* Thu Jul 30 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.0-0.8.gite195b43

- Add patch from upstream to fix qemu pidfile perms problem

.cvsignore

@@ -10,3 +10,4 @@ libvirt-0.6.3.tar.gz
 libvirt-0.6.4.tar.gz
 libvirt-0.6.5.tar.gz
 libvirt-0.7.0-0.1.gitf055724.tar.gz
+libvirt-0.7.0-0.6.gite195b43.tar.gz

libvirt-fix-permissions-problem-starting-qemu.patch

@@ -0,0 +1,71 @@
+From: "Daniel P. Berrange" <berrange@redhat.com>
+Subject: PATCH: Fix permissions problem starting QEMU
+
+There is a minor bug when running QEMU non-root, and having
+capng enabled. libvirt is unable to write the PID file in
+/var/run/libvirt/qemu, since its now owned by 'qemu', but
+libvirtd has dropped all capabilties at this point. The fix
+is to delay dropping capabilities until after the PID file
+has been created. We should also be sure to kill the child
+if writing the PID file fails
+
+* src/util.c: Don't drop capabilities until after the PID file has
+  been written. Kill off child if writing the PID file fails
+
+* src/qemu_driver.c: Remove bogus trailing '/' in state dir
+
+diff --git a/src/qemu_driver.c b/src/qemu_driver.c
+index 9fb8506..26897d3 100644
+--- a/src/qemu_driver.c
++++ b/src/qemu_driver.c
+@@ -468,7 +468,7 @@ qemudStartup(int privileged) {
+             goto out_of_memory;
+ 
+         if (virAsprintf(&qemu_driver->stateDir,
+-                      "%s/run/libvirt/qemu/", LOCAL_STATE_DIR) == -1)
++                      "%s/run/libvirt/qemu", LOCAL_STATE_DIR) == -1)
+             goto out_of_memory;
+     } else {
+         uid_t uid = geteuid();
+diff --git a/src/util.c b/src/util.c
+index ee64b28..39aae24 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -513,12 +513,6 @@ __virExec(virConnectPtr conn,
+         if ((hook)(data) != 0)
+             _exit(1);
+ 
+-    /* The hook above may need todo something privileged, so
+-     * we delay clearing capabilities until now */
+-    if ((flags & VIR_EXEC_CLEAR_CAPS) &&
+-        virClearCapabilities() < 0)
+-        _exit(1);
+-
+     /* Daemonize as late as possible, so the parent process can detect
+      * the above errors with wait* */
+     if (flags & VIR_EXEC_DAEMON) {
+@@ -543,6 +537,9 @@ __virExec(virConnectPtr conn,
+ 
+         if (pid > 0) {
+             if (pidfile && virFileWritePidPath(pidfile,pid)) {
++                kill(pid, SIGTERM);
++                usleep(500*1000);
++                kill(pid, SIGTERM);
+                 virReportSystemError(conn, errno,
+                                      "%s", _("could not write pidfile"));
+                 _exit(1);
+@@ -551,6 +548,12 @@ __virExec(virConnectPtr conn,
+         }
+     }
+ 
++    /* The steps above may need todo something privileged, so
++     * we delay clearing capabilities until the last minute */
++    if ((flags & VIR_EXEC_CLEAR_CAPS) &&
++        virClearCapabilities() < 0)
++        _exit(1);
++
+     if (envp)
+         execve(argv[0], (char **) argv, (char**)envp);
+     else
+
+

libvirt.spec

@@ -8,22 +8,24 @@
 %define with_vbox          0%{!?_without_vbox:1}
 %define with_sasl          0%{!?_without_sasl:1}
 %define with_avahi         0%{!?_without_avahi:1}
-%define with_polkit        0%{!?_without_polkit:1}
 %define with_python        0%{!?_without_python:1}
 %define with_libvirtd      0%{!?_without_libvirtd:1}
 %define with_uml           0%{!?_without_uml:1}
 %define with_one           0%{!?_without_one:1}
-# default to off
-%define with_phyp          0%{!?_without_phyp:0}
 %define with_network       0%{!?_without_network:1}
 %define with_storage_fs    0%{!?_without_storage_fs:1}
 %define with_storage_lvm   0%{!?_without_storage_lvm:1}
 %define with_storage_iscsi 0%{!?_without_storage_iscsi:1}
 %define with_storage_disk  0%{!?_without_storage_disk:1}
 %define with_numactl       0%{!?_without_numactl:1}
-# default to off
+
+# default to off - selectively enabled below
+%define with_polkit        0%{!?_without_polkit:0}
 %define with_capng         0%{!?_without_capng:0}
-%define with_netcf         0%{!?_without_netcf:1}
+%define with_netcf         0%{!?_without_netcf:0}
+
+# default to off
+%define with_phyp          0%{!?_without_phyp:0}
 
 # Xen is available only on i386 x86_64 ia64
 %ifnarch i386 i586 i686 x86_64 ia64
@@ -76,10 +78,13 @@
 Summary: Library providing a simple API virtualization
 Name: libvirt
 Version: 0.7.0
-Release: 0.3.gitf055724%{?dist}%{?extra_release}
+Release: 0.8.gite195b43%{?dist}%{?extra_release}
 License: LGPLv2+
 Group: Development/Libraries
-Source: libvirt-0.7.0-0.1.gitf055724.tar.gz
+Source: libvirt-0.7.0-0.6.gite195b43.tar.gz
+
+# Should be in 0.7.0
+Patch01: libvirt-fix-permissions-problem-starting-qemu.patch
 
 # Temporary hack till PulseAudio autostart problems are sorted
 # out when SELinux enforcing (bz 486112)
@@ -87,7 +92,7 @@ Patch200: libvirt-0.6.4-svirt-sound.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 URL: http://libvirt.org/
-BuildRequires: python python-devel
+BuildRequires: python-devel
 
 # The client side, i.e. shared libs and virsh are in a subpackage
 Requires: libvirt-client = %{version}-%{release}
@@ -130,8 +135,6 @@ Requires: iscsi-initiator-utils
 # For disk driver
 Requires: parted
 %endif
-# For svirt support
-Requires: libselinux
 %if %{with_xen}
 BuildRequires: xen-devel
 %endif
@@ -205,7 +208,7 @@ of recent versions of Linux (and other OSes). The main package includes
 the libvirtd server exporting the virtualization support.
 
 %package client
-Summary: client side library and utilities of the libvirt library
+Summary: Client side library and utilities of the libvirt library
 Group: Development/Libraries
 Requires: readline
 Requires: ncurses
@@ -252,10 +255,9 @@ of recent versions of Linux (and other OSes).
 %prep
 %setup -q
 
-%patch200 -p0
+%patch01 -p1
 
-mv NEWS NEWS.old
-iconv -f ISO-8859-1 -t UTF-8 < NEWS.old > NEWS
+%patch200 -p0
 
 %build
 %if ! %{with_xen}
@@ -383,8 +385,6 @@ rm -fr %{buildroot}
 (cd docs/examples/python ; rm -rf .deps Makefile Makefile.in)
 (cd examples/hellolibvirt ; make clean ; rm -rf .deps .libs Makefile Makefile.in)
 (cd examples/domain-events/events-c ;  make clean ;rm -rf .deps .libs Makefile Makefile.in)
-(cd python/tests ; rm -f *.py?)
-
 rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
 rm -f $RPM_BUILD_ROOT%{_libdir}/*.a
 rm -f $RPM_BUILD_ROOT%{_libdir}/python*/site-packages/*.la
@@ -424,8 +424,19 @@ chmod 0644 $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/libvirtd
 %clean
 rm -fr %{buildroot}
 
+%pre
+%if 0%{?fedora} >= 12
+# Normally 'setup' adds this in /etc/passwd, but this is
+# here for case of upgrades from earlier Fedora. This
+# UID/GID pair is reserved for qemu:qemu
+getent group kvm >/dev/null || groupadd -g 36 -r kvm
+getent group qemu >/dev/null || groupadd -g 107 -r qemu
+getent passwd qemu >/dev/null || \
+  useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
+    -c "qemu user" qemu
+%endif
+
 %post
-/sbin/ldconfig
 
 %if %{with_libvirtd}
 %if %{with_qemu}
@@ -454,7 +465,9 @@ if [ $1 = 0 ]; then
 fi
 %endif
 
-%postun -p /sbin/ldconfig
+%post client -p /sbin/ldconfig
+
+%postun client -p /sbin/ldconfig
 
 %files
 %defattr(-, root, root)
@@ -604,6 +617,27 @@ fi
 %endif
 
 %changelog
+* Thu Jul 30 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.0-0.8.gite195b43
+- Add patch from upstream to fix qemu pidfile perms problem
+
+* Thu Jul 30 2009 Daniel P. Berrange <berrange@redhat.com> - 0.7.0-0.7.gite195b43
+- Create qemu/kvm user & group to fix upgrades
+
+* Wed Jul 29 2009 Daniel Veillard <veillard@redhat.com> - 0.7.0-0.6.gite195b43
+- another prerelease with qemu, uml and remote patches
+- drop the news patch as it's now UTF8 upstream
+
+* Wed Jul 29 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.0-0.5.gitf055724
+- Move ldconfig call to libvirt-client %post/%postun
+- Fix rpmlint warning about libvirt-client summary
+- Fix disabling polkit and netcf on older fedoras
+
+* Wed Jul 29 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.0-0.4.gitf055724
+- Drop explicit libselinux requires, it is autorequired
+- Drop cleanup of python/tests, apparently not needed
+- Cherry-pick upstream patch to convert NEWS to UTF-8, drop iconv
+- Drop python BR; python-devel requires it
+
 * Tue Jul 28 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.0-0.3.gitf055724
 - Enable netcf support
 - Pass --with-qemu-user=qemu etc. to configure

sources

@@ -1 +1 @@
-7c8008af99963682cb38666d2f1661ba  libvirt-0.7.0-0.1.gitf055724.tar.gz
+30d52d580ad19473e80831ab1c222347  libvirt-0.7.0-0.6.gite195b43.tar.gz