From 24c8d758746d82e7cd6b4a691f19dbe3d20596ff Mon Sep 17 00:00:00 2001 From: wedens Date: Thu, 27 Feb 2020 12:53:31 +0700 Subject: [PATCH 1/6] libvirt: 5.4.0 -> 6.0.0 --- pkgs/development/libraries/libvirt/5.4.0.nix | 160 ++++++++++++++++++ .../development/libraries/libvirt/default.nix | 45 ++--- .../python-modules/libvirt/5.4.0.nix | 27 +++ .../python-modules/libvirt/default.nix | 4 +- pkgs/top-level/all-packages.nix | 1 + pkgs/top-level/perl-packages.nix | 4 +- pkgs/top-level/python-packages.nix | 7 +- 7 files changed, 208 insertions(+), 40 deletions(-) create mode 100644 pkgs/development/libraries/libvirt/5.4.0.nix create mode 100644 pkgs/development/python-modules/libvirt/5.4.0.nix diff --git a/pkgs/development/libraries/libvirt/5.4.0.nix b/pkgs/development/libraries/libvirt/5.4.0.nix new file mode 100644 index 00000000000..dd0a88974d0 --- /dev/null +++ b/pkgs/development/libraries/libvirt/5.4.0.nix @@ -0,0 +1,160 @@ +{ stdenv, fetchurl, fetchgit +, pkgconfig, makeWrapper, libtool, autoconf, automake, fetchpatch +, coreutils, libxml2, gnutls, perl, python2, attr +, iproute, iptables, readline, lvm2, utillinux, systemd, libpciaccess, gettext +, libtasn1, ebtables, libgcrypt, yajl, pmutils, libcap_ng, libapparmor +, dnsmasq, libnl, libpcap, libxslt, xhtml1, numad, numactl, perlPackages +, curl, libiconv, gmp, zfs, parted, bridge-utils, dmidecode +, enableXen ? false, xen ? null +, enableIscsi ? false, openiscsi +, enableCeph ? false, ceph +}: + +with stdenv.lib; + +# if you update, also bump and SysVirt in +let + buildFromTarball = stdenv.isDarwin; +in stdenv.mkDerivation rec { + pname = "libvirt"; + version = "5.4.0"; + + src = + if buildFromTarball then + fetchurl { + url = "http://libvirt.org/sources/${pname}-${version}.tar.xz"; + sha256 = "0ywf8m9yz2hxnic7fylzlmgy4m353r4vv5zsvp89zq5yh4h81yhw"; + } + else + fetchgit { + url = git://libvirt.org/libvirt.git; + rev = "v${version}"; + sha256 = "1dja1mf295w0sl83zag62c4j55cfbzzfbhdxpkyv2zm3zv0mwdyc"; + fetchSubmodules = true; + }; + + patches = optionals (!stdenv.isDarwin) [ + (fetchpatch { + name = "5.4.0-CVE-2019-10161.patch"; + url = "https://libvirt.org/git/?p=libvirt.git;a=patch;h=aed6a032cead4386472afb24b16196579e239580"; + sha256 = "19k9z9xx68nf03igbgy1imxnlp5ppj7cgdbq9kri3s834hkjcygs"; + }) + ] ++ [ + (fetchpatch { + name = "5.4.0-CVE-2019-10166.patch"; + url = "https://libvirt.org/git/?p=libvirt.git;a=patch;h=db0b78457f183e4c7ac45bc94de86044a1e2056a"; + sha256 = "17pd1rab2mxj4q0vg30vi2gh78mf52ik1p5l12wrghb0wjf7swml"; + }) + (fetchpatch { + name = "5.4.0-CVE-2019-10167.patch"; + url = "https://libvirt.org/git/?p=libvirt.git;a=patch;h=8afa68bac0cf99d1f8aaa6566685c43c22622f26"; + sha256 = "0hgbwk0y2n6ihzjk8vqabhw914axjqgzcb7c5xx893r86c54c0ml"; + }) + (fetchpatch { + name = "5.4.0-CVE-2019-10168.patch"; + url = "https://libvirt.org/git/?p=libvirt.git;a=patch;h=bf6c2830b6c338b1f5699b095df36f374777b291"; + sha256 = "0s4hc3hsjncx1852ndjas1nng9v23pxf4mi1jxcajsqvhw89la0g"; + }) + ]; + + nativeBuildInputs = [ makeWrapper pkgconfig ]; + buildInputs = [ + libxml2 gnutls perl python2 readline gettext libtasn1 libgcrypt yajl + libxslt xhtml1 perlPackages.XMLXPath curl libpcap + ] ++ optionals (!buildFromTarball) [ + libtool autoconf automake + ] ++ optionals stdenv.isLinux [ + libpciaccess lvm2 utillinux systemd libnl numad zfs + libapparmor libcap_ng numactl attr parted + ] ++ optionals (enableXen && stdenv.isLinux && stdenv.isx86_64) [ + xen + ] ++ optionals enableIscsi [ + openiscsi + ] ++ optionals enableCeph [ + ceph + ] ++ optionals stdenv.isDarwin [ + libiconv gmp + ]; + + preConfigure = '' + ${ optionalString (!buildFromTarball) "./bootstrap --no-git --gnulib-srcdir=$(pwd)/.gnulib" } + PATH=${stdenv.lib.makeBinPath ([ dnsmasq ] ++ optionals stdenv.isLinux [ iproute iptables ebtables lvm2 systemd numad ] ++ optionals enableIscsi [ openiscsi ])}:$PATH + # the path to qemu-kvm will be stored in VM's .xml and .save files + # do not use "''${qemu_kvm}/bin/qemu-kvm" to avoid bound VMs to particular qemu derivations + substituteInPlace src/lxc/lxc_conf.c \ + --replace 'lxc_path,' '"/run/libvirt/nix-emulators/libvirt_lxc",' + patchShebangs . # fixes /usr/bin/python references + ''; + + configureFlags = [ + "--localstatedir=/var" + "--sysconfdir=/var/lib" + "--with-libpcap" + "--with-qemu" + "--with-vmware" + "--with-vbox" + "--with-test" + "--with-esx" + "--with-remote" + ] ++ optionals stdenv.isLinux [ + "QEMU_BRIDGE_HELPER=/run/wrappers/bin/qemu-bridge-helper" + "QEMU_PR_HELPER=/run/libvirt/nix-helpers/qemu-pr-helper" + "EBTABLES_PATH=${ebtables}/bin/ebtables-legacy" + "--with-attr" + "--with-apparmor" + "--with-secdriver-apparmor" + "--with-numad" + "--with-macvtap" + "--with-virtualport" + "--with-storage-disk" + ] ++ optionals (stdenv.isLinux && zfs != null) [ + "--with-storage-zfs" + ] ++ optionals enableIscsi [ + "--with-storage-iscsi" + ] ++ optionals enableCeph [ + "--with-storage-rbd" + ] ++ optionals stdenv.isDarwin [ + "--with-init-script=none" + ]; + + installFlags = [ + "localstatedir=$(TMPDIR)/var" + "sysconfdir=$(out)/var/lib" + ]; + + + postInstall = let + binPath = [ iptables iproute pmutils numad numactl bridge-utils dmidecode dnsmasq ebtables ] ++ optionals enableIscsi [ openiscsi ]; + in '' + substituteInPlace $out/libexec/libvirt-guests.sh \ + --replace 'ON_BOOT=start' 'ON_BOOT=''${ON_BOOT:-start}' \ + --replace 'ON_SHUTDOWN=suspend' 'ON_SHUTDOWN=''${ON_SHUTDOWN:-suspend}' \ + --replace "$out/bin" '${gettext}/bin' \ + --replace 'lock/subsys' 'lock' \ + --replace 'gettext.sh' 'gettext.sh + # Added in nixpkgs: + gettext() { "${gettext}/bin/gettext" "$@"; } + ' + '' + optionalString stdenv.isLinux '' + substituteInPlace $out/lib/systemd/system/libvirtd.service --replace /bin/kill ${coreutils}/bin/kill + rm $out/lib/systemd/system/{virtlockd,virtlogd}.* + wrapProgram $out/sbin/libvirtd \ + --prefix PATH : /run/libvirt/nix-emulators:${makeBinPath binPath} + ''; + + enableParallelBuilding = true; + + NIX_CFLAGS_COMPILE = "-fno-stack-protector"; + + meta = { + homepage = http://libvirt.org/; + repositories.git = git://libvirt.org/libvirt.git; + description = '' + A toolkit to interact with the virtualization capabilities of recent + versions of Linux (and other OSes) + ''; + license = licenses.lgpl2Plus; + platforms = platforms.unix; + maintainers = with maintainers; [ fpletz globin ]; + }; +} diff --git a/pkgs/development/libraries/libvirt/default.nix b/pkgs/development/libraries/libvirt/default.nix index 44cdd9edf52..9f547198ab6 100644 --- a/pkgs/development/libraries/libvirt/default.nix +++ b/pkgs/development/libraries/libvirt/default.nix @@ -1,6 +1,6 @@ { stdenv, fetchurl, fetchgit , pkgconfig, makeWrapper, libtool, autoconf, automake, fetchpatch -, coreutils, libxml2, gnutls, perl, python2, attr +, coreutils, libxml2, gnutls, perl, python2, attr, glib, docutils , iproute, iptables, readline, lvm2, utillinux, systemd, libpciaccess, gettext , libtasn1, ebtables, libgcrypt, yajl, pmutils, libcap_ng, libapparmor , dnsmasq, libnl, libpcap, libxslt, xhtml1, numad, numactl, perlPackages @@ -17,50 +17,26 @@ let buildFromTarball = stdenv.isDarwin; in stdenv.mkDerivation rec { pname = "libvirt"; - version = "5.4.0"; + version = "6.0.0"; src = if buildFromTarball then fetchurl { url = "http://libvirt.org/sources/${pname}-${version}.tar.xz"; - sha256 = "0ywf8m9yz2hxnic7fylzlmgy4m353r4vv5zsvp89zq5yh4h81yhw"; + sha256 = "0xkz6n6pyv7k4jj7762v65jdsj8pkcpbnas65hjy7b5vi4in9fz6"; } else fetchgit { url = git://libvirt.org/libvirt.git; rev = "v${version}"; - sha256 = "1dja1mf295w0sl83zag62c4j55cfbzzfbhdxpkyv2zm3zv0mwdyc"; + sha256 = "0j0rvymxaqavak03w7gblm8ingvbcwczpwfk8s0iqvsgfgk9974p"; fetchSubmodules = true; }; - patches = optionals (!stdenv.isDarwin) [ - (fetchpatch { - name = "5.4.0-CVE-2019-10161.patch"; - url = "https://libvirt.org/git/?p=libvirt.git;a=patch;h=aed6a032cead4386472afb24b16196579e239580"; - sha256 = "19k9z9xx68nf03igbgy1imxnlp5ppj7cgdbq9kri3s834hkjcygs"; - }) - ] ++ [ - (fetchpatch { - name = "5.4.0-CVE-2019-10166.patch"; - url = "https://libvirt.org/git/?p=libvirt.git;a=patch;h=db0b78457f183e4c7ac45bc94de86044a1e2056a"; - sha256 = "17pd1rab2mxj4q0vg30vi2gh78mf52ik1p5l12wrghb0wjf7swml"; - }) - (fetchpatch { - name = "5.4.0-CVE-2019-10167.patch"; - url = "https://libvirt.org/git/?p=libvirt.git;a=patch;h=8afa68bac0cf99d1f8aaa6566685c43c22622f26"; - sha256 = "0hgbwk0y2n6ihzjk8vqabhw914axjqgzcb7c5xx893r86c54c0ml"; - }) - (fetchpatch { - name = "5.4.0-CVE-2019-10168.patch"; - url = "https://libvirt.org/git/?p=libvirt.git;a=patch;h=bf6c2830b6c338b1f5699b095df36f374777b291"; - sha256 = "0s4hc3hsjncx1852ndjas1nng9v23pxf4mi1jxcajsqvhw89la0g"; - }) - ]; - - nativeBuildInputs = [ makeWrapper pkgconfig ]; + nativeBuildInputs = [ makeWrapper pkgconfig docutils ]; buildInputs = [ libxml2 gnutls perl python2 readline gettext libtasn1 libgcrypt yajl - libxslt xhtml1 perlPackages.XMLXPath curl libpcap + libxslt xhtml1 perlPackages.XMLXPath curl libpcap glib ] ++ optionals (!buildFromTarball) [ libtool autoconf automake ] ++ optionals stdenv.isLinux [ @@ -78,17 +54,19 @@ in stdenv.mkDerivation rec { preConfigure = '' ${ optionalString (!buildFromTarball) "./bootstrap --no-git --gnulib-srcdir=$(pwd)/.gnulib" } - PATH=${stdenv.lib.makeBinPath ([ dnsmasq ] ++ optionals stdenv.isLinux [ iproute iptables ebtables lvm2 systemd numad ] ++ optionals enableIscsi [ openiscsi ])}:$PATH - # the path to qemu-kvm will be stored in VM's .xml and .save files # do not use "''${qemu_kvm}/bin/qemu-kvm" to avoid bound VMs to particular qemu derivations substituteInPlace src/lxc/lxc_conf.c \ --replace 'lxc_path,' '"/run/libvirt/nix-emulators/libvirt_lxc",' - patchShebangs . # fixes /usr/bin/python references + mkdir -p build && cd build ''; + configureScript = "../configure"; + + dontAddDisableDepTrack = true; + configureFlags = [ "--localstatedir=/var" "--sysconfdir=/var/lib" @@ -125,7 +103,6 @@ in stdenv.mkDerivation rec { "sysconfdir=$(out)/var/lib" ]; - postInstall = let binPath = [ iptables iproute pmutils numad numactl bridge-utils dmidecode dnsmasq ebtables ] ++ optionals enableIscsi [ openiscsi ]; in '' diff --git a/pkgs/development/python-modules/libvirt/5.4.0.nix b/pkgs/development/python-modules/libvirt/5.4.0.nix new file mode 100644 index 00000000000..46d8a990f53 --- /dev/null +++ b/pkgs/development/python-modules/libvirt/5.4.0.nix @@ -0,0 +1,27 @@ +{ stdenv, buildPythonPackage, fetchgit, pkgconfig, lxml, libvirt, nose }: + +buildPythonPackage rec { + pname = "libvirt"; + version = "5.4.0"; + + src = fetchgit { + url = git://libvirt.org/libvirt-python.git; + rev = "v${version}"; + sha256 = "0ja35z90i3m7vsjfpzfm7awkmja3h0150376i5pzmf2q8vp61fi5"; + }; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ libvirt lxml ]; + + checkInputs = [ nose ]; + checkPhase = '' + nosetests + ''; + + meta = with stdenv.lib; { + homepage = http://www.libvirt.org/; + description = "libvirt Python bindings"; + license = licenses.lgpl2; + maintainers = [ maintainers.fpletz ]; + }; +} diff --git a/pkgs/development/python-modules/libvirt/default.nix b/pkgs/development/python-modules/libvirt/default.nix index f4a07b9635f..556acda4459 100644 --- a/pkgs/development/python-modules/libvirt/default.nix +++ b/pkgs/development/python-modules/libvirt/default.nix @@ -2,12 +2,12 @@ buildPythonPackage rec { pname = "libvirt"; - version = "5.4.0"; + version = "6.0.0"; src = assert version == libvirt.version; fetchgit { url = git://libvirt.org/libvirt-python.git; rev = "v${version}"; - sha256 = "0ja35z90i3m7vsjfpzfm7awkmja3h0150376i5pzmf2q8vp61fi5"; + sha256 = "0p6a8mlqf1kb0pg1avygg6ymlfvqsk7qisyhmyaxkj4pn8q87cxy"; }; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index e2bc8a135eb..c74dee307d9 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -13241,6 +13241,7 @@ in libversion = callPackage ../development/libraries/libversion { }; libvirt = callPackage ../development/libraries/libvirt { }; + libvirt_5_4_0 = callPackage ../development/libraries/libvirt/5.4.0.nix { }; libvirt-glib = callPackage ../development/libraries/libvirt-glib { }; diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix index 1a4fd0da81a..edb6da9dd15 100644 --- a/pkgs/top-level/perl-packages.nix +++ b/pkgs/top-level/perl-packages.nix @@ -17282,11 +17282,11 @@ let SysVirt = buildPerlModule rec { pname = "Sys-Virt"; - version = "5.4.0"; + version = "6.0.0"; src = assert version == pkgs.libvirt.version; pkgs.fetchgit { url = git://libvirt.org/libvirt-perl.git; rev = "v${version}"; - sha256 = "0csg10mydcif2l0qf16nlphq6ih5378nk6dk1vznf5bspws2ch7a"; + sha256 = "06r333bc52x0g511lw3nwp5w5q9d7mwxrbx5ihiv7shwyxn7dh93"; }; nativeBuildInputs = [ pkgs.pkgconfig ]; buildInputs = [ pkgs.libvirt CPANChanges TestPod TestPodCoverage XMLXPath ]; diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 0773a1984ab..c4ea9dc6ac1 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -6412,9 +6412,12 @@ in { inherit (pkgs) libversion pkgconfig; }; - libvirt = callPackage ../development/python-modules/libvirt { + libvirt = if isPy3k then (callPackage ../development/python-modules/libvirt { inherit (pkgs) libvirt pkgconfig; - }; + }) else (callPackage ../development/python-modules/libvirt/5.4.0.nix { + inherit (pkgs) pkgconfig; + libvirt = pkgs.libvirt_5_4_0; + }); rpdb = callPackage ../development/python-modules/rpdb { }; From d8664c78b13161e366cfaa31efb32c187b95ba6c Mon Sep 17 00:00:00 2001 From: volth Date: Mon, 9 Mar 2020 06:29:46 +0000 Subject: [PATCH 2/6] libvirt: 6.0.0 -> 6.1.0, fix module --- nixos/modules/virtualisation/libvirtd.nix | 11 +++++++---- pkgs/development/libraries/libvirt/default.nix | 13 +++++-------- pkgs/development/python-modules/libvirt/default.nix | 4 ++-- pkgs/top-level/perl-packages.nix | 6 +++--- 4 files changed, 17 insertions(+), 17 deletions(-) diff --git a/nixos/modules/virtualisation/libvirtd.nix b/nixos/modules/virtualisation/libvirtd.nix index 9f7bac480e3..eeaec8e35f1 100644 --- a/nixos/modules/virtualisation/libvirtd.nix +++ b/nixos/modules/virtualisation/libvirtd.nix @@ -214,14 +214,14 @@ in { }; systemd.services.libvirtd = { - description = "Libvirt Virtual Machine Management Daemon"; - - wantedBy = [ "multi-user.target" ]; requires = [ "libvirtd-config.service" ]; after = [ "systemd-udev-settle.service" "libvirtd-config.service" ] ++ optional vswitch.enable "ovs-vswitchd.service"; - environment.LIBVIRTD_ARGS = ''--config "${configFile}" ${concatStringsSep " " cfg.extraOptions}''; + environment.LIBVIRTD_ARGS = concatMapStringsSep " " escapeShellArg ( + [ "--config" configFile + "--timeout" "120" # from ${libvirt}/var/lib/sysconfig/libvirtd + ] ++ cfg.extraOptions); path = [ cfg.qemuPackage ] # libvirtd requires qemu-img to manage disk images ++ optional vswitch.enable vswitch.package; @@ -266,5 +266,8 @@ in { serviceConfig.ExecStart = "@${pkgs.libvirt}/sbin/virtlockd virtlockd"; restartIfChanged = false; }; + + systemd.sockets.libvirtd .wantedBy = [ "sockets.target" ]; + systemd.sockets.libvirtd-tcp.wantedBy = [ "sockets.target" ]; }; } diff --git a/pkgs/development/libraries/libvirt/default.nix b/pkgs/development/libraries/libvirt/default.nix index 9f547198ab6..17e6fce33cd 100644 --- a/pkgs/development/libraries/libvirt/default.nix +++ b/pkgs/development/libraries/libvirt/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, fetchgit -, pkgconfig, makeWrapper, libtool, autoconf, automake, fetchpatch +, pkgconfig, makeWrapper, autoreconfHook, fetchpatch , coreutils, libxml2, gnutls, perl, python2, attr, glib, docutils , iproute, iptables, readline, lvm2, utillinux, systemd, libpciaccess, gettext , libtasn1, ebtables, libgcrypt, yajl, pmutils, libcap_ng, libapparmor @@ -17,28 +17,26 @@ let buildFromTarball = stdenv.isDarwin; in stdenv.mkDerivation rec { pname = "libvirt"; - version = "6.0.0"; + version = "6.1.0"; src = if buildFromTarball then fetchurl { url = "http://libvirt.org/sources/${pname}-${version}.tar.xz"; - sha256 = "0xkz6n6pyv7k4jj7762v65jdsj8pkcpbnas65hjy7b5vi4in9fz6"; + sha256 = "1h7bmd7zgl64mwnxx4ji8l0mqmcbfxsx6kp1scyyfq2mwidihz0n"; } else fetchgit { url = git://libvirt.org/libvirt.git; rev = "v${version}"; - sha256 = "0j0rvymxaqavak03w7gblm8ingvbcwczpwfk8s0iqvsgfgk9974p"; + sha256 = "18sr3jvpxn45c4vrjzpa4qgnnfxxh95v6l6qk31zka3siv8rrwqx"; fetchSubmodules = true; }; - nativeBuildInputs = [ makeWrapper pkgconfig docutils ]; + nativeBuildInputs = [ makeWrapper pkgconfig docutils ] ++ optionals (!buildFromTarball) [ autoreconfHook ]; buildInputs = [ libxml2 gnutls perl python2 readline gettext libtasn1 libgcrypt yajl libxslt xhtml1 perlPackages.XMLXPath curl libpcap glib - ] ++ optionals (!buildFromTarball) [ - libtool autoconf automake ] ++ optionals stdenv.isLinux [ libpciaccess lvm2 utillinux systemd libnl numad zfs libapparmor libcap_ng numactl attr parted @@ -53,7 +51,6 @@ in stdenv.mkDerivation rec { ]; preConfigure = '' - ${ optionalString (!buildFromTarball) "./bootstrap --no-git --gnulib-srcdir=$(pwd)/.gnulib" } PATH=${stdenv.lib.makeBinPath ([ dnsmasq ] ++ optionals stdenv.isLinux [ iproute iptables ebtables lvm2 systemd numad ] ++ optionals enableIscsi [ openiscsi ])}:$PATH # the path to qemu-kvm will be stored in VM's .xml and .save files # do not use "''${qemu_kvm}/bin/qemu-kvm" to avoid bound VMs to particular qemu derivations diff --git a/pkgs/development/python-modules/libvirt/default.nix b/pkgs/development/python-modules/libvirt/default.nix index 556acda4459..62058ea62c3 100644 --- a/pkgs/development/python-modules/libvirt/default.nix +++ b/pkgs/development/python-modules/libvirt/default.nix @@ -2,12 +2,12 @@ buildPythonPackage rec { pname = "libvirt"; - version = "6.0.0"; + version = "6.1.0"; src = assert version == libvirt.version; fetchgit { url = git://libvirt.org/libvirt-python.git; rev = "v${version}"; - sha256 = "0p6a8mlqf1kb0pg1avygg6ymlfvqsk7qisyhmyaxkj4pn8q87cxy"; + sha256 = "0h3w1p5y4kg2hdbhxmg4lphcnmr7979iwi0m750f8vzbfccsrp7k"; }; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix index edb6da9dd15..d514f5bb4cc 100644 --- a/pkgs/top-level/perl-packages.nix +++ b/pkgs/top-level/perl-packages.nix @@ -17282,11 +17282,11 @@ let SysVirt = buildPerlModule rec { pname = "Sys-Virt"; - version = "6.0.0"; + version = "6.1.0"; src = assert version == pkgs.libvirt.version; pkgs.fetchgit { url = git://libvirt.org/libvirt-perl.git; - rev = "v${version}"; - sha256 = "06r333bc52x0g511lw3nwp5w5q9d7mwxrbx5ihiv7shwyxn7dh93"; + rev = "299f3ba34ae4daea966bf1cb07d90f4151da895f"; # there is no "v6.1.0" tag + sha256 = "0k18spb6r8fym5v4rsnma1fspnzqf1mgr2wkvb8s4cwn915sccp4"; }; nativeBuildInputs = [ pkgs.pkgconfig ]; buildInputs = [ pkgs.libvirt CPANChanges TestPod TestPodCoverage XMLXPath ]; From 687aa06c70d75a5df9f9cccc1d77dcec75fdac2f Mon Sep 17 00:00:00 2001 From: volth Date: Mon, 9 Mar 2020 09:05:13 +0000 Subject: [PATCH 3/6] nixos/scripted-networking: fix bridge setup when libvirtd uses socket activation --- .../tasks/network-interfaces-scripted.nix | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/nixos/modules/tasks/network-interfaces-scripted.nix b/nixos/modules/tasks/network-interfaces-scripted.nix index 4d25137c5df..98bae444df0 100644 --- a/nixos/modules/tasks/network-interfaces-scripted.nix +++ b/nixos/modules/tasks/network-interfaces-scripted.nix @@ -291,13 +291,19 @@ let ${optionalString config.virtualisation.libvirtd.enable '' # Enslave dynamically added interfaces which may be lost on nixos-rebuild - for uri in qemu:///system lxc:///; do - for dom in $(${pkgs.libvirt}/bin/virsh -c $uri list --name); do - ${pkgs.libvirt}/bin/virsh -c $uri dumpxml "$dom" | \ - ${pkgs.xmlstarlet}/bin/xmlstarlet sel -t -m "//domain/devices/interface[@type='bridge'][source/@bridge='${n}'][target/@dev]" -v "concat('ip link set ',target/@dev,' master ',source/@bridge,';')" | \ - ${pkgs.bash}/bin/bash + # + # if `libvirtd.service` is not running, do not use `virsh` which would try activate it via 'libvirtd.socket' and thus start it out-of-order. + # `libvirtd.service` will set up bridge interfaces when it will start normally. + # + if ${pkgs.systemd}/bin/systemctl --quiet is-active 'libvirtd.service'; then + for uri in qemu:///system lxc:///; do + for dom in $(${pkgs.libvirt}/bin/virsh -c $uri list --name); do + ${pkgs.libvirt}/bin/virsh -c $uri dumpxml "$dom" | \ + ${pkgs.xmlstarlet}/bin/xmlstarlet sel -t -m "//domain/devices/interface[@type='bridge'][source/@bridge='${n}'][target/@dev]" -v "concat('ip link set ',target/@dev,' master ',source/@bridge,';')" | \ + ${pkgs.bash}/bin/bash + done done - done + fi ''} # Enable stp on the interface From ddbac2e18514cb459b2da5af46cfb576b3cc43dd Mon Sep 17 00:00:00 2001 From: volth Date: Tue, 10 Mar 2020 21:51:31 +0000 Subject: [PATCH 4/6] perlPackages.SysVirt: use upstream tag --- pkgs/top-level/perl-packages.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix index d514f5bb4cc..6db90bbe6a5 100644 --- a/pkgs/top-level/perl-packages.nix +++ b/pkgs/top-level/perl-packages.nix @@ -17285,8 +17285,8 @@ let version = "6.1.0"; src = assert version == pkgs.libvirt.version; pkgs.fetchgit { url = git://libvirt.org/libvirt-perl.git; - rev = "299f3ba34ae4daea966bf1cb07d90f4151da895f"; # there is no "v6.1.0" tag - sha256 = "0k18spb6r8fym5v4rsnma1fspnzqf1mgr2wkvb8s4cwn915sccp4"; + rev = "v${version}"; + sha256 = "00w4fmki7ff7i9bi39w2w15mvv38b5ifwk3zib90ny536r3n63sb"; }; nativeBuildInputs = [ pkgs.pkgconfig ]; buildInputs = [ pkgs.libvirt CPANChanges TestPod TestPodCoverage XMLXPath ]; From 9336b15a88c01892278bd179907a08a3d11c21d6 Mon Sep 17 00:00:00 2001 From: Izorkin Date: Fri, 6 Mar 2020 12:16:33 +0300 Subject: [PATCH 5/6] libvirt: 5.4.0 -> 5.9.0 --- .../libvirt/{5.4.0.nix => 5.9.0.nix} | 34 +++---------------- .../libvirt/{5.4.0.nix => 5.9.0.nix} | 4 +-- pkgs/top-level/all-packages.nix | 2 +- pkgs/top-level/python-packages.nix | 4 +-- 4 files changed, 10 insertions(+), 34 deletions(-) rename pkgs/development/libraries/libvirt/{5.4.0.nix => 5.9.0.nix} (77%) rename pkgs/development/python-modules/libvirt/{5.4.0.nix => 5.9.0.nix} (85%) diff --git a/pkgs/development/libraries/libvirt/5.4.0.nix b/pkgs/development/libraries/libvirt/5.9.0.nix similarity index 77% rename from pkgs/development/libraries/libvirt/5.4.0.nix rename to pkgs/development/libraries/libvirt/5.9.0.nix index dd0a88974d0..3a57a91a22a 100644 --- a/pkgs/development/libraries/libvirt/5.4.0.nix +++ b/pkgs/development/libraries/libvirt/5.9.0.nix @@ -4,7 +4,7 @@ , iproute, iptables, readline, lvm2, utillinux, systemd, libpciaccess, gettext , libtasn1, ebtables, libgcrypt, yajl, pmutils, libcap_ng, libapparmor , dnsmasq, libnl, libpcap, libxslt, xhtml1, numad, numactl, perlPackages -, curl, libiconv, gmp, zfs, parted, bridge-utils, dmidecode +, curl, libiconv, gmp, zfs, parted, bridge-utils, dmidecode, glib , enableXen ? false, xen ? null , enableIscsi ? false, openiscsi , enableCeph ? false, ceph @@ -17,50 +17,26 @@ let buildFromTarball = stdenv.isDarwin; in stdenv.mkDerivation rec { pname = "libvirt"; - version = "5.4.0"; + version = "5.9.0"; src = if buildFromTarball then fetchurl { url = "http://libvirt.org/sources/${pname}-${version}.tar.xz"; - sha256 = "0ywf8m9yz2hxnic7fylzlmgy4m353r4vv5zsvp89zq5yh4h81yhw"; + sha256 = "0fc9jxw3v6x5hc10bkd7bbcayn24hbld5adj2gh5s648v7hx55il"; } else fetchgit { url = git://libvirt.org/libvirt.git; rev = "v${version}"; - sha256 = "1dja1mf295w0sl83zag62c4j55cfbzzfbhdxpkyv2zm3zv0mwdyc"; + sha256 = "0smm77ag8bg24xkbhl4akqikjrsq2pd3wk31nj0hk1avqnl00gmk"; fetchSubmodules = true; }; - patches = optionals (!stdenv.isDarwin) [ - (fetchpatch { - name = "5.4.0-CVE-2019-10161.patch"; - url = "https://libvirt.org/git/?p=libvirt.git;a=patch;h=aed6a032cead4386472afb24b16196579e239580"; - sha256 = "19k9z9xx68nf03igbgy1imxnlp5ppj7cgdbq9kri3s834hkjcygs"; - }) - ] ++ [ - (fetchpatch { - name = "5.4.0-CVE-2019-10166.patch"; - url = "https://libvirt.org/git/?p=libvirt.git;a=patch;h=db0b78457f183e4c7ac45bc94de86044a1e2056a"; - sha256 = "17pd1rab2mxj4q0vg30vi2gh78mf52ik1p5l12wrghb0wjf7swml"; - }) - (fetchpatch { - name = "5.4.0-CVE-2019-10167.patch"; - url = "https://libvirt.org/git/?p=libvirt.git;a=patch;h=8afa68bac0cf99d1f8aaa6566685c43c22622f26"; - sha256 = "0hgbwk0y2n6ihzjk8vqabhw914axjqgzcb7c5xx893r86c54c0ml"; - }) - (fetchpatch { - name = "5.4.0-CVE-2019-10168.patch"; - url = "https://libvirt.org/git/?p=libvirt.git;a=patch;h=bf6c2830b6c338b1f5699b095df36f374777b291"; - sha256 = "0s4hc3hsjncx1852ndjas1nng9v23pxf4mi1jxcajsqvhw89la0g"; - }) - ]; - nativeBuildInputs = [ makeWrapper pkgconfig ]; buildInputs = [ libxml2 gnutls perl python2 readline gettext libtasn1 libgcrypt yajl - libxslt xhtml1 perlPackages.XMLXPath curl libpcap + libxslt xhtml1 perlPackages.XMLXPath curl libpcap glib ] ++ optionals (!buildFromTarball) [ libtool autoconf automake ] ++ optionals stdenv.isLinux [ diff --git a/pkgs/development/python-modules/libvirt/5.4.0.nix b/pkgs/development/python-modules/libvirt/5.9.0.nix similarity index 85% rename from pkgs/development/python-modules/libvirt/5.4.0.nix rename to pkgs/development/python-modules/libvirt/5.9.0.nix index 46d8a990f53..ef5da737e08 100644 --- a/pkgs/development/python-modules/libvirt/5.4.0.nix +++ b/pkgs/development/python-modules/libvirt/5.9.0.nix @@ -2,12 +2,12 @@ buildPythonPackage rec { pname = "libvirt"; - version = "5.4.0"; + version = "5.9.0"; src = fetchgit { url = git://libvirt.org/libvirt-python.git; rev = "v${version}"; - sha256 = "0ja35z90i3m7vsjfpzfm7awkmja3h0150376i5pzmf2q8vp61fi5"; + sha256 = "0qvr0s7yasswy1s5cvkm91iifk33pb8s7nbb38zznc46706b358r"; }; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index c74dee307d9..81985fb6b4e 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -13241,7 +13241,7 @@ in libversion = callPackage ../development/libraries/libversion { }; libvirt = callPackage ../development/libraries/libvirt { }; - libvirt_5_4_0 = callPackage ../development/libraries/libvirt/5.4.0.nix { }; + libvirt_5_9_0 = callPackage ../development/libraries/libvirt/5.9.0.nix { }; libvirt-glib = callPackage ../development/libraries/libvirt-glib { }; diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index c4ea9dc6ac1..1af1e4207fc 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -6414,9 +6414,9 @@ in { libvirt = if isPy3k then (callPackage ../development/python-modules/libvirt { inherit (pkgs) libvirt pkgconfig; - }) else (callPackage ../development/python-modules/libvirt/5.4.0.nix { + }) else (callPackage ../development/python-modules/libvirt/5.9.0.nix { inherit (pkgs) pkgconfig; - libvirt = pkgs.libvirt_5_4_0; + libvirt = pkgs.libvirt_5_9_0; }); rpdb = callPackage ../development/python-modules/rpdb { }; From b80edca6be70b13c097c58e3ad7a17034b536d49 Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Mon, 30 Mar 2020 09:45:28 +0000 Subject: [PATCH 6/6] libvirt: fix escapeShellArg usage Co-Authored-By: conferno --- nixos/modules/virtualisation/libvirtd.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/virtualisation/libvirtd.nix b/nixos/modules/virtualisation/libvirtd.nix index eeaec8e35f1..4f22099443f 100644 --- a/nixos/modules/virtualisation/libvirtd.nix +++ b/nixos/modules/virtualisation/libvirtd.nix @@ -218,7 +218,7 @@ in { after = [ "systemd-udev-settle.service" "libvirtd-config.service" ] ++ optional vswitch.enable "ovs-vswitchd.service"; - environment.LIBVIRTD_ARGS = concatMapStringsSep " " escapeShellArg ( + environment.LIBVIRTD_ARGS = escapeShellArgs ( [ "--config" configFile "--timeout" "120" # from ${libvirt}/var/lib/sysconfig/libvirtd ] ++ cfg.extraOptions);