IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Pkg-config file libxml-2.0.pc was introduced in libxml2-2.2.4 and we
require at least 2.6.0 so the crazy xml2-config check can be dropped.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
This allows to use two or more LIBVIRT_CHECK_(LIB|LIB_ALT|PKG) macros
for one library. For example, when we check for existence of
pgk-config file of some library and we know that not all versions of
that library that libvirt requires provides this file, we can fallback
to use library check.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Usage of AC_REQUIRE will mess with order how LIBVIRT_CHECK_* macros
are composed into configure.ac. This ensures that the output of
configure --help is properly ordered and grouped into sections.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Following patch will update LIBVIRT_CHECK_(LIB|LIB_ALT|PKG) macros in
a way that you will be able to call a another macro as a fallback if
the first one fails. To allow that, we need to move the
LIBVIRT_ARG_WITH out of those macro to not have two or more same lines
in output of "configure --help".
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
All checks that prints result at the end of configure uses
LIBVIRT_RESULT_${CHECK_NAME}. Create those macros for remaining check.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
The *header_name* cannot be quoted, otherwise it is not translated to
the passed argument. Without this fix the generated configure contains
*ac_cv_header_header_name*, but there should be for example
*ac_cv_header_sals_sasl_h* for "sasl/sasl.h".
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Implement a new libssh transport, which uses libssh to communicate with
remote hosts, and add all the build system stuff (search of libssh,
private symbols, etc) to built it.
This new transport supports all the common ssh authentication methods,
making use of libvirt's auth callbacks for interaction with the user.
${exec_prefix} and ${prefix} point to the same directory in
most setups, but when that's not the case the former should
be used for architecture-dependent data such as shared objects,
which makes it the best fit for our Wireshark dissector.
While at it, change all uses of $(var) to ${var}: they are
absolutely identicaly as far as make's concerned, but autoconf
itself seems to prefer the latter form so we might as well
follow suit.
We only need to strip $ws_prefix from $ws_plugindir if we've
retrieved it from pkg-config: if we're building it ourselves
from $libdir, we can just use it without further processing.
This fixes a build issue with old gnutls.
Broken by commit 680d2f49da.
Reported-by: Olga Krishtal <okrishtal@virtuozzo.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Commit d8a8af3492 changed the minimal required version of gnutls
so it's safe to remove the code for older versions.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Since we're using autoconf to substitute the right value in
Makefile.am now, we can use a less generic name without running
into circular dependencies.
Adding $(prefix) in Makefile.am, as we were doing, means that
it would be prepended even when using --with-ws-plugindir,
which is something we don't want to happen.
Instead, we add it beforehand but take care that it doesn't
get expanded until make is called.
Even when we're building $plugindir ourselves because we can't
retrieve it using pkg-config, we still want to strip the prefix,
except in that case it would be the same prefix we're using for
building libvirt.
The fact that $plugindir is missing also doesn't tell us
anything about $ws_prefix, so we have to handle the two variables
separately.
Running the output of qemu -help doesn't make any sense. We should be
looking for libvirt being mentioned in the output. This worked by
accident, let's make it work as expected it to.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Currently, we are checking for sanlock_add_lockspace_timeout
which is good for now. But in a subsequent patch we are going to
use sanlock_write_lockspace (which sets an initial value for io
timeout for sanlock). Now, there is no reason to check for both
functions in sanlock library as the sanlock_write_lockspace was
introduced in 2.7 release and the one we are currently checking
for in the 2.5 release. Therefore it is safe to assume presence
of sanlock_add_lockspace_timeout when sanlock_write_lockspace
is detected.
Moreover, the macro for conditional compilation is renamed to
HAVE_SANLOCK_IO_TIMEOUT (as it now encapsulates two functions).
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
So, when building wireshark plugin, we get the plugindir variable
from the wireshark.pc as well as prefix. Then we replace the
prefix in the plugindir with our own prefix where libvirt is
building to:
plugindir="${prefix}${plugindir#ws_prefix}"
However, as you can see, there's '$' missing in front of the
ws_prefix variable. This results in the mangled plugindir, for
instance like this:
plugindir='/usr/usr/lib64/wireshark/plugins'
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Unconditionally use gnulib's getopt module. This is needed by the bhyve driver
to provide a reentrant interface for getopt.
Several gnulib headers rely on features.h being included by ctype.h to provide
__GNUC_PREREQ, but on systems without glibc, this is not provided. In these
cases __GNUC_PREREQ gets redefined to 0, which causes build errors from checks
in src/internal.h.
Therefore, define __GNUC_PREREQ as early as possible. config-post.h is probably
the first header that is included, before any other headers.
Currently, virt-login-shell is not allowed to build on Windows.
However, as it's designed around LXC, it does not make sense to
build it on anything but Linux, so make the check stricter and allow to
enable it on Linux only.
The sd_notify method is used to tell systemd when libvirtd
has finished starting up. All it does is send a datagram
containing the string parameter to systemd on a UNIX socket
named in the NOTIFY_SOCKET environment variable. Rather than
pulling in the systemd libraries for this, just code the
notification directly in libvirt as this is a stable ABI
from systemd's POV which explicitly allows independant
implementations:
See "Reimplementable Independently" column in the
"$NOTIFY_SOCKET Daemon Notifications" row:
https://www.freedesktop.org/wiki/Software/systemd/InterfacePortabilityAndStabilityChart/
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1314881
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
We don't need them any longer; moreover, the previous structure
made it very easy for bugs to slip in, by having the result of one
check influence the following one.
By placing the check for "$with_init_script" = check front and
center, hopefully this won't happen (as easily) again.
Our distcheck is broken. Well, it works but only by pure chance.
When wireshark plugin is enabled, we try to query which path
should the plugin be installed into. Firstly, we try to ask
pkg-config as some releases of wireshark already sets
corresponding variable in their pkg-config files. However, if we
obtained no value from there we try to construct the path on our
own. Based on our observations it usually is:
$libdir/wireshark/plugins/$version/.
Now, the problem is in the way we are deciding whether we have
obtained the plugin directory from pkg-config or not. Simply
said, we are checking wrong variable. The variable we are
checking has never been set, thus in our test is empty and
therefore we will always construct the plugin dir path on our
own, regardless of its presence in the pkg-config file.
To make things worse, after fixing this problem, VPATH build was
broken as it now tried to install plugin into correct directory.
Yes, this is problem, because --prefix was not honoured and
everything but the plugin was installed into given prefix. I've
managed to resolve this issue by replacing plugin dir prefix with
our own. So when doing regular installation (our prefix ==
wireshark prefix), nothing changes. When doing VPATH build &
installation plugin is installed into correctly prefixed dir.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
virt-host-validate, just like virt-login-shell, doesn't make sense
on Windows, so we should avoid building it.
Make the tool optional and build it by default on all platforms
except Windows, erroring out if the user attempts to build it
anyway.
fdstream.c: In function 'virFDStreamWrite':
fdstream.c:390:29: error: logical 'or' of equal expressions [-Werror=logical-op]
if (errno == EAGAIN || errno == EWOULDBLOCK) {
^~
Fedora rawhide now uses gcc 6.0 and there is a bug with -Wlogical-op
producing false warnings.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69602
Use GCC pragma push/pop and ignore -Wlogical-op for GCC that supports
push/pop pragma and also has this bug.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
The check is supposed to stop users from trying to compile
virt-login-shell on Windows by erroring out during the
configure phase; however, there are two flaws in it:
* the value of "x$with_win" is compared to "yes" instead
of "xyes" (note the "x" in the first string)
* "test" is not being used, so the script will actually
try to run a command called "x$with_win" instead of
performing string comparison
This patch fixes both issues.
* tools/nss/libvirt_nss.[ch]: add BSD-comptabile wrappers and
register via the nss_module_register() interface
* m4/virt-nss.m4: add checks if we're building NSS for FreeBSD
* tools/Makefile.am: handle target library name differences, as
Linux needs libnss_libvirt.so.2 and FreeBSD needs
nss_libvirt.so.1. Also, different syms files have to be used
as Linux needs to export all the methods while FreeBSD
only needs to have nss_module_register()
* tests/nsstest.c, tests/nssmock.c: s/__linux__/NSS/
* tests/nssmock.c: pass int instead of mode_t to va_arg() to please
gcc 4.8
* libvirt_nss_bsd.syms: FreeBSD syms file
Name Service Switch is a glibc feature responsible for many
things. Translating domain names into IP addresses and vice versa
is just one of them. However, currently it's the only
functionality that this commit is tickling. Well, in this commit
the plugin skeleton is introduced. Implementation to come in next
patches.
Because of the future testing, where the implementation is to be
linked with a test, this needs to go into static library. Linking
a program with an .so statically is not portable. Therefore a
dummy libnss_libvirt_impl library is being introduced too.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Yet again, selinux has been adding const-correctness; this change
is ABI-compatible, but breaks API, which affects us when we try to
override things in our testsuite:
../../tests/securityselinuxhelper.c:307:24: error: conflicting types for 'selabel_open'
struct selabel_handle *selabel_open(unsigned int backend,
^~~~~~~~~~~~
In file included from ../../tests/securityselinuxhelper.c:32:0:
/usr/include/selinux/label.h:73:24: note: previous declaration of 'selabel_open' was here
The problem is a new 'const' prior to the second parameter.
Fix it the same way we did in commit 292d3f2d: check for the new
const at configure time.
Signed-off-by: Eric Blake <eblake@redhat.com>
Commit 97e70a5935 added the option -pie to
CFLAGS and LDFLAGS, however '-pie' is just a linker option. That
wouldn't be a problem. However, clang is checking for that and outputs
an error or unused argument:
error: argument unused during compilation: '-pie'
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
So, after bec787ee9d we are building virt-login-shell
independent of LXC driver. This is nice, but the binary is
enabled by default which makes no sense on mingw. In fact, it
triggers some compilation errors there:
CC virt_login_shell-virt-login-shell.o
../../tools/virt-login-shell.c: In function 'main':
../../tools/virt-login-shell.c:289:15: error: implicit declaration of function 'sysconf' [-Werror=implicit-function-declaration]
openmax = sysconf(_SC_OPEN_MAX);
^
../../tools/virt-login-shell.c:289:5: error: nested extern declaration of 'sysconf' [-Werror=nested-externs]
openmax = sysconf(_SC_OPEN_MAX);
^
../../tools/virt-login-shell.c:289:23: error: '_SC_OPEN_MAX' undeclared (first use in this function)
openmax = sysconf(_SC_OPEN_MAX);
^
../../tools/virt-login-shell.c:289:23: note: each undeclared identifier is reported only once for each function it appears in
cc1: all warnings being treated as errors
While we could workaround sysconf(_SC_OPEN_MAX) issue, the binary
itself makes no sense on systems where no LXC can be spawned.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
https://bugzilla.redhat.com/show_bug.cgi?id=1251190
So, if domain loses access to storage, sanlock tries to kill it
after some timeout. So far, the default is 80 seconds. But for
some scenarios this might not be enough. We should allow users to
adjust the timeout according to their needs.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
There has been a report on the list [1] that we are not
installing the wireshark dissector into the correct plugin
directory. And in fact we are not. The problem is, the plugin
directory path is constructed at compile time. However, it's
dependent on the wireshark version, e.g.
/usr/lib/wireshark/plugins/1.12.6
This is rather unfortunate, because if libvirt RPMs were built
with one version, but installed on a system with newer one, the
plugins are not really loaded. This problem lead fedora packagers
to unify plugin path to:
/usr/lib/wireshark/plugins/
Cool! But this was enabled just in wireshark-1.12.6-4. Therefore,
we must require at least that version.
And while at it, on some distributions, the wireshark.pc file
already has a variable that defines where plugin dir is. Use that
if possible.
1: https://www.redhat.com/archives/libvirt-users/2015-October/msg00063.html
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
With the latest patch to the vz driver (7d73ca06ce) I was
getting some compilation errors. It turned out, my installation
of the parallels SDK was not as fresh as it could be. Parallels
installed in my system were missing the
PRL_USE_VNET_NAME_FOR_BRIDGE_NAME symbol which simply was not
introduced at the time I was installing the SDK. The symbol was
introduced in 86e62a5d which was then part of the 7.0.22 release.
Require that version at least therefore.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Eventually, every driver will be moved to a special module.
But for today the winner is Virtuozzo driver.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Time to update to new gnulib before a release.
gcc 5.1 introduced a new -Wformat-signedness, and new gnulib now
turns it on by default. However, it is still rather lame at the
moment, because it warns for enums, even though there is no way
to control the signeness of an enum which does not use any members
that are negative or larger than INT_MAX, and even though such an
enum would always print the same for both %d and %u:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66249
In file included from ../../src/util/virarch.c:26:0:
../../src/util/virarch.c: In function 'virArchFromHost':
../../src/util/virarch.c:180:15: error: format '%d' expects argument of type 'int', but argument 9 has type 'unsigned int' [-Werror=format=]
VIR_DEBUG("Mapped %s to %d (%s)",
So this patch turns off the new warning as part of enabling all
other new gcc 5.1 warnings that gnulib now enables.
* .gnulib: Update to latest, in part for gcc 5.1 interaction.
* m4/virt-compile-warnings.m4: Ignore -Wformat-signedness, for now.
Signed-off-by: Eric Blake <eblake@redhat.com>
GCC installed from FreeBSD ports doesn't support building PIE executables
and fails with:
/usr/local/bin/ld: /usr/lib/crt1.o: relocation R_X86_64_32 against
`_DYNAMIC' can not be used when making a shared object; recompile with
-fPIC
/usr/lib/crt1.o: error adding symbols: Bad value
collect2: error: ld returned 1 exit status
However, the configure check for '-fPIC -DPIC' doesn't catch that. In
order to catch this case, add '-pie' to CFLAGS in m4/virt-compile-pie.m4
so it could detect lack of PIE support on configure time and don't fail
the build.
Wireshark supports pkg-config since 1.11.3. Right now we build
wireshark-dissectior tool as default trough rpm build only on
fedora >= 21 and there is new wireshark that supports pkg-config.
If someone wants to build libvirt with wireshark-dissector against old
wireshark, they should specify the location by hand.
This patch is mainly to fix wrong dependency on wireshark binary as it
doesn't make sense to require that binary file to just get version info
of that package in makefile.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
In systemd >= 218, the udev_set_log_fn method has been marked
deprecated and turned into a no-op. Nothing in the udev client
library will print to stderr by default anymore, so we can
just stop installing a logging hook for new enough udev.
Compilation on a RHEL 5 host failed, due to the older dbus headers
present on that machine, and triggered by commit 2aa167ca:
util/virdbus.c: In function 'virDBusMessageIterDecode':
util/virdbus.c:952: error: 'DBusBasicValue' undeclared (first use in this function)
* m4/virt-dbus.m4 (LIBVIRT_CHECK_DBUS): Check for DBusBasicValue.
* src/util/virdbuspriv.h (DBusBasicValue): Provide fallback.
Signed-off-by: Eric Blake <eblake@redhat.com>
This option only makes sense for -fstack-protector.
With -fstack-protector-all or -fstack-protector-strong,
functions are protected regardless of buffer size.
https://bugzilla.redhat.com/show_bug.cgi?id=1105456
bhyveload and bhyvectl wouldn't be checked otherwise as the configure
script wouldn't execute one of the tests:
checking for bhyve... /usr/local/sbin/bhyve
checking for bhyvectl... /usr/local/sbin/bhyvectl
checking for bhyveload... /usr/local/sbin/bhyveload
./configure: line 62602: test: too many arguments
Fix the shell statement testing the 3 binaries.
On some systems, libnuma can be present but it's so ancient that
it misses some symbols that virNumaGetDistances() needs. To be
more precise: numa_bitmask_isbitset() and numa_nodes_ptr are the
symbols in question. Fortunately, they were both introduced in
the same release so it's sufficient for us to check for only one
of them. And the winner is numa_bitmask_isbitset().
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Commit 292d3f2d fixed the build with libselinux 2.3, but missed
some suggestions by eblake
https://www.redhat.com/archives/libvir-list/2014-May/msg00977.html
This patch changes the macro introduced in 292d3f2d to either be
empty in the case of newer libselinux, or contain 'const' in the
case of older libselinux. The macro is then used directly in
tests/securityselinuxhelper.c.
Several function signatures changed in libselinux 2.3, now taking
a 'const char *' instead of 'security_context_t'. The latter is
defined in selinux/selinux.h as
typedef char *security_context_t;
Signed-off-by: Eric Blake <eblake@redhat.com>
Commit 68954fb added a configure option --with-systemd_daemon,
which violates the conventions of configure files preferring
dash in all option names. This fixes it, before we hit a
release where the tarball is baked with an awkward name.
* m4/virt-lib.m4 (LIBVIRT_CHECK_LIB, LIBVIRT_CHECK_LIB_ALT)
(LIBVIRT_CHECK_PKG): Favor - over _ in configure option names.
Signed-off-by: Eric Blake <eblake@redhat.com>
Systemd does not forget about the cases, where client service needs to
wait for daemon service to initialize and start accepting new clients.
Setting a dependency in client is not enough as systemd doesn't know
when the daemon has initialized itself and started accepting new
clients. However, it offers a mechanism to solve this. The daemon needs
to call a special systemd function by which the daemon tells "I'm ready
to accept new clients". This is exactly what we need with
libvirtd-guests (client) and libvirtd (daemon). So now, with this
change, libvirt-guests.service is invoked not any sooner than
libvirtd.service calls the systemd notify function.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
At this point it has a limited functionality and is highly
experimental. Supported domain operations are:
* define
* start
* destroy
* dumpxml
* dominfo
It's only possible to have only one disk device and only one
network, which should be of type bridge.
We support gluster volumes in domain XML, so we also ought to
support them as a storage pool. Besides, a future patch will
want to take advantage of libgfapi to handle the case of a
gluster device holding qcow2 rather than raw storage, and for
that to work, we need a storage backend that can read gluster
storage volume contents. This sets up the framework.
Note that the new pool is named 'gluster' to match a
<disk type='network'><source protocol='gluster'> image source
already supported in a <domain>; it does NOT match the
<pool type='netfs'><source><target type='glusterfs'>,
since that uses a FUSE mount to a local file name rather than
a network name.
This and subsequent patches have been tested against glusterfs
3.4.1 (available on Fedora 19); there are likely bugs in older
versions that may prevent decent use of gfapi, so this patch
enforces the minimum version tested. A future patch may lower
the minimum. On the other hand, I hit at least two bugs in
3.4.1 that will be fixed in 3.5/3.4.2, where it might be worth
raising the minimum: glfs_readdir is nicer to use than
glfs_readdir_r [1], and glfs_fini should only return failure on
an actual failure [2].
[1] http://lists.gnu.org/archive/html/gluster-devel/2013-10/msg00085.html
[2] http://lists.gnu.org/archive/html/gluster-devel/2013-10/msg00086.html
* configure.ac (WITH_STORAGE_GLUSTER): New conditional.
* m4/virt-gluster.m4: new file.
* libvirt.spec.in (BuildRequires): Support gluster in spec file.
* src/conf/storage_conf.h (VIR_STORAGE_POOL_GLUSTER): New pool
type.
* src/conf/storage_conf.c (poolTypeInfo): Treat similar to
sheepdog and rbd.
(virStoragePoolDefFormat): Don't output target for gluster.
* src/storage/storage_backend_gluster.h: New file.
* src/storage/storage_backend_gluster.c: Likewise.
* po/POTFILES.in: Add new file.
* src/storage/storage_backend.c (backends): Register new type.
* src/Makefile.am (STORAGE_DRIVER_GLUSTER_SOURCES): Build new files.
* src/storage/storage_backend.h (_virStorageBackend): Documet
assumption.
Signed-off-by: Eric Blake <eblake@redhat.com>
The python binding now lives in
http://libvirt.org/git/?p=libvirt-python.git
that repo also provides an RPM which is upgrade compatible
with the old libvirt-python sub-RPM.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Make it much easier to test a configuration built without readline
support, by reusing our existing library probe machinery. It gets
a bit tricky with readline, which does not provide a pkg-config
snippet, and which on some platforms requires one of several
terminal libraries as a prerequiste, but the end result should be
the same default behavior but now with the option to disable things.
* m4/virt-readline.m4 (LIBVIRT_CHECK_READLINE): Simplify by using
LIBVIRT_CHECK_LIB.
* tools/virsh.c: Convert USE_READLINE to WITH_READLINE.
Signed-off-by: Eric Blake <eblake@redhat.com>
A future patch will allow disabling readline; doing this in an
isolated file instead of configure.ac will make the task easier.
* configure.ac: Move readline code...
* m4/virt-readline.m4: ...here.
Signed-off-by: Eric Blake <eblake@redhat.com>
Since we're about to freeze, it's time to pick up the latest
upstream gnulib. Among other changes, gnulib now guarantees the
use of some -f flags that we were previously manually adding.
* .gnulib: Update to latest, in part for warning improvements.
* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Drop
flags that are now guaranteed by gnulib.
* bootstrap: Resync to gnulib.
Signed-off-by: Eric Blake <eblake@redhat.com>
Jonathan Lebon reported an issue to me off-list about his build
failing to use qemu because he failed to install yajl-devel. But
I recalled specifically tweaking configure.ac to die in that
situation (commits 350583c, ba9c38b). After a bit more
head-scratching, we found the cause of the regression: commit
654c709 rearranged things so that the qemu version check now
occurs before AC_ARG_WITH has had a chance to set either
$with_qemu or $with_yajl.
Coincidentally, this fix aligns with a documentation patch that
was just posted to the autoconf mailing list :)
http://thread.gmane.org/gmane.comp.sysutils.autoconf.patches/8324
* m4/virt-lib.m4 (LIBVIRT_CHECK_LIB, LIBVIRT_CHECK_LIB_ALT)
(LIBVIRT_CHECK_PKG): Populate defaults earlier.
* configure.ac (AC_ARG_WITH): Likewise for drivers.
Signed-off-by: Eric Blake <eblake@redhat.com>
Autoconf states that AC_HELP_STRING is obsolete, and that new
programs should use AS_HELP_STRING. We also had instances of
not properly quoting the macro usage, and not relying on autoconf's
word-wrapping abilities to avoid long lines. I validated that this
commit has no impact to the generated configure file.
* configure.ac (AC_ARG_WITH, AC_ARG_ENABLE): Autoconf recommends
the use of AS_HELP_STRING. Also, use proper quoting and wrap long
lines.
* m4/virt-apparmor.m4 (LIBVIRT_CHECK_APPARMOR): Likewise.
* m4/virt-selinux.m4 (LIBVIRT_CHECK_SELINUX): Likewise.
Signed-off-by: Eric Blake <eblake@redhat.com>
Rather than inlining gl_WARN_ADD loads of time, we can shave about
17k size off of the configure script by delaying it to a cleanup
shell loop.
* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Track a
list of things to check, rather than inlining multiple checks.
Signed-off-by: Eric Blake <eblake@redhat.com>
It adds an empty space after the package version. Previously the error
message looked like:
"You must install the dbus-1 >= 1.0.0pkg-config module to compile libvirt"
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
https://bugzilla.redhat.com/show_bug.cgi?id=994589 complained that
even when using a cross-compiler not named 'gcc', the configure
output confusingly referred to gcc.
* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Use a
more generic statement in configure output.
Signed-off-by: Eric Blake <eblake@redhat.com>
Partially revert cdd703f's revert of c163410, as linking with clang
with --param=ssp-buffer-size=4 still fails with:
"argument unused during compilation".
The latest mingw headers on Fedora 19 fail to build with gnulib
without an update.
Meanwhile, now that upstream gnulib has better handling of -W
probing for clang, we can drop some of our own solutions in
favor of upstream; thus this reverts commit c1634100, "Correctly
detect warning flags with clang".
* .gnulib: Update to latest, for mingw and clang.
Signed-off-by: Eric Blake <eblake@redhat.com>
FreeBSD ships an old gcc 4.2.1 which generates
bogus code, e.g. getsockopt() call returns
struct xucred with bogus values, which doesn't even
allow to connect to libvirtd:
error: Failed to find group record for gid '1284660778': No error: 0
So roll back to just -fstack-protector on FreeBSD.
Automake already passes all CFLAGS to the linker too, so it
is not necessary to set WARN_LDFLAGS in addition to the
WARN_CFLAGS variable.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Clang will happily claim to support any warning flags
unless the -Werror and -Wunknown-warning-option flags
are set. Thus we need to make sure these are set when
testing for clags.
We must also set the clang specific warning flags
-Wno-unused-command-line-argument to avoid a warning
from the ssp-buffer-size flag when linking .o files.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
The virt-compile-warnings.m4 file would do an explicit
check for whether the compile could use the 'diagnostic'
pragma push/pop feature. The src/internal.h file would
then only enable it for GCC >= 4.6
This breaks with clang which supports the pragma but
does not claim GCC 4.6 compat. Export a variable from
the m4 check to the header file so they are consistent.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
On win32, all code is position independent and adding -fPIE
to the compiler flags results in warnings being printed
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
There are a number of places which generate cast alignment
warnings, which are difficult or impossible to address. Use
pragmas to disable the warnings in these few places
conf/nwfilter_conf.c: In function 'virNWFilterRuleDetailsParse':
conf/nwfilter_conf.c:1806:16: warning: cast increases required alignment of target type [-Wcast-align]
item = (nwItemDesc *)((char *)nwf + att[idx].dataIdx);
conf/nwfilter_conf.c: In function 'virNWFilterRuleDefDetailsFormat':
conf/nwfilter_conf.c:3238:16: warning: cast increases required alignment of target type [-Wcast-align]
item = (nwItemDesc *)((char *)def + att[i].dataIdx);
storage/storage_backend_mpath.c: In function 'virStorageBackendCreateVols':
storage/storage_backend_mpath.c:247:17: warning: cast increases required alignment of target type [-Wcast-align]
names = (struct dm_names *)(((char *)names) + next);
nwfilter/nwfilter_dhcpsnoop.c: In function 'virNWFilterSnoopDHCPDecode':
nwfilter/nwfilter_dhcpsnoop.c:994:15: warning: cast increases required alignment of target type [-Wcast-align]
pip = (struct iphdr *) pep->eh_data;
nwfilter/nwfilter_dhcpsnoop.c:1004:11: warning: cast increases required alignment of target type [-Wcast-align]
pup = (struct udphdr *) ((char *) pip + (pip->ihl << 2));
nwfilter/nwfilter_learnipaddr.c: In function 'procDHCPOpts':
nwfilter/nwfilter_learnipaddr.c:327:33: warning: cast increases required alignment of target type [-Wcast-align]
uint32_t *tmp = (uint32_t *)&dhcpopt->value;
nwfilter/nwfilter_learnipaddr.c: In function 'learnIPAddressThread':
nwfilter/nwfilter_learnipaddr.c:501:43: warning: cast increases required alignment of target type [-Wcast-align]
struct iphdr *iphdr = (struct iphdr*)(packet +
nwfilter/nwfilter_learnipaddr.c:538:43: warning: cast increases required alignment of target type [-Wcast-align]
struct iphdr *iphdr = (struct iphdr*)(packet +
nwfilter/nwfilter_learnipaddr.c:544:48: warning: cast increases required alignment of target type [-Wcast-align]
struct udphdr *udphdr= (struct udphdr *)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
By passing the flags -z relro -z now to the linker, we can force
it to resolve all library symbols at startup, instead of on-demand.
This allows it to then make the global offset table (GOT) read-only,
which makes some security attacks harder.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
PIE (position independent executable) adds security to executables
by composing them entirely of position-independent code (PIC. The
.so libraries already build with -fPIC. This adds -fPIE which is
the equivalent to -fPIC, but for executables. This for allows Exec
Shield to use address space layout randomization to prevent attackers
from knowing where existing executable code is during a security
attack using exploits that rely on knowing the offset of the
executable code in the binary, such as return-to-libc attacks.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
The virt-dbus.m4 check for DBus was preserving $LIBS before
modifying it. Except it wasn't. It was preserving another
copy of $CFLAGS. The result was that after the check completed,
$LIBS got polluted with $CFLAGS
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Some places missed the conversion from LIBCURL_{CFLAGS,LIBS} to
CURL_{CFLAGS,LIBS}, and a part of curl check was left in
configure.ac instead of m4/virt-curl.m4 by mistake
There are many aspects of the guest XML which result in the
SELinux driver applying file labelling. With the increasing
configuration options it is desirable to test this behaviour.
It is not possible to assume that the test suite has the
ability to set SELinux labels. Most filesystems though will
support extended attributes. Thus for the purpose of testing,
it is possible to extend the existing LD_PRELOAD hack to
override setfilecon() and getfilecon() to simply use the
'user.libvirt.selinux' attribute for the sake of testing.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>