* Thu Jul 30 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.0-0.8.gite195b43

- Add patch from upstream to fix qemu pidfile perms problem

.cvsignore

@@ -10,3 +10,4 @@ libvirt-0.6.3.tar.gz
 libvirt-0.6.4.tar.gz
 libvirt-0.6.5.tar.gz
 libvirt-0.7.0-0.1.gitf055724.tar.gz
+libvirt-0.7.0-0.6.gite195b43.tar.gz

libvirt-fix-permissions-problem-starting-qemu.patch

@@ -0,0 +1,71 @@
+From: "Daniel P. Berrange" <berrange@redhat.com>
+Subject: PATCH: Fix permissions problem starting QEMU
+
+There is a minor bug when running QEMU non-root, and having
+capng enabled. libvirt is unable to write the PID file in
+/var/run/libvirt/qemu, since its now owned by 'qemu', but
+libvirtd has dropped all capabilties at this point. The fix
+is to delay dropping capabilities until after the PID file
+has been created. We should also be sure to kill the child
+if writing the PID file fails
+
+* src/util.c: Don't drop capabilities until after the PID file has
+  been written. Kill off child if writing the PID file fails
+
+* src/qemu_driver.c: Remove bogus trailing '/' in state dir
+
+diff --git a/src/qemu_driver.c b/src/qemu_driver.c
+index 9fb8506..26897d3 100644
+--- a/src/qemu_driver.c
++++ b/src/qemu_driver.c
+@@ -468,7 +468,7 @@ qemudStartup(int privileged) {
+             goto out_of_memory;
+ 
+         if (virAsprintf(&qemu_driver->stateDir,
+-                      "%s/run/libvirt/qemu/", LOCAL_STATE_DIR) == -1)
++                      "%s/run/libvirt/qemu", LOCAL_STATE_DIR) == -1)
+             goto out_of_memory;
+     } else {
+         uid_t uid = geteuid();
+diff --git a/src/util.c b/src/util.c
+index ee64b28..39aae24 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -513,12 +513,6 @@ __virExec(virConnectPtr conn,
+         if ((hook)(data) != 0)
+             _exit(1);
+ 
+-    /* The hook above may need todo something privileged, so
+-     * we delay clearing capabilities until now */
+-    if ((flags & VIR_EXEC_CLEAR_CAPS) &&
+-        virClearCapabilities() < 0)
+-        _exit(1);
+-
+     /* Daemonize as late as possible, so the parent process can detect
+      * the above errors with wait* */
+     if (flags & VIR_EXEC_DAEMON) {
+@@ -543,6 +537,9 @@ __virExec(virConnectPtr conn,
+ 
+         if (pid > 0) {
+             if (pidfile && virFileWritePidPath(pidfile,pid)) {
++                kill(pid, SIGTERM);
++                usleep(500*1000);
++                kill(pid, SIGTERM);
+                 virReportSystemError(conn, errno,
+                                      "%s", _("could not write pidfile"));
+                 _exit(1);
+@@ -551,6 +548,12 @@ __virExec(virConnectPtr conn,
+         }
+     }
+ 
++    /* The steps above may need todo something privileged, so
++     * we delay clearing capabilities until the last minute */
++    if ((flags & VIR_EXEC_CLEAR_CAPS) &&
++        virClearCapabilities() < 0)
++        _exit(1);
++
+     if (envp)
+         execve(argv[0], (char **) argv, (char**)envp);
+     else
+
+

libvirt.spec

@@ -8,21 +8,24 @@
 %define with_vbox          0%{!?_without_vbox:1}
 %define with_sasl          0%{!?_without_sasl:1}
 %define with_avahi         0%{!?_without_avahi:1}
-%define with_polkit        0%{!?_without_polkit:1}
 %define with_python        0%{!?_without_python:1}
 %define with_libvirtd      0%{!?_without_libvirtd:1}
 %define with_uml           0%{!?_without_uml:1}
 %define with_one           0%{!?_without_one:1}
-# default to off
-%define with_phyp          0%{!?_without_phyp:0}
 %define with_network       0%{!?_without_network:1}
 %define with_storage_fs    0%{!?_without_storage_fs:1}
 %define with_storage_lvm   0%{!?_without_storage_lvm:1}
 %define with_storage_iscsi 0%{!?_without_storage_iscsi:1}
 %define with_storage_disk  0%{!?_without_storage_disk:1}
 %define with_numactl       0%{!?_without_numactl:1}
-# default to off
+
+# default to off - selectively enabled below
+%define with_polkit        0%{!?_without_polkit:0}
 %define with_capng         0%{!?_without_capng:0}
+%define with_netcf         0%{!?_without_netcf:0}
+
+# default to off
+%define with_phyp          0%{!?_without_phyp:0}
 
 # Xen is available only on i386 x86_64 ia64
 %ifnarch i386 i586 i686 x86_64 ia64
@@ -48,6 +51,10 @@
 %define with_capng     0%{!?_without_capng:1}
 %endif
 
+%if 0%{?fedora} >= 12
+%define with_netcf     0%{!?_without_netcf:1}
+%endif
+
 %if 0%{?fedora} >= 12
 %define qemu_user  qemu
 %define qemu_group  qemu
@@ -58,7 +65,6 @@
 
 #
 # If building on RHEL switch on the specific support
-# for the specific Xen version
 #
 %if 0%{?fedora}
 %define with_rhel5  0
@@ -72,10 +78,13 @@
 Summary: Library providing a simple API virtualization
 Name: libvirt
 Version: 0.7.0
-Release: 0.1.gitf055724%{?dist}%{?extra_release}
+Release: 0.8.gite195b43%{?dist}%{?extra_release}
 License: LGPLv2+
 Group: Development/Libraries
-Source: libvirt-0.7.0-0.1.gitf055724.tar.gz
+Source: libvirt-0.7.0-0.6.gite195b43.tar.gz
+
+# Should be in 0.7.0
+Patch01: libvirt-fix-permissions-problem-starting-qemu.patch
 
 # Temporary hack till PulseAudio autostart problems are sorted
 # out when SELinux enforcing (bz 486112)
@@ -83,27 +92,16 @@ Patch200: libvirt-0.6.4-svirt-sound.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 URL: http://libvirt.org/
+BuildRequires: python-devel
 
 # The client side, i.e. shared libs and virsh are in a subpackage
 Requires: libvirt-client = %{version}-%{release}
 
-BuildRequires: python python-devel
-Requires: readline
-Requires: ncurses
 Requires: dnsmasq
 Requires: bridge-utils
 Requires: iptables
 # needed for device enumeration
 Requires: hal
-# So remote clients can access libvirt over SSH tunnel
-# (client invokes 'nc' against the UNIX socket on the server)
-Requires: nc
-%if %{with_sasl}
-Requires: cyrus-sasl
-# Not technically required, but makes 'out-of-box' config
-# work correctly & doesn't have onerous dependencies
-Requires: cyrus-sasl-md5
-%endif
 %if %{with_polkit}
 Requires: PolicyKit >= 0.6
 %endif
@@ -114,7 +112,7 @@ BuildRequires: util-linux
 BuildRequires: nfs-utils
 Requires: nfs-utils
 # For glusterfs
-Requires: glusterfs-client >= 2.0.2
+Requires: glusterfs-client >= 2.0.1
 %endif
 %if %{with_qemu}
 # From QEMU RPMs
@@ -137,8 +135,6 @@ Requires: iscsi-initiator-utils
 # For disk driver
 Requires: parted
 %endif
-# For svirt support
-Requires: libselinux
 %if %{with_xen}
 BuildRequires: xen-devel
 %endif
@@ -199,6 +195,9 @@ BuildRequires: libcap-ng-devel >= 0.5.0
 %if %{with_phyp}
 BuildRequires: libssh-devel >= 0.3.1
 %endif
+%if %{with_netcf}
+BuildRequires: netcf-devel
+%endif
 
 # Fedora build root suckage
 BuildRequires: gawk
@@ -209,9 +208,8 @@ of recent versions of Linux (and other OSes). The main package includes
 the libvirtd server exporting the virtualization support.
 
 %package client
-Summary: client side library and utilities of the libvirt library
+Summary: Client side library and utilities of the libvirt library
 Group: Development/Libraries
-Requires: libxml2
 Requires: readline
 Requires: ncurses
 # So remote clients can access libvirt over SSH tunnel
@@ -228,7 +226,6 @@ Requires: cyrus-sasl-md5
 Shared libraries and client binaries needed to access to the
 virtualization capabilities of recent versions of Linux (and other OSes).
 
-
 %package devel
 Summary: Libraries, includes, etc. to compile with the libvirt library
 Group: Development/Libraries
@@ -258,10 +255,9 @@ of recent versions of Linux (and other OSes).
 %prep
 %setup -q
 
-%patch200 -p0
+%patch01 -p1
 
-mv NEWS NEWS.old
-iconv -f ISO-8859-1 -t UTF-8 < NEWS.old > NEWS
+%patch200 -p0
 
 %build
 %if ! %{with_xen}
@@ -344,6 +340,14 @@ iconv -f ISO-8859-1 -t UTF-8 < NEWS.old > NEWS
 %define _without_numactl --without-numactl
 %endif
 
+%if ! %{with_capng}
+%define _without_capng --without-capng
+%endif
+
+%if ! %{with_netcf}
+%define _without_netcf --without-netcf
+%endif
+
 %configure %{?_without_xen} \
            %{?_without_qemu} \
            %{?_without_openvz} \
@@ -364,32 +368,27 @@ iconv -f ISO-8859-1 -t UTF-8 < NEWS.old > NEWS
            %{?_without_storage_iscsi} \
            %{?_without_storage_disk} \
            %{?_without_numactl} \
+           %{?_without_capng} \
+           %{?_without_netcf} \
+           --with-qemu-user=%{qemu_user} \
+           --with-qemu-group=%{qemu_group} \
            --with-init-script=redhat \
            --with-remote-pid-file=%{_localstatedir}/run/libvirtd.pid
 make %{?_smp_mflags}
 gzip -9 ChangeLog
 
 %install
-rm -rf %{buildroot}
+rm -fr %{buildroot}
 
 %makeinstall
 (cd docs/examples ; make clean ; rm -rf .deps Makefile Makefile.in)
 (cd docs/examples/python ; rm -rf .deps Makefile Makefile.in)
 (cd examples/hellolibvirt ; make clean ; rm -rf .deps .libs Makefile Makefile.in)
 (cd examples/domain-events/events-c ;  make clean ;rm -rf .deps .libs Makefile Makefile.in)
-(cd python/tests ; rm -f *.py?)
-
 rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
 rm -f $RPM_BUILD_ROOT%{_libdir}/*.a
 rm -f $RPM_BUILD_ROOT%{_libdir}/python*/site-packages/*.la
 rm -f $RPM_BUILD_ROOT%{_libdir}/python*/site-packages/*.a
-install -d -m 0755 $RPM_BUILD_ROOT%{_localstatedir}/run/libvirt/
-# Default dir for disk images defined in SELinux policy
-install -d -m 0755 $RPM_BUILD_ROOT%{_localstatedir}/lib/libvirt/images/
-# Default dir for kernel+initrd images defined in SELinux policy
-install -d -m 0755 $RPM_BUILD_ROOT%{_localstatedir}/lib/libvirt/boot/
-# used for virDomainMemoryPeek
-install -d -m 0700 $RPM_BUILD_ROOT%{_localstatedir}/cache/libvirt/
 
 %if %{with_qemu}
 # We don't want to install /etc/libvirt/qemu/networks in the main %files list
@@ -425,8 +424,19 @@ chmod 0644 $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/libvirtd
 %clean
 rm -fr %{buildroot}
 
+%pre
+%if 0%{?fedora} >= 12
+# Normally 'setup' adds this in /etc/passwd, but this is
+# here for case of upgrades from earlier Fedora. This
+# UID/GID pair is reserved for qemu:qemu
+getent group kvm >/dev/null || groupadd -g 36 -r kvm
+getent group qemu >/dev/null || groupadd -g 107 -r qemu
+getent passwd qemu >/dev/null || \
+  useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
+    -c "qemu user" qemu
+%endif
+
 %post
-/sbin/ldconfig
 
 %if %{with_libvirtd}
 %if %{with_qemu}
@@ -455,7 +465,9 @@ if [ $1 = 0 ]; then
 fi
 %endif
 
-%postun -p /sbin/ldconfig
+%post client -p /sbin/ldconfig
+
+%postun client -p /sbin/ldconfig
 
 %files
 %defattr(-, root, root)
@@ -494,8 +506,9 @@ fi
 %dir %attr(0700, root, root) %{_localstatedir}/cache/libvirt/
 
 %if %{with_qemu}
-%dir %{_localstatedir}/run/libvirt/qemu/
-%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/qemu/
+%dir %attr(0700, %{qemu_user}, %{qemu_group}) %{_localstatedir}/run/libvirt/qemu/
+%dir %attr(0700, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/
+%dir %attr(0700, %{qemu_user}, %{qemu_group}) %{_localstatedir}/cache/libvirt/qemu/
 %endif
 %if %{with_lxc}
 %dir %{_localstatedir}/run/libvirt/lxc/
@@ -579,7 +592,7 @@ fi
 %dir %{_includedir}/libvirt
 %{_includedir}/libvirt/*.h
 %{_libdir}/pkgconfig/libvirt.pc
-%dir %{_datadir}/gtk-doc/html/libvirt
+%dir %{_datadir}/gtk-doc/html/libvirt/
 %doc %{_datadir}/gtk-doc/html/libvirt/*.devhelp
 %doc %{_datadir}/gtk-doc/html/libvirt/*.html
 %doc %{_datadir}/gtk-doc/html/libvirt/*.png
@@ -601,11 +614,43 @@ fi
 %doc python/TODO
 %doc python/libvirtclass.txt
 %doc docs/examples/python
-# %dir %{_datadir}/doc/libvirt-%{version}-%{release}/examples
-# %{_datadir}/doc/libvirt-%{version}-%{release}/examples/*.py
 %endif
 
 %changelog
+* Thu Jul 30 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.0-0.8.gite195b43
+- Add patch from upstream to fix qemu pidfile perms problem
+
+* Thu Jul 30 2009 Daniel P. Berrange <berrange@redhat.com> - 0.7.0-0.7.gite195b43
+- Create qemu/kvm user & group to fix upgrades
+
+* Wed Jul 29 2009 Daniel Veillard <veillard@redhat.com> - 0.7.0-0.6.gite195b43
+- another prerelease with qemu, uml and remote patches
+- drop the news patch as it's now UTF8 upstream
+
+* Wed Jul 29 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.0-0.5.gitf055724
+- Move ldconfig call to libvirt-client %post/%postun
+- Fix rpmlint warning about libvirt-client summary
+- Fix disabling polkit and netcf on older fedoras
+
+* Wed Jul 29 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.0-0.4.gitf055724
+- Drop explicit libselinux requires, it is autorequired
+- Drop cleanup of python/tests, apparently not needed
+- Cherry-pick upstream patch to convert NEWS to UTF-8, drop iconv
+- Drop python BR; python-devel requires it
+
+* Tue Jul 28 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.0-0.3.gitf055724
+- Enable netcf support
+- Pass --with-qemu-user=qemu etc. to configure
+- Move various requires to the libvirt-client sub-package
+- Sync some trivial cleanups from upstream spec file
+- Remove explicit libxml2 requires, again
+- Build with --without-capng if capng support is disabled
+- Remove explicit dir creating in makeinstall, replaced by attr in files
+- Set perms on /var/{run,lib,cache}/libvirt/qemu
+
+* Tue Jul 28 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.0-0.2.gitf055724
+- Drop glusterfs dep to 2.0.1 (bug #514191)
+
 * Mon Jul 27 2009 Daniel Veillard <veillard@redhat.com> - 0.7.0-0.1.gitf055724
 - prerelease of 0.7.0
 

sources

@@ -1 +1 @@
-7c8008af99963682cb38666d2f1661ba  libvirt-0.7.0-0.1.gitf055724.tar.gz
+30d52d580ad19473e80831ab1c222347  libvirt-0.7.0-0.6.gite195b43.tar.gz