* Merge 9.0.0-2 from Debian unstable (LP: #1993412)
Also resolved the ask for a rebuild against recent libxen (LP: #2004163)
Remaining changes:
- libvirt-uri.sh, d/rules: Automatically switch default libvirt URI
for users via user profile (xen URI on dom0, qemu:///system otherwise)
- Disable libssh2 support (universe dependency)
- d/control: add libzfslinux-dev to build-deps
- d/control: drop libvirt-lxc, vbox and xen drivers to suggest
- debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
Secure Boot enabled variants of the OVMF firmware and variable store for
the paths where we ship these files in Ubuntu.
- Set qemu-group to kvm (for compat with older ubuntu)
- Additional apport package-hook
- Autostart default bridged network (As upstream does, but not Debian).
In addition to just enabling it our solution provides:
+ do not autostart if subnet is already taken (e.g. in guests).
+ iterate some alternative subnets before giving up
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
the group based access to libvirt functions as it was used in Ubuntu
for quite a long time.
+ d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
due to the group access change.
+ d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
group.
- Update README.Debian with Ubuntu changes
- d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
- fix autopkgtests (LP 1899180)
+ d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
vmlinuz available and accessible (Debian bug 848314)
+ d/t/control: fix smoke-qemu-session by ensuring the service will run
installing libvirt-daemon-system
+ d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
long as the following undefine succeeds
+ d/t/smoke-lxc: use systemd instead of sysV to restart the service
+ d/t/control, d/t/smoke-lxc: retry service restart and skip test if
failing; This was flaky on some release/architectures
+ d/t/smoke-lxc: retry check_domain being flaky on arm64
- dnsmasq related enhancements
+ run dnsmasq as libvirt-dnsmasq (LP: 1743718)
+ d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
+ d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
on purge
+ d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user libvirt-dnsmasq and adapt the self tests to expect that config
+ d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
+ Add dnsmasq configuration to work with system wide dnsmasq-base
- d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
machine type correctly with newer qemu/libvirt
- d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
(LP 1861125) fixups
- d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
- d/libvirt-daemon-system.libvirt-guests.default: shut guests down
in parallel
- Apparmor Delta that is Ubuntu specific or yet to be upstreamed
split into logical pieces. File names in debian/patches/ubuntu-aa/:
+ 0020-virt-aa-helper-ubuntu-storage-paths.patch:
apparmor, virt-aa-helper: Allow various storage pools and image
locations
+ 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support
+ 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk
+ 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
apparmor, libvirt-qemu: Allow reading charm-specific ceph config
+ 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
commands executed by ubuntu only kvm wrapper on ppc64el
(LP 1686621 LP 1680384 LP 1784023)
+ 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
apparmor, virt-aa-helper: access for snapped nova
+ lp-1815910-allow-vhost-net.patch: avoid apparmor issues
with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
- libvirt should not use user/group tss for swtpm (LP 1948880)
+ d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
+ d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
to user swtpm and adapt expected self test result changes triggered by
this
+ d/libvirt-daemon-system.postinst: create user/group swtpm if not present
due to swtpm-tools (LP 1951975)
* Dropped changes [upstream now]:
- d/p/u/tests-Fix-libxlxml2domconfigtest-with-latest-xen.patch: fix FTBFS
with latest libxl [v8.10.0]
- d/p/u/fix-swtpm-pid-duplication.patch: Clean up swtpm pids after a vm
shuts down (LP 1997269) [v8.7.0]
- d/p/u/lp-1993304-apparmor-allow-getattr-on-usb-devices.patch: prevent
apparmor denials on USB forwarding (LP 1993304) [v8.10.0]
- d/p/u/lp-1996176-nodedev-ignore-EINVAL-from-libudev-in-udevEventHandl:
tolerate the impact of too large udev data avoiding a busy loop
(LP 1996176) [v8.10.0]
- d/p/u/lp-1990499-virt-aa-helper-allow-common-riscv64-loader-paths.patch:
easen the use of riscv64 through libvirt (LP 1990499) [v8.9.0]
- d/p/u/lp-1990949-virpcivpd-reduce-errors-in-log-due-to-invalid-VPD.patch:
reduce log noise by invalid VPD data (LP 1990949) [v8.7.0]
* Dropped changes [in Debian now]:
- [f35cf09] d/rules: update path of ci-dashboard removal [8.9.0-1]
- [a54d904] New upstream version 8.6.0 [8.9.0-1]
- patch refreshes and .symbols updated from 8.5.0 -> 8.6.0 [8.9.0-1]
- d/control: suggest swtpm-tools [8.10.0-1]
* Added changes:
- revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format"
because policykit-1 > 121 isn't yet ready to go to main in lunar.
(LP: #2008830)
libvirt (9.0.0-2) unstable; urgency=medium
* [de81410] patches: Add backports
- backport/qemu_domain-Don-t-unref-NULL-hash-table-in-qemuDomainRefr.patch
- Closes: #1030671
- backport/qemu-Jump-to-cleanup-label-on-umount-failure.patch
- backport/qemu_namespace-Deal-with-nested-mounts-when-umount-ing-de.patch
- backport/qemuProcessRefreshDisks-Don-t-skip-filling-of-disk-inform.patch
- backport/qemu_extdevice-Do-cleanup-host-only-for-VIR_DOMAIN_TPM_TY.patch
- backport/qemu-blockjob-Handle-pending-blockjob-state-only-when-we-.patch
- backport/rpc-client-Don-t-check-return-value-of-virNetMessageNew.patch
- backport/rpc-Don-t-warn-about-max_client_requests-in-single-thread.patch
* [699a828] patches: Disable passt support
- debian/patches/debian/Disable-passt-support.patch
- The feature is not quite ready for prime time yet, so it will remain
disabled in bookworm
libvirt (9.0.0-1) unstable; urgency=medium
* [45d077a] libvirt-daemon-system: Make default files functionally empty
- On systems running systemd, libvirtd will now follow the upstream
behavior of starting on demand via socket activation and shutting down
automatically after having been idle for 120 seconds
* [40fe229] Drop obsolete package transition logic
- The oldest version that we expect to be upgrading from is 6.0.0-1
* [5bb56e9] Drop obsolete UML-related files
- The UML driver was dropped in version 5.0.0-1
* [f9f3a4d] New upstream version 9.0.0
* [30dad26] patches: Drop obsolete backports
* [157a5ec] patches: Add backports
- backport/apparmor-Allow-umount-dev.patch
- backport/qemu_interface-Fix-managed-no-case-when-creating-an-ether.patch
* [94f11a4] libvirt-daemon-sysv: Remove dependency on lsb-base
- The package is obsolete
libvirt (8.10.0-3) unstable; urgency=medium
[ Michael Biebl ]
* [4d6db56] Replace manual maintscript code with dh_installsystemd
- No longer needed now that #994204 has been addressed
- Closes: #1021956
* [91d9ac0] Drop no longer supported static priorities from dh_installinit
[ Smits Katze ]
* [60b2ca1] libnss-libvirt: Update apt seccomp filter
- Allow getdents64() in addition to getdents()
- Thanks to Thomas Luzat
- Closes: #934474
[ Andrea Bolognani ]
* [b9b2923] libvirt-daemon-system: Depend on polkitd instead of policykit-1
- Makes it possible to not install / uninstall pkexec
- Closes: #1025578
* [c62b8b2] libvirt-daemon-system: Drop polkit rules in legacy pkla format
- Makes it possible to not install / uninstall polkitd-pkla
* [8c5870d] control: Bump Standards-Version to 4.6.2
- No changes needed
libvirt (8.10.0-2) experimental; urgency=medium
* [145e4fe] patches: Add backports
- backport/docs-Fix-typo-in-virt-qemu-sev-validate-1.patch
- backport/tools-Fix-interpreter-for-virt-qemu-sev-validate.patch
- backport/tools-Fix-style-issues-in-virt-qemu-sev-validate.patch
* [409e40a] libvirt-clients-qemu: New binary package
- Contains QEMU-specific tools
- Depends on Python
* [bf99e82] libvirt-l10n: New binary package
- Contains translations
- Can be safely uninstalled to reduce disk footprint
This bug was fixed in the package libvirt - 9.0.0-2ubuntu1
---------------
libvirt (9.0.0-2ubuntu1) lunar; urgency=medium
* Merge 9.0.0-2 from Debian unstable (LP: #1993412) patches/ ubuntu/ ovmf_paths. patch: adjust paths to secboot.fd UEFI Allow-libvirt- group-to- access- the-socket. patch: This is daemon- augeas- fix-expected. patch fix some related tests daemon- system. postinst: add users in sudo to the libvirt ubuntu_ machine_ type.patch: accept ubuntu types as pci440fx qemu-session: fixup smoke-qemu-session by making daemon- system architectures daemon- system. postinst: add libvirt-dnsmasq user and group daemon- system. postrm: remove libvirt-dnsmasq user and group dnsmasq- as-priv- user: write dnsmasq config with user
libvirt- dnsmasq and adapt the self tests to expect that config daemon- system. postinst: fix old libvirt-dnsmasq users group set-default- machine- to-ubuntu. patch: to select default lp-1861125- ubuntu- models: recognize Ubuntu models for wait-for- qemu-kvm. patch - avoid hangs on startup (LP 1887592) daemon- system. libvirt- guests. default: shut guests down patches/ ubuntu- aa/: aa-helper- ubuntu- storage- paths.patch: libvirt- qemu-Add- 9p-support. patch: appmor,
libvirt- qemu: Add 9p support aa-helper- Ask-for- no-deny- rule-for- readonly- dis.patch:
virt-aa- helper: Ask for no deny rule for readonly disk libvirt- qemu-Allow- reading- charm-specific- c.patch: only-apparmor- for-kvm. powerpc- LP-1680384. patch: allow virt-aa- helper- access- for-snapped- nova.patch: allow-vhost- net.patch: avoid apparmor issues vhost-vsock/ vhost-scsi hotplug (LP: 1815910) daemon- system. postinst: own swtpm logdir by user swtpm by-swtpm- user.patch: change default spawned swtpm processes daemon- system. postinst: create user/group swtpm if not present Fix-libxlxml2do mconfigtest- with-latest- xen.patch: fix FTBFS swtpm-pid- duplication. patch: Clean up swtpm pids after a vm 1993304- apparmor- allow-getattr- on-usb- devices. patch: prevent 1996176- nodedev- ignore- EINVAL- from-libudev- in-udevEventHan dl: 1990499- virt-aa- helper- allow-common- riscv64- loader- paths.patch: 1990949- virpcivpd- reduce- errors- in-log- due-to- invalid- VPD.patch: daemon- system: Drop polkit rules in legacy pkla format"
Also resolved the ask for a rebuild against recent libxen (LP: #2004163)
Remaining changes:
- libvirt-uri.sh, d/rules: Automatically switch default libvirt URI
for users via user profile (xen URI on dom0, qemu:///system otherwise)
- Disable libssh2 support (universe dependency)
- d/control: add libzfslinux-dev to build-deps
- d/control: drop libvirt-lxc, vbox and xen drivers to suggest
- debian/
Secure Boot enabled variants of the OVMF firmware and variable store for
the paths where we ship these files in Ubuntu.
- Set qemu-group to kvm (for compat with older ubuntu)
- Additional apport package-hook
- Autostart default bridged network (As upstream does, but not Debian).
In addition to just enabling it our solution provides:
+ do not autostart if subnet is already taken (e.g. in guests).
+ iterate some alternative subnets before giving up
- d/p/ubuntu/
the group based access to libvirt functions as it was used in Ubuntu
for quite a long time.
+ d/p/ubuntu/
due to the group access change.
+ d/libvirt-
group.
- Update README.Debian with Ubuntu changes
- d/p/ubuntu/
- fix autopkgtests (LP 1899180)
+ d/t/control, d/t/smoke-
vmlinuz available and accessible (Debian bug 848314)
+ d/t/control: fix smoke-qemu-session by ensuring the service will run
installing libvirt-
+ d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
long as the following undefine succeeds
+ d/t/smoke-lxc: use systemd instead of sysV to restart the service
+ d/t/control, d/t/smoke-lxc: retry service restart and skip test if
failing; This was flaky on some release/
+ d/t/smoke-lxc: retry check_domain being flaky on arm64
- dnsmasq related enhancements
+ run dnsmasq as libvirt-dnsmasq (LP: 1743718)
+ d/libvirt-
+ d/libvirt-
on purge
+ d/p/ubuntu/
+ d/libvirt-
+ Add dnsmasq configuration to work with system wide dnsmasq-base
- d/p/ubuntu/
machine type correctly with newer qemu/libvirt
- d/p/ubuntu/
(LP 1861125) fixups
- d/p/ubuntu/
- d/libvirt-
in parallel
- Apparmor Delta that is Ubuntu specific or yet to be upstreamed
split into logical pieces. File names in debian/
+ 0020-virt-
apparmor, virt-aa-helper: Allow various storage pools and image
locations
+ 0029-appmor-
+ 0031-virt-
+ 0032-apparmor-
apparmor, libvirt-qemu: Allow reading charm-specific ceph config
+ 0033-UBUNTU-
commands executed by ubuntu only kvm wrapper on ppc64el
(LP 1686621 LP 1680384 LP 1784023)
+ 0034-apparmor-
apparmor, virt-aa-helper: access for snapped nova
+ lp-1815910-
with vhost-net/
- libvirt should not use user/group tss for swtpm (LP 1948880)
+ d/libvirt-
+ d/p/u/swtpm-
to user swtpm and adapt expected self test result changes triggered by
this
+ d/libvirt-
due to swtpm-tools (LP 1951975)
* Dropped changes [upstream now]:
- d/p/u/tests-
with latest libxl [v8.10.0]
- d/p/u/fix-
shuts down (LP 1997269) [v8.7.0]
- d/p/u/lp-
apparmor denials on USB forwarding (LP 1993304) [v8.10.0]
- d/p/u/lp-
tolerate the impact of too large udev data avoiding a busy loop
(LP 1996176) [v8.10.0]
- d/p/u/lp-
easen the use of riscv64 through libvirt (LP 1990499) [v8.9.0]
- d/p/u/lp-
reduce log noise by invalid VPD data (LP 1990949) [v8.7.0]
* Dropped changes [in Debian now]:
- [f35cf09] d/rules: update path of ci-dashboard removal [8.9.0-1]
- [a54d904] New upstream version 8.6.0 [8.9.0-1]
- patch refreshes and .symbols updated from 8.5.0 -> 8.6.0 [8.9.0-1]
- d/control: suggest swtpm-tools [8.10.0-1]
* Added changes:
- revert "libvirt-
because policykit-1 > 121 isn't yet ready to go to main in lunar.
(LP: #2008830)
libvirt (9.0.0-2) unstable; urgency=medium
* [de81410] patches: Add backports qemu_domain- Don-t-unref- NULL-hash- table-in- qemuDomainRefr. patch qemu-Jump- to-cleanup- label-on- umount- failure. patch qemu_namespace- Deal-with- nested- mounts- when-umount- ing-de. patch qemuProcessRefr eshDisks- Don-t-skip- filling- of-disk- inform. patch qemu_extdevice- Do-cleanup- host-only- for-VIR_ DOMAIN_ TPM_TY. patch qemu-blockjob- Handle- pending- blockjob- state-only- when-we- .patch rpc-client- Don-t-check- return- value-of- virNetMessageNe w.patch rpc-Don- t-warn- about-max_ client_ requests- in-single- thread. patch patches/ debian/ Disable- passt-support. patch
- backport/
- Closes: #1030671
- backport/
- backport/
- backport/
- backport/
- backport/
- backport/
- backport/
* [699a828] patches: Disable passt support
- debian/
- The feature is not quite ready for prime time yet, so it will remain
disabled in bookworm
libvirt (9.0.0-1) unstable; urgency=medium
* [45d077a] libvirt- daemon- system: Make default files functionally empty apparmor- Allow-umount- dev.patch qemu_interface- Fix-managed- no-case- when-creating- an-ether. patch daemon- sysv: Remove dependency on lsb-base
- On systems running systemd, libvirtd will now follow the upstream
behavior of starting on demand via socket activation and shutting down
automatically after having been idle for 120 seconds
* [40fe229] Drop obsolete package transition logic
- The oldest version that we expect to be upgrading from is 6.0.0-1
* [5bb56e9] Drop obsolete UML-related files
- The UML driver was dropped in version 5.0.0-1
* [f9f3a4d] New upstream version 9.0.0
* [30dad26] patches: Drop obsolete backports
* [157a5ec] patches: Add backports
- backport/
- backport/
* [94f11a4] libvirt-
- The package is obsolete
libvirt (8.10.0-3) unstable; urgency=medium
[ Michael Biebl ]
* [4d6db56] Replace manual maintscript code with dh_installsystemd
- No longer needed now that #994204 has been addressed
- Closes: #1021956
* [91d9ac0] Drop no longer supported static priorities from dh_installinit
[ Smits Katze ]
* [60b2ca1] libnss-libvirt: Update apt seccomp filter
- Allow getdents64() in addition to getdents()
- Thanks to Thomas Luzat
- Closes: #934474
[ Andrea Bolognani ] daemon- system: Depend on polkitd instead of policykit-1 daemon- system: Drop polkit rules in legacy pkla format
* [b9b2923] libvirt-
- Makes it possible to not install / uninstall pkexec
- Closes: #1025578
* [c62b8b2] libvirt-
- Makes it possible to not install / uninstall polkitd-pkla
* [8c5870d] control: Bump Standards-Version to 4.6.2
- No changes needed
libvirt (8.10.0-2) experimental; urgency=medium
* [145e4fe] patches: Add backports docs-Fix- typo-in- virt-qemu- sev-validate- 1.patch tools-Fix- interpreter- for-virt- qemu-sev- validate. patch tools-Fix- style-issues- in-virt- qemu-sev- validate. patch clients- qemu: New binary package
- backport/
- backport/
- backport/
* [409e40a] libvirt-
- Contains QEMU-specific tools
- Depends on Python
* [bf99e82] libvirt-l10n: New binary package
- Contains translations
- Can be safely uninstalled to reduce disk footprint
libvirt (8.10.0-1) unstable; urgency=medium
[ Guido Günther ]
* [efe753f] qemu: Recommend swtpm for TPM emulation (Closes: #1009972)
[ Andrea Bolognani ]
* [7dc1e3c] New upstream version 8.10.0
libvirt (8.9.0-1) unstable; urgency=medium
* [981c332] New upstream version 8.9.0
* [3f29856] control: Add (build) dependency on mount
- Closes: #1023420
-- Christian Ehrhardt <email address hidden> Wed, 01 Mar 2023 07:56:39 +0100