Added utterly crazy build dep on CVS for stupid autopoint tool

- Don't fail to start network if ipv6 modules is not loaded

.cvsignore

@@ -11,3 +11,4 @@ libvirt-0.6.4.tar.gz
 libvirt-0.6.5.tar.gz
 libvirt-0.7.0-0.1.gitf055724.tar.gz
 libvirt-0.7.0-0.6.gite195b43.tar.gz
+libvirt-0.7.0.tar.gz

libvirt-0.7.0-chown-kernel-initrd-before-spawning-qemu.patch

@@ -0,0 +1,73 @@
+From: Mark McLoughlin <markmc@redhat.com>
+Subject: [PATCH] chown kernel/initrd before spawning qemu
+
+If we're running qemu unprivileged, we need to chown any supplied kernel
+or initrd before spawning it.
+
+* src/qemu_driver.c: rename qemuDomainSetDiskOwnership() to
+  qemuDomainSetFileOwnership(), pass it a path string instead of a disk
+  definition and use it for chowning the kernel/initrd in
+  qemuDomainSetAllDeviceOwnership()
+---
+ src/qemu_driver.c |   20 ++++++++++++--------
+ 1 files changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/src/qemu_driver.c b/src/qemu_driver.c
+index 412b68d..bd58435 100644
+--- a/src/qemu_driver.c
++++ b/src/qemu_driver.c
+@@ -1684,18 +1684,18 @@ static int qemuDomainSetHostdevOwnership(virConnectPtr conn,
+ 
+ }
+ 
+-static int qemuDomainSetDiskOwnership(virConnectPtr conn,
+-                                      virDomainDiskDefPtr def,
++static int qemuDomainSetFileOwnership(virConnectPtr conn,
++                                      const char *path,
+                                       uid_t uid, gid_t gid)
+ {
+ 
+-    if (!def->src)
++    if (!path)
+         return 0;
+ 
+-    VIR_DEBUG("Setting ownership on %s to %d:%d", def->src, uid, gid);
+-    if (chown(def->src, uid, gid) < 0) {
++    VIR_DEBUG("Setting ownership on %s to %d:%d", path, uid, gid);
++    if (chown(path, uid, gid) < 0) {
+         virReportSystemError(conn, errno, _("cannot set ownership on %s"),
+-                             def->src);
++                             path);
+         return -1;
+     }
+     return 0;
+@@ -1725,7 +1725,7 @@ static int qemuDomainSetDeviceOwnership(virConnectPtr conn,
+             (def->data.disk->readonly || def->data.disk->shared))
+             return 0;
+ 
+-        return qemuDomainSetDiskOwnership(conn, def->data.disk, uid, gid);
++        return qemuDomainSetFileOwnership(conn, def->data.disk->src, uid, gid);
+ 
+     case VIR_DOMAIN_DEVICE_HOSTDEV:
+         return qemuDomainSetHostdevOwnership(conn, def->data.hostdev, uid, gid);
+@@ -1753,12 +1753,16 @@ static int qemuDomainSetAllDeviceOwnership(virConnectPtr conn,
+     uid = restore ? 0 : driver->user;
+     gid = restore ? 0 : driver->group;
+ 
++    if (qemuDomainSetFileOwnership(conn, def->os.kernel, uid, gid) < 0 ||
++        qemuDomainSetFileOwnership(conn, def->os.initrd, uid, gid) < 0)
++        return -1;
++
+     for (i = 0 ; i < def->ndisks ; i++) {
+         if (restore &&
+             (def->disks[i]->readonly || def->disks[i]->shared))
+             continue;
+ 
+-        if (qemuDomainSetDiskOwnership(conn, def->disks[i], uid, gid) < 0)
++        if (qemuDomainSetFileOwnership(conn, def->disks[i]->src, uid, gid) < 0)
+             return -1;
+     }
+ 
+-- 
+1.6.2.5
+

libvirt-0.7.0-handle-kernels-with-no-ipv6-support.patch

@@ -0,0 +1,39 @@
+From: Mark McLoughlin <markmc@redhat.com>
+Subject: [PATCH] Handle kernels with no ipv6 support
+
+If the ipv6 kernel module is not loaded, then we get this when starting
+a virtual network:
+
+  libvir: Network Config error :
+  cannot enable /proc/sys/net/ipv6/conf/virbr0/disable_ipv6:
+  No such file or directory
+
+If disable_ipv6 is not present, we should just merrily continue on our
+way.
+
+* src/network_driver.c: make networkDisableIPV6() not fail if the kernel
+  has no ipv6 support
+---
+ src/network_driver.c |    6 ++++++
+ 1 files changed, 6 insertions(+), 0 deletions(-)
+
+diff --git a/src/network_driver.c b/src/network_driver.c
+index eaea454..84910ab 100644
+--- a/src/network_driver.c
++++ b/src/network_driver.c
+@@ -801,6 +801,12 @@ static int networkDisableIPV6(virConnectPtr conn,
+         goto cleanup;
+     }
+ 
++    if (access(field, W_OK) < 0 && errno == ENOENT) {
++        VIR_DEBUG("ipv6 appears to already be disabled on %s", network->def->bridge);
++        ret = 0;
++        goto cleanup;
++    }
++
+     if (virFileWriteStr(field, "1") < 0) {
+         virReportSystemError(conn, errno,
+                              _("cannot enable %s"), field);
+-- 
+1.6.2.5
+

libvirt-0.7.0-numa-ignore-fail.patch

@@ -0,0 +1,85 @@
+commit 19bac57b26c2d46ac8a7601158f210f34acdceac
+Author: Daniel P. Berrange <berrange@redhat.com>
+Date:   Thu Aug 13 11:56:31 2009 +0100
+
+    Make LXC / UML drivers robust against NUMA topology brokenness
+    
+    Some kernel versions expose broken NUMA topology for some machines.
+    This causes the LXC/UML drivers to fail to start. QEMU driver was
+    already fixed for this problem
+    
+    * src/lxc_conf.c: Log and ignore failure to populate NUMA info
+    * src/uml_conf.c: Log and ignore failure to populate NUMA info
+    * src/capabilities.c: Reset nnumaCell to 0 after freeing
+
+diff --git a/src/capabilities.c b/src/capabilities.c
+index c6766b6..193a9fe 100644
+--- a/src/capabilities.c
++++ b/src/capabilities.c
+@@ -139,6 +139,7 @@ virCapabilitiesFreeNUMAInfo(virCapsPtr caps)
+     for (i = 0 ; i < caps->host.nnumaCell ; i++)
+         virCapabilitiesFreeHostNUMACell(caps->host.numaCell[i]);
+     VIR_FREE(caps->host.numaCell);
++    caps->host.nnumaCell = 0;
+ }
+ 
+ /**
+diff --git a/src/lxc_conf.c b/src/lxc_conf.c
+index d06a024..fef60ba 100644
+--- a/src/lxc_conf.c
++++ b/src/lxc_conf.c
+@@ -30,6 +30,8 @@
+ #include "lxc_conf.h"
+ #include "nodeinfo.h"
+ #include "virterror_internal.h"
++#include "logging.h"
++
+ 
+ #define VIR_FROM_THIS VIR_FROM_LXC
+ 
+@@ -46,8 +48,14 @@ virCapsPtr lxcCapsInit(void)
+                                    0, 0)) == NULL)
+         goto no_memory;
+ 
+-    if (nodeCapsInitNUMA(caps) < 0)
+-        goto no_memory;
++    /* Some machines have problematic NUMA toplogy causing
++     * unexpected failures. We don't want to break the QEMU
++     * driver in this scenario, so log errors & carry on
++     */
++    if (nodeCapsInitNUMA(caps) < 0) {
++        virCapabilitiesFreeNUMAInfo(caps);
++        VIR_WARN0("Failed to query host NUMA topology, disabling NUMA capabilities");
++    }
+ 
+     /* XXX shouldn't 'borrow' KVM's prefix */
+     virCapabilitiesSetMacPrefix(caps, (unsigned char []){ 0x52, 0x54, 0x00 });
+diff --git a/src/uml_conf.c b/src/uml_conf.c
+index 48e05a8..4f756d4 100644
+--- a/src/uml_conf.c
++++ b/src/uml_conf.c
+@@ -45,6 +45,7 @@
+ #include "nodeinfo.h"
+ #include "verify.h"
+ #include "bridge.h"
++#include "logging.h"
+ 
+ #define VIR_FROM_THIS VIR_FROM_UML
+ 
+@@ -63,8 +64,14 @@ virCapsPtr umlCapsInit(void) {
+                                    0, 0)) == NULL)
+         goto no_memory;
+ 
+-    if (nodeCapsInitNUMA(caps) < 0)
+-        goto no_memory;
++    /* Some machines have problematic NUMA toplogy causing
++     * unexpected failures. We don't want to break the QEMU
++     * driver in this scenario, so log errors & carry on
++     */
++    if (nodeCapsInitNUMA(caps) < 0) {
++        virCapabilitiesFreeNUMAInfo(caps);
++        VIR_WARN0("Failed to query host NUMA topology, disabling NUMA capabilities");
++    }
+ 
+     if ((guest = virCapabilitiesAddGuest(caps,
+                                          "uml",

libvirt-0.7.0-policy-kit-rewrite.patch

@@ -0,0 +1,469 @@
+diff -rupN libvirt-0.7.0/configure.in libvirt-0.7.0.new/configure.in
+--- libvirt-0.7.0/configure.in	2009-08-05 08:53:49.000000000 -0400
++++ libvirt-0.7.0.new/configure.in	2009-08-13 08:37:22.393897620 -0400
+@@ -641,40 +641,61 @@ AC_SUBST([SASL_LIBS])
+ dnl PolicyKit library
+ POLKIT_CFLAGS=
+ POLKIT_LIBS=
++PKCHECK_PATH=
+ AC_ARG_WITH([polkit],
+   [  --with-polkit         use PolicyKit for UNIX socket access checks],
+   [],
+   [with_polkit=check])
+ 
++with_polkit0=no
++with_polkit1=no
+ if test "x$with_polkit" = "xyes" -o "x$with_polkit" = "xcheck"; then
+-  PKG_CHECK_MODULES(POLKIT, polkit-dbus >= $POLKIT_REQUIRED,
+-    [with_polkit=yes], [
+-    if test "x$with_polkit" = "xcheck" ; then
+-       with_polkit=no
+-    else
+-       AC_MSG_ERROR(
+-         [You must install PolicyKit >= $POLKIT_REQUIRED to compile libvirt])
+-    fi
+-  ])
+-  if test "x$with_polkit" = "xyes" ; then
++  dnl Check for new polkit first - just a binary
++  AC_PATH_PROG([PKCHECK_PATH],[pkcheck], [], [/usr/sbin:$PATH])
++  if test "x$PKCHECK_PATH" != "x" ; then
++    AC_DEFINE_UNQUOTED([PKCHECK_PATH],["$PKCHECK_PATH"],[Location of pkcheck program])
+     AC_DEFINE_UNQUOTED([HAVE_POLKIT], 1,
+-      [use PolicyKit for UNIX socket access checks])
+-
+-    old_CFLAGS=$CFLAGS
+-    old_LDFLAGS=$LDFLAGS
+-    CFLAGS="$CFLAGS $POLKIT_CFLAGS"
+-    LDFLAGS="$LDFLAGS $POLKIT_LIBS"
+-    AC_CHECK_FUNCS([polkit_context_is_caller_authorized])
+-    CFLAGS="$old_CFLAGS"
+-    LDFLAGS="$old_LDFLAGS"
+-
+-    AC_PATH_PROG([POLKIT_AUTH], [polkit-auth])
+-    if test "x$POLKIT_AUTH" != "x"; then
+-      AC_DEFINE_UNQUOTED([POLKIT_AUTH],["$POLKIT_AUTH"],[Location of polkit-auth program])
++        [use PolicyKit for UNIX socket access checks])
++    AC_DEFINE_UNQUOTED([HAVE_POLKIT1], 1,
++        [use PolicyKit for UNIX socket access checks])
++    with_polkit="yes"
++    with_polkit1="yes"
++  else
++    dnl Check for old polkit second - library + binary
++    PKG_CHECK_MODULES(POLKIT, polkit-dbus >= $POLKIT_REQUIRED,
++      [with_polkit=yes], [
++      if test "x$with_polkit" = "xcheck" ; then
++         with_polkit=no
++      else
++         AC_MSG_ERROR(
++           [You must install PolicyKit >= $POLKIT_REQUIRED to compile libvirt])
++      fi
++    ])
++    if test "x$with_polkit" = "xyes" ; then
++      AC_DEFINE_UNQUOTED([HAVE_POLKIT], 1,
++        [use PolicyKit for UNIX socket access checks])
++      AC_DEFINE_UNQUOTED([HAVE_POLKIT0], 1,
++        [use PolicyKit for UNIX socket access checks])
++
++      old_CFLAGS=$CFLAGS
++      old_LDFLAGS=$LDFLAGS
++      CFLAGS="$CFLAGS $POLKIT_CFLAGS"
++      LDFLAGS="$LDFLAGS $POLKIT_LIBS"
++      AC_CHECK_FUNCS([polkit_context_is_caller_authorized])
++      CFLAGS="$old_CFLAGS"
++      LDFLAGS="$old_LDFLAGS"
++
++      AC_PATH_PROG([POLKIT_AUTH], [polkit-auth])
++      if test "x$POLKIT_AUTH" != "x"; then
++        AC_DEFINE_UNQUOTED([POLKIT_AUTH],["$POLKIT_AUTH"],[Location of polkit-auth program])
++      fi
++      with_polkit0="yes"
+     fi
+   fi
+ fi
+ AM_CONDITIONAL([HAVE_POLKIT], [test "x$with_polkit" = "xyes"])
++AM_CONDITIONAL([HAVE_POLKIT0], [test "x$with_polkit0" = "xyes"])
++AM_CONDITIONAL([HAVE_POLKIT1], [test "x$with_polkit1" = "xyes"])
+ AC_SUBST([POLKIT_CFLAGS])
+ AC_SUBST([POLKIT_LIBS])
+ 
+@@ -1695,7 +1716,11 @@ else
+ AC_MSG_NOTICE([   avahi: no])
+ fi
+ if test "$with_polkit" = "yes" ; then
+-AC_MSG_NOTICE([  polkit: $POLKIT_CFLAGS $POLKIT_LIBS])
++if test "$with_polkit0" = "yes" ; then
++AC_MSG_NOTICE([  polkit: $POLKIT_CFLAGS $POLKIT_LIBS (version 0)])
++else
++AC_MSG_NOTICE([  polkit: $PKCHECK_PATH (version 1)])
++fi
+ else
+ AC_MSG_NOTICE([  polkit: no])
+ fi
+diff -rupN libvirt-0.7.0/qemud/libvirtd.policy libvirt-0.7.0.new/qemud/libvirtd.policy
+--- libvirt-0.7.0/qemud/libvirtd.policy	2009-07-22 09:37:32.000000000 -0400
++++ libvirt-0.7.0.new/qemud/libvirtd.policy	1969-12-31 19:00:00.000000000 -0500
+@@ -1,42 +0,0 @@
+-<!DOCTYPE policyconfig PUBLIC
+- "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+- "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
+-
+-<!--
+-Policy definitions for libvirt daemon
+-
+-Copyright (c) 2007 Daniel P. Berrange <berrange redhat com>
+-
+-libvirt is licensed to you under the GNU Lesser General Public License
+-version 2. See COPYING for details.
+-
+-NOTE: If you make changes to this file, make sure to validate the file
+-using the polkit-policy-file-validate(1) tool. Changes made to this
+-file are instantly applied.
+--->
+-
+-<policyconfig>
+-    <action id="org.libvirt.unix.monitor">
+-      <description>Monitor local virtualized systems</description>
+-      <message>System policy prevents monitoring of local virtualized systems</message>
+-      <defaults>
+-        <!-- Any program can use libvirt in read-only mode for monitoring,
+-             even if not part of a session -->
+-        <allow_any>yes</allow_any>
+-        <allow_inactive>yes</allow_inactive>
+-        <allow_active>yes</allow_active>
+-      </defaults>
+-    </action>
+-
+-    <action id="org.libvirt.unix.manage">
+-      <description>Manage local virtualized systems</description>
+-      <message>System policy prevents management of local virtualized systems</message>
+-      <defaults>
+-        <!-- Only a program in the active host session can use libvirt in
+-             read-write mode for management, and we require user password -->
+-        <allow_any>no</allow_any>
+-        <allow_inactive>no</allow_inactive>
+-        <allow_active>auth_admin_keep_session</allow_active>
+-      </defaults>
+-    </action>
+-</policyconfig>
+diff -rupN libvirt-0.7.0/qemud/libvirtd.policy-0 libvirt-0.7.0.new/qemud/libvirtd.policy-0
+--- libvirt-0.7.0/qemud/libvirtd.policy-0	1969-12-31 19:00:00.000000000 -0500
++++ libvirt-0.7.0.new/qemud/libvirtd.policy-0	2009-08-13 08:37:22.408883879 -0400
+@@ -0,0 +1,42 @@
++<!DOCTYPE policyconfig PUBLIC
++ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
++ "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
++
++<!--
++Policy definitions for libvirt daemon
++
++Copyright (c) 2007 Daniel P. Berrange <berrange redhat com>
++
++libvirt is licensed to you under the GNU Lesser General Public License
++version 2. See COPYING for details.
++
++NOTE: If you make changes to this file, make sure to validate the file
++using the polkit-policy-file-validate(1) tool. Changes made to this
++file are instantly applied.
++-->
++
++<policyconfig>
++    <action id="org.libvirt.unix.monitor">
++      <description>Monitor local virtualized systems</description>
++      <message>System policy prevents monitoring of local virtualized systems</message>
++      <defaults>
++        <!-- Any program can use libvirt in read-only mode for monitoring,
++             even if not part of a session -->
++        <allow_any>yes</allow_any>
++        <allow_inactive>yes</allow_inactive>
++        <allow_active>yes</allow_active>
++      </defaults>
++    </action>
++
++    <action id="org.libvirt.unix.manage">
++      <description>Manage local virtualized systems</description>
++      <message>System policy prevents management of local virtualized systems</message>
++      <defaults>
++        <!-- Only a program in the active host session can use libvirt in
++             read-write mode for management, and we require user password -->
++        <allow_any>no</allow_any>
++        <allow_inactive>no</allow_inactive>
++        <allow_active>auth_admin_keep_session</allow_active>
++      </defaults>
++    </action>
++</policyconfig>
+diff -rupN libvirt-0.7.0/qemud/libvirtd.policy-1 libvirt-0.7.0.new/qemud/libvirtd.policy-1
+--- libvirt-0.7.0/qemud/libvirtd.policy-1	1969-12-31 19:00:00.000000000 -0500
++++ libvirt-0.7.0.new/qemud/libvirtd.policy-1	2009-08-13 08:37:22.412905763 -0400
+@@ -0,0 +1,42 @@
++<!DOCTYPE policyconfig PUBLIC
++ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
++ "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
++
++<!--
++Policy definitions for libvirt daemon
++
++Copyright (c) 2007 Daniel P. Berrange <berrange redhat com>
++
++libvirt is licensed to you under the GNU Lesser General Public License
++version 2. See COPYING for details.
++
++NOTE: If you make changes to this file, make sure to validate the file
++using the polkit-policy-file-validate(1) tool. Changes made to this
++file are instantly applied.
++-->
++
++<policyconfig>
++    <action id="org.libvirt.unix.monitor">
++      <description>Monitor local virtualized systems</description>
++      <message>System policy prevents monitoring of local virtualized systems</message>
++      <defaults>
++        <!-- Any program can use libvirt in read-only mode for monitoring,
++             even if not part of a session -->
++        <allow_any>yes</allow_any>
++        <allow_inactive>yes</allow_inactive>
++        <allow_active>yes</allow_active>
++      </defaults>
++    </action>
++
++    <action id="org.libvirt.unix.manage">
++      <description>Manage local virtualized systems</description>
++      <message>System policy prevents management of local virtualized systems</message>
++      <defaults>
++        <!-- Only a program in the active host session can use libvirt in
++             read-write mode for management, and we require user password -->
++        <allow_any>no</allow_any>
++        <allow_inactive>no</allow_inactive>
++        <allow_active>auth_admin_keep</allow_active>
++      </defaults>
++    </action>
++</policyconfig>
+diff -rupN libvirt-0.7.0/qemud/Makefile.am libvirt-0.7.0.new/qemud/Makefile.am
+--- libvirt-0.7.0/qemud/Makefile.am	2009-07-22 09:37:32.000000000 -0400
++++ libvirt-0.7.0.new/qemud/Makefile.am	2009-08-13 08:37:22.398915449 -0400
+@@ -21,7 +21,8 @@ EXTRA_DIST =						\
+ 	remote_protocol.x				\
+ 	libvirtd.conf					\
+ 	libvirtd.init.in				\
+-	libvirtd.policy					\
++	libvirtd.policy-0				\
++	libvirtd.policy-1				\
+ 	libvirtd.sasl					\
+ 	libvirtd.sysconf				\
+ 	libvirtd.aug                                    \
+@@ -147,7 +148,13 @@ endif
+ libvirtd_LDADD += ../src/libvirt.la
+ 
+ if HAVE_POLKIT
++if HAVE_POLKIT0
+ policydir = $(datadir)/PolicyKit/policy
++policyfile = libvirtd.policy-0
++else
++policydir = $(datadir)/polkit-1/actions
++policyfile = libvirtd.policy-1
++endif
+ endif
+ 
+ if HAVE_AVAHI
+@@ -197,7 +204,7 @@ endif
+ if HAVE_POLKIT
+ install-data-polkit:: install-init
+ 	mkdir -p $(DESTDIR)$(policydir)
+-	$(INSTALL_DATA) $(srcdir)/libvirtd.policy $(DESTDIR)$(policydir)/org.libvirt.unix.policy
++	$(INSTALL_DATA) $(srcdir)/$(policyfile) $(DESTDIR)$(policydir)/org.libvirt.unix.policy
+ uninstall-data-polkit:: install-init
+ 	rm -f $(DESTDIR)$(policydir)/org.libvirt.unix.policy
+ else
+diff -rupN libvirt-0.7.0/qemud/qemud.c libvirt-0.7.0.new/qemud/qemud.c
+--- libvirt-0.7.0/qemud/qemud.c	2009-07-22 09:37:32.000000000 -0400
++++ libvirt-0.7.0.new/qemud/qemud.c	2009-08-13 08:37:22.419878018 -0400
+@@ -895,7 +895,7 @@ static struct qemud_server *qemudNetwork
+     }
+ #endif
+ 
+-#ifdef HAVE_POLKIT
++#if HAVE_POLKIT0
+     if (auth_unix_rw == REMOTE_AUTH_POLKIT ||
+         auth_unix_ro == REMOTE_AUTH_POLKIT) {
+         DBusError derr;
+@@ -982,7 +982,7 @@ static struct qemud_server *qemudNetwork
+             sock = sock->next;
+         }
+ 
+-#ifdef HAVE_POLKIT
++#if HAVE_POLKIT0
+         if (server->sysbus)
+             dbus_connection_unref(server->sysbus);
+ #endif
+diff -rupN libvirt-0.7.0/qemud/qemud.h libvirt-0.7.0.new/qemud/qemud.h
+--- libvirt-0.7.0/qemud/qemud.h	2009-07-23 12:33:02.000000000 -0400
++++ libvirt-0.7.0.new/qemud/qemud.h	2009-08-13 08:37:22.425909852 -0400
+@@ -34,7 +34,7 @@
+ #include <sasl/sasl.h>
+ #endif
+ 
+-#ifdef HAVE_POLKIT
++#if HAVE_POLKIT0
+ #include <dbus/dbus.h>
+ #endif
+ 
+@@ -253,7 +253,7 @@ struct qemud_server {
+ #if HAVE_SASL
+     char **saslUsernameWhitelist;
+ #endif
+-#if HAVE_POLKIT
++#if HAVE_POLKIT0
+     DBusConnection *sysbus;
+ #endif
+ };
+diff -rupN libvirt-0.7.0/qemud/remote.c libvirt-0.7.0.new/qemud/remote.c
+--- libvirt-0.7.0/qemud/remote.c	2009-07-23 12:33:02.000000000 -0400
++++ libvirt-0.7.0.new/qemud/remote.c	2009-08-13 08:37:22.431865087 -0400
+@@ -43,7 +43,7 @@
+ #include <fnmatch.h>
+ #include "virterror_internal.h"
+ 
+-#ifdef HAVE_POLKIT
++#if HAVE_POLKIT0
+ #include <polkit/polkit.h>
+ #include <polkit-dbus/polkit-dbus.h>
+ #endif
+@@ -3106,7 +3106,80 @@ remoteDispatchAuthSaslStep (struct qemud
+ #endif /* HAVE_SASL */
+ 
+ 
+-#if HAVE_POLKIT
++#if HAVE_POLKIT1
++static int
++remoteDispatchAuthPolkit (struct qemud_server *server,
++                          struct qemud_client *client,
++                          virConnectPtr conn ATTRIBUTE_UNUSED,
++                          remote_error *rerr,
++                          void *args ATTRIBUTE_UNUSED,
++                          remote_auth_polkit_ret *ret)
++{
++    pid_t callerPid;
++    uid_t callerUid;
++    const char *action;
++    int status = -1;
++    char pidbuf[50];
++    int rv;
++
++    virMutexLock(&server->lock);
++    virMutexLock(&client->lock);
++    virMutexUnlock(&server->lock);
++
++    action = client->readonly ?
++        "org.libvirt.unix.monitor" :
++        "org.libvirt.unix.manage";
++
++    const char * const pkcheck [] = {
++      PKCHECK_PATH,
++      "--action-id", action,
++      "--process", pidbuf,
++      "--allow-user-interaction",
++      NULL
++    };
++
++    REMOTE_DEBUG("Start PolicyKit auth %d", client->fd);
++    if (client->auth != REMOTE_AUTH_POLKIT) {
++        VIR_ERROR0(_("client tried invalid PolicyKit init request"));
++        goto authfail;
++    }
++
++    if (qemudGetSocketIdentity(client->fd, &callerUid, &callerPid) < 0) {
++        VIR_ERROR0(_("cannot get peer socket identity"));
++        goto authfail;
++    }
++
++    VIR_INFO(_("Checking PID %d running as %d"), callerPid, callerUid);
++
++    rv = snprintf(pidbuf, sizeof pidbuf, "%d", callerPid);
++    if (rv < 0 || rv >= sizeof pidbuf) {
++        VIR_ERROR(_("Caller PID was too large %d"), callerPid);
++	goto authfail;
++    }
++
++    if (virRun(NULL, pkcheck, &status) < 0) {
++        VIR_ERROR(_("Cannot invoke %s"), PKCHECK_PATH);
++	goto authfail;
++    }
++    if (status != 0) {
++        VIR_ERROR(_("Policy kit denied action %s from pid %d, uid %d, result: %d\n"),
++                  action, callerPid, callerUid, status);
++        goto authfail;
++    }
++    VIR_INFO(_("Policy allowed action %s from pid %d, uid %d"),
++             action, callerPid, callerUid);
++    ret->complete = 1;
++    client->auth = REMOTE_AUTH_NONE;
++
++    virMutexUnlock(&client->lock);
++    return 0;
++
++authfail:
++    remoteDispatchAuthError(rerr);
++    virMutexUnlock(&client->lock);
++    return -1;
++}
++#elif HAVE_POLKIT0
+ static int
+ remoteDispatchAuthPolkit (struct qemud_server *server,
+                           struct qemud_client *client,
+@@ -3217,7 +3290,7 @@ authfail:
+     return -1;
+ }
+ 
+-#else /* HAVE_POLKIT */
++#else /* !HAVE_POLKIT0 & !HAVE_POLKIT1*/
+ 
+ static int
+ remoteDispatchAuthPolkit (struct qemud_server *server ATTRIBUTE_UNUSED,
+@@ -3231,7 +3304,7 @@ remoteDispatchAuthPolkit (struct qemud_s
+     remoteDispatchAuthError(rerr);
+     return -1;
+ }
+-#endif /* HAVE_POLKIT */
++#endif /* HAVE_POLKIT1 */
+ 
+ 
+ /***************************************************************
+diff -rupN libvirt-0.7.0/src/remote_internal.c libvirt-0.7.0.new/src/remote_internal.c
+--- libvirt-0.7.0/src/remote_internal.c	2009-07-29 10:42:15.000000000 -0400
++++ libvirt-0.7.0.new/src/remote_internal.c	2009-08-13 10:55:57.607899170 -0400
+@@ -6201,6 +6201,7 @@ remoteAuthPolkit (virConnectPtr conn, st
+                   virConnectAuthPtr auth)
+ {
+     remote_auth_polkit_ret ret;
++#if HAVE_POLKIT0
+     int i, allowcb = 0;
+     virConnectCredential cred = {
+         VIR_CRED_EXTERNAL,
+@@ -6210,8 +6211,10 @@ remoteAuthPolkit (virConnectPtr conn, st
+         NULL,
+         0,
+     };
++#endif
+     DEBUG0("Client initialize PolicyKit authentication");
+ 
++#if HAVE_POLKIT0
+     if (auth && auth->cb) {
+         /* Check if the necessary credential type for PolicyKit is supported */
+         for (i = 0 ; i < auth->ncredtype ; i++) {
+@@ -6220,6 +6223,7 @@ remoteAuthPolkit (virConnectPtr conn, st
+         }
+ 
+         if (allowcb) {
++            DEBUG0("Client run callback for PolicyKit authentication");
+             /* Run the authentication callback */
+             if ((*(auth->cb))(&cred, 1, auth->cbdata) < 0) {
+                 virRaiseError (in_open ? NULL : conn, NULL, NULL, VIR_FROM_REMOTE,
+@@ -6233,6 +6237,9 @@ remoteAuthPolkit (virConnectPtr conn, st
+     } else {
+         DEBUG0("No auth callback provided");
+     }
++#else
++    DEBUG0("No auth callback required for PolicyKit-1");
++#endif
+ 
+     memset (&ret, 0, sizeof ret);
+     if (call (conn, priv, in_open, REMOTE_PROC_AUTH_POLKIT,

libvirt.spec

@@ -78,10 +78,23 @@
 Summary: Library providing a simple API virtualization
 Name: libvirt
 Version: 0.7.0
-Release: 0.6.gite195b43%{?dist}%{?extra_release}
+Release: 4%{?dist}%{?extra_release}
 License: LGPLv2+
 Group: Development/Libraries
-Source: libvirt-0.7.0-0.6.gite195b43.tar.gz
+Source: libvirt-%{version}.tar.gz
+
+# Make sure qemu can access kernel/initrd (bug #516034)
+Patch01: libvirt-0.7.0-chown-kernel-initrd-before-spawning-qemu.patch
+
+# Don't fail to start network if ipv6 modules is not loaded (bug #516497)
+Patch02: libvirt-0.7.0-handle-kernels-with-no-ipv6-support.patch
+
+# Policykit rewrite (bug #499970)
+# NB remove autoreconf hack & extra BRs when this goes away
+Patch03: libvirt-0.7.0-policy-kit-rewrite.patch
+
+# Log and ignore NUMA topology problems (rhbz #506590)
+Patch04: libvirt-0.7.0-numa-ignore-fail.patch
 
 # Temporary hack till PulseAudio autostart problems are sorted
 # out when SELinux enforcing (bz 486112)
@@ -100,8 +113,12 @@ Requires: iptables
 # needed for device enumeration
 Requires: hal
 %if %{with_polkit}
+%if 0%{?fedora} >= 12
+Requires: polkit >= 0.93
+%else
 Requires: PolicyKit >= 0.6
 %endif
+%endif
 %if %{with_storage_fs}
 # For mount/umount in FS driver
 BuildRequires: util-linux
@@ -155,8 +172,13 @@ BuildRequires: bridge-utils
 BuildRequires: cyrus-sasl-devel
 %endif
 %if %{with_polkit}
+%if 0%{?fedora} >= 12
+# Only need the binary, not -devel
+BuildRequires: polkit >= 0.93
+%else
 BuildRequires: PolicyKit-devel >= 0.6
 %endif
+%endif
 %if %{with_storage_fs}
 # For mount/umount in FS driver
 BuildRequires: util-linux
@@ -199,6 +221,9 @@ BuildRequires: netcf-devel
 # Fedora build root suckage
 BuildRequires: gawk
 
+# Temp hack for patch 3
+BuildRequires: libtool autoconf automake gettext cvs
+
 %description
 Libvirt is a C toolkit to interact with the virtualization capabilities
 of recent versions of Linux (and other OSes). The main package includes
@@ -252,6 +277,11 @@ of recent versions of Linux (and other OSes).
 %prep
 %setup -q
 
+%patch01 -p1
+%patch02 -p1
+%patch03 -p1
+%patch04 -p1
+
 %patch200 -p0
 
 %build
@@ -343,6 +373,9 @@ of recent versions of Linux (and other OSes).
 %define _without_netcf --without-netcf
 %endif
 
+# Temp hack for patch 3
+autoreconf -if
+
 %configure %{?_without_xen} \
            %{?_without_qemu} \
            %{?_without_openvz} \
@@ -419,6 +452,18 @@ chmod 0644 $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/libvirtd
 %clean
 rm -fr %{buildroot}
 
+%pre
+%if 0%{?fedora} >= 12
+# Normally 'setup' adds this in /etc/passwd, but this is
+# here for case of upgrades from earlier Fedora. This
+# UID/GID pair is reserved for qemu:qemu
+getent group kvm >/dev/null || groupadd -g 36 -r kvm
+getent group qemu >/dev/null || groupadd -g 107 -r qemu
+getent passwd qemu >/dev/null || \
+  useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
+    -c "qemu user" qemu
+%endif
+
 %post
 
 %if %{with_libvirtd}
@@ -484,8 +529,8 @@ fi
 %dir %{_localstatedir}/run/libvirt/
 
 %dir %{_localstatedir}/lib/libvirt/
-%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/images/
-%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/boot/
+%dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/images/
+%dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/boot/
 %dir %attr(0700, root, root) %{_localstatedir}/cache/libvirt/
 
 %if %{with_qemu}
@@ -520,8 +565,12 @@ fi
 %endif
 
 %if %{with_polkit}
+%if 0%{?fedora} >= 12
+%{_datadir}/polkit-1/actions/org.libvirt.unix.policy
+%else
 %{_datadir}/PolicyKit/policy/org.libvirt.unix.policy
 %endif
+%endif
 
 %dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/
 %if %{with_qemu}
@@ -600,6 +649,36 @@ fi
 %endif
 
 %changelog
+* Thu Aug 13 2009 Daniel P. Berrange <berrange@redhat.com> - 0.7.0-4
+- Rewrite policykit support (rhbz #499970)
+- Log and ignore NUMA topology problems (rhbz #506590)
+
+* Mon Aug 10 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.0-3
+- Don't fail to start network if ipv6 modules is not loaded (#516497)
+
+* Thu Aug  6 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.0-2
+- Make sure qemu can access kernel/initrd (bug #516034)
+- Set perms on /var/lib/libvirt/boot to 0711 (bug #516034)
+
+* Wed Aug  5 2009 Daniel Veillard <veillard@redhat.com> - 0.7.0-1
+- Upstream release of 0.7.0
+- ESX, VBox3, Power Hypervisor drivers
+- new net filesystem glusterfs
+- Storage cloning for LVM and Disk backends
+- interface implementation based on netcf
+- Support cgroups in QEMU driver
+- QEmu hotplug NIC support
+- a lot of fixes
+
+* Fri Jul 31 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.0-0.9.gite195b43
+- Set perms on /var/lib/libvirt/images to 0711
+
+* Thu Jul 30 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.0-0.8.gite195b43
+- Add patch from upstream to fix qemu pidfile perms problem
+
+* Thu Jul 30 2009 Daniel P. Berrange <berrange@redhat.com> - 0.7.0-0.7.gite195b43
+- Create qemu/kvm user & group to fix upgrades
+
 * Wed Jul 29 2009 Daniel Veillard <veillard@redhat.com> - 0.7.0-0.6.gite195b43
 - another prerelease with qemu, uml and remote patches
 - drop the news patch as it's now UTF8 upstream

sources

@@ -1 +1 @@
-30d52d580ad19473e80831ab1c222347  libvirt-0.7.0-0.6.gite195b43.tar.gz
+8c2c14a7695c9c661004bcfc6468d62d  libvirt-0.7.0.tar.gz