr/share/augeas/lenses/tests/test_virtchd.aug #usr/share/augeas/lenses/tests/test_virtinterfaced.aug @@ -426,6 +429,8 @@ usr/share/libvirt/schemas/storagecommon.rng usr/share/libvirt/schemas/storagepool.rng usr/share/libvirt/schemas/storagepoolcaps.rng usr/share/libvirt/schemas/storagevol.rng +#usr/share/libvirt/schemas/sysinfo.rng +#usr/share/libvirt/schemas/sysinfocommon.rng #usr/share/libvirt/test-screenshot.png #usr/share/locale/as/LC_MESSAGES/libvirt.mo #usr/share/locale/bg/LC_MESSAGES/libvirt.mo diff --git a/lfs/libvirt b/lfs/libvirt index dc8e0aa99..90e5a4696 100644 --- a/lfs/libvirt +++ b/lfs/libvirt @@ -26,7 +26,7 @@ include Config SUMMARY = Server side daemon and supporting files for libvirt -VER = 11.4.0 +VER = 11.7.0 THISAPP = libvirt-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -35,7 +35,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) SUP_ARCH = x86_64 aarch64 PROG = libvirt -PAK_VER = 41 +PAK_VER = 42 DEPS = ebtables libpciaccess ovmf swtpm qemu @@ -49,7 +49,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 54d2b9cb35394184d2ce22670623849ecfb54abd1c8e48135ec735ed6b30fa9fa22261cf847a66269a0f3918f164954fcc0a5d7eec1e0d759831925f3ac6b546 +$(DL_FILE)_BLAKE2 = 44b4c2a2c498d351762cf2bcbd26460dbe663e08e3f2a1b6e73fefbcb4bbc4e77f4b0d47ad771ec7b3854a9b2ebdbf08162590d20bd080f276a8042148ca5f07 install : $(TARGET) check : $(patsubst %,$(DIR_CHK)/%,$(objects)) @@ -81,39 +81,37 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar Jxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/libvirt/0001-Change-default-behavior-of-libvirt-guests.sh-for-IPF.patch - cd $(DIR_APP) && meson \ - --prefix=/usr \ - --localstatedir=/var \ - --sysconfdir=/etc \ - -D docs=disabled \ - -D sasl=disabled \ - -D driver_vbox=disabled \ - -D driver_lxc=disabled \ - -D driver_esx=disabled \ - -D driver_vmware=disabled \ - -D driver_openvz=disabled \ - -D firewalld=disabled \ - -D driver_network=disabled \ - -D driver_interface=enabled \ - -D wireshark_dissector=disabled \ - -D nls=disabled \ - -D tests=disabled \ - -D qemu_user=nobody \ - -D qemu_group=kvm \ - -D storage_dir=enabled \ - -D storage_fs=enabled \ - -D storage_lvm=enabled \ - -D storage_iscsi=disabled \ - -D storage_scsi=disabled \ - -D storage_mpath=disabled \ - -D storage_disk=disabled \ - -D storage_rbd=disabled \ - -D storage_gluster=disabled \ - -D storage_zfs=disabled \ - builddir/ + --prefix=/usr \ + --localstatedir=/var \ + --sysconfdir=/etc \ + -D docs=disabled \ + -D sasl=disabled \ + -D driver_vbox=disabled \ + -D driver_lxc=disabled \ + -D driver_esx=disabled \ + -D driver_vmware=disabled \ + -D driver_openvz=disabled \ + -D firewalld=disabled \ + -D driver_network=disabled \ + -D driver_interface=enabled \ + -D wireshark_dissector=disabled \ + -D nls=disabled \ + -D tests=disabled \ + -D qemu_user=nobody \ + -D qemu_group=kvm \ + -D storage_dir=enabled \ + -D storage_fs=enabled \ + -D storage_lvm=enabled \ + -D storage_iscsi=disabled \ + -D storage_scsi=disabled \ + -D storage_mpath=disabled \ + -D storage_disk=disabled \ + -D storage_rbd=disabled \ + -D storage_gluster=disabled \ + -D storage_zfs=disabled \ + builddir/ cd $(DIR_APP) && ninja -C builddir/ $(MAKETUNING) $(EXTRA_MAKE) cd $(DIR_APP) && ninja -C builddir/ install