~paelzer/ubuntu/+source/libvirt:libvirt-fix-swtpm-apparmor-rules

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

8d587bb... by Lena Voytek on 2022-04-12

changelog

c46855b... by Lena Voytek on 2022-04-12

* d/p/ubuntu-aa/0035-apparmor-separate-swtpm-rules.patch: Patch the libvirtd
  and libvirt-qemu apparmor profiles to allow swtpm to use its own profile
  (LP: #1968187)

7009101... by Christian Ehrhardt  on 2022-04-04

changelog: recommend swtpm-tools (LP: #1948748)

Signed-off-by: Christian Ehrhardt <email address hidden>

a7be113... by Christian Ehrhardt  on 2022-04-04

d/control: recommend swtpm-tools (LP: #1948748)

Signed-off-by: Christian Ehrhardt <email address hidden>

5dc4d8c... by Martin Pitt on 2022-03-09

8.0.0-1ubuntu5 (patches unapplied)

Imported using git-ubuntu import.

6b7d735... by Steve Langasek on 2022-03-07

8.0.0-1ubuntu4 (patches unapplied)

Imported using git-ubuntu import.

0403ebb... by Christian Ehrhardt  on 2022-02-17

8.0.0-1ubuntu3 (patches unapplied)

Imported using git-ubuntu import.

fd1d70e... by Dave Jones on 2022-02-16

8.0.0-1ubuntu2 (patches unapplied)

Imported using git-ubuntu import.

1e60cc9... by Christian Ehrhardt  on 2022-01-28

changelog: d/rules, d/libvirt-daemon-system.postinst: never stop LIBVIRT_SYSTEM_SERVICES

Signed-off-by: Christian Ehrhardt <email address hidden>

e58f2cc... by Christian Ehrhardt  on 2022-01-28

d/rules, d/libvirt-daemon-system.{postinst,prerm}: never stop system services and sockets (LP: #1959054)

TL;DR:
- it is a mess, a lot of discussions and bugs to read for full awareness
- since transitions need libvirt soon we upload it with a mitigation now
- it is expected that debhelper in jammy is fixed and we can drop this
  before release
- long term discussion how to deal with it in the salsa PR

Due to debhelper bug 994204 on upgrades guests are shut down
(libvirt-guests.service) or even crash (virtlogd.service) because those
services are restarted.

Until that bug is resolved in debhelper we need to take over the
handling of those services ourselves.

References:
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994204
- https://bugs.launchpad.net/ubuntu/+source/debhelper/+bug/1959054
- https://salsa.debian.org/utopia-team/dbus/-/commit/4c5195a13c69364dce50063afac368930ec75c91

Submitted to Debian via:
https://salsa.debian.org/libvirt-team/libvirt/-/merge_requests/132

The initial version of this was based on the dbus handling of it, but
it turns out that --no-stop-on-upgrade --no-start leaves a stop command
in prerm and thereby we'd have them stopped twice.

Auto added section is identical:
if [ -z "${DPKG_ROOT:-}" ] && [ "$1" = remove ] && [ -d /run/systemd/system ] ; then
        deb-systemd-invoke stop 'libvirt-guests.service' 'virtlockd.service' 'virtlogd.service' >/dev/null || true
fi

Remove that duplicate that we added before following dbus.

It turns out also nowadays restarting the sockets is dangerous.
  $ deb-systemd-invoke restart 'virtlogd.socket'
or
  $ systemctl restart virtlogd.socket
no more complain about being unable to restart for the service being running.
Instead they do restart the service, which makes our restarting of sockets
again kill virtlogd for example.

Therefore we also can not leave the system-services sockets to debhelper
as they would be restarted despite --no-stop-on-upgrade and thereby
restart the related services breaking guests.

As suggested on the Debian PR this removes the remaining debhelper calls
for our system services and sockets.

The remaining little bit it did for us in postinst/postrm is
added directly to these maintainer script now in the non-restart
way that we need.

Signed-off-by: Christian Ehrhardt <email address hidden>