Release of libvirt-10.2.0

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>

.gitlab-ci.yml

@@ -6,6 +6,7 @@ stages:
   - builds
   - integration_tests
   - sanity_checks
+  - pages
 
 .script_variables: &script_variables |
   export CCACHE_BASEDIR="$(pwd)"
@@ -20,6 +21,7 @@ include:
   - '/ci/integration.yml'
 
 .native_build_job:
+  extends: .gitlab_native_build_job
   cache:
     paths:
       - ccache/
@@ -40,17 +42,8 @@ include:
         mv "$HOME"/rpmbuild/RPMS/x86_64/ libvirt-rpms/;
       fi
 
-.native_build_job_prebuilt_env:
-  extends:
-    - .native_build_job
-    - .gitlab_native_build_job_prebuilt_env
-
-.native_build_job_local_env:
-  extends:
-    - .native_build_job
-    - .gitlab_native_build_job_local_env
-
 .cross_build_job:
+  extends: .gitlab_cross_build_job
   cache:
     paths:
       - ccache/
@@ -68,21 +61,14 @@ include:
         fi;
       fi
 
-.cross_build_job_prebuilt_env:
-  extends:
-    - .cross_build_job
-    - .gitlab_cross_build_job_prebuilt_env
-
-.cross_build_job_local_env:
-  extends:
-    - .cross_build_job
-    - .gitlab_cross_build_job_local_env
-
-
 # This artifact published by this job is downloaded by libvirt.org to
 # be deployed to the web root:
 #    https://gitlab.com/libvirt/libvirt/-/jobs/artifacts/master/download?job=website
-.website_job:
+website_job:
+  extends: .gitlab_native_build_job
+  needs:
+    - job: x86_64-almalinux-8-container
+      optional: true
   script:
     - source ci/jobs.sh
     - run_website_build
@@ -96,50 +82,39 @@ include:
     expire_in: 30 days
     paths:
       - website
-
-website_prebuilt_env:
-  extends:
-    - .website_job
-    - .gitlab_native_build_job_prebuilt_env
-  needs:
-    - job: x86_64-almalinux-8-container
-      optional: true
   variables:
     NAME: almalinux-8
+    TARGET_BASE_IMAGE: docker.io/library/almalinux:8
 
-website_local_env:
-  extends:
-    - .website_job
-    - .gitlab_native_build_job_local_env
-  variables:
-    IMAGE: docker.io/library/almalinux:8
-    NAME: almalinux-8
-
+# On push to master publish the website from 'website_job' via gitlab pages
+pages:
+  stage: pages
+  script:
+    - mv website public
+    - cp .gitlab_pages_redirects public/_redirects
+  dependencies:
+    - website_job
+  rules:
+    - if: '$CI_PROJECT_NAMESPACE == $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
+      when: on_success
+    - when: never
+  artifacts:
+    expose_as: 'pages'
+    name: 'pages'
+    paths:
+      - public
 
 .codestyle_job:
   stage: sanity_checks
-  script:
-    - source ci/jobs.sh
-    - run_codestyle
-
-codestyle_prebuilt_env:
-  extends:
-    - .codestyle_job
-    - .gitlab_native_build_job_prebuilt_env
   needs:
     - job: x86_64-opensuse-leap-15-container
       optional: true
+  script:
+    - source ci/jobs.sh
+    - run_codestyle
   variables:
     NAME: opensuse-leap-15
-
-codestyle_local_env:
-  extends:
-    - .codestyle_job
-    - .gitlab_native_build_job_local_env
-  variables:
-    IMAGE: registry.opensuse.org/opensuse/leap:15.4
-    NAME: opensuse-leap-15
-
+    TARGET_BASE_IMAGE: registry.opensuse.org/opensuse/leap:15.5
 
 # This artifact published by this job is downloaded to push to Weblate
 # for translation usage:

.gitlab_pages_redirects

@@ -0,0 +1,54 @@
+# Redirects to golang module pages
+/libvirt-go /libvirt-go.html 200
+/libvirt-go-xml /libvirt-go-xml.html 200
+/go/libvirt /go/libvirt.html 200
+/go/libvirtxml /go/libvirtxml.html 200
+
+# Redirects to the download server
+/sources/* https://download.libvirt.org/:splat 301
+/ruby/download/* https://download.libvirt.org/ruby/:splat 301
+/maven2/org/libvirt/* https://download.libvirt.org/maven2/org/libvirt/:splat 301
+
+# Redirects to subproject pages
+/ruby/* https://ruby.libvirt.org/:splat 301
+/ocaml/* https://ocaml.libvirt.org/:splat 301
+/php/* https://php.libvirt.org/:splat 301
+/libvirt-appdev-guide-python/en-US/html/* https://libvirt.gitlab.io/libvirt-appdev-guide-python/:splat: 301
+/java.html https://java.libvirt.org 301
+# Redirect to the proper javadoc directory on the subproject page
+/sources/java/javadoc/* https://java.libvirt.org/javadoc/:splat 301
+
+# Redirects from old gitweb location (see below)
+/git https://gitlab.com/libvirt/ 301
+
+# The above rules are adapted from the following set of 'mod_rewrite' rules used
+# originally on libvirt.org:
+#
+#    RewriteRule ^/libvirt-go$ /libvirt-go.html [L]
+#    RewriteRule ^/libvirt-go-xml$ /libvirt-go-xml.html [L]
+#    RewriteRule ^/go/libvirt$ /go/libvirt.html [L]
+#    RewriteRule ^/go/libvirtxml$ /go/libvirtxml.html [L]
+#    RewriteRule ^/sources/(.*) https://download.libvirt.org/$1 [L]
+#    RewriteRule ^/ruby/download/(.*) https://download.libvirt.org/ruby/$1 [L]
+#    RewriteRule ^/(maven2/org/libvirt.*) https://download.libvirt.org/$1 [L]
+#    RewriteRule ^/ocaml/(.*) https://ocaml.libvirt.org/$1 [L]
+#    RewriteRule ^/ruby/(.*) https://ruby.libvirt.org/$1 [L]
+#    RewriteRule ^/php/(.*) https://php.libvirt.org/$1 [L]
+#    RewriteRule ^/java.html https://java.libvirt.org [L]
+#    RewriteRule ^/docs/libvirt-appdev-guide-python/en-US/html/(.*) https://libvirt.gitlab.io/libvirt-appdev-guide-python/$1 [L]
+#    RewriteRule ^/git https://gitlab.com/libvirt/ [L]
+#
+#  Redirect replacing 'gitweb'. The 'gitweb' interface was originally replaced
+#  by the following redirect condition:
+#
+#    RewriteCond %{QUERY_STRING} p=([-a-zA-Z0-9]+).git
+#    RewriteRule ^/git/$ https://gitlab.com/libvirt/%1 [L]
+#
+# That unfortunately can't be represented in gitlab redirects as it doesn't
+# support redirects based on query strings. Given that the above redirect broke
+# most gitweb links anyways, due to handling only the 'p=' argument, git gitlab
+# redirect will break the rest of them.
+#
+#  The following rule was dropped as the page never existed:
+#
+#    RewriteRule ^/libvirt-console-proxy$ /libvirt-console-proxy.html [L]

NEWS.rst

@@ -8,12 +8,204 @@ the changes introduced by each of them.
 For a more fine-grained view, use the `git log`_.
 
 
-v10.0.0 (unreleased)
+v10.2.0 (2024-04-02)
+====================
+
+* **New features**
+
+  * ch: Basic save and restore support for ch driver
+
+    The ch driver now supports basic save and restore operations. This is
+    functional on domains without any network, host device config defined.
+    The `path` parameter for save and restore should be a directory.
+
+  * qemu: Support for driver type ``mtp`` in ``<filesystem/>`` devices
+
+    The ``mtp`` driver type exposes the ``usb-mtp`` device in QEMU. The
+    guest can access files on this driver through the Media Transfer
+    Protocol (MTP).
+
+  * qemu: Added support for the loongarch64 architecture
+
+    It is now possible for libvirt to run loongarch64 guests, including on
+    other architectures via TCG. For the best results, it is recommended to
+    use the upcoming QEMU 9.0.0 release together with the development version
+    of edk2.
+
+  * qemu: Introduce virDomainGraphicsReload API
+
+    Reloading the graphics display is now supported for QEMU guests using
+    VNC. This is useful to make QEMU reload the TLS certificates without
+    restarting the guest. Available via the ``virDomainGraphicsReload`` API
+    and the ``domdisplay-reload`` virsh command.
+
+* **Bug fixes**
+
+  * qemu: Fix migration from libvirt older than 9.10.0 when vmx is enabled
+
+    A domain with vmx feature enabled (which may be even done automatically
+    with ``mode='host-model'``) started by libvirt 9.9.0 or older cannot be
+    migrated to libvirt 9.10.0, 10.0.0, and 10.1.0 as the target host would
+    complain about a lot of extra ``vmx-*`` features. Migration of similar
+    domains started by the affected releases to libvirt 9.9.0 and older
+    does not work either. Since libvirt 10.2.0 migration works again with
+    libvirt 9.9.0 and older in both directions. Migration from the affected
+    releases to 10.2.0 works as well, but the other direction remains broken
+    unless the fix is backported.
+
+  * node_device: Don't report spurious errors from PCI VPD parsing
+
+    In last release the PCI Vital Product Data parser was enhanced to report
+    errors but that effort failed as some kernels have the file but don't allow
+    reading it causing logs to be spammed with::
+
+      libvirtd[21055]: operation failed: failed to read the PCI VPD data
+
+    Since the data is used only in the node device XML and errors are ignored if
+    the parsing failed, this release removes all the error reporting.
+
+  * qemu: set correct SELinux label for unprivileged virtiofsd
+
+    It is now possible to use virtiofsd-based ``<filesystem>`` shares even
+    if the guest is confined using SELinux.
+
+  * qemu: fix a crash on unprivileged virtiofsd hotplug
+
+    Hotplugging virtiofsd-based filesystems works now.
+
+  * virt-admin: Fix segfault when libvirtd dies
+
+    ``virt-admin`` no longer crashes when ``libvirtd`` unexpectedly closes
+    the connection.
+
+
+v10.1.0 (2024-03-01)
 ====================
 
 * **Security**
 
-* **Removed features**
+  * ``CVE-2024-1441``: Fix off-by-one error leading to a crash
+
+    In **libvirt-1.0.0** there were couple of interface listing APIs
+    introduced which had an off-by-one error.  That error could lead to a
+    very rare crash if an array was passed to those functions which did
+    not fit all the interfaces.
+
+    In **libvirt-5.10** a check for non-NULL arrays has been adjusted to
+    allow for NULL arrays with size 0 instead of rejecting all NULL
+    arrays.  However that made the above issue significantly worse since
+    that off-by-one error now did not write beyond an array, but
+    dereferenced said NULL pointer making the crash certain in a
+    specific scenario in which a NULL array of size 0 was passed to the
+    aforementioned functions.
+
+* **New features**
+
+  * nodedev: Support updating mdevs
+
+    The node device driver has been extended to allow updating mediated node
+    devices. Options are available to target the update against the persistent,
+    active or both configurations of a mediated device.
+    **Note:** The support is only available with at least mdevctl v1.3.0 installed.
+
+  * qemu: Add support for /dev/userfaultfd
+
+    On hosts with new enough kernel which supports /dev/userfaultfd libvirt will
+    now automatically grant QEMU access to this device. It's no longer needed to
+    set vm.unprivileged_userfaultfd sysctl.
+
+  * qemu: Support clusters in CPU topology
+
+    It is now possible to configure the guest CPU topology to use clusters.
+    Additionally, if CPU clusters are present in the host topology, they will
+    be reported as part of the capabilities XML.
+
+  * network: Make virtual domains resolvable from the host
+
+    When starting a virtual network with a new ``register='yes'`` attribute
+    in the ``<domain>`` element, libvirt will configure ``systemd-resolved``
+    to resolve names of the connected guests using the name server started
+    for this network.
+
+  * qemu: Introduce dynamicMemslots attribute for virtio-mem
+
+    QEMU now allows setting ``.dynamic-memslots`` attribute for virtio-mem-pci
+    devices. When turned on, it allows memory exposed to guest to be split into
+    multiple memory slots and thus smaller memory footprint (see the original
+    commit for detailed explanation).
+
+* **Improvements**
+
+  * nodedev: Add ability to update persistent mediated devices by defining them
+
+    Existing persistent mediated devices can now also be updated by
+    ``virNodeDeviceDefineXML()`` as long as parent and UUID remain unchanged.
+
+  * ch: Enable ``ethernet`` interface mode support
+
+    ``<interface type='ethernet'/>`` can now be used for CH domains.
+
+  * viraccessdriverpolkit: Add missing vtpm case
+
+    Secrets with ``<usage type='vtpm'>`` were left unable to be checked for in
+    the access driver, i.e. in ACL rules. Missing code was provided.
+
+  * virt-admin: Notify users to use explicit URI if connection fails
+
+    ``virt-admin`` doesn't try to guess the URI of the daemon to manage so a
+    failure to connect may be confusing for users if modular daemons are used.
+    Add a hint to use the URI of the dameon to manage.
+
+* **Bug fixes**
+
+  * qemu_process: Skip over non-virtio non-TAP NIC models when refreshing rx-filter
+
+    If ``trustGuestRxFilters`` is enabled for a vNIC that doesn't support it,
+    libvirt may throw an error when such domain is being started, loaded from a
+    saved state, migrated, etc. These errors are now silenced, but make sure to
+    fix such configurations (after previous release it is even possible to
+    change ``trustGuestRxFilters`` value on live domains via
+    ``virDomainUpdateDeviceFlags()`` or ``virsh device-update``).
+
+  * domain: Fix check for overlapping ``<memory/>`` devices
+
+    A bug was identified which caused libvirt to report two NVDIMMs as
+    overlapping even though they weren't. This now fixed.
+
+  * vmx: Accept empty fileName for cdrom-image
+
+    Turns out, ``fileName`` attribute (which contains path to CDROM image) can
+    be set to an empty string (``""``) to denote a state in which the CDROM has
+    no medium in it. Libvirt used to reject such configuration file, but not
+    anymore.
+
+  * qemu_hotplug: Don't lose 'created' flag in qemuDomainChangeNet()
+
+    When starting a domain, libvirt tracks what resources it created for it and
+    which were pre-existing and uses this information to preserve pre-existing
+    resources when cleaning up after said domain is shut off. But for macvtaps
+    this information was lost after the macvtap device was changed (e.g. via
+    ``virsh update-device``).
+
+  * Fix virStream hole handling
+
+    When a client sent multiple holes into a virStream it may have caused
+    daemon hangup as the daemon stopped processing RPC from the client
+    temporarily. This is now fixed.
+
+  * nodedev: Don't generate broken XML with certain hardware
+
+    A broken node device XML would be generated in a rare case when a hardware
+    device had certain characters in the VPD fields.
+
+  * qemu: Fix reservation of manually specified port for disk migration
+
+    A manually specified port would not be relased after disk migration making
+    it impossible to use it again.
+
+
+v10.0.0 (2024-01-15)
+====================
 
 * **New features**
 
@@ -24,10 +216,102 @@ v10.0.0 (unreleased)
     This should enable faster migration of memory pages that the destination
     tries to read before they are migrated from the source.
 
+  * qemu: Add support for mapping iothreads to virtqueues of ``virtio-blk`` devices
+
+    QEMU added the possibility to map multiple ``iothreads`` to a single
+    ``virtio-blk`` device and map them even to specific virtqueues. Libvirt
+    adds a ``<iothreads>`` subelement of the ``<disk> <driver>`` element that
+    users can use to configure the mapping.
+
+  * qemu: Allow automatic resize of block-device-backed disk to full size of the device
+
+    The new flag ``VIR_DOMAIN_BLOCK_RESIZE_CAPACITY`` for
+    ``virDomainBlockResize`` allows resizing a block-device backed ``raw`` disk
+    of a VM without the need to specify the full size of the block device.
+
+  * qemu: automatic selection/binding of VFIO variant drivers
+
+    When a device is assigned to a guest using VFIO with ``<hostdev
+    managed='yes'>``, libvirt will now search the running kernel's
+    modules.alias file for the most specific match to that device for
+    a VFIO driver, and bind that driver to the device rather than
+    vfio-pci. A specific driver can also be forced, using the
+    ``<driver model='plugh'/>`` attribute.
+
+  * qemu: add runtime configuration option for nbdkit
+
+    Since the new nbdkit support requires a recent selinux policy that is not
+    widely available yet, it is now possible to build libvirt with nbdkit
+    support for remote disks but disabled at runtime. This behavior is
+    controlled via the storage_use_nbdkit option of the qemu driver
+    configuration file. The option will default to being disabled, but this may
+    change in a future release and can be customized with the
+    nbdkit_config_default build option.
+
+  * qemu: add ID mapping support for virtiofsd
+
+    New ``<idmap>`` element was added for virtiofsd-based ``<filesystem>``
+    devices. It can be used to set up UID and GID mapping between host
+    and guest, making running virtiofsd unprivileged much more useful.
+
 * **Improvements**
 
+  * qemu: Improve migration XML use when persisting VM on destination
+
+    When migrating a VM with a custom migration XML, use it as a base for
+    persisting it on the destination as users could have changed non-ABI
+    breaking facts which would prevent subsequent start if the old XML were used.
+
+  * qemu: Simplify non-shared storage migration to ``raw`` block devices
+
+    The phase of copying storage during migration without shared storage
+    requires that both the source and destination image are identical in size.
+    This may not be possible if the destination is backed by a block device
+    and the source image size is not a multiple of the block device block size.
+
+    Libvirt aleviates this by automatically adding a ``<slice>`` to match the
+    size of the source image rather than failing the migration.
+
+  * test driver: Support for hotplug/hotunplug of PCI devices
+
+    The test driver now supports basic hotplug and hotunplug of PCI devices.
+
+  * qemu: allow virtiofsd to run unprivileged
+
+    Nowadays virtiofsd no longer requires to run with root privileges, so the
+    restriction to always run as root is now removed from libvirt too.
+
 * **Bug fixes**
 
+  * qemu: Various migration bug fixes and debuggability improvement
+
+    This release fixes multiple bugs in virsh and libvirt in handling of
+    migration arguments and XMLs and modifies error reporting for better
+    debugging.
+
+  * conf: Restore setting default bus for input devices
+
+    Because of a regression, starting from 9.3.0 libvirt did not autofill bus
+    for input devices. With this release the regression was identified and
+    fixed.
+
+  * qemu: Relax check for memory device coldplug
+
+    Because of a check that was too aggressive, a virtio-mem memory device
+    could not be cold plugged. This is now fixed.
+
+  * qemu: Be less aggressive when dropping channel source paths
+
+    Another regression is resolved, (introduced in 9.7.0) when libvirt was too
+    aggressive when dropping parsed paths for <channel/> sources
+
+  * qemuDomainChangeNet: Reflect trustGuestRxFilters change
+
+    On device-update, when a user requested change of trustGuestRxFilters for a
+    domain's <interface/> libvirt did nothing. It did not throw an error nor
+    did it reflect the change. Starting with this release, the change is
+    reflected.
+
 
 v9.10.0 (2023-12-01)
 ====================

build-aux/syntax-check.mk

@@ -1,13 +1,12 @@
 #
-# Rules for running syntax-check, derived from gnulib's
-# maint.mk
+# Rules for running syntax-check, derived from gnulib's top/maint.mk
 #
 # Specifically, all shared code should match gnulib commit
 #
-#   dd2503c8e73621e919e8e214a29c495ac89d8a92 (2022-05-21)
+#   d5191e456737661d4a0df5287f6c2064ab74dbbe (2024-02-15)
 #
 # Copyright (C) 2008-2019 Red Hat, Inc.
-# Copyright (C) 2001-2022 Free Software Foundation, Inc.
+# Copyright (C) 2001-2024 Free Software Foundation, Inc.
 
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1083,7 +1082,8 @@ sc_prohibit_stdio--_without_use:
 	@h='stdio--.h' re='\<((f(re)?|p)open|tmpfile) *\(' \
 	  $(_sc_header_without_use)
 
-_stddef_syms_re = NULL|offsetof|ptrdiff_t|size_t|wchar_t
+_stddef_syms_re = \
+  NULL|max_align_t|nullptr_t|offsetof|ptrdiff_t|size_t|unreachable|wchar_t
 # Prohibit the inclusion of stddef.h without an actual use.
 sc_prohibit_stddef_without_use:
 	@h='stddef.h' \
@@ -1310,26 +1310,9 @@ sc_prohibit_path_max_allocation:
 	halt='Avoid stack allocations of size PATH_MAX' \
 	  $(_sc_search_regexp)
 
-ifneq ($(_gl-Makefile),)
-syntax-check: sc_spacing-check \
-	sc_prohibit-duplicate-header sc_mock-noinline sc_group-qemu-caps \
-        sc_header-ifdef
-	@if ! cppi --version >/dev/null 2>&1; then \
-		echo "*****************************************************" >&2; \
-		echo "* cppi not installed, some checks have been skipped *" >&2; \
-		echo "*****************************************************" >&2; \
-	fi; \
-	if [ -z "$(FLAKE8)" ]; then \
-		echo "*****************************************************" >&2; \
-		echo "* flake8 not installed, sc_flake8 has been skipped  *" >&2; \
-		echo "*****************************************************" >&2; \
-	fi
-	if [ -z "$(BLACK)" ]; then \
-		echo "*****************************************************" >&2; \
-		echo "* black not installed, sc_black has been skipped    *" >&2; \
-		echo "*****************************************************" >&2; \
-	fi
-endif
+sc_unportable_grep_q:
+	@prohibit='grep ''-q' halt="unportable 'grep ""-q', use >/dev/null instead" \
+	  $(_sc_search_regexp)
 
 # Don't include duplicate header in the source (either *.c or *.h)
 sc_prohibit-duplicate-header:
@@ -1359,6 +1342,11 @@ sc_prohibit_enum_impl_with_vir_prefix_in_virsh:
 	halt='avoid "vir" prefix for enums in virsh' \
 	  $(_sc_search_regexp)
 
+sc_rst_since:
+	@prohibit=':since:`[^`]+$|:since:`[^`]+[.,;]`|:since:`[^`]+` [.,;]' \
+	halt='format :since: correctly' \
+	  $(_sc_search_regexp)
+
 
 ## ---------- ##
 ## Exceptions ##

ci/buildenv/almalinux-8.sh

@@ -87,6 +87,7 @@ function install_buildenv() {
         systemtap-sdt-devel \
         wireshark-devel \
         yajl-devel
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     rpm -qa | sort > /packages.txt
     mkdir -p /usr/libexec/ccache-wrappers
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc

ci/buildenv/alpine-319.sh

@@ -68,6 +68,7 @@ function install_buildenv() {
         wireshark-dev \
         xen-dev \
         yajl-dev
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     apk list | sort > /packages.txt
     mkdir -p /usr/libexec/ccache-wrappers
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc

ci/buildenv/alpine-edge.sh

@@ -68,6 +68,7 @@ function install_buildenv() {
         wireshark-dev \
         xen-dev \
         yajl-dev
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     apk list | sort > /packages.txt
     mkdir -p /usr/libexec/ccache-wrappers
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc

ci/buildenv/centos-stream-8.sh

@@ -88,6 +88,7 @@ function install_buildenv() {
         systemtap-sdt-devel \
         wireshark-devel \
         yajl-devel
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     rpm -qa | sort > /packages.txt
     mkdir -p /usr/libexec/ccache-wrappers
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc

ci/buildenv/centos-stream-9.sh

@@ -84,6 +84,7 @@ function install_buildenv() {
         systemtap-sdt-devel \
         wireshark-devel \
         yajl-devel
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     rpm -qa | sort > /packages.txt
     mkdir -p /usr/libexec/ccache-wrappers
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc

ci/buildenv/debian-11-cross-aarch64.sh

@@ -47,6 +47,7 @@ function install_buildenv() {
             xsltproc
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
     dpkg-reconfigure locales
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     export DEBIAN_FRONTEND=noninteractive
     dpkg --add-architecture arm64
     apt-get update

ci/buildenv/debian-11-cross-armv6l.sh

@@ -47,6 +47,7 @@ function install_buildenv() {
             xsltproc
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
     dpkg-reconfigure locales
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     export DEBIAN_FRONTEND=noninteractive
     dpkg --add-architecture armel
     apt-get update

ci/buildenv/debian-11-cross-armv7l.sh

@@ -47,6 +47,7 @@ function install_buildenv() {
             xsltproc
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
     dpkg-reconfigure locales
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     export DEBIAN_FRONTEND=noninteractive
     dpkg --add-architecture armhf
     apt-get update

ci/buildenv/debian-11-cross-i686.sh

@@ -47,6 +47,7 @@ function install_buildenv() {
             xsltproc
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
     dpkg-reconfigure locales
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     export DEBIAN_FRONTEND=noninteractive
     dpkg --add-architecture i386
     apt-get update

ci/buildenv/debian-11-cross-mips64el.sh

@@ -47,6 +47,7 @@ function install_buildenv() {
             xsltproc
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
     dpkg-reconfigure locales
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     export DEBIAN_FRONTEND=noninteractive
     dpkg --add-architecture mips64el
     apt-get update

ci/buildenv/debian-11-cross-mipsel.sh

@@ -47,6 +47,7 @@ function install_buildenv() {
             xsltproc
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
     dpkg-reconfigure locales
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     export DEBIAN_FRONTEND=noninteractive
     dpkg --add-architecture mipsel
     apt-get update

ci/buildenv/debian-11-cross-ppc64le.sh

@@ -47,6 +47,7 @@ function install_buildenv() {
             xsltproc
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
     dpkg-reconfigure locales
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     export DEBIAN_FRONTEND=noninteractive
     dpkg --add-architecture ppc64el
     apt-get update

ci/buildenv/debian-11-cross-s390x.sh

@@ -47,6 +47,7 @@ function install_buildenv() {
             xsltproc
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
     dpkg-reconfigure locales
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     export DEBIAN_FRONTEND=noninteractive
     dpkg --add-architecture s390x
     apt-get update

ci/buildenv/debian-11.sh

@@ -84,6 +84,7 @@ function install_buildenv() {
             xsltproc
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
     dpkg-reconfigure locales
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt
     mkdir -p /usr/libexec/ccache-wrappers
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc

ci/buildenv/debian-12-cross-aarch64.sh

@@ -48,6 +48,7 @@ function install_buildenv() {
             xsltproc
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
     dpkg-reconfigure locales
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     export DEBIAN_FRONTEND=noninteractive
     dpkg --add-architecture arm64
     apt-get update

ci/buildenv/debian-12-cross-armv6l.sh

@@ -48,6 +48,7 @@ function install_buildenv() {
             xsltproc
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
     dpkg-reconfigure locales
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     export DEBIAN_FRONTEND=noninteractive
     dpkg --add-architecture armel
     apt-get update

ci/buildenv/debian-12-cross-armv7l.sh

@@ -48,6 +48,7 @@ function install_buildenv() {
             xsltproc
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
     dpkg-reconfigure locales
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     export DEBIAN_FRONTEND=noninteractive
     dpkg --add-architecture armhf
     apt-get update

ci/buildenv/debian-12-cross-i686.sh

@@ -48,6 +48,7 @@ function install_buildenv() {
             xsltproc
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
     dpkg-reconfigure locales
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     export DEBIAN_FRONTEND=noninteractive
     dpkg --add-architecture i386
     apt-get update

ci/buildenv/debian-12-cross-mips64el.sh

@@ -48,6 +48,7 @@ function install_buildenv() {
             xsltproc
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
     dpkg-reconfigure locales
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     export DEBIAN_FRONTEND=noninteractive
     dpkg --add-architecture mips64el
     apt-get update

ci/buildenv/debian-12-cross-mipsel.sh

@@ -48,6 +48,7 @@ function install_buildenv() {
             xsltproc
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
     dpkg-reconfigure locales
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     export DEBIAN_FRONTEND=noninteractive
     dpkg --add-architecture mipsel
     apt-get update

ci/buildenv/debian-12-cross-ppc64le.sh

@@ -48,6 +48,7 @@ function install_buildenv() {
             xsltproc
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
     dpkg-reconfigure locales
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     export DEBIAN_FRONTEND=noninteractive
     dpkg --add-architecture ppc64el
     apt-get update

ci/buildenv/debian-12-cross-s390x.sh

@@ -48,6 +48,7 @@ function install_buildenv() {
             xsltproc
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
     dpkg-reconfigure locales
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     export DEBIAN_FRONTEND=noninteractive
     dpkg --add-architecture s390x
     apt-get update

ci/buildenv/debian-12.sh

@@ -84,6 +84,7 @@ function install_buildenv() {
             xsltproc
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
     dpkg-reconfigure locales
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt
     mkdir -p /usr/libexec/ccache-wrappers
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc

ci/buildenv/debian-sid-cross-aarch64.sh

@@ -48,6 +48,7 @@ function install_buildenv() {
             xsltproc
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
     dpkg-reconfigure locales
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     export DEBIAN_FRONTEND=noninteractive
     dpkg --add-architecture arm64
     apt-get update

ci/buildenv/debian-sid-cross-armv6l.sh

@@ -48,6 +48,7 @@ function install_buildenv() {
             xsltproc
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
     dpkg-reconfigure locales
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     export DEBIAN_FRONTEND=noninteractive
     dpkg --add-architecture armel
     apt-get update

ci/buildenv/debian-sid-cross-armv7l.sh

@@ -48,6 +48,7 @@ function install_buildenv() {
             xsltproc
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
     dpkg-reconfigure locales
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     export DEBIAN_FRONTEND=noninteractive
     dpkg --add-architecture armhf
     apt-get update

ci/buildenv/debian-sid-cross-i686.sh

@@ -48,6 +48,7 @@ function install_buildenv() {
             xsltproc
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
     dpkg-reconfigure locales
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     export DEBIAN_FRONTEND=noninteractive
     dpkg --add-architecture i386
     apt-get update

ci/buildenv/debian-sid-cross-mips64el.sh

@@ -48,6 +48,7 @@ function install_buildenv() {
             xsltproc
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
     dpkg-reconfigure locales
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     export DEBIAN_FRONTEND=noninteractive
     dpkg --add-architecture mips64el
     apt-get update

ci/buildenv/debian-sid-cross-ppc64le.sh

@@ -48,6 +48,7 @@ function install_buildenv() {
             xsltproc
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
     dpkg-reconfigure locales
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     export DEBIAN_FRONTEND=noninteractive
     dpkg --add-architecture ppc64el
     apt-get update

ci/buildenv/debian-sid-cross-s390x.sh

@@ -48,6 +48,7 @@ function install_buildenv() {
             xsltproc
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
     dpkg-reconfigure locales
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     export DEBIAN_FRONTEND=noninteractive
     dpkg --add-architecture s390x
     apt-get update

ci/buildenv/debian-sid.sh

@@ -84,6 +84,7 @@ function install_buildenv() {
             xsltproc
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
     dpkg-reconfigure locales
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt
     mkdir -p /usr/libexec/ccache-wrappers
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc

ci/buildenv/fedora-38-cross-mingw32.sh

@@ -47,6 +47,7 @@ function install_buildenv() {
         rpm-build \
         sed \
         systemd-rpm-macros
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     dnf install -y \
         mingw32-curl \
         mingw32-dlfcn \

ci/buildenv/fedora-38-cross-mingw64.sh

@@ -47,6 +47,7 @@ function install_buildenv() {
         rpm-build \
         sed \
         systemd-rpm-macros
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     dnf install -y \
         mingw64-curl \
         mingw64-dlfcn \

ci/buildenv/fedora-38.sh

@@ -83,6 +83,7 @@ function install_buildenv() {
         wireshark-devel \
         xen-devel \
         yajl-devel
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     rpm -qa | sort > /packages.txt
     mkdir -p /usr/libexec/ccache-wrappers
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc

ci/buildenv/fedora-39.sh

@@ -83,6 +83,7 @@ function install_buildenv() {
         wireshark-devel \
         xen-devel \
         yajl-devel
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     rpm -qa | sort > /packages.txt
     mkdir -p /usr/libexec/ccache-wrappers
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc

ci/buildenv/fedora-rawhide-cross-mingw32.sh

@@ -9,7 +9,7 @@ function install_buildenv() {
     dnf distro-sync -y
     dnf install -y \
         augeas \
-        bash-completion \
+        bash-completion-devel \
         ca-certificates \
         ccache \
         codespell \
@@ -48,6 +48,7 @@ function install_buildenv() {
         rpm-build \
         sed \
         systemd-rpm-macros
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     dnf install -y \
         mingw32-curl \
         mingw32-dlfcn \

ci/buildenv/fedora-rawhide-cross-mingw64.sh

@@ -9,7 +9,7 @@ function install_buildenv() {
     dnf distro-sync -y
     dnf install -y \
         augeas \
-        bash-completion \
+        bash-completion-devel \
         ca-certificates \
         ccache \
         codespell \
@@ -48,6 +48,7 @@ function install_buildenv() {
         rpm-build \
         sed \
         systemd-rpm-macros
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     dnf install -y \
         mingw64-curl \
         mingw64-dlfcn \

ci/buildenv/fedora-rawhide.sh

@@ -10,7 +10,7 @@ function install_buildenv() {
     dnf install -y \
         audit-libs-devel \
         augeas \
-        bash-completion \
+        bash-completion-devel \
         ca-certificates \
         ccache \
         clang \
@@ -84,6 +84,7 @@ function install_buildenv() {
         wireshark-devel \
         xen-devel \
         yajl-devel
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     rpm -qa | sort > /packages.txt
     mkdir -p /usr/libexec/ccache-wrappers
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc

ci/buildenv/opensuse-leap-15.sh

@@ -10,7 +10,7 @@ function install_buildenv() {
            audit-devel \
            augeas \
            augeas-lenses \
-           bash-completion \
+           bash-completion-devel \
            ca-certificates \
            ccache \
            clang \
@@ -85,6 +85,7 @@ function install_buildenv() {
            systemtap-sdt-devel \
            wireshark-devel \
            xen-devel
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     rpm -qa | sort > /packages.txt
     mkdir -p /usr/libexec/ccache-wrappers
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc

ci/buildenv/opensuse-tumbleweed.sh

@@ -10,7 +10,7 @@ function install_buildenv() {
            audit-devel \
            augeas \
            augeas-lenses \
-           bash-completion \
+           bash-completion-devel \
            ca-certificates \
            ccache \
            clang \
@@ -83,6 +83,7 @@ function install_buildenv() {
            systemtap-sdt-devel \
            wireshark-devel \
            xen-devel
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     rpm -qa | sort > /packages.txt
     mkdir -p /usr/libexec/ccache-wrappers
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc

ci/buildenv/ubuntu-2004.sh

@@ -87,6 +87,7 @@ function install_buildenv() {
             xsltproc
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
     dpkg-reconfigure locales
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt
     mkdir -p /usr/libexec/ccache-wrappers
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc

ci/buildenv/ubuntu-2204.sh

@@ -85,6 +85,7 @@ function install_buildenv() {
             xsltproc
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
     dpkg-reconfigure locales
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt
     mkdir -p /usr/libexec/ccache-wrappers
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc

ci/cirrus/build.yml

@@ -18,7 +18,7 @@ build_task:
     - @UPDATE_COMMAND@
     - @UPGRADE_COMMAND@
     - @INSTALL_COMMAND@ @PKGS@
-    - if test -n "@PYPI_PKGS@" ; then @PIP3@ install @PYPI_PKGS@ ; fi
+    - if test -n "@PYPI_PKGS@" ; then @PIP3@ install --break-system-packages @PYPI_PKGS@ ; fi
   clone_script:
     - git clone --depth 100 "$CI_REPOSITORY_URL" .
     - git fetch origin "${CI_MERGE_REQUEST_REF_PATH:-$CI_COMMIT_REF_NAME}"

ci/containers/almalinux-8.Dockerfile

@@ -90,6 +90,7 @@ RUN dnf update -y && \
         yajl-devel && \
     dnf autoremove -y && \
     dnf clean all -y && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED && \
     rpm -qa | sort > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \

ci/containers/alpine-319.Dockerfile

@@ -69,6 +69,7 @@ RUN apk update && \
         wireshark-dev \
         xen-dev \
         yajl-dev && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED && \
     apk list | sort > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \

ci/containers/alpine-edge.Dockerfile

@@ -69,6 +69,7 @@ RUN apk update && \
         wireshark-dev \
         xen-dev \
         yajl-dev && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED && \
     apk list | sort > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \

ci/containers/centos-stream-8.Dockerfile

@@ -91,6 +91,7 @@ RUN dnf distro-sync -y && \
         yajl-devel && \
     dnf autoremove -y && \
     dnf clean all -y && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED && \
     rpm -qa | sort > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \

ci/containers/centos-stream-9.Dockerfile

@@ -87,6 +87,7 @@ RUN dnf distro-sync -y && \
         yajl-devel && \
     dnf autoremove -y && \
     dnf clean all -y && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED && \
     rpm -qa | sort > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \

ci/containers/debian-11-cross-aarch64.Dockerfile

@@ -50,7 +50,8 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales
+    dpkg-reconfigure locales && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
 
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 ENV LANG "en_US.UTF-8"

ci/containers/debian-11-cross-armv6l.Dockerfile

@@ -50,7 +50,8 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales
+    dpkg-reconfigure locales && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
 
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 ENV LANG "en_US.UTF-8"

ci/containers/debian-11-cross-armv7l.Dockerfile

@@ -50,7 +50,8 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales
+    dpkg-reconfigure locales && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
 
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 ENV LANG "en_US.UTF-8"

ci/containers/debian-11-cross-i686.Dockerfile

@@ -50,7 +50,8 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales
+    dpkg-reconfigure locales && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
 
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 ENV LANG "en_US.UTF-8"

ci/containers/debian-11-cross-mips64el.Dockerfile

@@ -50,7 +50,8 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales
+    dpkg-reconfigure locales && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
 
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 ENV LANG "en_US.UTF-8"

ci/containers/debian-11-cross-mipsel.Dockerfile

@@ -50,7 +50,8 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales
+    dpkg-reconfigure locales && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
 
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 ENV LANG "en_US.UTF-8"

ci/containers/debian-11-cross-ppc64le.Dockerfile

@@ -50,7 +50,8 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales
+    dpkg-reconfigure locales && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
 
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 ENV LANG "en_US.UTF-8"

ci/containers/debian-11-cross-s390x.Dockerfile

@@ -50,7 +50,8 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales
+    dpkg-reconfigure locales && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
 
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 ENV LANG "en_US.UTF-8"

ci/containers/debian-11.Dockerfile

@@ -88,6 +88,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
     dpkg-reconfigure locales && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED && \
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \

ci/containers/debian-12-cross-aarch64.Dockerfile

@@ -51,7 +51,8 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales
+    dpkg-reconfigure locales && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
 
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 ENV LANG "en_US.UTF-8"

ci/containers/debian-12-cross-armv6l.Dockerfile

@@ -51,7 +51,8 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales
+    dpkg-reconfigure locales && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
 
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 ENV LANG "en_US.UTF-8"

ci/containers/debian-12-cross-armv7l.Dockerfile

@@ -51,7 +51,8 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales
+    dpkg-reconfigure locales && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
 
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 ENV LANG "en_US.UTF-8"

ci/containers/debian-12-cross-i686.Dockerfile

@@ -51,7 +51,8 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales
+    dpkg-reconfigure locales && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
 
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 ENV LANG "en_US.UTF-8"

ci/containers/debian-12-cross-mips64el.Dockerfile

@@ -51,7 +51,8 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales
+    dpkg-reconfigure locales && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
 
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 ENV LANG "en_US.UTF-8"

ci/containers/debian-12-cross-mipsel.Dockerfile

@@ -51,7 +51,8 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales
+    dpkg-reconfigure locales && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
 
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 ENV LANG "en_US.UTF-8"

ci/containers/debian-12-cross-ppc64le.Dockerfile

@@ -51,7 +51,8 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales
+    dpkg-reconfigure locales && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
 
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 ENV LANG "en_US.UTF-8"

ci/containers/debian-12-cross-s390x.Dockerfile

@@ -51,7 +51,8 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales
+    dpkg-reconfigure locales && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
 
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 ENV LANG "en_US.UTF-8"

ci/containers/debian-12.Dockerfile

@@ -88,6 +88,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
     dpkg-reconfigure locales && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED && \
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \

ci/containers/debian-sid-cross-aarch64.Dockerfile

@@ -51,7 +51,8 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales
+    dpkg-reconfigure locales && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
 
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 ENV LANG "en_US.UTF-8"

ci/containers/debian-sid-cross-armv6l.Dockerfile

@@ -51,7 +51,8 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales
+    dpkg-reconfigure locales && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
 
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 ENV LANG "en_US.UTF-8"

ci/containers/debian-sid-cross-armv7l.Dockerfile

@@ -51,7 +51,8 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales
+    dpkg-reconfigure locales && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
 
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 ENV LANG "en_US.UTF-8"

ci/containers/debian-sid-cross-i686.Dockerfile

@@ -51,7 +51,8 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales
+    dpkg-reconfigure locales && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
 
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 ENV LANG "en_US.UTF-8"

ci/containers/debian-sid-cross-mips64el.Dockerfile

@@ -51,7 +51,8 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales
+    dpkg-reconfigure locales && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
 
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 ENV LANG "en_US.UTF-8"

ci/containers/debian-sid-cross-ppc64le.Dockerfile

@@ -51,7 +51,8 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales
+    dpkg-reconfigure locales && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
 
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 ENV LANG "en_US.UTF-8"

ci/containers/debian-sid-cross-s390x.Dockerfile

@@ -51,7 +51,8 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoremove -y && \
     eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales
+    dpkg-reconfigure locales && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
 
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 ENV LANG "en_US.UTF-8"

ci/containers/debian-sid.Dockerfile

@@ -88,6 +88,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
     dpkg-reconfigure locales && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED && \
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \

ci/containers/fedora-38-cross-mingw32.Dockerfile

@@ -59,7 +59,8 @@ exec "$@"\n' > /usr/bin/nosync && \
                sed \
                systemd-rpm-macros && \
     nosync dnf autoremove -y && \
-    nosync dnf clean all -y
+    nosync dnf clean all -y && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
 
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 ENV LANG "en_US.UTF-8"

ci/containers/fedora-38-cross-mingw64.Dockerfile

@@ -59,7 +59,8 @@ exec "$@"\n' > /usr/bin/nosync && \
                sed \
                systemd-rpm-macros && \
     nosync dnf autoremove -y && \
-    nosync dnf clean all -y
+    nosync dnf clean all -y && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
 
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 ENV LANG "en_US.UTF-8"

ci/containers/fedora-38.Dockerfile

@@ -96,6 +96,7 @@ exec "$@"\n' > /usr/bin/nosync && \
                yajl-devel && \
     nosync dnf autoremove -y && \
     nosync dnf clean all -y && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED && \
     rpm -qa | sort > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \

ci/containers/fedora-39.Dockerfile

@@ -96,6 +96,7 @@ exec "$@"\n' > /usr/bin/nosync && \
                yajl-devel && \
     nosync dnf autoremove -y && \
     nosync dnf clean all -y && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED && \
     rpm -qa | sort > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \

ci/containers/fedora-rawhide-cross-mingw32.Dockerfile

@@ -20,7 +20,7 @@ exec "$@"\n' > /usr/bin/nosync && \
     nosync dnf distro-sync -y && \
     nosync dnf install -y \
                augeas \
-               bash-completion \
+               bash-completion-devel \
                ca-certificates \
                ccache \
                codespell \
@@ -60,7 +60,8 @@ exec "$@"\n' > /usr/bin/nosync && \
                sed \
                systemd-rpm-macros && \
     nosync dnf autoremove -y && \
-    nosync dnf clean all -y
+    nosync dnf clean all -y && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
 
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 ENV LANG "en_US.UTF-8"

ci/containers/fedora-rawhide-cross-mingw64.Dockerfile

@@ -20,7 +20,7 @@ exec "$@"\n' > /usr/bin/nosync && \
     nosync dnf distro-sync -y && \
     nosync dnf install -y \
                augeas \
-               bash-completion \
+               bash-completion-devel \
                ca-certificates \
                ccache \
                codespell \
@@ -60,7 +60,8 @@ exec "$@"\n' > /usr/bin/nosync && \
                sed \
                systemd-rpm-macros && \
     nosync dnf autoremove -y && \
-    nosync dnf clean all -y
+    nosync dnf clean all -y && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
 
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 ENV LANG "en_US.UTF-8"

ci/containers/fedora-rawhide.Dockerfile

@@ -21,7 +21,7 @@ exec "$@"\n' > /usr/bin/nosync && \
     nosync dnf install -y \
                audit-libs-devel \
                augeas \
-               bash-completion \
+               bash-completion-devel \
                ca-certificates \
                ccache \
                clang \
@@ -97,6 +97,7 @@ exec "$@"\n' > /usr/bin/nosync && \
                yajl-devel && \
     nosync dnf autoremove -y && \
     nosync dnf clean all -y && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED && \
     rpm -qa | sort > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \

ci/containers/opensuse-leap-15.Dockerfile

@@ -11,7 +11,7 @@ RUN zypper update -y && \
            audit-devel \
            augeas \
            augeas-lenses \
-           bash-completion \
+           bash-completion-devel \
            ca-certificates \
            ccache \
            clang \
@@ -87,6 +87,7 @@ RUN zypper update -y && \
            wireshark-devel \
            xen-devel && \
     zypper clean --all && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED && \
     rpm -qa | sort > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \

ci/containers/opensuse-tumbleweed.Dockerfile

@@ -11,7 +11,7 @@ RUN zypper dist-upgrade -y && \
            audit-devel \
            augeas \
            augeas-lenses \
-           bash-completion \
+           bash-completion-devel \
            ca-certificates \
            ccache \
            clang \
@@ -85,6 +85,7 @@ RUN zypper dist-upgrade -y && \
            wireshark-devel \
            xen-devel && \
     zypper clean --all && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED && \
     rpm -qa | sort > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \

ci/containers/ubuntu-2004.Dockerfile

@@ -91,6 +91,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
     dpkg-reconfigure locales && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED && \
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \

ci/containers/ubuntu-2204.Dockerfile

@@ -89,6 +89,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
     dpkg-reconfigure locales && \
+    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED && \
     dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \

ci/gitlab/build-templates.yml

@@ -20,16 +20,25 @@
 #    include CI changes
 #  - Validating code committed to a fork branch
 #
-# Note: the rules across the prebuilt_env and local_env templates
+# Note: the rules across the prebuilt and local container scenarios
 # should be logical inverses, such that jobs are mutually exclusive
 #
-.gitlab_native_build_job_prebuilt_env:
-  image: $CI_REGISTRY/$RUN_UPSTREAM_NAMESPACE/libvirt/ci-$NAME:latest
+.gitlab_native_build_job:
+  image: $IMAGE
   stage: builds
   interruptible: true
   before_script:
+    - if test "$IMAGE" == "$TARGET_BASE_IMAGE" ;
+      then
+        source ci/buildenv/$NAME.sh ;
+        install_buildenv ;
+      fi
     - cat /packages.txt
+  variables:
+    IMAGE: $CI_REGISTRY/$RUN_UPSTREAM_NAMESPACE/libvirt/ci-$NAME:latest
   rules:
+    ### Rules where we expect to use pre-built container images
+
     # upstream: pushes to the default branch
     - if: '$CI_PROJECT_NAMESPACE == $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $JOB_OPTIONAL'
       when: manual
@@ -63,49 +72,41 @@
     - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == $CI_DEFAULT_BRANCH'
       when: on_success
 
-    # upstream+forks: that's all folks
-    - when: never
 
-.gitlab_native_build_job_local_env:
-  image: $IMAGE
-  stage: builds
-  interruptible: true
-  before_script:
-    - source ci/buildenv/$NAME.sh
-    - install_buildenv
-    - cat /packages.txt
-  rules:
-    # upstream: pushes to a non-default branch
-    - if: '$CI_PROJECT_NAMESPACE == $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH && $JOB_OPTIONAL'
-      when: manual
-      allow_failure: true
-    - if: '$CI_PROJECT_NAMESPACE == $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH'
-      when: on_success
-
-    # forks: avoid build in local env when job requests run in upstream containers
-    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE_UPSTREAM_ENV'
-      when: never
+    ### Rules where we need to use the target base container image
 
     # forks: pushes to branches with pipeline requested
     - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE && $JOB_OPTIONAL'
       when: manual
       allow_failure: true
+      variables:
+        IMAGE: $TARGET_BASE_IMAGE
     - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE'
       when: on_success
+      variables:
+        IMAGE: $TARGET_BASE_IMAGE
 
     # upstream: other web/api/scheduled pipelines targeting non-default branches
     - if: '$CI_PROJECT_NAMESPACE == $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE =~ /(web|api|schedule)/ && $CI_COMMIT_REF_NAME != $CI_DEFAULT_BRANCH && $JOB_OPTIONAL'
       when: manual
       allow_failure: true
+      variables:
+        IMAGE: $TARGET_BASE_IMAGE
     - if: '$CI_PROJECT_NAMESPACE == $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE =~ /(web|api|schedule)/ && $CI_COMMIT_REF_NAME != $CI_DEFAULT_BRANCH'
       when: on_success
+      variables:
+        IMAGE: $TARGET_BASE_IMAGE
 
     # forks: other web/api/scheduled pipelines
     - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE =~ /(web|api|schedule)/ && $JOB_OPTIONAL'
       when: manual
       allow_failure: true
+      variables:
+        IMAGE: $TARGET_BASE_IMAGE
     - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE =~ /(web|api|schedule)/'
       when: on_success
+      variables:
+        IMAGE: $TARGET_BASE_IMAGE
 
     # upstream+forks: merge requests targeting the default branch, with CI changes
     - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == $CI_DEFAULT_BRANCH && $JOB_OPTIONAL'
@@ -114,18 +115,28 @@
         - ci/containers/$NAME.Dockerfile
       when: manual
       allow_failure: true
+      variables:
+        IMAGE: $TARGET_BASE_IMAGE
     - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == $CI_DEFAULT_BRANCH'
       changes:
         - ci/gitlab/container-templates.yml
         - ci/containers/$NAME.Dockerfile
       when: on_success
+      variables:
+        IMAGE: $TARGET_BASE_IMAGE
 
     # upstream+forks: merge requests targeting non-default branches
     - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != $CI_DEFAULT_BRANCH && $JOB_OPTIONAL'
       when: manual
       allow_failure: true
+      variables:
+        IMAGE: $TARGET_BASE_IMAGE
     - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != $CI_DEFAULT_BRANCH'
       when: on_success
+      variables:
+        IMAGE: $TARGET_BASE_IMAGE
+
+    ### Neither prebuilt or local container images
 
     # upstream+forks: that's all folks
     - when: never
@@ -146,16 +157,25 @@
 #    include CI changes
 #  - Validating code committed to a fork branch
 #
-# Note: the rules across the prebuilt_env and local_env templates
+# Note: the rules across the prebuilt and local container scenarios
 # should be logical inverses, such that jobs are mutually exclusive
 #
-.gitlab_cross_build_job_prebuilt_env:
-  image: $CI_REGISTRY/$RUN_UPSTREAM_NAMESPACE/libvirt/ci-$NAME-cross-$CROSS:latest
+.gitlab_cross_build_job:
+  image: $IMAGE
   stage: builds
   interruptible: true
   before_script:
+    - if test "$IMAGE" == "$TARGET_BASE_IMAGE" ;
+      then
+        source ci/buildenv/$NAME-cross-$CROSS.sh ;
+        install_buildenv ;
+      fi
     - cat /packages.txt
+  variables:
+    IMAGE: $CI_REGISTRY/$RUN_UPSTREAM_NAMESPACE/libvirt/ci-$NAME-cross-$CROSS:latest
   rules:
+    ### Rules where we expect to use pre-built container images
+
     # upstream: pushes to the default branch
     - if: '$CI_PROJECT_NAMESPACE == $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $JOB_OPTIONAL'
       when: manual
@@ -189,49 +209,41 @@
     - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == $CI_DEFAULT_BRANCH'
       when: on_success
 
-    # upstream+forks: that's all folks
-    - when: never
 
-.gitlab_cross_build_job_local_env:
-  image: $IMAGE
-  stage: builds
-  interruptible: true
-  before_script:
-    - source ci/buildenv/$NAME-cross-$CROSS.sh
-    - install_buildenv
-    - cat /packages.txt
-  rules:
-    # upstream: pushes to a non-default branch
-    - if: '$CI_PROJECT_NAMESPACE == $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH && $JOB_OPTIONAL'
-      when: manual
-      allow_failure: true
-    - if: '$CI_PROJECT_NAMESPACE == $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH'
-      when: on_success
-
-    # forks: avoid build in local env when job requests run in upstream containers
-    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE_UPSTREAM_ENV'
-      when: never
+    ### Rules where we need to use the target base container image
 
     # forks: pushes to branches with pipeline requested
     - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE && $JOB_OPTIONAL'
       when: manual
       allow_failure: true
+      variables:
+        IMAGE: $TARGET_BASE_IMAGE
     - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE'
       when: on_success
+      variables:
+        IMAGE: $TARGET_BASE_IMAGE
 
     # upstream: other web/api/scheduled pipelines targeting non-default branches
     - if: '$CI_PROJECT_NAMESPACE == $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE =~ /(web|api|schedule)/ && $CI_COMMIT_REF_NAME != $CI_DEFAULT_BRANCH && $JOB_OPTIONAL'
       when: manual
       allow_failure: true
+      variables:
+        IMAGE: $TARGET_BASE_IMAGE
     - if: '$CI_PROJECT_NAMESPACE == $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE =~ /(web|api|schedule)/ && $CI_COMMIT_REF_NAME != $CI_DEFAULT_BRANCH'
       when: on_success
+      variables:
+        IMAGE: $TARGET_BASE_IMAGE
 
     # forks: other web/api/scheduled pipelines
     - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE =~ /(web|api|schedule)/ && $JOB_OPTIONAL'
       when: manual
       allow_failure: true
+      variables:
+        IMAGE: $TARGET_BASE_IMAGE
     - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE =~ /(web|api|schedule)/'
       when: on_success
+      variables:
+        IMAGE: $TARGET_BASE_IMAGE
 
     # upstream+forks: merge requests targeting the default branch, with CI changes
     - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == $CI_DEFAULT_BRANCH && $JOB_OPTIONAL'
@@ -240,18 +252,28 @@
         - ci/containers/$NAME-cross-$CROSS.Dockerfile
       when: manual
       allow_failure: true
+      variables:
+        IMAGE: $TARGET_BASE_IMAGE
     - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == $CI_DEFAULT_BRANCH'
       changes:
         - ci/gitlab/container-templates.yml
         - ci/containers/$NAME-cross-$CROSS.Dockerfile
       when: on_success
+      variables:
+        IMAGE: $TARGET_BASE_IMAGE
 
     # upstream+forks: merge requests targeting non-default branches
     - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != $CI_DEFAULT_BRANCH && $JOB_OPTIONAL'
       when: manual
       allow_failure: true
+      variables:
+        IMAGE: $TARGET_BASE_IMAGE
     - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != $CI_DEFAULT_BRANCH'
       when: on_success
+      variables:
+        IMAGE: $TARGET_BASE_IMAGE
+
+    ### Neither prebuilt or local container images
 
     # upstream+forks: that's all folks
     - when: never

ci/integration-template.yml

@@ -1,4 +1,5 @@
 .qemu-build-template: &qemu-build-template
+  - pushd "$SCRATCH_DIR"
   - git clone --depth 1 https://gitlab.com/qemu-project/qemu.git
   - cd qemu
   #
@@ -22,6 +23,8 @@
   # other user
   - sudo git config --global --add safe.directory "$SCRATCH_DIR/qemu"
   - sudo make install
+  - sudo restorecon -R /usr
+  - popd
 
 
 .collect-logs: &collect-logs
@@ -44,6 +47,10 @@
 
 .integration_tests:
   stage: integration_tests
+  rules:
+    - if: '$LIBVIRT_CI_INTEGRATION == null'
+      when: never
+    - !reference [.gitlab_native_build_job, rules]
   before_script:
     - mkdir "$SCRATCH_DIR"
     - sudo dnf install -y libvirt-rpms/* libvirt-perl-rpms/* libvirt-python-rpms/*
@@ -62,37 +69,13 @@
       - logs
     when: on_failure
 
-.integration_tests_prebuilt_env:
-  extends: .integration_tests
-  rules:
-    - if: '$LIBVIRT_CI_INTEGRATION == null'
-      when: never
-    - !reference [.gitlab_native_build_job_prebuilt_env, rules]
-
-.integration_tests_local_env:
-  extends: .integration_tests
-  rules:
-    - if: '$LIBVIRT_CI_INTEGRATION == null'
-      when: never
-    - !reference [.gitlab_native_build_job_local_env, rules]
-
 
 # YAML anchors don't work with Shell conditions so we can't use a variable
 # to conditionally build+install QEMU from source.
 # Instead, create a new test job template for this scenario.
 .integration_tests_upstream_qemu:
+  extends:
+    - .integration_tests
   before_script:
     - !reference [.integration_tests, before_script]
-    - cd "$SCRATCH_DIR"
     - *qemu-build-template
-    - sudo restorecon -R /usr
-
-.integration_tests_upstream_qemu_prebuilt_env:
-  extends:
-    - .integration_tests_prebuilt_env
-    - .integration_tests_upstream_qemu
-
-.integration_tests_upstream_qemu_local_env:
-  extends:
-    - .integration_tests_local_env
-    - .integration_tests_upstream_qemu

ci/integration.yml

@@ -5,7 +5,8 @@ include:
 # and libvirt-python CI jobs, so the new target needs to be introduced
 # there before it can be used here. The VM template for the target
 # also needs to be created on the runner host.
-.centos-stream-8-tests:
+centos-stream-8-tests:
+  extends: .integration_tests
   variables:
     # needed by libvirt-gitlab-executor
     DISTRO: centos-stream-8
@@ -13,43 +14,23 @@ include:
     LIBVIRT_CI_INTEGRATION_RUNNER_TAG: redhat-vm-host
   tags:
     - $LIBVIRT_CI_INTEGRATION_RUNNER_TAG
-
-centos-stream-8-tests-prebuilt-env:
-  extends:
-    - .integration_tests_prebuilt_env
-    - .centos-stream-8-tests
   needs:
-    - x86_64-centos-stream-8-prebuilt-env
+    - x86_64-centos-stream-8
     - project: libvirt/libvirt-perl
-      job: x86_64-centos-stream-8-prebuilt-env
+      job: x86_64-centos-stream-8
       ref: master
       artifacts: true
     - project: libvirt/libvirt-python
-      job: x86_64-centos-stream-8-prebuilt-env
+      job: x86_64-centos-stream-8
       ref: master
       artifacts: true
 
-centos-stream-8-tests-local-env:
-  extends:
-    - .integration_tests_local_env
-    - .centos-stream-8-tests
-  needs:
-    - x86_64-centos-stream-8-local-env
-    - project: libvirt/libvirt-perl
-      job: x86_64-centos-stream-8-prebuilt-env
-      ref: master
-      artifacts: true
-    - project: libvirt/libvirt-python
-      job: x86_64-centos-stream-8-prebuilt-env
-      ref: master
-      artifacts: true
-
-
 # NOTE The integration tests use artifacts produced by the libvirt-perl
 # and libvirt-python CI jobs, so the new target needs to be introduced
 # there before it can be used here. The VM template for the target
 # also needs to be created on the runner host.
-.centos-stream-9-tests:
+centos-stream-9-tests:
+  extends: .integration_tests
   variables:
     # needed by libvirt-gitlab-executor
     DISTRO: centos-stream-9
@@ -57,43 +38,23 @@ centos-stream-8-tests-local-env:
     LIBVIRT_CI_INTEGRATION_RUNNER_TAG: redhat-vm-host
   tags:
     - $LIBVIRT_CI_INTEGRATION_RUNNER_TAG
-
-centos-stream-9-tests-prebuilt-env:
-  extends:
-    - .integration_tests_prebuilt_env
-    - .centos-stream-9-tests
   needs:
-    - x86_64-centos-stream-9-prebuilt-env
+    - x86_64-centos-stream-9
     - project: libvirt/libvirt-perl
-      job: x86_64-centos-stream-9-prebuilt-env
+      job: x86_64-centos-stream-9
       ref: master
       artifacts: true
     - project: libvirt/libvirt-python
-      job: x86_64-centos-stream-9-prebuilt-env
+      job: x86_64-centos-stream-9
       ref: master
       artifacts: true
 
-centos-stream-9-tests-local-env:
-  extends:
-    - .integration_tests_local_env
-    - .centos-stream-9-tests
-  needs:
-    - x86_64-centos-stream-9-local-env
-    - project: libvirt/libvirt-perl
-      job: x86_64-centos-stream-9-prebuilt-env
-      ref: master
-      artifacts: true
-    - project: libvirt/libvirt-python
-      job: x86_64-centos-stream-9-prebuilt-env
-      ref: master
-      artifacts: true
-
-
 # NOTE The integration tests use artifacts produced by the libvirt-perl
 # and libvirt-python CI jobs, so the new target needs to be introduced
 # there before it can be used here. The VM template for the target
 # also needs to be created on the runner host.
-.fedora-38-tests:
+fedora-38-tests:
+  extends: .integration_tests
   variables:
     # needed by libvirt-gitlab-executor
     DISTRO: fedora-38
@@ -101,43 +62,23 @@ centos-stream-9-tests-local-env:
     LIBVIRT_CI_INTEGRATION_RUNNER_TAG: redhat-vm-host
   tags:
     - $LIBVIRT_CI_INTEGRATION_RUNNER_TAG
-
-fedora-38-tests-prebuilt-env:
-  extends:
-    - .integration_tests_prebuilt_env
-    - .fedora-38-tests
   needs:
-    - x86_64-fedora-38-prebuilt-env
+    - x86_64-fedora-38
     - project: libvirt/libvirt-perl
-      job: x86_64-fedora-38-prebuilt-env
+      job: x86_64-fedora-38
       ref: master
       artifacts: true
     - project: libvirt/libvirt-python
-      job: x86_64-fedora-38-prebuilt-env
+      job: x86_64-fedora-38
       ref: master
       artifacts: true
 
-fedora-38-tests-local-env:
-  extends:
-    - .integration_tests_local_env
-    - .fedora-38-tests
-  needs:
-    - x86_64-fedora-38-local-env
-    - project: libvirt/libvirt-perl
-      job: x86_64-fedora-38-prebuilt-env
-      ref: master
-      artifacts: true
-    - project: libvirt/libvirt-python
-      job: x86_64-fedora-38-prebuilt-env
-      ref: master
-      artifacts: true
-
-
 # NOTE The integration tests use artifacts produced by the libvirt-perl
 # and libvirt-python CI jobs, so the new target needs to be introduced
 # there before it can be used here. The VM template for the target
 # also needs to be created on the runner host.
-.fedora-39-tests:
+fedora-39-tests:
+  extends: .integration_tests
   variables:
     # needed by libvirt-gitlab-executor
     DISTRO: fedora-39
@@ -145,43 +86,23 @@ fedora-38-tests-local-env:
     LIBVIRT_CI_INTEGRATION_RUNNER_TAG: redhat-vm-host
   tags:
     - $LIBVIRT_CI_INTEGRATION_RUNNER_TAG
-
-fedora-39-tests-prebuilt-env:
-  extends:
-    - .integration_tests_prebuilt_env
-    - .fedora-39-tests
   needs:
-    - x86_64-fedora-39-prebuilt-env
+    - x86_64-fedora-39
     - project: libvirt/libvirt-perl
-      job: x86_64-fedora-39-prebuilt-env
+      job: x86_64-fedora-39
       ref: master
       artifacts: true
     - project: libvirt/libvirt-python
-      job: x86_64-fedora-39-prebuilt-env
+      job: x86_64-fedora-39
       ref: master
       artifacts: true
 
-fedora-39-tests-local-env:
-  extends:
-    - .integration_tests_local_env
-    - .fedora-39-tests
-  needs:
-    - x86_64-fedora-39-local-env
-    - project: libvirt/libvirt-perl
-      job: x86_64-fedora-39-prebuilt-env
-      ref: master
-      artifacts: true
-    - project: libvirt/libvirt-python
-      job: x86_64-fedora-39-prebuilt-env
-      ref: master
-      artifacts: true
-
-
 # NOTE The integration tests use artifacts produced by the libvirt-perl
 # and libvirt-python CI jobs, so the new target needs to be introduced
 # there before it can be used here. The VM template for the target
 # also needs to be created on the runner host.
 .fedora-39-upstream-qemu-tests:
+  extends: .integration_tests
   variables:
     # needed by libvirt-gitlab-executor
     DISTRO: fedora-39
@@ -189,33 +110,13 @@ fedora-39-tests-local-env:
     LIBVIRT_CI_INTEGRATION_RUNNER_TAG: redhat-vm-host
   tags:
     - $LIBVIRT_CI_INTEGRATION_RUNNER_TAG
-
-fedora-39-upstream-qemu-tests-prebuilt-env:
-  extends:
-    - .integration_tests_upstream_qemu_prebuilt_env
-    - .fedora-39-upstream-qemu-tests
   needs:
-    - x86_64-fedora-39-prebuilt-env
+    - x86_64-fedora-39
     - project: libvirt/libvirt-perl
-      job: x86_64-fedora-39-prebuilt-env
+      job: x86_64-fedora-39
       ref: master
       artifacts: true
     - project: libvirt/libvirt-python
-      job: x86_64-fedora-39-prebuilt-env
-      ref: master
-      artifacts: true
-
-fedora-39-upstream-qemu-tests-local-env:
-  extends:
-    - .integration_tests_upstream_qemu_local_env
-    - .fedora-39-upstream-qemu-tests
-  needs:
-    - x86_64-fedora-39-local-env
-    - project: libvirt/libvirt-perl
-      job: x86_64-fedora-39-prebuilt-env
-      ref: master
-      artifacts: true
-    - project: libvirt/libvirt-python
-      job: x86_64-fedora-39-prebuilt-env
+      job: x86_64-fedora-39
       ref: master
       artifacts: true

ci/lcitool/projects/libvirt+minimal.yml

@@ -4,6 +4,7 @@ packages:
   - cpp
   - gcc
   - gettext
+  - gettext-native
   - glib2
   - gnutls
   - libc
@@ -18,6 +19,5 @@ packages:
   - pkg-config
   - python3
   - python3-docutils
-  - rpcgen
   - xmllint
   - xsltproc

ci/lcitool/projects/libvirt.yml

@@ -4,6 +4,7 @@ packages:
   - augeas
   - augeas-lenses
   - bash-completion
+  - black
   - ccache
   - clang
   - codespell
@@ -21,6 +22,7 @@ packages:
   - fuse
   - gcc
   - gettext
+  - gettext-native
   - glib2
   - glusterfs
   - gnutls
@@ -64,12 +66,11 @@ packages:
   - portablexdr
   - python3
   - python3-docutils
+  - python3-pytest
   - qemu-img
   - readline
-  - rpcgen
   - rpmbuild
   - sanlock
-  - scrub
   - sed
   - showmount
   - systemd-rpm-macros

ci/lcitool/targets/freebsd-13.yml

@@ -1,2 +0,0 @@
-cirrus:
-  image_name: freebsd-13-2

docs/advanced-tests.rst

@@ -45,14 +45,14 @@ I.e. to run all tests from 3 to 20 with the exception of tests
 
 ::
 
-  $ VIR_TEST_DEBUG=1 VIR_TEST_RANGE=3-5,7-20,^16 ./run tests/qemuxml2argvtest
+  $ VIR_TEST_DEBUG=1 VIR_TEST_RANGE=3-5,7-20,^16 ./run tests/qemuxmlconftest
 
 Also, individual tests can be run from inside the ``tests/``
 directory, like:
 
 ::
 
-  $ ./qemuxml2xmltest
+  $ ./qemuxmlconftest
 
 If you are adding new test cases, or making changes that alter
 existing test output, you can use the environment variable
@@ -62,7 +62,7 @@ CAREFULLY to ensure they are correct.
 
 ::
 
-  $ VIR_TEST_REGENERATE_OUTPUT=1 ./qemuxml2argvtest
+  $ VIR_TEST_REGENERATE_OUTPUT=1 ./qemuxmlconftest
 
 There is also a ``./run`` script at the top level, to make it
 easier to run programs that have not yet been installed, as
@@ -81,7 +81,7 @@ location where the file is stored.
 
 ::
 
-  $ VIR_TEST_FILE_ACCESS=1 VIR_TEST_FILE_ACCESS_OUTPUT="/tmp/file_access.txt" ./qemuxml2argvtest
+  $ VIR_TEST_FILE_ACCESS=1 VIR_TEST_FILE_ACCESS_OUTPUT="/tmp/file_access.txt" ./qemuxmlconftest
 
 #. The Valgrind test should produce similar output to
 ``ninja test``. If the output has traces within libvirt API's,
@@ -98,9 +98,9 @@ of leak:
   ==5414==    by 0x4CD581D: virDomainDefParseXML (domain_conf.c:10188)
   ==5414==    by 0x4CD8C73: virDomainDefParseNode (domain_conf.c:10640)
   ==5414==    by 0x4CD8DDB: virDomainDefParse (domain_conf.c:10590)
-  ==5414==    by 0x41CB1D: testCompareXMLToArgvHelper (qemuxml2argvtest.c:100)
+  ==5414==    by 0x41CB1D: testCompareXMLToArgvHelper (qemuxmlconftest.c:100)
   ==5414==    by 0x41E20F: virtTestRun (testutils.c:161)
-  ==5414==    by 0x41C7CB: mymain (qemuxml2argvtest.c:866)
+  ==5414==    by 0x41C7CB: mymain (qemuxmlconftest.c:866)
   ==5414==    by 0x41E84A: virtTestMain (testutils.c:723)
   ==5414==    by 0x34D9021734: (below main) (in /usr/lib64/libc-2.15.so)
 

docs/api_extension.rst

@@ -73,14 +73,16 @@ The first task is to define the public API. If the new API involves an
 XML extension, you have to enhance the RelaxNG schema and document the
 new elements or attributes:
 
-``src/conf/schemas/domaincommon.rng         docs/formatdomain.rst``
+* ``src/conf/schemas/domaincommon.rng``
+* ``docs/formatdomain.rst``
 
 If the API extension involves a new function, you have to add a
 declaration in the public header, and arrange to export the function
 name (symbol) so other programs can link against the libvirt library and
 call the new function:
 
-``include/libvirt/libvirt-$MODULE.h.in         src/libvirt_public.syms``
+* ``include/libvirt/libvirt-$MODULE.h.in``
+* ``src/libvirt_public.syms``
 
 Please consult our `coding
 style <coding-style.html#xml-element-and-attribute-naming>`__ guide on
@@ -108,7 +110,7 @@ creation of a new struct type to represent the new driver type.
 
 The driver structs are defined in:
 
-``src/driver-$MODULE.h``
+* ``src/driver-$MODULE.h``
 
 To define the internal API, first typedef the driver function prototype
 and then add a new field for it to the relevant driver struct. Then,
@@ -142,7 +144,7 @@ driver implementation. In RFC 2119 vocabulary, this function:
 
 The public API calls are implemented in:
 
-``src/libvirt-$MODULE.c``
+* ``src/libvirt-$MODULE.c``
 
 Implementing the remote protocol
 --------------------------------
@@ -156,7 +158,7 @@ Defining the wire protocol format
 
 Defining the wire protocol involves making additions to:
 
-``src/remote/remote_protocol.x``
+* ``src/remote/remote_protocol.x``
 
 First, create two new structs for each new function that you're adding
 to the API. One struct describes the parameters to be passed to the
@@ -174,7 +176,11 @@ protocol code. This must be done on a Linux host using the GLibC rpcgen
 program. Other rpcgen versions may generate code which results in bogus
 compile time warnings. This regenerates the following files:
 
-``src/remote/remote_daemon_dispatch_stubs.h         src/remote/remote_daemon_dispatch.h         src/remote/remote_daemon_dispatch.c         src/remote/remote_protocol.c         src/remote/remote_protocol.h``
+* ``src/remote/remote_daemon_dispatch_stubs.h``
+* ``src/remote/remote_daemon_dispatch.h``
+* ``src/remote/remote_daemon_dispatch.c``
+* ``src/remote/remote_protocol.c``
+* ``src/remote/remote_protocol.h``
 
 Implement the RPC client
 ~~~~~~~~~~~~~~~~~~~~~~~~
@@ -182,7 +188,7 @@ Implement the RPC client
 Implementing the RPC client uses the rpcgen generated .h files. The
 remote method calls go in:
 
-``src/remote/remote_driver.c``
+* ``src/remote/remote_driver.c``
 
 Each remote method invocation does the following:
 
@@ -202,7 +208,7 @@ matter of deserializing the parameters passed in from the remote caller
 and passing them to the corresponding internal API function. The server
 side dispatchers are implemented in:
 
-``src/remote/remote_daemon_dispatch.c``
+* ``src/remote/remote_daemon_dispatch.c``
 
 Again, this step uses the .h files generated by make rpcgen.
 
@@ -210,7 +216,7 @@ After all three pieces of the remote protocol are complete, and the
 generated files have been updated, it will be necessary to update the
 file:
 
-``src/remote_protocol-structs``
+* ``src/remote_protocol-structs``
 
 This file should only have new lines added; modifications to existing
 lines probably imply a backwards-incompatible API change.
@@ -246,7 +252,8 @@ those pieces in place you can write the function implementing the virsh
 command. Finally, you need to add the new command to the commands[]
 array. The following files need changes:
 
-``tools/virsh-$MODULE.c         tools/virsh.pod``
+* ``tools/virsh-$MODULE.c``
+* ``tools/virsh.pod``
 
 Implement the driver methods
 ----------------------------

docs/bugs.rst

@@ -99,13 +99,13 @@ that for the data to be really useful libvirt debug information must be present
 for example by installing libvirt debuginfo package on Fedora or Red Hat
 Enterprise Linux (with debuginfo-install libvirt) prior to running gdb.
 
-| It may also happen that the libvirt daemon itself crashes or gets stuck, in
-  the first case run it (as root) under gdb, and reproduce the sequence leading
-  to the crash, similarly to a normal program provide the "bt" backtrace
-  information to where gdb will have stopped.
-| But if libvirtd gets stuck, for example seems to stop processing commands, try
-  to attach to the faulty daemon and issue a gdb command "thread apply all bt"
-  to show all the threads backtraces, as in:
+It may also happen that the libvirt daemon itself crashes or gets stuck, in
+the first case run it (as root) under gdb, and reproduce the sequence leading
+to the crash, similarly to a normal program provide the "bt" backtrace
+information to where gdb will have stopped.
+But if libvirtd gets stuck, for example seems to stop processing commands, try
+to attach to the faulty daemon and issue a gdb command "thread apply all bt"
+to show all the threads backtraces, as in:
 
 ::
 

docs/css/generic.css

@@ -83,3 +83,62 @@ dd code, p code, tt {
 pre {
   font-size: 90%;
 }
+
+pre {
+    border: 1px solid #999999;
+    background: #eeeeee;
+    color: black;
+    padding: 1em;
+}
+
+a {
+    color: rgb(0, 95, 97);
+}
+
+table {
+    border-collapse: collapse;
+    min-width: 60%;
+    margin-left: auto;
+    margin-right: auto;
+}
+
+table th {
+    background: rgb(0, 95, 97);
+    color: rgb(255, 255, 255);
+    padding: 0.5em;
+}
+
+table th a {
+    color: inherit;
+    text-decoration: inherit;
+}
+
+table td, table th {
+    border: 1px solid rgb(60, 133, 124);
+}
+
+table td {
+    padding: 4px;
+}
+
+table tr:hover td, table col:hover td {
+    background: #eeeeee;
+}
+
+table tr td:hover {
+    background: #c5dbd8;
+}
+
+.literal, code {
+    font-family: monospace;
+    background: #eeeeee;
+}
+
+th p, td p {
+    margin-top: 0px;
+    margin-bottom: 0px;
+}
+
+span.del {
+    text-decoration: line-through;
+}