[ubuntu/kinetic-proposed] libvirt 8.6.0-0ubuntu1 (Accepted)
Christian Ehrhardt
christian.ehrhardt at canonical.com
Fri Aug 19 13:52:16 UTC 2022
libvirt (8.6.0-0ubuntu1) kinetic; urgency=medium
* Merge 8.0.0 from Debian unstable (LP: #1971289)
Among many other fixes and improvements this fixes:
- support for minor NFS versions (LP: #1980134)
- launching VMs with SGX enabled (LP: #1982896)
Remaining changes:
- libvirt-uri.sh, d/rules: Automatically switch default libvirt URI
for users via user profile (xen URI on dom0, qemu:///system otherwise)
- Disable libssh2 support (universe dependency)
- d/control: add libzfslinux-dev to build-deps
- d/control: drop libvirt-lxc, vbox and xen drivers to suggest
- debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
Secure Boot enabled variants of the OVMF firmware and variable store for
the paths where we ship these files in Ubuntu.
- Set qemu-group to kvm (for compat with older ubuntu)
- Additional apport package-hook
- Autostart default bridged network (As upstream does, but not Debian).
In addition to just enabling it our solution provides:
+ do not autostart if subnet is already taken (e.g. in guests).
+ iterate some alternative subnets before giving up
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
the group based access to libvirt functions as it was used in Ubuntu
for quite a long time.
+ d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
due to the group access change.
+ d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
group.
- Update README.Debian with Ubuntu changes
- d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
- fix autopkgtests (LP 1899180)
+ d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
vmlinuz available and accessible (Debian bug 848314)
+ d/t/control: fix smoke-qemu-session by ensuring the service will run
installing libvirt-daemon-system
+ d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
long as the following undefine succeeds
+ d/t/smoke-lxc: use systemd instead of sysV to restart the service
+ d/t/control, d/t/smoke-lxc: retry service restart and skip test if
failing; This was flaky on some release/architectures
+ d/t/smoke-lxc: retry check_domain being flaky on arm64
- dnsmasq related enhancements
+ run dnsmasq as libvirt-dnsmasq (LP: 1743718)
+ d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
+ d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
on purge
+ d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
libvirt-dnsmasq and adapt the self tests to expect that config
+ d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
+ Add dnsmasq configuration to work with system wide dnsmasq-base
- d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
machine type correctly with newer qemu/libvirt
- d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
(LP 1861125) fixups
- d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
- Apparmor Delta that is Ubuntu specific or yet to be upstreamed
split into logical pieces. File names in debian/patches/ubuntu-aa/:
+ 0020-virt-aa-helper-ubuntu-storage-paths.patch:
apparmor, virt-aa-helper: Allow various storage pools and image
locations
+ 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
libvirt-qemu: Add 9p support
+ 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
virt-aa-helper: Ask for no deny rule for readonly disk
+ 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
apparmor, libvirt-qemu: Allow reading charm-specific ceph config
+ 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
commands executed by ubuntu only kvm wrapper on ppc64el
(LP 1686621 LP 1680384 LP 1784023)
+ 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
apparmor, virt-aa-helper: access for snapped nova
+ lp-1815910-allow-vhost-net.patch: avoid apparmor issues
with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
- libvirt should not use user/group tss for swtpm (LP 1948880)
+ d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
+ d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
to user swtpm and adapt expected self test result changes triggered by
this
+ d/control: suggest swtpm-tools
+ d/libvirt-daemon-system.postinst: create user/group swtpm if not present
due to swtpm-tools (LP 1951975)
* Dropped changes [upstream now]:
- d/p/backport/qemuDomainSetupDisk-Initialize-targetPaths.patch to work
in containers like LXD (without guest start would hang).
[8.1.0]
- d/p/backport/util-fix-syslog-facility-value.patch to ensure logs
get passed to syslog/journal correctly.
[8.1.0]
- apparmor: Fix QEMU access for UEFI variable files. Backported from
upstream master commit 7aec69b7fb9d0c. (Closes 1006324, LP 1962035)
Refresh apparmor_profiles_local_include.patch to resolve the conflict.
[8.2.0]
- d/p/ubuntu-aa/0035-apparmor-separate-swtpm-rules.patch: Patch the libvirtd
and libvirt-qemu apparmor profiles to allow swtpm to use its own profile
(LP 1968187)
[8.3.0]
- d/p/u/lp-1972075-Allow-VM-to-read-sysfs-PCI-config-revision-files.patch:
apparmor allow new paths used for GL accelerated video (LP 1972075)
[8.4.0]
* Dropped changes [no more needed]:
- d/control: breaks replaces for augeas lenses move in 6.0.0-1
* Added changes:
- parallel-shutdown: upstream no more ships libvirt-guests defaults, so
the Ubuntu customization of it moved to the file replacing it added
in 8.1.0-1 now in d/libvirt-daemon-system.libvirt-guests.default
replacing the former "d/p/u/parallel-shutdown.patch: set parallel
shutdown by default."
- update patches to match 8.6.0
+ d/p/u-aa/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch
+ d/p/u/Allow-libvirt-group-to-access-the-socket.patch
+ d/p/u-aa/lp-1815910-allow-vhost-hotplug.patch
+ d/p/u/ovmf_paths.patch
+ d/p/u/swtpm-by-swtpm-user.patch
+ d/p/u/dnsmasq-as-priv-user
libvirt (8.6.0-0) UNRELEASED; urgency=medium
[ Christian Ehrhardt ]
* [f35cf09] d/rules: update path of ci-dashboard removal
[ Andrea Bolognani ]
* [a54d904] New upstream version 8.6.0
libvirt (8.5.0-2) experimental; urgency=medium
* [6c9bffb] Implement custom handling for systemd units
- We've already moved away from dh_installsystemd due to
#994204, and now we're refactoring the custom code so that
it's easier to understand and maintain going forward
libvirt (8.5.0-1) unstable; urgency=medium
* [74b9b5c] New upstream version 8.5.0
* [94a98bd] control: Fix cross building
- Explicitly request :native versions of several Build-Depends
* [417c882] control: Bump Standards-Version to 4.6.1
- No changes needed
libvirt (8.4.0-1) unstable; urgency=medium
* [ef2fd0c] New upstream version 8.4.0
libvirt (8.3.0-1) unstable; urgency=medium
* [f9dd871] New upstream version 8.3.0
libvirt (8.2.0-1) unstable; urgency=medium
* [4d84203] New upstream version 8.2.0
- Fixes CVE-2022-0897 (Closes: #1009075)
* [d1baa54] patches: Drop backports
* [333c80a] control: Switch from fuse to fuse3
* [4793ac2] libvirt-dev: Drop dependency on libxen-dev
- Thanks to Pino Toscano
libvirt (8.1.0-2) unstable; urgency=medium
* [ba504f6] systemd: Hardcode output of dh_installsystemd
- Stop using dh_installsystemd and hardcode slightly tweaked
versions of its output in maintainer scripts instead, as a
temporary workaround for #994204
* [4c89356] systemd: Only ever restart libvirtd on upgrade
- This avoids guests being stopped or crashing during upgrades
libvirt (8.1.0-1) experimental; urgency=medium
[ Andrea Bolognani ]
* [224b64e] New upstream version 8.1.0
* [06dea7a] patches: Drop backports
* [9f3a2e6] patches: Add backport/qemu-segmentation-fault-[...].patch
- Fixes a regression introduced in 8.1.0
* [70e6209] control: Drop build dependency on dnsmasq-base
- Availability is only checked at runtime
[ Martin Pitt ]
* [171a675] apparmor: Fix QEMU access for UEFI variable files
- QEMU needs to read, write and lock the NVRAM *.fd files with
UEFI firmware
- Closes: #1006324
- LP: #1962035
[ Maximilian Engelhardt ]
* [a06d5e5] control: Drop i386 from Xen arches
- Starting with version 4.16, Xen is no longer built on the i386
architecture in Debian
- Thanks to Diederik de Haas for helping get this fix merged
- Closes: #1006300
Date: Fri, 12 Aug 2022 10:34:29 +0200
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/libvirt/8.6.0-0ubuntu1
-------------- next part --------------
Format: 1.8
Date: Fri, 12 Aug 2022 10:34:29 +0200
Source: libvirt
Architecture: source
Version: 8.6.0-0ubuntu1
Distribution: kinetic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Closes: 1006300 1006324 1009075
Launchpad-Bugs-Fixed: 1962035 1971289 1980134 1982896
Changes:
libvirt (8.6.0-0ubuntu1) kinetic; urgency=medium
.
* Merge 8.0.0 from Debian unstable (LP: #1971289)
Among many other fixes and improvements this fixes:
- support for minor NFS versions (LP: #1980134)
- launching VMs with SGX enabled (LP: #1982896)
Remaining changes:
- libvirt-uri.sh, d/rules: Automatically switch default libvirt URI
for users via user profile (xen URI on dom0, qemu:///system otherwise)
- Disable libssh2 support (universe dependency)
- d/control: add libzfslinux-dev to build-deps
- d/control: drop libvirt-lxc, vbox and xen drivers to suggest
- debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
Secure Boot enabled variants of the OVMF firmware and variable store for
the paths where we ship these files in Ubuntu.
- Set qemu-group to kvm (for compat with older ubuntu)
- Additional apport package-hook
- Autostart default bridged network (As upstream does, but not Debian).
In addition to just enabling it our solution provides:
+ do not autostart if subnet is already taken (e.g. in guests).
+ iterate some alternative subnets before giving up
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
the group based access to libvirt functions as it was used in Ubuntu
for quite a long time.
+ d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
due to the group access change.
+ d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
group.
- Update README.Debian with Ubuntu changes
- d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
- fix autopkgtests (LP 1899180)
+ d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
vmlinuz available and accessible (Debian bug 848314)
+ d/t/control: fix smoke-qemu-session by ensuring the service will run
installing libvirt-daemon-system
+ d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
long as the following undefine succeeds
+ d/t/smoke-lxc: use systemd instead of sysV to restart the service
+ d/t/control, d/t/smoke-lxc: retry service restart and skip test if
failing; This was flaky on some release/architectures
+ d/t/smoke-lxc: retry check_domain being flaky on arm64
- dnsmasq related enhancements
+ run dnsmasq as libvirt-dnsmasq (LP: 1743718)
+ d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
+ d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
on purge
+ d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
libvirt-dnsmasq and adapt the self tests to expect that config
+ d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
+ Add dnsmasq configuration to work with system wide dnsmasq-base
- d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
machine type correctly with newer qemu/libvirt
- d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
(LP 1861125) fixups
- d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
- Apparmor Delta that is Ubuntu specific or yet to be upstreamed
split into logical pieces. File names in debian/patches/ubuntu-aa/:
+ 0020-virt-aa-helper-ubuntu-storage-paths.patch:
apparmor, virt-aa-helper: Allow various storage pools and image
locations
+ 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
libvirt-qemu: Add 9p support
+ 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
virt-aa-helper: Ask for no deny rule for readonly disk
+ 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
apparmor, libvirt-qemu: Allow reading charm-specific ceph config
+ 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
commands executed by ubuntu only kvm wrapper on ppc64el
(LP 1686621 LP 1680384 LP 1784023)
+ 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
apparmor, virt-aa-helper: access for snapped nova
+ lp-1815910-allow-vhost-net.patch: avoid apparmor issues
with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
- libvirt should not use user/group tss for swtpm (LP 1948880)
+ d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
+ d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
to user swtpm and adapt expected self test result changes triggered by
this
+ d/control: suggest swtpm-tools
+ d/libvirt-daemon-system.postinst: create user/group swtpm if not present
due to swtpm-tools (LP 1951975)
* Dropped changes [upstream now]:
- d/p/backport/qemuDomainSetupDisk-Initialize-targetPaths.patch to work
in containers like LXD (without guest start would hang).
[8.1.0]
- d/p/backport/util-fix-syslog-facility-value.patch to ensure logs
get passed to syslog/journal correctly.
[8.1.0]
- apparmor: Fix QEMU access for UEFI variable files. Backported from
upstream master commit 7aec69b7fb9d0c. (Closes 1006324, LP 1962035)
Refresh apparmor_profiles_local_include.patch to resolve the conflict.
[8.2.0]
- d/p/ubuntu-aa/0035-apparmor-separate-swtpm-rules.patch: Patch the libvirtd
and libvirt-qemu apparmor profiles to allow swtpm to use its own profile
(LP 1968187)
[8.3.0]
- d/p/u/lp-1972075-Allow-VM-to-read-sysfs-PCI-config-revision-files.patch:
apparmor allow new paths used for GL accelerated video (LP 1972075)
[8.4.0]
* Dropped changes [no more needed]:
- d/control: breaks replaces for augeas lenses move in 6.0.0-1
* Added changes:
- parallel-shutdown: upstream no more ships libvirt-guests defaults, so
the Ubuntu customization of it moved to the file replacing it added
in 8.1.0-1 now in d/libvirt-daemon-system.libvirt-guests.default
replacing the former "d/p/u/parallel-shutdown.patch: set parallel
shutdown by default."
- update patches to match 8.6.0
+ d/p/u-aa/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch
+ d/p/u/Allow-libvirt-group-to-access-the-socket.patch
+ d/p/u-aa/lp-1815910-allow-vhost-hotplug.patch
+ d/p/u/ovmf_paths.patch
+ d/p/u/swtpm-by-swtpm-user.patch
+ d/p/u/dnsmasq-as-priv-user
.
libvirt (8.6.0-0) UNRELEASED; urgency=medium
.
[ Christian Ehrhardt ]
* [f35cf09] d/rules: update path of ci-dashboard removal
.
[ Andrea Bolognani ]
* [a54d904] New upstream version 8.6.0
.
libvirt (8.5.0-2) experimental; urgency=medium
.
* [6c9bffb] Implement custom handling for systemd units
- We've already moved away from dh_installsystemd due to
#994204, and now we're refactoring the custom code so that
it's easier to understand and maintain going forward
.
libvirt (8.5.0-1) unstable; urgency=medium
.
* [74b9b5c] New upstream version 8.5.0
* [94a98bd] control: Fix cross building
- Explicitly request :native versions of several Build-Depends
* [417c882] control: Bump Standards-Version to 4.6.1
- No changes needed
.
libvirt (8.4.0-1) unstable; urgency=medium
.
* [ef2fd0c] New upstream version 8.4.0
.
libvirt (8.3.0-1) unstable; urgency=medium
.
* [f9dd871] New upstream version 8.3.0
.
libvirt (8.2.0-1) unstable; urgency=medium
.
* [4d84203] New upstream version 8.2.0
- Fixes CVE-2022-0897 (Closes: #1009075)
* [d1baa54] patches: Drop backports
* [333c80a] control: Switch from fuse to fuse3
* [4793ac2] libvirt-dev: Drop dependency on libxen-dev
- Thanks to Pino Toscano
.
libvirt (8.1.0-2) unstable; urgency=medium
.
* [ba504f6] systemd: Hardcode output of dh_installsystemd
- Stop using dh_installsystemd and hardcode slightly tweaked
versions of its output in maintainer scripts instead, as a
temporary workaround for #994204
* [4c89356] systemd: Only ever restart libvirtd on upgrade
- This avoids guests being stopped or crashing during upgrades
.
libvirt (8.1.0-1) experimental; urgency=medium
.
[ Andrea Bolognani ]
* [224b64e] New upstream version 8.1.0
* [06dea7a] patches: Drop backports
* [9f3a2e6] patches: Add backport/qemu-segmentation-fault-[...].patch
- Fixes a regression introduced in 8.1.0
* [70e6209] control: Drop build dependency on dnsmasq-base
- Availability is only checked at runtime
.
[ Martin Pitt ]
* [171a675] apparmor: Fix QEMU access for UEFI variable files
- QEMU needs to read, write and lock the NVRAM *.fd files with
UEFI firmware
- Closes: #1006324
- LP: #1962035
.
[ Maximilian Engelhardt ]
* [a06d5e5] control: Drop i386 from Xen arches
- Starting with version 4.16, Xen is no longer built on the i386
architecture in Debian
- Thanks to Diederik de Haas for helping get this fix merged
- Closes: #1006300
Checksums-Sha1:
cec427394a0cfd18538410e336238fe1ab8fa2b9 5332 libvirt_8.6.0-0ubuntu1.dsc
f35af21342767716bbc4223627fddddf95a17cae 8905732 libvirt_8.6.0.orig.tar.xz
8ead9e3f9f8278230cd3fbd7dcee2b2256706b3d 145220 libvirt_8.6.0-0ubuntu1.debian.tar.xz
8068c69dc412070725f0300050fea8f9f96c7d77 16159 libvirt_8.6.0-0ubuntu1_source.buildinfo
Checksums-Sha256:
8e78cf8fe6e8a2c21d729f81ad32ba22543a26347034d9b25c230ea7e16d2944 5332 libvirt_8.6.0-0ubuntu1.dsc
a81847c43ac9ade61b6f8447c44e8ba2cc544ab49bac5c0b18a5b105f5da3ae2 8905732 libvirt_8.6.0.orig.tar.xz
a68921c8a80b633b01e4585635b6dfaf58d531f6de6a32549a7160ccc5b3963c 145220 libvirt_8.6.0-0ubuntu1.debian.tar.xz
66f3842724eca61bdaf23e4259129674a9ccfeac553a0ee84d134e96c593b2c4 16159 libvirt_8.6.0-0ubuntu1_source.buildinfo
Files:
34c8c49ae4a477b8245f7ef234aa6bc8 5332 libs optional libvirt_8.6.0-0ubuntu1.dsc
7928a133b9a95f2d74d4be6935efb38c 8905732 libs optional libvirt_8.6.0.orig.tar.xz
52c460345f06115a9920f5daff32acef 145220 libs optional libvirt_8.6.0-0ubuntu1.debian.tar.xz
bc75e88e2d64c2bc120ed2ade8b0bf80 16159 libs optional libvirt_8.6.0-0ubuntu1_source.buildinfo
Original-Maintainer: Debian Libvirt Maintainers <pkg-libvirt-maintainers at lists.alioth.debian.org>
Vcs-Git: https://git.launchpad.net/~paelzer/ubuntu/+source/libvirt
Vcs-Git-Commit: 7ed367dca6fe302a422fee80430e0d120165aa53
Vcs-Git-Ref: refs/heads/merge-8.6.0-kinetic
More information about the kinetic-changes
mailing list