Release of libvirt-11.3.0

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Translated using Weblate (Romanian)
2025-10-04 05:44:48 +03:00 · 2025-05-02 09:25:45 +02:00 · 2025-05-01 11:25:07 +02:00 · 2025-05-01 11:25:07 +02:00 · 2025-04-29 11:08:35 +02:00 · 2025-04-29 11:08:35 +02:00
1231 changed files with 288613 additions and 324429 deletions
--- a/.mailmap
+++ b/.mailmap
@@ -48,6 +48,7 @@
 <shi_lei@massclouds.com> <shilei.massclouds@gmx.com>
 <adrian.brzezinski@eo.pl> <redhat@adrb.pl>
 <matt@datto.com> <mcoleman@datto.com>
+<dbarboza@ventanamicro.com> <danielhb413@gmail.com>

 # Name consolidation:
 # Preferred author spelling <preferred email>
@@ -70,6 +71,7 @@ Wang Yufei (James) <james.wangyufei@huawei.com>
 Deepak C Shetty <dpkshetty@gmail.com>
 Dave Allan <dallan@redhat.com>
 Richard W.M. Jones <rjones@redhat.com>
+Daniel Henrique Barboza <dbarboza@ventanamicro.com>

 # Non-trivial consolidation:
 # see git documentation for information about the format
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -8,13 +8,445 @@ the changes introduced by each of them.
 For a more fine-grained view, use the `git log`_.


-v10.9.0 (unreleased)
+v11.3.0 (2025-05-02)
 ====================

-* **Security**
+* **Removed features**
+
+  * Support for AppArmor versions prior to 3.0.0 has been dropped.
+
+* **New features**
+
+  * xen: Support configuration of ``<hyperv/>`` flags for Xen domains.
+
+    The following flags are now configurable for Xen: ``vapic``, ``synic``,
+    ``stimer``, ``frequencies``, ``tlbflush`` and ``ipi``.
+
+  * bhyve: Support virtio random number generator devices
+
+    Domain XMLs can now include virtio random number generator devices.
+    They are configured with::
+
+     <rng model='virtio'>
+       <backend model='random'/>
+     </rng>
+
+  * bhyve: Support ``<interface type='network'>``
+
+    At the moment it doesn't provide any new features compared to
+    ``<interface type='bridge'>``, but allows a more flexible configuration.
+
+* **Bug fixes**
+
+  * cpu_map: Install Ampere-1 ARM CPU models
+
+    The Ampere-1 CPU models added in the previous release were not properly
+    installed and thus every attempt to start an ARM domain with custom
+    CPU definition would fail.
+
+  * storage: Fix new volume creation
+
+    No more errors occur when new storage volume is being created using ``virsh
+    vol-create`` with ``--validate`` option and/or ``virStorageVolCreateXML()``
+    with ``VIR_VOL_XML_PARSE_VALIDATE`` flag.
+
+  * Don't spam logs with error about ``qemu-rdp`` when starting a qemu VM
+
+    On hosts where the ``qemu-rdp`` binary is not installed a start of a VM
+    would cause an error such as ::
+
+      error : qemuRdpNewForHelper:103 : 'qemu-rdp' is not a suitable qemu-rdp helper name: No such file or directory
+
+    to be logged in the system log. It is safe to ignore the error. The code
+    was fixed to avoid the message when probing for support.
+
+  * Fix libvirt daemon crash on failure to hotplug a disk into a ``qemu`` VM
+
+    Some failures of disk hotplug could cause the libvirt daemon to crash due
+    to a bug when rolling back disk throttling filters.
+
+
+v11.2.0 (2025-04-01)
+====================

 * **Removed features**

+  * Remove support for qemu-6.1 and older
+
+    Libvirt now requires *qemu-6.2* or newer based on our platform support
+    policy.
+
+* **New features**
+
+  * qemu: Add new 'image_format' parameter to virDomainSaveParams
+
+    ``virDomainSaveParams`` now supports an ``image_format`` parameter for
+    specifying the save image format on a per-domain basis. The parameter
+    accepts the same values as the driver-wide ``save_image_format`` setting
+    in ``qemu.conf``. An image format specified via ``virDomainSaveParams``
+    takes precedence over the driver-wide setting.
+
+  * qemu: Added guest load averages to the output of virDomainGetGuestInfo
+
+    This feature will be available with qemu guest agent 10.0 onwards.
+
+  * qemu: Add support for multiple iothreads for ``virtio-scsi`` controller
+
+    It's now possible to map multiple iothreads to the ``virtio-scsi`` controller
+    or even map them to specific virtqueues similarly to the ``virtio-blk``
+    device allowing for better performance in certain scenarios.
+
+  * qemu: integrate support for VM shutdown on host shutdown
+
+    It is now possible to instruct the QEMU driver to automatically perform
+    managed save, graceful shutdown, or hard poweroff on running VMs, when a
+    host shutdown is requested. This feature is intended to eventually replace
+    usage of the libvirt-guests script. The new approach improves on the
+    libvirt-guests script, by proactively monitoring logind for a signal that
+    a host shutdown has been requested. It will initiate the chosen action on
+    running guests immediately, allowing shutdown inhibitors to be released
+    sooner. The new solution is also able to iteratively try multiple actions
+    until one of them succeeds in shutting down the VM.
+
+    Since it must be mutually exclusive with the libvirt-guests script, this
+    feature currently requires a manual opt-in through editing of the
+    /etc/libvirt/qemu.conf configuration file. The libvirt-guests script must
+    be disabled before doing this.
+
+  * qemu: Add 'sparse' as a new save image format
+
+    QEMU's ``file`` migration has been supplemented with the new stream format
+    ``mapped-ram``, where RAM pages are mapped directly to offsets in the
+    migration file. ``mapped-ram`` is now supported by augmenting the existing
+    save image formats with the ``sparse`` format.
+
+  * qemu: Add support for parallel save/restore
+
+    The ``sparse`` image format can support reading and writing by multiple
+    channels. ``virDomainSaveParams`` and ``virDomainRestoreParams`` now
+    support specifying the number of IO channels used for parallel save and
+    restore. Using multiple channels can reduce the time required to save
+    and restore domains.
+
+  * virsh: Introduce new hypervisor-cpu-models command
+
+    Added a new virsh command ``hypervisor-cpu-models``. The command pulls from
+    the existing domcapabilities XML and uses xpath to parse CPU model strings.
+    By default, only models reported as usable by the hypervisor on the host
+    system are printed. A user may specify ``--all`` to also print models which
+    are not supported on the host.
+
+  * qemu: Introduce os/shim element
+
+    For secure boot environments where ``<loader/>`` is signed, it may be
+    unfeasible to keep the binary up to date (esp. when revoking certificates
+    contained within). To address that, new ``<shim/>`` element is introduced
+    which allows hypervisor to side load another UEFI binary, which can then
+    contain new certification authorities and/or list of revocations.
+
+  * ch: Enable SEV SNP support
+
+    Cloud Hypervisor guests can be now started with SEV SNP enabled.
+
+  * qemu: Support for Block Disk Along with Throttle Filters
+
+    Introduce support for multiple throttle groups per block disk in QEMU,
+    enhancing I/O control and performance optimization. This update builds
+    on the existing throttling functionality by allowing more granular control
+    with the ability to assign different throttle groups to multiple block
+    devices, improving shared throttling across devices.
+
+* **Improvements**
+
+  * qemu: Improved guest agent corner case error reporting
+
+    The APIs using the guest agent now report two specific error codes aimed at
+    helping management applications/users to differentiate between timeout
+    while libvirt was synchronizing with the guest agent and timeout after a
+    command was already sent.
+
+    The new error codes are ``VIR_ERR_AGENT_COMMAND_TIMEOUT`` and
+    ``VIR_ERR_AGENT_COMMAND_FAILED``.
+
+  * qemu: Use common check for shared memory use for ``vhost-user`` network devices
+
+    Historically libvirt printed only a warning if the ``vhost-user`` network
+    was misconfigured. Since we enforce proper configuration for other device
+    types using ``vhost-user`` it is now enforced also for network devices and
+    prints an actual error on misconfiguration.
+
+  * Introduce constants for discoverability of entries in bulk stats APIs
+
+    Libvirt introduced constants exposed by our API description XML which allows
+    discoverability of new entries in typed parameter names returned by
+    ``virConnectGetAllDomainStats``, ``virDomainListGetStats``, and
+    ``virDomainGetGuestInfo``.
+
+  * qemu: Reflect MAC address change in live domain XML
+
+    When a guest changes MAC address on one of its vNICs the new MAC address is
+    now visible in the live XML under ``currentAddress`` attribute of
+    ``<mac/>`` element. At the same time,
+    ``VIR_DOMAIN_EVENT_ID_NIC_MAC_CHANGE`` event is emitted so that management
+    applications can update their internal state.
+
+* **Bug fixes**
+
+  * qemu: attach virtio-mem with CCW address
+
+    Attaching a virtio-mem device on s390 without an address type now gets a
+    default type CCW address assigned. A specified CCW address is now used for
+    the virtio-mem device instead of getting overwritten by a PCI address.
+
+  * ch: Various memory leak fixes
+
+    There were some memory leaks identified in the Cloud Hypervisor driver.
+    They are fixed now.
+
+
+v11.1.0 (2025-03-03)
+====================
+
+* **Packaging changes**
+
+  * De-modularize the 'fs' storage file backend
+
+    The storage file backend for local files uses only code which we compile
+    into the internal libraries anyways so there's no point in having it
+    as a loadable module. The ``storage-file/libvirt_storage_file_fs.so`` module
+    no longer exists and its functionality is embedded directly.
+
+* **Removed features**
+
+  * vbox: removed support for version 6.1 APIs
+
+    Libvirt no longer supports use of VirtualBox 6.1 since this version reached
+    its end of life on 2024/01.
+
+* **New features**
+
+  * nodedev: Support ccwgroup based qeth devices
+
+    CCW group devices are devices that use multiple subchannels on the
+    mainframe's channel subsystem. A qeth group device maps to subchannels and
+    their corresponding device numbers and device bus-IDs. The ``ccwgroup``
+    device nodes are placed besides the subchannel nodes under computer and list
+    the group members within a new ``ccwgroup`` capability. A new capability
+    ``ccwgroup_member`` is added into capability ``ccw`` to represent a device
+    membership to a ccwgroup. Filters are added to find ccwgroups as well as
+    ccwgroup members.
+
+  * ch: Support handling events from cloud-hypervisor
+
+    The ch driver now supports handling events from the cloud-hypervisor.
+    Events include VM lifecyle operations such as  shutdown, pause, resume,
+    etc. Libvirt will now read these events and take actions such as
+    updating domain state, etc.
+
+  * Introduce virtio-mem ``<memory/>`` model for s390 guests
+
+    The virtio-mem model of ``<memory/>`` device can now be used with s390
+    guests.
+
+  * Support using passt as the backend for interface type='vhostuser'
+
+    The combination of vhostuser transport with passt as the backend
+    provides high performance, fully featured networking without the
+    need for libvirt or QEMU to have any elevated privileges or
+    capabilities. Configuration and features are identical to the
+    configuration for type='user' with the passt backend.
+
+* **Improvements**
+
+  * qemu: I/O error messages can be queried via ``virDomainGetMessages()``
+
+    The qemu hypervisor driver now preserves the last I/O error message along
+    with the timestamp when it was recorded and preserves it to be queried via
+    ``virDomainGetMessages()``.
+
+* **Bug fixes**
+
+  * tools: ssh-proxy: Check if domain is running before connecting to it
+
+    If domain is not running but has a static CID configured for its VSOCK then
+    the ssh-proxy parsed it anyways. This may have resulted in mistakenly
+    connecting to a different domain. Domain status is checked before parsing
+    its CID.
+
+  * apparmor: Allow SGX if configured
+
+    If domain has ``<memory model='sgx-epc'\>`` configured then libvirt now
+    adds corresponding devices into a per-domain profile so that AppArmor does
+    not deny QEMU access to them.
+
+  * qemu: Fix crash when starting a domain on a host with unknown host CPU
+
+    On hosts where we cannot detect a host CPU model (mostly aarch64 hosts)
+    starting a domain with a custom CPU model caused a crash of virtqemud.
+
+    The bug was introduced in libvirt-10.9.0
+
+
+v11.0.0 (2025-01-15)
+====================
+
+* **New features**
+
+  * network/qemu/lxc: support vlans on standard Linux host bridges
+
+    The network, qemu, and lxc drivers now support (using the
+    ``<vlan>`` subelement) vlan tagging and trunking on network
+    interfaces connected to a standard Linux host bridge.
+
+  * qemu: Add support for direct and extended tlbflush features
+
+    Domains can now utilise more tlbflush hyperv features.
+
+* **Improvements**
+
+  * ch: Enable user aliases
+
+    User can now specify custom aliases for devices in domain XML
+
+  * qemu: Grab a QUERY job when formatting domain XML
+
+    Under some specific conditions it might have happened that domain XML did
+    not contain runtime information or returned an XML that's in process of
+    changing (e.g. by a thread that's hotplugging a device). Formatting domain
+    XML now serializes properly with other threads.
+
+  * virtiofs: Allow read only mode
+
+    The ``<filesystem/>`` with `virtiofsd` backend can now use ``<readonly/>``
+    tag to export underlying filesystem in read only mode.
+
+  * qemu: allow migration of vGPU from mdev device <-> SRIOV VF device
+
+    Some GPU vendors are switching from using vGPUs creating using
+    mdev and identified with a uuid, to vGPUs created as SRIOV VFs and
+    identified by their PCI address, and want to support live
+    migration from a host using one type of vGPU to the other
+    type. This is now possible.
+
+* **Bug fixes**
+
+  * qemu: tpm: do not update profile name for transient domains
+
+    Fix a possible crash when starting a transient domain which was
+    introduced in the previous release.
+
+  * qemu: Fix snapshot to not delete disk image with internal snapshot
+
+    When a VM has internal snapshot that is parent to external snapshot and user
+    reverts to the internal snapshot and deletes the external snapshot libvirt
+    would delete the disk image containing the internal snapshot. This would
+    result in data loss.
+
+  * qemu: Do not format invalid XML with hyperv features in passthrough mode
+
+    When hyperv features were specified together with ``mode="passthrough"``
+    libvirt parsed and formatted such features in the domain XML even though
+    they were not used at all, resulting in XML that is not valid based on our
+    schema.  This is now fixed by not parsing any specified features when the
+    passthrough mode is used.
+
+  * qemu: Fix a crash when starting a domain with ovs bridge and QOS
+
+  * cpu: Add missing -v1 variants for CPU models
+
+    Some CPU models (mostly old ones) were missed when versioned CPU model
+    names were introduced in the previous release.
+
+  * qemu: Fix false error when recovering failed post-copy migration
+
+    In some cases libvirt would report a failure to recover post-copy migration
+    even though the recovery started just fine and migration would eventually
+    successfully finish.
+
+
+v10.10.0 (2024-12-02)
+=====================
+
+* **New features**
+
+  * qemu: add multi boot device support on s390x
+
+    For classical mainframe guests (i.e. LPAR or z/VM installations), you
+    always have to explicitly specify the disk where you want to boot from (or
+    "IPL" from, in s390x-speak -- IPL means "Initial Program Load").
+
+    In the past QEMU only used the first device in the boot order to IPL from.
+    With the new multi boot device support on s390x that is available with QEMU
+    version 9.2 and newer, this limitation is lifted. If the IPL fails for the
+    first device with the lowest boot index, the device with the second lowest
+    boot index will be tried and so on until IPL is successful or there are no
+    remaining boot devices to try.
+
+    Limitation: The s390x BIOS will try to IPL up to 8 total devices, any
+    number of which may be disks or network devices.
+
+  * qemu: Add support for versioned CPU models
+
+    Updates to QEMU CPU models with -vN suffix can now be used in libvirt just
+    like any other CPU model.
+
+  * qemu: Support for the 'data-file' QCOW2 image feature
+
+    The QEMU hypervisor driver now supports QCOW2 images with 'data-file'
+    feature present (both when probing form the image itself and when specified
+    explicitly via ``<dataStore>`` element). This can be useful when it's
+    required to keep data "raw" on disk, but the use case requires features
+    of the QCOW2 format such as incremental backups.
+
+  * swtpm: Add support for profiles
+
+    Upcoming swtpm release will have TPM profile support that allows to
+    restrict a TPM's provided set of crypto algorithms and commands. Users can
+    now select profile by using ``<profile/>`` in their TPM XML definition.
+
+* **Improvements**
+
+  * qemu: Support UEFI NVRAM images on block storage
+
+    Libvirt now allows users to use block storage as backend for UEFI NVRAM
+    images and allows them to be in format different than the template. When
+    qcow2 is used as the format, the images are now also auto-populated from the
+    template.
+
+  * qemu: Automatically add IOMMU when needed
+
+    When domain of 'qemu' or 'kvm' type has more than 255 vCPUs IOMMU with EIM
+    mode is required. Starting with this release libvirt automatically adds one
+    (or turns on the EIM mode if there's IOMMU without it).
+
+  * ch: allow hostdevs in domain definition
+
+    The Cloud Hypervisor driver (ch) now supports ``<hostdev/>``-s.
+
+  * ch: Enable callbacks for ch domain events
+
+    The Cloud Hypervisor driver (ch) now supports emitting events on domain
+    define, undefine, start, boot, stop and destroy.
+
+* **Bug fixes**
+
+  * qemu: Fix reversion and inactive deletion of internal snapshots with UEFI NVRAM
+
+    In `v10.9.0 (2024-11-01)`_ creation of internal snapshots of VMs with UEFI
+    firmware was allowed, but certain operations such as reversion or inactive
+    deletion didn't work properly as they didn't consider the NVRAM qcow2 file.
+
+  * virnetdevopenvswitch: Warn on unsupported QoS settings
+
+    For OpenVSwitch vNICs libivrt does not set QoS directly using 'tc' but
+    offloads setting to OVS. But OVS is not as feature full as libvirt in this
+    regard and setting different 'peak' than 'average' results in vNIC always
+    sticking with 'peak'. Produce a warning if that's the case.
+
+
+v10.9.0 (2024-11-01)
+====================
+
 * **New features**

  * qemu: zero block detection for non-shared-storage migration
@@ -60,9 +492,6 @@ v10.9.0 (unreleased)
    ``<blockers model='...'>`` element is added for that CPU model listing
    features required by the CPU model, but not supported on the host.

-* **Bug fixes**
-
-
 v10.8.0 (2024-10-01)
 ====================

@@ -175,6 +604,17 @@ v10.7.0 (2024-09-02)
    domain XML for descendants of the generic PC machine type (``i440fx``,
    ``q35``, ``xenfv`` and ``isapc``).

+  * qemu: Add support for hyperv enlightenment feature ``hv-emsr-bitmap``
+
+    It is introduced since ``QEMU 7.10``, allowing L0 (KVM) and L1 (Hyper-V)
+    hypervisors to collaborate to avoid unnecessary updates to L2 MSR-Bitmap
+    upon vmexits.
+
+  * qemu: Add support for hyperv enlightenment feature ``hv-xmm-input``
+
+    It is introduced since ``QEMU 7.10``, allowing to pass parameters for
+    certain hypercalls using XMM registers (“XMM Fast Hypercall Input”).
+
 * **Improvements**

  * ch: support restore with network devices
@@ -304,6 +744,18 @@ v10.5.0 (2024-07-01)
 v10.4.0 (2024-06-03)
 ====================

+* **Security**
+
+  * ``CVE-2024-4418``: Fix stack use-after-free in virNetClientIOEventLoop()
+
+    Fix race condition leading to a stack use-after-free bug was found in libvirt.
+    Due to a bad assumption in the virNetClientIOEventLoop() method, the data
+    pointer to a stack-allocated virNetClientIOEventData structure ended up being
+    used in the virNetClientIOEventFD callback while the data pointer's stack frame
+    was concurrently being "freed" when returning from virNetClientIOEventLoop().
+    This flaw allows a local, unprivileged user to access virtproxyd without
+    authenticating.
+
 * **New features**

  * qemu: Support for ras feature for virt machine type
@@ -457,6 +909,18 @@ v10.3.0 (2024-05-02)
 v10.2.0 (2024-04-02)
 ====================

+* **Security**
+
+  * ``CVE-2024-2494``: remote: check for negative array lengths before allocation
+
+   Fix the flaw of the RPC library APIs of libvirt. The RPC server
+   de-serialization code allocates memory for arrays before the non-negative
+   length check is performed by the C API entry points. Passing a negative length
+   to the g_new0 function results in a crash due to the negative length being
+   treated as a huge positive number. A local unprivileged user could use this
+   flaw to perform a denial of service attack by causing the libvirt daemon to
+   crash.
+
 * **New features**

  * ch: Basic save and restore support for ch driver
@@ -847,6 +1311,10 @@ v9.8.0 (2023-10-02)
        <source dev='/dev/vhost-vdpa-0'>
        ...

+  * cpu_map: Add the EPYC-Genoa cpu model
+
+    This model is introduced since ``QEMU 8.1``.
+
 * **Improvements**

  * qemu: add nbdkit backend for network disks
--- a/build-aux/syntax-check.mk
+++ b/build-aux/syntax-check.mk
@@ -92,8 +92,8 @@ sc_prohibit_raw_virclassnew:

 # Avoid raw malloc and free, except in documentation comments.
 sc_prohibit_raw_allocation:
-	@prohibit='^.[^*].*\<((m|c|re)alloc|free) *\([^)]' \
-	halt='use VIR_ macros from viralloc.h instead of malloc/free' \
+	@prohibit='^.[^*].*\<((m|c|re)alloc|free|g_malloc) *\([^)]' \
+	halt='use g_new0/g_malloc0/g_free instead of malloc/free/g_malloc' \
 	  $(_sc_search_regexp)

 # Avoid functions that can lead to double-close bugs.
@@ -401,6 +401,8 @@ msg_gen_function += virReportError
 msg_gen_function += virReportErrorHelper
 msg_gen_function += virReportSystemError
 msg_gen_function += virLastErrorPrefixMessage
+msg_gen_function += vshError
+msg_gen_function += vshWarn

 # Uncomment the following and run "ninja test" to see diagnostics
 # that are not yet marked for translation, but that need to be rewritten
@@ -408,7 +410,6 @@ msg_gen_function += virLastErrorPrefixMessage
 # msg_gen_function += fprintf
 # msg_gen_function += testError
 # msg_gen_function += vshPrint
-# msg_gen_function += vshError

 space = $(null) $(null)
 func_re= ($(subst $(space),|,$(msg_gen_function)))
@@ -1135,7 +1136,7 @@ sc_prohibit_backup_files:
 sc_avoid_remote_reference_to_local_file:
 	@prohibit='<#' \
 	in_vc_files='\.rst$$' \
-	halt='use local reference within a file' \
+	halt='use `section`_ or `here <section_>`__ instead of `here <#section>`__' \
 	  $(_sc_search_regexp)

 # This Perl code is slightly obfuscated.  Not only is each "$" doubled
@@ -1273,9 +1274,10 @@ po_file ?= $(top_srcdir)/po/POTFILES
 # This is all generated files for RPC code.
 generated_files = \
  $(top_builddir)/src/*.[ch] \
-  $(top_builddir)/src/*/*.[ch]
+  $(top_builddir)/src/*/*.[ch] \
+  $(top_builddir)/src/*/*.policy.in

-_gl_translatable_string_re ?= \b(N?_|gettext *)\([^)"]*("|$$)
+_gl_translatable_string_re ?= (^<policyconfig>|\b(N?_|gettext *)\([^)"]*("|$$))

 # sc_po_check can fail if generated files are not built first
 sc_po_check:
@@ -1437,7 +1439,7 @@ exclude_file_name_regexp--sc_require_config_h_first = \
 	^(examples/|tools/virsh-edit\.c$$|tests/virmockstathelpers\.c$$|scripts/rpcgen/tests/test_demo\.c$$)

 exclude_file_name_regexp--sc_trailing_blank = \
-  /sysinfodata/.*\.data|/virhostcpudata/.*\.cpuinfo|tests/virshtestdata/.*$$
+  /sysinfodata/.*\.data|/virhostcpudata/.*\.cpuinfo|tests/virshtestdata/.*|docs/fonts|scripts/rpcgen/tests/.*\.bin|tests/viracpidata/.*|tests/virpcitestdata/*|tests/virstoragetestdata/images/.*\.qcow2$$

 exclude_file_name_regexp--sc_unmarked_diagnostics = \
  ^(scripts/apibuild.py|tests/virt-aa-helper-test|docs/js/.*\.js)$$
--- a/ci/buildenv/alpine-321.sh
+++ b/ci/buildenv/alpine-321.sh
--- a/ci/buildenv/debian-11-cross-aarch64.sh
+++ b/ci/buildenv/debian-11-cross-aarch64.sh
@@ -1,117 +0,0 @@
-# THIS FILE WAS AUTO-GENERATED
-#
-#  $ lcitool manifest ci/manifest.yml
-#
-# https://gitlab.com/libvirt/libvirt-ci
-
-function install_buildenv() {
-    export DEBIAN_FRONTEND=noninteractive
-    apt-get update
-    apt-get dist-upgrade -y
-    apt-get install --no-install-recommends -y \
-            augeas-lenses \
-            augeas-tools \
-            bash-completion \
-            black \
-            ca-certificates \
-            ccache \
-            codespell \
-            cpp \
-            diffutils \
-            dwarves \
-            ebtables \
-            flake8 \
-            gettext \
-            git \
-            grep \
-            iproute2 \
-            iptables \
-            kmod \
-            libclang-dev \
-            libxml2-utils \
-            locales \
-            lvm2 \
-            make \
-            meson \
-            nfs-common \
-            ninja-build \
-            numad \
-            open-iscsi \
-            perl-base \
-            pkgconf \
-            policykit-1 \
-            python3 \
-            python3-docutils \
-            python3-pytest \
-            qemu-utils \
-            sed \
-            xsltproc
-    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
-    dpkg-reconfigure locales
-    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
-    export DEBIAN_FRONTEND=noninteractive
-    dpkg --add-architecture arm64
-    apt-get update
-    apt-get dist-upgrade -y
-    apt-get install --no-install-recommends -y dpkg-dev
-    apt-get install --no-install-recommends -y \
-            gcc-aarch64-linux-gnu \
-            libacl1-dev:arm64 \
-            libapparmor-dev:arm64 \
-            libattr1-dev:arm64 \
-            libaudit-dev:arm64 \
-            libblkid-dev:arm64 \
-            libc6-dev:arm64 \
-            libcap-ng-dev:arm64 \
-            libcurl4-gnutls-dev:arm64 \
-            libdevmapper-dev:arm64 \
-            libfuse-dev:arm64 \
-            libglib2.0-dev:arm64 \
-            libglusterfs-dev:arm64 \
-            libgnutls28-dev:arm64 \
-            libiscsi-dev:arm64 \
-            libjson-c-dev:arm64 \
-            libnl-3-dev:arm64 \
-            libnl-route-3-dev:arm64 \
-            libnuma-dev:arm64 \
-            libparted-dev:arm64 \
-            libpcap0.8-dev:arm64 \
-            libpciaccess-dev:arm64 \
-            librbd-dev:arm64 \
-            libreadline-dev:arm64 \
-            libsanlock-dev:arm64 \
-            libsasl2-dev:arm64 \
-            libselinux1-dev:arm64 \
-            libssh-gcrypt-dev:arm64 \
-            libssh2-1-dev:arm64 \
-            libtirpc-dev:arm64 \
-            libudev-dev:arm64 \
-            libxen-dev:arm64 \
-            libxml2-dev:arm64 \
-            systemtap-sdt-dev:arm64
-    mkdir -p /usr/local/share/meson/cross
-    printf "[binaries]\n\
-c = '/usr/bin/aarch64-linux-gnu-gcc'\n\
-ar = '/usr/bin/aarch64-linux-gnu-gcc-ar'\n\
-strip = '/usr/bin/aarch64-linux-gnu-strip'\n\
-pkgconfig = '/usr/bin/aarch64-linux-gnu-pkg-config'\n\
-\n\
-[host_machine]\n\
-system = 'linux'\n\
-cpu_family = 'aarch64'\n\
-cpu = 'aarch64'\n\
-endian = 'little'\n" > /usr/local/share/meson/cross/aarch64-linux-gnu
-    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt
-    mkdir -p /usr/libexec/ccache-wrappers
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/aarch64-linux-gnu-cc
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/aarch64-linux-gnu-gcc
-}
-
-export CCACHE_WRAPPERSDIR="/usr/libexec/ccache-wrappers"
-export LANG="en_US.UTF-8"
-export MAKE="/usr/bin/make"
-export NINJA="/usr/bin/ninja"
-export PYTHON="/usr/bin/python3"
-
-export ABI="aarch64-linux-gnu"
-export MESON_OPTS="--cross-file=aarch64-linux-gnu"
--- a/ci/buildenv/debian-11-cross-armv6l.sh
+++ b/ci/buildenv/debian-11-cross-armv6l.sh
@@ -1,116 +0,0 @@
-# THIS FILE WAS AUTO-GENERATED
-#
-#  $ lcitool manifest ci/manifest.yml
-#
-# https://gitlab.com/libvirt/libvirt-ci
-
-function install_buildenv() {
-    export DEBIAN_FRONTEND=noninteractive
-    apt-get update
-    apt-get dist-upgrade -y
-    apt-get install --no-install-recommends -y \
-            augeas-lenses \
-            augeas-tools \
-            bash-completion \
-            black \
-            ca-certificates \
-            ccache \
-            codespell \
-            cpp \
-            diffutils \
-            dwarves \
-            ebtables \
-            flake8 \
-            gettext \
-            git \
-            grep \
-            iproute2 \
-            iptables \
-            kmod \
-            libclang-dev \
-            libxml2-utils \
-            locales \
-            lvm2 \
-            make \
-            meson \
-            nfs-common \
-            ninja-build \
-            numad \
-            open-iscsi \
-            perl-base \
-            pkgconf \
-            policykit-1 \
-            python3 \
-            python3-docutils \
-            python3-pytest \
-            qemu-utils \
-            sed \
-            xsltproc
-    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
-    dpkg-reconfigure locales
-    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
-    export DEBIAN_FRONTEND=noninteractive
-    dpkg --add-architecture armel
-    apt-get update
-    apt-get dist-upgrade -y
-    apt-get install --no-install-recommends -y dpkg-dev
-    apt-get install --no-install-recommends -y \
-            gcc-arm-linux-gnueabi \
-            libacl1-dev:armel \
-            libapparmor-dev:armel \
-            libattr1-dev:armel \
-            libaudit-dev:armel \
-            libblkid-dev:armel \
-            libc6-dev:armel \
-            libcap-ng-dev:armel \
-            libcurl4-gnutls-dev:armel \
-            libdevmapper-dev:armel \
-            libfuse-dev:armel \
-            libglib2.0-dev:armel \
-            libglusterfs-dev:armel \
-            libgnutls28-dev:armel \
-            libiscsi-dev:armel \
-            libjson-c-dev:armel \
-            libnl-3-dev:armel \
-            libnl-route-3-dev:armel \
-            libnuma-dev:armel \
-            libparted-dev:armel \
-            libpcap0.8-dev:armel \
-            libpciaccess-dev:armel \
-            librbd-dev:armel \
-            libreadline-dev:armel \
-            libsanlock-dev:armel \
-            libsasl2-dev:armel \
-            libselinux1-dev:armel \
-            libssh-gcrypt-dev:armel \
-            libssh2-1-dev:armel \
-            libtirpc-dev:armel \
-            libudev-dev:armel \
-            libxml2-dev:armel \
-            systemtap-sdt-dev:armel
-    mkdir -p /usr/local/share/meson/cross
-    printf "[binaries]\n\
-c = '/usr/bin/arm-linux-gnueabi-gcc'\n\
-ar = '/usr/bin/arm-linux-gnueabi-gcc-ar'\n\
-strip = '/usr/bin/arm-linux-gnueabi-strip'\n\
-pkgconfig = '/usr/bin/arm-linux-gnueabi-pkg-config'\n\
-\n\
-[host_machine]\n\
-system = 'linux'\n\
-cpu_family = 'arm'\n\
-cpu = 'arm'\n\
-endian = 'little'\n" > /usr/local/share/meson/cross/arm-linux-gnueabi
-    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt
-    mkdir -p /usr/libexec/ccache-wrappers
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabi-cc
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabi-gcc
-}
-
-export CCACHE_WRAPPERSDIR="/usr/libexec/ccache-wrappers"
-export LANG="en_US.UTF-8"
-export MAKE="/usr/bin/make"
-export NINJA="/usr/bin/ninja"
-export PYTHON="/usr/bin/python3"
-
-export ABI="arm-linux-gnueabi"
-export MESON_OPTS="--cross-file=arm-linux-gnueabi"
--- a/ci/buildenv/debian-11-cross-armv7l.sh
+++ b/ci/buildenv/debian-11-cross-armv7l.sh
@@ -1,117 +0,0 @@
-# THIS FILE WAS AUTO-GENERATED
-#
-#  $ lcitool manifest ci/manifest.yml
-#
-# https://gitlab.com/libvirt/libvirt-ci
-
-function install_buildenv() {
-    export DEBIAN_FRONTEND=noninteractive
-    apt-get update
-    apt-get dist-upgrade -y
-    apt-get install --no-install-recommends -y \
-            augeas-lenses \
-            augeas-tools \
-            bash-completion \
-            black \
-            ca-certificates \
-            ccache \
-            codespell \
-            cpp \
-            diffutils \
-            dwarves \
-            ebtables \
-            flake8 \
-            gettext \
-            git \
-            grep \
-            iproute2 \
-            iptables \
-            kmod \
-            libclang-dev \
-            libxml2-utils \
-            locales \
-            lvm2 \
-            make \
-            meson \
-            nfs-common \
-            ninja-build \
-            numad \
-            open-iscsi \
-            perl-base \
-            pkgconf \
-            policykit-1 \
-            python3 \
-            python3-docutils \
-            python3-pytest \
-            qemu-utils \
-            sed \
-            xsltproc
-    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
-    dpkg-reconfigure locales
-    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
-    export DEBIAN_FRONTEND=noninteractive
-    dpkg --add-architecture armhf
-    apt-get update
-    apt-get dist-upgrade -y
-    apt-get install --no-install-recommends -y dpkg-dev
-    apt-get install --no-install-recommends -y \
-            gcc-arm-linux-gnueabihf \
-            libacl1-dev:armhf \
-            libapparmor-dev:armhf \
-            libattr1-dev:armhf \
-            libaudit-dev:armhf \
-            libblkid-dev:armhf \
-            libc6-dev:armhf \
-            libcap-ng-dev:armhf \
-            libcurl4-gnutls-dev:armhf \
-            libdevmapper-dev:armhf \
-            libfuse-dev:armhf \
-            libglib2.0-dev:armhf \
-            libglusterfs-dev:armhf \
-            libgnutls28-dev:armhf \
-            libiscsi-dev:armhf \
-            libjson-c-dev:armhf \
-            libnl-3-dev:armhf \
-            libnl-route-3-dev:armhf \
-            libnuma-dev:armhf \
-            libparted-dev:armhf \
-            libpcap0.8-dev:armhf \
-            libpciaccess-dev:armhf \
-            librbd-dev:armhf \
-            libreadline-dev:armhf \
-            libsanlock-dev:armhf \
-            libsasl2-dev:armhf \
-            libselinux1-dev:armhf \
-            libssh-gcrypt-dev:armhf \
-            libssh2-1-dev:armhf \
-            libtirpc-dev:armhf \
-            libudev-dev:armhf \
-            libxen-dev:armhf \
-            libxml2-dev:armhf \
-            systemtap-sdt-dev:armhf
-    mkdir -p /usr/local/share/meson/cross
-    printf "[binaries]\n\
-c = '/usr/bin/arm-linux-gnueabihf-gcc'\n\
-ar = '/usr/bin/arm-linux-gnueabihf-gcc-ar'\n\
-strip = '/usr/bin/arm-linux-gnueabihf-strip'\n\
-pkgconfig = '/usr/bin/arm-linux-gnueabihf-pkg-config'\n\
-\n\
-[host_machine]\n\
-system = 'linux'\n\
-cpu_family = 'arm'\n\
-cpu = 'armhf'\n\
-endian = 'little'\n" > /usr/local/share/meson/cross/arm-linux-gnueabihf
-    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt
-    mkdir -p /usr/libexec/ccache-wrappers
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabihf-cc
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabihf-gcc
-}
-
-export CCACHE_WRAPPERSDIR="/usr/libexec/ccache-wrappers"
-export LANG="en_US.UTF-8"
-export MAKE="/usr/bin/make"
-export NINJA="/usr/bin/ninja"
-export PYTHON="/usr/bin/python3"
-
-export ABI="arm-linux-gnueabihf"
-export MESON_OPTS="--cross-file=arm-linux-gnueabihf"
--- a/ci/buildenv/debian-11-cross-i686.sh
+++ b/ci/buildenv/debian-11-cross-i686.sh
@@ -1,116 +0,0 @@
-# THIS FILE WAS AUTO-GENERATED
-#
-#  $ lcitool manifest ci/manifest.yml
-#
-# https://gitlab.com/libvirt/libvirt-ci
-
-function install_buildenv() {
-    export DEBIAN_FRONTEND=noninteractive
-    apt-get update
-    apt-get dist-upgrade -y
-    apt-get install --no-install-recommends -y \
-            augeas-lenses \
-            augeas-tools \
-            bash-completion \
-            black \
-            ca-certificates \
-            ccache \
-            codespell \
-            cpp \
-            diffutils \
-            dwarves \
-            ebtables \
-            flake8 \
-            gettext \
-            git \
-            grep \
-            iproute2 \
-            iptables \
-            kmod \
-            libclang-dev \
-            libxml2-utils \
-            locales \
-            lvm2 \
-            make \
-            meson \
-            nfs-common \
-            ninja-build \
-            numad \
-            open-iscsi \
-            perl-base \
-            pkgconf \
-            policykit-1 \
-            python3 \
-            python3-docutils \
-            python3-pytest \
-            qemu-utils \
-            sed \
-            xsltproc
-    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
-    dpkg-reconfigure locales
-    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
-    export DEBIAN_FRONTEND=noninteractive
-    dpkg --add-architecture i386
-    apt-get update
-    apt-get dist-upgrade -y
-    apt-get install --no-install-recommends -y dpkg-dev
-    apt-get install --no-install-recommends -y \
-            gcc-i686-linux-gnu \
-            libacl1-dev:i386 \
-            libapparmor-dev:i386 \
-            libattr1-dev:i386 \
-            libaudit-dev:i386 \
-            libblkid-dev:i386 \
-            libc6-dev:i386 \
-            libcap-ng-dev:i386 \
-            libcurl4-gnutls-dev:i386 \
-            libdevmapper-dev:i386 \
-            libfuse-dev:i386 \
-            libglib2.0-dev:i386 \
-            libglusterfs-dev:i386 \
-            libgnutls28-dev:i386 \
-            libiscsi-dev:i386 \
-            libjson-c-dev:i386 \
-            libnl-3-dev:i386 \
-            libnl-route-3-dev:i386 \
-            libnuma-dev:i386 \
-            libparted-dev:i386 \
-            libpcap0.8-dev:i386 \
-            libpciaccess-dev:i386 \
-            librbd-dev:i386 \
-            libreadline-dev:i386 \
-            libsanlock-dev:i386 \
-            libsasl2-dev:i386 \
-            libselinux1-dev:i386 \
-            libssh-gcrypt-dev:i386 \
-            libssh2-1-dev:i386 \
-            libtirpc-dev:i386 \
-            libudev-dev:i386 \
-            libxml2-dev:i386 \
-            systemtap-sdt-dev:i386
-    mkdir -p /usr/local/share/meson/cross
-    printf "[binaries]\n\
-c = '/usr/bin/i686-linux-gnu-gcc'\n\
-ar = '/usr/bin/i686-linux-gnu-gcc-ar'\n\
-strip = '/usr/bin/i686-linux-gnu-strip'\n\
-pkgconfig = '/usr/bin/i686-linux-gnu-pkg-config'\n\
-\n\
-[host_machine]\n\
-system = 'linux'\n\
-cpu_family = 'x86'\n\
-cpu = 'i686'\n\
-endian = 'little'\n" > /usr/local/share/meson/cross/i686-linux-gnu
-    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt
-    mkdir -p /usr/libexec/ccache-wrappers
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-linux-gnu-cc
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-linux-gnu-gcc
-}
-
-export CCACHE_WRAPPERSDIR="/usr/libexec/ccache-wrappers"
-export LANG="en_US.UTF-8"
-export MAKE="/usr/bin/make"
-export NINJA="/usr/bin/ninja"
-export PYTHON="/usr/bin/python3"
-
-export ABI="i686-linux-gnu"
-export MESON_OPTS="--cross-file=i686-linux-gnu"
--- a/ci/buildenv/debian-11-cross-mips64el.sh
+++ b/ci/buildenv/debian-11-cross-mips64el.sh
@@ -1,116 +0,0 @@
-# THIS FILE WAS AUTO-GENERATED
-#
-#  $ lcitool manifest ci/manifest.yml
-#
-# https://gitlab.com/libvirt/libvirt-ci
-
-function install_buildenv() {
-    export DEBIAN_FRONTEND=noninteractive
-    apt-get update
-    apt-get dist-upgrade -y
-    apt-get install --no-install-recommends -y \
-            augeas-lenses \
-            augeas-tools \
-            bash-completion \
-            black \
-            ca-certificates \
-            ccache \
-            codespell \
-            cpp \
-            diffutils \
-            dwarves \
-            ebtables \
-            flake8 \
-            gettext \
-            git \
-            grep \
-            iproute2 \
-            iptables \
-            kmod \
-            libclang-dev \
-            libxml2-utils \
-            locales \
-            lvm2 \
-            make \
-            meson \
-            nfs-common \
-            ninja-build \
-            numad \
-            open-iscsi \
-            perl-base \
-            pkgconf \
-            policykit-1 \
-            python3 \
-            python3-docutils \
-            python3-pytest \
-            qemu-utils \
-            sed \
-            xsltproc
-    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
-    dpkg-reconfigure locales
-    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
-    export DEBIAN_FRONTEND=noninteractive
-    dpkg --add-architecture mips64el
-    apt-get update
-    apt-get dist-upgrade -y
-    apt-get install --no-install-recommends -y dpkg-dev
-    apt-get install --no-install-recommends -y \
-            gcc-mips64el-linux-gnuabi64 \
-            libacl1-dev:mips64el \
-            libapparmor-dev:mips64el \
-            libattr1-dev:mips64el \
-            libaudit-dev:mips64el \
-            libblkid-dev:mips64el \
-            libc6-dev:mips64el \
-            libcap-ng-dev:mips64el \
-            libcurl4-gnutls-dev:mips64el \
-            libdevmapper-dev:mips64el \
-            libfuse-dev:mips64el \
-            libglib2.0-dev:mips64el \
-            libglusterfs-dev:mips64el \
-            libgnutls28-dev:mips64el \
-            libiscsi-dev:mips64el \
-            libjson-c-dev:mips64el \
-            libnl-3-dev:mips64el \
-            libnl-route-3-dev:mips64el \
-            libnuma-dev:mips64el \
-            libparted-dev:mips64el \
-            libpcap0.8-dev:mips64el \
-            libpciaccess-dev:mips64el \
-            librbd-dev:mips64el \
-            libreadline-dev:mips64el \
-            libsanlock-dev:mips64el \
-            libsasl2-dev:mips64el \
-            libselinux1-dev:mips64el \
-            libssh-gcrypt-dev:mips64el \
-            libssh2-1-dev:mips64el \
-            libtirpc-dev:mips64el \
-            libudev-dev:mips64el \
-            libxml2-dev:mips64el \
-            systemtap-sdt-dev:mips64el
-    mkdir -p /usr/local/share/meson/cross
-    printf "[binaries]\n\
-c = '/usr/bin/mips64el-linux-gnuabi64-gcc'\n\
-ar = '/usr/bin/mips64el-linux-gnuabi64-gcc-ar'\n\
-strip = '/usr/bin/mips64el-linux-gnuabi64-strip'\n\
-pkgconfig = '/usr/bin/mips64el-linux-gnuabi64-pkg-config'\n\
-\n\
-[host_machine]\n\
-system = 'linux'\n\
-cpu_family = 'mips64'\n\
-cpu = 'mips64el'\n\
-endian = 'little'\n" > /usr/local/share/meson/cross/mips64el-linux-gnuabi64
-    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt
-    mkdir -p /usr/libexec/ccache-wrappers
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mips64el-linux-gnuabi64-cc
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mips64el-linux-gnuabi64-gcc
-}
-
-export CCACHE_WRAPPERSDIR="/usr/libexec/ccache-wrappers"
-export LANG="en_US.UTF-8"
-export MAKE="/usr/bin/make"
-export NINJA="/usr/bin/ninja"
-export PYTHON="/usr/bin/python3"
-
-export ABI="mips64el-linux-gnuabi64"
-export MESON_OPTS="--cross-file=mips64el-linux-gnuabi64"
--- a/ci/buildenv/debian-11-cross-mipsel.sh
+++ b/ci/buildenv/debian-11-cross-mipsel.sh
@@ -1,116 +0,0 @@
-# THIS FILE WAS AUTO-GENERATED
-#
-#  $ lcitool manifest ci/manifest.yml
-#
-# https://gitlab.com/libvirt/libvirt-ci
-
-function install_buildenv() {
-    export DEBIAN_FRONTEND=noninteractive
-    apt-get update
-    apt-get dist-upgrade -y
-    apt-get install --no-install-recommends -y \
-            augeas-lenses \
-            augeas-tools \
-            bash-completion \
-            black \
-            ca-certificates \
-            ccache \
-            codespell \
-            cpp \
-            diffutils \
-            dwarves \
-            ebtables \
-            flake8 \
-            gettext \
-            git \
-            grep \
-            iproute2 \
-            iptables \
-            kmod \
-            libclang-dev \
-            libxml2-utils \
-            locales \
-            lvm2 \
-            make \
-            meson \
-            nfs-common \
-            ninja-build \
-            numad \
-            open-iscsi \
-            perl-base \
-            pkgconf \
-            policykit-1 \
-            python3 \
-            python3-docutils \
-            python3-pytest \
-            qemu-utils \
-            sed \
-            xsltproc
-    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
-    dpkg-reconfigure locales
-    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
-    export DEBIAN_FRONTEND=noninteractive
-    dpkg --add-architecture mipsel
-    apt-get update
-    apt-get dist-upgrade -y
-    apt-get install --no-install-recommends -y dpkg-dev
-    apt-get install --no-install-recommends -y \
-            gcc-mipsel-linux-gnu \
-            libacl1-dev:mipsel \
-            libapparmor-dev:mipsel \
-            libattr1-dev:mipsel \
-            libaudit-dev:mipsel \
-            libblkid-dev:mipsel \
-            libc6-dev:mipsel \
-            libcap-ng-dev:mipsel \
-            libcurl4-gnutls-dev:mipsel \
-            libdevmapper-dev:mipsel \
-            libfuse-dev:mipsel \
-            libglib2.0-dev:mipsel \
-            libglusterfs-dev:mipsel \
-            libgnutls28-dev:mipsel \
-            libiscsi-dev:mipsel \
-            libjson-c-dev:mipsel \
-            libnl-3-dev:mipsel \
-            libnl-route-3-dev:mipsel \
-            libnuma-dev:mipsel \
-            libparted-dev:mipsel \
-            libpcap0.8-dev:mipsel \
-            libpciaccess-dev:mipsel \
-            librbd-dev:mipsel \
-            libreadline-dev:mipsel \
-            libsanlock-dev:mipsel \
-            libsasl2-dev:mipsel \
-            libselinux1-dev:mipsel \
-            libssh-gcrypt-dev:mipsel \
-            libssh2-1-dev:mipsel \
-            libtirpc-dev:mipsel \
-            libudev-dev:mipsel \
-            libxml2-dev:mipsel \
-            systemtap-sdt-dev:mipsel
-    mkdir -p /usr/local/share/meson/cross
-    printf "[binaries]\n\
-c = '/usr/bin/mipsel-linux-gnu-gcc'\n\
-ar = '/usr/bin/mipsel-linux-gnu-gcc-ar'\n\
-strip = '/usr/bin/mipsel-linux-gnu-strip'\n\
-pkgconfig = '/usr/bin/mipsel-linux-gnu-pkg-config'\n\
-\n\
-[host_machine]\n\
-system = 'linux'\n\
-cpu_family = 'mips'\n\
-cpu = 'mipsel'\n\
-endian = 'little'\n" > /usr/local/share/meson/cross/mipsel-linux-gnu
-    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt
-    mkdir -p /usr/libexec/ccache-wrappers
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mipsel-linux-gnu-cc
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mipsel-linux-gnu-gcc
-}
-
-export CCACHE_WRAPPERSDIR="/usr/libexec/ccache-wrappers"
-export LANG="en_US.UTF-8"
-export MAKE="/usr/bin/make"
-export NINJA="/usr/bin/ninja"
-export PYTHON="/usr/bin/python3"
-
-export ABI="mipsel-linux-gnu"
-export MESON_OPTS="--cross-file=mipsel-linux-gnu"
--- a/ci/buildenv/debian-11-cross-ppc64le.sh
+++ b/ci/buildenv/debian-11-cross-ppc64le.sh
@@ -1,116 +0,0 @@
-# THIS FILE WAS AUTO-GENERATED
-#
-#  $ lcitool manifest ci/manifest.yml
-#
-# https://gitlab.com/libvirt/libvirt-ci
-
-function install_buildenv() {
-    export DEBIAN_FRONTEND=noninteractive
-    apt-get update
-    apt-get dist-upgrade -y
-    apt-get install --no-install-recommends -y \
-            augeas-lenses \
-            augeas-tools \
-            bash-completion \
-            black \
-            ca-certificates \
-            ccache \
-            codespell \
-            cpp \
-            diffutils \
-            dwarves \
-            ebtables \
-            flake8 \
-            gettext \
-            git \
-            grep \
-            iproute2 \
-            iptables \
-            kmod \
-            libclang-dev \
-            libxml2-utils \
-            locales \
-            lvm2 \
-            make \
-            meson \
-            nfs-common \
-            ninja-build \
-            numad \
-            open-iscsi \
-            perl-base \
-            pkgconf \
-            policykit-1 \
-            python3 \
-            python3-docutils \
-            python3-pytest \
-            qemu-utils \
-            sed \
-            xsltproc
-    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
-    dpkg-reconfigure locales
-    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
-    export DEBIAN_FRONTEND=noninteractive
-    dpkg --add-architecture ppc64el
-    apt-get update
-    apt-get dist-upgrade -y
-    apt-get install --no-install-recommends -y dpkg-dev
-    apt-get install --no-install-recommends -y \
-            gcc-powerpc64le-linux-gnu \
-            libacl1-dev:ppc64el \
-            libapparmor-dev:ppc64el \
-            libattr1-dev:ppc64el \
-            libaudit-dev:ppc64el \
-            libblkid-dev:ppc64el \
-            libc6-dev:ppc64el \
-            libcap-ng-dev:ppc64el \
-            libcurl4-gnutls-dev:ppc64el \
-            libdevmapper-dev:ppc64el \
-            libfuse-dev:ppc64el \
-            libglib2.0-dev:ppc64el \
-            libglusterfs-dev:ppc64el \
-            libgnutls28-dev:ppc64el \
-            libiscsi-dev:ppc64el \
-            libjson-c-dev:ppc64el \
-            libnl-3-dev:ppc64el \
-            libnl-route-3-dev:ppc64el \
-            libnuma-dev:ppc64el \
-            libparted-dev:ppc64el \
-            libpcap0.8-dev:ppc64el \
-            libpciaccess-dev:ppc64el \
-            librbd-dev:ppc64el \
-            libreadline-dev:ppc64el \
-            libsanlock-dev:ppc64el \
-            libsasl2-dev:ppc64el \
-            libselinux1-dev:ppc64el \
-            libssh-gcrypt-dev:ppc64el \
-            libssh2-1-dev:ppc64el \
-            libtirpc-dev:ppc64el \
-            libudev-dev:ppc64el \
-            libxml2-dev:ppc64el \
-            systemtap-sdt-dev:ppc64el
-    mkdir -p /usr/local/share/meson/cross
-    printf "[binaries]\n\
-c = '/usr/bin/powerpc64le-linux-gnu-gcc'\n\
-ar = '/usr/bin/powerpc64le-linux-gnu-gcc-ar'\n\
-strip = '/usr/bin/powerpc64le-linux-gnu-strip'\n\
-pkgconfig = '/usr/bin/powerpc64le-linux-gnu-pkg-config'\n\
-\n\
-[host_machine]\n\
-system = 'linux'\n\
-cpu_family = 'ppc64'\n\
-cpu = 'powerpc64le'\n\
-endian = 'little'\n" > /usr/local/share/meson/cross/powerpc64le-linux-gnu
-    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt
-    mkdir -p /usr/libexec/ccache-wrappers
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/powerpc64le-linux-gnu-cc
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/powerpc64le-linux-gnu-gcc
-}
-
-export CCACHE_WRAPPERSDIR="/usr/libexec/ccache-wrappers"
-export LANG="en_US.UTF-8"
-export MAKE="/usr/bin/make"
-export NINJA="/usr/bin/ninja"
-export PYTHON="/usr/bin/python3"
-
-export ABI="powerpc64le-linux-gnu"
-export MESON_OPTS="--cross-file=powerpc64le-linux-gnu"
--- a/ci/buildenv/debian-11-cross-s390x.sh
+++ b/ci/buildenv/debian-11-cross-s390x.sh
@@ -1,116 +0,0 @@
-# THIS FILE WAS AUTO-GENERATED
-#
-#  $ lcitool manifest ci/manifest.yml
-#
-# https://gitlab.com/libvirt/libvirt-ci
-
-function install_buildenv() {
-    export DEBIAN_FRONTEND=noninteractive
-    apt-get update
-    apt-get dist-upgrade -y
-    apt-get install --no-install-recommends -y \
-            augeas-lenses \
-            augeas-tools \
-            bash-completion \
-            black \
-            ca-certificates \
-            ccache \
-            codespell \
-            cpp \
-            diffutils \
-            dwarves \
-            ebtables \
-            flake8 \
-            gettext \
-            git \
-            grep \
-            iproute2 \
-            iptables \
-            kmod \
-            libclang-dev \
-            libxml2-utils \
-            locales \
-            lvm2 \
-            make \
-            meson \
-            nfs-common \
-            ninja-build \
-            numad \
-            open-iscsi \
-            perl-base \
-            pkgconf \
-            policykit-1 \
-            python3 \
-            python3-docutils \
-            python3-pytest \
-            qemu-utils \
-            sed \
-            xsltproc
-    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
-    dpkg-reconfigure locales
-    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
-    export DEBIAN_FRONTEND=noninteractive
-    dpkg --add-architecture s390x
-    apt-get update
-    apt-get dist-upgrade -y
-    apt-get install --no-install-recommends -y dpkg-dev
-    apt-get install --no-install-recommends -y \
-            gcc-s390x-linux-gnu \
-            libacl1-dev:s390x \
-            libapparmor-dev:s390x \
-            libattr1-dev:s390x \
-            libaudit-dev:s390x \
-            libblkid-dev:s390x \
-            libc6-dev:s390x \
-            libcap-ng-dev:s390x \
-            libcurl4-gnutls-dev:s390x \
-            libdevmapper-dev:s390x \
-            libfuse-dev:s390x \
-            libglib2.0-dev:s390x \
-            libglusterfs-dev:s390x \
-            libgnutls28-dev:s390x \
-            libiscsi-dev:s390x \
-            libjson-c-dev:s390x \
-            libnl-3-dev:s390x \
-            libnl-route-3-dev:s390x \
-            libnuma-dev:s390x \
-            libparted-dev:s390x \
-            libpcap0.8-dev:s390x \
-            libpciaccess-dev:s390x \
-            librbd-dev:s390x \
-            libreadline-dev:s390x \
-            libsanlock-dev:s390x \
-            libsasl2-dev:s390x \
-            libselinux1-dev:s390x \
-            libssh-gcrypt-dev:s390x \
-            libssh2-1-dev:s390x \
-            libtirpc-dev:s390x \
-            libudev-dev:s390x \
-            libxml2-dev:s390x \
-            systemtap-sdt-dev:s390x
-    mkdir -p /usr/local/share/meson/cross
-    printf "[binaries]\n\
-c = '/usr/bin/s390x-linux-gnu-gcc'\n\
-ar = '/usr/bin/s390x-linux-gnu-gcc-ar'\n\
-strip = '/usr/bin/s390x-linux-gnu-strip'\n\
-pkgconfig = '/usr/bin/s390x-linux-gnu-pkg-config'\n\
-\n\
-[host_machine]\n\
-system = 'linux'\n\
-cpu_family = 's390x'\n\
-cpu = 's390x'\n\
-endian = 'big'\n" > /usr/local/share/meson/cross/s390x-linux-gnu
-    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt
-    mkdir -p /usr/libexec/ccache-wrappers
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/s390x-linux-gnu-cc
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/s390x-linux-gnu-gcc
-}
-
-export CCACHE_WRAPPERSDIR="/usr/libexec/ccache-wrappers"
-export LANG="en_US.UTF-8"
-export MAKE="/usr/bin/make"
-export NINJA="/usr/bin/ninja"
-export PYTHON="/usr/bin/python3"
-
-export ABI="s390x-linux-gnu"
-export MESON_OPTS="--cross-file=s390x-linux-gnu"
--- a/ci/buildenv/debian-11.sh
+++ b/ci/buildenv/debian-11.sh
@@ -1,100 +0,0 @@
-# THIS FILE WAS AUTO-GENERATED
-#
-#  $ lcitool manifest ci/manifest.yml
-#
-# https://gitlab.com/libvirt/libvirt-ci
-
-function install_buildenv() {
-    export DEBIAN_FRONTEND=noninteractive
-    apt-get update
-    apt-get dist-upgrade -y
-    apt-get install --no-install-recommends -y \
-            augeas-lenses \
-            augeas-tools \
-            bash-completion \
-            black \
-            ca-certificates \
-            ccache \
-            clang \
-            codespell \
-            cpp \
-            diffutils \
-            dwarves \
-            ebtables \
-            flake8 \
-            gcc \
-            gettext \
-            git \
-            grep \
-            iproute2 \
-            iptables \
-            kmod \
-            libacl1-dev \
-            libapparmor-dev \
-            libattr1-dev \
-            libaudit-dev \
-            libblkid-dev \
-            libc6-dev \
-            libcap-ng-dev \
-            libclang-dev \
-            libcurl4-gnutls-dev \
-            libdevmapper-dev \
-            libfuse-dev \
-            libglib2.0-dev \
-            libglusterfs-dev \
-            libgnutls28-dev \
-            libiscsi-dev \
-            libjson-c-dev \
-            libnetcf-dev \
-            libnl-3-dev \
-            libnl-route-3-dev \
-            libnuma-dev \
-            libparted-dev \
-            libpcap0.8-dev \
-            libpciaccess-dev \
-            librbd-dev \
-            libreadline-dev \
-            libsanlock-dev \
-            libsasl2-dev \
-            libselinux1-dev \
-            libssh-gcrypt-dev \
-            libssh2-1-dev \
-            libtirpc-dev \
-            libudev-dev \
-            libxen-dev \
-            libxml2-dev \
-            libxml2-utils \
-            locales \
-            lvm2 \
-            make \
-            meson \
-            nfs-common \
-            ninja-build \
-            numad \
-            open-iscsi \
-            perl-base \
-            pkgconf \
-            policykit-1 \
-            python3 \
-            python3-docutils \
-            python3-pytest \
-            qemu-utils \
-            sed \
-            systemtap-sdt-dev \
-            wireshark-dev \
-            xsltproc
-    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen
-    dpkg-reconfigure locales
-    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
-    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt
-    mkdir -p /usr/libexec/ccache-wrappers
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/clang
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/gcc
-}
-
-export CCACHE_WRAPPERSDIR="/usr/libexec/ccache-wrappers"
-export LANG="en_US.UTF-8"
-export MAKE="/usr/bin/make"
-export NINJA="/usr/bin/ninja"
-export PYTHON="/usr/bin/python3"
--- a/ci/buildenv/debian-12-cross-aarch64.sh
+++ b/ci/buildenv/debian-12-cross-aarch64.sh
@@ -83,7 +83,7 @@ function install_buildenv() {
            libsanlock-dev:arm64 \
            libsasl2-dev:arm64 \
            libselinux1-dev:arm64 \
-            libssh-gcrypt-dev:arm64 \
+            libssh-dev:arm64 \
            libssh2-1-dev:arm64 \
            libtirpc-dev:arm64 \
            libudev-dev:arm64 \
--- a/ci/buildenv/debian-12-cross-armv6l.sh
+++ b/ci/buildenv/debian-12-cross-armv6l.sh
@@ -83,7 +83,7 @@ function install_buildenv() {
            libsanlock-dev:armel \
            libsasl2-dev:armel \
            libselinux1-dev:armel \
-            libssh-gcrypt-dev:armel \
+            libssh-dev:armel \
            libssh2-1-dev:armel \
            libtirpc-dev:armel \
            libudev-dev:armel \
--- a/ci/buildenv/debian-12-cross-armv7l.sh
+++ b/ci/buildenv/debian-12-cross-armv7l.sh
@@ -83,7 +83,7 @@ function install_buildenv() {
            libsanlock-dev:armhf \
            libsasl2-dev:armhf \
            libselinux1-dev:armhf \
-            libssh-gcrypt-dev:armhf \
+            libssh-dev:armhf \
            libssh2-1-dev:armhf \
            libtirpc-dev:armhf \
            libudev-dev:armhf \
--- a/ci/buildenv/debian-12-cross-i686.sh
+++ b/ci/buildenv/debian-12-cross-i686.sh
@@ -83,7 +83,7 @@ function install_buildenv() {
            libsanlock-dev:i386 \
            libsasl2-dev:i386 \
            libselinux1-dev:i386 \
-            libssh-gcrypt-dev:i386 \
+            libssh-dev:i386 \
            libssh2-1-dev:i386 \
            libtirpc-dev:i386 \
            libudev-dev:i386 \
--- a/ci/buildenv/debian-12-cross-mips64el.sh
+++ b/ci/buildenv/debian-12-cross-mips64el.sh
@@ -83,7 +83,7 @@ function install_buildenv() {
            libsanlock-dev:mips64el \
            libsasl2-dev:mips64el \
            libselinux1-dev:mips64el \
-            libssh-gcrypt-dev:mips64el \
+            libssh-dev:mips64el \
            libssh2-1-dev:mips64el \
            libtirpc-dev:mips64el \
            libudev-dev:mips64el \
--- a/ci/buildenv/debian-12-cross-mipsel.sh
+++ b/ci/buildenv/debian-12-cross-mipsel.sh
@@ -83,7 +83,7 @@ function install_buildenv() {
            libsanlock-dev:mipsel \
            libsasl2-dev:mipsel \
            libselinux1-dev:mipsel \
-            libssh-gcrypt-dev:mipsel \
+            libssh-dev:mipsel \
            libssh2-1-dev:mipsel \
            libtirpc-dev:mipsel \
            libudev-dev:mipsel \
--- a/ci/buildenv/debian-12-cross-ppc64le.sh
+++ b/ci/buildenv/debian-12-cross-ppc64le.sh
@@ -83,7 +83,7 @@ function install_buildenv() {
            libsanlock-dev:ppc64el \
            libsasl2-dev:ppc64el \
            libselinux1-dev:ppc64el \
-            libssh-gcrypt-dev:ppc64el \
+            libssh-dev:ppc64el \
            libssh2-1-dev:ppc64el \
            libtirpc-dev:ppc64el \
            libudev-dev:ppc64el \
--- a/ci/buildenv/debian-12-cross-s390x.sh
+++ b/ci/buildenv/debian-12-cross-s390x.sh
@@ -83,7 +83,7 @@ function install_buildenv() {
            libsanlock-dev:s390x \
            libsasl2-dev:s390x \
            libselinux1-dev:s390x \
-            libssh-gcrypt-dev:s390x \
+            libssh-dev:s390x \
            libssh2-1-dev:s390x \
            libtirpc-dev:s390x \
            libudev-dev:s390x \
--- a/ci/buildenv/debian-12.sh
+++ b/ci/buildenv/debian-12.sh
@@ -57,7 +57,7 @@ function install_buildenv() {
            libsanlock-dev \
            libsasl2-dev \
            libselinux1-dev \
-            libssh-gcrypt-dev \
+            libssh-dev \
            libssh2-1-dev \
            libtirpc-dev \
            libudev-dev \
--- a/ci/buildenv/debian-sid-cross-aarch64.sh
+++ b/ci/buildenv/debian-sid-cross-aarch64.sh
@@ -83,7 +83,7 @@ function install_buildenv() {
            libsanlock-dev:arm64 \
            libsasl2-dev:arm64 \
            libselinux1-dev:arm64 \
-            libssh-gcrypt-dev:arm64 \
+            libssh-dev:arm64 \
            libssh2-1-dev:arm64 \
            libtirpc-dev:arm64 \
            libudev-dev:arm64 \
--- a/ci/buildenv/debian-sid-cross-armv6l.sh
+++ b/ci/buildenv/debian-sid-cross-armv6l.sh
@@ -82,7 +82,7 @@ function install_buildenv() {
            libsanlock-dev:armel \
            libsasl2-dev:armel \
            libselinux1-dev:armel \
-            libssh-gcrypt-dev:armel \
+            libssh-dev:armel \
            libssh2-1-dev:armel \
            libtirpc-dev:armel \
            libudev-dev:armel \
--- a/ci/buildenv/debian-sid-cross-armv7l.sh
+++ b/ci/buildenv/debian-sid-cross-armv7l.sh
@@ -82,7 +82,7 @@ function install_buildenv() {
            libsanlock-dev:armhf \
            libsasl2-dev:armhf \
            libselinux1-dev:armhf \
-            libssh-gcrypt-dev:armhf \
+            libssh-dev:armhf \
            libssh2-1-dev:armhf \
            libtirpc-dev:armhf \
            libudev-dev:armhf \
--- a/ci/buildenv/debian-sid-cross-i686.sh
+++ b/ci/buildenv/debian-sid-cross-i686.sh
@@ -82,7 +82,7 @@ function install_buildenv() {
            libsanlock-dev:i386 \
            libsasl2-dev:i386 \
            libselinux1-dev:i386 \
-            libssh-gcrypt-dev:i386 \
+            libssh-dev:i386 \
            libssh2-1-dev:i386 \
            libtirpc-dev:i386 \
            libudev-dev:i386 \
--- a/ci/buildenv/debian-sid-cross-mips64el.sh
+++ b/ci/buildenv/debian-sid-cross-mips64el.sh
@@ -83,7 +83,7 @@ function install_buildenv() {
            libsanlock-dev:mips64el \
            libsasl2-dev:mips64el \
            libselinux1-dev:mips64el \
-            libssh-gcrypt-dev:mips64el \
+            libssh-dev:mips64el \
            libssh2-1-dev:mips64el \
            libtirpc-dev:mips64el \
            libudev-dev:mips64el \
--- a/ci/buildenv/debian-sid-cross-ppc64le.sh
+++ b/ci/buildenv/debian-sid-cross-ppc64le.sh
@@ -83,7 +83,7 @@ function install_buildenv() {
            libsanlock-dev:ppc64el \
            libsasl2-dev:ppc64el \
            libselinux1-dev:ppc64el \
-            libssh-gcrypt-dev:ppc64el \
+            libssh-dev:ppc64el \
            libssh2-1-dev:ppc64el \
            libtirpc-dev:ppc64el \
            libudev-dev:ppc64el \
--- a/ci/buildenv/debian-sid-cross-s390x.sh
+++ b/ci/buildenv/debian-sid-cross-s390x.sh
@@ -83,7 +83,7 @@ function install_buildenv() {
            libsanlock-dev:s390x \
            libsasl2-dev:s390x \
            libselinux1-dev:s390x \
-            libssh-gcrypt-dev:s390x \
+            libssh-dev:s390x \
            libssh2-1-dev:s390x \
            libtirpc-dev:s390x \
            libudev-dev:s390x \
--- a/ci/buildenv/debian-sid.sh
+++ b/ci/buildenv/debian-sid.sh
@@ -57,7 +57,7 @@ function install_buildenv() {
            libsanlock-dev \
            libsasl2-dev \
            libselinux1-dev \
-            libssh-gcrypt-dev \
+            libssh-dev \
            libssh2-1-dev \
            libtirpc-dev \
            libudev-dev \
--- a/ci/buildenv/fedora-41-cross-mingw32.sh
+++ b/ci/buildenv/fedora-41-cross-mingw32.sh
@@ -8,7 +8,7 @@ function install_buildenv() {
    dnf update -y
    dnf install -y \
        augeas \
-        bash-completion \
+        bash-completion-devel \
        ca-certificates \
        ccache \
        codespell \
--- a/ci/buildenv/fedora-41-cross-mingw64.sh
+++ b/ci/buildenv/fedora-41-cross-mingw64.sh
@@ -8,7 +8,7 @@ function install_buildenv() {
    dnf update -y
    dnf install -y \
        augeas \
-        bash-completion \
+        bash-completion-devel \
        ca-certificates \
        ccache \
        codespell \
--- a/ci/buildenv/fedora-41.sh
+++ b/ci/buildenv/fedora-41.sh
@@ -9,7 +9,7 @@ function install_buildenv() {
    dnf install -y \
        audit-libs-devel \
        augeas \
-        bash-completion \
+        bash-completion-devel \
        ca-certificates \
        ccache \
        clang \
@@ -82,6 +82,7 @@ function install_buildenv() {
        systemd-devel \
        systemd-rpm-macros \
        systemtap-sdt-devel \
+        systemtap-sdt-dtrace \
        wireshark-devel \
        xen-devel
    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
--- a/ci/cirrus/freebsd-13.vars
+++ b/ci/cirrus/freebsd-13.vars
@@ -11,6 +11,6 @@ MAKE='/usr/local/bin/gmake'
 NINJA='/usr/local/bin/ninja'
 PACKAGING_COMMAND='pkg'
 PIP3='/usr/local/bin/pip-3.8'
-PKGS='augeas bash-completion ca_root_nss ccache codespell cppi curl cyrus-sasl diffutils fusefs-libs gettext git glib gmake gnugrep gnutls gsed json-c libpcap libpciaccess libssh libssh2 libxml2 libxslt meson ninja perl5 pkgconf polkit py311-black py311-docutils py311-flake8 py311-pytest python3 qemu readline'
+PKGS='augeas bash-completion ca_root_nss ccache4 codespell cppi curl cyrus-sasl diffutils fusefs-libs gettext git glib gmake gnugrep gnutls gsed json-c libpcap libpciaccess libssh libssh2 libxml2 libxslt meson ninja perl5 pkgconf polkit py311-black py311-docutils py311-flake8 py311-pytest python3 qemu readline'
 PYPI_PKGS=''
 PYTHON='/usr/local/bin/python3'
--- a/ci/cirrus/freebsd-14.vars
+++ b/ci/cirrus/freebsd-14.vars
@@ -10,7 +10,7 @@ CROSS_PKGS=''
 MAKE='/usr/local/bin/gmake'
 NINJA='/usr/local/bin/ninja'
 PACKAGING_COMMAND='pkg'
-PIP3='/usr/local/bin/pip-3.8'
-PKGS='augeas bash-completion ca_root_nss ccache codespell cppi curl cyrus-sasl diffutils fusefs-libs gettext git glib gmake gnugrep gnutls gsed json-c libpcap libpciaccess libssh libssh2 libxml2 libxslt meson ninja perl5 pkgconf polkit py311-black py311-docutils py311-flake8 py311-pytest python3 qemu readline'
+PIP3='/usr/local/bin/pip'
+PKGS='augeas bash-completion ca_root_nss ccache4 codespell cppi curl cyrus-sasl diffutils fusefs-libs gettext git glib gmake gnugrep gnutls gsed json-c libpcap libpciaccess libssh libssh2 libxml2 libxslt meson ninja perl5 pkgconf polkit py311-black py311-docutils py311-flake8 py311-pytest python3 qemu readline'
 PYPI_PKGS=''
 PYTHON='/usr/local/bin/python3'
--- a/ci/containers/alpine-321.Dockerfile
+++ b/ci/containers/alpine-321.Dockerfile
@@ -4,7 +4,7 @@
 #
 # https://gitlab.com/libvirt/libvirt-ci

-FROM docker.io/library/alpine:3.19
+FROM docker.io/library/alpine:3.21

 RUN apk update && \
    apk upgrade && \
--- a/ci/containers/debian-11-cross-aarch64.Dockerfile
+++ b/ci/containers/debian-11-cross-aarch64.Dockerfile
@@ -1,123 +0,0 @@
-# THIS FILE WAS AUTO-GENERATED
-#
-#  $ lcitool manifest ci/manifest.yml
-#
-# https://gitlab.com/libvirt/libvirt-ci
-
-FROM docker.io/library/debian:11-slim
-
-RUN export DEBIAN_FRONTEND=noninteractive && \
-    apt-get update && \
-    apt-get install -y eatmydata && \
-    eatmydata apt-get dist-upgrade -y && \
-    eatmydata apt-get install --no-install-recommends -y \
-                      augeas-lenses \
-                      augeas-tools \
-                      bash-completion \
-                      black \
-                      ca-certificates \
-                      ccache \
-                      codespell \
-                      cpp \
-                      diffutils \
-                      dwarves \
-                      ebtables \
-                      flake8 \
-                      gettext \
-                      git \
-                      grep \
-                      iproute2 \
-                      iptables \
-                      kmod \
-                      libclang-dev \
-                      libxml2-utils \
-                      locales \
-                      lvm2 \
-                      make \
-                      meson \
-                      nfs-common \
-                      ninja-build \
-                      numad \
-                      open-iscsi \
-                      perl-base \
-                      pkgconf \
-                      policykit-1 \
-                      python3 \
-                      python3-docutils \
-                      python3-pytest \
-                      qemu-utils \
-                      sed \
-                      xsltproc && \
-    eatmydata apt-get autoremove -y && \
-    eatmydata apt-get autoclean -y && \
-    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales && \
-    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
-
-ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
-ENV LANG "en_US.UTF-8"
-ENV MAKE "/usr/bin/make"
-ENV NINJA "/usr/bin/ninja"
-ENV PYTHON "/usr/bin/python3"
-
-RUN export DEBIAN_FRONTEND=noninteractive && \
-    dpkg --add-architecture arm64 && \
-    eatmydata apt-get update && \
-    eatmydata apt-get dist-upgrade -y && \
-    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
-    eatmydata apt-get install --no-install-recommends -y \
-                      gcc-aarch64-linux-gnu \
-                      libacl1-dev:arm64 \
-                      libapparmor-dev:arm64 \
-                      libattr1-dev:arm64 \
-                      libaudit-dev:arm64 \
-                      libblkid-dev:arm64 \
-                      libc6-dev:arm64 \
-                      libcap-ng-dev:arm64 \
-                      libcurl4-gnutls-dev:arm64 \
-                      libdevmapper-dev:arm64 \
-                      libfuse-dev:arm64 \
-                      libglib2.0-dev:arm64 \
-                      libglusterfs-dev:arm64 \
-                      libgnutls28-dev:arm64 \
-                      libiscsi-dev:arm64 \
-                      libjson-c-dev:arm64 \
-                      libnl-3-dev:arm64 \
-                      libnl-route-3-dev:arm64 \
-                      libnuma-dev:arm64 \
-                      libparted-dev:arm64 \
-                      libpcap0.8-dev:arm64 \
-                      libpciaccess-dev:arm64 \
-                      librbd-dev:arm64 \
-                      libreadline-dev:arm64 \
-                      libsanlock-dev:arm64 \
-                      libsasl2-dev:arm64 \
-                      libselinux1-dev:arm64 \
-                      libssh-gcrypt-dev:arm64 \
-                      libssh2-1-dev:arm64 \
-                      libtirpc-dev:arm64 \
-                      libudev-dev:arm64 \
-                      libxen-dev:arm64 \
-                      libxml2-dev:arm64 \
-                      systemtap-sdt-dev:arm64 && \
-    eatmydata apt-get autoremove -y && \
-    eatmydata apt-get autoclean -y && \
-    mkdir -p /usr/local/share/meson/cross && \
-    printf "[binaries]\n\
-c = '/usr/bin/aarch64-linux-gnu-gcc'\n\
-ar = '/usr/bin/aarch64-linux-gnu-gcc-ar'\n\
-strip = '/usr/bin/aarch64-linux-gnu-strip'\n\
-pkgconfig = '/usr/bin/aarch64-linux-gnu-pkg-config'\n\
-\n\
-[host_machine]\n\
-system = 'linux'\n\
-cpu_family = 'aarch64'\n\
-cpu = 'aarch64'\n\
-endian = 'little'\n" > /usr/local/share/meson/cross/aarch64-linux-gnu && \
-    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
-    mkdir -p /usr/libexec/ccache-wrappers && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/aarch64-linux-gnu-cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/aarch64-linux-gnu-gcc
-
-ENV ABI "aarch64-linux-gnu"
-ENV MESON_OPTS "--cross-file=aarch64-linux-gnu"
--- a/ci/containers/debian-11-cross-armv6l.Dockerfile
+++ b/ci/containers/debian-11-cross-armv6l.Dockerfile
@@ -1,122 +0,0 @@
-# THIS FILE WAS AUTO-GENERATED
-#
-#  $ lcitool manifest ci/manifest.yml
-#
-# https://gitlab.com/libvirt/libvirt-ci
-
-FROM docker.io/library/debian:11-slim
-
-RUN export DEBIAN_FRONTEND=noninteractive && \
-    apt-get update && \
-    apt-get install -y eatmydata && \
-    eatmydata apt-get dist-upgrade -y && \
-    eatmydata apt-get install --no-install-recommends -y \
-                      augeas-lenses \
-                      augeas-tools \
-                      bash-completion \
-                      black \
-                      ca-certificates \
-                      ccache \
-                      codespell \
-                      cpp \
-                      diffutils \
-                      dwarves \
-                      ebtables \
-                      flake8 \
-                      gettext \
-                      git \
-                      grep \
-                      iproute2 \
-                      iptables \
-                      kmod \
-                      libclang-dev \
-                      libxml2-utils \
-                      locales \
-                      lvm2 \
-                      make \
-                      meson \
-                      nfs-common \
-                      ninja-build \
-                      numad \
-                      open-iscsi \
-                      perl-base \
-                      pkgconf \
-                      policykit-1 \
-                      python3 \
-                      python3-docutils \
-                      python3-pytest \
-                      qemu-utils \
-                      sed \
-                      xsltproc && \
-    eatmydata apt-get autoremove -y && \
-    eatmydata apt-get autoclean -y && \
-    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales && \
-    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
-
-ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
-ENV LANG "en_US.UTF-8"
-ENV MAKE "/usr/bin/make"
-ENV NINJA "/usr/bin/ninja"
-ENV PYTHON "/usr/bin/python3"
-
-RUN export DEBIAN_FRONTEND=noninteractive && \
-    dpkg --add-architecture armel && \
-    eatmydata apt-get update && \
-    eatmydata apt-get dist-upgrade -y && \
-    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
-    eatmydata apt-get install --no-install-recommends -y \
-                      gcc-arm-linux-gnueabi \
-                      libacl1-dev:armel \
-                      libapparmor-dev:armel \
-                      libattr1-dev:armel \
-                      libaudit-dev:armel \
-                      libblkid-dev:armel \
-                      libc6-dev:armel \
-                      libcap-ng-dev:armel \
-                      libcurl4-gnutls-dev:armel \
-                      libdevmapper-dev:armel \
-                      libfuse-dev:armel \
-                      libglib2.0-dev:armel \
-                      libglusterfs-dev:armel \
-                      libgnutls28-dev:armel \
-                      libiscsi-dev:armel \
-                      libjson-c-dev:armel \
-                      libnl-3-dev:armel \
-                      libnl-route-3-dev:armel \
-                      libnuma-dev:armel \
-                      libparted-dev:armel \
-                      libpcap0.8-dev:armel \
-                      libpciaccess-dev:armel \
-                      librbd-dev:armel \
-                      libreadline-dev:armel \
-                      libsanlock-dev:armel \
-                      libsasl2-dev:armel \
-                      libselinux1-dev:armel \
-                      libssh-gcrypt-dev:armel \
-                      libssh2-1-dev:armel \
-                      libtirpc-dev:armel \
-                      libudev-dev:armel \
-                      libxml2-dev:armel \
-                      systemtap-sdt-dev:armel && \
-    eatmydata apt-get autoremove -y && \
-    eatmydata apt-get autoclean -y && \
-    mkdir -p /usr/local/share/meson/cross && \
-    printf "[binaries]\n\
-c = '/usr/bin/arm-linux-gnueabi-gcc'\n\
-ar = '/usr/bin/arm-linux-gnueabi-gcc-ar'\n\
-strip = '/usr/bin/arm-linux-gnueabi-strip'\n\
-pkgconfig = '/usr/bin/arm-linux-gnueabi-pkg-config'\n\
-\n\
-[host_machine]\n\
-system = 'linux'\n\
-cpu_family = 'arm'\n\
-cpu = 'arm'\n\
-endian = 'little'\n" > /usr/local/share/meson/cross/arm-linux-gnueabi && \
-    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
-    mkdir -p /usr/libexec/ccache-wrappers && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabi-cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabi-gcc
-
-ENV ABI "arm-linux-gnueabi"
-ENV MESON_OPTS "--cross-file=arm-linux-gnueabi"
--- a/ci/containers/debian-11-cross-armv7l.Dockerfile
+++ b/ci/containers/debian-11-cross-armv7l.Dockerfile
@@ -1,123 +0,0 @@
-# THIS FILE WAS AUTO-GENERATED
-#
-#  $ lcitool manifest ci/manifest.yml
-#
-# https://gitlab.com/libvirt/libvirt-ci
-
-FROM docker.io/library/debian:11-slim
-
-RUN export DEBIAN_FRONTEND=noninteractive && \
-    apt-get update && \
-    apt-get install -y eatmydata && \
-    eatmydata apt-get dist-upgrade -y && \
-    eatmydata apt-get install --no-install-recommends -y \
-                      augeas-lenses \
-                      augeas-tools \
-                      bash-completion \
-                      black \
-                      ca-certificates \
-                      ccache \
-                      codespell \
-                      cpp \
-                      diffutils \
-                      dwarves \
-                      ebtables \
-                      flake8 \
-                      gettext \
-                      git \
-                      grep \
-                      iproute2 \
-                      iptables \
-                      kmod \
-                      libclang-dev \
-                      libxml2-utils \
-                      locales \
-                      lvm2 \
-                      make \
-                      meson \
-                      nfs-common \
-                      ninja-build \
-                      numad \
-                      open-iscsi \
-                      perl-base \
-                      pkgconf \
-                      policykit-1 \
-                      python3 \
-                      python3-docutils \
-                      python3-pytest \
-                      qemu-utils \
-                      sed \
-                      xsltproc && \
-    eatmydata apt-get autoremove -y && \
-    eatmydata apt-get autoclean -y && \
-    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales && \
-    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
-
-ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
-ENV LANG "en_US.UTF-8"
-ENV MAKE "/usr/bin/make"
-ENV NINJA "/usr/bin/ninja"
-ENV PYTHON "/usr/bin/python3"
-
-RUN export DEBIAN_FRONTEND=noninteractive && \
-    dpkg --add-architecture armhf && \
-    eatmydata apt-get update && \
-    eatmydata apt-get dist-upgrade -y && \
-    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
-    eatmydata apt-get install --no-install-recommends -y \
-                      gcc-arm-linux-gnueabihf \
-                      libacl1-dev:armhf \
-                      libapparmor-dev:armhf \
-                      libattr1-dev:armhf \
-                      libaudit-dev:armhf \
-                      libblkid-dev:armhf \
-                      libc6-dev:armhf \
-                      libcap-ng-dev:armhf \
-                      libcurl4-gnutls-dev:armhf \
-                      libdevmapper-dev:armhf \
-                      libfuse-dev:armhf \
-                      libglib2.0-dev:armhf \
-                      libglusterfs-dev:armhf \
-                      libgnutls28-dev:armhf \
-                      libiscsi-dev:armhf \
-                      libjson-c-dev:armhf \
-                      libnl-3-dev:armhf \
-                      libnl-route-3-dev:armhf \
-                      libnuma-dev:armhf \
-                      libparted-dev:armhf \
-                      libpcap0.8-dev:armhf \
-                      libpciaccess-dev:armhf \
-                      librbd-dev:armhf \
-                      libreadline-dev:armhf \
-                      libsanlock-dev:armhf \
-                      libsasl2-dev:armhf \
-                      libselinux1-dev:armhf \
-                      libssh-gcrypt-dev:armhf \
-                      libssh2-1-dev:armhf \
-                      libtirpc-dev:armhf \
-                      libudev-dev:armhf \
-                      libxen-dev:armhf \
-                      libxml2-dev:armhf \
-                      systemtap-sdt-dev:armhf && \
-    eatmydata apt-get autoremove -y && \
-    eatmydata apt-get autoclean -y && \
-    mkdir -p /usr/local/share/meson/cross && \
-    printf "[binaries]\n\
-c = '/usr/bin/arm-linux-gnueabihf-gcc'\n\
-ar = '/usr/bin/arm-linux-gnueabihf-gcc-ar'\n\
-strip = '/usr/bin/arm-linux-gnueabihf-strip'\n\
-pkgconfig = '/usr/bin/arm-linux-gnueabihf-pkg-config'\n\
-\n\
-[host_machine]\n\
-system = 'linux'\n\
-cpu_family = 'arm'\n\
-cpu = 'armhf'\n\
-endian = 'little'\n" > /usr/local/share/meson/cross/arm-linux-gnueabihf && \
-    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
-    mkdir -p /usr/libexec/ccache-wrappers && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabihf-cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabihf-gcc
-
-ENV ABI "arm-linux-gnueabihf"
-ENV MESON_OPTS "--cross-file=arm-linux-gnueabihf"
--- a/ci/containers/debian-11-cross-i686.Dockerfile
+++ b/ci/containers/debian-11-cross-i686.Dockerfile
@@ -1,122 +0,0 @@
-# THIS FILE WAS AUTO-GENERATED
-#
-#  $ lcitool manifest ci/manifest.yml
-#
-# https://gitlab.com/libvirt/libvirt-ci
-
-FROM docker.io/library/debian:11-slim
-
-RUN export DEBIAN_FRONTEND=noninteractive && \
-    apt-get update && \
-    apt-get install -y eatmydata && \
-    eatmydata apt-get dist-upgrade -y && \
-    eatmydata apt-get install --no-install-recommends -y \
-                      augeas-lenses \
-                      augeas-tools \
-                      bash-completion \
-                      black \
-                      ca-certificates \
-                      ccache \
-                      codespell \
-                      cpp \
-                      diffutils \
-                      dwarves \
-                      ebtables \
-                      flake8 \
-                      gettext \
-                      git \
-                      grep \
-                      iproute2 \
-                      iptables \
-                      kmod \
-                      libclang-dev \
-                      libxml2-utils \
-                      locales \
-                      lvm2 \
-                      make \
-                      meson \
-                      nfs-common \
-                      ninja-build \
-                      numad \
-                      open-iscsi \
-                      perl-base \
-                      pkgconf \
-                      policykit-1 \
-                      python3 \
-                      python3-docutils \
-                      python3-pytest \
-                      qemu-utils \
-                      sed \
-                      xsltproc && \
-    eatmydata apt-get autoremove -y && \
-    eatmydata apt-get autoclean -y && \
-    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales && \
-    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
-
-ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
-ENV LANG "en_US.UTF-8"
-ENV MAKE "/usr/bin/make"
-ENV NINJA "/usr/bin/ninja"
-ENV PYTHON "/usr/bin/python3"
-
-RUN export DEBIAN_FRONTEND=noninteractive && \
-    dpkg --add-architecture i386 && \
-    eatmydata apt-get update && \
-    eatmydata apt-get dist-upgrade -y && \
-    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
-    eatmydata apt-get install --no-install-recommends -y \
-                      gcc-i686-linux-gnu \
-                      libacl1-dev:i386 \
-                      libapparmor-dev:i386 \
-                      libattr1-dev:i386 \
-                      libaudit-dev:i386 \
-                      libblkid-dev:i386 \
-                      libc6-dev:i386 \
-                      libcap-ng-dev:i386 \
-                      libcurl4-gnutls-dev:i386 \
-                      libdevmapper-dev:i386 \
-                      libfuse-dev:i386 \
-                      libglib2.0-dev:i386 \
-                      libglusterfs-dev:i386 \
-                      libgnutls28-dev:i386 \
-                      libiscsi-dev:i386 \
-                      libjson-c-dev:i386 \
-                      libnl-3-dev:i386 \
-                      libnl-route-3-dev:i386 \
-                      libnuma-dev:i386 \
-                      libparted-dev:i386 \
-                      libpcap0.8-dev:i386 \
-                      libpciaccess-dev:i386 \
-                      librbd-dev:i386 \
-                      libreadline-dev:i386 \
-                      libsanlock-dev:i386 \
-                      libsasl2-dev:i386 \
-                      libselinux1-dev:i386 \
-                      libssh-gcrypt-dev:i386 \
-                      libssh2-1-dev:i386 \
-                      libtirpc-dev:i386 \
-                      libudev-dev:i386 \
-                      libxml2-dev:i386 \
-                      systemtap-sdt-dev:i386 && \
-    eatmydata apt-get autoremove -y && \
-    eatmydata apt-get autoclean -y && \
-    mkdir -p /usr/local/share/meson/cross && \
-    printf "[binaries]\n\
-c = '/usr/bin/i686-linux-gnu-gcc'\n\
-ar = '/usr/bin/i686-linux-gnu-gcc-ar'\n\
-strip = '/usr/bin/i686-linux-gnu-strip'\n\
-pkgconfig = '/usr/bin/i686-linux-gnu-pkg-config'\n\
-\n\
-[host_machine]\n\
-system = 'linux'\n\
-cpu_family = 'x86'\n\
-cpu = 'i686'\n\
-endian = 'little'\n" > /usr/local/share/meson/cross/i686-linux-gnu && \
-    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
-    mkdir -p /usr/libexec/ccache-wrappers && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-linux-gnu-cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-linux-gnu-gcc
-
-ENV ABI "i686-linux-gnu"
-ENV MESON_OPTS "--cross-file=i686-linux-gnu"
--- a/ci/containers/debian-11-cross-mips64el.Dockerfile
+++ b/ci/containers/debian-11-cross-mips64el.Dockerfile
@@ -1,122 +0,0 @@
-# THIS FILE WAS AUTO-GENERATED
-#
-#  $ lcitool manifest ci/manifest.yml
-#
-# https://gitlab.com/libvirt/libvirt-ci
-
-FROM docker.io/library/debian:11-slim
-
-RUN export DEBIAN_FRONTEND=noninteractive && \
-    apt-get update && \
-    apt-get install -y eatmydata && \
-    eatmydata apt-get dist-upgrade -y && \
-    eatmydata apt-get install --no-install-recommends -y \
-                      augeas-lenses \
-                      augeas-tools \
-                      bash-completion \
-                      black \
-                      ca-certificates \
-                      ccache \
-                      codespell \
-                      cpp \
-                      diffutils \
-                      dwarves \
-                      ebtables \
-                      flake8 \
-                      gettext \
-                      git \
-                      grep \
-                      iproute2 \
-                      iptables \
-                      kmod \
-                      libclang-dev \
-                      libxml2-utils \
-                      locales \
-                      lvm2 \
-                      make \
-                      meson \
-                      nfs-common \
-                      ninja-build \
-                      numad \
-                      open-iscsi \
-                      perl-base \
-                      pkgconf \
-                      policykit-1 \
-                      python3 \
-                      python3-docutils \
-                      python3-pytest \
-                      qemu-utils \
-                      sed \
-                      xsltproc && \
-    eatmydata apt-get autoremove -y && \
-    eatmydata apt-get autoclean -y && \
-    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales && \
-    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
-
-ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
-ENV LANG "en_US.UTF-8"
-ENV MAKE "/usr/bin/make"
-ENV NINJA "/usr/bin/ninja"
-ENV PYTHON "/usr/bin/python3"
-
-RUN export DEBIAN_FRONTEND=noninteractive && \
-    dpkg --add-architecture mips64el && \
-    eatmydata apt-get update && \
-    eatmydata apt-get dist-upgrade -y && \
-    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
-    eatmydata apt-get install --no-install-recommends -y \
-                      gcc-mips64el-linux-gnuabi64 \
-                      libacl1-dev:mips64el \
-                      libapparmor-dev:mips64el \
-                      libattr1-dev:mips64el \
-                      libaudit-dev:mips64el \
-                      libblkid-dev:mips64el \
-                      libc6-dev:mips64el \
-                      libcap-ng-dev:mips64el \
-                      libcurl4-gnutls-dev:mips64el \
-                      libdevmapper-dev:mips64el \
-                      libfuse-dev:mips64el \
-                      libglib2.0-dev:mips64el \
-                      libglusterfs-dev:mips64el \
-                      libgnutls28-dev:mips64el \
-                      libiscsi-dev:mips64el \
-                      libjson-c-dev:mips64el \
-                      libnl-3-dev:mips64el \
-                      libnl-route-3-dev:mips64el \
-                      libnuma-dev:mips64el \
-                      libparted-dev:mips64el \
-                      libpcap0.8-dev:mips64el \
-                      libpciaccess-dev:mips64el \
-                      librbd-dev:mips64el \
-                      libreadline-dev:mips64el \
-                      libsanlock-dev:mips64el \
-                      libsasl2-dev:mips64el \
-                      libselinux1-dev:mips64el \
-                      libssh-gcrypt-dev:mips64el \
-                      libssh2-1-dev:mips64el \
-                      libtirpc-dev:mips64el \
-                      libudev-dev:mips64el \
-                      libxml2-dev:mips64el \
-                      systemtap-sdt-dev:mips64el && \
-    eatmydata apt-get autoremove -y && \
-    eatmydata apt-get autoclean -y && \
-    mkdir -p /usr/local/share/meson/cross && \
-    printf "[binaries]\n\
-c = '/usr/bin/mips64el-linux-gnuabi64-gcc'\n\
-ar = '/usr/bin/mips64el-linux-gnuabi64-gcc-ar'\n\
-strip = '/usr/bin/mips64el-linux-gnuabi64-strip'\n\
-pkgconfig = '/usr/bin/mips64el-linux-gnuabi64-pkg-config'\n\
-\n\
-[host_machine]\n\
-system = 'linux'\n\
-cpu_family = 'mips64'\n\
-cpu = 'mips64el'\n\
-endian = 'little'\n" > /usr/local/share/meson/cross/mips64el-linux-gnuabi64 && \
-    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
-    mkdir -p /usr/libexec/ccache-wrappers && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mips64el-linux-gnuabi64-cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mips64el-linux-gnuabi64-gcc
-
-ENV ABI "mips64el-linux-gnuabi64"
-ENV MESON_OPTS "--cross-file=mips64el-linux-gnuabi64"
--- a/ci/containers/debian-11-cross-mipsel.Dockerfile
+++ b/ci/containers/debian-11-cross-mipsel.Dockerfile
@@ -1,122 +0,0 @@
-# THIS FILE WAS AUTO-GENERATED
-#
-#  $ lcitool manifest ci/manifest.yml
-#
-# https://gitlab.com/libvirt/libvirt-ci
-
-FROM docker.io/library/debian:11-slim
-
-RUN export DEBIAN_FRONTEND=noninteractive && \
-    apt-get update && \
-    apt-get install -y eatmydata && \
-    eatmydata apt-get dist-upgrade -y && \
-    eatmydata apt-get install --no-install-recommends -y \
-                      augeas-lenses \
-                      augeas-tools \
-                      bash-completion \
-                      black \
-                      ca-certificates \
-                      ccache \
-                      codespell \
-                      cpp \
-                      diffutils \
-                      dwarves \
-                      ebtables \
-                      flake8 \
-                      gettext \
-                      git \
-                      grep \
-                      iproute2 \
-                      iptables \
-                      kmod \
-                      libclang-dev \
-                      libxml2-utils \
-                      locales \
-                      lvm2 \
-                      make \
-                      meson \
-                      nfs-common \
-                      ninja-build \
-                      numad \
-                      open-iscsi \
-                      perl-base \
-                      pkgconf \
-                      policykit-1 \
-                      python3 \
-                      python3-docutils \
-                      python3-pytest \
-                      qemu-utils \
-                      sed \
-                      xsltproc && \
-    eatmydata apt-get autoremove -y && \
-    eatmydata apt-get autoclean -y && \
-    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales && \
-    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
-
-ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
-ENV LANG "en_US.UTF-8"
-ENV MAKE "/usr/bin/make"
-ENV NINJA "/usr/bin/ninja"
-ENV PYTHON "/usr/bin/python3"
-
-RUN export DEBIAN_FRONTEND=noninteractive && \
-    dpkg --add-architecture mipsel && \
-    eatmydata apt-get update && \
-    eatmydata apt-get dist-upgrade -y && \
-    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
-    eatmydata apt-get install --no-install-recommends -y \
-                      gcc-mipsel-linux-gnu \
-                      libacl1-dev:mipsel \
-                      libapparmor-dev:mipsel \
-                      libattr1-dev:mipsel \
-                      libaudit-dev:mipsel \
-                      libblkid-dev:mipsel \
-                      libc6-dev:mipsel \
-                      libcap-ng-dev:mipsel \
-                      libcurl4-gnutls-dev:mipsel \
-                      libdevmapper-dev:mipsel \
-                      libfuse-dev:mipsel \
-                      libglib2.0-dev:mipsel \
-                      libglusterfs-dev:mipsel \
-                      libgnutls28-dev:mipsel \
-                      libiscsi-dev:mipsel \
-                      libjson-c-dev:mipsel \
-                      libnl-3-dev:mipsel \
-                      libnl-route-3-dev:mipsel \
-                      libnuma-dev:mipsel \
-                      libparted-dev:mipsel \
-                      libpcap0.8-dev:mipsel \
-                      libpciaccess-dev:mipsel \
-                      librbd-dev:mipsel \
-                      libreadline-dev:mipsel \
-                      libsanlock-dev:mipsel \
-                      libsasl2-dev:mipsel \
-                      libselinux1-dev:mipsel \
-                      libssh-gcrypt-dev:mipsel \
-                      libssh2-1-dev:mipsel \
-                      libtirpc-dev:mipsel \
-                      libudev-dev:mipsel \
-                      libxml2-dev:mipsel \
-                      systemtap-sdt-dev:mipsel && \
-    eatmydata apt-get autoremove -y && \
-    eatmydata apt-get autoclean -y && \
-    mkdir -p /usr/local/share/meson/cross && \
-    printf "[binaries]\n\
-c = '/usr/bin/mipsel-linux-gnu-gcc'\n\
-ar = '/usr/bin/mipsel-linux-gnu-gcc-ar'\n\
-strip = '/usr/bin/mipsel-linux-gnu-strip'\n\
-pkgconfig = '/usr/bin/mipsel-linux-gnu-pkg-config'\n\
-\n\
-[host_machine]\n\
-system = 'linux'\n\
-cpu_family = 'mips'\n\
-cpu = 'mipsel'\n\
-endian = 'little'\n" > /usr/local/share/meson/cross/mipsel-linux-gnu && \
-    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
-    mkdir -p /usr/libexec/ccache-wrappers && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mipsel-linux-gnu-cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mipsel-linux-gnu-gcc
-
-ENV ABI "mipsel-linux-gnu"
-ENV MESON_OPTS "--cross-file=mipsel-linux-gnu"
--- a/ci/containers/debian-11-cross-ppc64le.Dockerfile
+++ b/ci/containers/debian-11-cross-ppc64le.Dockerfile
@@ -1,122 +0,0 @@
-# THIS FILE WAS AUTO-GENERATED
-#
-#  $ lcitool manifest ci/manifest.yml
-#
-# https://gitlab.com/libvirt/libvirt-ci
-
-FROM docker.io/library/debian:11-slim
-
-RUN export DEBIAN_FRONTEND=noninteractive && \
-    apt-get update && \
-    apt-get install -y eatmydata && \
-    eatmydata apt-get dist-upgrade -y && \
-    eatmydata apt-get install --no-install-recommends -y \
-                      augeas-lenses \
-                      augeas-tools \
-                      bash-completion \
-                      black \
-                      ca-certificates \
-                      ccache \
-                      codespell \
-                      cpp \
-                      diffutils \
-                      dwarves \
-                      ebtables \
-                      flake8 \
-                      gettext \
-                      git \
-                      grep \
-                      iproute2 \
-                      iptables \
-                      kmod \
-                      libclang-dev \
-                      libxml2-utils \
-                      locales \
-                      lvm2 \
-                      make \
-                      meson \
-                      nfs-common \
-                      ninja-build \
-                      numad \
-                      open-iscsi \
-                      perl-base \
-                      pkgconf \
-                      policykit-1 \
-                      python3 \
-                      python3-docutils \
-                      python3-pytest \
-                      qemu-utils \
-                      sed \
-                      xsltproc && \
-    eatmydata apt-get autoremove -y && \
-    eatmydata apt-get autoclean -y && \
-    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales && \
-    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
-
-ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
-ENV LANG "en_US.UTF-8"
-ENV MAKE "/usr/bin/make"
-ENV NINJA "/usr/bin/ninja"
-ENV PYTHON "/usr/bin/python3"
-
-RUN export DEBIAN_FRONTEND=noninteractive && \
-    dpkg --add-architecture ppc64el && \
-    eatmydata apt-get update && \
-    eatmydata apt-get dist-upgrade -y && \
-    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
-    eatmydata apt-get install --no-install-recommends -y \
-                      gcc-powerpc64le-linux-gnu \
-                      libacl1-dev:ppc64el \
-                      libapparmor-dev:ppc64el \
-                      libattr1-dev:ppc64el \
-                      libaudit-dev:ppc64el \
-                      libblkid-dev:ppc64el \
-                      libc6-dev:ppc64el \
-                      libcap-ng-dev:ppc64el \
-                      libcurl4-gnutls-dev:ppc64el \
-                      libdevmapper-dev:ppc64el \
-                      libfuse-dev:ppc64el \
-                      libglib2.0-dev:ppc64el \
-                      libglusterfs-dev:ppc64el \
-                      libgnutls28-dev:ppc64el \
-                      libiscsi-dev:ppc64el \
-                      libjson-c-dev:ppc64el \
-                      libnl-3-dev:ppc64el \
-                      libnl-route-3-dev:ppc64el \
-                      libnuma-dev:ppc64el \
-                      libparted-dev:ppc64el \
-                      libpcap0.8-dev:ppc64el \
-                      libpciaccess-dev:ppc64el \
-                      librbd-dev:ppc64el \
-                      libreadline-dev:ppc64el \
-                      libsanlock-dev:ppc64el \
-                      libsasl2-dev:ppc64el \
-                      libselinux1-dev:ppc64el \
-                      libssh-gcrypt-dev:ppc64el \
-                      libssh2-1-dev:ppc64el \
-                      libtirpc-dev:ppc64el \
-                      libudev-dev:ppc64el \
-                      libxml2-dev:ppc64el \
-                      systemtap-sdt-dev:ppc64el && \
-    eatmydata apt-get autoremove -y && \
-    eatmydata apt-get autoclean -y && \
-    mkdir -p /usr/local/share/meson/cross && \
-    printf "[binaries]\n\
-c = '/usr/bin/powerpc64le-linux-gnu-gcc'\n\
-ar = '/usr/bin/powerpc64le-linux-gnu-gcc-ar'\n\
-strip = '/usr/bin/powerpc64le-linux-gnu-strip'\n\
-pkgconfig = '/usr/bin/powerpc64le-linux-gnu-pkg-config'\n\
-\n\
-[host_machine]\n\
-system = 'linux'\n\
-cpu_family = 'ppc64'\n\
-cpu = 'powerpc64le'\n\
-endian = 'little'\n" > /usr/local/share/meson/cross/powerpc64le-linux-gnu && \
-    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
-    mkdir -p /usr/libexec/ccache-wrappers && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/powerpc64le-linux-gnu-cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/powerpc64le-linux-gnu-gcc
-
-ENV ABI "powerpc64le-linux-gnu"
-ENV MESON_OPTS "--cross-file=powerpc64le-linux-gnu"
--- a/ci/containers/debian-11-cross-s390x.Dockerfile
+++ b/ci/containers/debian-11-cross-s390x.Dockerfile
@@ -1,122 +0,0 @@
-# THIS FILE WAS AUTO-GENERATED
-#
-#  $ lcitool manifest ci/manifest.yml
-#
-# https://gitlab.com/libvirt/libvirt-ci
-
-FROM docker.io/library/debian:11-slim
-
-RUN export DEBIAN_FRONTEND=noninteractive && \
-    apt-get update && \
-    apt-get install -y eatmydata && \
-    eatmydata apt-get dist-upgrade -y && \
-    eatmydata apt-get install --no-install-recommends -y \
-                      augeas-lenses \
-                      augeas-tools \
-                      bash-completion \
-                      black \
-                      ca-certificates \
-                      ccache \
-                      codespell \
-                      cpp \
-                      diffutils \
-                      dwarves \
-                      ebtables \
-                      flake8 \
-                      gettext \
-                      git \
-                      grep \
-                      iproute2 \
-                      iptables \
-                      kmod \
-                      libclang-dev \
-                      libxml2-utils \
-                      locales \
-                      lvm2 \
-                      make \
-                      meson \
-                      nfs-common \
-                      ninja-build \
-                      numad \
-                      open-iscsi \
-                      perl-base \
-                      pkgconf \
-                      policykit-1 \
-                      python3 \
-                      python3-docutils \
-                      python3-pytest \
-                      qemu-utils \
-                      sed \
-                      xsltproc && \
-    eatmydata apt-get autoremove -y && \
-    eatmydata apt-get autoclean -y && \
-    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales && \
-    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED
-
-ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
-ENV LANG "en_US.UTF-8"
-ENV MAKE "/usr/bin/make"
-ENV NINJA "/usr/bin/ninja"
-ENV PYTHON "/usr/bin/python3"
-
-RUN export DEBIAN_FRONTEND=noninteractive && \
-    dpkg --add-architecture s390x && \
-    eatmydata apt-get update && \
-    eatmydata apt-get dist-upgrade -y && \
-    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
-    eatmydata apt-get install --no-install-recommends -y \
-                      gcc-s390x-linux-gnu \
-                      libacl1-dev:s390x \
-                      libapparmor-dev:s390x \
-                      libattr1-dev:s390x \
-                      libaudit-dev:s390x \
-                      libblkid-dev:s390x \
-                      libc6-dev:s390x \
-                      libcap-ng-dev:s390x \
-                      libcurl4-gnutls-dev:s390x \
-                      libdevmapper-dev:s390x \
-                      libfuse-dev:s390x \
-                      libglib2.0-dev:s390x \
-                      libglusterfs-dev:s390x \
-                      libgnutls28-dev:s390x \
-                      libiscsi-dev:s390x \
-                      libjson-c-dev:s390x \
-                      libnl-3-dev:s390x \
-                      libnl-route-3-dev:s390x \
-                      libnuma-dev:s390x \
-                      libparted-dev:s390x \
-                      libpcap0.8-dev:s390x \
-                      libpciaccess-dev:s390x \
-                      librbd-dev:s390x \
-                      libreadline-dev:s390x \
-                      libsanlock-dev:s390x \
-                      libsasl2-dev:s390x \
-                      libselinux1-dev:s390x \
-                      libssh-gcrypt-dev:s390x \
-                      libssh2-1-dev:s390x \
-                      libtirpc-dev:s390x \
-                      libudev-dev:s390x \
-                      libxml2-dev:s390x \
-                      systemtap-sdt-dev:s390x && \
-    eatmydata apt-get autoremove -y && \
-    eatmydata apt-get autoclean -y && \
-    mkdir -p /usr/local/share/meson/cross && \
-    printf "[binaries]\n\
-c = '/usr/bin/s390x-linux-gnu-gcc'\n\
-ar = '/usr/bin/s390x-linux-gnu-gcc-ar'\n\
-strip = '/usr/bin/s390x-linux-gnu-strip'\n\
-pkgconfig = '/usr/bin/s390x-linux-gnu-pkg-config'\n\
-\n\
-[host_machine]\n\
-system = 'linux'\n\
-cpu_family = 's390x'\n\
-cpu = 's390x'\n\
-endian = 'big'\n" > /usr/local/share/meson/cross/s390x-linux-gnu && \
-    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
-    mkdir -p /usr/libexec/ccache-wrappers && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/s390x-linux-gnu-cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/s390x-linux-gnu-gcc
-
-ENV ABI "s390x-linux-gnu"
-ENV MESON_OPTS "--cross-file=s390x-linux-gnu"
--- a/ci/containers/debian-11.Dockerfile
+++ b/ci/containers/debian-11.Dockerfile
@@ -1,103 +0,0 @@
-# THIS FILE WAS AUTO-GENERATED
-#
-#  $ lcitool manifest ci/manifest.yml
-#
-# https://gitlab.com/libvirt/libvirt-ci
-
-FROM docker.io/library/debian:11-slim
-
-RUN export DEBIAN_FRONTEND=noninteractive && \
-    apt-get update && \
-    apt-get install -y eatmydata && \
-    eatmydata apt-get dist-upgrade -y && \
-    eatmydata apt-get install --no-install-recommends -y \
-                      augeas-lenses \
-                      augeas-tools \
-                      bash-completion \
-                      black \
-                      ca-certificates \
-                      ccache \
-                      clang \
-                      codespell \
-                      cpp \
-                      diffutils \
-                      dwarves \
-                      ebtables \
-                      flake8 \
-                      gcc \
-                      gettext \
-                      git \
-                      grep \
-                      iproute2 \
-                      iptables \
-                      kmod \
-                      libacl1-dev \
-                      libapparmor-dev \
-                      libattr1-dev \
-                      libaudit-dev \
-                      libblkid-dev \
-                      libc6-dev \
-                      libcap-ng-dev \
-                      libclang-dev \
-                      libcurl4-gnutls-dev \
-                      libdevmapper-dev \
-                      libfuse-dev \
-                      libglib2.0-dev \
-                      libglusterfs-dev \
-                      libgnutls28-dev \
-                      libiscsi-dev \
-                      libjson-c-dev \
-                      libnetcf-dev \
-                      libnl-3-dev \
-                      libnl-route-3-dev \
-                      libnuma-dev \
-                      libparted-dev \
-                      libpcap0.8-dev \
-                      libpciaccess-dev \
-                      librbd-dev \
-                      libreadline-dev \
-                      libsanlock-dev \
-                      libsasl2-dev \
-                      libselinux1-dev \
-                      libssh-gcrypt-dev \
-                      libssh2-1-dev \
-                      libtirpc-dev \
-                      libudev-dev \
-                      libxen-dev \
-                      libxml2-dev \
-                      libxml2-utils \
-                      locales \
-                      lvm2 \
-                      make \
-                      meson \
-                      nfs-common \
-                      ninja-build \
-                      numad \
-                      open-iscsi \
-                      perl-base \
-                      pkgconf \
-                      policykit-1 \
-                      python3 \
-                      python3-docutils \
-                      python3-pytest \
-                      qemu-utils \
-                      sed \
-                      systemtap-sdt-dev \
-                      wireshark-dev \
-                      xsltproc && \
-    eatmydata apt-get autoremove -y && \
-    eatmydata apt-get autoclean -y && \
-    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales && \
-    rm -f /usr/lib*/python3*/EXTERNALLY-MANAGED && \
-    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
-    mkdir -p /usr/libexec/ccache-wrappers && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/clang && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/gcc
-
-ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
-ENV LANG "en_US.UTF-8"
-ENV MAKE "/usr/bin/make"
-ENV NINJA "/usr/bin/ninja"
-ENV PYTHON "/usr/bin/python3"
--- a/ci/containers/debian-12-cross-aarch64.Dockerfile
+++ b/ci/containers/debian-12-cross-aarch64.Dockerfile
@@ -94,7 +94,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
                      libsanlock-dev:arm64 \
                      libsasl2-dev:arm64 \
                      libselinux1-dev:arm64 \
-                      libssh-gcrypt-dev:arm64 \
+                      libssh-dev:arm64 \
                      libssh2-1-dev:arm64 \
                      libtirpc-dev:arm64 \
                      libudev-dev:arm64 \
--- a/ci/containers/debian-12-cross-armv6l.Dockerfile
+++ b/ci/containers/debian-12-cross-armv6l.Dockerfile
@@ -94,7 +94,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
                      libsanlock-dev:armel \
                      libsasl2-dev:armel \
                      libselinux1-dev:armel \
-                      libssh-gcrypt-dev:armel \
+                      libssh-dev:armel \
                      libssh2-1-dev:armel \
                      libtirpc-dev:armel \
                      libudev-dev:armel \
--- a/ci/containers/debian-12-cross-armv7l.Dockerfile
+++ b/ci/containers/debian-12-cross-armv7l.Dockerfile
@@ -94,7 +94,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
                      libsanlock-dev:armhf \
                      libsasl2-dev:armhf \
                      libselinux1-dev:armhf \
-                      libssh-gcrypt-dev:armhf \
+                      libssh-dev:armhf \
                      libssh2-1-dev:armhf \
                      libtirpc-dev:armhf \
                      libudev-dev:armhf \
--- a/ci/containers/debian-12-cross-i686.Dockerfile
+++ b/ci/containers/debian-12-cross-i686.Dockerfile
@@ -94,7 +94,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
                      libsanlock-dev:i386 \
                      libsasl2-dev:i386 \
                      libselinux1-dev:i386 \
-                      libssh-gcrypt-dev:i386 \
+                      libssh-dev:i386 \
                      libssh2-1-dev:i386 \
                      libtirpc-dev:i386 \
                      libudev-dev:i386 \
--- a/ci/containers/debian-12-cross-mips64el.Dockerfile
+++ b/ci/containers/debian-12-cross-mips64el.Dockerfile
@@ -94,7 +94,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
                      libsanlock-dev:mips64el \
                      libsasl2-dev:mips64el \
                      libselinux1-dev:mips64el \
-                      libssh-gcrypt-dev:mips64el \
+                      libssh-dev:mips64el \
                      libssh2-1-dev:mips64el \
                      libtirpc-dev:mips64el \
                      libudev-dev:mips64el \
--- a/ci/containers/debian-12-cross-mipsel.Dockerfile
+++ b/ci/containers/debian-12-cross-mipsel.Dockerfile
@@ -94,7 +94,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
                      libsanlock-dev:mipsel \
                      libsasl2-dev:mipsel \
                      libselinux1-dev:mipsel \
-                      libssh-gcrypt-dev:mipsel \
+                      libssh-dev:mipsel \
                      libssh2-1-dev:mipsel \
                      libtirpc-dev:mipsel \
                      libudev-dev:mipsel \
--- a/ci/containers/debian-12-cross-ppc64le.Dockerfile
+++ b/ci/containers/debian-12-cross-ppc64le.Dockerfile
@@ -94,7 +94,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
                      libsanlock-dev:ppc64el \
                      libsasl2-dev:ppc64el \
                      libselinux1-dev:ppc64el \
-                      libssh-gcrypt-dev:ppc64el \
+                      libssh-dev:ppc64el \
                      libssh2-1-dev:ppc64el \
                      libtirpc-dev:ppc64el \
                      libudev-dev:ppc64el \
--- a/ci/containers/debian-12-cross-s390x.Dockerfile
+++ b/ci/containers/debian-12-cross-s390x.Dockerfile
@@ -94,7 +94,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
                      libsanlock-dev:s390x \
                      libsasl2-dev:s390x \
                      libselinux1-dev:s390x \
-                      libssh-gcrypt-dev:s390x \
+                      libssh-dev:s390x \
                      libssh2-1-dev:s390x \
                      libtirpc-dev:s390x \
                      libudev-dev:s390x \
--- a/ci/containers/debian-12.Dockerfile
+++ b/ci/containers/debian-12.Dockerfile
@@ -59,7 +59,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
                      libsanlock-dev \
                      libsasl2-dev \
                      libselinux1-dev \
-                      libssh-gcrypt-dev \
+                      libssh-dev \
                      libssh2-1-dev \
                      libtirpc-dev \
                      libudev-dev \
--- a/ci/containers/debian-sid-cross-aarch64.Dockerfile
+++ b/ci/containers/debian-sid-cross-aarch64.Dockerfile
@@ -94,7 +94,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
                      libsanlock-dev:arm64 \
                      libsasl2-dev:arm64 \
                      libselinux1-dev:arm64 \
-                      libssh-gcrypt-dev:arm64 \
+                      libssh-dev:arm64 \
                      libssh2-1-dev:arm64 \
                      libtirpc-dev:arm64 \
                      libudev-dev:arm64 \
--- a/ci/containers/debian-sid-cross-armv6l.Dockerfile
+++ b/ci/containers/debian-sid-cross-armv6l.Dockerfile
@@ -93,7 +93,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
                      libsanlock-dev:armel \
                      libsasl2-dev:armel \
                      libselinux1-dev:armel \
-                      libssh-gcrypt-dev:armel \
+                      libssh-dev:armel \
                      libssh2-1-dev:armel \
                      libtirpc-dev:armel \
                      libudev-dev:armel \
--- a/ci/containers/debian-sid-cross-armv7l.Dockerfile
+++ b/ci/containers/debian-sid-cross-armv7l.Dockerfile
@@ -93,7 +93,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
                      libsanlock-dev:armhf \
                      libsasl2-dev:armhf \
                      libselinux1-dev:armhf \
-                      libssh-gcrypt-dev:armhf \
+                      libssh-dev:armhf \
                      libssh2-1-dev:armhf \
                      libtirpc-dev:armhf \
                      libudev-dev:armhf \
--- a/ci/containers/debian-sid-cross-i686.Dockerfile
+++ b/ci/containers/debian-sid-cross-i686.Dockerfile
@@ -93,7 +93,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
                      libsanlock-dev:i386 \
                      libsasl2-dev:i386 \
                      libselinux1-dev:i386 \
-                      libssh-gcrypt-dev:i386 \
+                      libssh-dev:i386 \
                      libssh2-1-dev:i386 \
                      libtirpc-dev:i386 \
                      libudev-dev:i386 \
--- a/ci/containers/debian-sid-cross-mips64el.Dockerfile
+++ b/ci/containers/debian-sid-cross-mips64el.Dockerfile
@@ -94,7 +94,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
                      libsanlock-dev:mips64el \
                      libsasl2-dev:mips64el \
                      libselinux1-dev:mips64el \
-                      libssh-gcrypt-dev:mips64el \
+                      libssh-dev:mips64el \
                      libssh2-1-dev:mips64el \
                      libtirpc-dev:mips64el \
                      libudev-dev:mips64el \
--- a/ci/containers/debian-sid-cross-ppc64le.Dockerfile
+++ b/ci/containers/debian-sid-cross-ppc64le.Dockerfile
@@ -94,7 +94,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
                      libsanlock-dev:ppc64el \
                      libsasl2-dev:ppc64el \
                      libselinux1-dev:ppc64el \
-                      libssh-gcrypt-dev:ppc64el \
+                      libssh-dev:ppc64el \
                      libssh2-1-dev:ppc64el \
                      libtirpc-dev:ppc64el \
                      libudev-dev:ppc64el \
--- a/ci/containers/debian-sid-cross-s390x.Dockerfile
+++ b/ci/containers/debian-sid-cross-s390x.Dockerfile
@@ -94,7 +94,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
                      libsanlock-dev:s390x \
                      libsasl2-dev:s390x \
                      libselinux1-dev:s390x \
-                      libssh-gcrypt-dev:s390x \
+                      libssh-dev:s390x \
                      libssh2-1-dev:s390x \
                      libtirpc-dev:s390x \
                      libudev-dev:s390x \
--- a/ci/containers/debian-sid.Dockerfile
+++ b/ci/containers/debian-sid.Dockerfile
@@ -59,7 +59,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
                      libsanlock-dev \
                      libsasl2-dev \
                      libselinux1-dev \
-                      libssh-gcrypt-dev \
+                      libssh-dev \
                      libssh2-1-dev \
                      libtirpc-dev \
                      libudev-dev \
--- a/ci/containers/fedora-41-cross-mingw32.Dockerfile
+++ b/ci/containers/fedora-41-cross-mingw32.Dockerfile
@@ -4,7 +4,7 @@
 #
 # https://gitlab.com/libvirt/libvirt-ci

-FROM registry.fedoraproject.org/fedora:40
+FROM registry.fedoraproject.org/fedora:41

 RUN dnf install -y nosync && \
    printf '#!/bin/sh\n\
@@ -19,7 +19,7 @@ exec "$@"\n' > /usr/bin/nosync && \
    nosync dnf update -y && \
    nosync dnf install -y \
               augeas \
-               bash-completion \
+               bash-completion-devel \
               ca-certificates \
               ccache \
               codespell \
--- a/ci/containers/fedora-41-cross-mingw64.Dockerfile
+++ b/ci/containers/fedora-41-cross-mingw64.Dockerfile
@@ -4,7 +4,7 @@
 #
 # https://gitlab.com/libvirt/libvirt-ci

-FROM registry.fedoraproject.org/fedora:40
+FROM registry.fedoraproject.org/fedora:41

 RUN dnf install -y nosync && \
    printf '#!/bin/sh\n\
@@ -19,7 +19,7 @@ exec "$@"\n' > /usr/bin/nosync && \
    nosync dnf update -y && \
    nosync dnf install -y \
               augeas \
-               bash-completion \
+               bash-completion-devel \
               ca-certificates \
               ccache \
               codespell \
--- a/ci/containers/fedora-41.Dockerfile
+++ b/ci/containers/fedora-41.Dockerfile
@@ -4,7 +4,7 @@
 #
 # https://gitlab.com/libvirt/libvirt-ci

-FROM registry.fedoraproject.org/fedora:39
+FROM registry.fedoraproject.org/fedora:41

 RUN dnf install -y nosync && \
    printf '#!/bin/sh\n\
@@ -20,7 +20,7 @@ exec "$@"\n' > /usr/bin/nosync && \
    nosync dnf install -y \
               audit-libs-devel \
               augeas \
-               bash-completion \
+               bash-completion-devel \
               ca-certificates \
               ccache \
               clang \
@@ -93,6 +93,7 @@ exec "$@"\n' > /usr/bin/nosync && \
               systemd-devel \
               systemd-rpm-macros \
               systemtap-sdt-devel \
+               systemtap-sdt-dtrace \
               wireshark-devel \
               xen-devel && \
    nosync dnf autoremove -y && \
--- a/ci/gitlab.yml
+++ b/ci/gitlab.yml
@@ -11,8 +11,11 @@
 #  - RUN_PIPELINE - force creation of a CI pipeline when
 #    pushing to a branch in a forked repository. Official
 #    CI pipelines are triggered when merge requests are
-#    created/updated. Setting this variable to a non-empty
-#    value allows CI testing prior to opening a merge request.
+#    created/updated. Setting this variable allows CI
+#    testing prior to opening a merge request. A value
+#    of "0" will create the pipeline but leave all jobs
+#    to be manually started, while "1" will immediately
+#    run all default jobs.
 #
 #  - RUN_PIPELINE_UPSTREAM_ENV - same semantics as RUN_PIPELINE,
 #    but uses the CI environment (containers) from the upstream project
@@ -38,11 +41,13 @@
 #
 # Aliases can be set for common usage
 #
-#  $ git config --local alias.push-ci "push -o ci.variable=RUN_PIPELINE=1"
+#  $ git config --local alias.push-ci "push -o ci.variable=RUN_PIPELINE=0"
+#  $ git config --local alias.push-ci-now "push -o ci.variable=RUN_PIPELINE=1"
 #
 # Allowing the less verbose invocation
 #
-#  $ git push-ci
+#  $ git push-ci     (create pipeline but don't start jobs)
+#  $ git push-ci-now (create pipeline and start default jobs)
 #
 # Pipeline variables can also be set in the repository
 # pipeline config globally, or set against scheduled pipelines
@@ -50,6 +55,7 @@

 variables:
  RUN_UPSTREAM_NAMESPACE: libvirt
+  CONTAINER_UPSTREAM_NAMESPACE: libvirt
  FF_SCRIPT_SECTIONS: 1


--- a/ci/gitlab/build-templates.yml
+++ b/ci/gitlab/build-templates.yml
@@ -35,7 +35,7 @@
      fi
    - cat /packages.txt
  variables:
-    IMAGE: $CI_REGISTRY/$RUN_UPSTREAM_NAMESPACE/libvirt/ci-$NAME:latest
+    IMAGE: $CI_REGISTRY/$CONTAINER_UPSTREAM_NAMESPACE/libvirt/ci-$NAME:latest
  rules:
    ### PUSH events

@@ -47,19 +47,27 @@
      when: on_success

    # forks: pushes to a branch when a pipeline run in upstream env is explicitly requested
-    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE_UPSTREAM_ENV && $JOB_OPTIONAL'
+    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE_UPSTREAM_ENV == "0"'
      when: manual
      allow_failure: true
-    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE_UPSTREAM_ENV'
+    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE_UPSTREAM_ENV == "1" && $JOB_OPTIONAL'
+      when: manual
+      allow_failure: true
+    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE_UPSTREAM_ENV == "1"'
      when: on_success

    # forks: pushes to branches with pipeline requested
-    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE && $JOB_OPTIONAL'
+    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE == "0"'
      when: manual
      allow_failure: true
      variables:
        IMAGE: $TARGET_BASE_IMAGE
-    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE'
+    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE == "1" && $JOB_OPTIONAL'
+      when: manual
+      allow_failure: true
+      variables:
+        IMAGE: $TARGET_BASE_IMAGE
+    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE == "1"'
      when: on_success
      variables:
        IMAGE: $TARGET_BASE_IMAGE
@@ -171,7 +179,7 @@
      fi
    - cat /packages.txt
  variables:
-    IMAGE: $CI_REGISTRY/$RUN_UPSTREAM_NAMESPACE/libvirt/ci-$NAME-cross-$CROSS:latest
+    IMAGE: $CI_REGISTRY/$CONTAINER_UPSTREAM_NAMESPACE/libvirt/ci-$NAME-cross-$CROSS:latest
  rules:
    ### PUSH events

@@ -183,19 +191,27 @@
      when: on_success

    # forks: pushes to a branch when a pipeline run in upstream env is explicitly requested
-    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE_UPSTREAM_ENV && $JOB_OPTIONAL'
+    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE_UPSTREAM_ENV == "0"'
      when: manual
      allow_failure: true
-    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE_UPSTREAM_ENV'
+    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE_UPSTREAM_ENV == "1" && $JOB_OPTIONAL'
+      when: manual
+      allow_failure: true
+    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE_UPSTREAM_ENV == "1"'
      when: on_success

    # forks: pushes to branches with pipeline requested
-    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE && $JOB_OPTIONAL'
+    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE == "0"'
      when: manual
      allow_failure: true
      variables:
        IMAGE: $TARGET_BASE_IMAGE
-    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE'
+    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE == "1" && $JOB_OPTIONAL'
+      when: manual
+      allow_failure: true
+      variables:
+        IMAGE: $TARGET_BASE_IMAGE
+    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE == "1"'
      when: on_success
      variables:
        IMAGE: $TARGET_BASE_IMAGE
@@ -302,15 +318,21 @@
      when: on_success

    # forks: pushes to branches with pipeline requested (including pipeline in upstream environment)
-    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE && $JOB_OPTIONAL'
+    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE == "0"'
      when: manual
      allow_failure: true
-    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE'
+    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE == "1" && $JOB_OPTIONAL'
+      when: manual
+      allow_failure: true
+    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE == "1"'
      when: on_success
-    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE_UPSTREAM_ENV && $JOB_OPTIONAL'
+    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE_UPSTREAM_ENV == "0"'
      when: manual
      allow_failure: true
-    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE_UPSTREAM_ENV'
+    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE_UPSTREAM_ENV == "1" && $JOB_OPTIONAL'
+      when: manual
+      allow_failure: true
+    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $RUN_PIPELINE_UPSTREAM_ENV == "1"'
      when: on_success

    # upstream+forks: Run pipelines on MR, web, api & scheduled
--- a/ci/gitlab/builds.yml
+++ b/ci/gitlab/builds.yml
@@ -33,15 +33,15 @@ x86_64-almalinux-9-clang:
    TARGET_BASE_IMAGE: docker.io/library/almalinux:9


-x86_64-alpine-319:
+x86_64-alpine-321:
  extends: .native_build_job
  needs:
-    - job: x86_64-alpine-319-container
+    - job: x86_64-alpine-321-container
      optional: true
  allow_failure: false
  variables:
-    NAME: alpine-319
-    TARGET_BASE_IMAGE: docker.io/library/alpine:3.19
+    NAME: alpine-321
+    TARGET_BASE_IMAGE: docker.io/library/alpine:3.21


 x86_64-alpine-edge:
@@ -70,30 +70,6 @@ x86_64-centos-stream-9:
      - libvirt-rpms


-x86_64-debian-11:
-  extends: .native_build_job
-  needs:
-    - job: x86_64-debian-11-container
-      optional: true
-  allow_failure: false
-  variables:
-    JOB_OPTIONAL: 1
-    NAME: debian-11
-    TARGET_BASE_IMAGE: docker.io/library/debian:11-slim
-
-
-x86_64-debian-11-clang:
-  extends: .native_build_job
-  needs:
-    - job: x86_64-debian-11-container
-      optional: true
-  allow_failure: false
-  variables:
-    JOB_OPTIONAL: 1
-    NAME: debian-11
-    TARGET_BASE_IMAGE: docker.io/library/debian:11-slim
-
-
 x86_64-debian-12:
  extends: .native_build_job
  needs:
@@ -127,21 +103,6 @@ x86_64-debian-sid:
    TARGET_BASE_IMAGE: docker.io/library/debian:sid-slim


-x86_64-fedora-39:
-  extends: .native_build_job
-  needs:
-    - job: x86_64-fedora-39-container
-      optional: true
-  allow_failure: false
-  variables:
-    NAME: fedora-39
-    TARGET_BASE_IMAGE: registry.fedoraproject.org/fedora:39
-  artifacts:
-    expire_in: 1 day
-    paths:
-      - libvirt-rpms
-
-
 x86_64-fedora-40:
  extends: .native_build_job
  needs:
@@ -157,6 +118,21 @@ x86_64-fedora-40:
      - libvirt-rpms


+x86_64-fedora-41:
+  extends: .native_build_job
+  needs:
+    - job: x86_64-fedora-41-container
+      optional: true
+  allow_failure: false
+  variables:
+    NAME: fedora-41
+    TARGET_BASE_IMAGE: registry.fedoraproject.org/fedora:41
+  artifacts:
+    expire_in: 1 day
+    paths:
+      - libvirt-rpms
+
+
 x86_64-fedora-rawhide:
  extends: .native_build_job
  needs:
@@ -246,110 +222,6 @@ x86_64-ubuntu-2404-clang:

 # Cross build jobs

-aarch64-debian-11:
-  extends: .cross_build_job
-  needs:
-    - job: aarch64-debian-11-container
-      optional: true
-  allow_failure: false
-  variables:
-    CROSS: aarch64
-    JOB_OPTIONAL: 1
-    NAME: debian-11
-    TARGET_BASE_IMAGE: docker.io/library/debian:11-slim
-
-
-armv6l-debian-11:
-  extends: .cross_build_job
-  needs:
-    - job: armv6l-debian-11-container
-      optional: true
-  allow_failure: false
-  variables:
-    CROSS: armv6l
-    JOB_OPTIONAL: 1
-    NAME: debian-11
-    TARGET_BASE_IMAGE: docker.io/library/debian:11-slim
-
-
-armv7l-debian-11:
-  extends: .cross_build_job
-  needs:
-    - job: armv7l-debian-11-container
-      optional: true
-  allow_failure: false
-  variables:
-    CROSS: armv7l
-    JOB_OPTIONAL: 1
-    NAME: debian-11
-    TARGET_BASE_IMAGE: docker.io/library/debian:11-slim
-
-
-i686-debian-11:
-  extends: .cross_build_job
-  needs:
-    - job: i686-debian-11-container
-      optional: true
-  allow_failure: false
-  variables:
-    CROSS: i686
-    JOB_OPTIONAL: 1
-    NAME: debian-11
-    TARGET_BASE_IMAGE: docker.io/library/debian:11-slim
-
-
-mips64el-debian-11:
-  extends: .cross_build_job
-  needs:
-    - job: mips64el-debian-11-container
-      optional: true
-  allow_failure: false
-  variables:
-    CROSS: mips64el
-    JOB_OPTIONAL: 1
-    NAME: debian-11
-    TARGET_BASE_IMAGE: docker.io/library/debian:11-slim
-
-
-mipsel-debian-11:
-  extends: .cross_build_job
-  needs:
-    - job: mipsel-debian-11-container
-      optional: true
-  allow_failure: false
-  variables:
-    CROSS: mipsel
-    JOB_OPTIONAL: 1
-    NAME: debian-11
-    TARGET_BASE_IMAGE: docker.io/library/debian:11-slim
-
-
-ppc64le-debian-11:
-  extends: .cross_build_job
-  needs:
-    - job: ppc64le-debian-11-container
-      optional: true
-  allow_failure: false
-  variables:
-    CROSS: ppc64le
-    JOB_OPTIONAL: 1
-    NAME: debian-11
-    TARGET_BASE_IMAGE: docker.io/library/debian:11-slim
-
-
-s390x-debian-11:
-  extends: .cross_build_job
-  needs:
-    - job: s390x-debian-11-container
-      optional: true
-  allow_failure: false
-  variables:
-    CROSS: s390x
-    JOB_OPTIONAL: 1
-    NAME: debian-11
-    TARGET_BASE_IMAGE: docker.io/library/debian:11-slim
-
-
 aarch64-debian-12:
  extends: .cross_build_job
  needs:
@@ -544,29 +416,29 @@ s390x-debian-sid:
    TARGET_BASE_IMAGE: docker.io/library/debian:sid-slim


-mingw32-fedora-40:
+mingw32-fedora-41:
  extends: .cross_build_job
  needs:
-    - job: mingw32-fedora-40-container
+    - job: mingw32-fedora-41-container
      optional: true
  allow_failure: false
  variables:
    CROSS: mingw32
    JOB_OPTIONAL: 1
-    NAME: fedora-40
-    TARGET_BASE_IMAGE: registry.fedoraproject.org/fedora:40
+    NAME: fedora-41
+    TARGET_BASE_IMAGE: registry.fedoraproject.org/fedora:41


-mingw64-fedora-40:
+mingw64-fedora-41:
  extends: .cross_build_job
  needs:
-    - job: mingw64-fedora-40-container
+    - job: mingw64-fedora-41-container
      optional: true
  allow_failure: false
  variables:
    CROSS: mingw64
-    NAME: fedora-40
-    TARGET_BASE_IMAGE: registry.fedoraproject.org/fedora:40
+    NAME: fedora-41
+    TARGET_BASE_IMAGE: registry.fedoraproject.org/fedora:41


 mingw32-fedora-rawhide:
@@ -602,7 +474,7 @@ x86_64-freebsd-13:
  allow_failure:
    exit_codes: 3
  variables:
-    CIRRUS_VM_IMAGE_NAME: freebsd-13-3
+    CIRRUS_VM_IMAGE_NAME: freebsd-13-4
    CIRRUS_VM_IMAGE_SELECTOR: image_family
    CIRRUS_VM_INSTANCE_TYPE: freebsd_instance
    INSTALL_COMMAND: pkg install -y
@@ -617,7 +489,7 @@ x86_64-freebsd-14:
  allow_failure:
    exit_codes: 3
  variables:
-    CIRRUS_VM_IMAGE_NAME: freebsd-14-0
+    CIRRUS_VM_IMAGE_NAME: freebsd-14-2
    CIRRUS_VM_IMAGE_SELECTOR: image_family
    CIRRUS_VM_INSTANCE_TYPE: freebsd_instance
    INSTALL_COMMAND: pkg install -y
--- a/ci/gitlab/containers.yml
+++ b/ci/gitlab/containers.yml
@@ -14,11 +14,11 @@ x86_64-almalinux-9-container:
    NAME: almalinux-9


-x86_64-alpine-319-container:
+x86_64-alpine-321-container:
  extends: .container_job
  allow_failure: false
  variables:
-    NAME: alpine-319
+    NAME: alpine-321


 x86_64-alpine-edge-container:
@@ -35,14 +35,6 @@ x86_64-centos-stream-9-container:
    NAME: centos-stream-9


-x86_64-debian-11-container:
-  extends: .container_job
-  allow_failure: false
-  variables:
-    JOB_OPTIONAL: 1
-    NAME: debian-11
-
-
 x86_64-debian-12-container:
  extends: .container_job
  allow_failure: false
@@ -57,13 +49,6 @@ x86_64-debian-sid-container:
    NAME: debian-sid


-x86_64-fedora-39-container:
-  extends: .container_job
-  allow_failure: false
-  variables:
-    NAME: fedora-39
-
-
 x86_64-fedora-40-container:
  extends: .container_job
  allow_failure: false
@@ -71,6 +56,13 @@ x86_64-fedora-40-container:
    NAME: fedora-40


+x86_64-fedora-41-container:
+  extends: .container_job
+  allow_failure: false
+  variables:
+    NAME: fedora-41
+
+
 x86_64-fedora-rawhide-container:
  extends: .container_job
  allow_failure: true
@@ -109,70 +101,6 @@ x86_64-ubuntu-2404-container:

 # Cross container jobs

-aarch64-debian-11-container:
-  extends: .container_job
-  allow_failure: false
-  variables:
-    JOB_OPTIONAL: 1
-    NAME: debian-11-cross-aarch64
-
-
-armv6l-debian-11-container:
-  extends: .container_job
-  allow_failure: false
-  variables:
-    JOB_OPTIONAL: 1
-    NAME: debian-11-cross-armv6l
-
-
-armv7l-debian-11-container:
-  extends: .container_job
-  allow_failure: false
-  variables:
-    JOB_OPTIONAL: 1
-    NAME: debian-11-cross-armv7l
-
-
-i686-debian-11-container:
-  extends: .container_job
-  allow_failure: false
-  variables:
-    JOB_OPTIONAL: 1
-    NAME: debian-11-cross-i686
-
-
-mips64el-debian-11-container:
-  extends: .container_job
-  allow_failure: false
-  variables:
-    JOB_OPTIONAL: 1
-    NAME: debian-11-cross-mips64el
-
-
-mipsel-debian-11-container:
-  extends: .container_job
-  allow_failure: false
-  variables:
-    JOB_OPTIONAL: 1
-    NAME: debian-11-cross-mipsel
-
-
-ppc64le-debian-11-container:
-  extends: .container_job
-  allow_failure: false
-  variables:
-    JOB_OPTIONAL: 1
-    NAME: debian-11-cross-ppc64le
-
-
-s390x-debian-11-container:
-  extends: .container_job
-  allow_failure: false
-  variables:
-    JOB_OPTIONAL: 1
-    NAME: debian-11-cross-s390x
-
-
 aarch64-debian-12-container:
  extends: .container_job
  allow_failure: false
@@ -292,19 +220,19 @@ s390x-debian-sid-container:
    NAME: debian-sid-cross-s390x


-mingw32-fedora-40-container:
+mingw32-fedora-41-container:
  extends: .container_job
  allow_failure: false
  variables:
    JOB_OPTIONAL: 1
-    NAME: fedora-40-cross-mingw32
+    NAME: fedora-41-cross-mingw32


-mingw64-fedora-40-container:
+mingw64-fedora-41-container:
  extends: .container_job
  allow_failure: false
  variables:
-    NAME: fedora-40-cross-mingw64
+    NAME: fedora-41-cross-mingw64


 mingw32-fedora-rawhide-container:
--- a/ci/gitlab/sanity-checks.yml
+++ b/ci/gitlab/sanity-checks.yml
@@ -18,9 +18,13 @@ check-dco:
      when: on_success

    # forks: pushes to branches with pipeline requested (including upstream env pipelines)
-    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH && $RUN_PIPELINE'
+    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH && $RUN_PIPELINE == "0"'
+      when: manual
+    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH && $RUN_PIPELINE == "1"'
      when: on_success
-    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH && $RUN_PIPELINE_UPSTREAM_ENV'
+    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH && $RUN_PIPELINE_UPSTREAM_ENV == "0"'
+      when: manual
+    - if: '$CI_PROJECT_NAMESPACE != $RUN_UPSTREAM_NAMESPACE && $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH && $RUN_PIPELINE_UPSTREAM_ENV == "1"'
      when: on_success

    # upstream+forks: that's all folks
--- a/ci/integration.yml
+++ b/ci/integration.yml
@@ -29,23 +29,23 @@ centos-stream-9-tests:
 # and libvirt-python CI jobs, so the new target needs to be introduced
 # there before it can be used here. The VM template for the target
 # also needs to be created on the runner host.
-fedora-39-tests:
+fedora-41-tests:
  extends: .integration_tests
  variables:
    # needed by libvirt-gitlab-executor
-    DISTRO: fedora-39
+    DISTRO: fedora-41
    # can be overridden in forks to set a different runner tag
    LIBVIRT_CI_INTEGRATION_RUNNER_TAG: redhat-vm-host
  tags:
    - $LIBVIRT_CI_INTEGRATION_RUNNER_TAG
  needs:
-    - x86_64-fedora-39
+    - x86_64-fedora-41
    - project: libvirt/libvirt-perl
-      job: x86_64-fedora-39
+      job: x86_64-fedora-41
      ref: master
      artifacts: true
    - project: libvirt/libvirt-python
-      job: x86_64-fedora-39
+      job: x86_64-fedora-41
      ref: master
      artifacts: true

@@ -53,22 +53,22 @@ fedora-39-tests:
 # and libvirt-python CI jobs, so the new target needs to be introduced
 # there before it can be used here. The VM template for the target
 # also needs to be created on the runner host.
-.fedora-39-upstream-qemu-tests:
+.fedora-41-upstream-qemu-tests:
  extends: .integration_tests
  variables:
    # needed by libvirt-gitlab-executor
-    DISTRO: fedora-39
+    DISTRO: fedora-41
    # can be overridden in forks to set a different runner tag
    LIBVIRT_CI_INTEGRATION_RUNNER_TAG: redhat-vm-host
  tags:
    - $LIBVIRT_CI_INTEGRATION_RUNNER_TAG
  needs:
-    - x86_64-fedora-39
+    - x86_64-fedora-41
    - project: libvirt/libvirt-perl
-      job: x86_64-fedora-39
+      job: x86_64-fedora-41
      ref: master
      artifacts: true
    - project: libvirt/libvirt-python
-      job: x86_64-fedora-39
+      job: x86_64-fedora-41
      ref: master
      artifacts: true
--- a/ci/jobs.sh
+++ b/ci/jobs.sh
@@ -124,6 +124,9 @@ run_integration() {
        DAEMONS="virtinterfaced virtlockd virtlogd virtnetworkd virtnodedevd virtnwfilterd virtproxyd virtqemud virtsecretd virtstoraged"
    fi

+    # Force libvirt to use iptables to make sure libvirt-tck tests don't fail
+    run_cmd_quiet sudo augtool set /files/etc/libvirt/network.conf/firewall_backend "'iptables'"
+
    echo "DAEMONS=$DAEMONS"
    for daemon in $DAEMONS
    do
--- a/ci/manifest.yml
+++ b/ci/manifest.yml
@@ -19,7 +19,7 @@ targets:
          RPM: skip
          CC: clang

-  alpine-319: x86_64
+  alpine-321: x86_64

  alpine-edge:
    jobs:
@@ -34,46 +34,6 @@ targets:
          paths:
            - libvirt-rpms

-  debian-11:
-    jobs:
-      - arch: x86_64
-        builds: false
-
-      - arch: x86_64
-        suffix: -clang
-        builds: false
-
-      - arch: aarch64
-        containers: false
-        builds: false
-
-      - arch: armv6l
-        containers: false
-        builds: false
-
-      - arch: armv7l
-        builds: false
-
-      - arch: i686
-        containers: false
-        builds: false
-
-      - arch: mips64el
-        containers: false
-        builds: false
-
-      - arch: mipsel
-        containers: false
-        builds: false
-
-      - arch: ppc64le
-        containers: false
-        builds: false
-
-      - arch: s390x
-        containers: false
-        builds: false
-
  debian-12:
    jobs:
      - arch: x86_64
@@ -144,7 +104,7 @@ targets:
        containers: false
        builds: false

-  fedora-39:
+  fedora-40:
    jobs:
      - arch: x86_64
        artifacts:
@@ -152,7 +112,7 @@ targets:
          paths:
            - libvirt-rpms

-  fedora-40:
+  fedora-41:
    jobs:
      - arch: x86_64
        artifacts:
--- a/docs/api.rst
+++ b/docs/api.rst
@@ -26,7 +26,7 @@ name will default to a preselected hypervisor, but it's probably not a
 wise thing to do in most cases. See the `connection URI <uri.html>`__
 page for a full descriptions of the values allowed.

-OnDevice the application obtains a
+Once the application obtains a
 `virConnectPtr <html/libvirt-libvirt-host.html#virConnectPtr>`__
 connection to the hypervisor it can then use it to manage the
 hypervisor's available domains and related virtualization resources,
--- a/docs/apps.rst
+++ b/docs/apps.rst
@@ -206,6 +206,11 @@ Libraries
   Allows using simple ruby objects to manipulate hypervisors, guests,
   storage, network etc. It is based on top of the `native ruby
   bindings <https://ruby.libvirt.org/>`__.
+`Perl Async bindings <https://github.com/ehuelsmann/perl-sys-async-virt#readme>`__
+   Perl `Sys::Async::Virt library <https://metacpan.org/pod/Sys::Async::Virt>`__
+   supporting the asynchronous paradigm introduced by `Future::AsyncAwait
+   <https://metacpan.org/pod/Future::AsyncAwait>`__ that tries to stay close to
+   the `Sys::Virt API <https://metacpan.org/pod/Sys::Virt>`__.

 LiveCD / Appliances
 -------------------
--- a/docs/css/libvirt.css
+++ b/docs/css/libvirt.css
@@ -123,6 +123,17 @@ img.diagram {
    margin-bottom: 1em;
 }

+#documentation #application-development ul li p {
+    padding-bottom: 0px;
+    padding-top: 0px;
+}
+
+#documentation #application-development ul {
+    margin-left: 2em;
+    padding-top: 0px;
+    padding-bottom: 0px;
+}
+
 .removedhv {
    color: darkred;
 }
--- a/docs/docs.rst
+++ b/docs/docs.rst
@@ -60,24 +60,46 @@ Application development
 -----------------------

 `API reference <html/index.html>`__
-   Reference manual for the C public API, split in
-   `common <html/libvirt-libvirt-common.html>`__,
-   `domain <html/libvirt-libvirt-domain.html>`__,
-   `domain checkpoint <html/libvirt-libvirt-domain-checkpoint.html>`__,
-   `domain snapshot <html/libvirt-libvirt-domain-snapshot.html>`__,
-   `error <html/libvirt-virterror.html>`__,
-   `event <html/libvirt-libvirt-event.html>`__,
-   `host <html/libvirt-libvirt-host.html>`__,
-   `interface <html/libvirt-libvirt-interface.html>`__,
-   `network <html/libvirt-libvirt-network.html>`__,
-   `node device <html/libvirt-libvirt-nodedev.html>`__,
-   `network filter <html/libvirt-libvirt-nwfilter.html>`__,
-   `secret <html/libvirt-libvirt-secret.html>`__,
-   `storage <html/libvirt-libvirt-storage.html>`__,
-   `stream <html/libvirt-libvirt-stream.html>`__ and
-   `admin <html/libvirt-libvirt-admin.html>`__,
-   `QEMU <html/libvirt-libvirt-qemu.html>`__,
-   `LXC <html/libvirt-libvirt-lxc.html>`__ libs
+   Reference manual for the C public API, split in:
+
+   * `common <html/libvirt-libvirt-common.html>`__
+   * `domain <html/libvirt-libvirt-domain.html>`__
+   * `domain checkpoint <html/libvirt-libvirt-domain-checkpoint.html>`__
+   * `domain snapshot <html/libvirt-libvirt-domain-snapshot.html>`__
+   * `error <html/libvirt-virterror.html>`__
+   * `event <html/libvirt-libvirt-event.html>`__
+   * `host <html/libvirt-libvirt-host.html>`__
+   * `interface <html/libvirt-libvirt-interface.html>`__
+   * `network <html/libvirt-libvirt-network.html>`__
+   * `node device <html/libvirt-libvirt-nodedev.html>`__
+   * `network filter <html/libvirt-libvirt-nwfilter.html>`__
+   * `secret <html/libvirt-libvirt-secret.html>`__
+   * `storage <html/libvirt-libvirt-storage.html>`__
+   * `stream <html/libvirt-libvirt-stream.html>`__
+
+   and the documentation for the API of the additional libs:
+
+   * `admin <html/libvirt-libvirt-admin.html>`__
+   * `QEMU <html/libvirt-libvirt-qemu.html>`__
+   * `LXC <html/libvirt-libvirt-lxc.html>`__
+
+`XML schemas <format.html>`__
+   Description of the XML schemas for
+
+   * `domains <formatdomain.html>`__
+   * `networks <formatnetwork.html>`__
+   * `network ports <formatnetworkport.html>`__
+   * `network filtering <formatnwfilter.html>`__
+   * `storage <formatstorage.html>`__
+   * `storage encryption <formatstorageencryption.html>`__
+   * `capabilities <formatcaps.html>`__
+   * `domain capabilities <formatdomaincaps.html>`__
+   * `storage pool capabilities <formatstoragecaps.html>`__
+   * `node devices <formatnode.html>`__
+   * `secrets <formatsecret.html>`__
+   * `snapshots <formatsnapshot.html>`__
+   * `checkpoints <formatcheckpoint.html>`__
+   * `backup jobs <formatbackup.html>`__

 `Language bindings and API modules <bindings.html>`__
   Bindings of the libvirt API for
@@ -92,23 +114,6 @@ Application development
   and integration API modules for
   `D-Bus <dbus.html>`__

-`XML schemas <format.html>`__
-   Description of the XML schemas for
-   `domains <formatdomain.html>`__,
-   `networks <formatnetwork.html>`__,
-   `network ports <formatnetworkport.html>`__,
-   `network filtering <formatnwfilter.html>`__,
-   `storage <formatstorage.html>`__,
-   `storage encryption <formatstorageencryption.html>`__,
-   `capabilities <formatcaps.html>`__,
-   `domain capabilities <formatdomaincaps.html>`__,
-   `storage pool capabilities <formatstoragecaps.html>`__,
-   `node devices <formatnode.html>`__,
-   `secrets <formatsecret.html>`__,
-   `snapshots <formatsnapshot.html>`__,
-   `checkpoints <formatcheckpoint.html>`__,
-   `backup jobs <formatbackup.html>`__
-
 `URI format <uri.html>`__
   The URI formats used for connecting to libvirt

--- a/docs/drvbhyve.rst
+++ b/docs/drvbhyve.rst
@@ -7,8 +7,10 @@ Bhyve driver
 .. contents::

 Bhyve is a FreeBSD hypervisor. It first appeared in FreeBSD 10.0. However, it's
-recommended to keep tracking FreeBSD 10-STABLE to make sure all new features of
-bhyve are supported. In order to enable bhyve on your FreeBSD host, you'll need
+recommended to use the
+`latest supported release <https://www.freebsd.org/releases/>`__
+to make sure all new features of bhyve are supported.
+In order to enable bhyve on your FreeBSD host, you'll need
 to load the ``vmm`` kernel module. Additionally, ``if_tap`` and ``if_bridge``
 modules should be loaded for networking support. Also, :since:`since 3.2.0` the
 ``virt-host-validate(1)`` supports the bhyve host validation and could be used
@@ -582,3 +584,18 @@ Note that these extensions are for testing and development purposes only. They
 are **unsupported**, using them may result in inconsistent state, and upgrading
 either bhyve or libvirtd maybe break behavior of a domain that was relying on a
 specific commands pass-through.
+
+Random number generator device
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+:since:`Since 11.3.0` it's possible to use the virtio random number generator devices.
+
+Example:
+
+::
+
+   ...
+     <rng model='virtio'>
+       <backend model='random'/>
+     </rng>
+   ...
--- a/docs/drvqemu.rst
+++ b/docs/drvqemu.rst
@@ -5,7 +5,7 @@
 QEMU/KVM/HVF hypervisor driver
 ==============================

-The libvirt KVM/QEMU driver can manage any QEMU emulator from version 4.2.0 or
+The libvirt KVM/QEMU driver can manage any QEMU emulator from version 6.2.0 or
 later.

 It supports multiple QEMU accelerators: software
--- a/docs/formatbackup.rst
+++ b/docs/formatbackup.rst
@@ -1,3 +1,5 @@
+ .. role:: since
+
 Backup XML format
 =================

@@ -42,6 +44,25 @@ were supplied). The following child elements and attributes are supported:
   necessary to set up an NBD server that exposes the content of each disk at
   the time the backup is started.

+   In addition to the above the NBD server used for backups allows using
+   ``transport='fd' fdgroup='NAME'`` where ``NAME`` is the name used with
+   ``virDomainFDAssociate()`` to pass a pre-opened server socket file descriptor
+   to qemu. :since:`Since 11.3.0`
+
+   Example code to pass a socket with libvirt-python bindings::
+
+     import socket
+     import libvirt
+
+     s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
+     s.bind("/path/to/socket")
+
+     fdlist = [ s.fileno() ]
+
+     conn = libvirt.open()
+     dom = conn.lookupByName("VMNAME")
+     dom.FDAssociate("NAME", fdlist)
+
   Note that for the QEMU hypervisor the TLS environment in controlled using
   ``backup_tls_x509_cert_dir``, ``backup_tls_x509_verify``, and
   ``backup_tls_x509_secret_uuid`` properties in ``/etc/libvirt/qemu.conf``.
--- a/docs/formatcaps.rst
+++ b/docs/formatcaps.rst
@@ -39,7 +39,7 @@ The ``<host/>`` element consists of the following child elements:
   The host CPU architecture and features.

   Note that, while this element contains a ``topology`` sub-element,
-   the information contained therein is farily high-level and likely
+   the information contained therein is fairly high-level and likely
   not very useful when it comes to optimizing guest vCPU placement.
   Look into the ``topology`` *element*, described below, for more
   detailed information.
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
--- a/docs/formatdomaincaps.rst
+++ b/docs/formatdomaincaps.rst
@@ -193,12 +193,12 @@ CPUs <formatdomain.html#cpu-model-and-topology>`__.
         <feature policy='require' name='vmx'/>
       </mode>
       <mode name='custom' supported='yes'>
-         <model usable='no' deprecated='no' vendor='Intel'>Broadwell</model>
+         <model usable='no' deprecated='no' vendor='Intel' canonical='Broadwell-v1'>Broadwell</model>
         <blockers model='Broadwell'>
           <feature name='hle'/>
           <feature name='rtm'/>
         </blockers>
-         <model usable='yes' deprecated='no' vendor='Intel'>Broadwell-noTSX</model>
+         <model usable='yes' deprecated='no' vendor='Intel' canonical='Broadwell-v2'>Broadwell-noTSX</model>
         <model usable='no' deprecated='no' vendor='AMD'>EPYC-Milan</model>
         <blockers model='EPYC-Milan'>
           <feature name='clzero'/>
@@ -265,7 +265,9 @@ more details about it:
   the hypervisor's policy on usage of this model :since:`(since 7.1.0)`. The
   ``vendor`` attribute :since:`(since 8.9.0)` contains the vendor of the CPU
   model for users who want to use CPU models with specific vendors only. CPU
-   models with undefined vendor will be listed with ``vendor='unkwnown'``.
+   models with undefined vendor will be listed with ``vendor='unkwnown'``. The
+   ``canonical`` attribute :since:`(since 10.10.0)` contains a canonical name of
+   the CPU model if the model is actually an alias to another one.

 I/O Threads
 ~~~~~~~~~~~
@@ -671,6 +673,30 @@ Interface device corresponds to `network interface
 ``backendType``
   Options for the ``type`` attribute of the ``<backend/>`` element

+Panic device
+^^^^^^^^^^^^
+
+Interface device corresponds to `panic device
+<formatdomain.html#panic-device>`__ (``<panic/>``) in domain XML.
+
+::
+
+  <domainCapabilities>
+    ...
+    <devices>
+      <panic supported='yes'>
+        <enum name='model'>
+          <value>isa</value>
+          <value>hyperv</value>
+        </enum>
+      </panic>
+      ...
+    </devices>
+  </domainCapabilities>
+
+``model``
+   Options for the ``model`` attribute of the ``<panic/>`` element
+

 Features
 ~~~~~~~~
--- a/docs/formatnetwork.rst
+++ b/docs/formatnetwork.rst
@@ -520,28 +520,29 @@ VLAN tags to apply to the guest's network traffic :since:`Since 0.10.0`.

 Network connections that support guest-transparent VLAN tagging include
 ``type='bridge'`` interfaces connected to an Open vSwitch bridge, SRIOV
-Virtual Functions (VF) used via ``type='hostdev'`` (direct device assignment)
-and, :since:`since 1.3.5`, SRIOV VFs used via ``type='direct'`` with
-``mode='passthrough'`` (macvtap "passthru" mode). All other
-connection types, including standard linux bridges and libvirt's own virtual
-networks, **do not** support it. 802.1Qbh (vn-link) and 802.1Qbg (VEPA) switches
-provide their own way (outside of libvirt) to tag guest traffic onto a specific
-VLAN. Each tag is given in a separate ``<tag>`` subelement of ``<vlan>`` (for
-example: ``<tag id='42'/>``). For VLAN trunking of multiple tags (which is
-supported only on Open vSwitch connections), multiple ``<tag>`` subelements can
-be specified, which implies that the user wants to do VLAN trunking on the
-interface for all the specified tags. In the case that VLAN trunking of a single
-tag is desired, the optional attribute ``trunk='yes'`` can be added to the
-toplevel ``<vlan>`` element to differentiate trunking of a single tag from
-normal tagging.
+Virtual Functions (VF) used via ``type='hostdev'`` (direct device assignment),
+:since:`since 1.3.5`, SRIOV VFs used via ``type='direct'`` with
+``mode='passthrough'`` (macvtap "passthru" mode) and, :since:`since 11.0.0`,
+standard linux bridges. All other connection types, including libvirt's own
+virtual networks, **do not** support it. 802.1Qbh (vn-link) and 802.1Qbg (VEPA)
+switches provide their own way (outside of libvirt) to tag guest traffic onto a
+specific VLAN. Each tag is given in a separate ``<tag>`` subelement of
+``<vlan>`` (for example: ``<tag id='42'/>``). For VLAN trunking of multiple
+tags (which is supported on Open vSwitch connections and standard linux
+bridges), multiple ``<tag>`` subelements can be specified, which implies that
+the user wants to do VLAN trunking on the interface for all the specified tags.
+In the case that VLAN trunking of a single tag is desired, the optional
+attribute ``trunk='yes'`` can be added to the toplevel ``<vlan>`` element to
+differentiate trunking of a single tag from normal tagging.

-For network connections using Open vSwitch it is also possible to configure
-'native-tagged' and 'native-untagged' VLAN modes :since:`Since 1.1.0`. This is
-done with the optional ``nativeMode`` attribute on the ``<tag>`` subelement:
-``nativeMode`` may be set to 'tagged' or 'untagged'. The ``id`` attribute of the
-``<tag>`` subelement containing ``nativeMode`` sets which VLAN is considered to
-be the "native" VLAN for this interface, and the ``nativeMode`` attribute
-determines whether or not traffic for that VLAN will be tagged.
+For network connections using Open vSwitch :since:`since 1.1.10` and standard
+linux bridges :since:`since 11.0.0` it is also possible to configure
+'native-tagged' and 'native-untagged' VLAN modes. This is done with the optional
+``nativeMode`` attribute on the ``<tag>`` subelement: ``nativeMode`` may be set
+to 'tagged' or 'untagged'. The ``id`` attribute of the ``<tag>`` subelement
+containing ``nativeMode`` sets which VLAN is considered to be the "native" VLAN
+for this interface, and the ``nativeMode`` attribute determines whether or not
+traffic for that VLAN will be tagged.

 ``<vlan>`` elements can also be specified in a ``<portgroup>`` element, as well
 as directly in a domain's ``<interface>`` element. In the case that a vlan tag
--- a/docs/formatsecret.rst
+++ b/docs/formatsecret.rst
@@ -318,7 +318,7 @@ be omitted if the file contents are base64-encoded.

 ::

-   # virsh secret-set-value 6dd3e4a5-1d76-44ce-961f-f119f5aad935 --file --plain secretinfile
+   # virsh secret-set-value 6dd3e4a5-1d76-44ce-961f-f119f5aad935 --file secretinfile --plain
   Secret value set

 **WARNING** The following approach is **insecure** and deprecated. The secret
--- a/docs/glib-adoption.rst
+++ b/docs/glib-adoption.rst
@@ -14,38 +14,16 @@ the GLib APIs straight away where possible.
 The following is a list of libvirt APIs that should no longer be
 used in new code, and their suggested GLib replacements:

-Memory allocation
-   ``VIR_ALLOC``, ``VIR_REALLOC``, ``VIR_RESIZE_N``,
-   ``VIR_EXPAND_N``, ``VIR_SHRINK_N``, ``VIR_FREE``
-
-   https://developer.gnome.org/glib/stable/glib-Memory-Allocation.html
-
-   Prefer the GLib APIs ``g_new0``/``g_renew``/ ``g_free`` in most
-   cases. There should rarely be a need to use
-   ``g_malloc``/``g_realloc``. **NEVER MIX** use of the classic
-   libvirt memory allocation APIs and GLib APIs within a single
-   method. Keep the style consistent, converting existing code to
-   GLib style in a separate, prior commit.
-
 Array operations
   ``VIR_APPEND_ELEMENT``, ``VIR_INSERT_ELEMENT``, ``VIR_DELETE_ELEMENT``

   https://developer.gnome.org/glib/stable/glib-Arrays.html

-   Instead of using plain C arrays, it is preferrable to use one of
+   Instead of using plain C arrays, it is preferable to use one of
   the GLib types, ``GArray``, ``GPtrArray`` or ``GByteArray``.
   These all use a struct to track the array memory and size
   together and efficiently resize.

-String arrays
-   ``virStringList*``, ``virStringListCount*``
-
-   https://developer.gnome.org/glib/stable/glib-String-Utility-Functions.html
-
-   Prefer the NULL-terminated variant instead of storing the count
-   separately. Prefer ``g_str*v`` functions instead of their ``vir*``
-   counterparts. For use with ``g_auto`` GLib provides the ``GStrv`` type.
-
 Objects
   ``virObject``

--- a/docs/governance.rst
+++ b/docs/governance.rst
@@ -112,9 +112,9 @@ There are no special requirements to becoming a contributor other than having
 the interest and ability to provide a contribution. The libvirt project **does
 not require** any *"Contributor License Agreement"* to be signed prior to
 engagement with the community. However for contributing patches, providing a
-'Signed-off-by' line with the author's legal name and e-mail address to
-demonstrate agreement and compliance with the `Developer Certificate of
-Origin <https://developercertificate.org/>`__ is required.
+'Signed-off-by' line with the author's chosen name and e-mail address to
+demonstrate agreement and compliance with the `Developer Certificate
+of Origin <hacking.html#developer-certificate-of-origin>`__ is required.

 In making a non-patch contribution to the project, the community member is
 implicitly stating that they accept the terms of the license under which the
--- a/docs/hacking.rst
+++ b/docs/hacking.rst
@@ -83,9 +83,12 @@ Contributors to libvirt projects **must** assert that they are
 in compliance with the `Developer Certificate of Origin
 1.1 <https://developercertificate.org/>`__. This is achieved by
 adding a "Signed-off-by" line containing the contributor's name
-and e-mail to every commit message. The presence of this line
-attests that the contributor has read the above lined DCO and
-agrees with its statements.
+and e-mail to every commit message. The name should be the identity
+the contributor has chosen to be known as in the context of the
+community. It does not need to be a legal name, nor match any
+formal ID documents, but should not be anonymous, nor misrepresent
+who you are. The presence of this line attests that the contributor
+has read the above linked DCO and agrees with its statements.

 Further reading
 ===============
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -16,7 +16,7 @@ The libvirt project:
   `QEMU <drvqemu.html>`__,
   `Xen <drvxen.html>`__,
   `Virtuozzo <drvvirtuozzo.html>`__,
-   `VMWare ESX <drvesx.html>`__,
+   `VMware ESX <drvesx.html>`__,
   `LXC <drvlxc.html>`__,
   `BHyve <drvbhyve.html>`__ and
   `more <drivers.html>`__
--- a/docs/kbase/failed_connection_after_install.rst
+++ b/docs/kbase/failed_connection_after_install.rst
@@ -28,6 +28,16 @@ not work when run as root:
   error: Operation not supported: Cannot use direct socket mode if no URI is set.
   For more information see https://libvirt.org/kbase/failed_connection_after_install.html

+Or
+
+::
+
+   # virsh list
+   error: failed to connect to the hypervisor
+   error: Operation not supported: No URI is provided and cannot identify any listening
+   daemon socket path to attempt to connect to. For more information see
+   https://libvirt.org/kbase/failed_connection_after_install.html
+
 Root cause
 ==========

--- a/docs/kbase/virtiofs.rst
+++ b/docs/kbase/virtiofs.rst
@@ -13,9 +13,13 @@ is designed to offer local file system semantics and performance.

 See https://virtio-fs.gitlab.io/

-*Note:* virtiofs currently does not support migration so operations such as
-migration, save/managed-save, or snapshots with memory are not supported if
-a VM has a virtiofs filesystem connected.
+*Note:* Older versions of ``virtiofsd`` (prior to ``1.11``)  do not not support
+migration so operations such as migration, save/managed-save, or snapshots with
+memory may not supported if a VM has a virtiofs filesystem connected.
+
+Additionally snapshot operations managed by libvirt do not snapshot the state
+of the files shared via ``virtiofs``, and thus reverting to an earlier state is
+not recommended.

 Sharing a host directory with a guest
 =====================================
--- a/docs/manpages/virsh.rst
+++ b/docs/manpages/virsh.rst
@@ -427,10 +427,25 @@ nodeinfo
   nodeinfo

 Returns basic information about the node, like number and type of CPU,
-and size of the physical memory. The output corresponds to virNodeInfo
-structure. Specifically, the "CPU socket(s)" field means number of CPU
-sockets per NUMA cell. The information libvirt displays is dependent
-upon what each architecture may provide.
+and size of the physical memory.
+
+Use of this command is strongly discouraged as the information provided
+is not guaranteed to be accurate on all hardware platforms.
+
+The *CPU frequency* value merely reflects the speed that the first CPU in the
+machine is currently running at. This speed may vary across CPUs and changes
+continually as the host OS throttles.
+
+The data structure used to fetch the data is not extensible thus only supports
+global nodes/sockets/cores/threads (sockets/cores/threads is per NUMA node)
+topology information. If the host CPU has any further groupings (e.g.
+dies, clusters, etc) or the NUMA topology is non-symmetrical the data structure
+can't faithfully represent the system. In such cases a fake topology
+(nodes = 1, sockets = 1, cores = number of host cpus, threads = 1) which
+only correctly represents the total host CPU count is reported.
+
+Recommended replacement is to use the *capabilities* command which reports
+the data (except frequency) under ``/capabilities/host/topology`` XPath.


 nodecpumap
@@ -568,6 +583,7 @@ domcapabilities

   domcapabilities [virttype] [emulatorbin] [arch] [machine]
                   [--xpath EXPRESSION] [--wrap]
+                   [--disable-deprecated-features]


 Print an XML document describing the domain capabilities for the
@@ -609,6 +625,11 @@ a standalone document, however, for ease of additional processing,
 the **--wrap** argument will cause the matching node to be wrapped
 in a common root node.

+The **--disable-deprecated-features** argument will modify the contents
+of host-model CPU XML, updating the features list with any features
+flagged as deprecated for the CPU model by the hypervisor. These
+features will be paired with the "disable" policy.
+

 pool-capabilities
 -----------------
@@ -948,15 +969,22 @@ provide on the host. (This is different from ``cpu-compare`` which compares the
 CPU definition with the host CPU without considering any specific hypervisor
 and its abilities.)

-The XML *FILE* may contain either a host or guest CPU definition. The host CPU
-definition is the <cpu> element and its contents as printed by the
-``capabilities`` command. The guest CPU definition is the <cpu> element and its
-contents from the domain XML definition or the CPU definition created from the
-host CPU model found in the domain capabilities XML (printed by the
-``domcapabilities`` command). In addition to the <cpu> element itself, this
-command accepts full domain XML, capabilities XML, or domain capabilities XML
-containing the CPU definition. For more information on guest CPU definition
-see: `https://libvirt.org/formatdomain.html#elementsCPU <https://libvirt.org/formatdomain.html#cpu-model-and-topology>`__.
+The XML *FILE* should contain a guest CPU definition: either the ``<cpu>``
+element and its contents from a domain XML definition or a CPU definition
+created from the host CPU model found in the ``<mode name="host-model">``
+element in the domain capabilities XML (printed by the ``domcapabilities``
+command). The ``<mode name="host-model">`` element itself or even its
+``<cpu>`` parent element found in domain capabilities XML is not accepted.
+The element has to be transformed into an actual CPU definition. For more
+information on guest CPU definition see:
+`https://libvirt.org/formatdomain.html#elementsCPU <https://libvirt.org/formatdomain.html#cpu-model-and-topology>`__.
+
+Alternatively this command will automatically extract the CPU definition when
+provided with a full domain or domain capabilities XML.
+
+For historical reasons the XML *FILE* may also contain a host CPU definition,
+but such usage is strongly discouraged as it will most likely provide incorrect
+results.

 The *virttype* option specifies the virtualization type (usable in the 'type'
 attribute of the <domain> top level element from the domain XML). *emulator*
@@ -987,15 +1015,19 @@ As an alternative for *FILE* in case the XML would only contain a CPU model
 with no additional features the CPU model name itself can be passed as *model*.
 Exactly one of *FILE* and *model* must be used.

-The XML *FILE* may contain either host or guest CPU definitions describing the
-host CPU model. The host CPU definition is the <cpu> element and its contents
-as printed by ``capabilities`` command. The guest CPU definition may be created
-from the host CPU model found in domain capabilities XML (printed by
-``domcapabilities`` command). In addition to the <cpu> elements, this command
-accepts full capabilities XMLs, or domain capabilities XMLs containing the CPU
-definitions. It is recommended to use only the CPU definitions from domain
-capabilities, as on some architectures using the host CPU definition may either
-fail or provide unexpected results.
+The XML *FILE* should contain guest CPU definitions created from the host CPU
+model found in the ``<mode name="host-model">`` element domain capabilities
+XMLs (printed by the ``domcapabilities`` command on each host). The
+``<mode name="host-model">`` elements themselves or even their ``<cpu>``
+parent  elements found in domain capabilities XMLs are not accepted. The
+elements have to be transformed into actual CPU definitions.
+
+Alternatively this command will automatically extract the CPU definitions when
+provided with domain capabilities XMLs.
+
+For historical reasons the XML *FILE* may also contain host CPU definitions,
+but such usage is strongly discouraged as it will most likely provide incorrect
+results.

 When *FILE* contains only a single CPU definition, the command will print the
 same CPU with restrictions imposed by the capabilities of the hypervisor.
@@ -1017,6 +1049,31 @@ listed in the XML description. If *--migratable* is specified, features that
 block migration will not be included in the resulting CPU.


+hypervisor-cpu-models
+---------------------
+
+**Syntax:**
+
+::
+
+   hypervisor-cpu-models [--virttype virttype] [--emulator emulator]
+      [--arch arch] [--machine machine] [--all]
+
+Print the list of CPU models known by the hypervisor for the specified architecture.
+It is not guaranteed that a listed CPU will run on the host. To determine CPU
+model compatibility with the host, see ``virsh hypervisor-cpu-baseline`` and
+``virsh hypervisor-cpu-compare``.
+
+The *virttype* option specifies the virtualization type (usable in the 'type'
+attribute of the <domain> top level element from the domain XML). *emulator*
+specifies the path to the emulator, *arch* specifies the CPU architecture, and
+*machine* specifies the machine type.
+
+By default, only the models that are claimed to be "usable" by the hypervisor
+on the host are reported. The option *--all* will report every CPU model known
+to the hypervisor, including ones that are not supported on the hypervisor (e.g.
+newer generation models).
+
 DOMAIN COMMANDS
 ===============

@@ -1122,6 +1179,140 @@ given, but *--current* is exclusive. For querying only one of *--live*,
 is different depending on hypervisor.


+domthrottlegroupset
+-------------------
+
+**Syntax:**
+
+::
+
+   domthrottlegroupset domain group-name [[--config] [--live] | [--current]]
+      [[total-bytes-sec] | [read-bytes-sec] [write-bytes-sec]]
+      [[total-iops-sec] | [read-iops-sec] [write-iops-sec]]
+      [[total-bytes-sec-max] | [read-bytes-sec-max] [write-bytes-sec-max]]
+      [[total-iops-sec-max] | [read-iops-sec-max] [write-iops-sec-max]]
+      [[total-bytes-sec-max-length] |
+       [read-bytes-sec-max-length] [write-bytes-sec-max-length]]
+      [[total-iops-sec-max-length] |
+       [read-iops-sec-max-length] [write-iops-sec-max-length]]
+      [size-iops-sec]
+
+Add or update a throttle group against specific *domain*.
+*group-name* specifies a unique throttle group name, which defines limit, and
+will be referenced by drives.
+
+If no limit is specified, default them as all zeros, which will fail,
+Otherwise, set limits with these flags:
+*--total-bytes-sec* specifies total throughput limit as a scaled integer, the
+default being bytes per second if no suffix is specified.
+*--read-bytes-sec* specifies read throughput limit as a scaled integer, the
+default being bytes per second if no suffix is specified.
+*--write-bytes-sec* specifies write throughput limit as a scaled integer, the
+default being bytes per second if no suffix is specified.
+*--total-iops-sec* specifies total I/O operations limit per second.
+*--read-iops-sec* specifies read I/O operations limit per second.
+*--write-iops-sec* specifies write I/O operations limit per second.
+*--total-bytes-sec-max* specifies maximum total throughput limit as a scaled
+integer, the default being bytes per second if no suffix is specified
+*--read-bytes-sec-max* specifies maximum read throughput limit as a scaled
+integer, the default being bytes per second if no suffix is specified.
+*--write-bytes-sec-max* specifies maximum write throughput limit as a scaled
+integer, the default being bytes per second if no suffix is specified.
+*--total-iops-sec-max* specifies maximum total I/O operations limit per second.
+*--read-iops-sec-max* specifies maximum read I/O operations limit per second.
+*--write-iops-sec-max* specifies maximum write I/O operations limit per second.
+*--total-bytes-sec-max-length* specifies duration in seconds to allow maximum
+total throughput limit.
+*--read-bytes-sec-max-length* specifies duration in seconds to allow maximum
+read throughput limit.
+*--write-bytes-sec-max-length* specifies duration in seconds to allow maximum
+write throughput limit.
+*--total-iops-sec-max-length* specifies duration in seconds to allow maximum
+total I/O operations limit.
+*--read-iops-sec-max-length* specifies duration in seconds to allow maximum
+read I/O operations limit.
+*--write-iops-sec-max-length* specifies duration in seconds to allow maximum
+write I/O operations limit.
+*--size-iops-sec* specifies size I/O operations limit per second.
+
+Bytes and iops values are independent, but setting only one value (such
+as --read-bytes-sec) resets the other two in that category to unlimited.
+An explicit 0 also clears any limit.  A non-zero value for a given total
+cannot be mixed with non-zero values for read or write.
+
+It is up to the hypervisor to determine how to handle the length values.
+For the QEMU hypervisor, if an I/O limit value or maximum value is set,
+then the default value of 1 second will be displayed. Supplying a 0 will
+reset the value back to the default.
+
+If *--live* is specified, affect a running guest.
+If *--config* is specified, affect the next start of a persistent guest.
+If *--current* is specified, it is equivalent to either *--live* or
+*--config*, depending on the current state of the guest.
+When setting the disk io parameters both *--live* and *--config*
+are specified, both live configuration and config are updated while setting
+the description, but *--current* is exclusive. If no flag is specified, behavior
+is different depending on hypervisor.
+
+
+domthrottlegroupdel
+-------------------
+
+**Syntax:**
+
+::
+
+   domthrottlegroupdel domain group-name [[--config] [--live] | [--current]]
+
+Delete a Throttlegroup from the domain using the specified *group-name*.
+If an Throttlegroup is currently referenced by a disk resource, then the attempt
+to remove the Throttlegroup will fail.
+If the *group-name* does not exist an error will occur.
+
+If *--live* is specified, affect a running guest. If the guest is not
+running an error is returned.
+If *--config* is specified, affect the next start of a persistent guest.
+If *--current* is specified, it is equivalent to either *--live* or
+*--config*, depending on the current state of the guest.
+
+
+domthrottlegroupinfo
+--------------------
+
+**Syntax:**
+
+::
+
+   domthrottlegroupinfo domain group-name [[--config] [--live] | [--current]]
+
+Display domain Throttlegroup information including I/O limits setting.
+
+If *--live* is specified, get the Throttlegroup data from the running guest. If
+the guest is not running, an error is returned.
+If *--config* is specified, get the Throttlegroup data from the next start of
+a persistent guest.
+If *--current* is specified or *--live* and *--config* are not specified,
+then get the Throttlegroup data based on the current guest state, which can
+either be live or offline.
+If both *--live* and *--config* are specified, the *--config* option takes
+precedence on getting the current description.
+
+
+domthrottlegrouplist
+--------------------
+
+**Syntax:**
+
+::
+
+   domthrottlegrouplist domain [--inactive]
+
+Print a table showing names of all throttle groups
+associated with *domain*. If *--inactive* is specified, query the
+Throttlegroup data that will be used on the next boot, rather than those
+currently in use by a running domain.
+
+
 blkiotune
 ---------

@@ -2428,14 +2619,15 @@ When selecting the *--state* group the following fields are returned:
 * ``vcpu.<num>.state`` - state of the virtual CPU <num>, as
  number from virVcpuState enum
 * ``vcpu.<num>.time`` - virtual cpu time spent by virtual
-  CPU <num> (in microseconds)
-* ``vcpu.<num>.wait`` - virtual cpu time spent by virtual
-  CPU <num> waiting on I/O (in microseconds)
+  CPU <num> (in nanoseconds)
+* ``vcpu.<num>.wait`` - time the vCPU <num> thread was waiting in the runqueue
+  as the scheduler has something else running ahead of it (in nanoseconds),
+  requires CONFIG_SCHED_INFO on Linux
 * ``vcpu.<num>.halted`` - virtual CPU <num> is halted: yes or
  no (may indicate the processor is idle or even disabled,
  depending on the architecture)
-* ``vcpu.<num>.delay`` - time the vCPU <num> thread was enqueued by the
-  host scheduler, but was waiting in the queue instead of running.
+* ``vcpu.<num>.delay`` - time the vCPU <num> thread was waiting in the runqueue
+  as the scheduler has something else running ahead of it (in nanoseconds).
  Exposed to the VM as a steal time.

 This group of statistics also reports additional hypervisor-originating per-vCPU
@@ -2891,6 +3083,9 @@ values:
  libvirt daemon),
 * 0 - do not wait at all,

+In all guest-agent based APIs when a timeout happens if an actual command was
+send to the guest agent the returned error code will be
+VIR_ERR_AGENT_COMMAND_TIMEOUT.

 guestinfo
 ---------
@@ -2912,7 +3107,7 @@ Success is always reported in this case.

 You can limit the types of information that are returned by specifying one or
 more flags.  Available information types flags are *--user*, *--os*,
-*--timezone*, *--hostname*, *--filesystem*, *--disk* and *--interface*.
+*--timezone*, *--hostname*, *--filesystem*, *--disk*, *--interface* and *--load*.
 If an explicitly requested information type is not supported by the guest agent
 at that point, the processes will provide an exit code of 1.

@@ -2981,6 +3176,7 @@ returned:
 * ``disk.<num>.serial`` -  optional disk serial number
 * ``disk.<num>.alias`` - the device alias of the disk (e.g. sda)
 * ``disk.<num>.guest_alias`` - optional alias assigned to the disk
+* ``disk.<num>.guest_bus`` - bus type as reported by the guest

 *--interface* returns:
 * ``if.count`` - the number of interfaces defined on this domain
@@ -2991,6 +3187,12 @@ returned:
 * ``if.<num>.addr.<num1>.addr`` - the IP address of addr <num1>
 * ``if.<num>.addr.<num1>.prefix`` - the prefix of IP address of addr <num1>

+*--load* returns:
+* ``load.1m``  - average load in guest for last 1 minute
+* ``load.5m``  - average load in guest for last 5 minutes
+* ``load.15m`` - average load in guest for last 15 minutes
+
+
 guestvcpus
 ----------

@@ -3401,6 +3603,7 @@ migrate
      [--parallel [--parallel-connections connections]]
      [--bandwidth bandwidth] [--tls-destination hostname]
      [--disks-uri URI] [--copy-storage-synchronous-writes]
+      [--available-switchover-bandwidth bandwidth]

 Migrate domain to another host.  Add *--live* for live migration; <--p2p>
 for peer-2-peer migration; *--direct* for direct migration; or *--tunnelled*
@@ -3409,7 +3612,8 @@ starting the domain on destination and without stopping it on source host.
 Offline migration may be used with inactive domains and it must be used with
 *--persistent* option.

-*--persistent* leaves the domain persistent on destination host,
+*--persistent* leaves the domain persistent on destination host (See below
+for quirks when used together with *--xml*),
 *--undefinesource* undefines the domain on the source host, and *--suspend*
 leaves the domain paused on the destination host.

@@ -3489,13 +3693,18 @@ such as GFS2 or GPFS. If you are sure the migration is safe or you just do not
 care, use *--unsafe* to force the migration.

 *dname* is used for renaming the domain to new name during migration, which
-also usually can be omitted.  Likewise, *--xml* ``file`` is usually
-omitted, but can be used to supply an alternative XML file for use on
-the destination to supply a larger set of changes to any host-specific
-portions of the domain XML, such as accounting for naming differences
-between source and destination in accessing underlying storage.
-If *--persistent* is enabled, *--persistent-xml* ``file`` can be used to
-supply an alternative XML file which will be used as the persistent guest
+also usually can be omitted.
+
+*--xml* ``file``, while usually not required, can be used to supply an
+alternative XML file for use on the destination to supply a larger set of
+changes to any host-specific portions of the domain XML, such as accounting for
+naming differences between source and destination in accessing underlying
+storage. If *--xml* is used together with *--persistent* it's usually required
+to provide a persistent XML definition via *--persistent-xml* (see below) which
+is fixed the same way as the XML passed to *--file* was.
+
+If *--persistent* is enabled, *--persistent-xml* ``file`` can be used
+to supply an alternative XML file which will be used as the persistent guest
 definition on the destination host.

 *--timeout* ``seconds`` tells virsh to run a specified action when live
@@ -3651,6 +3860,17 @@ the context of the existing socket because it is different from the file
 representation of the socket and the context is chosen by its creator (usually
 by using *setsockcreatecon{,_raw}()* functions).

+Optional *--available-switchover-bandwidth* overrides the automatically
+computed bandwidth (in MiB/s) available for the final phase of (pre-copy)
+migration during which CPUs are stopped and all the remaining memory and device
+state is transferred. Knowing this bandwidth is important for accurate
+estimation of the domain downtime and deciding the right moment for switching
+over. Normally this would be estimated based on the bandwidth used by
+migration, but this could be lower than the actual available bandwidth. Using
+this option may help with migration convergence when the migration would keep
+iterating over and over thinking there's not enough bandwidth to comply with
+the configured maximum downtime.
+

 migrate-compcache
 -----------------
@@ -3923,12 +4143,13 @@ restore
 ::

   restore state-file [--bypass-cache] [--xml file]
-      [{--running | --paused}] [--reset-nvram]
+      [{--running | --paused}] [--reset-nvram] [--parallel-channels]

 Restores a domain from a ``virsh save`` state file. See *save* for more info.

 If *--bypass-cache* is specified, the restore will avoid the file system
-cache, although this may slow down the operation.
+cache. Depending on the specific scenario this may slow down or speed up
+the operation.

 *--xml* ``file`` is usually omitted, but can be used to supply an
 alternative XML file for use on the restored guest with changes only
@@ -3944,6 +4165,10 @@ domain should be started in.
 If *--reset-nvram* is specified, any existing NVRAM file will be deleted
 and re-initialized from its pristine template.

+*--parallel-channels* option can specify number of parallel IO channels
+to be used when loading memory from file. Parallel save may significantly
+reduce the time required to save large memory domains.
+
 ``Note``: To avoid corrupting file system contents within the domain, you
 should not reuse the saved state file for a second ``restore`` unless you
 have also reverted all storage volumes back to the same contents as when
@@ -3972,6 +4197,8 @@ save
 ::

   save domain state-file [--bypass-cache] [--xml file]
+      [--image-format format]
+      [--parallel-channels channels]
      [{--running | --paused}] [--verbose]

 Saves a running domain (RAM, but not disk state) to a state file so that
@@ -3979,8 +4206,11 @@ it can be restored
 later.  Once saved, the domain will no longer be running on the
 system, thus the memory allocated for the domain will be free for
 other domains to use.  ``virsh restore`` restores from this state file.
+
 If *--bypass-cache* is specified, the save will avoid the file system
-cache, although this may slow down the operation.
+cache. Depending on the specific scenario this may slow down or speed up
+the operation.
+

 The progress may be monitored using ``domjobinfo`` virsh command and canceled
 with ``domjobabort`` command (sent by another virsh instance). Another option
@@ -4002,6 +4232,15 @@ based on the state the domain was in when the save was done; passing
 either the *--running* or *--paused* flag will allow overriding which
 state the ``restore`` should use.

+*--image-format* option can change the default image format used to
+save data into file. For more details consult the qemu.conf configuration
+file.
+
+*--parallel-channels* option can specify number of parallel IO channels
+to be used when saving memory to file. Using parallel IO channels requires
+the use of ``sparse`` image save format. Parallel save may significantly
+reduce the time required to save large memory domains.
+
 Domain saved state files assume that disk images will be unchanged
 between the creation and restore point.  For a more complete system
 restore point, where the disk state is saved alongside the memory
@@ -4869,7 +5108,7 @@ attach-disk
      [--source-protocol protocol] [--source-host-name hostname:port]
      [--source-host-transport transport] [--source-host-socket socket]
      [--serial serial] [--wwn wwn] [--rawio] [--address address]
-      [--multifunction] [--print-xml]
+      [--multifunction] [--print-xml] [--throttle-groups groups]

 Attach a new disk device to the domain.
 *source* is path for the files and devices unless *--source-protocol*
@@ -4909,6 +5148,7 @@ ide:controller.bus.unit, usb:bus.port, sata:controller.bus.unit or
 ccw:cssid.ssid.devno. Virtio-ccw devices must have their cssid set to 0xfe.
 *multifunction* indicates specified pci address is a multifunction pci device
 address.
+*throttle-groups* is comma separated list of throttle groups to be applied.

 There is also support for using a network disk. As specified, the user can
 provide a *--source-protocol* in which case the *source* parameter will
@@ -5508,15 +5748,16 @@ List all of the devices available on the node that are known by libvirt.
 separated by comma, e.g. --cap pci,scsi. Valid capability types include
 'system', 'pci', 'usb_device', 'usb', 'net', 'scsi_host', 'scsi_target',
 'scsi', 'storage', 'fc_host', 'vports', 'scsi_generic', 'drm', 'mdev',
-'mdev_types', 'ccw', 'css', 'ap_card', 'ap_queue', 'ap_matrix'. By default,
-only active devices are listed. *--inactive* is used to list only inactive
-devices, and *--all* is used to list both active and inactive devices.
-*--persistent* is used to list only persistent devices, and *--transient* is
-used to list only transient devices. Not providing *--persistent* or
-*--transient* will list all devices unless filtered otherwise. *--transient*
-is mutually exclusive with *--persistent* and *--inactive*.
-If *--tree* is used, the output is formatted in a tree representing parents of
-each node. *--tree* is mutually exclusive with all other options but *--all*.
+'mdev_types', 'ccw', 'ccwgroup', 'ccwgroup_member', 'css', 'ap_card',
+'ap_queue', 'ap_matrix'. By default, only active devices are listed.
+*--inactive* is used to list only inactive devices, and *--all* is used to
+list both active and inactive devices. *--persistent* is used to list only
+persistent devices, and *--transient* is used to list only transient devices.
+Not providing *--persistent* or *--transient* will list all devices unless
+filtered otherwise. *--transient* is mutually exclusive with *--persistent*
+and *--inactive*. If *--tree* is used, the output is formatted in a tree
+representing parents of each node. *--tree* is mutually exclusive with all
+other options but *--all*.


 nodedev-reattach
--- a/docs/manpages/virt-admin.rst
+++ b/docs/manpages/virt-admin.rst
@@ -326,6 +326,19 @@ Sets the daemon timeout to the value of '--timeout' argument. Use ``--timeout 0`
 to disable auto-shutdown of the daemon.


+daemon-shutdown
+---------------
+
+**Syntax:**
+
+::
+
+   daemon-shutdown [--preserve]
+
+Instruct the daemon to exit gracefully. If the ``--preserve`` flag is given,
+it will save state in the same manner that would be done on a host OS shutdown
+(privileged daemons) or a login session quit (unprivileged daemons).
+
 SERVER COMMANDS
 ===============

--- a/docs/nss.rst
+++ b/docs/nss.rst
@@ -1,161 +1,119 @@
+.. role:: since
+
 ==================
 Libvirt NSS module
 ==================

 .. contents::

-When it comes to managing guests and executing commands inside them, logging
-into guest operating system and doing the job is convenient. Users are used to
-ssh in this case. Ideally:
+Effectively managing guests often requires connecting to them via SSH, same as
+you would for any remote machine. Ideally

-``ssh user@virtualMachine``
+::

-would be nice. But depending on virtual network configuration it might not be
-always possible. For instance, when using libvirt NATed network it's dnsmasq
-(spawned by libvirt) who assigns IP addresses to domains. But by default, the
-dnsmasq process is then not consulted when it comes to host name translation.
-Users work around this problem by configuring their libvirt network to assign
-static IP addresses and maintaining ``/etc/hosts`` file in sync. But this puts
-needless burden onto users. This is where NSS module comes handy.
+   $ ssh user@mydomain
+
+would work out of the box, but depending on the network configuration that
+might not be the case. Setting up the libvirt NSS module is a one-time
+operation that makes the process of connecting from the host to the guests
+running on it much more convenient.
+
+Note that this feature only works in certain scenarios. See the
+`limitations`_ section for more information.

 Installation
 ------------

-Installing the module is really easy:
+Installing the module on Fedora or RHEL is really easy:

 ::

-   # yum install libvirt-nss
+   # dnf install libvirt-nss
+
+The package might have a different name on other distributions, but the process
+of installing it will be similar.

 Configuration
 -------------

-Enabling the module is really easy. Just add **libvirt** into
-``/etc/nsswitch.conf`` file. For instance:
+If you're running a new enough version of Fedora (>= 37) or RHEL (>= 10), then
+you can use ``authselect`` to enable the module with a single command:

 ::

-   $ cat /etc/nsswitch.conf
-   # /etc/nsswitch.conf:
-   passwd:      compat
-   shadow:      compat
-   group:       compat
-   hosts:       files libvirt dns
-   # ...
+   # authselect enable-feature with-libvirt

-So, in this specific case, whenever ssh program is looking up the host user is
-trying to connect to, **files** module is consulted first (which boils down to
-looking up the host name in ``/etc/hosts`` file), if not found **libvirt**
-module is consulted then. The DNS is the last effort then, if none of the
-previous modules matched the host in question. Therefore users should consider
-the order in which they want the modules to lookup given host name.
+For other distributions, you will have to manually update the configuration in
+``/etc/nsswitch.conf`` so that the ``hosts`` line looks similar to

-Sources of information
+::
+
+   hosts: files libvirt libvirt_guest dns
+
+With this configuration, whenever SSH (or any other application)
+tries to contact a guest, the ``files`` module will be consulted first (this
+boils down to searching for a matching line in ``/etc/hosts``); if no IP
+address could be found that way, the ``libvirt`` and ``libvirt_guest`` modules
+(see `below <variants_>`__ for differences between the two) will be used
+instead. Finally, if no previous attempt at resolving the hostname was
+successful, a DNS query will be performed.
+
+Variants
+--------
+
+There are two different variants of the module:
+
+* ``libvirt`` (:since:`since 1.3.3`) resolves hostnames based on the
+  information that the guest OS itself has reported to the DHCP server when
+  asking for an IP address, so it won't work if the guest OS hasn't been fully
+  configured yet;
+
+* ``libvirt_guest`` (:since:`since 3.0.0`) resolves hostnames by mapping them
+  directly to libvirt domain names, so it will work regardless of how the guest
+  OS is configured and will have more predictable results.
+
+The recommended configuration seen above enables both of them and gives
+priority to the former but it's also possible to enable only a single one, or
+to alter the precedence by simply changing the order in which they are listed.
+
+Implementation details
 ----------------------

-As of ``v3.0.0`` release, libvirt offers two NSS modules implementing two
-different methods of hostname translation. The first and older method is
-implemented by ``libvirt`` plugin and basically looks up the hostname to IP
-address translation in DHCP server records. Therefore this is dependent on
-hostname provided by guests. Thing is, not all the guests out there provide one
-in DHCP transactions, or not every sysadmin out there believes all the guests.
-Hence libvirt implements second method in ``libvirt_guest`` module which does
-libvirt guest name to IP address translation (regardless of hostname set in the
-guest).
+Whenever a Unix process needs to convert a hostname into an IP address, it will
+call the `gethostbyname() <https://linux.die.net/man/3/gethostbyname>`__ libc
+function or one of its variants.

-To enable either of the modules put their name into the ``nsswitch.conf`` file.
-For instance, to enable ``libvirt_guest`` module:
+Since multiple sources for this information are possible (for example the
+contents of ``/etc/hosts``, DNS, LDAP, etc.) a mechanism called
+`NSS <https://en.wikipedia.org/wiki/Name_Service_Switch>`__ has been created to
+make the name resolution process extensible. This allows each source to be
+implemented as a separate plugin that can be enabled or disabled based on the
+administrator's preferences.
+
+In the case of libvirt, the lookup is performed by inspecting the DHCP leases
+handed out by ``dnsmasq``, the software used to implement NATed networks. The
+results will be the same that would be reported by

 ::

-   $ cat /etc/nsswitch.conf
-   # /etc/nsswitch.conf:
-   hosts:       files libvirt_guest dns
-   # ...
+   $ virsh domifaddr --source lease mydomain

-Or users can enable both at the same time:
-
-::
-
-   $ cat /etc/nsswitch.conf
-   # /etc/nsswitch.conf:
-   hosts:       files libvirt libvirt_guest dns
-   # ...
-
-This configuration will mean that if hostname is not found by the ``libvirt``
-module (e.g. because a guest did not sent hostname during DHCP transaction), the
-``libvirt_guest`` module is consulted (and if the hostname matches libvirt guest
-name it will be resolved).
-
-How does it work?
-----------------
-
-Whenever an Unix process wants to do a host name translation
-`gethostbyname() <https://linux.die.net/man/3/gethostbyname>`__ or some variant
-of it is called. This is a glibc function that takes a string containing the
-host name, crunch it and produces a list of IP addresses assigned to that host.
-Now, glibc developers made a really good decision when implementing the
-internals of the function when they decided to make the function pluggable.
-Since there can be several sources for the records (e.g. ``/etc/hosts`` file,
-DNS, LDAP, etc.) it would not make much sense to create one big implementation
-containing all possible cases. What they have done instead is this pluggable
-mechanism. Small plugins implementing nothing but specific technology for lookup
-process are provided and the function then calls those plugins. There is just
-one configuration file that instructs the lookup function in which order should
-the plugins be called and which plugins should be loaded. For more info reading
-`wiki page <https://en.wikipedia.org/wiki/Name_Service_Switch>`__ is
-recommended.
-
-And this is point where libvirt comes in. Libvirt provides plugin for the NSS
-ecosystem. For some time now libvirt keeps a list of assigned IP addresses for
-libvirt networks. The NSS plugin does no more than search the list trying to
-find matching record for given host name. When found, matching IP address is
-returned to the caller. If not found, translation process continues with the
-next plugin configured. At this point it is important to stress the order in
-which plugins are called. Users should be aware that a hostname might match in
-multiple plugins and right after first match, translation process is terminated
-and no other plugin is consulted. Therefore, if there are two different records
-for the same host name users should carefully chose the lookup order.
+except that things will work transparently for any application that uses the
+libc resolver, without it needing to link against libvirt or even be aware of
+its existence.

 Limitations
 -----------

-#. The ``libvirt`` NSS module matches only hostnames provided by guest. If the
-   libvirt name and one advertised by guest differs, the latter is matched.
-   However, as of ``v3.0.0`` there are two libvirt NSS modules translating both
-   hostnames provided by guest and libvirt guest names.
-#. The module works only in that cases where IP addresses are assigned by
-   dnsmasq spawned by libvirt. Libvirt NATed networks are typical example.
-
-*The following paragraph describes implementation limitation of the ``libvirt``
-NSS module.* These limitation are result of libvirt's internal implementation.
-While libvirt can report IP addresses regardless of their origin, a public API
-must be used to obtain those. However, for the API a connection object is
-required. Doing that for every name translation request would be too costly.
-Fortunately, libvirt spawns dnsmasq for NATed networks. Not only that, it
-provides small executable that on each IP address space change updates an
-internal list of addresses thus keeping it in sync. The NSS module then merely
-consults the list trying to find the match. Users can view the list themselves:
-
-::
-
-   virsh net-dhcp-leases $network
-
-where ``$network`` iterates through all running networks. So the module does
-merely the same as
-
-::
-
-   virsh domifaddr --source lease $domain
-
-If there's no record for either of the aforementioned commands, it's very likely
-that NSS module won't find anything and vice versa. As of ``v3.0.0`` libvirt
-provides ``libvirt_guest`` NSS module that doesn't have this limitation.
-However, the statement is still true for the ``libvirt`` NSS module.
+Since the libvirt NSS module works by looking at ``dnsmasq``, it can only work
+for guests that are connected to a NATed libvirt network. Guests that obtain
+their IP addresses in any other way (usermode networking, assigned network
+devices and so on) will not be able to have their hostnames resolved through
+it.

 Alternatives
 ------------

-As of ``v10.3.0`` libvirt implements an `SSH proxy <ssh-proxy.html>`__ which
-doesn't require any network interface to SSH into the guest as SSH flows
-through a VSOCK device.
+:since:`Since 10.3.0`, libvirt implements an `SSH proxy <ssh-proxy.html>`__.
+This allows the use of SSH even for guests that have no network connectivity,
+by communicating over VSOCK.
--- a/docs/submitting-patches.rst
+++ b/docs/submitting-patches.rst
@@ -43,21 +43,7 @@ series of two or more patches needs a cover letter.
 Note that the ``git send-email`` subcommand may not be in the
 main git package and using it may require installation of a
 separate package, for example the "git-email" package in Fedora
-and Debian. If this is your first time using
-``git send-email``, you might need to configure it to point it
-to your SMTP server with something like:
-
-::
-
-  $ git config --global sendemail.smtpServer stmp.youremailprovider.net
-
-If you get tired of typing ``--to=devel@lists.libvirt.org`` all
-the time, you can configure that to be automatically handled as
-well:
-
-::
-
-  $ git config sendemail.to devel@lists.libvirt.org
+and Debian.

 Avoid using mail clients for sending patches, as most of them
 will mangle the messages in some way, making them unusable for
@@ -88,6 +74,56 @@ Moreover, such patch needs to be prefixed correctly with
 ``git send-email`` (substitute ``v2`` with the
 correct version if needed though).

+Git Configuration
+-----------------
+
+If this is your first time using ``git send-email``, you will probably
+need to setup your global git configuration, to point to your outgoing
+SMTP server with something like:
+
+::
+
+  $ git config --global sendemail.smtpServer stmp.youremailprovider.net
+
+If your email provider (often your employer) has configured a DMARC
+policy for their domain, there are some additional settings that will
+be required. Before doing this, check the DMARC policy with
+
+::
+
+  $ host -t txt _dmarc.$YOURDOMAIN.COM
+
+If this returns no output, or contains ``p=none`` then no configuration
+is required. If it reports ``p=quarantine`` or ``p=reject``, then the
+libvirt lists will apply DMARC countermeasures to your email. To ensure
+that git authorship is preserved add
+
+::
+
+  $ git config --global format.from "Your Name <your@email.com>"
+  $ git config --global format.forceInBodyFrom true
+
+This will force git to always add an additional line
+
+::
+
+   From: Your Name <your@email.com>
+
+in the body of the patch, guaranteeing correct author records even
+when the main ``From`` header is rewritten by mailman.
+
+If you get tired of typing ``--to=devel@lists.libvirt.org`` all
+the time, you can configure that to be automatically handled by
+adding a local repository setting:
+
+::
+
+  $ git config sendemail.to devel@lists.libvirt.org
+
+This last setting is not required if using ``git-publish`` to send
+patches, as that auto-identifies the mailing list address from its
+config file stored in git.
+
 Review process
 --------------

--- a/examples/c/misc/event-test.c
+++ b/examples/c/misc/event-test.c
@@ -1102,6 +1102,19 @@ myNetworkEventMetadataChangeCallback(virConnectPtr conn G_GNUC_UNUSED,
 }


+static int
+myDomainEventNICMACChangeCallback(virConnectPtr conn G_GNUC_UNUSED,
+                                  virDomainPtr dom,
+                                  const char *alias,
+                                  const char *oldMAC,
+                                  const char *newMAC,
+                                  void *opaque G_GNUC_UNUSED)
+{
+    printf("%s EVENT: Domain %s(%d) NIC MAC changed: alias: '%s' oldMAC: '%s' newMAC: '%s'\n",
+           __func__, virDomainGetName(dom), virDomainGetID(dom), alias, oldMAC, newMAC);
+    return 0;
+}
+

 static void
 myFreeFunc(void *opaque)
@@ -1160,6 +1173,7 @@ struct domainEventData domainEvents[] = {
    DOMAIN_EVENT(VIR_DOMAIN_EVENT_ID_BLOCK_THRESHOLD, myDomainEventBlockThresholdCallback),
    DOMAIN_EVENT(VIR_DOMAIN_EVENT_ID_MEMORY_FAILURE, myDomainEventMemoryFailureCallback),
    DOMAIN_EVENT(VIR_DOMAIN_EVENT_ID_MEMORY_DEVICE_SIZE_CHANGE, myDomainEventMemoryDeviceSizeChangeCallback),
+    DOMAIN_EVENT(VIR_DOMAIN_EVENT_ID_NIC_MAC_CHANGE, myDomainEventNICMACChangeCallback),
 };

 struct storagePoolEventData {
--- a/include/libvirt/libvirt-admin.h
+++ b/include/libvirt/libvirt-admin.h
@@ -484,6 +484,19 @@ int virAdmConnectSetDaemonTimeout(virAdmConnectPtr conn,
                                  unsigned int timeout,
                                  unsigned int flags);

+/**
+ * virAdmConnectDaemonShutdownFlags:
+ *
+ * Since: 11.2.0
+ */
+typedef enum {
+    /* Preserve state before shutting down daemon (Since: 11.2.0) */
+    VIR_DAEMON_SHUTDOWN_PRESERVE = (1 << 0),
+} virAdmConnectDaemonShutdownFlags;
+
+int virAdmConnectDaemonShutdown(virAdmConnectPtr conn,
+                                unsigned int flags);
+
 # ifdef __cplusplus
 }
 # endif
--- a/include/libvirt/libvirt-domain.h
+++ b/include/libvirt/libvirt-domain.h
--- a/include/libvirt/libvirt-nodedev.h
+++ b/include/libvirt/libvirt-nodedev.h
@@ -90,6 +90,8 @@ typedef enum {
    VIR_CONNECT_LIST_NODE_DEVICES_CAP_AP_QUEUE      = 1 << 19, /* s390 AP Queue (Since: 7.0.0) */
    VIR_CONNECT_LIST_NODE_DEVICES_CAP_AP_MATRIX     = 1 << 20, /* s390 AP Matrix (Since: 7.0.0) */
    VIR_CONNECT_LIST_NODE_DEVICES_CAP_VPD           = 1 << 21, /* Device with VPD (Since: 7.9.0) */
+    VIR_CONNECT_LIST_NODE_DEVICES_CAP_CCWGROUP_DEV  = 1 << 22, /* s390 CCWGROUP device (Since: 11.1.0) */
+    VIR_CONNECT_LIST_NODE_DEVICES_CAP_CCWGROUP_MEMBER = 1 << 23, /* s390 CCW device member of CCWGROUP device (Since: 11.1.0) */

    VIR_CONNECT_LIST_NODE_DEVICES_PERSISTENT        = 1 << 28, /* Persisted devices (Since: 10.1.0) */
    VIR_CONNECT_LIST_NODE_DEVICES_TRANSIENT         = 1 << 29, /* Transient devices (Since: 10.1.0) */
--- a/include/libvirt/virterror.h
+++ b/include/libvirt/virterror.h
@@ -349,6 +349,10 @@ typedef enum {
    VIR_ERR_CHECKPOINT_INCONSISTENT = 109, /* checkpoint can't be used (Since: 6.10.0) */
    VIR_ERR_MULTIPLE_DOMAINS = 110,     /* more than one matching domain found (Since: 7.1.0) */
    VIR_ERR_NO_NETWORK_METADATA = 111,  /* Network metadata is not present (Since: 9.7.0) */
+    VIR_ERR_AGENT_COMMAND_TIMEOUT = 112,/* guest agent didn't respond to a non-sync
+                                           command within timeout (Since: 11.2.0) */
+    VIR_ERR_AGENT_COMMAND_FAILED = 113, /* guest agent responded with failure
+                                           to a command (Since: 11.2.0) */

 # ifdef VIR_ENUM_SENTINELS
    VIR_ERR_NUMBER_LAST /* (Since: 5.0.0) */
--- a/Show More
+++ b/Show More