qemu_blockjob: Remove secdriver metadata more frequently

If a block job reaches failed/cancelled state, or is completed
without pivot then we must remove security driver metadata
associated to the backing chain so that we don't leave any
metadata behind.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1741456

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
ACKed-by: Peter Krempa <pkrempa@redhat.com>

.ctags.d/libvirt.ctags

@@ -0,0 +1 @@
+../.ctags

.gitignore

@@ -44,7 +44,7 @@
 /autom4te.cache
 /build-aux/*
 /build/
-/ci-tree/
+/ci/scratch/
 /confdefs.h
 /config.cache
 /config.guess
@@ -68,21 +68,21 @@
 /docs/libvirt-refs.xml
 /docs/news.html.in
 /docs/todo.html.in
-/examples/admin/client_close
-/examples/admin/client_info
-/examples/admin/client_limits
-/examples/admin/list_clients
-/examples/admin/list_servers
-/examples/admin/logging
-/examples/admin/threadpool_params
-/examples/object-events/event-test
-/examples/dominfo/info1
-/examples/domsuspend/suspend
-/examples/dommigrate/dommigrate
-/examples/domtop/domtop
-/examples/hellolibvirt/hellolibvirt
-/examples/openauth/openauth
-/examples/rename/rename
+/examples/c/admin/client_close
+/examples/c/admin/client_info
+/examples/c/admin/client_limits
+/examples/c/admin/list_clients
+/examples/c/admin/list_servers
+/examples/c/admin/logging
+/examples/c/admin/threadpool_params
+/examples/c/domain/dommigrate
+/examples/c/domain/domtop
+/examples/c/domain/info1
+/examples/c/domain/rename
+/examples/c/domain/suspend
+/examples/c/misc/event-test
+/examples/c/misc/hellolibvirt
+/examples/c/misc/openauth
 /gnulib/lib/*
 /gnulib/m4/*
 /gnulib/tests/*
@@ -118,8 +118,14 @@
 /src/admin/admin_client.h
 /src/admin/admin_protocol.[ch]
 /src/admin/admin_server_dispatch_stubs.h
+/src/bhyve/test_virtbhyved.aug
+/src/bhyve/virtbhyved.aug
+/src/bhyve/virtbhyved.conf
 /src/esx/*.generated.*
 /src/hyperv/*.generated.*
+/src/interface/test_virtinterfaced.aug
+/src/interface/virtinterfaced.aug
+/src/interface/virtinterfaced.conf
 /src/libvirt*.def
 /src/libvirt.syms
 /src/libvirt_access.syms
@@ -135,6 +141,10 @@
 /src/libvirt_lxc
 /src/libvirtd
 /src/libvirtd*.logrotate
+/src/libxl/test_libvirtd_libxl.aug
+/src/libxl/test_virtxend.aug
+/src/libxl/virtxend.aug
+/src/libxl/virtxend.conf
 /src/locking/libxl-lockd.conf
 /src/locking/libxl-sanlock.conf
 /src/locking/lock_daemon_dispatch_stubs.h
@@ -142,29 +152,76 @@
 /src/locking/qemu-lockd.conf
 /src/locking/qemu-sanlock.conf
 /src/locking/test_libvirt_sanlock.aug
+/src/locking/test_libvirt_lockd.aug
+/src/locking/test_virtlockd.aug
 /src/logging/log_daemon_dispatch_stubs.h
 /src/logging/log_protocol.[ch]
+/src/logging/test_virtlogd.aug
 /src/lxc/lxc_controller_dispatch.h
 /src/lxc/lxc_monitor_dispatch.h
 /src/lxc/lxc_monitor_protocol.c
 /src/lxc/lxc_monitor_protocol.h
 /src/lxc/lxc_protocol.[ch]
 /src/lxc/test_libvirtd_lxc.aug
+/src/lxc/test_virtlxcd.aug
+/src/lxc/virtlxcd.aug
+/src/lxc/virtlxcd.conf
+/src/network/test_virtnetworkd.aug
+/src/network/virtnetworkd.aug
+/src/network/virtnetworkd.conf
+/src/node_device/test_virtnodedevd.aug
+/src/node_device/virtnodedevd.aug
+/src/node_device/virtnodedevd.conf
+/src/nwfilter/test_virtnwfilterd.aug
+/src/nwfilter/virtnwfilterd.aug
+/src/nwfilter/virtnwfilterd.conf
 /src/qemu/test_libvirtd_qemu.aug
+/src/qemu/test_virtqemud.aug
+/src/qemu/virtqemud.aug
+/src/qemu/virtqemud.conf
 /src/remote/*_client_bodies.h
 /src/remote/*_protocol.[ch]
 /src/remote/*_stubs.h
+/src/remote/libvirtd.aug
+/src/remote/libvirtd.conf
+/src/remote/test_libvirtd.aug
+/src/remote/test_virtproxyd.aug
+/src/remote/virtproxyd.aug
+/src/remote/virtproxyd.conf
 /src/rpc/virkeepaliveprotocol.[ch]
 /src/rpc/virnetprotocol.[ch]
-/src/test_libvirt*.aug
-/src/test_virtlockd.aug
-/src/test_virtlogd.aug
+/src/secret/test_virtsecretd.aug
+/src/secret/virtsecretd.aug
+/src/secret/virtsecretd.conf
+/src/storage/test_virtstoraged.aug
+/src/storage/virtstoraged.aug
+/src/storage/virtstoraged.conf
+/src/test*.aug
 /src/util/virkeycodetable*.h
 /src/util/virkeynametable*.h
+/src/vbox/test_virtvboxd.aug
+/src/vbox/virtvboxd.aug
+/src/vbox/virtvboxd.conf
 /src/virt-aa-helper
+/src/virtbhyved
+/src/virtinterfaced
+/src/virtxend
 /src/virtlockd
 /src/virtlogd
+/src/virtlxcd
+/src/virtnetworkd
+/src/virtnodedevd
+/src/virtnwfilterd
+/src/virtproxyd
+/src/virtqemud
+/src/virtsecretd
+/src/virtstoraged
+/src/virtvboxd
+/src/virtvzd
 /src/virt-guest-shutdown.target
+/src/vz/test_virtvzd.aug
+/src/vz/virtvzd.aug
+/src/vz/virtvzd.conf
 /tests/*.log
 /tests/*.pid
 /tests/*.trs
@@ -183,6 +240,7 @@
 /tests/test_conf
 /tools/libvirt-guests.sh
 /tools/virt-login-shell
+/tools/virt-login-shell-helper
 /tools/virsh
 /tools/virsh-*-edit.c
 /tools/virt-admin

.gitlab-ci.yml

@@ -5,42 +5,42 @@
     - ../autogen.sh $CONFIGURE_OPTS || (cat config.log && exit 1)
     - make -j $(getconf _NPROCESSORS_ONLN)
 
-# We could run every arch on both versions, but it is a little
-# overkill. Instead we run half the jobs on 9 and half the jobs
-# on sid to give reasonable cross-coverage.
+# We could run every arch on every versions, but it is a little
+# overkill. Instead we split jobs evenly across 9, 10 and sid
+# to achieve reasonable cross-coverage.
 
 debian-9-cross-armv6l:
   <<: *job_definition
-  image: quay.io/libvirt/buildenv-debian-9-cross-armv6l:master
+  image: quay.io/libvirt/buildenv-libvirt-debian-9-cross-armv6l:latest
+
+debian-9-cross-mips64el:
+  <<: *job_definition
+  image: quay.io/libvirt/buildenv-libvirt-debian-9-cross-mips64el:latest
 
 debian-9-cross-mipsel:
   <<: *job_definition
-  image: quay.io/libvirt/buildenv-debian-9-cross-mipsel:master
+  image: quay.io/libvirt/buildenv-libvirt-debian-9-cross-mipsel:latest
 
-debian-9-cross-ppc64le:
+debian-10-cross-aarch64:
   <<: *job_definition
-  image: quay.io/libvirt/buildenv-debian-9-cross-ppc64le:master
+  image: quay.io/libvirt/buildenv-libvirt-debian-10-cross-aarch64:latest
 
-debian-9-cross-s390x:
+debian-10-cross-ppc64le:
   <<: *job_definition
-  image: quay.io/libvirt/buildenv-debian-9-cross-s390x:master
+  image: quay.io/libvirt/buildenv-libvirt-debian-10-cross-ppc64le:latest
 
-debian-sid-cross-aarch64:
+debian-10-cross-s390x:
   <<: *job_definition
-  image: quay.io/libvirt/buildenv-debian-sid-cross-aarch64:master
+  image: quay.io/libvirt/buildenv-libvirt-debian-10-cross-s390x:latest
 
 debian-sid-cross-armv7l:
   <<: *job_definition
-  image: quay.io/libvirt/buildenv-debian-sid-cross-armv7l:master
+  image: quay.io/libvirt/buildenv-libvirt-debian-sid-cross-armv7l:latest
 
 debian-sid-cross-i686:
   <<: *job_definition
-  image: quay.io/libvirt/buildenv-debian-sid-cross-i686:master
-
-debian-sid-cross-mips64el:
-  <<: *job_definition
-  image: quay.io/libvirt/buildenv-debian-sid-cross-mips64el:master
+  image: quay.io/libvirt/buildenv-libvirt-debian-sid-cross-i686:latest
 
 debian-sid-cross-mips:
   <<: *job_definition
-  image: quay.io/libvirt/buildenv-debian-sid-cross-mips:master
+  image: quay.io/libvirt/buildenv-libvirt-debian-sid-cross-mips:latest

.mailmap

@@ -43,6 +43,10 @@
 <nshirokovskiy@virtuozzo.com> <nshirokovskiy@parallels.com>
 <jyang@redhat.com> <osier@yunify.com>
 <kkoukiou@redhat.com> <k.koukiou@googlemail.com>
+<intrigeri@boum.org> <intrigeri+libvirt@boum.org>
+<fidencio@redhat.com> <fabiano@fidencio.org>
+<shi_lei@massclouds.com> <shilei.massclouds@gmx.com>
+<adrian.brzezinski@eo.pl> <redhat@adrb.pl>
 
 # Name consolidation:
 # Preferred author spelling <preferred email>

.travis.yml

@@ -22,28 +22,28 @@ matrix:
         - IMAGE="ubuntu-18"
         - MAKE_ARGS="syntax-check distcheck"
       script:
-        - make -f Makefile.ci ci-build@$IMAGE CI_MAKE_ARGS="$MAKE_ARGS"
+        - make -C ci/ ci-build@$IMAGE CI_MAKE_ARGS="$MAKE_ARGS"
     - services:
         - docker
       env:
         - IMAGE="centos-7"
         - MAKE_ARGS="syntax-check distcheck"
       script:
-        - make -f Makefile.ci ci-build@$IMAGE CI_MAKE_ARGS="$MAKE_ARGS"
+        - make -C ci/ ci-build@$IMAGE CI_MAKE_ARGS="$MAKE_ARGS"
     - services:
         - docker
       env:
-        - IMAGE="fedora-rawhide"
+        - IMAGE="fedora-30"
         - MINGW="mingw32"
       script:
-        - make -f Makefile.ci ci-build@$IMAGE CI_CONFIGURE="$MINGW-configure"
+        - make -C ci/ ci-build@$IMAGE CI_CONFIGURE="$MINGW-configure"
     - services:
         - docker
       env:
-        - IMAGE="fedora-rawhide"
+        - IMAGE="fedora-30"
         - MINGW="mingw64"
       script:
-        - make -f Makefile.ci ci-build@$IMAGE CI_CONFIGURE="$MINGW-configure"
+        - make -C ci/ ci-build@$IMAGE CI_CONFIGURE="$MINGW-configure"
     - compiler: clang
       language: c
       os: osx

Makefile.am

@@ -16,15 +16,15 @@
 ## License along with this library.  If not, see
 ## <http://www.gnu.org/licenses/>.
 
+LCOV = lcov
+GENHTML = genhtml
+
 SUBDIRS = . gnulib/lib include/libvirt src tools docs gnulib/tests \
   tests po examples
 
 XZ_OPT ?= -v -T0
 export XZ_OPT
 
-# have gnulib 'make coverage' output to 'cov' dir
-COVERAGE_OUT = "cov"
-
 ACLOCAL_AMFLAGS = -I m4
 
 EXTRA_DIST = \
@@ -35,7 +35,6 @@ EXTRA_DIST = \
   libvirt-qemu.pc.in \
   libvirt-lxc.pc.in \
   libvirt-admin.pc.in \
-  Makefile.ci \
   Makefile.nonreentrant \
   autogen.sh \
   cfg.mk \
@@ -51,6 +50,9 @@ EXTRA_DIST = \
   build-aux/prohibit-duplicate-header.pl \
   build-aux/useless-if-before-free \
   build-aux/vc-list-files \
+  ci/Makefile \
+  ci/build.sh \
+  ci/prepare.sh \
   $(NULL)
 
 pkgconfigdir = $(libdir)/pkgconfig
@@ -87,6 +89,20 @@ check-local: all tests
 check-access: all
 	@($(MAKE) $(AM_MAKEFLAGS) -C tests check-access)
 
+cov: clean-cov
+	$(MKDIR_P) $(top_builddir)/coverage
+	$(LCOV) -c -o $(top_builddir)/coverage/libvirt.info.tmp \
+	  -d $(top_builddir)/src \
+	  -d $(top_builddir)/tests
+	$(LCOV) -r $(top_builddir)/coverage/libvirt.info.tmp \
+	  -o $(top_builddir)/coverage/libvirt.info
+	rm $(top_builddir)/coverage/libvirt.info.tmp
+	$(GENHTML) --show-details -t "libvirt" -o $(top_builddir)/coverage \
+	  --legend $(top_builddir)/coverage/libvirt.info
+
+clean-cov:
+	rm -rf $(top_builddir)/coverage
+
 MAINTAINERCLEANFILES = .git-module-status
 
 dist-hook: gen-AUTHORS
@@ -109,4 +125,4 @@ gen-AUTHORS:
 	fi
 
 ci-%:
-	$(MAKE) -f Makefile.ci $@
+	$(MAKE) -C ci/ $@

README.md

@@ -30,7 +30,7 @@ License
 The libvirt C API is distributed under the terms of GNU Lesser General
 Public License, version 2.1 (or later). Some parts of the code that are
 not part of the C library may have the more restrictive GNU General
-Public License, version 2.1 (or later). See the files `COPYING.LESSER`
+Public License, version 2.0 (or later). See the files `COPYING.LESSER`
 and `COPYING` for full license terms & conditions.
 
 

build-aux/augeas-gentest.pl

@@ -20,31 +20,24 @@
 use strict;
 use warnings;
 
-die "syntax: $0 CONFIG TEMPLATE AUGTEST\n" unless @ARGV == 3;
+die "syntax: $0 CONFIG TEMPLATE\n" unless @ARGV == 2;
 
 my $config = shift @ARGV;
 my $template = shift @ARGV;
-my $augtest = shift @ARGV;
-
-open AUGTEST, ">", $augtest or die "cannot create $augtest: $!";
-
-$SIG{__DIE__} = sub {
-    unlink $augtest;
-};
 
 open CONFIG, "<", $config or die "cannot read $config: $!";
 open TEMPLATE, "<", $template or die "cannot read $template: $!";
 
 my $group = 0;
 while (<TEMPLATE>) {
-    if (/::CONFIG::/) {
+    if (/\@CONFIG\@/) {
         my $group = 0;
-        print AUGTEST "  let conf = \"";
+        print "  let conf = \"";
         while (<CONFIG>) {
             if (/^#\w/) {
                 s/^#//;
                 s/\"/\\\"/g;
-                print AUGTEST $_;
+                print $_;
                 $group = /\[\s$/;
             } elsif ($group) {
                 s/\"/\\\"/g;
@@ -53,16 +46,15 @@ while (<TEMPLATE>) {
                 }
                 if (/^#/) {
                     s/^#//;
-                    print AUGTEST $_;
+                    print $_;
                 }
             }
         }
-        print AUGTEST "\"\n";
+        print "\"\n";
     } else {
-        print AUGTEST $_;
+        print $_;
     }
 }
 
 close TEMPLATE;
 close CONFIG;
-close AUGTEST or die "cannot save $augtest: $!";

build-aux/header-ifdef.pl

@@ -6,18 +6,26 @@
 #  ...copyright header...
 #  */
 # <one blank line>
-# #ifndef SYMBOL
-# # define SYMBOL
+# #pragma once
 # ....content....
-# #endif /* SYMBOL */
 #
-# For any file ending priv.h, before the #ifndef
+#---
+#
+# For any file ending priv.h, before the #pragma once
 # We will have a further section
 #
 # #ifndef SYMBOL_ALLOW
 # # error ....
 # #endif /* SYMBOL_ALLOW */
 # <one blank line>
+#
+#---
+#
+# For public headers (files in include/), use the standard header guard instead of #pragma once:
+# #ifndef SYMBOL
+# # define SYMBOL
+# ....content....
+# #endif /* SYMBOL */
 
 use strict;
 use warnings;
@@ -38,6 +46,7 @@ my $file = " ";
 my $ret = 0;
 my $ifdef = "";
 my $ifdefpriv = "";
+my $publicheader = 0;
 
 my $state = $STATE_EOF;
 my $mistake = 0;
@@ -64,7 +73,11 @@ while (<>) {
         } elsif ($state == $STATE_PRIV_BLANK) {
             &mistake("$file: missing blank line after priv header check");
         } elsif ($state == $STATE_GUARD_START) {
-            &mistake("$file: missing '#ifndef $ifdef'");
+            if ($publicheader) {
+                &mistake("$file: missing '#ifndef $ifdef'");
+            } else {
+                &mistake("$file: missing '#pragma once' header guard");
+            }
         } elsif ($state == $STATE_GUARD_DEFINE) {
             &mistake("$file: missing '# define $ifdef'");
         } elsif ($state == $STATE_GUARD_END) {
@@ -83,6 +96,7 @@ while (<>) {
         $file = $ARGV;
         $state = $STATE_COPYRIGHT_COMMENT;
         $mistake = 0;
+        $publicheader = ($ARGV =~ /include\//);
     }
 
     if ($mistake ||
@@ -133,12 +147,19 @@ while (<>) {
     } elsif ($state == $STATE_GUARD_START) {
         if (/^$/) {
             &mistake("$file: too many blank lines after copyright header");
-        } elsif(/#pragma once/) {
-            $state = $STATE_PRAGMA;
-        } elsif (/#ifndef $ifdef$/) {
-            $state = $STATE_GUARD_DEFINE;
+        }
+        if ($publicheader) {
+            if (/#ifndef $ifdef$/) {
+                $state = $STATE_GUARD_DEFINE;
+            } else {
+                &mistake("$file: missing '#ifndef $ifdef'");
+            }
         } else {
-            &mistake("$file: missing '#ifndef $ifdef'");
+            if (/#pragma once/) {
+                $state = $STATE_PRAGMA;
+            } else {
+                &mistake("$file: missing '#pragma once' header guard");
+            }
         }
     } elsif ($state == $STATE_GUARD_DEFINE) {
         if (/# define $ifdef$/) {

cfg.mk

@@ -59,6 +59,7 @@ local-checks-to-skip = \
   sc_obsolete_symbols \
   sc_prohibit_S_IS_definition \
   sc_prohibit_atoi_atof \
+  sc_prohibit_gnu_make_extensions \
   sc_prohibit_hash_without_use \
   sc_prohibit_jm_in_m4 \
   sc_prohibit_quote_without_use \
@@ -146,9 +147,6 @@ useless_free_options = \
   --name=virJSONValueFree \
   --name=virLastErrFreeData \
   --name=virNetMessageFree \
-  --name=virNetServerMDNSFree \
-  --name=virNetServerMDNSEntryFree \
-  --name=virNetServerMDNSGroupFree \
   --name=virNWFilterDefFree \
   --name=virNWFilterEntryFree \
   --name=virNWFilterHashTableFree \
@@ -614,6 +612,7 @@ msg_gen_function += virReportError
 msg_gen_function += virReportErrorHelper
 msg_gen_function += virReportSystemError
 msg_gen_function += xenapiSessionErrorHandler
+msg_gen_function += virLastErrorPrefixMessage
 
 # Uncomment the following and run "make syntax-check" to see diagnostics
 # that are not yet marked for translation, but that need to be rewritten
@@ -792,7 +791,7 @@ sc_prohibit_cross_inclusion:
 	    access/ | conf/) safe="($$dir|conf|util)";; \
 	    cpu/| network/| node_device/| rpc/| security/| storage/) \
 	      safe="($$dir|util|conf|storage)";; \
-	    xenapi/ | xenconfig/ ) safe="($$dir|util|conf|xen|cpu)";; \
+	    xenapi/) safe="($$dir|util|conf|xen|cpu)";; \
 	    *) safe="($$dir|$(mid_dirs)|util)";; \
 	  esac; \
 	  in_vc_files="^src/$$dir" \
@@ -857,12 +856,6 @@ sc_prohibit_unbounded_arrays_in_rpc:
 	halt='Arrays in XDR must have a upper limit set for <NNN>' \
 	  $(_sc_search_regexp)
 
-sc_prohibit_getenv:
-	@prohibit='\b(secure_)?getenv *\(' \
-	exclude='exempt from syntax-check' \
-	halt='Use virGetEnv{Allow,Block}SUID instead of getenv' \
-	  $(_sc_search_regexp)
-
 sc_prohibit_atoi:
 	@prohibit='\bato(i|f|l|ll|q) *\(' \
 	halt='Use virStrToLong* instead of atoi, atol, atof, atoq, atoll' \
@@ -1145,6 +1138,11 @@ ifneq ($(_gl-Makefile),)
 syntax-check: spacing-check test-wrap-argv \
 	prohibit-duplicate-header mock-noinline group-qemu-caps \
         header-ifdef
+	@if ! cppi --version >/dev/null 2>&1; then \
+		echo "*****************************************************" >&2; \
+		echo "* cppi not installed, some checks have been skipped *" >&2; \
+		echo "*****************************************************" >&2; \
+	fi
 endif
 
 # Don't include duplicate header in the source (either *.c or *.h)
@@ -1200,7 +1198,7 @@ exclude_file_name_regexp--sc_avoid_write = \
 
 exclude_file_name_regexp--sc_bindtextdomain = .*
 
-exclude_file_name_regexp--sc_gettext_init = ^(tests|examples)/
+exclude_file_name_regexp--sc_gettext_init = ^((tests|examples)/|tools/virt-login-shell.c)
 
 exclude_file_name_regexp--sc_copyright_format = \
 	^cfg\.mk$$
@@ -1226,13 +1224,13 @@ exclude_file_name_regexp--sc_prohibit_access_xok = \
 	^(cfg\.mk|src/util/virutil\.c)$$
 
 exclude_file_name_regexp--sc_prohibit_asprintf = \
-  ^(cfg\.mk|bootstrap.conf$$|examples/|src/util/virstring\.[ch]$$|tests/vircgroupmock\.c$$)
+  ^(cfg\.mk|bootstrap.conf$$|examples/|src/util/virstring\.[ch]$$|tests/vircgroupmock\.c|tools/virt-login-shell\.c|tools/nss/libvirt_nss\.c$$)
 
 exclude_file_name_regexp--sc_prohibit_strdup = \
-  ^(docs/|examples/|src/util/virstring\.c|tests/vir(netserverclient|cgroup)mock.c|tests/commandhelper\.c$$)
+  ^(docs/|examples/|src/util/virstring\.c|tests/vir(netserverclient|cgroup)mock.c|tests/commandhelper\.c|tools/nss/libvirt_nss_(leases|macs)\.c$$)
 
 exclude_file_name_regexp--sc_prohibit_close = \
-  (\.p[yl]$$|\.spec\.in$$|^docs/|^(src/util/virfile\.c|src/libvirt-stream\.c|tests/(vir.+mock\.c|commandhelper\.c|qemusecuritymock\.c))$$)
+  (\.p[yl]$$|\.spec\.in$$|^docs/|^(src/util/virfile\.c|src/libvirt-stream\.c|tests/(vir.+mock\.c|commandhelper\.c|qemusecuritymock\.c)|tools/nss/libvirt_nss_(leases|macs)\.c)$$)
 
 exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF = \
   (^tests/(virhostcpu|virpcitest)data/|docs/js/.*\.js|docs/fonts/.*\.woff|\.diff|tests/virconfdata/no-newline\.conf$$)
@@ -1253,7 +1251,7 @@ exclude_file_name_regexp--sc_prohibit_newline_at_end_of_diagnostic = \
   ^src/rpc/gendispatch\.pl$$
 
 exclude_file_name_regexp--sc_prohibit_nonreentrant = \
-  ^((po|tests|examples/admin)/|docs/.*(py|js|html\.in)|run.in$$|tools/wireshark/util/genxdrstub\.pl$$)
+  ^((po|tests|examples)/|docs/.*(py|js|html\.in)|run.in$$|tools/wireshark/util/genxdrstub\.pl|tools/virt-login-shell\.c$$)
 
 exclude_file_name_regexp--sc_prohibit_select = \
 	^cfg\.mk$$
@@ -1262,12 +1260,12 @@ exclude_file_name_regexp--sc_prohibit_canonicalize_file_name = \
   ^(cfg\.mk|tests/virfilemock\.c)$$
 
 exclude_file_name_regexp--sc_prohibit_raw_allocation = \
-  ^(docs/hacking\.html\.in|src/util/viralloc\.[ch]|examples/.*|tests/(securityselinuxhelper|(vircgroup|nss)mock|commandhelper)\.c|tools/wireshark/src/packet-libvirt\.c)$$
+  ^(docs/hacking\.html\.in|src/util/viralloc\.[ch]|examples/.*|tests/(securityselinuxhelper|(vircgroup|nss)mock|commandhelper)\.c|tools/wireshark/src/packet-libvirt\.c|tools/nss/libvirt_nss(_leases|_macs)?\.c)$$
 
 exclude_file_name_regexp--sc_prohibit_readlink = \
   ^src/(util/virutil|lxc/lxc_container)\.c$$
 
-exclude_file_name_regexp--sc_prohibit_setuid = ^src/util/virutil\.c$$
+exclude_file_name_regexp--sc_prohibit_setuid = ^src/util/virutil\.c|tools/virt-login-shell\.c$$
 
 exclude_file_name_regexp--sc_prohibit_sprintf = \
   ^(cfg\.mk|docs/hacking\.html\.in|.*\.stp|.*\.pl)$$
@@ -1313,9 +1311,6 @@ exclude_file_name_regexp--sc_prohibit_int_ijk = \
 exclude_file_name_regexp--sc_prohibit_unsigned_pid = \
   ^(include/libvirt/.*\.h|src/(qemu/qemu_driver\.c|driver-hypervisor\.h|libvirt(-[a-z]*)?\.c|.*\.x|util/vir(polkit|systemd)\.c)|tests/virpolkittest\.c|tools/virsh-domain\.c)$$
 
-exclude_file_name_regexp--sc_prohibit_getenv = \
-  ^tests/.*\.[ch]$$
-
 exclude_file_name_regexp--sc_avoid_attribute_unused_in_header = \
   ^(src/util/virlog\.h|src/network/bridge_driver\.h)$$
 
@@ -1344,10 +1339,13 @@ exclude_file_name_regexp--sc_prohibit_always-defined_macros = \
   ^tests/virtestmock.c$$
 
 exclude_file_name_regexp--sc_prohibit_readdir = \
-  ^tests/(.*mock|virfilewrapper)\.c$$
+  ^(tests/(.*mock|virfilewrapper)\.c|tools/nss/libvirt_nss\.c)$$
 
 exclude_file_name_regexp--sc_prohibit_cross_inclusion = \
   ^(src/util/virclosecallbacks\.h|src/util/virhostdev\.h)$$
 
 exclude_file_name_regexp--sc_prohibit_dirent_d_type = \
   ^(src/util/vircgroup.c)$
+
+exclude_file_name_regexp--sc_prohibit_strcmp = \
+  ^(tools/nss/libvirt_nss.*\.c)

ci/Makefile

@@ -1,16 +1,15 @@
 # -*- makefile -*-
 # vim: filetype=make
 
-# Figure out name and path to this file. This isn't
-# portable but we only care for modern GNU make
-CI_MAKEFILE = $(abspath $(firstword $(MAKEFILE_LIST)))
+# The root directory of the libvirt.git checkout
+CI_GIT_ROOT = $(shell git rev-parse --show-toplevel)
+
+# The root directory for all CI-related contents
+CI_ROOTDIR = $(CI_GIT_ROOT)/ci
 
 # The directory holding content on the host that we will
 # expose to the container.
-CI_SCRATCHDIR = $(shell pwd)/ci-tree
-
-# The root directory of the libvirt.git checkout
-CI_GIT_ROOT = $(shell git rev-parse --show-toplevel)
+CI_SCRATCHDIR = $(CI_ROOTDIR)/scratch
 
 # The directory holding the clone of the git repo that
 # we will expose to the container
@@ -19,7 +18,7 @@ CI_HOST_SRCDIR = $(CI_SCRATCHDIR)/src
 # The directory holding the source inside the
 # container, i.e. where we want to expose
 # the $(CI_HOST_SRCDIR) directory from the host
-CI_CONT_SRCDIR = /src
+CI_CONT_SRCDIR = $(CI_USER_HOME)/libvirt
 
 # Relative directory to perform the build in. This
 # defaults to using a separate build dir, but can be
@@ -42,18 +41,20 @@ CI_MAKE_ARGS =
 # Any extra arguments to pass to configure
 CI_CONFIGURE_ARGS =
 
-# Avoid pulling submodules over the network by locally
-# cloning them
-CI_SUBMODULES = $(shell git submodule | awk '{ print $$2 }')
+# Script containing environment preparation steps
+CI_PREPARE_SCRIPT = $(CI_ROOTDIR)/prepare.sh
+
+# Script containing build instructions
+CI_BUILD_SCRIPT = $(CI_ROOTDIR)/build.sh
 
 # Location of the container images we're going to pull
 # Can be useful to overridde to use a locally built
 # image instead
-CI_IMAGE_PREFIX = quay.io/libvirt/buildenv-
+CI_IMAGE_PREFIX = quay.io/libvirt/buildenv-libvirt-
 
 # The default tag is ':latest' but if the container
 # repo above uses different conventions this can override it
-CI_IMAGE_TAG = :master
+CI_IMAGE_TAG = :latest
 
 # We delete the virtual root after completion, set
 # to 0 if you need to keep it around for debugging
@@ -70,6 +71,11 @@ CI_REUSE = 0
 CI_UID = $(shell id -u)
 CI_GID = $(shell id -g)
 
+# We also need the user's login and home directory to prepare the
+# environment the way some programs expect it
+CI_USER_LOGIN = $(shell echo "$$USER")
+CI_USER_HOME = $(shell echo "$$HOME")
+
 CI_ENGINE = auto
 # Container engine we are going to use, can be overridden per make
 # invocation, if it is not we try podman and then default to docker.
@@ -86,36 +92,49 @@ endif
 # is liable to mess with SELinux labelling which will
 # then prevent the host accessing them. And podman cannot
 # relabel the files due to it running rootless. So
-# copying them first is safer and error-prone.
+# copying them first is safer and less error-prone.
 CI_PWDB_MOUNTS = \
 	--volume $(CI_SCRATCHDIR)/group:/etc/group:ro,z \
 	--volume $(CI_SCRATCHDIR)/passwd:/etc/passwd:ro,z \
 	$(NULL)
 
+CI_HOME_MOUNTS = \
+	--volume $(CI_SCRATCHDIR)/home:$(CI_USER_HOME):z \
+	$(NULL)
+
+CI_SCRIPT_MOUNTS = \
+	--volume $(CI_SCRATCHDIR)/prepare:$(CI_USER_HOME)/prepare:z \
+	--volume $(CI_SCRATCHDIR)/build:$(CI_USER_HOME)/build:z \
+	$(NULL)
+
 # Docker containers can have very large ulimits
 # for nofiles - as much as 1048576. This makes
 # libvirt very slow at exec'ing programs.
 CI_ULIMIT_FILES = 1024
 
 ifeq ($(CI_ENGINE),podman)
-	# Podman cannot reuse host namespace when running non-root containers.  Until
-	# support for --keep-uid is added we can just create another mapping that will
-	# do that for us.  Beware, that in {uid,git}map=container_id:host_id:range,
-	# the host_id does actually refer to the uid in the first mapping where 0
-	# (root) is mapped to the current user and rest is offset.
-
-	# In order to set up this mapping, we need to keep all the user IDs to prevent
-	# possible errors as some images might expect UIDs up to 90000 (looking at you
-	# fedora), so we don't want the overflowuid to be used for them.  For mapping
-	# all the other users properly ther eneeds to be some math done.  Don't worry,
-	# it's just addition and subtraction.
-
-	# 65536 ought to be enough (tm), but for really rare cases the maximums might
-	# need to be higher, but that only happens when your /etc/sub{u,g}id allow
-	# users to have more IDs.  Unless --keep-uid is supported, let's do this in a
-	# way that should work for everyone.
-	CI_MAX_UID = $(shell sed -n "s/^$USER:[^:]\+://p" /etc/subuid)
-	CI_MAX_GID = $(shell sed -n "s/^$USER:[^:]\+://p" /etc/subgid)
+	# Podman cannot reuse host namespace when running non-root
+	# containers.  Until support for --keep-uid is added we can
+	# just create another mapping that will do that for us.
+	# Beware, that in {uid,git}map=container_id:host_id:range, the
+	# host_id does actually refer to the uid in the first mapping
+	# where 0 (root) is mapped to the current user and rest is
+	# offset.
+	#
+	# In order to set up this mapping, we need to keep all the
+	# user IDs to prevent possible errors as some images might
+	# expect UIDs up to 90000 (looking at you fedora), so we don't
+	# want the overflowuid to be used for them.  For mapping all
+	# the other users properly, some math needs to be done.
+	# Don't worry, it's just addition and subtraction.
+	#
+	# 65536 ought to be enough (tm), but for really rare cases the
+	# maximums might need to be higher, but that only happens when
+	# your /etc/sub{u,g}id allow users to have more IDs.  Unless
+	# --keep-uid is supported, let's do this in a way that should
+	# work for everyone.
+	CI_MAX_UID = $(shell sed -n "s/^$(CI_USER_LOGIN):[^:]\+://p" /etc/subuid)
+	CI_MAX_GID = $(shell sed -n "s/^$(CI_USER_LOGIN):[^:]\+://p" /etc/subgid)
 	ifeq ($(CI_MAX_UID),)
 		CI_MAX_UID = 65536
 	endif
@@ -153,20 +172,20 @@ CI_GIT_ARGS = \
 #             as dev so that file ownership matches host
 #             instead of root:root
 #   --volume  to pass in the cloned git repo & config
-#   --workdir to set cwd to vpath build location
 #   --ulimit  lower files limit for performance reasons
 #   --interactive
 #   --tty     Ensure we have ability to Ctrl-C the build
 CI_ENGINE_ARGS = \
 	--rm \
-	--user $(CI_UID):$(CI_GID) \
 	--interactive \
 	--tty \
 	$(CI_PODMAN_ARGS) \
 	$(CI_PWDB_MOUNTS) \
+	$(CI_HOME_MOUNTS) \
+	$(CI_SCRIPT_MOUNTS) \
 	--volume $(CI_HOST_SRCDIR):$(CI_CONT_SRCDIR):z \
-	--workdir $(CI_CONT_SRCDIR) \
 	--ulimit nofile=$(CI_ULIMIT_FILES):$(CI_ULIMIT_FILES) \
+	--cap-add=SYS_PTRACE \
 	$(NULL)
 
 ci-check-engine:
@@ -179,9 +198,13 @@ ci-prepare-tree: ci-check-engine
 		mkdir -p $(CI_SCRATCHDIR); \
 		cp /etc/passwd $(CI_SCRATCHDIR); \
 		cp /etc/group $(CI_SCRATCHDIR); \
+		mkdir -p $(CI_SCRATCHDIR)/home; \
+		cp "$(CI_PREPARE_SCRIPT)" $(CI_SCRATCHDIR)/prepare; \
+		cp "$(CI_BUILD_SCRIPT)" $(CI_SCRATCHDIR)/build; \
+		chmod +x "$(CI_SCRATCHDIR)/prepare" "$(CI_SCRATCHDIR)/build"; \
 		echo "Cloning $(CI_GIT_ROOT) to $(CI_HOST_SRCDIR)"; \
 		git clone $(CI_GIT_ARGS) $(CI_GIT_ROOT) $(CI_HOST_SRCDIR) || exit 1; \
-		for mod in $(CI_SUBMODULES) ; \
+		for mod in $$(git submodule | awk '{ print $$2 }' | sed -E 's,^../,,g') ; \
 		do \
 			test -f $(CI_GIT_ROOT)/$$mod/.git || continue ; \
 			echo "Cloning $(CI_GIT_ROOT)/$$mod to $(CI_HOST_SRCDIR)/$$mod"; \
@@ -189,46 +212,31 @@ ci-prepare-tree: ci-check-engine
 		done ; \
 	fi
 
-# $CONFIGURE_OPTS is a env that can optionally be set in the container,
-# populated at build time from the Dockerfile. A typical use case would
-# be to pass --host/--target args to trigger cross-compilation
-#
-# This can be augmented by make local args in $(CI_CONFIGURE_ARGS)
-#
-# gl_public_submodule_commit= to disable gnulib's submodule check
-# which breaks due to way we clone the submodules
-ci-build@%: ci-prepare-tree
+ci-run-command@%: ci-prepare-tree
 	$(CI_ENGINE) run $(CI_ENGINE_ARGS) $(CI_IMAGE_PREFIX)$*$(CI_IMAGE_TAG) \
-		/bin/bash -c '\
-		mkdir -p $(CI_CONT_BUILDDIR) || exit 1 ; \
-		cd $(CI_CONT_BUILDDIR) ; \
-		NOCONFIGURE=1 $(CI_CONT_SRCDIR)/autogen.sh || exit 1 ; \
-		$(CI_CONFIGURE) $${CONFIGURE_OPTS} $(CI_CONFIGURE_ARGS) ; \
-		if test $$? != 0 ; \
-		then \
-			test -f config.log && cat config.log ; \
-			exit 1 ; \
-		fi; \
-		find -name test-suite.log -delete ; \
-		export VIR_TEST_DEBUG=1 ; \
-		make -j$(CI_SMP) gl_public_submodule_commit= $(CI_MAKE_ARGS) ; \
-		if test $$? != 0 ; then \
-			LOGS=`find -name test-suite.log` ; \
-			if test "$${LOGS}" != "" ; then \
-				echo "=== LOG FILE(S) START ===" ; \
-				cat $${LOGS} ; \
-				echo "=== LOG FILE(S) END ===" ; \
-			fi ; \
-			exit 1 ;\
-		fi'
+		/bin/bash -c ' \
+		$(CI_USER_HOME)/prepare || exit 1; \
+		sudo \
+		  --login \
+		  --user="#$(CI_UID)" \
+		  --group="#$(CI_GID)" \
+		  CI_CONT_SRCDIR="$(CI_CONT_SRCDIR)" \
+		  CI_CONT_BUILDDIR="$(CI_CONT_BUILDDIR)" \
+		  CI_SMP="$(CI_SMP)" \
+		  CI_CONFIGURE="$(CI_CONFIGURE)" \
+		  CI_CONFIGURE_ARGS="$(CI_CONFIGURE_ARGS)" \
+		  CI_MAKE_ARGS="$(CI_MAKE_ARGS)" \
+		  $(CI_COMMAND) || exit 1'
 	@test "$(CI_CLEAN)" = "1" && rm -rf $(CI_SCRATCHDIR) || :
 
+ci-shell@%:
+	$(MAKE) -C $(CI_ROOTDIR) ci-run-command@$* CI_COMMAND="/bin/bash"
+
+ci-build@%:
+	$(MAKE) -C $(CI_ROOTDIR) ci-run-command@$* CI_COMMAND="$(CI_USER_HOME)/build"
+
 ci-check@%:
-	$(MAKE) -f $(CI_MAKEFILE) ci-build@$* CI_MAKE_ARGS="check"
-
-ci-shell@%: ci-prepare-tree
-	$(CI_ENGINE) run $(CI_ENGINE_ARGS) $(CI_IMAGE_PREFIX)$*$(CI_IMAGE_TAG) /bin/bash
-	@test "$(CI_CLEAN)" = "1" && rm -rf $(CI_SCRATCHDIR) || :
+	$(MAKE) -C $(CI_ROOTDIR) ci-build@$* CI_MAKE_ARGS="check"
 
 ci-help:
 	@echo "Build libvirt inside containers used for CI"
@@ -243,23 +251,25 @@ ci-help:
 	@echo
 	@echo "    centos-7"
 	@echo "    debian-9"
+	@echo "    debian-10"
 	@echo "    debian-sid"
-	@echo "    fedora-28"
 	@echo "    fedora-29"
+	@echo "    fedora-30"
 	@echo "    fedora-rawhide"
+	@echo "    ubuntu-16"
 	@echo "    ubuntu-18"
 	@echo
 	@echo "Available cross-compiler container images:"
 	@echo
-	@echo "    debian-{9,sid}-cross-aarch64"
-	@echo "    debian-{9,sid}-cross-armv6l"
-	@echo "    debian-{9,sid}-cross-armv7l"
-	@echo "    debian-sid-cross-i686"
-	@echo "    debian-{9,sid}-cross-mips64el"
-	@echo "    debian-{9,sid}-cross-mips"
-	@echo "    debian-{9,sid}-cross-mipsel"
-	@echo "    debian-{9,sid}-cross-ppc64le"
-	@echo "    debian-{9,sid}-cross-s390x"
+	@echo "    debian-{9,10,sid}-cross-aarch64"
+	@echo "    debian-{9,10,sid}-cross-armv6l"
+	@echo "    debian-{9,10,sid}-cross-armv7l"
+	@echo "    debian-{10,sid}-cross-i686"
+	@echo "    debian-{9,10,sid}-cross-mips64el"
+	@echo "    debian-{9,10,sid}-cross-mips"
+	@echo "    debian-{9,10,sid}-cross-mipsel"
+	@echo "    debian-{9,10,sid}-cross-ppc64le"
+	@echo "    debian-{9,10,sid}-cross-s390x"
 	@echo
 	@echo "Available make variables:"
 	@echo

ci/build.sh

@@ -0,0 +1,40 @@
+# This script is used to build libvirt inside the container.
+#
+# You can customize it to your liking, or alternatively use a
+# completely different script by passing
+#
+#  CI_BUILD_SCRIPT=/path/to/your/build/script
+#
+# to make.
+
+mkdir -p "$CI_CONT_BUILDDIR" || exit 1
+cd "$CI_CONT_BUILDDIR"
+
+export VIR_TEST_DEBUG=1
+NOCONFIGURE=1 "$CI_CONT_SRCDIR/autogen.sh" || exit 1
+
+# $CONFIGURE_OPTS is a env that can optionally be set in the container,
+# populated at build time from the Dockerfile. A typical use case would
+# be to pass --host/--target args to trigger cross-compilation
+#
+# This can be augmented by make local args in $CI_CONFIGURE_ARGS
+"$CI_CONFIGURE" $CONFIGURE_OPTS $CI_CONFIGURE_ARGS
+if test $? != 0; then
+    test -f config.log && cat config.log
+    exit 1
+fi
+find -name test-suite.log -delete
+
+# gl_public_submodule_commit= to disable gnulib's submodule check
+# which breaks due to way we clone the submodules
+make -j"$CI_SMP" gl_public_submodule_commit= $CI_MAKE_ARGS
+
+if test $? != 0; then \
+    LOGS=$(find -name test-suite.log)
+    if test "$LOGS"; then
+        echo "=== LOG FILE(S) START ==="
+        cat $LOGS
+        echo "=== LOG FILE(S) END ==="
+    fi
+    exit 1
+fi

ci/prepare.sh

@@ -0,0 +1,13 @@
+# This script is used to prepare the environment that will be used
+# to build libvirt inside the container.
+#
+# You can customize it to your liking, or alternatively use a
+# completely different script by passing
+#
+#  CI_PREPARE_SCRIPT=/path/to/your/prepare/script
+#
+# to make.
+#
+# Note that this script will have root privileges inside the
+# container, so it can be used for things like installing additional
+# packages.

config-post.h

@@ -16,62 +16,8 @@
  * <http://www.gnu.org/licenses/>.
  */
 
-/*
- * Since virt-login-shell will be setuid, we must do everything
- * we can to avoid linking to other libraries. Many of them do
- * unsafe things in functions marked __attribute__((constructor)).
- * The only way to avoid such deps is to re-compile the
- * functions with the code in question disabled, and for that we
- * must override the main config.h rules. Hence this file :-(
- */
-
-#ifdef LIBVIRT_SETUID_RPC_CLIENT
-# undef HAVE_LIBNL
-# undef HAVE_LIBNL3
-# undef HAVE_LIBSASL2
-# undef HAVE_SYS_ACL_H
-# undef WITH_CAPNG
-# undef WITH_CURL
-# undef WITH_DBUS
-# undef WITH_DEVMAPPER
-# undef WITH_DTRACE_PROBES
-# undef WITH_GNUTLS
-# undef WITH_LIBSSH
-# undef WITH_MACVTAP
-# undef WITH_NUMACTL
-# undef WITH_SASL
-# undef WITH_SSH2
-# undef WITH_SYSTEMD_DAEMON
-# undef WITH_VIRTUALPORT
-# undef WITH_YAJL
-#endif
-
-/*
- * With the NSS module it's the same story as virt-login-shell. See the
- * explanation above.
- */
-#ifdef LIBVIRT_NSS
-# undef HAVE_LIBNL
-# undef HAVE_LIBNL3
-# undef HAVE_LIBSASL2
-# undef HAVE_SYS_ACL_H
-# undef WITH_CAPNG
-# undef WITH_CURL
-# undef WITH_DEVMAPPER
-# undef WITH_DTRACE_PROBES
-# undef WITH_GNUTLS
-# undef WITH_LIBSSH
-# undef WITH_MACVTAP
-# undef WITH_NUMACTL
-# undef WITH_SASL
-# undef WITH_SSH2
-# undef WITH_VIRTUALPORT
-# undef WITH_SECDRIVER_SELINUX
-# undef WITH_SECDRIVER_APPARMOR
-#endif /* LIBVIRT_NSS */
-
 #ifndef __GNUC__
-# error "Libvirt requires GCC >= 4.4, or CLang"
+# error "Libvirt requires GCC >= 4.8, or CLang"
 #endif
 
 /*
@@ -86,6 +32,6 @@
     ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
 #endif
 
-#if !(__GNUC_PREREQ(4, 4) || defined(__clang__))
-# error "Libvirt requires GCC >= 4.4, or CLang"
+#if !(__GNUC_PREREQ(4, 8) || defined(__clang__))
+# error "Libvirt requires GCC >= 4.8, or CLang"
 #endif

configure.ac

@@ -16,7 +16,7 @@ dnl You should have received a copy of the GNU Lesser General Public
 dnl License along with this library.  If not, see
 dnl <http://www.gnu.org/licenses/>.
 
-AC_INIT([libvirt], [5.4.0], [libvir-list@redhat.com], [], [https://libvirt.org])
+AC_INIT([libvirt], [5.7.0], [libvir-list@redhat.com], [], [https://libvirt.org])
 AC_CONFIG_SRCDIR([src/libvirt.c])
 AC_CONFIG_AUX_DIR([build-aux])
 AC_CONFIG_HEADERS([config.h])
@@ -129,6 +129,29 @@ if test -d $srcdir/.git && git --version >/dev/null 2>&1 ; then
   AB_VERSION=`cd $srcdir && git describe --match 'v[[0-9]]*' 2>/dev/null`
 fi
 
+dnl autoconf 2.70 adds a --runstatedir option so that downstreams
+dnl can point to /run instead of the historic /var/run, but
+dnl autoconf hasn't had a release since 2012.
+dnl
+dnl gnulib sets configmake.h to include runstatedir, but sets
+dnl it to $localstatedir/run if $runstatedir env var is not set
+dnl which is useless for apps that need to use /run without
+dnl waiting for autoconf 2.70
+dnl
+dnl we introduce --with-runstatedir and then overwrite the
+dnl value of $runstatedir so gnulib's configmake.h becomes useful
+AC_ARG_WITH(
+    [runstatedir],
+    [AS_HELP_STRING(
+        [--with-runstatedir],
+        [State directory for temporary sockets, pid files, etc])])
+
+if test -n "$with_runstatedir"
+then
+  runstatedir=$with_runstatedir
+fi
+
+
 gl_EARLY
 gl_INIT
 
@@ -212,6 +235,7 @@ fi
 
 AM_CONDITIONAL([WITH_LINUX], [test "$with_linux" = "yes"])
 AM_CONDITIONAL([WITH_FREEBSD], [test "$with_freebsd" = "yes"])
+AM_CONDITIONAL([WITH_MACOS], [test "$with_macos" = "yes"])
 
 # We don't support the daemon yet
 if test "$with_win" = "yes" ; then
@@ -245,7 +269,6 @@ LIBVIRT_LINKER_NO_UNDEFINED
 LIBVIRT_ARG_APPARMOR
 LIBVIRT_ARG_ATTR
 LIBVIRT_ARG_AUDIT
-LIBVIRT_ARG_AVAHI
 LIBVIRT_ARG_BASH_COMPLETION
 LIBVIRT_ARG_BLKID
 LIBVIRT_ARG_CAPNG
@@ -284,7 +307,6 @@ LIBVIRT_CHECK_APPARMOR
 LIBVIRT_CHECK_ATOMIC
 LIBVIRT_CHECK_ATTR
 LIBVIRT_CHECK_AUDIT
-LIBVIRT_CHECK_AVAHI
 LIBVIRT_CHECK_BASH_COMPLETION
 LIBVIRT_CHECK_BLKID
 LIBVIRT_CHECK_CAPNG
@@ -339,6 +361,7 @@ AC_CHECK_FUNCS_ONCE([\
   getpwuid_r \
   getrlimit \
   getuid \
+  getutxid \
   if_indextoname \
   mmap \
   newlocale \
@@ -465,8 +488,6 @@ LIBVIRT_DRIVER_CHECK_LIBVIRTD
 LIBVIRT_DRIVER_CHECK_NETWORK
 LIBVIRT_DRIVER_CHECK_INTERFACE
 
-AM_CONDITIONAL([WITH_XENCONFIG], [test "$with_libxl" = "yes"])
-
 
 dnl
 dnl in case someone want to build static binaries
@@ -514,9 +535,6 @@ dnl
 AC_CHECK_HEADERS([linux/kvm.h])
 
 
-AM_CONDITIONAL([WITH_SETUID_RPC_CLIENT], [test "$with_lxc$with_login_shell" != "nono"])
-
-
 dnl
 dnl check for kernel headers required by src/bridge.c
 dnl
@@ -731,6 +749,23 @@ fi
 AC_SUBST([VIR_TEST_EXPENSIVE_DEFAULT])
 AM_CONDITIONAL([WITH_EXPENSIVE_TESTS], [test $VIR_TEST_EXPENSIVE_DEFAULT = 1])
 
+LIBVIRT_ARG_ENABLE([TEST_COVERAGE], [turn on code coverage instrumentation], [no])
+case "$enable_test_coverage" in
+  yes|no) ;;
+  *) AC_MSG_ERROR([bad value ${enable_test_coverga} for test-coverage option]) ;;
+esac
+
+if test "$enable_test_coverage" = yes; then
+  save_WARN_CFLAGS=$WARN_CFLAGS
+  WARN_CFLAGS=
+  gl_WARN_ADD([-fprofile-arcs])
+  gl_WARN_ADD([-ftest-coverage])
+  COVERAGE_FLAGS=$WARN_CFLAGS
+  AC_SUBST([COVERAGE_CFLAGS], [$COVERAGE_FLAGS])
+  AC_SUBST([COVERAGE_LDFLAGS], [$COVERAGE_FLAGS])
+  WARN_CFLAGS=$save_WARN_CFLAGS
+fi
+
 LIBVIRT_ARG_ENABLE([TEST_OOM], [memory allocation failure checking], [no])
 case "$enable_test_oom" in
   yes|no) ;;
@@ -970,7 +1005,6 @@ LIBVIRT_RESULT_ACL
 LIBVIRT_RESULT_APPARMOR
 LIBVIRT_RESULT_ATTR
 LIBVIRT_RESULT_AUDIT
-LIBVIRT_RESULT_AVAHI
 LIBVIRT_RESULT_BASH_COMPLETION
 LIBVIRT_RESULT_BLKID
 LIBVIRT_RESULT_CAPNG
@@ -1017,6 +1051,7 @@ LIBVIRT_WIN_RESULT_WINDRES
 AC_MSG_NOTICE([])
 AC_MSG_NOTICE([Test suite])
 AC_MSG_NOTICE([])
+AC_MSG_NOTICE([         Coverage: $enable_test_coverage])
 AC_MSG_NOTICE([        Alloc OOM: $enable_test_oom])
 AC_MSG_NOTICE([])
 AC_MSG_NOTICE([Miscellaneous])

docs/Makefile.am

@@ -22,6 +22,7 @@ DEVHELP_DIR=$(datadir)/gtk-doc/html/libvirt
 modules = \
 	libvirt-common \
 	libvirt-domain \
+	libvirt-domain-checkpoint \
 	libvirt-domain-snapshot \
 	libvirt-event \
 	libvirt-host \
@@ -67,10 +68,7 @@ css = \
 
 javascript = \
   js/main.js \
-  js/jquery-3.1.1.min.js \
-  js/jquery.rss.min.js \
-  js/moment.min.js
-
+  $(NULL)
 
 fonts = \
   fonts/LICENSE.md \
@@ -135,6 +133,10 @@ internals_html_in = \
   $(patsubst $(srcdir)/%,%,$(wildcard $(srcdir)/internals/*.html.in))
 internals_html = $(internals_html_in:%.html.in=%.html)
 
+kbase_html_in = \
+  $(patsubst $(srcdir)/%,%,$(wildcard $(srcdir)/kbase/*.html.in))
+kbase_html = $(kbase_html_in:%.html.in=%.html)
+
 # Since we ship pre-built html in the tarball, we must also
 # ship the sources, even when those sources are themselves
 # generated.
@@ -190,6 +192,7 @@ EXTRA_DIST= \
   $(xml) $(qemu_xml) $(lxc_xml) $(admin_xml) $(fig) $(png) $(css) \
   $(javascript) $(logofiles) \
   $(internals_html_in) $(internals_html) $(fonts) \
+  $(kbase_html_in) $(kbase_html) \
   aclperms.htmlinc \
   hvsupport.pl \
   $(schema_DATA)
@@ -205,6 +208,7 @@ MAINTAINERCLEANFILES = \
   $(addprefix $(srcdir)/,$(apihtml)) \
   $(addprefix $(srcdir)/,$(devhelphtml)) \
   $(addprefix $(srcdir)/,$(internals_html)) \
+  $(addprefix $(srcdir)/,$(kbase_html)) \
   $(srcdir)/hvsupport.html.in $(srcdir)/aclperms.htmlinc
 
 timestamp="$(shell if test -n "$$SOURCE_DATE_EPOCH"; \
@@ -221,7 +225,8 @@ qemu_api: $(srcdir)/libvirt-qemu-api.xml $(srcdir)/libvirt-qemu-refs.xml
 lxc_api: $(srcdir)/libvirt-lxc-api.xml $(srcdir)/libvirt-lxc-refs.xml
 admin_api: $(srcdir)/libvirt-admin-api.xml $(srcdir)/libvirt-admin-refs.xml
 
-web: $(dot_html) $(internals_html) html/index.html devhelp/index.html
+web: $(dot_html) $(internals_html) $(kbase_html) \
+	html/index.html devhelp/index.html
 
 hvsupport.html: $(srcdir)/hvsupport.html.in
 
@@ -232,20 +237,14 @@ $(srcdir)/hvsupport.html.in: $(srcdir)/hvsupport.pl $(api_DATA) \
 	$(AM_V_GEN)$(PERL) $(srcdir)/hvsupport.pl $(top_srcdir)/src > $@ \
 		|| { rm $@ && exit 1; }
 
-# xsltproc seems to add the xmlns="" attribute to random output elements:
-# use sed to strip it out, as leaving it there triggers XML errors during
-# further transformation steps
 news.html.in: \
 	  $(srcdir)/news.xml \
 	  $(srcdir)/news-html.xsl
 	$(AM_V_GEN)$(XSLTPROC) --nonet \
 	    $(srcdir)/news-html.xsl \
 	    $(srcdir)/news.xml \
-	  >$@-tmp \
-	    || { rm -f $@-tmp; exit 1; }; \
-	  sed 's/ xmlns=""//g' $@-tmp >$@ \
-	    || { rm -f $@-tmp; exit 1; }; \
-	  rm -f $@-tmp
+	  >$@ \
+	    || { rm -f $@; exit 1; };
 EXTRA_DIST += \
 	$(srcdir)/news.xml \
 	$(srcdir)/news.rng \
@@ -315,6 +314,7 @@ $(python_generated_files): $(APIBUILD_STAMP)
 $(APIBUILD_STAMP): $(srcdir)/apibuild.py \
 		$(top_srcdir)/include/libvirt/libvirt.h \
 		$(top_srcdir)/include/libvirt/libvirt-common.h.in \
+		$(top_srcdir)/include/libvirt/libvirt-domain-checkpoint.h \
 		$(top_srcdir)/include/libvirt/libvirt-domain-snapshot.h \
 		$(top_srcdir)/include/libvirt/libvirt-domain.h \
 		$(top_srcdir)/include/libvirt/libvirt-event.h \
@@ -331,6 +331,7 @@ $(APIBUILD_STAMP): $(srcdir)/apibuild.py \
 		$(top_srcdir)/include/libvirt/libvirt-admin.h \
 		$(top_srcdir)/include/libvirt/virterror.h \
 		$(top_srcdir)/src/libvirt.c \
+		$(top_srcdir)/src/libvirt-domain-checkpoint.c \
 		$(top_srcdir)/src/libvirt-domain-snapshot.c \
 		$(top_srcdir)/src/libvirt-domain.c \
 		$(top_srcdir)/src/libvirt-host.c \
@@ -384,6 +385,9 @@ install-data-local:
 	$(mkinstalldirs) $(DESTDIR)$(HTML_DIR)/internals
 	for f in $(internals_html); do \
 	  $(INSTALL) -m 0644 $(srcdir)/$$f $(DESTDIR)$(HTML_DIR)/internals; done
+	$(mkinstalldirs) $(DESTDIR)$(HTML_DIR)/kbase
+	for f in $(kbase_html); do \
+	  $(INSTALL) -m 0644 $(srcdir)/$$f $(DESTDIR)$(HTML_DIR)/kbase; done
 	$(mkinstalldirs) $(DESTDIR)$(DEVHELP_DIR)
 	for file in $(devhelphtml) $(devhelppng) $(devhelpcss); do \
 	    $(INSTALL) -m 0644 $(srcdir)/$${file} $(DESTDIR)$(DEVHELP_DIR) ; \
@@ -408,6 +412,9 @@ uninstall-local:
 	for f in $(internals_html); do \
 	  rm -f $(DESTDIR)$(HTML_DIR)/$$f; \
 	done
+	for f in $(kbase_html); do \
+	  rm -f $(DESTDIR)$(HTML_DIR)/$$f; \
+	done
 	for f in $(devhelphtml) $(devhelppng) $(devhelpcss); do \
 	  rm -f $(DESTDIR)$(DEVHELP_DIR)/$$(basename $$f); \
 	done

docs/api_extension.html.in

@@ -89,7 +89,7 @@
       separately.
     </p>
 
-    <h2><a name='publicapi'>Defining the public API</a></h2>
+    <h2><a id='publicapi'>Defining the public API</a></h2>
 
     <p>The first task is to define the public API.  If the new API
       involves an XML extension, you have to enhance the RelaxNG
@@ -119,7 +119,7 @@
       rework it as you go through the process of implementing it.
     </p>
 
-    <h2><a name='internalapi'>Defining the internal API</a></h2>
+    <h2><a id='internalapi'>Defining the internal API</a></h2>
 
     <p>
       Each public API call is associated with a driver, such as a host
@@ -146,7 +146,7 @@
       provide a <code>NULL</code> stub for the new function.
     </p>
 
-    <h2><a name='implpublic'>Implementing the public API</a></h2>
+    <h2><a id='implpublic'>Implementing the public API</a></h2>
 
     <p>
       Implementing the public API is largely a formality in which we wire up
@@ -179,7 +179,7 @@
 
     <p><code>src/libvirt-$MODULE.c</code></p>
 
-    <h2><a name='remoteproto'>Implementing the remote protocol</a></h2>
+    <h2><a id='remoteproto'>Implementing the remote protocol</a></h2>
 
     <p>
       Implementing the remote protocol is essentially a
@@ -187,7 +187,7 @@
       understood by referring to the existing code.
     </p>
 
-    <h3><a name='wireproto'>Defining the wire protocol format</a></h3>
+    <h3><a id='wireproto'>Defining the wire protocol format</a></h3>
 
     <p>
       Defining the wire protocol involves making additions to:
@@ -226,11 +226,11 @@
         src/remote/remote_protocol.h
     </code></p>
 
-    <h3><a name='rpcclient'>Implement the RPC client</a></h3>
+    <h3><a id='rpcclient'>Implement the RPC client</a></h3>
 
     <p>
-      Implementing the uses the rpcgen generated .h files.  The remote
-      method calls go in:
+      Implementing the RPC client uses the rpcgen generated .h files.
+      The remote method calls go in:
     </p>
 
     <p><code>src/remote/remote_driver.c</code></p>
@@ -256,7 +256,7 @@
       The server side dispatchers are implemented in:
     </p>
 
-    <p><code>src/remote/daemon_dispatch.c</code></p>
+    <p><code>src/remote/remote_daemon_dispatch.c</code></p>
 
     <p>Again, this step uses the .h files generated by make rpcgen.</p>
 

docs/apibuild.py

@@ -26,6 +26,7 @@ debugsym = None
 included_files = {
   "libvirt-common.h": "header with general libvirt API definitions",
   "libvirt-domain.h": "header with general libvirt API definitions",
+  "libvirt-domain-checkpoint.h": "header with general libvirt API definitions",
   "libvirt-domain-snapshot.h": "header with general libvirt API definitions",
   "libvirt-event.h": "header with general libvirt API definitions",
   "libvirt-host.h": "header with general libvirt API definitions",
@@ -39,6 +40,7 @@ included_files = {
   "virterror.h": "header with error specific API definitions",
   "libvirt.c": "Main interfaces for the libvirt library",
   "libvirt-domain.c": "Domain interfaces for the libvirt library",
+  "libvirt-domain-checkpoint.c": "Domain checkpoint interfaces for the libvirt library",
   "libvirt-domain-snapshot.c": "Domain snapshot interfaces for the libvirt library",
   "libvirt-host.c": "Host interfaces for the libvirt library",
   "libvirt-interface.c": "Interface interfaces for the libvirt library",

docs/dbus.html.in

@@ -6,14 +6,14 @@
 
     <ul id="toc"></ul>
 
-    <h2><a name="description">Description</a></h2>
+    <h2><a id="description">Description</a></h2>
 
     <p>
       libvirt-dbus wraps libvirt API to provide a high-level object-oriented
       API better suited for dbus-based applications.
     </p>
 
-    <h2><a name="git">GIT source repository</a></h2>
+    <h2><a id="git">GIT source repository</a></h2>
     <p>
       The D-Bus bindings source code is maintained in a
       <a href="https://git-scm.com/">git</a> repository available on
@@ -32,7 +32,7 @@ git clone https://libvirt.org/git/libvirt-dbus.git
 <a href="https://libvirt.org/git/?p=libvirt-dbus.git">https://libvirt.org/git/?p=libvirt-dbus.git</a>
 </pre>
 
-    <h2><a name="usage">Usage</a></h2>
+    <h2><a id="usage">Usage</a></h2>
 
     <p>
       libvirt-dbus exports libvirt API using D-Bus objects with methods and

docs/devhelp/html.xsl

@@ -173,7 +173,7 @@
   <xsl:template mode="details" match="struct">
     <xsl:variable name="name" select="string(@name)"/>
     <div class="refsect2" lang="en">
-    <h3><a name="{$name}">Structure </a><xsl:value-of select="$name"/></h3>
+    <h3><a id="{$name}">Structure </a><xsl:value-of select="$name"/></h3>
     <pre class="programlisting">
     <xsl:value-of select="@type"/><xsl:text> {
 </xsl:text>
@@ -214,7 +214,7 @@
   <xsl:template mode="details" match="typedef[@type != 'enum']">
     <xsl:variable name="name" select="string(@name)"/>
     <div class="refsect2" lang="en">
-    <h3><a name="{$name}">Typedef </a><xsl:value-of select="$name"/></h3>
+    <h3><a id="{$name}">Typedef </a><xsl:value-of select="$name"/></h3>
     <pre class="programlisting">
     <xsl:call-template name="dumptext">
       <xsl:with-param name="text" select="string(@type)"/>
@@ -236,7 +236,7 @@
   <xsl:template mode="details" match="variable">
     <xsl:variable name="name" select="string(@name)"/>
     <div class="refsect2" lang="en">
-    <h3><a name="{$name}">Variable </a><xsl:value-of select="$name"/></h3>
+    <h3><a id="{$name}">Variable </a><xsl:value-of select="$name"/></h3>
     <pre class="programlisting">
     <xsl:call-template name="dumptext">
       <xsl:with-param name="text" select="string(@type)"/>
@@ -258,7 +258,7 @@
   <xsl:template mode="details" match="typedef[@type = 'enum']">
     <xsl:variable name="name" select="string(@name)"/>
     <div class="refsect2" lang="en">
-    <h3><a name="{$name}">Enum </a><xsl:value-of select="$name"/></h3>
+    <h3><a id="{$name}">Enum </a><xsl:value-of select="$name"/></h3>
     <pre class="programlisting">
     <xsl:text>enum </xsl:text>
     <a href="#{$name}"><xsl:value-of select="$name"/></a>
@@ -267,7 +267,7 @@
     <xsl:for-each select="/api/symbols/enum[@type=$name]">
       <xsl:sort select="@value" data-type="number" order="ascending"/>
       <xsl:text>    </xsl:text>
-      <a name="{@name}"><xsl:value-of select="@name"/></a>
+      <a id="{@name}"><xsl:value-of select="@name"/></a>
       <xsl:if test="@value">
         <xsl:text> = </xsl:text>
 	<xsl:value-of select="@value"/>
@@ -295,7 +295,7 @@
   <xsl:template mode="details" match="macro">
     <xsl:variable name="name" select="string(@name)"/>
     <div class="refsect2" lang="en">
-    <h3><a name="{$name}">Macro </a><xsl:value-of select="$name"/></h3>
+    <h3><a id="{$name}">Macro </a><xsl:value-of select="$name"/></h3>
     <pre class="programlisting">
     <xsl:text>#define </xsl:text>
     <a href="#{$name}"><xsl:value-of select="$name"/></a>
@@ -342,7 +342,7 @@
     <xsl:variable name="tlen" select="string-length(return/@type)"/>
     <xsl:variable name="blen" select="(($nlen + 8) - (($nlen + 8) mod 8)) + (($tlen + 8) - (($tlen + 8) mod 8))"/>
     <div class="refsect2" lang="en">
-    <h3><a name="{$name}"></a><xsl:value-of select="$name"/> ()</h3>
+    <h3><a id="{$name}"></a><xsl:value-of select="$name"/> ()</h3>
     <pre class="programlisting">
     <xsl:call-template name="dumptext">
       <xsl:with-param name="text" select="return/@type"/>
@@ -419,7 +419,7 @@
     <xsl:variable name="tlen" select="string-length(return/@type)"/>
     <xsl:variable name="blen" select="(($nlen + 8) - (($nlen + 8) mod 8)) + (($tlen + 8) - (($tlen + 8) mod 8))"/>
     <div class="refsect2" lang="en">
-    <h3><a name="{$name}"></a>Function type <xsl:value-of select="$name"/> </h3>
+    <h3><a id="{$name}"></a>Function type <xsl:value-of select="$name"/> </h3>
     <pre class="programlisting">
     <xsl:call-template name="dumptext">
       <xsl:with-param name="text" select="return/@type"/>

docs/docs.html.in

@@ -72,6 +72,7 @@
         <dd>Description of the XML schemas for
           <a href="formatdomain.html">domains</a>,
           <a href="formatnetwork.html">networks</a>,
+          <a href="formatnetworkport.html">network ports</a>,
           <a href="formatnwfilter.html">network filtering</a>,
           <a href="formatstorage.html">storage</a>,
           <a href="formatstorageencryption.html">storage encryption</a>,
@@ -80,16 +81,12 @@
           <a href="formatstoragecaps.html">storage pool capabilities</a>,
           <a href="formatnode.html">node devices</a>,
           <a href="formatsecret.html">secrets</a>,
-          <a href="formatsnapshot.html">snapshots</a></dd>
+          <a href="formatsnapshot.html">snapshots</a>,
+          <a href="formatcheckpoint.html">checkpoints</a></dd>
 
         <dt><a href="uri.html">URI format</a></dt>
         <dd>The URI formats used for connecting to libvirt</dd>
 
-        <dt><a href="locking.html">Disk locking</a></dt>
-        <dd>Ensuring exclusive guest access to disks with
-          <a href="locking-lockd.html">virtlockd</a> or
-          <a href="locking-sanlock.html">Sanlock</a></dd>
-
         <dt><a href="cgroups.html">CGroups</a></dt>
         <dd>Control groups integration</dd>
 
@@ -97,6 +94,7 @@
         <dd>Reference manual for the C public API, split in
           <a href="html/libvirt-libvirt-common.html">common</a>,
           <a href="html/libvirt-libvirt-domain.html">domain</a>,
+          <a href="html/libvirt-libvirt-domain-checkpoint.html">domain checkpoint</a>,
           <a href="html/libvirt-libvirt-domain-snapshot.html">domain snapshot</a>,
           <a href="html/libvirt-virterror.html">error</a>,
           <a href="html/libvirt-libvirt-event.html">event</a>,
@@ -119,8 +117,8 @@
         <dt><a href="hvsupport.html">Driver support</a></dt>
         <dd>matrix of API support per hypervisor per release</dd>
 
-        <dt><a href="secureusage.html">Secure usage</a></dt>
-        <dd>Secure usage of the libvirt APIs</dd>
+        <dt><a href="kbase.html">Knowledge Base</a></dt>
+        <dd>Task oriented guides to key features</dd>
       </dl>
     </div>
 

docs/drvqemu.html.in

@@ -38,7 +38,7 @@
       <li>
         <strong>KVM hypervisor</strong>: The driver will probe <code>/usr/bin</code>
         for the presence of <code>qemu-kvm</code> and <code>/dev/kvm</code> device
-        node. If both are found, then KVM fullyvirtualized, hardware accelerated
+        node. If both are found, then KVM fully virtualized, hardware accelerated
         guests will be available.
       </li>
     </ul>
@@ -376,7 +376,7 @@ chmod o+x /path/to/directory
     <h3><a id="securityacl">Cgroups device ACLs</a></h3>
 
     <p>
-      Recent Linux kernels have a capability known as "cgroups" which is used
+      Linux kernels have a capability known as "cgroups" which is used
       for resource management. It is implemented via a number of "controllers",
       each controller covering a specific task/functional area. One of the
       available controllers is the "devices" controller, which is able to
@@ -426,6 +426,10 @@ mount -t cgroup none /dev/cgroup -o devices
 
     <h3><a id="xmlimport">Converting from QEMU args to domain XML</a></h3>
 
+    <p>
+      <b>Note:</b> this operation is <span class="removed"> deleted as of
+        5.5.0</span> and will return an error.
+    </p>
     <p>
       The <code>virsh domxml-from-native</code> provides a way to
       convert an existing set of QEMU args into a guest description
@@ -439,82 +443,17 @@ mount -t cgroup none /dev/cgroup -o devices
       examples) or by manually crafting XML to pass to virsh.
     </p>
 
-    <pre>$ cat &gt; demo.args &lt;&lt;EOF
-LC_ALL=C PATH=/bin HOME=/home/test USER=test \
-LOGNAME=test /usr/bin/qemu -S -M pc -m 214 -smp 1 \
--nographic -monitor pty -no-acpi -boot c -hda \
-/dev/HostVG/QEMUGuest1 -net none -serial none \
--parallel none -usb
-EOF
-
-$ virsh domxml-from-native qemu-argv demo.args
-&lt;domain type='qemu'&gt;
-  &lt;uuid&gt;00000000-0000-0000-0000-000000000000&lt;/uuid&gt;
-  &lt;memory&gt;219136&lt;/memory&gt;
-  &lt;currentMemory&gt;219136&lt;/currentMemory&gt;
-  &lt;vcpu&gt;1&lt;/vcpu&gt;
-  &lt;os&gt;
-    &lt;type arch='i686' machine='pc'&gt;hvm&lt;/type&gt;
-    &lt;boot dev='hd'/&gt;
-  &lt;/os&gt;
-  &lt;clock offset='utc'/&gt;
-  &lt;on_poweroff&gt;destroy&lt;/on_poweroff&gt;
-  &lt;on_reboot&gt;restart&lt;/on_reboot&gt;
-  &lt;on_crash&gt;destroy&lt;/on_crash&gt;
-  &lt;devices&gt;
-    &lt;emulator&gt;/usr/bin/qemu&lt;/emulator&gt;
-    &lt;disk type='block' device='disk'&gt;
-      &lt;source dev='/dev/HostVG/QEMUGuest1'/&gt;
-      &lt;target dev='hda' bus='ide'/&gt;
-    &lt;/disk&gt;
-  &lt;/devices&gt;
-&lt;/domain&gt;
-</pre>
-
-    <p>NB, don't include the literal \ in the args, put everything on one line</p>
-
     <h3><a id="xmlexport">Converting from domain XML to QEMU args</a></h3>
 
     <p>
       The <code>virsh domxml-to-native</code> provides a way to convert a
       guest description using libvirt Domain XML, into a set of QEMU args
-      that can be run manually.
+      that can be run manually. Note that currently the command line formatted
+      by libvirt is no longer suited for manually running qemu as the
+      configuration expects various resources and open file descriptors passed
+      to the process which are usually prepared by libvirtd.
     </p>
 
-    <pre>$ cat &gt; demo.xml &lt;&lt;EOF
-&lt;domain type='qemu'&gt;
-  &lt;name&gt;QEMUGuest1&lt;/name&gt;
-  &lt;uuid&gt;c7a5fdbd-edaf-9455-926a-d65c16db1809&lt;/uuid&gt;
-  &lt;memory&gt;219200&lt;/memory&gt;
-  &lt;currentMemory&gt;219200&lt;/currentMemory&gt;
-  &lt;vcpu&gt;1&lt;/vcpu&gt;
-  &lt;os&gt;
-    &lt;type arch='i686' machine='pc'&gt;hvm&lt;/type&gt;
-    &lt;boot dev='hd'/&gt;
-  &lt;/os&gt;
-  &lt;clock offset='utc'/&gt;
-  &lt;on_poweroff&gt;destroy&lt;/on_poweroff&gt;
-  &lt;on_reboot&gt;restart&lt;/on_reboot&gt;
-  &lt;on_crash&gt;destroy&lt;/on_crash&gt;
-  &lt;devices&gt;
-    &lt;emulator&gt;/usr/bin/qemu&lt;/emulator&gt;
-    &lt;disk type='block' device='disk'&gt;
-      &lt;source dev='/dev/HostVG/QEMUGuest1'/&gt;
-      &lt;target dev='hda' bus='ide'/&gt;
-    &lt;/disk&gt;
-  &lt;/devices&gt;
-&lt;/domain&gt;
-EOF
-
-$ virsh domxml-to-native qemu-argv demo.xml
-  LC_ALL=C PATH=/usr/bin:/bin HOME=/home/test \
-  USER=test LOGNAME=test /usr/bin/qemu -S -M pc \
-  -no-kqemu -m 214 -smp 1 -name QEMUGuest1 -nographic \
-  -monitor pty -no-acpi -boot c -drive \
-  file=/dev/HostVG/QEMUGuest1,if=ide,index=0 -net none \
-  -serial none -parallel none -usb
-</pre>
-
     <h2><a id="qemucommand">Pass-through of arbitrary qemu
     commands</a></h2>
 
@@ -539,7 +478,8 @@ $ virsh domxml-to-native qemu-argv demo.xml
       qemu guest (<span class="since">Since 0.8.3</span>),
       and <code>virDomainQemuAttach</code>, for registering a qemu
       domain that was manually started so that it can then be managed
-      by libvirtd (<span class="since">Since 0.9.4</span>).
+      by libvirtd (<span class="since">Since 0.9.4</span>,
+      <span class="removed">removed as of 5.5.0</span>).
     </p>
     <p>Additionally, the following XML additions allow fine-tuning of
       the command line given to qemu when starting a domain
@@ -580,6 +520,36 @@ $ virsh domxml-to-native qemu-argv demo.xml
     &lt;qemu:env name='QEMU_ENV' value='VAL'/&gt;
   &lt;/qemu:commandline&gt;
 &lt;/domain&gt;
+</pre>
+
+    <h2><a id="xmlnsfeatures">QEMU feature configuration for testing</a></h2>
+
+      <p>
+        In some cases e.g. when developing a new feature or for testing it may
+        be required to control a given qemu feature (or qemu capability) to test
+        it before it's complete or disable it for debugging purposes.
+        <span class="since">Since 5.5.0</span> it's possible to use the same
+        special qemu namespace as above
+        (<code>http://libvirt.org/schemas/domain/qemu/1.0</code>) and use
+        <code>&lt;qemu:capabilities&gt;</code> element to add
+        (<code>&lt;qemu:add capability="capname"/&gt;</code>) or remove
+        (<code>&lt;qemu:del capability="capname"/&gt;</code>) capability bits.
+        The naming of the feature bits is the same libvirt uses in the status
+        XML. Note that this feature is meant for experiments only and should
+        _not_ be used in production.
+      </p>
+
+      <p>Example:</p><pre>
+&lt;domain type='qemu' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'&gt;
+  &lt;name&gt;testvm&lt;/name&gt;
+
+   [...]
+
+  &lt;qemu:capabilities&gt;
+    &lt;qemu:add capability='blockdev'/&gt;
+    &lt;qemu:del capability='drive'/&gt;
+  &lt;/qemu:capabilities&gt;
+&lt;/domain&gt;
 </pre>
 
     <h2><a id="xmlconfig">Example domain XML config</a></h2>

docs/drvxen.html.in

@@ -58,8 +58,7 @@ xen+ssh://root@example.com/system (remote access, SSH tunnelled)
       original Xen virtual machine config format used by the legacy
       xm/xend toolstack. The second, known as <code>xen-sxpr</code>,
       is also one of the original formats that was used by xend's
-      legacy HTTP RPC service. For compatibility, import and export
-      of these legacy formats is supported by the libxl driver.
+      legacy HTTP RPC service (<span class='removed'>removed in 5.6.0</span>)
     </p>
 
     <p>

docs/format.html.in

@@ -17,6 +17,7 @@
       <li><a href="formatdomain.html">Domains</a></li>
       <li><a href="formatnetwork.html">Networks</a></li>
       <li><a href="formatnwfilter.html">Network filtering</a></li>
+      <li><a href="formatnetworkport.html">Network ports</a></li>
       <li><a href="formatstorage.html">Storage</a></li>
       <li><a href="formatstorageencryption.html">Storage encryption</a></li>
       <li><a href="formatcaps.html">Capabilities</a></li>
@@ -25,6 +26,7 @@
       <li><a href="formatnode.html">Node devices</a></li>
       <li><a href="formatsecret.html">Secrets</a></li>
       <li><a href="formatsnapshot.html">Snapshots</a></li>
+      <li><a href="formatcheckpoint.html">Checkpoints</a></li>
     </ul>
 
     <h2>Command line validation</h2>

docs/formatcheckpoint.html.in

@@ -0,0 +1,198 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <body>
+    <h1>Checkpoint XML format</h1>
+
+    <ul id="toc"></ul>
+
+    <h2><a id="CheckpointAttributes">Checkpoint XML</a></h2>
+
+    <p>
+      One method of capturing domain disk backups is via the use of
+      incremental backups. Right now, incremental backups are only
+      supported for the QEMU hypervisor when using qcow2 disks at the
+      active layer; if other disk formats are in use, capturing disk
+      backups requires different libvirt APIs
+      (see <a href="kbase/domainstatecapture.html">domain state
+      capture</a> for a comparison between APIs).
+    </p>
+    <p>
+      Libvirt is able to facilitate incremental backups by tracking
+      disk checkpoints, which are points in time against which it is
+      easy to compute which portion of the disk has changed. Given a
+      full backup (a backup created from the creation of the disk to a
+      given point in time), coupled with the creation of a disk
+      checkpoint at that time, and an incremental backup (a backup
+      created from just the dirty portion of the disk between the
+      first checkpoint and the second backup operation), it is
+      possible to do an offline reconstruction of the state of the
+      disk at the time of the second backup without having to copy as
+      much data as a second full backup would require.  Future API
+      additions will make it possible to create checkpoints in
+      conjunction with a backup
+      via <code>virDomainBackupBegin()</code> or with an external
+      snapshot via <code>virDomainSnapshotCreateXML2</code>; but for
+      now, libvirt exposes enough support to create disk checkpoints
+      independently from a backup operation
+      via <code>virDomainCheckpointCreateXML()</code> <span class="since">since
+      5.6.0</span>.  Likewise, the creation of checkpoints when
+      external snapshots exist is currently forbidden, although future
+      work will make it possible to integrate these two concepts.
+    </p>
+    <p>
+      Attributes of libvirt checkpoints are stored as child elements
+      of the <code>domaincheckpoint</code> element. At checkpoint
+      creation time, normally only
+      the <code>name</code>, <code>description</code>,
+      and <code>disks</code> elements are settable. The rest of the
+      fields are ignored on creation and will be filled in by libvirt
+      in for informational purposes
+      by <code>virDomainCheckpointGetXMLDesc()</code>. However, when
+      redefining a checkpoint, with
+      the <code>VIR_DOMAIN_CHECKPOINT_CREATE_REDEFINE</code> flag
+      of <code>virDomainCheckpointCreateXML()</code>, all of the XML
+      fields described here are relevant on input, even the fields
+      that are normally described as readonly for output.
+    </p>
+    <p>
+      The top-level <code>domaincheckpoint</code> element may contain
+      the following elements:
+    </p>
+    <dl>
+      <dt><code>name</code></dt>
+      <dd>The optional name for this checkpoint. If the name is
+        omitted, libvirt will create a name based on the time of the
+        creation.
+      </dd>
+      <dt><code>description</code></dt>
+      <dd>An optional human-readable description of the checkpoint.
+        If the description is omitted when initially creating the
+        checkpoint, then this field will be empty.
+      </dd>
+      <dt><code>disks</code></dt>
+      <dd>On input, this is an optional listing of specific
+        instructions for disk checkpoints; it is needed when making a
+        checkpoint on only a subset of the disks associated with a
+        domain. In particular, since QEMU checkpoints require qcow2
+        disks, this element may be needed on input for excluding guest
+        disks that are not in qcow2 format. If the entire element was
+        omitted on input, then all disks participate in the
+        checkpoint, otherwise, only the disks explicitly listed which
+        do not also use <code>checkpoint='no'</code> will
+        participate. On output, this is the checkpoint state of each
+        of the domain's disks.
+        <dl>
+          <dt><code>disk</code></dt>
+          <dd>This sub-element describes the checkpoint properties of
+            a specific disk with the following attributes:
+            <dl>
+              <dt><code>name</code></dt>
+              <dd>A mandatory attribute which must match either
+                the <code>&lt;target dev='name'/&gt;</code> or an
+                unambiguous <code>&lt;source file='name'/&gt;</code>
+                of one of
+                the <a href="formatdomain.html#elementsDisks">disk
+                devices</a> specified for the domain at the time of
+                the checkpoint.</dd>
+              <dt><code>checkpoint</code></dt>
+              <dd>An optional attribute; possible values
+                are <code>no</code> when the disk does not participate
+                in this checkpoint; or <code>bitmap</code> if the disk
+                will track all changes since the creation of this
+                checkpoint via a bitmap.</dd>
+              <dt><code>bitmap</code></dt>
+              <dd>The attribute <code>bitmap</code> is only valid
+                if <code>checkpoint='bitmap'</code>; it describes the
+                name of the tracking bitmap (defaulting to the
+                checkpoint name).</dd>
+              <dt><code>size</code></dt>
+              <dd>The attribute <code>size</code> is ignored on input;
+                on output, it is only present if
+                the <code>VIR_DOMAIN_CHECKPOINT_XML_SIZE</code> flag
+                was used to perform a dynamic query of the estimated
+                size in bytes of the changes made since the checkpoint
+                was created.</dd>
+            </dl>
+          </dd>
+        </dl>
+      </dd>
+      <dt><code>creationTime</code></dt>
+      <dd>A readonly representation of the time this checkpoint was
+        created. The time is specified in seconds since the Epoch,
+        UTC (i.e. Unix time).
+      </dd>
+      <dt><code>parent</code></dt>
+      <dd>Readonly, present if this checkpoint has a parent. The
+        parent name is given by the sub-element <code>name</code>. The
+        parent relationship allows tracking a list of related checkpoints.
+      </dd>
+      <dt><code>domain</code></dt>
+      <dd>A readonly representation of the
+        inactive <a href="formatdomain.html">domain configuration</a>
+        at the time the checkpoint was created. This element may be
+        omitted for output brevity by supplying
+        the <code>VIR_DOMAIN_CHECKPOINT_XML_NO_DOMAIN</code> flag, but
+        the resulting XML is no longer viable for use with
+        the <code>VIR_DOMAIN_CHECKPOINT_CREATE_REDEFINE</code> flag
+        of <code>virDomainCheckpointCreateXML()</code>. The domain
+        will have security-sensitive information omitted unless the
+        flag <code>VIR_DOMAIN_CHECKPOINT_XML_SECURE</code> is provided
+        on a read-write connection.
+      </dd>
+    </dl>
+
+    <h2><a id="example">Examples</a></h2>
+
+    <p>Using this XML to create a checkpoint of just vda on a qemu
+      domain with two disks and a prior checkpoint:</p>
+    <pre>
+&lt;domaincheckpoint&gt;
+  &lt;description&gt;Completion of updates after OS install&lt;/description&gt;
+  &lt;disks&gt;
+    &lt;disk name='vda' checkpoint='bitmap'/&gt;
+    &lt;disk name='vdb' checkpoint='no'/&gt;
+  &lt;/disks&gt;
+&lt;/domaincheckpoint&gt;</pre>
+
+    <p>will result in XML similar to this from
+      <code>virDomainCheckpointGetXMLDesc()</code>:</p>
+    <pre>
+&lt;domaincheckpoint&gt;
+  &lt;name&gt;1525889631&lt;/name&gt;
+  &lt;description&gt;Completion of updates after OS install&lt;/description&gt;
+  &lt;parent&gt;
+    &lt;name&gt;1525111885&lt;/name&gt;
+  &lt;/parent&gt;
+  &lt;creationTime&gt;1525889631&lt;/creationTime&gt;
+  &lt;disks&gt;
+    &lt;disk name='vda' checkpoint='bitmap' bitmap='1525889631'/&gt;
+    &lt;disk name='vdb' checkpoint='no'/&gt;
+  &lt;/disks&gt;
+  &lt;domain type='qemu'&gt;
+    &lt;name&gt;fedora&lt;/name&gt;
+    &lt;uuid&gt;93a5c045-6457-2c09-e56c-927cdf34e178&lt;/uuid&gt;
+    &lt;memory&gt;1048576&lt;/memory&gt;
+    ...
+    &lt;devices&gt;
+      &lt;disk type='file' device='disk'&gt;
+        &lt;driver name='qemu' type='qcow2'/&gt;
+        &lt;source file='/path/to/file1'/&gt;
+        &lt;target dev='vda' bus='virtio'/&gt;
+      &lt;/disk&gt;
+      &lt;disk type='file' device='disk' snapshot='external'&gt;
+        &lt;driver name='qemu' type='raw'/&gt;
+        &lt;source file='/path/to/file2'/&gt;
+        &lt;target dev='vdb' bus='virtio'/&gt;
+      &lt;/disk&gt;
+      ...
+    &lt;/devices&gt;
+  &lt;/domain&gt;
+&lt;/domaincheckpoint&gt;</pre>
+
+    <p>With that checkpoint created, the qcow2 image is now tracking
+      all changes that occur in the image since the checkpoint via
+      the persistent bitmap named <code>1525889631</code>.
+    </p>
+  </body>
+</html>

docs/formatdomain.html.in

@@ -1590,8 +1590,8 @@
           hand, the ABI provided to the guest is reproducible. During
           migration, complete CPU model definition is transferred to the
           destination host so the migrated guest will see exactly the same CPU
-          model even if the destination host contains more capable CPUs for
-          the running instance of the guest; but shutting down and restarting
+          model for the running instance of the guest, even if the destination
+          host contains more capable CPUs or newer kernel; but shutting down and restarting
           the guest may present different hardware to the guest according to
           the capabilities of the new host. Prior to libvirt 3.2.0 and QEMU
           2.9.0 detection of the host CPU model via QEMU is not supported.
@@ -1625,10 +1625,10 @@
           environment cannot be reproduced on different hardware. Thus, if you
           hit any bugs, you are on your own. Further details of that CPU can
           be changed using <code>feature</code> elements. Migration of a guest
-          using host-passthrough is dangerous if the source and destination
-          hosts are not identical in both hardware and configuration. If such
-          a migration is attempted then the guest may hang or crash upon
-          resuming execution on the destination host.</dd>
+          using host-passthrough is dangerous if the source and destination hosts
+          are not identical in both hardware, QEMU version, microcode version
+          and configuration. If such a migration is attempted then the guest may
+          hang or crash upon resuming execution on the destination host.</dd>
         </dl>
 
         Both <code>host-model</code> and <code>host-passthrough</code> modes
@@ -1959,7 +1959,7 @@
       <span class="since">Since 3.9.0</span>, the lifecycle events can
       be configured via the
       <a href="html/libvirt-libvirt-domain.html#virDomainSetLifecycleAction">
-        <code>virDomainSetLifecycleAction</code></a> API.
+        <code>virDomainSetLifecycleAction</code></a> API.
     </p>
 
     <p>
@@ -2033,6 +2033,9 @@
     &lt;vpindex state='on'/&gt;
     &lt;runtime state='on'/&gt;
     &lt;synic state='on'/&gt;
+    &lt;stimer state='on'&gt;
+      &lt;direct state='on'/&gt;
+    &lt;/stimer&gt;
     &lt;reset state='on'/&gt;
     &lt;vendor_id state='on' value='KVM Hv'/&gt;
     &lt;frequencies state='on'/&gt;
@@ -2040,10 +2043,10 @@
     &lt;tlbflush state='on'/&gt;
     &lt;ipi state='on'/&gt;
     &lt;evmcs state='on'/&gt;
-    &lt;msrs unknown='ignore'/&gt;
   &lt;/hyperv&gt;
   &lt;kvm&gt;
     &lt;hidden state='on'/&gt;
+    &lt;hint-dedicated state='on'/&gt;
   &lt;/kvm&gt;
   &lt;pvspinlock state='on'/&gt;
   &lt;gic version='2'/&gt;
@@ -2056,6 +2059,7 @@
     &lt;tseg unit='MiB'&gt;48&lt;/tseg&gt;
   &lt;/smm&gt;
   &lt;htm state='on'/&gt;
+  &lt;msrs unknown='ignore'/&gt;
 &lt;/features&gt;
 ...</pre>
 
@@ -2141,15 +2145,15 @@
         </tr>
         <tr>
           <td>synic</td>
-          <td>Enable Synthetic Interrupt Controller (SyNIC)</td>
+          <td>Enable Synthetic Interrupt Controller (SynIC)</td>
           <td>on, off</td>
           <td><span class="since">1.3.3 (QEMU 2.6)</span></td>
         </tr>
         <tr>
           <td>stimer</td>
-          <td>Enable SyNIC timers</td>
-          <td>on, off</td>
-          <td><span class="since">1.3.3 (QEMU 2.6)</span></td>
+          <td>Enable SynIC timers, optionally with Direct Mode support</td>
+          <td>on, off; direct - on,off</td>
+          <td><span class="since">1.3.3 (QEMU 2.6), direct mode 5.7.0 (QEMU 4.1)</span></td>
         </tr>
         <tr>
           <td>reset</td>
@@ -2216,6 +2220,12 @@
           <td>on, off</td>
           <td><span class="since">1.2.8 (QEMU 2.1.0)</span></td>
         </tr>
+        <tr>
+          <td>hint-dedicated</td>
+          <td>Allows a guest to enable optimizations when running on dedicated vCPUs</td>
+          <td>on, off</td>
+          <td><span class="since">5.7.0 (QEMU 2.12.1)</span></td>
+        </tr>
       </table>
       </dd>
       <dt><code>pmu</code></dt>
@@ -2439,7 +2449,9 @@
             being modified, and can be one of
             "platform" (currently unsupported),
             "hpet" (libxl, xen, qemu), "kvmclock" (qemu),
-            "pit" (qemu), "rtc" (qemu), "tsc" (libxl) or "hypervclock"
+            "pit" (qemu), "rtc" (qemu), "tsc" (libxl, qemu -
+            <span class="since">since 3.2.0</span>)
+            or "hypervclock"
             (qemu - <span class="since">since 1.2.2</span>).
 
             The <code>hypervclock</code> timer adds support for the
@@ -4076,9 +4088,9 @@
       </dd>
       <dt><code>spapr-vio</code></dt>
       <dd>On PowerPC pseries guests, devices can be assigned to the
-        SPAPR-VIO bus.  It has a flat 64-bit address space; by
+        SPAPR-VIO bus.  It has a flat 32-bit address space; by
         convention, devices are generally assigned at a non-zero
-        multiple of 0x1000, but other addresses are valid and
+        multiple of 0x00001000, but other addresses are valid and
         permitted by libvirt.  Each address has the following
         additional attribute: <code>reg</code> (the hex value address
         of the starting register).  <span class="since">Since
@@ -4414,7 +4426,7 @@
       subelement <code>&lt;model&gt;</code> with an attribute
       <code>name</code>. The name attribute holds the name of the
       specific device that qemu is emulating (e.g. "i82801b11-bridge")
-      rather than simply the class of device ("dmi-to-pci-bridge",
+      rather than simply the class of device ("pcie-to-pci-bridge",
       "pci-bridge"), which is set in the controller element's
       model <b>attribute</b>.  In almost all cases, you should not
       manually add a <code>&lt;model&gt;</code> subelement to a
@@ -4603,11 +4615,11 @@
 ...
 &lt;devices&gt;
   &lt;controller type='pci' index='0' model='pcie-root'/&gt;
-  &lt;controller type='pci' index='1' model='dmi-to-pci-bridge'&gt;
-    &lt;address type='pci' domain='0' bus='0' slot='0xe' function='0'/&gt;
+  &lt;controller type='pci' index='1' model='pcie-root-port'&gt;
+    &lt;address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/&gt;
   &lt;/controller&gt;
-  &lt;controller type='pci' index='2' model='pci-bridge'&gt;
-    &lt;address type='pci' domain='0' bus='1' slot='1' function='0'/&gt;
+  &lt;controller type='pci' index='2' model='pcie-to-pci-bridge'&gt;
+    &lt;address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/&gt;
   &lt;/controller&gt;
 &lt;/devices&gt;
 ...</pre>
@@ -5309,6 +5321,14 @@
       information for different classes of network
       connections. <span class="since">Since 0.9.4</span>.
     </p>
+    <p>
+      When a guest is running an interface of type <code>network</code>
+      may include a <code>portid</code> attribute. This provides the UUID
+      of an associated virNetworkPortPtr object that records the association
+      between the domain interface and the network. This attribute is
+      read-only since port objects are create and deleted automatically
+      during startup and shutdown. <span class="since">Since 5.1.0</span>
+    </p>
     <p>
       Also, similar to <code>direct</code> network connections
       (described below), a connection of type <code>network</code> may
@@ -6982,8 +7002,9 @@ qemu-kvm -net nic,model=? /dev/null
           attribute which takes the value "vga", "cirrus", "vmvga", "xen",
           "vbox", "qxl" (<span class="since">since 0.8.6</span>),
           "virtio" (<span class="since">since 1.3.0</span>),
-          "gop" (<span class="since">since 3.2.0</span>), or
-          "none" (<span class="since">since 4.6.0</span>)
+          "gop" (<span class="since">since 3.2.0</span>),
+          "none" (<span class="since">since 4.6.0</span>, or "bochs"
+          (<span class="since">since 5.6.0</span>)
           depending on the hypervisor features available.
           The purpose of the type <code>none</code> is to instruct libvirt not
           to add a default video device in the guest (see the paragraph above).
@@ -8204,6 +8225,9 @@ qemu-kvm -net nic,model=? /dev/null
       TPM functionality for each VM. QEMU talks to it over a Unix socket. With
       the emulator device type each guest gets its own private TPM.
       <span class="since">'emulator' since 4.5.0</span>
+      The state of the TPM emulator can be encrypted by providing an
+      <code>encryption</code> element.
+      <span class="since">'encryption' since 5.6.0</span>
     </p>
     <p>
      Example: usage of the TPM Emulator
@@ -8213,6 +8237,7 @@ qemu-kvm -net nic,model=? /dev/null
   &lt;devices&gt;
     &lt;tpm model='tpm-tis'&gt;
       &lt;backend type='emulator' version='2.0'&gt;
+        &lt;encryption secret='6dd3e4a5-1d76-44ce-961f-f119f5aad935'/&gt;
       &lt;/backend&gt;
     &lt;/tpm&gt;
   &lt;/devices&gt;
@@ -8275,6 +8300,14 @@ qemu-kvm -net nic,model=? /dev/null
           <li>'2.0' : creates a TPM 2.0</li>
         </ul>
       </dd>
+      <dt><code>encryption</code></dt>
+      <dd>
+        <p>
+          The <code>encryption</code> element allows the state of a TPM emulator
+          to be encrypted. The <code>secret</code> must reference a secret object
+          that holds the passphrase from which the encryption key will be derived.
+        </p>
+      </dd>
     </dl>
 
     <h4><a id="elementsNVRAM">NVRAM device</a></h4>
@@ -8291,7 +8324,7 @@ qemu-kvm -net nic,model=? /dev/null
 ...
 &lt;devices&gt;
   &lt;nvram&gt;
-    &lt;address type='spapr-vio' reg='0x3000'/&gt;
+    &lt;address type='spapr-vio' reg='0x00003000'/&gt;
   &lt;/nvram&gt;
 &lt;/devices&gt;
 ...
@@ -8675,14 +8708,17 @@ qemu-kvm -net nic,model=? /dev/null
       <dt><code>model</code></dt>
       <dd>
         <p>
-          Currently only the <code>intel</code> model is supported.
+          Supported values are <code>intel</code> (for Q35 guests) and,
+          <span class="since">since 5.5.0</span>, <code>smmuv3</code> (for
+          ARM virt guests).
         </p>
       </dd>
       <dt><code>driver</code></dt>
       <dd>
         <p>
           The <code>driver</code> subelement can be used to configure
-          additional options:
+          additional options, some of which might only be available for
+          certain IOMMU models:
         </p>
         <dl>
           <dt><code>intremap</code></dt>

docs/formatdomaincaps.html.in

@@ -450,6 +450,41 @@
       element.</dd>
     </dl>
 
+
+    <h4><a id="elementsRNG">RNG device</a></h4>
+    <p>RNG device capabilities are exposed under the
+    <code>rng</code> element. For instance:</p>
+
+<pre>
+&lt;domainCapabilities&gt;
+  ...
+  &lt;devices&gt;
+    &lt;rng supported='yes'&gt;
+      &lt;enum name='model'&gt;
+        &lt;value&gt;virtio&lt;/value&gt;
+        &lt;value&gt;virtio-transitional&lt;/value&gt;
+        &lt;value&gt;virtio-non-transitional&lt;/value&gt;
+      &lt;/enum&gt;
+      &lt;enum name='backendModel'&gt;
+        &lt;value&gt;random&lt;/value&gt;
+        &lt;value&gt;egd&lt;/value&gt;
+      &lt;/enum&gt;
+    &lt;/rng&gt;
+    ...
+  &lt;/devices&gt;
+&lt;/domainCapabilities&gt;
+</pre>
+
+    <dl>
+      <dt><code>model</code></dt>
+      <dd>Options for the <code>model</code> attribute of the
+      &lt;rng&gt; element.</dd>
+      <dt><code>backendModel</code></dt>
+      <dd>Options for the <code>model</code> attribute of the
+      &lt;rng&gt;&lt;backend&gt; element.</dd>
+    </dl>
+
+
     <h3><a id="elementsFeatures">Features</a></h3>
 
     <p>One more set of XML elements describe the supported features and
@@ -514,19 +549,9 @@
     encrypted with a key unique to that VM.</p>
 
     <p>
-        For more details on the SEV feature and how to use it with libvirt have
-        a look at the following resources:
-      <dl>
-        <dd>
-          <a href="https://support.amd.com/TechDocs/55766_SEV-KM_API_Specification.pdf">SEV API spec</a>
-        </dd>
-        <dd>
-          <a href="http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf">SEV White Paper</a>
-        </dd>
-        <dd>
-          <a href="formatdomain.html#launchSecurity">SEV in domain XML</a>
-        </dd>
-      </dl>
+      For more details on the SEV feature, please follow resources in the
+      AMD developer's document store. In order to use SEV with libvirt have
+      a look at <a href="formatdomain.html#launchSecurity">SEV in domain XML</a>
     </p>
 
     <dl>

docs/formatnetwork.html.in

@@ -1096,6 +1096,28 @@
       </dd>
     </dl>
 
+    <h3><a id="elementsNamespaces">Network namespaces</a></h3>
+
+    <p>
+      A special XML namespace is available for passing options directly to the
+      underlying dnsmasq configuration file. Usage of XML namespaces comes with no
+      support guarantees, so use at your own risk.
+    </p>
+
+    <p>
+      This example XML will pass the option strings <code>foo=bar</code> and
+      <code>cname=*.foo.example.com,master.example.com</code> directly to the
+      underlying dnsmasq instance.
+      <pre>
+&lt;network xmlns:dnsmasq='http://libvirt.org/schemas/network/dnsmasq/1.0'&gt;
+  ...
+  &lt;dnsmasq:options&gt;
+    &lt;dnsmasq:option value="foo=bar"/&gt;
+    &lt;dnsmasq:option value="cname=*.foo.example.com,master.example.com"/&gt;
+  &lt;/dnsmasq:options&gt;
+&lt;/network&gt;</pre>
+    </p>
+
     <h2><a id="examples">Example configuration</a></h2>
 
     <h3><a id="examplesNAT">NAT based network</a></h3>

docs/formatnetworkport.html.in

@@ -0,0 +1,212 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <body>
+    <h1>Network XML format</h1>
+
+    <ul id="toc">
+    </ul>
+
+    <p>
+      This page provides an introduction to the network port XML format.
+      This stores information about the connection between a virtual
+      interface of a virtual domain, and the virtual network it is
+      attached to.
+    </p>
+
+    <h2><a id="elements">Element and attribute overview</a></h2>
+
+    <p>
+      The root element required for all virtual network ports is
+      named <code>networkport</code> and has no configurable attributes
+      The network port XML format is available <span class="since">since
+      5.5.0</span>
+    </p>
+
+    <h3><a id="elementsMetadata">General metadata</a></h3>
+
+    <p>
+      The first elements provide basic metadata about the virtual
+      network port.
+    </p>
+
+    <pre>
+&lt;networkport
+  &lt;uuid&gt;7ae63b5f-fe96-4af0-a7c3-da04ba1b3f54&lt;/uuid&gt;
+  &lt;owner&gt;
+    &lt;uuid&gt;06578fc1-c686-46fa-bc2c-220893b466a6&lt;/uuid&gt;
+    &lt;name&gt;myguest&lt;name&gt;
+  &lt;/owner&gt;
+  &lt;group&gt;webfront&lt;group&gt;
+  &lt;mac address='52:54:0:7b:35:93'/&gt;
+  ...</pre>
+
+    <dl>
+      <dt><code>uuid</code></dt>
+      <dd>The content of the <code>uuid</code> element provides
+        a globally unique identifier for the virtual network port.
+        The format must be RFC 4122 compliant, eg <code>3e3fce45-4f53-4fa7-bb32-11f34168b82b</code>.
+        If omitted when defining/creating a new network port, a random
+        UUID is generated.</dd>
+      <dd>The <code>owner</code> node records the domain object that
+        is the owner of the network port. It contains two child nodes:
+        <dl>
+          <dt><code>uuid</code></dt>
+          <dd>The content of the <code>uuid</code> element provides
+            a globally unique identifier for the virtual domain.</dd>
+          <dt><code>name</code></dt>
+          <dd>The unique name of the virtual domain</dd>
+        </dl>
+      </dd>
+      <dt><code>group</code></dt>
+      <dd>The port group in the virtual network to which the
+        port belongs. Can be omitted if no port groups are
+        defined on the network.</dd>
+      <dt><code>mac</code></dt>
+      <dd>The <code>address</code> attribute provides the MAC
+        address of the virtual port that will be see by the
+        guest. The MAC address must not start with 0xFE as this
+        byte is reserved for use on the host side of the port.
+      </dd>
+    </dl>
+
+    <h3><a id="elementsCommon">Common elements</a></h3>
+
+    <p>
+      The following elements are common to one or more of the plug
+      types listed later
+    </p>
+
+    <pre>
+  ...
+  &lt;bandwidth&gt;
+    &lt;inbound average='1000' peak='5000' floor='200' burst='1024'/&gt;
+    &lt;outbound average='128' peak='256' burst='256'/&gt;
+  &lt;/bandwidth&gt;
+  &lt;rxfilters trustGuest='yes'/&gt;
+  &lt;virtualport type='802.1Qbg'&gt;
+    &lt;parameters managerid='11' typeid='1193047' typeidversion='2'/&gt;
+  &lt;/virtualport&gt;
+  ...</pre>
+
+    <dl>
+      <dt><code>bandwidth</code></dt>
+      <dd>This part of the network port XML provides setting quality of service.
+        Incoming and outgoing traffic can be shaped independently.
+        The <code>bandwidth</code> element and its child elements are described
+        in the <a href="formatnetwork.html#elementQoS">QoS</a> section of
+        the Network XML. In addition the <code>classID</code> attribute may
+        exist to provide the ID of the traffic shaping class that is active.
+      </dd>
+      <dt><code>rxfilters</code></dt>
+      <dd>The <code>rxfilters</code> element property
+        <code>trustGuest</code> provides the
+        capability for the host to detect and trust reports from the
+        guest regarding changes to the interface mac address and receive
+        filters by setting the attribute to <code>yes</code>. The default
+        setting for the attribute is <code>no</code> for security
+        reasons and support depends on the guest network device model as
+        well as the type of connection on the host - currently it is
+        only supported for the virtio device model and for macvtap
+        connections on the host.
+      </dd>
+      <dt><code>virtualport</code></dt>
+      <dd>The <code>virtualport</code> element describes metadata that
+        needs to be provided to the underlying network subsystem. It
+        is described in the domain XML
+        <a href="formatdomain.html#elementsNICS">interface documentation</a>.
+      </dd>
+    </dl>
+
+
+    <h3><a id="elementsPlug">Plugs</a></h3>
+
+    <p>
+      The <code>plug</code> element has varying content depending
+      on the value of the <code>type</code> attribute.
+    </p>
+
+    <h4><a id="elementsPlugNetwork">Network</a></h4>
+
+    <p>
+      The <code>network</code> plug type refers to a managed virtual
+      network plug that is based on a traditional software bridge
+      device privately managed by libvirt.
+    </p>
+
+    <pre>
+  ...
+  &lt;plug type='network' bridge='virbr0'/&gt;
+  ...</pre>
+
+    <p>
+      The <code>bridge</code> attribute provides the name of the
+      privately managed bridge device associated with the virtual
+      network.
+    </p>
+
+    <h4><a id="elementsPlugNetwork">Bridge</a></h4>
+
+    <p>
+      The <code>bridge</code> plug type refers to an externally
+      managed traditional software bridge.
+    </p>
+
+    <pre>
+  ...
+  &lt;plug type='bridge' bridge='br2'/&gt;
+  ...</pre>
+
+    <p>
+      The <code>bridge</code> attribute provides the name of the
+      externally managed bridge device associated with the virtual
+      network.
+    </p>
+
+    <h4><a id="elementsPlugNetwork">Direct</a></h4>
+
+    <p>
+      The <code>direct</code> plug type refers to a connection
+      directly to a physical network interface.
+    </p>
+
+    <pre>
+  ...
+  &lt;plug type='direct' dev='ens3' mode='vepa'/&gt;
+  ...</pre>
+
+    <p>
+      The <code>dev</code> attribute provides the name of the
+      physical network interface to which the port will be
+      connected. The <code>mode</code> attribute describes
+      how the connection will be setup and takes the same
+      values described in the
+      <a href="formatdomain.html#elementsNICSDirect">domain XML</a>.
+    </p>
+
+    <h4><a id="elementsPlugNetwork">Host PCI</a></h4>
+
+    <p>
+      The <code>hostdev-pci</code> plug type refers to the
+      passthrough of a physical PCI device rather than emulation.
+    </p>
+
+    <pre>
+  ...
+  &lt;plug type='hostdev-pci' managed='yes'&gt;
+    &lt;driver name='vfio'/&gt;
+    &lt;address domain='0x0001' bus='0x02' slot='0x03' function='0x4'/&gt;
+  &lt;/plug&gt;
+  ...</pre>
+
+    <p>
+      The <code>managed</code> attribute indicates who is responsible for
+      managing the PCI device in the host. When set to the value <code>yes</code>
+      libvirt is responsible for automatically detaching the device from host
+      drivers and resetting it if needed. If the value is <code>no</code>,
+      some other party must ensure the device is not attached to any
+      host drivers.
+    </p>
+
+  </body>
+</html>

docs/formatsecret.html.in

@@ -42,8 +42,8 @@
         Specifies what this secret is used for.  A mandatory
         <code>type</code> attribute specifies the usage category, currently
         only <code>volume</code>, <code>ceph</code>, <code>iscsi</code>,
-        and <code>tls</code> are defined. Specific usage categories
-        are described below.
+        <code>tls</code>, and <code>vtpm</code> are defined. Specific usage
+        categories are described below.
       </dd>
     </dl>
 
@@ -322,6 +322,63 @@ Secret 718c71bd-67b5-4a2b-87ec-a24e8ca200dc created
     <pre>
 # MYSECRET=`printf %s "letmein" | base64`
 # virsh secret-set-value 718c71bd-67b5-4a2b-87ec-a24e8ca200dc $MYSECRET
+Secret value set
+
+    </pre>
+
+    <h3><a id="vTPMUsageType">Usage type "vtpm"</a></h3>
+
+    <p>
+      This secret is associated with a virtualized TPM (vTPM) and serves
+      as a passphrase for deriving a key from for encrypting the state
+      of the vTPM.
+      The <code>&lt;usage type='vtpm'&gt;</code> element must contain
+      a single <code>name</code> element that specifies a usage name
+      for the secret.  The vTPM secret can then be used by UUID or by
+      this usage name via the <code>&lt;encryption&gt;</code> element of
+      a <a href="formatdomain.html#elementsTpm">tpm</a> when using an
+      emulator.
+      <span class="since">Since 5.6.0</span>. The following is an example
+      of the steps to be taken.  First create a vtpm-secret.xml file:    </p>
+
+    <pre>
+# cat vtpm-secret.xml
+&lt;secret ephemeral='no' private='yes'&gt;
+   &lt;description&gt;sample vTPM secret&lt;/description&gt;
+   &lt;usage type='vtpm'&gt;
+      &lt;name&gt;VTPM_example&lt;/name&gt;
+   &lt;/usage&gt;
+&lt;/secret&gt;
+
+# virsh secret-define vtpm-secret.xml
+Secret 6dd3e4a5-1d76-44ce-961f-f119f5aad935 created
+
+# virsh secret-list
+ UUID                                   Usage
+----------------------------------------------------------------------------------------
+ 6dd3e4a5-1d76-44ce-961f-f119f5aad935   vtpm VTPM_example
+
+#
+
+    </pre>
+
+    <p>
+      A secret may also be defined via the
+      <a href="html/libvirt-libvirt-secret.html#virSecretDefineXML">
+       <code>virSecretDefineXML</code></a> API.
+
+      Once the secret is defined, a secret value will need to be set. The
+      secret would be the passphrase used to decrypt the vTPM state.
+      The following is a simple example of using
+      <code>virsh secret-set-value</code> to set the secret value. The
+      <a href="html/libvirt-libvirt-secret.html#virSecretSetValue">
+      <code>virSecretSetValue</code></a> API may also be used to set
+      a more secure secret without using printable/readable characters.
+    </p>
+
+    <pre>
+# MYSECRET=`printf %s "open sesame" | base64`
+# virsh secret-set-value 6dd3e4a5-1d76-44ce-961f-f119f5aad935 $MYSECRET
 Secret value set
 
     </pre>

docs/formatsnapshot.html.in

@@ -9,7 +9,9 @@
     <h2><a id="SnapshotAttributes">Snapshot XML</a></h2>
 
     <p>
-      There are several types of snapshots:
+      Snapshots are one form
+      of <a href="kbase/domainstatecapture.html">domain state
+      capture</a>.  There are several types of snapshots:
     </p>
     <dl>
       <dt>disk snapshot</dt>
@@ -91,7 +93,9 @@
       sets that snapshot as current, and the prior current snapshot is
       the parent of the new snapshot.  Branches in the hierarchy can
       be formed by reverting to a snapshot with a child, then creating
-      another snapshot.
+      another snapshot.  For now, the creation of external snapshots
+      when checkpoints exist is forbidden, although future work will
+      make it possible to integrate these two concepts.
     </p>
     <p>
       The top-level <code>domainsnapshot</code> element may contain
@@ -140,8 +144,8 @@
           <dd>This sub-element describes the snapshot properties of a
             specific disk.  The attribute <code>name</code> is
             mandatory, and must match either the <code>&lt;target
-            dev='name'/&gt;</code> or an unambiguous <code>&lt;source
-            file='name'/&gt;</code> of one of
+            dev='name'/&gt;</code> (recommended) or an unambiguous
+            <code>&lt;source file='name'/&gt;</code> of one of
             the <a href="formatdomain.html#elementsDisks">disk
             devices</a> specified for the domain at the time of the
             snapshot.  The attribute <code>snapshot</code> is
@@ -170,6 +174,12 @@
               snapshots, the original file name becomes the read-only
               snapshot, and the new file name contains the read-write
               delta of all disk changes since the snapshot.
+              <p/>
+              The <code>source</code> element also may contain the
+              <code>seclabel</code> element (described in the
+              <a href="formatdomain.html#seclabel">domain XML documentation</a>)
+              which can be used to override the domain security labeling policy
+              for <code>source</code>.
               </dd>
               <dt><code>driver</code></dt>
               <dd>An optional sub-element <code>driver</code>,
@@ -177,6 +187,7 @@
               as qcow2), of the new file created by the external
               snapshot of the new file.
               </dd>
+              <dt><code>seclabel</code></dt>
             </dl>
 
             <span class="since">Since 1.2.2</span> the <code>disk</code> element
@@ -216,11 +227,9 @@
         guest.
       </dd>
       <dt><code>parent</code></dt>
-      <dd>An optional readonly representation of the parent of this
-        snapshot.  If present, this element contains exactly one child
-        element, <code>name</code>.  This specifies the name of the
-        parent snapshot of this snapshot, and is used to represent
-        trees of snapshots.
+      <dd>Readonly, present only if this snapshot has a parent. The
+        parent name is given by the sub-element <code>name</code>. The
+        parent relationship allows tracking a tree of related snapshots.
       </dd>
       <dt><code>domain</code></dt>
       <dd>A readonly representation of the domain that this snapshot
@@ -255,10 +264,15 @@
 &lt;domainsnapshot&gt;
   &lt;description&gt;Snapshot of OS install and updates&lt;/description&gt;
   &lt;disks&gt;
-    &lt;disk name='/path/to/old'&gt;
+    &lt;disk name='vda'&gt;
       &lt;source file='/path/to/new'/&gt;
     &lt;/disk&gt;
     &lt;disk name='vdb' snapshot='no'/&gt;
+    &lt;disk name='vdc'&gt;
+      &lt;source file='/path/to/newc'&gt;
+        &lt;seclabel model='dac' relabel='no'/&gt;
+      &lt;/source&gt;
+    &lt;/disk&gt;
   &lt;/disks&gt;
 &lt;/domainsnapshot&gt;</pre>
 

docs/genaclperms.pl

@@ -22,7 +22,8 @@ use warnings;
 
 my @objects = (
     "CONNECT", "DOMAIN", "INTERFACE",
-    "NETWORK","NODE_DEVICE", "NWFILTER",
+    "NETWORK_PORT", "NETWORK", "NODE_DEVICE",
+    "NWFILTER_BINDING", "NWFILTER",
      "SECRET", "STORAGE_POOL", "STORAGE_VOL",
     );
 
@@ -83,7 +84,7 @@ foreach my $object (sort { $a cmp $b } keys %perms) {
     my $class = $class{$object};
     my $olink = lc "object_" . $object;
     print <<EOF;
-<h3><a name="$olink">$class</a></h3>
+<h3><a id="$olink">$class</a></h3>
 <table class="acl">
   <thead>
     <tr>
@@ -105,7 +106,7 @@ EOF
 
         print <<EOF;
     <tr>
-      <td><a name="$plink">$perm</a></td>
+      <td><a id="$plink">$perm</a></td>
       <td>$description</td>
     </tr>
 EOF

docs/gitdm/aliases

@@ -0,0 +1,25 @@
+# Silly mistakes, mostly found in S-o-b or R-b tags.
+
+"jdenemar redhat com" jdenemar@redhat.com
+"pkrempa@redhat st.com" pkrempa@redhat.com
+jyang@redhat jyang@redhat.com
+wangjie88.huawei.com wangjie88@huawei.com
+
+# This is information that's already present in .mailmap, and having to
+# duplicate it is annoying. Unfortunately gitdm doesn't parse .mailmap
+# and the format is different, so we can't just point it to the file
+# either.
+
+cedric.bosdonnat@free.fr cbosdonnat@suse.com
+dan@berrange.com berrange@redhat.com
+fabiano@fidencio.org fidencio@redhat.com
+intrigeri+libvirt@boum.org intrigeri@boum.org
+jim@meyering.net meyering@redhat.com
+laine@laine.org laine@redhat.com
+redhat@adrb.pl adrian.brzezinski@eo.pl
+shilei.massclouds@gmx.com shi_lei@massclouds.com
+
+# This deviates from what's found in .mailmap, but it makes more sense as
+# far as gitdm is concerned since Jim was employed by Novell at the time.
+
+jfehlig@linux-ypgk.site jfehlig@novell.com

docs/gitdm/companies/canonical

@@ -0,0 +1,11 @@
+canonical.com
+
+# Having an @ubuntu.com email address doesn't necessarily imply you're
+# a Canonical employee; these people, however, seem to have been employed
+# by Canonical at the time they contributed to libvirt.
+
+jamie@ubuntu.com
+serge.hallyn@ubuntu.com
+smoser@ubuntu.com
+soren@ubuntu.com
+wgrant@ubuntu.com

docs/gitdm/companies/datto

@@ -0,0 +1,2 @@
+datto.com
+dattobackup.com

docs/gitdm/companies/dreamhost

@@ -0,0 +1,4 @@
+dreamhost.com
+dreamhost.net
+newdream.com
+newdream.net

docs/gitdm/companies/nec

@@ -0,0 +1,2 @@
+nec.co.jp
+nec.com

docs/gitdm/companies/others

@@ -0,0 +1,101 @@
+6wind.com 6WIND
+active.by ActiveCloud
+aero.org Aerospace
+akamai.com Akamai
+amd.com AMD
+anchor.net.au Anchor
+aristanetworks.com Arista Networks
+arpnetworks.com ARP Networks
+av-test.de AV-TEST
+b1-systems.de B1 Systems
+brightbox.co.uk Brightbox
+cisco.com Cisco
+citrix.com Citrix
+cloudwatt.com Cloudwatt
+codethink.co.uk Codethink
+cumulusnetworks.com Cumulus Networks
+dataductus.se Data Ductus
+datagravity.com DataGravity
+dell.com Dell
+diateam.net DIATEAM
+eldorado.org.br ELDORADO
+endocode.com Endocode
+eo.pl eo Networks
+ericsson.com Ericsson
+fb.com Facebook
+firewall-services.com Firewall-Services
+freescale.com Freescale
+fujitsu.com Fujitsu
+gluster.com Gluster
+gridcentric.ca Gridcentric
+h3c.com H3C
+hde.co.jp HDE
+hds.com Hitachi Data Systems
+hitachi.com Hitachi
+hoster-ok.com hoster-ok.com
+hp.com HP
+huawei.com Huawei
+ibm.com IBM
+inktank.com Inktank Storage
+intel.com Intel
+intellilink.co.jp NTT DATA INTELLILINK
+invisiblethingslab.com Invisible Things Lab
+jtan.com JTAN
+juniper.net Juniper Networks
+laposte.net La Poste
+le.com Le.com
+linaro.org Linaro
+linutronix.de Linutronix
+linux2go.dk Linux2Go
+liquidweb.com Liquid Web
+massclouds.com MassClouds
+designassembly.de Coffee-Break-Games
+mellanox.com Mellanox
+midokura.com Midokura
+mirantis.com Mirantis
+munzinger.de Munzinger Archiv
+netease.com NetEase
+netzquadrat.de [netzquadrat]
+nicira.com Nicira
+nimboxx.com NIMBOXX
+novell.com Novell
+ntt.co.jp NTT Group
+ohmu.fi OHMU
+open-minds.org OpenThink
+oracle.com Oracle
+os-t.de OpenSource Training
+otb.bg Open Technologies Bulgaria
+outscale.com OUTSCALE
+parallels.com Parallels
+petalogix.com PetaLogix
+quobyte.com Quobyte
+ravellosystems.com Ravello Systems
+samsung.com Samsung
+sde.cz SDE
+semihalf.com Semihalf
+siemens.com Siemens
+smartjog.com SmartJog
+solarflare.com Solarflare
+ssatr.ch Swiss Satellite Radio
+sun.com Sun Microsystems
+taobao.com Taobao
+tdf.fr TDF
+tencent.com Tencent
+transip.nl TransIP
+tresys.com Tresys
+uniudc.com Tsinghua Uniudc
+univention.de Univention
+veritas.com Veritas
+vhgroup.net VHGroup
+virtualopensystems.com Virtual Open Systems
+websense.com Websense
+wiktel.com Wikstrom Telephone Company
+windriver.com Wind River
+winhong.com Winhong
+xmission.com XMission
+xs4all.nl XS4ALL
+yadro.com YADRO
+yandex.ru Yandex
+yunify.com Yunify
+zstack.io ZStack
+zte.com.cn ZTE

docs/gitdm/companies/redhat

@@ -0,0 +1,6 @@
+redhat.com
+
+# These Red Hat employees used their personal email address when contributing
+# to libvirt and we don't have the corresponding @redhat.com address on file.
+
+lkundrak@v3.sk

docs/gitdm/companies/suse

@@ -0,0 +1,7 @@
+suse.com
+suse.de
+
+# These SUSE employees used their personal email address when contributing
+# to libvirt and we don't have the corresponding @suse.com address on file.
+
+olaf@aepfle.de

docs/gitdm/companies/virtuozzo

@@ -0,0 +1,2 @@
+openvz.org
+virtuozzo.com

docs/gitdm/groups/education

@@ -0,0 +1,17 @@
+byu.net
+csiro.au
+epita.fr
+hibikino.ne.jp
+infn.it
+inria.fr
+isi.edu
+nict.go.jp
+parisdescartes.fr
+telecom-bretagne.eu
+tu-berlin.de
+tu-dresden.de
+ucla.edu
+upc.edu
+utah.edu
+uvt.ro
+wide.ad.jp

docs/gitdm/groups/opensource

@@ -0,0 +1,12 @@
+alpinelinux.org
+debian.org
+fedoraproject.org
+fsf.org
+gentoo.org
+gnome.org
+gnu.org
+kernel.org
+linux.com
+openbsd.org
+salasaga.org
+samba.org

docs/gitdm/groups/unaffiliated

@@ -0,0 +1,83 @@
+# These are all domains you can get a personal email address from, so it's
+# fair to assume people using such addresses are contributing in their spare
+# time rather than on behalf of their respective employers.
+
+126.com
+gmail.com
+gmx.com
+googlemail.com
+hotmail.com
+mail.ru
+pobox.com
+riseup.net
+web.de
+yahoo.com
+
+# Same as the above, but for domains that don't generally allow random
+# people to sign up for an email address. In this case we list the email
+# addresses directly rather than just the domain, because we can't really
+# consider the domain itself one way or the other.
+
+adam@pandorasboxen.com
+agx@sigxcpu.org
+alexander.nusov@nfvexpress.com
+andres@lagarcavilla.org
+asad.saeed@acidseed.com
+atler@pld-linux.org
+benoar@dolka.fr
+beorn@binaries.fr
+bigon@bigon.be
+bugzilla.redhat.simon@arlott.org
+cardoe@cardoe.com
+charles@dyfis.net
+d.herrendoerfer@herrendoerfer.name
+dan@danny.cz
+debfx@fobos.de
+eike@sf-mail.de
+exo@tty.sk
+fritz@fritz-elfert.de
+gene@czarc.net
+gordon@dragonsdawn.net
+heathpetersen@kandre.com
+ibaldo@adinet.com.uy
+igor47@moomers.org
+infos@nafets.de
+intrigeri@boum.org
+james410@cowgill.org.uk
+james@shubin.ca
+jasper@humppa.nl
+jeremy@goop.org
+jk@ozlabs.org
+jwm@horde.net
+klaus@ethgen.de
+lacos@caesar.elte.hu
+lenaic@lhuard.fr.eu.org
+libvirt@dunquino.com
+lists@egidy.de
+marti@juffo.org
+max@rfc2324.org
+michael@ellerman.id.au
+mike@very.puzzling.org
+n0ano@n0ano.com
+neil@aldur.co.uk
+nobody@nowhere.ws
+peter@kieser.ca
+pieter@hollants.com
+raimue@codingfarm.de
+richard@nod.at
+rmy@tigress.co.uk
+ruben@rubenkerkhof.com
+rufo@rufoa.com
+slawek@kaplonski.pl
+soulxu@soulxu-thinkpad-t410.(none)
+stybla@turnovfree.net
+tai@rakugaki.org
+thomas@scripty.at
+v.tolstov@selfip.ru
+ville.skytta@iki.fi
+vincent@bernat.im
+wido@widodh.nl
+wiedi@frubar.net
+wongc-redhat@hoku.net
+xschen@tnsoft.com.cn
+yurchor@ukr.net

docs/hacking.html.in

@@ -1473,34 +1473,5 @@ int foo()
         in the same way, but still make sure they get reviewed if non-trivial.
       </li>
     </ul>
-    <h2><a id="coverage">Code coverage reports</a></h2>
-
-    <p>
-      Code coverage HTML reports can be generated with:
-    </p>
-
-<pre>
-  make coverage
-</pre>
-
-    <p>
-      Reports will be generated in the <code>cov/</code> directory. Point a
-      web browser at <code>cov/index.html</code> for the full report.
-    </p>
-
-    <p>
-      The <code>make coverage</code> target is provided by <code>gnulib</code>.
-      It is a convenience helper for calling the following 3 targets in order.
-      It may be useful to occasionally call these directly.
-
-    <ul>
-      <li><code>make init-coverage</code>: run <code>make clean</code> and
-          remove all code coverage counter files (*.gcno, etc.)</li>
-      <li><code>make build-coverage</code>: run <code>make</code> and
-          <code>make check</code> with <code>CFLAGS</code> filled in with
-          necessary coverage flags</li>
-      <li><code>make gen-coverage</code>: generate the HTML report</li>
-    </ul>
-    </p>
   </body>
 </html>

docs/hooks.html.in

@@ -91,10 +91,8 @@
   </network>
 &lt;/hookData&gt;</pre>
 
-    <p>In the case of an interface
-       being plugged/unplugged to/from the network, the network XML will be
-       followed with the full XML description of the domain containing the
-       interface that is being plugged/unplugged:</p>
+    <p>In the case of an network port being created / deleted, the network
+       XML will be followed with the full XML description of the port:</p>
 
 <pre>&lt;hookData&gt;
   &lt;network&gt;
@@ -102,11 +100,11 @@
      &lt;uuid&gt;afca425a-2c3a-420c-b2fb-dd7b4950d722&lt;/uuid&gt;
      ...
   &lt;/network&gt;
-  &lt;domain type='$domain_type' id='$domain_id'&gt;
-     &lt;name&gt;$domain_name&lt;/name&gt;
-     &lt;uuid&gt;afca425a-2c3a-420c-b2fb-dd7b4950d722&lt;/uuid&gt;
-     ...
-  &lt;/domain&gt;
+  &lt;networkport&gt;
+    &lt;uuid&gt;5d744f21-ba4a-4d6e-bdb2-30a35ff3207d&lt;/uuid&gt;
+    ...
+    &lt;plug type='direct' dev='ens3' mode='vepa'/&gt;
+  &lt;/networkport&gt;
 &lt;/hookData&gt;</pre>
 
     <p>Please note that this approach is different from other cases such as
@@ -296,15 +294,15 @@
           <pre>/etc/libvirt/hooks/network network_name stopped end -</pre></li>
       <li>Later, when network is started and there's an interface from a
         domain to be plugged into the network, the hook script is called as:<br/>
-          <pre>/etc/libvirt/hooks/network network_name plugged begin -</pre>
+          <pre>/etc/libvirt/hooks/network network_name port-created begin -</pre>
         Please note, that in this case, the script is passed both network and
-        domain XMLs on its stdin.</li>
+        port XMLs on its stdin.</li>
       <li>When network is updated, the hook script is called as:<br/>
           <pre>/etc/libvirt/hooks/network network_name updated begin -</pre></li>
       <li>When the domain from previous case is shutting down, the interface
         is unplugged. This leads to another script invocation:<br/>
-          <pre>/etc/libvirt/hooks/network network_name unplugged begin -</pre>
-        And again, as in previous case, both network and domain XMLs are passed
+          <pre>/etc/libvirt/hooks/network network_name port-deleted begin -</pre>
+        And again, as in previous case, both network and port XMLs are passed
         onto script's stdin.</li>
     </ul>
 

docs/hvsupport.pl

@@ -234,16 +234,22 @@ foreach my $src (@srcs) {
             }
 
         } else {
-            if ($line =~ m!\s*\.(\w+)\s*=\s*(\w+)\s*,?\s*(?:/\*\s*(\d+\.\d+\.\d+)\s*\*/\s*)?$!) {
+            if ($line =~ m!\s*\.(\w+)\s*=\s*(\w+)\s*,?\s*(?:/\*\s*(\d+\.\d+\.\d+)\s*(?:-\s*(\d+\.\d+\.\d+))?\s*\*/\s*)?$!) {
                 my $api = $1;
                 my $meth = $2;
                 my $vers = $3;
+                my $deleted = $4;
 
                 next if $api eq "no" || $api eq "name";
 
-                die "Method $meth in $src is missing version" unless defined $vers || $api eq "connectURIProbe";
+                if ($meth eq "NULL" && !defined $deleted) {
+                    die "Method impl for $api is NULL, but no deleted version is provided";
+                }
+                if ($meth ne "NULL" && defined $deleted) {
+                    die "Method impl for $api is non-NULL, but deleted version is provided";
+                }
 
-                die "Driver method for $api is NULL in $src" if $meth eq "NULL";
+                die "Method $meth in $src is missing version" unless defined $vers || $api eq "connectURIProbe";
 
                 if (!exists($groups{$ingrp}->{apis}->{$api})) {
                     next if $api =~ /\w(Open|Close|URIProbe)/;
@@ -251,12 +257,16 @@ foreach my $src (@srcs) {
                     die "Found unexpected method $api in $ingrp\n";
                 }
 
-                $groups{$ingrp}->{drivers}->{$impl}->{$api} = $vers;
+                $groups{$ingrp}->{drivers}->{$impl}->{$api} = {};
+                $groups{$ingrp}->{drivers}->{$impl}->{$api}->{vers} = $vers;
+                $groups{$ingrp}->{drivers}->{$impl}->{$api}->{deleted}  = $deleted;
                 if ($api eq "domainMigratePrepare" ||
                     $api eq "domainMigratePrepare2" ||
                     $api eq "domainMigratePrepare3") {
-                    $groups{$ingrp}->{drivers}->{$impl}->{"domainMigrate"} = $vers
-                        unless $groups{$ingrp}->{drivers}->{$impl}->{"domainMigrate"};
+                    if (!$groups{$ingrp}->{drivers}->{$impl}->{"domainMigrate"}) {
+                        $groups{$ingrp}->{drivers}->{$impl}->{"domainMigrate"} = {};
+                        $groups{$ingrp}->{drivers}->{$impl}->{"domainMigrate"}->{vers} = $vers;
+                    }
                 }
 
             } elsif ($line =~ /}/) {
@@ -280,7 +290,7 @@ $groups{virHypervisorDriver}->{apis}->{"domainMigrate"} = "virDomainMigrate";
 my $openAuthVers = (0 * 1000 * 1000) + (4 * 1000) + 0;
 
 foreach my $drv (keys %{$groups{"virHypervisorDriver"}->{drivers}}) {
-    my $openVersStr = $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"connectOpen"};
+    my $openVersStr = $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"connectOpen"}->{vers};
     my $openVers;
     if ($openVersStr =~ /(\d+)\.(\d+)\.(\d+)/) {
         $openVers = ($1 * 1000 * 1000) + ($2 * 1000) + $3;
@@ -290,14 +300,16 @@ foreach my $drv (keys %{$groups{"virHypervisorDriver"}->{drivers}}) {
     $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"connectOpenReadOnly"} =
         $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"connectOpen"};
 
+    $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"connectOpenAuth"} = {};
+
     # virConnectOpenAuth is always 0.4.0 if the driver existed
     # before this time, otherwise it matches the version of
     # the driver's virConnectOpen entry
     if ($openVersStr eq "Y" ||
         $openVers >= $openAuthVers) {
-        $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"connectOpenAuth"} = $openVersStr;
+        $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"connectOpenAuth"}->{vers} = $openVersStr;
     } else {
-        $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"connectOpenAuth"} = "0.4.0";
+        $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"connectOpenAuth"}->{vers} = "0.4.0";
     }
 }
 
@@ -309,21 +321,23 @@ $groups{virHypervisorDriver}->{apis}->{"domainCreateLinux"} = "virDomainCreateLi
 my $createAPIVers = (0 * 1000 * 1000) + (0 * 1000) + 3;
 
 foreach my $drv (keys %{$groups{"virHypervisorDriver"}->{drivers}}) {
-    my $createVersStr = $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"domainCreateXML"};
+    my $createVersStr = $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"domainCreateXML"}->{vers};
     next unless defined $createVersStr;
     my $createVers;
     if ($createVersStr =~ /(\d+)\.(\d+)\.(\d+)/) {
         $createVers = ($1 * 1000 * 1000) + ($2 * 1000) + $3;
     }
 
+    $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"domainCreateLinux"} = {};
+
     # virCreateLinux is always 0.0.3 if the driver existed
     # before this time, otherwise it matches the version of
     # the driver's virCreateXML entry
     if ($createVersStr eq "Y" ||
         $createVers >= $createAPIVers) {
-        $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"domainCreateLinux"} = $createVersStr;
+        $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"domainCreateLinux"}->{vers} = $createVersStr;
     } else {
-        $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"domainCreateLinux"} = "0.0.3";
+        $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"domainCreateLinux"}->{vers} = "0.0.3";
     }
 }
 
@@ -342,13 +356,15 @@ print <<EOF;
 <p>
 This page documents which <a href="html/">libvirt calls</a> work on
 which libvirt drivers / hypervisors, and which version the API appeared
-in.
+in. If a hypervisor driver later dropped support for the API, the version
+when it was removed is also mentioned (highlighted in
+<span class="removedhv">dark red</span>).
 </p>
 
 EOF
 
     foreach my $grp (sort { $a cmp $b } keys %groups) {
-    print "<h2><a name=\"$grp\">", $groupheaders{$grp}, "</a></h2>\n";
+    print "<h2><a id=\"$grp\">", $groupheaders{$grp}, "</a></h2>\n";
     print <<EOF;
 <table class="top_table">
 <thead>
@@ -395,11 +411,16 @@ EOF
 EOF
 
         foreach my $drv (sort {$a cmp $b } keys %{$groups{$grp}->{drivers}}) {
+            print "<td>";
             if (exists $groups{$grp}->{drivers}->{$drv}->{$field}) {
-                print "<td>", $groups{$grp}->{drivers}->{$drv}->{$field}, "</td>\n";
-            } else {
-                print "<td></td>\n";
+                if ($groups{$grp}->{drivers}->{$drv}->{$field}->{vers}) {
+                    print $groups{$grp}->{drivers}->{$drv}->{$field}->{vers};
+                }
+                if ($groups{$grp}->{drivers}->{$drv}->{$field}->{deleted}) {
+                    print " - <span class=\"removedhv\">", $groups{$grp}->{drivers}->{$drv}->{$field}->{deleted}, "</span>";
+                }
             }
+            print "</td>\n";
         }
 
         print <<EOF;

docs/index.html.in

@@ -2,20 +2,9 @@
 <!DOCTYPE html>
 <html xmlns="http://www.w3.org/1999/xhtml">
   <head>
-    <script type="text/javascript" src="js/jquery-3.1.1.min.js"> </script>
-    <script type="text/javascript" src="js/moment.min.js"> </script>
-    <script type="text/javascript" src="js/jquery.rss.min.js"> </script>
-
     <script type="text/javascript">
       <!--
-      jQuery(function($) {
-        $("#planet").rss("http://planet.virt-tools.org/atom.xml", {
-          ssl: true,
-          layoutTemplate: '<dl>{entries}</dl>',
-          entryTemplate: '<dt><a href="{url}">{title}</a></dt><dd>by {author} on {date}</li>',
-          dateFormat: 'DD MMM YYYY'
-        })
-      })
+      window.addEventListener("load", function() { fetchRSS() });
       // -->
     </script>
   </head>
@@ -69,7 +58,8 @@
           <a href="formatstoragecaps.html">storage pool capabilities</a>,
           <a href="formatnode.html">node devices</a>,
           <a href="formatsecret.html">secrets</a>,
-          <a href="formatsnapshot.html">snapshots</a></dd>
+          <a href="formatsnapshot.html">snapshots</a>,
+          <a href="formatcheckpoint.html">checkpoints</a></dd>
         <dt><a href="http://wiki.libvirt.org">Wiki</a></dt>
         <dd>Read further community contributed content</dd>
       </dl>

docs/internals/rpc.html.in

@@ -539,13 +539,6 @@ C <--  |32| 8 | 1 | 3 | 1 | 1 | 0 | .o.oOo |  <-- S  (reply)
         be part of the underlying server.
       </dd>
 
-      <dt><code>virNetServerMDNSPtr</code> (virnetservermdns.h)</dt>
-      <dd>The virNetServerMDNS APIs are used to advertise a server
-        across the local network, enabling clients to automatically
-        detect the existence of remote services. This is done by
-        interfacing with the Avahi mDNS advertisement service.
-      </dd>
-
       <dt><code>virNetServerClientPtr</code> (virnetserverclient.h)</dt>
       <dd>The virNetServerClient APIs are used to manage I/O related
         to a single client network connection. It handles initial

docs/js/jquery.rss.min.js

@@ -1,11 +0,0 @@
-(function(d){var e=function(a,b,c,f){this.target=a;this.url=b;this.html=[];this.effectQueue=[];this.options=d.extend({ssl:!1,host:"www.feedrapp.info",limit:null,key:null,layoutTemplate:"<ul>{entries}</ul>",entryTemplate:'<li><a href="{url}">[{author}@{date}] {title}</a><br/>{shortBodyPlain}</li>',tokens:{},outputMode:"json",dateFormat:"dddd MMM Do",dateLocale:"en",effect:"show",offsetStart:!1,offsetEnd:!1,error:function(){console.log("jQuery RSS: url doesn't link to RSS-Feed")},onData:function(){},
-success:function(){}},c||{});this.options.ssl&&"www.feedrapp.info"===this.options.host&&(this.options.host="feedrapp.herokuapp.com");this.callback=f||this.options.success};e.htmlTags="doctype,html,head,title,base,link,meta,style,script,noscript,body,article,nav,aside,section,header,footer,h1-h6,hgroup,address,p,hr,pre,blockquote,ol,ul,li,dl,dt,dd,figure,figcaption,div,table,caption,thead,tbody,tfoot,tr,th,td,col,colgroup,form,fieldset,legend,label,input,button,select,datalist,optgroup,option,textarea,keygen,output,progress,meter,details,summary,command,menu,del,ins,img,iframe,embed,object,param,video,audio,source,canvas,track,map,area,a,em,strong,i,b,u,s,small,abbr,q,cite,dfn,sub,sup,time,code,kbd,samp,var,mark,bdi,bdo,ruby,rt,rp,span,br,wbr".split(",");
-e.prototype.load=function(a){var b="http"+(this.options.ssl?"s":"")+"://"+this.options.host+"?callback=?&q="+encodeURIComponent(this.url);this.options.offsetStart&&this.options.offsetEnd&&(this.options.limit=this.options.offsetEnd);null!==this.options.limit&&(b+="&num="+this.options.limit);null!==this.options.key&&(b+="&key="+this.options.key);d.getJSON(b,a)};e.prototype.render=function(){var a=this;this.load(function(b){try{a.feed=b.responseData.feed,a.entries=b.responseData.feed.entries}catch(c){return a.entries=
-[],a.feed=null,a.options.error.call(a)}b=a.generateHTMLForEntries();a.target.append(b.layout);if(0!==b.entries.length){d.isFunction(a.options.onData)&&a.options.onData.call(a);var f=d(b.layout).is("entries")?b.layout:d("entries",b.layout);a.appendEntriesAndApplyEffects(f,b.entries)}0<a.effectQueue.length?a.executeEffectQueue(a.callback):d.isFunction(a.callback)&&a.callback.call(a)})};e.prototype.appendEntriesAndApplyEffects=function(a,b){var c=this;d.each(b,function(b,e){var d=c.wrapContent(e);"show"===
-c.options.effect?a.before(d):(d.css({display:"none"}),a.before(d),c.applyEffect(d,c.options.effect))});a.remove()};e.prototype.generateHTMLForEntries=function(){var a=this,b={entries:[],layout:null};d(this.entries).each(function(){var c=a.options.offsetStart,f=a.options.offsetEnd;c&&f?index>=c&&index<=f&&a.isRelevant(this,b.entries)&&(c=a.evaluateStringForEntry(a.options.entryTemplate,this),b.entries.push(c)):a.isRelevant(this,b.entries)&&(c=a.evaluateStringForEntry(a.options.entryTemplate,this),
-b.entries.push(c))});b.layout=this.options.entryTemplate?this.wrapContent(this.options.layoutTemplate.replace("{entries}","<entries></entries>")):this.wrapContent("<div><entries></entries></div>");return b};e.prototype.wrapContent=function(a){return 0!==d.trim(a).indexOf("<")?d("<div>"+a+"</div>"):d(a)};e.prototype.applyEffect=function(a,b,c){switch(b){case "slide":a.slideDown("slow",c);break;case "slideFast":a.slideDown(c);break;case "slideSynced":this.effectQueue.push({element:a,effect:"slide"});
-break;case "slideFastSynced":this.effectQueue.push({element:a,effect:"slideFast"})}};e.prototype.executeEffectQueue=function(a){var b=this;this.effectQueue.reverse();var c=function(){var f=b.effectQueue.pop();f?b.applyEffect(f.element,f.effect,c):a&&a()};c()};e.prototype.evaluateStringForEntry=function(a,b){var c=a,f=this;d(a.match(/(\{.*?\})/g)).each(function(){var a=this.toString();c=c.replace(a,f.getValueForToken(a,b))});return c};e.prototype.isRelevant=function(a,b){var c=this.getTokenMap(a);
-return this.options.filter?this.options.filterLimit&&this.options.filterLimit===b.length?!1:this.options.filter(a,c):!0};e.prototype.getFormattedDate=function(a){if(this.options.dateFormatFunction)return this.options.dateFormatFunction(a);return"undefined"!==typeof moment?(a=moment(new Date(a)),a=a.locale?a.locale(this.options.dateLocale):a.lang(this.options.dateLocale),a.format(this.options.dateFormat)):a};e.prototype.getTokenMap=function(a){if(!this.feedTokens){var b=JSON.parse(JSON.stringify(this.feed));
-delete b.entries;this.feedTokens=b}return d.extend({feed:this.feedTokens,url:a.link,author:a.author,date:this.getFormattedDate(a.publishedDate),title:a.title,body:a.content,shortBody:a.contentSnippet,bodyPlain:function(a){for(var a=a.content.replace(/<script[\\r\\\s\S]*<\/script>/mgi,"").replace(/<\/?[^>]+>/gi,""),b=0;b<e.htmlTags.length;b++)a=a.replace(RegExp("<"+e.htmlTags[b],"gi"),"");return a}(a),shortBodyPlain:a.contentSnippet.replace(/<\/?[^>]+>/gi,""),index:d.inArray(a,this.entries),totalEntries:this.entries.length,
-teaserImage:function(a){try{return a.content.match(/(<img.*?>)/gi)[0]}catch(b){return""}}(a),teaserImageUrl:function(a){try{return a.content.match(/(<img.*?>)/gi)[0].match(/src="(.*?)"/)[1]}catch(b){return""}}(a)},this.options.tokens)};e.prototype.getValueForToken=function(a,b){var c=this.getTokenMap(b),d=a.replace(/[\{\}]/g,""),d=c[d];if("undefined"!==typeof d)return"function"===typeof d?d(b,c):d;throw Error("Unknown token: "+a+", url:"+this.url);};d.fn.rss=function(a,b,c){(new e(this,a,b,c)).render();
-return this}})(jQuery);

docs/js/main.js

@@ -1,50 +1,52 @@
+"use strict";
+
 function pageload() {
-    window.addEventListener('scroll', function(e){
-        var distanceY = window.pageYOffset || document.documentElement.scrollTop
-        var shrinkOn = 94
-        home = document.getElementById("home");
-        links = document.getElementById("jumplinks");
-        search = document.getElementById("search");
-        body = document.getElementById("body");
+    window.addEventListener("scroll", function(e){
+        var distanceY = window.pageYOffset || document.documentElement.scrollTop;
+        var shrinkOn = 94;
+        var home = document.getElementById("home");
+        var links = document.getElementById("jumplinks");
+        var search = document.getElementById("search");
+        var body = document.getElementById("body");
         if (distanceY > shrinkOn) {
             if (home.className != "navhide") {
-                body.className = "navhide"
-                home.className = "navhide"
-                links.className = "navhide"
-                search.className = "navhide"
+                body.className = "navhide";
+                home.className = "navhide";
+                links.className = "navhide";
+                search.className = "navhide";
             }
         } else {
             if (home.className == "navhide") {
-                body.className = ""
-                home.className = ""
-                links.className = ""
-                search.className = ""
+                body.className = "";
+                home.className = "";
+                links.className = "";
+                search.className = "";
             }
         }
     });
 
     /* Setting this class makes the advanced search options visible */
-    advancedSearch = document.getElementById("advancedsearch")
-    advancedSearch.className = "advancedsearch"
+    var advancedSearch = document.getElementById("advancedsearch");
+    advancedSearch.className = "advancedsearch";
 
-    simpleSearch = document.getElementById("simplesearch")
-    simplesearch.addEventListener("submit", advancedsearch)
+    var simpleSearch = document.getElementById("simplesearch");
+    simpleSearch.addEventListener("submit", advancedsearch);
 }
 
 function advancedsearch(e) {
     e.preventDefault();
     e.stopPropagation();
 
-    form = document.createElement("form");
+    var form = document.createElement("form");
     form.setAttribute("method", "get");
 
-    newq = document.createElement("input");
+    var newq = document.createElement("input");
     newq.setAttribute("type", "hidden");
     form.appendChild(newq);
 
-    q = document.getElementById("searchq");
-    whats = document.getElementsByName("what");
-    what = "website";
+    var q = document.getElementById("searchq");
+    var whats = document.getElementsByName("what");
+    var what = "website";
     for (var i = 0; i < whats.length; i++) {
         if (whats[i].checked) {
             what = whats[i].value;
@@ -75,3 +77,65 @@ function advancedsearch(e) {
 
     return false;
 }
+
+function fetchRSS() {
+    if (document.location.protocol == "file:")
+        return;
+
+    var planet = document.getElementById("planet");
+    if (planet === null)
+        return;
+
+    var req = new XMLHttpRequest();
+    req.open("GET", "https://planet.virt-tools.org/atom.xml");
+    req.setRequestHeader("Accept", "application/atom+xml, text/xml");
+    req.onerror = function(e) {
+        if (this.statusText != "")
+            console.error(this);
+    };
+    req.onload = function(e) {
+        if (this.readyState !== 4)
+            return;
+
+        if (this.status != 200) {
+            console.error(this.statusText);
+            return;
+        }
+
+        if (this.responseXML === null) {
+            console.error("Atom response is not an XML");
+            return;
+        }
+
+        var dl = document.createElement("dl");
+        var dateOpts = { day: "numeric", month: "short", year: "numeric"};
+
+        var entries = this.responseXML.querySelectorAll("feed > entry:not(:nth-of-type(1n+5))");
+
+        entries.forEach(function(e) {
+            var name = e.querySelector("author > name").textContent;
+            var title = e.querySelector("title").textContent;
+            var updated = e.querySelector("updated").textContent;
+            var link = e.querySelector("link").attributes.href.textContent;
+
+            var a = document.createElement("a");
+            a.href = link;
+            a.innerText = title;
+
+            var dt = document.createElement("dt");
+            dt.appendChild(a);
+            dl.appendChild(dt);
+
+            var date = new Date(updated);
+            date = date.toLocaleDateString("default", dateOpts);
+
+            var dd = document.createElement("dd");
+            dd.innerText = ` by ${name} on ${date}`;
+
+            dl.appendChild(dd);
+        });
+
+        planet.appendChild(dl);
+    };
+    req.send();
+}

docs/kbase.html.in

@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <body class="docs">
+    <h2>Knowledge base</h2>
+
+    <div class="panel">
+      <dl>
+        <dt><a href="kbase/locking.html">Disk locking</a></dt>
+        <dd>Ensuring exclusive guest access to disks with
+          <a href="kbase/locking-lockd.html">virtlockd</a> or
+          <a href="kbase/locking-sanlock.html">Sanlock</a></dd>
+
+        <dt><a href="kbase/secureusage.html">Secure usage</a></dt>
+        <dd>Secure usage of the libvirt APIs</dd>
+
+        <dt><a href="kbase/launch_security_sev.html">Launch security</a></dt>
+        <dd>Securely launching VMs with AMD SEV</dd>
+
+        <dt><a href="kbase/domainstatecapture.html">Domain state
+            capture</a></dt>
+        <dd>Comparison between different methods of capturing domain
+          state</dd>
+      </dl>
+    </div>
+
+    <br class="clear"/>
+
+  </body>
+</html>

docs/kbase/domainstatecapture.html.in

@@ -0,0 +1,303 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <body>
+
+    <h1>Domain state capture using Libvirt</h1>
+
+    <ul id="toc"></ul>
+
+    <p>
+      In order to aid application developers to choose which
+      operations best suit their needs, this page compares the
+      different means for capturing state related to a domain managed
+      by libvirt.
+    </p>
+
+    <p>
+      The information here is primarily geared towards capturing the
+      state of an active domain. Capturing the state of an inactive
+      domain essentially amounts to copying the contents of guest
+      disks, followed by a fresh boot of the same domain configuration
+      with disks restored back to that saved state.
+    </p>
+
+    <h2><a id="definitions">State capture trade-offs</a></h2>
+
+    <p>One of the features made possible with virtual machines is live
+      migration -- transferring all state related to the guest from
+      one host to another with minimal interruption to the guest's
+      activity. In this case, state includes domain memory (including
+      register and device contents), and domain storage (whether the
+      guest's view of the disks are backed by local storage on the
+      host, or by the hypervisor accessing shared storage over a
+      network).  A clever observer will then note that if all state is
+      available for live migration, then there is nothing stopping a
+      user from saving some or all of that state at a given point of
+      time in order to be able to later rewind guest execution back to
+      the state it previously had. The astute reader will also realize
+      that state capture at any level requires that the data must be
+      stored and managed by some mechanism. This processing might fit
+      in a single file, or more likely require a chain of related
+      files, and may require synchronization with third-party tools
+      built around managing the amount of data resulting from
+      capturing the state of multiple guests that each use multiple
+      disks.
+    </p>
+
+    <p>
+      There are several libvirt APIs associated with capturing the
+      state of a guest, which can later be used to rewind that guest
+      to the conditions it was in earlier.  The following is a list of
+      trade-offs and differences between the various facets that
+      affect capturing domain state for active domains:
+    </p>
+
+    <dl>
+      <dt>Duration</dt>
+      <dd>Capturing state can be a lengthy process, so while the
+        captured state ideally represents an atomic point in time
+        corresponding to something the guest was actually executing,
+        capturing state tends to focus on minimizing guest downtime
+        while performing the rest of the state capture in parallel
+        with guest execution.  Some interfaces require up-front
+        preparation (the state captured is not complete until the API
+        ends, which may be some time after the command was first
+        started), while other interfaces track the state when the
+        command was first issued, regardless of the time spent in
+        capturing the rest of the state.  Also, time spent in state
+        capture may be longer than the time required for live
+        migration, when state must be duplicated rather than shared.
+      </dd>
+
+      <dt>Amount of state</dt>
+      <dd>For an online guest, there is a choice between capturing the
+        guest's memory (all that is needed during live migration when
+        the storage is already shared between source and destination),
+        the guest's disk state (all that is needed if there are no
+        pending guest I/O transactions that would be lost without the
+        corresponding memory state), or both together.  Reverting to
+        partial state may still be viable, but typically, booting from
+        captured disk state without corresponding memory is comparable
+        to rebooting a machine that had power cut before I/O could be
+        flushed. Guests may need to use proper journaling methods to
+        avoid problems when booting from partial state.
+      </dd>
+
+      <dt>Quiescing of data</dt>
+      <dd>Even if a guest has no pending I/O, capturing disk state may
+        catch the guest at a time when the contents of the disk are
+        inconsistent. Cooperating with the guest to perform data
+        quiescing is an optional step to ensure that captured disk
+        state is fully consistent without requiring additional memory
+        state, rather than just crash-consistent.  But guest
+        cooperation may also have time constraints, where the guest
+        can rightfully panic if there is too much downtime while I/O
+        is frozen.
+      </dd>
+
+      <dt>Quantity of files</dt>
+      <dd>When capturing state, some approaches store all state within
+        the same file (internal), while others expand a chain of
+        related files that must be used together (external), for more
+        files that a management application must track.
+      </dd>
+
+      <dt>Impact to guest definition</dt>
+      <dd>Capturing state may require temporary changes to the guest
+        definition, such as associating new files into the domain
+        definition. While state capture should never impact the
+        running guest, a change to the domain's active XML may have
+        impact on other host operations being performed on the domain.
+      </dd>
+
+      <dt>Third-party integration</dt>
+      <dd>When capturing state, there are tradeoffs to how much of the
+        process must be done directly by the hypervisor, and how much
+        can be off-loaded to third-party software.  Since capturing
+        state is not instantaneous, it is essential that any
+        third-party integration see consistent data even if the
+        running guest continues to modify that data after the point in
+        time of the capture.</dd>
+
+      <dt>Full vs. incremental</dt>
+      <dd>When periodically repeating the action of state capture, it
+        is useful to minimize the amount of state that must be
+        captured by exploiting the relation to a previous capture,
+        such as focusing only on the portions of the disk that the
+        guest has modified in the meantime.  Some approaches are able
+        to take advantage of checkpoints to provide an incremental
+        backup, while others are only capable of a full backup even if
+        that means re-capturing unchanged portions of the disk.</dd>
+
+      <dt>Local vs. remote</dt>
+      <dd>Domains that completely use remote storage may only need
+        some mechanism to keep track of guest memory state while using
+        external means to manage storage. Still, hypervisor and guest
+        cooperation to ensure points in time when no I/O is in flight
+        across the network can be important for properly capturing
+        disk state.</dd>
+
+      <dt>Network latency</dt>
+      <dd>Whether it's domain storage or saving domain state into
+        remote storage, network latency has an impact on snapshot
+        data. Having dedicated network capacity, bandwidth, or quality
+        of service levels may play a role, as well as planning for how
+        much of the backup process needs to be local.</dd>
+    </dl>
+
+    <p>
+      An example of the various facets in action is migration of a
+      running guest. In order for the guest to be able to resume on
+      the destination at the same place it left off at the source, the
+      hypervisor has to get to a point where execution on the source
+      is stopped, the last remaining changes occurring since the
+      migration started are then transferred, and the guest is started
+      on the target. The management software thus must keep track of
+      the starting point and any changes since the starting
+      point. These last changes are often referred to as dirty page
+      tracking or dirty disk block bitmaps. At some point in time
+      during the migration, the management software must freeze the
+      source guest, transfer the dirty data, and then start the guest
+      on the target. This period of time must be minimal. To minimize
+      overall migration time, one is advised to use a dedicated
+      network connection with a high quality of service. Alternatively
+      saving the current state of the running guest can just be a
+      point in time type operation which doesn't require updating the
+      "last vestiges" of state prior to writing out the saved state
+      file. The state file is the point in time of whatever is current
+      and may contain incomplete data which if used to restart the
+      guest could cause confusion or problems because some operation
+      wasn't completed depending upon where in time the operation was
+      commenced.
+    </p>
+
+    <h2><a id="apis">State capture APIs</a></h2>
+    <p>With those definitions, the following libvirt APIs related to
+      state capture have these properties:</p>
+    <dl>
+      <dt><a href="html/libvirt-libvirt-domain.html#virDomainManagedSave"><code>virDomainManagedSave</code></a></dt>
+      <dd>This API saves guest memory, with libvirt managing all of
+        the saved state, then stops the guest. While stopped, the
+        disks can be copied by a third party.  However, since any
+        subsequent restart of the guest by libvirt API will restore
+        the memory state (which typically only works if the disk state
+        is unchanged in the meantime), and since it is not possible to
+        get at the memory state that libvirt is managing, this is not
+        viable as a means for rolling back to earlier saved states,
+        but is rather more suited to situations such as suspending a
+        guest prior to rebooting the host in order to resume the guest
+        when the host is back up. This API also has a drawback of
+        potentially long guest downtime, and therefore does not lend
+        itself well to live backups.</dd>
+
+      <dt><a href="html/libvirt-libvirt-domain.html#virDomainSave"><code>virDomainSave</code></a></dt>
+      <dd>This API is similar to virDomainManagedSave(), but moves the
+        burden on managing the stored memory state to the user. As
+        such, the user can now couple saved state with copies of the
+        disks to perform a revert to an arbitrary earlier saved state.
+        However, changing who manages the memory state does not change
+        the drawback of potentially long guest downtime when capturing
+        state.</dd>
+
+      <dt><a href="html/libvirt-libvirt-domain-snapshot.html#virDomainSnapshotCreateXML"><code>virDomainSnapshotCreateXML</code></a></dt>
+      <dd>This API wraps several approaches for capturing guest state,
+        with a general premise of creating a snapshot (where the
+        current guest resources are frozen in time and a new wrapper
+        layer is opened for tracking subsequent guest changes).  It
+        can operate on both offline and running guests, can choose
+        whether to capture the state of memory, disk, or both when
+        used on a running guest, and can choose between internal and
+        external storage for captured state.  However, it is geared
+        towards post-event captures (when capturing both memory and
+        disk state, the disk state is not captured until all memory
+        state has been collected first).  Using QEMU as the
+        hypervisor, internal snapshots currently have lengthy downtime
+        that is incompatible with freezing guest I/O, but external
+        snapshots are quick when memory contents are not also saved.
+        Since creating an external snapshot changes which disk image
+        resource is in use by the guest, this API can be coupled
+        with <a href="html/libvirt-libvirt-domain.html#virDomainBlockCommit"><code>virDomainBlockCommit()</code></a>
+        to restore things back to the guest using its original disk
+        image, where a third-party tool can read the backing file
+        prior to the live commit.  See also
+        the <a href="formatsnapshot.html">XML details</a> used with
+        this command.</dd>
+
+      <dt><a href="html/libvirt-libvirt-domain.html#virDomainFSFreeze"><code>virDomainFSFreeze</code></a>, <a href="html/libvirt-libvirt-domain.html#virDomainFSThaw"><code>virDomainFSThaw</code></a></dt>
+      <dd>This pair of APIs does not directly capture guest state, but
+        can be used to coordinate with a trusted live guest that state
+        capture is about to happen, and therefore guest I/O should be
+        quiesced so that the state capture is fully consistent, rather
+        than merely crash consistent.  Some APIs are able to
+        automatically perform a freeze and thaw via a flags parameter,
+        rather than having to make separate calls to these
+        functions. Also, note that freezing guest I/O is only possible
+        with trusted guests running a guest agent, and that some
+        guests place maximum time limits on how long I/O can be
+        frozen.</dd>
+
+      <dt><a href="html/libvirt-libvirt-domain-checkpoint.html#virDomainCheckpointCreateXML"><code>virDomainCheckpointCreateXML</code></a></dt>
+      <dd>This API does not actually capture guest state, rather it
+        makes it possible to track which portions of guest disks have
+        changed between a checkpoint and the current live execution of
+        the guest.  However, while it is possible use this API to
+        create checkpoints in isolation, it is more typical to create
+        a checkpoint as a side-effect of starting a new incremental
+        backup with <code>virDomainBackupBegin()</code> or at the
+        creation of an external snapshot
+        with <code>virDomainSnapshotCreateXML2()</code>, since a
+        second incremental backup is most useful when using the
+        checkpoint created during the first.  See also
+        the <a href="formatcheckpoint.html">XML details</a> used with
+        this command.</dd>
+
+      <dt><a href="html/libvirt-libvirt-domain.html#virDomainBackupBegin"><code>virDomainBackupBegin</code></a>, <a href="html/libvirt-libvirt-domain.html#virDomainBackupEnd"><code>virDomainBackupEnd</code></a></dt>
+      <dd>This API wraps approaches for capturing the state of disks
+        of a running guest, but does not track accompanying guest
+        memory state.  The capture is consistent to the start of the
+        operation, where the captured state is stored independently
+        from the disk image in use with the guest and where it can be
+        easily integrated with a third-party for capturing the disk
+        state.  Since the backup operation is stored externally from
+        the guest resources, there is no need to commit data back in
+        at the completion of the operation.  When coupled with
+        checkpoints, this can be used to capture incremental backups
+        instead of full.</dd>
+    </dl>
+
+    <h2><a id="examples">Examples</a></h2>
+    <p>The following two sequences both accomplish the task of
+      capturing the disk state of a running guest, then wrapping
+      things up so that the guest is still running with the same file
+      as its disk image as before the sequence of operations began.
+      The difference between the two sequences boils down to the
+      impact of an unexpected interruption made at any point in the
+      middle of the sequence: with such an interruption, the first
+      example leaves the guest tied to a temporary wrapper file rather
+      than the original disk, and requires manual clean up of the
+      domain definition; while the second example has no impact to the
+      domain definition.</p>
+
+    <p>1. Backup via temporary snapshot
+      <pre>
+virDomainFSFreeze()
+virDomainSnapshotCreateXML(VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY)
+virDomainFSThaw()
+third-party copy the backing file to backup storage # most time spent here
+virDomainBlockCommit(VIR_DOMAIN_BLOCK_COMMIT_ACTIVE) per disk
+wait for commit ready event per disk
+virDomainBlockJobAbort() per disk
+      </pre></p>
+
+    <p>2. Direct backup
+      <pre>
+virDomainFSFreeze()
+virDomainBackupBegin()
+virDomainFSThaw()
+wait for push mode event, or pull data over NBD # most time spent here
+virDomainBackupEnd()
+    </pre></p>
+
+  </body>
+</html>

docs/kbase/launch_security_sev.html.in

@@ -0,0 +1,521 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <body>
+    <h1>Launch security with AMD SEV</h1>
+
+    <ul id="toc"></ul>
+
+    <p>
+        Storage encryption in modern public cloud computing is a common practice.
+        However, from the point of view of a user of these cloud workloads, a
+        significant amount of trust needs to be put in the cloud platform security as
+        well as integrity (was the hypervisor tampered?). For this reason there's ever
+        rising demand for securing data in use, i.e. memory encryption.
+        One of the solutions addressing this matter is AMD SEV.
+    </p>
+
+    <h2>AMD SEV</h2>
+    <p>
+        SEV (Secure Encrypted Virtualization) is a feature extension of AMD's SME (Secure
+        Memory Encryption) intended for KVM virtual machines which is supported
+        primarily on AMD's EPYC CPU line. In contrast to SME, SEV uses a unique memory encryption
+        key for each VM. The whole encryption of memory pages is completely transparent
+        to the hypervisor and happens inside dedicated hardware in the on-die memory controller.
+        Each controller includes a high-performance Advanced Encryption Standard
+        (AES) engine that encrypts data when it is written to DRAM and decrypts it
+        when read.
+
+        For more details about the technology itself, you can visit
+      <a href="https://developer.amd.com/sev/">AMD's developer portal</a>.
+    </p>
+
+    <h2><a id="Host">Enabling SEV on the host</a></h2>
+      <p>
+          Before VMs can make use of the SEV feature you need to make sure your
+          AMD CPU does support SEV. You can check whether SEV is among the CPU
+          flags with:
+      </p>
+
+      <pre>
+$ cat /proc/cpuinfo | grep sev
+...
+sme ssbd sev ibpb</pre>
+
+      <p>
+          Next step is to enable SEV in the kernel, because it is disabled by default.
+          This is done by putting the following onto the kernel command line:
+      </p>
+
+      <pre>
+mem_encrypt=on kvm_amd.sev=1
+      </pre>
+
+      <p>
+          To make the changes persistent, append the above to the variable holding
+          parameters of the kernel command line in
+          <code>/etc/default/grub</code> to preserve SEV settings across reboots
+      </p>
+
+      <pre>
+$ cat /etc/default/grub
+...
+GRUB_CMDLINE_LINUX="... mem_encrypt=on kvm_amd.sev=1"
+$ grub2-mkconfig -o /boot/efi/EFI/&lt;distro&gt;/grub.cfg</pre>
+
+      <p>
+        <code>mem_encrypt=on</code> turns on the SME memory encryption feature on
+        the host which protects against the physical attack on the hypervisor
+        memory. The <code>kvm_amd.sev</code> parameter actually enables SEV in
+        the kvm module. It can be set on the command line alongside
+        <code>mem_encrypt</code> like shown above, or it can be put into a
+        module config under <code>/etc/modprobe.d/</code>
+      </p>
+
+      <pre>
+$ cat /etc/modprobe.d/sev.conf
+options kvm_amd sev=1
+      </pre>
+
+      <p>
+          After rebooting the host, you should see SEV being enabled in the kernel:
+      </p>
+
+      <pre>
+$ cat /sys/module/kvm_amd/parameters/sev
+1
+      </pre>
+
+      <h2><a id="Virt">Checking SEV support in the virt stack</a></h2>
+      <p>
+        <b>Note: All of the commands bellow need to be run with root privileges.</b>
+      </p>
+
+      <p>
+          First make sure you have the following packages in the specified versions:
+      </p>
+
+      <ul>
+        <li>
+            libvirt >= 4.5.0 (>5.1.0 recommended due to additional SEV bugfixes)
+        </li>
+        <li>
+            QEMU >= 2.12.0
+        </li>
+      </ul>
+      <p>
+          To confirm that the virtualization stack supports SEV, run the following:
+      </p>
+
+      <pre>
+# virsh domcapabilities
+&lt;domainCapabilities&gt;
+...
+  &lt;features&gt;
+    ...
+    &lt;sev supported='yes'&gt;
+      &lt;cbitpos&gt;47&lt;/cbitpos&gt;
+      &lt;reducedPhysBits&gt;1&lt;/reducedPhysBits&gt;
+    &lt;/sev&gt;
+    ...
+  &lt;/features&gt;
+&lt;/domainCapabilities&gt;</pre>
+      <p>
+          Note that if libvirt was already installed and libvirtd running before enabling SEV in the kernel followed by the host reboot you need to force libvirtd
+          to re-probe both the host and QEMU capabilities. First stop libvirtd:
+      </p>
+
+      <pre>
+# systemctl stop libvirtd.service
+      </pre>
+
+      <p>
+          Now you need to clean the capabilities cache:
+      </p>
+
+      <pre>
+# rm -f /var/cache/libvirt/qemu/capabilities/*
+      </pre>
+
+      <p>
+          If you now restart libvirtd, it will re-probe the capabilities and if
+          you now run:
+      </p>
+
+      <pre>
+# virsh domcapabilities
+      </pre>
+
+      <p>
+          SEV should be listed as supported. If you still see:
+      </p>
+
+      <pre>
+&lt;sev supported='no'/&gt;
+      </pre>
+
+      <p>
+          it means one of two things:
+        <ol>
+          <li>
+              libvirt does support SEV, but either QEMU or the host does not
+          </li>
+          <li>
+            you have libvirt &lt;=5.1.0 which suffered from getting a
+            <code>'Permission denied'</code> on <code>/dev/sev</code> because
+            of the default permissions on the character device which prevented
+            QEMU from opening it during capabilities probing - you can either
+            manually tweak the permissions so that QEMU has access to it or
+            preferably install libvirt 5.1.0 or higher
+          </li>
+        </ol>
+      </p>
+
+    <h2><a id="Configuration">VM Configuration</a></h2>
+    <p>
+        SEV is enabled in the XML by specifying the
+      <a href="https://libvirt.org/formatdomain.html#launchSecurity">&lt;launchSecurity&gt; </a> element. However, specifying <code>launchSecurity</code> isn't
+        enough to boot an SEV VM. Further configuration requirements are discussed
+          below.
+      </p>
+
+      <h3><a id="Machine">Machine type</a></h3>
+      <p>
+          Even though both Q35 and legacy PC machine types (for PC see also
+          "virtio") can be used with SEV, usage of the legacy PC machine type is
+          strongly discouraged, since depending on how your OVMF package was
+          built (e.g. including features like SecureBoot or SMM) Q35 may even be
+          required.
+      </p>
+
+      <h5>Q35</h5>
+<pre>
+...
+&lt;os&gt;
+  &lt;type arch='x86_64' machine='pc-q35-3.0'&gt;hvm&lt;/type&gt;
+  ...
+&lt;/os&gt;
+...</pre>
+
+      <h5>i440fx (discouraged)</h5>
+      <pre>
+...
+&lt;os&gt;
+  &lt;type arch='x86_64' machine='pc-i440fx-3.0'&gt;hvm&lt;/type&gt;
+  ...
+&lt;/os&gt;
+...
+      </pre>
+
+      <h3><a id="Boot">Boot loader</a></h3>
+      <p>
+          SEV is only going to work with OVMF (UEFI), so you'll need to point libvirt to
+          the correct OVMF binary.
+      </p>
+      <pre>
+...
+&lt;os&gt;
+  &lt;type arch='x86_64' machine='pc-q35-3.0'&gt;hvm&lt;/type&gt;
+  &lt;loader readonly='yes' type='pflash'&gt;/usr/share/edk2/ovmf/OVMF_CODE.fd&lt;/loader&gt;
+&lt;/os&gt;
+...</pre>
+
+      <h3><a id="Memory">Memory</a></h3>
+      <p>
+          Internally, SEV expects that the encrypted memory pages won't be swapped out or move
+          around so the VM memory needs to be pinned in physical RAM which will be
+          handled by QEMU. Apart from that, certain memory regions allocated by QEMU
+          itself (UEFI pflash, device ROMs, video RAM, etc.) have to be encrypted as
+          well. This causes a conflict in how libvirt tries to protect the host.
+          By default, libvirt enforces a memory hard limit on each VM's cgroup in order
+          to protect the host from malicious QEMU to allocate and lock all the available
+          memory. This limit corresponds to the total memory allocation for the VM given
+          by <code>&lt;currentMemory&gt;</code> element. However, trying to account for the additional
+          memory regions QEMU allocates when calculating the limit in an automated manner
+          is non-deterministic. One way to resolve this is to set the hard limit manually.
+
+        <p>
+          Note: Figuring out the right number so that your guest boots and isn't killed is
+          challenging, but 256MiB extra memory over the total guest RAM should suffice for
+          most workloads and may serve as a good starting point.
+
+          For example, a domain with 4GB memory with a 256MiB extra hard limit would look
+          like this:
+        </p>
+      </p>
+
+      <pre>
+# virsh edit &lt;domain&gt;
+&lt;domain&gt;
+  ...
+  &lt;currentMemory unit='KiB'&gt;4194304&lt;/currentMemory&gt;
+  &lt;memtune&gt;
+    &lt;hard_limit unit='KiB'&gt;4456448&lt;/hard_limit&gt;
+  &lt;/memtune&gt;
+  ...
+&lt;/domain&gt;</pre>
+      <p>
+          There's another, preferred method of taking care of the limits by
+          using the<code>&lt;memoryBacking&gt;</code> element along with the
+          <code>&lt;locked/&gt;</code> subelement:
+        </p>
+
+      <pre>
+&lt;domain&gt;
+  ...
+  &lt;memoryBacking&gt;
+    &lt;locked/&gt;
+  &lt;/memoryBacking&gt;
+  ...
+&lt;/domain&gt;</pre>
+
+      <p>
+          What that does is that it tells libvirt not to force any hard limit (well,
+          unlimited) upon the VM cgroup. The obvious advantage is that one doesn't need
+          to determine the hard limit for every single SEV-enabled VM. However, there is
+          a significant security-related drawback to this approach. Since no hard limit
+          is applied, a malicious QEMU could perform a DoS attack by locking all of the
+          host's available memory. The way to avoid this issue and to protect the host is
+          to enforce a bigger hard limit on the master cgroup containing all of the VMs
+          - on systemd this is <code>machine.slice</code>.
+      </p>
+
+      <pre>
+# systemctl set-property machine.slice MemoryHigh=&lt;value&gt;</pre>
+
+      <p>
+          To put even stricter measures in place which would involve the OOM killer, use
+        <pre>
+# systemctl set-property machine.slice MemoryMax=&lt;value&gt;</pre>
+          instead. Alternatively, you can create a systemd config (don't forget
+          to reload systemd configuration in this case):
+        <pre>
+# cat &lt;&lt; EOF &gt; /etc/systemd/system.control/machine.slice.d/90-MemoryMax.conf
+MemoryMax=&lt;value&gt;
+EOF</pre>
+          The trade-off to keep in mind with the second approach is that the VMs
+          can still perform DoS on each other.
+      </p>
+
+      <h3><a id="Virtio">Virtio</a></h3>
+      <p>
+          In order to make virtio devices work, we need to enable emulated IOMMU
+          on the devices so that virtual DMA can work.
+      </p>
+
+      <pre>
+# virsh edit &lt;domain&gt;
+&lt;domain&gt;
+  ...
+  &lt;controller type='virtio-serial' index='0'&gt;
+    &lt;driver iommu='on'/&gt;
+  &lt;/controller&gt;
+  &lt;controller type='scsi' index='0' model='virtio-scsi'&gt;
+    &lt;driver iommu='on'/&gt;
+  &lt;/controller&gt;
+  ...
+  &lt;memballoon model='virtio'&gt;
+    &lt;driver iommu='on'/&gt;
+  &lt;/memballoon&gt;
+  &lt;rng model='virtio'&gt;
+    &lt;backend model='random'&gt;/dev/urandom&lt;/backend&gt;
+    &lt;driver iommu='on'/&gt;
+  &lt;/rng&gt;
+  ...
+&lt;domain&gt;</pre>
+
+    <p>
+        If you for some reason want to use the legacy PC machine type, further changes
+        to the virtio
+        configuration is required, because SEV will not work with Virtio &lt;1.0. In
+        libvirt, this is handled by using the virtio-non-transitional device model
+        (libvirt &gt;= 5.2.0 required).
+
+      <p>
+        Note: some devices like video devices don't
+          support non-transitional model, which means that virtio GPU cannot be used.
+      </p>
+    </p>
+
+    <pre>
+&lt;domain&gt;
+  ...
+  &lt;devices&gt;
+    ...
+    &lt;memballoon model='virtio-non-transitional'&gt;
+      &lt;driver iommu='on'/&gt;
+    &lt;/memballoon&gt;
+  &lt;/devices&gt;
+  ...
+&lt;/domain&gt;</pre>
+
+    <h2><a id="Limitations">Limitations</a></h2>
+    <p>
+        Currently, the boot disk cannot be of type virtio-blk, instead, virtio-scsi
+        needs to be used if virtio is desired. This limitation is expected to be lifted
+        with future releases of kernel (the kernel used at the time of writing the
+        article is 5.0.14).
+        If you still cannot start an SEV VM, it could be because of wrong SELinux label on the <code>/dev/sev</code> device with selinux-policy &lt;3.14.2.40 which prevents QEMU from touching the device. This can be resolved by upgrading the package, tuning the selinux policy rules manually to allow svirt_t to access the device (see <code>audit2allow</code> on how to do that) or putting SELinux into permissive mode (discouraged).
+    </p>
+
+    <h2><a id="Examples">Full domain XML examples</a></h2>
+
+    <h5>Q35 machine</h5>
+    <pre>
+&lt;domain type='kvm'&gt;
+  &lt;name&gt;sev-dummy&lt;/name&gt;
+  &lt;memory unit='KiB'&gt;4194304&lt;/memory&gt;
+  &lt;currentMemory unit='KiB'&gt;4194304&lt;/currentMemory&gt;
+  &lt;memoryBacking&gt;
+    &lt;locked/&gt;
+  &lt;/memoryBacking&gt;
+  &lt;vcpu placement='static'&gt;4&lt;/vcpu&gt;
+  &lt;os&gt;
+    &lt;type arch='x86_64' machine='pc-q35-3.0'&gt;hvm&lt;/type&gt;
+    &lt;loader readonly='yes' type='pflash'&gt;/usr/share/edk2/ovmf/OVMF_CODE.fd&lt;/loader&gt;
+    &lt;nvram&gt;/var/lib/libvirt/qemu/nvram/sev-dummy_VARS.fd&lt;/nvram&gt;
+  &lt;/os&gt;
+  &lt;features&gt;
+    &lt;acpi/&gt;
+    &lt;apic/&gt;
+    &lt;vmport state='off'/&gt;
+  &lt;/features&gt;
+  &lt;cpu mode='host-model' check='partial'&gt;
+    &lt;model fallback='allow'/&gt;
+  &lt;/cpu&gt;
+  &lt;clock offset='utc'&gt;
+    &lt;timer name='rtc' tickpolicy='catchup'/&gt;
+    &lt;timer name='pit' tickpolicy='delay'/&gt;
+    &lt;timer name='hpet' present='no'/&gt;
+  &lt;/clock&gt;
+  &lt;on_poweroff&gt;destroy&lt;/on_poweroff&gt;
+  &lt;on_reboot&gt;restart&lt;/on_reboot&gt;
+  &lt;on_crash&gt;destroy&lt;/on_crash&gt;
+  &lt;pm&gt;
+    &lt;suspend-to-mem enabled='no'/&gt;
+    &lt;suspend-to-disk enabled='no'/&gt;
+  &lt;/pm&gt;
+  &lt;devices&gt;
+    &lt;emulator&gt;/usr/bin/qemu-kvm&lt;/emulator&gt;
+    &lt;disk type='file' device='disk'&gt;
+      &lt;driver name='qemu' type='qcow2'/&gt;
+      &lt;source file='/var/lib/libvirt/images/sev-dummy.qcow2'/&gt;
+      &lt;target dev='sda' bus='scsi'/&gt;
+      &lt;boot order='1'/&gt;
+    &lt;/disk&gt;
+    &lt;controller type='virtio-serial' index='0'&gt;
+      &lt;driver iommu='on'/&gt;
+    &lt;/controller&gt;
+    &lt;controller type='scsi' index='0' model='virtio-scsi'&gt;
+      &lt;driver iommu='on'/&gt;
+    &lt;/controller&gt;
+    &lt;interface type='network'&gt;
+      &lt;mac address='52:54:00:cc:56:90'/&gt;
+      &lt;source network='default'/&gt;
+      &lt;model type='virtio'/&gt;
+      &lt;driver iommu='on'/&gt;
+    &lt;/interface&gt;
+    &lt;graphics type='spice' autoport='yes'&gt;
+      &lt;listen type='address'/&gt;
+      &lt;gl enable='no'/&gt;
+    &lt;/graphics&gt;
+    &lt;video&gt;
+      &lt;model type='qxl'/&gt;
+    &lt;/video&gt;
+    &lt;memballoon model='virtio'&gt;
+      &lt;driver iommu='on'/&gt;
+    &lt;/memballoon&gt;
+    &lt;rng model='virtio'&gt;
+      &lt;driver iommu='on'/&gt;
+    &lt;/rng&gt;
+  &lt;/devices&gt;
+  &lt;launchSecurity type='sev'&gt;
+    &lt;cbitpos&gt;47&lt;/cbitpos&gt;
+    &lt;reducedPhysBits&gt;1&lt;/reducedPhysBits&gt;
+    &lt;policy&gt;0x0003&lt;/policy&gt;
+  &lt;/launchSecurity&gt;
+&lt;/domain&gt;</pre>
+
+    <h5>PC-i440fx machine:</h5>
+    <pre>
+&lt;domain type='kvm'&gt;
+  &lt;name&gt;sev-dummy-legacy&lt;/name&gt;
+  &lt;memory unit='KiB'&gt;4194304&lt;/memory&gt;
+  &lt;currentMemory unit='KiB'&gt;4194304&lt;/currentMemory&gt;
+  &lt;memtune&gt;
+    &lt;hard_limit unit='KiB'&gt;5242880&lt;/hard_limit&gt;
+  &lt;/memtune&gt;
+  &lt;vcpu placement='static'&gt;4&lt;/vcpu&gt;
+  &lt;os&gt;
+    &lt;type arch='x86_64' machine='pc-i440fx-3.0'&gt;hvm&lt;/type&gt;
+    &lt;loader readonly='yes' type='pflash'&gt;/usr/share/edk2/ovmf/OVMF_CODE.fd&lt;/loader&gt;
+    &lt;nvram&gt;/var/lib/libvirt/qemu/nvram/sev-dummy_VARS.fd&lt;/nvram&gt;
+    &lt;boot dev='hd'/&gt;
+  &lt;/os&gt;
+  &lt;features&gt;
+  &lt;acpi/&gt;
+  &lt;apic/&gt;
+  &lt;vmport state='off'/&gt;
+  &lt;/features&gt;
+  &lt;cpu mode='host-model' check='partial'&gt;
+    &lt;model fallback='allow'/&gt;
+  &lt;/cpu&gt;
+  &lt;clock offset='utc'&gt;
+    &lt;timer name='rtc' tickpolicy='catchup'/&gt;
+    &lt;timer name='pit' tickpolicy='delay'/&gt;
+    &lt;timer name='hpet' present='no'/&gt;
+  &lt;/clock&gt;
+  &lt;on_poweroff&gt;destroy&lt;/on_poweroff&gt;
+  &lt;on_reboot&gt;restart&lt;/on_reboot&gt;
+  &lt;on_crash&gt;destroy&lt;/on_crash&gt;
+  &lt;pm&gt;
+    &lt;suspend-to-mem enabled='no'/&gt;
+    &lt;suspend-to-disk enabled='no'/&gt;
+  &lt;/pm&gt;
+  &lt;devices&gt;
+    &lt;emulator&gt;/usr/bin/qemu-kvm&lt;/emulator&gt;
+    &lt;disk type='file' device='disk'&gt;
+      &lt;driver name='qemu' type='qcow2'/&gt;
+      &lt;source file='/var/lib/libvirt/images/sev-dummy-seabios.qcow2'/&gt;
+      &lt;target dev='sda' bus='sata'/&gt;
+    &lt;/disk&gt;
+    &lt;interface type='network'&gt;
+      &lt;mac address='52:54:00:d8:96:c8'/&gt;
+      &lt;source network='default'/&gt;
+      &lt;model type='virtio-non-transitional'/&gt;
+    &lt;/interface&gt;
+    &lt;serial type='pty'&gt;
+      &lt;target type='isa-serial' port='0'&gt;
+        &lt;model name='isa-serial'/&gt;
+      &lt;/target&gt;
+    &lt;/serial&gt;
+    &lt;console type='pty'&gt;
+      &lt;target type='serial' port='0'/&gt;
+    &lt;/console&gt;
+    &lt;input type='tablet' bus='usb'&gt;
+      &lt;address type='usb' bus='0' port='1'/&gt;
+    &lt;/input&gt;
+    &lt;input type='mouse' bus='ps2'/&gt;
+    &lt;input type='keyboard' bus='ps2'/&gt;
+    &lt;graphics type='spice' autoport='yes'&gt;
+      &lt;listen type='address'/&gt;
+      &lt;gl enable='no'/&gt;
+    &lt;/graphics&gt;
+    &lt;video&gt;
+      &lt;model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/&gt;
+    &lt;/video&gt;
+    &lt;memballoon model='virtio-non-transitional'&gt;
+      &lt;driver iommu='on'/&gt;
+    &lt;/memballoon&gt;
+      &lt;rng model='virtio-non-transitional'&gt;
+    &lt;driver iommu='on'/&gt;
+    &lt;/rng&gt;
+  &lt;/devices&gt;
+  &lt;launchSecurity type='sev'&gt;
+    &lt;cbitpos&gt;47&lt;/cbitpos&gt;
+    &lt;reducedPhysBits&gt;1&lt;/reducedPhysBits&gt;
+    &lt;policy&gt;0x0003&lt;/policy&gt;
+  &lt;/launchSecurity&gt;
+&lt;/domain&gt;</pre>
+  </body>
+</html>

docs/libvirt.css

@@ -274,6 +274,12 @@ span.since {
     font-weight: bold;
 }
 
+span.removed {
+    color: darkred;
+    font-style: italic;
+    font-weight: bold;
+}
+
 img.diagram {
     background: rgb(230,230,230);
     border: 2px dotted rgb(178,178,178);
@@ -581,3 +587,22 @@ td.enumvalue {
 #advancedsearch label {
     display: inline;
 }
+
+.removedhv {
+    color: darkred;
+}
+
+ul.news-section-content {
+    margin-top: 0.5em;
+}
+
+ul.news-section-content li dl dt {
+    margin: 0;
+}
+
+ul.news-section-content li dl dd {
+    margin-left: 1em;
+    margin-right: 0;
+    margin-top: 0.5em;
+    margin-bottom: 0.5em;
+}

docs/logos/README

@@ -62,6 +62,18 @@ format:
    Bitmap sizes: 257x92, 800x286 px
 
 
+ - logo-sticker-square.svg
+
+   A logo formatted into a square shape with outline, suitable for printing
+   as a sticker. See https://github.com/terinjokes/StickerConstructorSpec
+
+
+ - logo-sticker-hexagon.svg
+
+   A logo formatted into a hexagon shape with outline, suitable for printing
+   as a sticker. See https://github.com/terinjokes/StickerConstructorSpec
+
+
 PNG file creation
 =================
 

docs/logos/logo-sticker-hexagon.svg

@@ -0,0 +1,841 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:xlink="http://www.w3.org/1999/xlink"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="8.5in"
+   height="11in"
+   viewBox="0 0 765.00001 990.00003"
+   id="svg7307"
+   version="1.1"
+   inkscape:version="0.92.2 (5c3e80d, 2017-08-06)"
+   sodipodi:docname="logo-sticker-hexagon.svg">
+  <defs
+     id="defs7309">
+    <filter
+       style="color-interpolation-filters:sRGB"
+       inkscape:label="Drop Shadow"
+       id="filter5799">
+      <feFlood
+         flood-opacity="1"
+         flood-color="rgb(0,0,0)"
+         result="flood"
+         id="feFlood5801" />
+      <feComposite
+         in="flood"
+         in2="SourceGraphic"
+         operator="in"
+         result="composite1"
+         id="feComposite5803" />
+      <feGaussianBlur
+         in="composite1"
+         stdDeviation="6"
+         result="blur"
+         id="feGaussianBlur5805" />
+      <feOffset
+         dx="6"
+         dy="6"
+         result="offset"
+         id="feOffset5807" />
+      <feComposite
+         in="SourceGraphic"
+         in2="offset"
+         operator="over"
+         result="composite2"
+         id="feComposite5809" />
+    </filter>
+    <mask
+       maskUnits="userSpaceOnUse"
+       id="mask3913">
+      <path
+         style="fill:#2f6962"
+         id="path3915"
+         d="M 95.108,61.776 244.59,10.309 c 15.666,-5.394 32.738,2.933 38.132,18.599 l 39.799,115.58 c 5.394,15.666 -2.932,32.738 -18.598,38.131 l -103.98,35.801 z"
+         inkscape:connector-curvature="0" />
+    </mask>
+    <mask
+       maskUnits="userSpaceOnUse"
+       id="mask4168">
+      <path
+         style="fill:#7c858c"
+         id="path4170"
+         d="m 113.124,36.661 c 17.233,36.62 75.371,131.675 105.366,171.054 -4.069,13.505 -18.428,20.812 -30.299,17.44 L 72.849,58.555 C 72.779,46.208 95.748,31.956 113.124,36.661 Z"
+         sodipodi:nodetypes="ccccc"
+         inkscape:connector-curvature="0" />
+    </mask>
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3821"
+       id="linearGradient7006"
+       gradientUnits="userSpaceOnUse"
+       x1="128.61047"
+       y1="239.37396"
+       x2="138.61214"
+       y2="267.79517" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3821">
+      <stop
+         style="stop-color:#3e3e3e;stop-opacity:1;"
+         offset="0"
+         id="stop3823" />
+      <stop
+         style="stop-color:#3e3e3e;stop-opacity:0;"
+         offset="1"
+         id="stop3825" />
+    </linearGradient>
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3985"
+       id="linearGradient7008"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="translate(0,-2)"
+       x1="173.70392"
+       y1="267.11093"
+       x2="166.66296"
+       y2="246.63959" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3985">
+      <stop
+         style="stop-color:#c8c7c5;stop-opacity:1;"
+         offset="0"
+         id="stop3987" />
+      <stop
+         style="stop-color:#c8c7c5;stop-opacity:0;"
+         offset="1"
+         id="stop3989" />
+    </linearGradient>
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient4501"
+       id="radialGradient3548"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(1.5433331,-0.1032133,0.09131267,1.3653854,-130.42141,-95.005447)"
+       cx="197.5676"
+       cy="252.71837"
+       fx="197.5676"
+       fy="252.71837"
+       r="166.51035" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient4501">
+      <stop
+         style="stop-color:#ffffff;stop-opacity:1;"
+         offset="0"
+         id="stop4503" />
+      <stop
+         style="stop-color:#ffffff;stop-opacity:0;"
+         offset="1"
+         id="stop4505" />
+    </linearGradient>
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient4501"
+       id="radialGradient3552"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(1.870471,-0.6430111,0.256613,0.7464679,-116.69068,109.71214)"
+       cx="135.63954"
+       cy="12.000564"
+       fx="135.63954"
+       fy="12.000564"
+       r="161.65305" />
+    <filter
+       inkscape:label="Ridged Border"
+       inkscape:menu="Bevels"
+       inkscape:menu-tooltip="Ridged border with inner bevel"
+       style="color-interpolation-filters:sRGB"
+       id="filter5576">
+      <feMorphology
+         radius="4.3"
+         in="SourceAlpha"
+         result="result91"
+         id="feMorphology5578" />
+      <feComposite
+         operator="out"
+         in="SourceGraphic"
+         in2="result91"
+         id="feComposite5580" />
+      <feGaussianBlur
+         result="result0"
+         stdDeviation="1.2"
+         id="feGaussianBlur5582" />
+      <feDiffuseLighting
+         diffuseConstant="1"
+         id="feDiffuseLighting5584">
+        <feDistantLight
+           elevation="66"
+           azimuth="225"
+           id="feDistantLight5586" />
+      </feDiffuseLighting>
+      <feBlend
+         mode="multiply"
+         in2="SourceGraphic"
+         id="feBlend5588" />
+      <feComposite
+         operator="in"
+         in2="SourceAlpha"
+         id="feComposite5590" />
+    </filter>
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3301"
+       id="linearGradient7010"
+       gradientUnits="userSpaceOnUse"
+       x1="227.66476"
+       y1="217.85138"
+       x2="227.66476"
+       y2="275.00342" />
+    <linearGradient
+       id="linearGradient3301">
+      <stop
+         id="stop3303"
+         offset="0"
+         style="stop-color:#ffffff;stop-opacity:1;" />
+      <stop
+         id="stop3305"
+         offset="1"
+         style="stop-color:#868686;stop-opacity:1;" />
+    </linearGradient>
+    <mask
+       maskUnits="userSpaceOnUse"
+       id="mask4481">
+      <path
+         style="clip-rule:evenodd;fill:#aaaaaa;fill-rule:evenodd"
+         id="path4483"
+         d="m 213.96734,236.83626 c -1.97572,1.50086 -5.71734,14.75814 -3.57441,17.84065 3.18643,4.58465 22.42412,-12.69851 20.66112,-17.24646 -1.81294,-4.67518 -15.35694,-1.41227 -17.08671,-0.59419 z m -9.6286,-7.34722 2.48938,3.78195 c 0,0 0.69017,1.04372 0.29628,3.40302 -0.6156,3.68976 -3.17495,13.25876 -3.32578,21.12255 -0.0183,0.94976 -0.91914,9.5039 7.21943,7.07006 8.1393,-2.43309 24.96824,-17.85854 28.33195,-24.69252 3.36372,-6.83399 -0.96483,-10.63865 -6.21591,-10.98709 -5.2511,-0.34921 -13.3456,0.21962 -17.06874,0.84795 -3.72313,0.62832 -3.49361,-0.75818 -6.67723,-4.3506 -0.23896,-0.26961 -5.04938,3.80468 -5.04938,3.80468 z"
+         inkscape:connector-curvature="0" />
+    </mask>
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient4501"
+       id="radialGradient4507"
+       cx="143.59599"
+       cy="139.937"
+       fx="143.59599"
+       fy="139.937"
+       r="68.377998"
+       gradientTransform="matrix(1.3366435,0.07829819,-0.1078591,1.8412818,-33.247188,-128.96975)"
+       gradientUnits="userSpaceOnUse" />
+  </defs>
+  <sodipodi:namedview
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="3.7330052"
+     inkscape:cx="407.6087"
+     inkscape:cy="654.59136"
+     inkscape:document-units="px"
+     inkscape:current-layer="layer1"
+     showgrid="false"
+     units="in"
+     fit-margin-top="1"
+     fit-margin-bottom="1"
+     fit-margin-right="1"
+     fit-margin-left="1"
+     showguides="true"
+     inkscape:guide-bbox="true"
+     inkscape:window-width="1920"
+     inkscape:window-height="1016"
+     inkscape:window-x="0"
+     inkscape:window-y="27"
+     inkscape:window-maximized="1"
+     gridtolerance="10">
+    <sodipodi:guide
+       position="526.50754,705.18846"
+       orientation="0,1"
+       id="guide8412"
+       inkscape:locked="false" />
+    <sodipodi:guide
+       position="562.98996,525.67841"
+       orientation="0,1"
+       id="guide8414"
+       inkscape:locked="false" />
+    <inkscape:grid
+       type="xygrid"
+       id="grid2553"
+       units="mm"
+       spacingx="3.5433072"
+       spacingy="3.5433072" />
+  </sodipodi:namedview>
+  <metadata
+     id="metadata7312">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title></dc:title>
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     inkscape:label="Artwork"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(178.67433,582.63783)"
+     style="display:inline">
+    <path
+       sodipodi:type="star"
+       style="color:#000000;display:inline;overflow:visible;visibility:visible;fill:#ffffff;fill-opacity:0;fill-rule:nonzero;stroke:#005f61;stroke-width:20.65620804;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker:none;enable-background:accumulate"
+       id="path17178"
+       sodipodi:sides="6"
+       sodipodi:cx="121.90476"
+       sodipodi:cy="126.57602"
+       sodipodi:r1="103.56153"
+       sodipodi:r2="103.56153"
+       sodipodi:arg1="-0.52327829"
+       sodipodi:arg2="0.0003204856"
+       inkscape:flatsided="true"
+       inkscape:rounded="0"
+       inkscape:randomized="0"
+       d="m 211.60827,74.824 -0.0332,103.56153 -89.70351,51.75202 -89.670315,-51.80951 0.03319,-103.561527 89.703505,-51.752019 z"
+       inkscape:transform-center-x="0.32645456"
+       inkscape:transform-center-y="-1.460707"
+       transform="matrix(0.82347818,0,0,0.82647179,103.43976,-312.24934)" />
+    <g
+       transform="matrix(0.20622742,0,0,0.20622742,102.48104,-317.7181)"
+       id="g3051">
+      <g
+         id="g8678"
+         transform="matrix(0.9815946,0,0,0.9815946,9.6640538,9.8244611)">
+        <g
+           id="text5728"
+           style="font-style:normal;font-weight:normal;font-size:180px;line-height:125%;font-family:Sans;text-align:start;letter-spacing:0px;word-spacing:0px;text-anchor:start;fill:#005f61;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+           aria-label="virt">
+          <path
+             id="path5433"
+             style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-family:Overpass;-inkscape-font-specification:'Overpass Bold';letter-spacing:-10px;fill:#005f61;fill-opacity:1"
+             d="m 559.15365,566.87408 h 20.88 l 33.66,-91.98 h -21.42 l -19.98,57.42 c -1.08,2.88 -1.8,5.4 -2.52,8.28 -0.72,-2.88 -1.62,-5.4 -2.52,-8.28 l -20.34,-57.42 h -21.42 z"
+             inkscape:connector-curvature="0" />
+          <path
+             id="path5435"
+             style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-family:Overpass;-inkscape-font-specification:'Overpass Bold';letter-spacing:-10px;fill:#005f61;fill-opacity:1"
+             d="m 632.3249,462.29408 c 7.02,0 12.42,-5.58 12.42,-12.6 0,-6.84 -5.4,-12.42 -12.42,-12.42 -7.02,0 -12.6,5.58 -12.6,12.42 0,7.02 5.58,12.6 12.6,12.6 z m -10.62,104.58 h 21.06 v -91.98 h -21.06 z"
+             inkscape:connector-curvature="0" />
+          <path
+             id="path5437"
+             style="letter-spacing:-3px"
+             d="m 660.04053,566.87408 h 21.06 v -51.48 c 0,-17.46 9.18,-21.96 17.28,-21.96 7.02,0 11.88,2.16 15.66,4.86 l 3.06,-19.26 c -4.68,-3.96 -10.26,-6.3 -17.1,-6.3 -9.18,0 -15.3,4.14 -18.9,11.7 v -9.54 h -21.06 z"
+             inkscape:connector-curvature="0" />
+          <path
+             id="path5439"
+             style="letter-spacing:-3px"
+             d="m 759.2749,569.03408 c 7.56,0 14.04,-1.44 19.26,-4.14 l 2.52,-18.9 c -4.86,2.7 -9.72,4.14 -14.4,4.14 -5.58,0 -7.74,-3.6 -7.74,-8.82 v -48.06 h 21.24 v -18.36 h -21.24 v -37.98 l -21.06,10.08 v 27.9 h -13.68 v 18.36 h 13.68 v 52.2 c 0,14.58 6.3,23.58 21.42,23.58 z"
+             inkscape:connector-curvature="0" />
+        </g>
+        <g
+           id="g4988"
+           transform="rotate(-1.0000002,22495.34,-11327.946)">
+          <g
+             id="g5736"
+             style="filter:url(#filter5799)">
+            <path
+               transform="translate(-1.9999998)"
+               mask="url(#mask3913)"
+               d="m 127.052,43.547 c 17.233,36.62 72.865,128.908 102.86,168.287 -2.858,14.11 -18.673,23.308 -29.809,18.791 L 84.761,64.024 c -0.07,-12.347 22.06,-27.271 42.291,-20.477 z"
+               id="path2789"
+               style="opacity:1;fill:#25514b"
+               inkscape:connector-curvature="0" />
+            <path
+               transform="translate(3.0630824e-7,8.0000003)"
+               mask="url(#mask4168)"
+               d="M 192.119,225.881 73.534,54.687 c 3.174,-9.061 16.868,-17.988 30.225,-18.875 22.158,44.223 78.164,134.394 111.831,178.223 -5.194,8.137 -14.62,12.648 -23.471,11.846 z"
+               id="path2807"
+               style="fill:#c8c7c5"
+               inkscape:connector-curvature="0" />
+            <path
+               d="M 11.004,141.618 C 4.711,123.341 14.425,103.424 32.702,97.131 L 249.423,22.512 c 18.277,-6.293 38.195,3.422 44.488,21.699 l 43.577,126.552 c 6.293,18.277 -3.421,38.194 -21.698,44.487 L 99.069,289.869 C 80.792,296.161 60.874,286.447 54.581,268.17 Z"
+               id="path2645"
+               style="fill:#7c858c"
+               inkscape:connector-curvature="0" />
+            <path
+               d="M 7.097,130.272 C 0.803,111.995 10.518,92.078 28.795,85.785 L 245.517,11.166 c 18.277,-6.293 38.194,3.422 44.488,21.699 l 43.577,126.552 c 6.293,18.277 -3.421,38.194 -21.698,44.487 L 95.162,278.523 c -18.277,6.293 -38.195,-3.422 -44.488,-21.699 z"
+               id="path2651"
+               style="fill:url(#linearGradient7006);fill-opacity:1"
+               inkscape:connector-curvature="0" />
+            <path
+               inkscape:connector-curvature="0"
+               style="clip-rule:evenodd;opacity:0.7;fill:url(#linearGradient7008);fill-opacity:1;fill-rule:evenodd"
+               id="path2655"
+               d="m 156.599,246.825 13.562,-4.67 6.521,18.94 -13.562,4.67 z m 25.041,-8.622 13.562,-4.67 6.521,18.939 -13.562,4.67 z m 25.041,-8.622 13.563,-4.67 6.521,18.94 -13.562,4.67 z m 25.042,-8.623 13.562,-4.67 6.521,18.94 -13.562,4.67 z m 25.041,-8.622 13.562,-4.67 6.521,18.939 -13.562,4.67 z m -125.207,43.112 13.562,-4.67 6.521,18.94 -13.562,4.67 z" />
+            <path
+               d="M 2.568,124.472 C -3.725,106.195 5.989,86.278 24.266,79.985 L 245.516,3.807 c 18.277,-6.292 38.195,3.422 44.488,21.699 l 41.752,121.253 c 6.293,18.277 -3.421,38.194 -21.698,44.487 L 88.808,267.424 C 70.531,273.717 50.613,264.002 44.32,245.725 Z"
+               id="path2659"
+               style="fill:url(#radialGradient3548);fill-opacity:1"
+               inkscape:connector-curvature="0" />
+            <path
+               d="M 1.917,122.581 C -4.376,104.304 5.338,84.387 23.615,78.094 L 244.865,1.916 c 18.277,-6.293 38.194,3.422 44.488,21.699 l 41.752,121.253 c 6.293,18.277 -3.421,38.194 -21.698,44.487 L 88.157,265.533 C 69.88,271.826 49.962,262.111 43.669,243.834 Z"
+               id="path2665"
+               style="fill:#7c858c"
+               inkscape:connector-curvature="0" />
+            <path
+               d="M 5.763,123.175 C -0.35,105.42 9.086,86.072 26.841,79.958 L 243.342,5.416 c 17.755,-6.113 37.104,3.324 43.217,21.079 l 38.787,112.64 c 6.113,17.755 -3.323,37.103 -21.078,43.216 L 87.767,256.893 C 70.012,263.006 50.664,253.569 44.55,235.814 Z"
+               id="path2671"
+               style="fill:url(#radialGradient3552);fill-opacity:1"
+               inkscape:connector-curvature="0" />
+            <path
+               d="M 7.427,123.74 C 1.493,106.508 10.652,87.728 27.885,81.795 L 243.792,7.457 c 17.232,-5.933 36.012,3.226 41.946,20.459 l 39.771,115.497 c 5.934,17.233 -3.226,36.012 -20.458,41.945 L 89.143,259.696 C 71.91,265.629 53.131,256.469 47.197,239.237 Z"
+               id="path2677"
+               style="fill:#3e3e3e"
+               inkscape:connector-curvature="0" />
+            <path
+               d="m 11.049995,126.45117 c -5.3939998,-15.666 2.932,-32.737999 18.598,-38.131999 L 245.226,14.094171 c 15.666,-5.3940003 32.738,2.933 38.132,18.599 l 39.799,115.579999 c 5.394,15.666 -2.932,32.738 -18.598,38.131 l -215.578005,74.225 c -15.666,5.394 -32.738,-2.933 -38.133,-18.599 z"
+               id="path3801"
+               style="fill:#005f61;fill-opacity:1"
+               inkscape:connector-curvature="0" />
+            <g
+               id="g2695"
+               transform="translate(0.31798936,1.8925831)">
+              <path
+                 d="m 30,102.111 c -1.771,-7.695 2.602,-9.355 2.672,-9.379 1.371,-0.472 6.183,-1.554 7.316,1.737 1.025,2.977 -4.531,7.82 -9.583,9.56 -5.015,1.727 -12.469,1.364 -13.494,-1.613 -1.133,-3.291 3.325,-5.401 4.696,-5.873 0.069,-0.024 4.342,-2.237 7.88,5.746 0.13,0.293 0.571,0.074 0.513,-0.178 z"
+                 id="path2697"
+                 style="clip-rule:evenodd;fill:#ffe600;fill-rule:evenodd"
+                 inkscape:connector-curvature="0" />
+              <path
+                 d="m 32.867,154.308 c 7.274,17.049 17.313,28.317 23.916,26.044 6.602,-2.273 7.575,-17.334 2.812,-35.247 -0.367,-3.303 -0.911,-9.542 -0.275,-13.127 0.464,-2.615 -0.112,-3.379 -2.212,-1.079 -0.634,0.694 -1.14,1.345 -1.514,2.022 -7.335,-18.703 -18.159,-31.442 -25.141,-29.038 -6.982,2.404 -7.669,19.106 -1.934,38.36 -0.712,-0.304 -1.51,-0.505 -2.438,-0.662 -3.071,-0.52 -3.054,0.437 -1.079,2.212 2.709,2.435 6.121,7.686 7.865,10.515 z"
+                 id="path2699"
+                 style="fill:#000000;fill-opacity:1"
+                 inkscape:connector-curvature="0" />
+              <path
+                 d="m 30.621,139.494 c 5.498,15.966 14.795,27.243 20.766,25.187 5.971,-2.056 6.355,-16.666 0.857,-32.632 -5.498,-15.966 -14.795,-27.243 -20.766,-25.187 -5.971,2.056 -6.354,16.665 -0.857,32.632 z m 23.197,28.556 c 0.536,1.558 1.515,2.634 2.186,2.403 0.671,-0.231 0.78,-1.681 0.243,-3.239 -0.536,-1.558 -1.515,-2.633 -2.186,-2.403 -0.67,0.231 -0.779,1.682 -0.243,3.239 z m -4.7,1.619 c 0.536,1.558 1.515,2.634 2.186,2.403 0.67,-0.231 0.779,-1.681 0.243,-3.239 -0.536,-1.558 -1.515,-2.634 -2.186,-2.402 -0.671,0.23 -0.78,1.68 -0.243,3.238 z"
+                 id="path2701"
+                 style="clip-rule:evenodd;fill:#ffffff;fill-opacity:1;fill-rule:evenodd"
+                 inkscape:connector-curvature="0" />
+              <g
+                 id="g2703">
+                <ellipse
+                   transform="matrix(-0.9455,0.3255,-0.3255,-0.9455,152.1324,301.1998)"
+                   cx="50.867001"
+                   cy="163.328"
+                   rx="4.428"
+                   ry="2.142"
+                   id="ellipse2705"
+                   style="fill:#ffe600" />
+                <path
+                   d=""
+                   id="path2707"
+                   style="fill:#ffe600"
+                   inkscape:connector-curvature="0" />
+              </g>
+            </g>
+            <g
+               id="g2709"
+               transform="translate(0.31798936,1.8925831)">
+              <path
+                 d="m 64.282,90.307 c -1.771,-7.695 2.603,-9.355 2.672,-9.379 1.371,-0.472 6.183,-1.554 7.316,1.737 1.025,2.978 -4.531,7.82 -9.583,9.56 -5.015,1.727 -12.469,1.364 -13.494,-1.613 -1.133,-3.291 3.325,-5.401 4.696,-5.873 0.07,-0.024 4.342,-2.237 7.88,5.746 0.13,0.292 0.572,0.074 0.513,-0.178 z"
+                 id="path2711"
+                 style="clip-rule:evenodd;fill:#ffe600;fill-rule:evenodd"
+                 inkscape:connector-curvature="0" />
+              <path
+                 d="m 67.15,142.503 c 7.274,17.049 17.313,28.317 23.916,26.044 6.602,-2.273 7.575,-17.333 2.812,-35.247 -0.367,-3.303 -0.911,-9.542 -0.275,-13.127 0.464,-2.615 -0.112,-3.379 -2.212,-1.079 -0.634,0.694 -1.139,1.345 -1.514,2.022 -7.334,-18.704 -18.159,-31.442 -25.141,-29.038 -6.982,2.404 -7.669,19.106 -1.934,38.36 -0.712,-0.304 -1.51,-0.505 -2.438,-0.662 -3.071,-0.52 -3.054,0.437 -1.079,2.211 2.709,2.436 6.121,7.687 7.865,10.516 z"
+                 id="path2713"
+                 style="fill:#000000;fill-opacity:1"
+                 inkscape:connector-curvature="0" />
+              <path
+                 d="m 64.904,127.689 c 5.498,15.967 14.795,27.243 20.766,25.187 5.971,-2.056 6.355,-16.666 0.857,-32.632 -5.498,-15.967 -14.795,-27.243 -20.766,-25.187 -5.971,2.056 -6.355,16.666 -0.857,32.632 z m 23.197,28.557 c 0.536,1.558 1.515,2.633 2.186,2.402 0.671,-0.231 0.779,-1.681 0.243,-3.239 -0.537,-1.558 -1.515,-2.633 -2.186,-2.402 -0.671,0.231 -0.779,1.681 -0.243,3.239 z m -4.7,1.619 c 0.536,1.558 1.515,2.633 2.185,2.402 0.67,-0.231 0.78,-1.681 0.243,-3.239 -0.536,-1.558 -1.515,-2.633 -2.186,-2.402 -0.671,0.231 -0.779,1.681 -0.242,3.239 z"
+                 id="path2715"
+                 style="clip-rule:evenodd;fill:#ffffff;fill-opacity:1;fill-rule:evenodd"
+                 inkscape:connector-curvature="0" />
+              <g
+                 id="g2717">
+                <ellipse
+                   transform="matrix(-0.9455,0.3255,-0.3255,-0.9455,214.9873,267.075)"
+                   cx="85.149002"
+                   cy="151.524"
+                   rx="4.428"
+                   ry="2.142"
+                   id="ellipse2719"
+                   style="fill:#ffe600" />
+                <path
+                   d=""
+                   id="path2721"
+                   style="fill:#ffe600"
+                   inkscape:connector-curvature="0" />
+              </g>
+            </g>
+            <g
+               id="g2723"
+               transform="translate(0.31798936,1.8925831)">
+              <path
+                 d="m 98.565,78.502 c -1.771,-7.694 2.602,-9.355 2.672,-9.379 1.371,-0.472 6.183,-1.554 7.316,1.736 1.025,2.978 -4.531,7.82 -9.583,9.56 -5.015,1.727 -12.469,1.364 -13.494,-1.613 -1.133,-3.291 3.325,-5.401 4.696,-5.873 0.069,-0.024 4.342,-2.237 7.88,5.746 0.13,0.293 0.572,0.075 0.513,-0.177 z"
+                 id="path2725"
+                 style="clip-rule:evenodd;fill:#ffe600;fill-rule:evenodd"
+                 inkscape:connector-curvature="0" />
+              <path
+                 d="m 101.433,130.699 c 7.274,17.048 17.313,28.317 23.915,26.043 6.602,-2.274 7.576,-17.333 2.812,-35.246 -0.367,-3.303 -0.911,-9.542 -0.275,-13.127 0.464,-2.615 -0.112,-3.379 -2.212,-1.079 -0.634,0.695 -1.139,1.345 -1.514,2.022 C 116.825,90.609 106,77.871 99.019,80.274 c -6.982,2.404 -7.669,19.106 -1.934,38.36 -0.712,-0.303 -1.51,-0.504 -2.438,-0.662 -3.071,-0.52 -3.054,0.437 -1.079,2.212 2.709,2.435 6.121,7.686 7.865,10.515 z"
+                 id="path2727"
+                 style="fill:#000000;fill-opacity:1"
+                 inkscape:connector-curvature="0" />
+              <path
+                 d="m 99.187,115.885 c 5.498,15.967 14.795,27.243 20.766,25.187 5.971,-2.056 6.355,-16.666 0.857,-32.632 -5.498,-15.967 -14.795,-27.243 -20.766,-25.187 -5.971,2.056 -6.355,16.665 -0.857,32.632 z m 23.197,28.556 c 0.536,1.558 1.515,2.633 2.186,2.403 0.67,-0.231 0.779,-1.681 0.243,-3.239 -0.536,-1.558 -1.515,-2.634 -2.185,-2.403 -0.671,0.232 -0.78,1.682 -0.244,3.239 z m -4.701,1.619 c 0.536,1.558 1.515,2.633 2.186,2.402 0.671,-0.23 0.78,-1.681 0.243,-3.239 -0.536,-1.558 -1.515,-2.633 -2.185,-2.402 -0.671,0.231 -0.78,1.681 -0.244,3.239 z"
+                 id="path2729"
+                 style="clip-rule:evenodd;fill:#ffffff;fill-opacity:1;fill-rule:evenodd"
+                 inkscape:connector-curvature="0" />
+              <g
+                 id="g2731">
+                <ellipse
+                   transform="matrix(-0.9455,0.3255,-0.3255,-0.9455,277.8429,232.9489)"
+                   cx="119.432"
+                   cy="139.72"
+                   rx="4.428"
+                   ry="2.142"
+                   id="ellipse2733"
+                   style="fill:#ffe600" />
+                <path
+                   d=""
+                   id="path2735"
+                   style="fill:#ffe600"
+                   inkscape:connector-curvature="0" />
+              </g>
+            </g>
+            <g
+               id="g2739"
+               transform="translate(0.31798936,1.8925831)">
+              <path
+                 d="m 96.575,238.982 c 3.342,7.154 7.811,5.77 7.88,5.746 1.371,-0.472 5.829,-2.583 4.696,-5.873 -1.025,-2.977 -8.385,-3.373 -13.437,-1.633 -5.015,1.727 -10.665,6.602 -9.64,9.579 1.133,3.291 5.946,2.208 7.316,1.736 0.07,-0.023 4.799,-0.91 2.672,-9.379 -0.078,-0.31 0.403,-0.41 0.513,-0.176 z"
+                 id="path2741"
+                 style="clip-rule:evenodd;fill:#ffe600;fill-rule:evenodd"
+                 inkscape:connector-curvature="0" />
+              <path
+                 d="m 66.699,196.085 c -4.764,-17.913 -3.791,-32.973 2.812,-35.247 6.602,-2.273 16.641,8.995 23.915,26.043 1.744,2.829 5.156,8.08 7.865,10.514 1.976,1.775 1.992,2.732 -1.079,2.212 -0.927,-0.157 -1.726,-0.358 -2.438,-0.662 5.735,19.254 5.048,35.956 -1.934,38.36 -6.982,2.404 -17.806,-10.334 -25.141,-29.038 -0.374,0.677 -0.88,1.328 -1.514,2.022 -2.1,2.3 -2.675,1.536 -2.212,-1.079 0.637,-3.583 0.093,-9.822 -0.274,-13.125 z"
+                 id="path2743"
+                 style="fill:#000000;fill-opacity:1"
+                 inkscape:connector-curvature="0" />
+              <path
+                 d="m 74.049,209.142 c -5.498,-15.966 -5.114,-30.576 0.857,-32.632 5.971,-2.056 15.269,9.22 20.766,25.187 5.498,15.967 5.114,30.577 -0.857,32.633 -5.971,2.054 -15.268,-9.222 -20.766,-25.188 z m 0.699,-36.785 c -0.536,-1.558 -0.428,-3.008 0.243,-3.239 0.67,-0.231 1.649,0.845 2.185,2.403 0.537,1.558 0.427,3.008 -0.243,3.239 -0.67,0.231 -1.649,-0.845 -2.185,-2.403 z m -4.701,1.619 c -0.536,-1.558 -0.427,-3.008 0.243,-3.239 0.67,-0.231 1.649,0.845 2.186,2.403 0.536,1.558 0.427,3.008 -0.243,3.239 -0.67,0.231 -1.65,-0.845 -2.186,-2.403 z"
+                 id="path2745"
+                 style="clip-rule:evenodd;fill:#ffffff;fill-opacity:1;fill-rule:evenodd"
+                 inkscape:connector-curvature="0" />
+              <g
+                 id="g2747">
+                <ellipse
+                   transform="matrix(-0.9455,0.3255,-0.3255,-0.9455,204.5578,321.744)"
+                   cx="75.361"
+                   cy="177.98599"
+                   rx="4.428"
+                   ry="2.142"
+                   id="ellipse2749"
+                   style="fill:#ffe600" />
+                <path
+                   d=""
+                   id="path2751"
+                   style="fill:#ffe600"
+                   inkscape:connector-curvature="0" />
+              </g>
+            </g>
+            <g
+               id="g2753"
+               transform="translate(0.31798936,1.8925831)">
+              <path
+                 d="m 130.858,227.178 c 3.341,7.154 7.81,5.77 7.88,5.746 1.371,-0.472 5.829,-2.582 4.696,-5.873 -1.025,-2.977 -8.385,-3.373 -13.437,-1.633 -5.015,1.727 -10.665,6.602 -9.64,9.579 1.133,3.291 5.946,2.208 7.316,1.737 0.069,-0.024 4.799,-0.91 2.672,-9.379 -0.078,-0.312 0.404,-0.412 0.513,-0.177 z"
+                 id="path2755"
+                 style="clip-rule:evenodd;fill:#ffe600;fill-rule:evenodd"
+                 inkscape:connector-curvature="0" />
+              <path
+                 d="m 100.982,184.281 c -4.764,-17.913 -3.791,-32.973 2.812,-35.247 6.602,-2.273 16.641,8.995 23.915,26.044 1.745,2.829 5.157,8.08 7.865,10.513 1.976,1.775 1.993,2.732 -1.079,2.212 -0.927,-0.157 -1.726,-0.358 -2.438,-0.662 5.736,19.254 5.048,35.957 -1.934,38.36 -6.981,2.404 -17.806,-10.334 -25.141,-29.038 -0.374,0.678 -0.879,1.328 -1.513,2.022 -2.1,2.301 -2.676,1.537 -2.212,-1.079 0.636,-3.584 0.092,-9.822 -0.275,-13.125 z"
+                 id="path2757"
+                 style="fill:#000000;fill-opacity:1"
+                 inkscape:connector-curvature="0" />
+              <path
+                 d="m 108.332,197.337 c -5.498,-15.966 -5.114,-30.576 0.857,-32.632 5.971,-2.056 15.268,9.22 20.766,25.187 5.498,15.966 5.114,30.576 -0.857,32.632 -5.971,2.056 -15.268,-9.22 -20.766,-25.187 z m 0.699,-36.784 c -0.536,-1.558 -0.428,-3.008 0.243,-3.239 0.671,-0.231 1.649,0.845 2.186,2.402 0.536,1.558 0.427,3.008 -0.243,3.239 -0.671,0.231 -1.65,-0.845 -2.186,-2.402 z m -4.701,1.618 c -0.536,-1.558 -0.427,-3.008 0.243,-3.239 0.67,-0.231 1.649,0.845 2.185,2.402 0.536,1.557 0.428,3.008 -0.243,3.239 -0.671,0.231 -1.649,-0.844 -2.185,-2.402 z"
+                 id="path2759"
+                 style="clip-rule:evenodd;fill:#ffffff;fill-opacity:1;fill-rule:evenodd"
+                 inkscape:connector-curvature="0" />
+              <g
+                 id="g2761">
+                <ellipse
+                   transform="matrix(-0.9455,0.3255,-0.3255,-0.9455,267.4128,287.6192)"
+                   cx="109.643"
+                   cy="166.18201"
+                   rx="4.428"
+                   ry="2.142"
+                   id="ellipse2763"
+                   style="fill:#ffe600" />
+                <path
+                   d=""
+                   id="path2765"
+                   style="fill:#ffe600"
+                   inkscape:connector-curvature="0" />
+              </g>
+            </g>
+            <g
+               id="g2767"
+               transform="translate(0.31798936,1.8925831)">
+              <path
+                 d="m 165.141,215.373 c 3.342,7.154 7.811,5.77 7.88,5.746 1.371,-0.472 5.829,-2.582 4.696,-5.873 -1.025,-2.977 -8.385,-3.372 -13.438,-1.633 -5.015,1.727 -10.665,6.602 -9.64,9.579 1.133,3.291 5.945,2.208 7.316,1.737 0.069,-0.024 4.799,-0.91 2.672,-9.379 -0.078,-0.311 0.404,-0.411 0.514,-0.177 z"
+                 id="path2769"
+                 style="clip-rule:evenodd;fill:#ffe600;fill-rule:evenodd"
+                 inkscape:connector-curvature="0" />
+              <path
+                 d="m 135.265,172.476 c -4.764,-17.913 -3.791,-32.973 2.812,-35.246 6.603,-2.273 16.641,8.995 23.916,26.043 1.744,2.829 5.156,8.08 7.865,10.514 1.975,1.775 1.992,2.731 -1.079,2.212 -0.927,-0.157 -1.726,-0.358 -2.438,-0.662 5.735,19.254 5.048,35.957 -1.934,38.36 -6.982,2.404 -17.806,-10.334 -25.141,-29.038 -0.374,0.678 -0.88,1.328 -1.514,2.022 -2.1,2.301 -2.676,1.537 -2.212,-1.079 0.636,-3.584 0.092,-9.823 -0.275,-13.126 z"
+                 id="path2771"
+                 style="fill:#000000;fill-opacity:1"
+                 inkscape:connector-curvature="0" />
+              <path
+                 d="m 142.615,185.533 c -5.498,-15.967 -5.114,-30.577 0.857,-32.633 5.971,-2.056 15.269,9.221 20.766,25.187 5.497,15.966 5.114,30.576 -0.857,32.632 -5.971,2.056 -15.268,-9.22 -20.766,-25.186 z m 0.699,-36.785 c -0.537,-1.558 -0.428,-3.008 0.243,-3.239 0.671,-0.231 1.649,0.845 2.186,2.402 0.537,1.558 0.428,3.008 -0.243,3.239 -0.671,0.231 -1.65,-0.844 -2.186,-2.402 z m -4.701,1.619 c -0.536,-1.558 -0.427,-3.008 0.243,-3.239 0.671,-0.231 1.649,0.845 2.186,2.402 0.537,1.558 0.428,3.008 -0.243,3.239 -0.671,0.231 -1.65,-0.845 -2.186,-2.402 z"
+                 id="path2773"
+                 style="clip-rule:evenodd;fill:#ffffff;fill-opacity:1;fill-rule:evenodd"
+                 inkscape:connector-curvature="0" />
+              <g
+                 id="g2775">
+                <ellipse
+                   transform="matrix(-0.9455,0.3256,-0.3256,-0.9455,330.2729,253.4852)"
+                   cx="143.92599"
+                   cy="154.379"
+                   rx="4.4289999"
+                   ry="2.142"
+                   id="ellipse2777"
+                   style="fill:#ffe600" />
+                <path
+                   d=""
+                   id="path2779"
+                   style="fill:#ffe600"
+                   inkscape:connector-curvature="0" />
+              </g>
+            </g>
+            <path
+               inkscape:connector-curvature="0"
+               style="fill:#3c857c;fill-opacity:1;filter:url(#filter5576)"
+               id="path2781"
+               d="M 95.108,61.776 244.59003,10.309068 c 15.666,-5.3939967 32.82494,3.185516 38.32619,19.163008 l 40.59032,117.878134 c 5.50125,15.97749 -2.7378,33.302 -18.40381,38.69497 l -103.98001,35.80096 z" />
+            <g
+               id="text5724"
+               style="font-style:normal;font-weight:normal;font-size:40px;line-height:125%;font-family:Sans;text-align:start;letter-spacing:0px;word-spacing:0px;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+               transform="rotate(1.0000002)"
+               aria-label="lib">
+              <path
+                 id="path5442"
+                 style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:180px;font-family:Overpass;-inkscape-font-specification:'Overpass Bold';letter-spacing:-10px;fill:#e6e6e6;fill-opacity:1"
+                 d="m 152.32564,176.00142 h 21.06 V 46.041419 l -21.06,9.9 z"
+                 inkscape:connector-curvature="0" />
+              <path
+                 id="path5444"
+                 style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:180px;font-family:Overpass;-inkscape-font-specification:'Overpass Bold';letter-spacing:-10px;fill:#e6e6e6;fill-opacity:1"
+                 d="m 202.14752,71.421419 c 7.02,0 12.42,-5.58 12.42,-12.6 0,-6.84 -5.4,-12.42 -12.42,-12.42 -7.02,0 -12.6,5.58 -12.6,12.42 0,7.02 5.58,12.6 12.6,12.6 z m -10.62,104.580001 h 21.06 V 84.021419 h -21.06 z"
+                 inkscape:connector-curvature="0" />
+              <path
+                 id="path5446"
+                 style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:180px;font-family:Overpass;-inkscape-font-specification:'Overpass Bold';letter-spacing:-10px;fill:#e6e6e6;fill-opacity:1"
+                 d="m 271.26314,178.16142 c 23.76,0 38.52,-17.1 38.52,-48.24 0,-30.060001 -15.84,-48.060001 -38.16,-48.060001 -9.54,0 -16.2,3.78 -20.7,9 v -44.82 l -21.06,9.54 V 176.00142 h 21.06 v -7.02 c 4.5,5.58 10.62,9.18 20.34,9.18 z m -2.52,-20.16 c -8.1,0 -14.04,-3.06 -17.82,-8.82 v -38.34 c 2.7,-4.14 9,-9 17.82,-9 12.78,0 19.98,9.9 19.98,28.08 0,17.28 -6.84,28.08 -19.98,28.08 z"
+                 inkscape:connector-curvature="0" />
+            </g>
+            <path
+               inkscape:connector-curvature="0"
+               style="clip-rule:evenodd;fill:#3e3e3e;fill-rule:evenodd"
+               id="path2795"
+               d="m 218.304,241.188 c -2.9,1.834 -8.917,18.762 -6.01,22.858 4.325,6.093 32.696,-15.214 30.405,-21.183 -2.356,-6.136 -21.883,-2.64 -24.395,-1.675 z m -14.341,-9.677 3.368,5.018 c 0,0 0.934,1.385 0.252,4.412 -1.066,4.734 -5.207,16.96 -5.819,27.111 -0.074,1.226 -1.793,12.229 9.964,9.517 11.758,-2.711 36.593,-21.745 41.746,-30.395 5.153,-8.65 -0.843,-13.795 -8.332,-14.524 -7.489,-0.73 -19.089,-0.425 -24.443,0.189 -5.354,0.614 -4.956,-1.165 -9.326,-5.975 -0.327,-0.361 -7.41,4.647 -7.41,4.647 z" />
+            <path
+               inkscape:connector-curvature="0"
+               style="clip-rule:evenodd;fill:url(#linearGradient7010);fill-opacity:1;fill-rule:evenodd"
+               id="path2797"
+               d="m 216.503,238.52 c -2.9,1.834 -8.917,18.762 -6.009,22.858 4.324,6.092 32.696,-15.214 30.405,-21.183 -2.356,-6.136 -21.882,-2.64 -24.396,-1.675 z m -13.394,-10.003 3.368,5.018 c 0,0 0.934,1.385 0.252,4.412 -1.066,4.734 -5.207,16.96 -5.819,27.111 -0.074,1.226 -1.793,12.229 9.964,9.517 11.758,-2.711 36.593,-21.745 41.746,-30.395 5.153,-8.65 -0.843,-13.795 -8.332,-14.524 -7.489,-0.73 -19.089,-0.425 -24.443,0.189 -5.354,0.614 -4.956,-1.165 -9.326,-5.975 -0.328,-0.361 -7.41,4.647 -7.41,4.647 z" />
+            <path
+               inkscape:connector-curvature="0"
+               style="fill:#54575a;fill-opacity:1"
+               id="path2799"
+               d="m 214.776,227.853 c -2.797,3.296 -6.24,5.845 -9.926,7.474 0.432,-2.596 -0.374,-3.792 -0.374,-3.792 l -3.368,-5.018 c 0,0 7.083,-5.008 7.41,-4.647 3.294,3.624 3.879,5.527 6.258,5.983 z"
+               transform="matrix(1.4295286,0.05310508,-0.05040644,1.2918715,-77.431354,-78.804771)"
+               mask="url(#mask4481)" />
+            <path
+               inkscape:connector-curvature="0"
+               style="fill:#c8c7c5"
+               id="path2803"
+               d="m 116.052,45.547 c 17.234,36.62 72.865,128.908 102.86,168.287 -2.858,14.11 -18.673,23.308 -29.809,18.791 L 73.761,66.024 c -0.07,-12.347 22.06,-27.271 42.291,-20.477 z" />
+            <path
+               inkscape:connector-curvature="0"
+               style="fill:#7c858c"
+               id="path2805"
+               d="m 113.124,44.661 c 17.233,36.62 75.371,131.675 105.366,171.054 -4.069,13.505 -18.428,20.812 -30.299,17.44 L 72.849,66.555 C 72.779,54.208 95.748,39.956 113.124,44.661 Z" />
+            <path
+               inkscape:connector-curvature="0"
+               style="clip-rule:evenodd;fill:url(#radialGradient4507);fill-opacity:1;fill-rule:evenodd"
+               id="path2809"
+               d="M 203.927,231.912 80.383,53.463 c 3.583,-3.084 8.164,-5.73 13.116,-7.479 6.902,12.484 25.22,44.608 54.336,88.542 22.713,34.272 46.085,68.024 64.139,91.973 -2.35,2.316 -5.102,4.145 -8.047,5.413 z m -3.597,1.245 c -1.392,0.368 -2.805,0.615 -4.223,0.733 L 75.218,59.278 c 0.699,-1.099 1.537,-2.181 2.494,-3.23 z" />
+          </g>
+          <text
+             xml:space="preserve"
+             style="font-style:normal;font-weight:normal;font-size:40px;line-height:125%;font-family:Sans;text-align:start;letter-spacing:0px;word-spacing:0px;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+             x="-408.52026"
+             y="53.587437"
+             id="text5053"
+             transform="rotate(1.0000002)"><tspan
+               sodipodi:role="line"
+               id="tspan5055"
+               x="-408.52026"
+               y="88.978058" /></text>
+          <text
+             xml:space="preserve"
+             style="font-style:normal;font-weight:normal;font-size:90px;line-height:125%;font-family:Sans;text-align:start;letter-spacing:0px;word-spacing:0px;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+             x="-525.88629"
+             y="-232.88652"
+             id="text5057"
+             transform="rotate(1.0000002)"><tspan
+               sodipodi:role="line"
+               id="tspan5059"
+               x="-525.88629"
+               y="-153.25761" /></text>
+          <text
+             xml:space="preserve"
+             style="font-style:normal;font-weight:normal;font-size:40px;line-height:125%;font-family:Sans;text-align:start;letter-spacing:0px;word-spacing:0px;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+             x="543.02759"
+             y="-200.07454"
+             id="text5069"
+             transform="rotate(1.0000002)"><tspan
+               sodipodi:role="line"
+               id="tspan5071"
+               x="543.02759"
+               y="-164.68391" /></text>
+        </g>
+      </g>
+    </g>
+  </g>
+  <g
+     inkscape:groupmode="layer"
+     id="layer3"
+     inkscape:label="Trim Lines"
+     style="display:none"
+     sodipodi:insensitive="true">
+    <path
+       transform="matrix(0.86033594,0,0,0.86346354,277.62095,265.70622)"
+       inkscape:transform-center-y="-1.5566024"
+       inkscape:transform-center-x="0.34789098"
+       d="m 211.60827,74.824 -0.0332,103.56153 -89.70351,51.75202 -89.670315,-51.80951 0.03319,-103.561527 89.703505,-51.752019 z"
+       inkscape:randomized="0"
+       inkscape:rounded="0"
+       inkscape:flatsided="true"
+       sodipodi:arg2="0.0003204856"
+       sodipodi:arg1="-0.52327829"
+       sodipodi:r2="103.56153"
+       sodipodi:r1="103.56153"
+       sodipodi:cy="126.57602"
+       sodipodi:cx="121.90476"
+       sodipodi:sides="6"
+       id="path7936"
+       style="color:#000000;display:inline;overflow:visible;visibility:visible;fill:none;fill-opacity:1;fill-rule:nonzero;stroke:#0093d9;stroke-width:1.16022968;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:2.32045933, 4.64091866;stroke-dashoffset:7.51718092;stroke-opacity:1;marker:none;enable-background:accumulate"
+       sodipodi:type="star" />
+    <path
+       sodipodi:type="star"
+       style="color:#000000;display:inline;overflow:visible;visibility:visible;fill:none;fill-opacity:1;fill-rule:nonzero;stroke:#db3279;stroke-width:1.23811221;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:7.51718092;stroke-opacity:1;marker:none;enable-background:accumulate"
+       id="path8410"
+       sodipodi:sides="6"
+       sodipodi:cx="121.90476"
+       sodipodi:cy="126.57602"
+       sodipodi:r1="103.56153"
+       sodipodi:r2="103.56153"
+       sodipodi:arg1="-0.52327829"
+       sodipodi:arg2="0.0003204856"
+       inkscape:flatsided="true"
+       inkscape:rounded="0"
+       inkscape:randomized="0"
+       d="m 211.60827,74.824 -0.0332,103.56153 -89.70351,51.75202 -89.670315,-51.80951 0.03319,-103.561527 89.703505,-51.752019 z"
+       inkscape:transform-center-x="0.32600218"
+       inkscape:transform-center-y="-1.4586807"
+       transform="matrix(0.80621714,0,0,0.809148,284.21829,272.58127)" />
+    <path
+       sodipodi:type="star"
+       style="color:#000000;display:inline;overflow:visible;visibility:visible;fill:none;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.09156573;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:7.51718092;stroke-opacity:1;marker:none;enable-background:accumulate"
+       id="path8424"
+       sodipodi:sides="6"
+       sodipodi:cx="121.90476"
+       sodipodi:cy="126.57602"
+       sodipodi:r1="103.56153"
+       sodipodi:r2="103.56153"
+       sodipodi:arg1="-0.52327829"
+       sodipodi:arg2="0.0003204856"
+       inkscape:flatsided="true"
+       inkscape:rounded="0"
+       inkscape:randomized="0"
+       d="m 211.60827,74.824 -0.0332,103.56153 -89.70351,51.75202 -89.670315,-51.80951 0.03319,-103.561527 89.703505,-51.752019 z"
+       inkscape:transform-center-x="0.3697741"
+       inkscape:transform-center-y="-1.6545161"
+       transform="matrix(0.91445474,0,0,0.91777907,271.02361,258.83118)" />
+    <g
+       id="g4595"
+       transform="matrix(1.2367579,0,0,-1.2367579,267.26742,1019.4899)">
+      <path
+         inkscape:connector-curvature="0"
+         id="path470"
+         style="fill:none;stroke:#231f20;stroke-width:1.01070714;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="M 210.14,593.273 H 199.138" />
+      <path
+         inkscape:connector-curvature="0"
+         id="path472"
+         style="fill:none;stroke:#231f20;stroke-width:1.01070714;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="M 210.14,449.273 H 199.138" />
+      <path
+         inkscape:connector-curvature="0"
+         id="path474"
+         style="fill:none;stroke:#231f20;stroke-width:1.01070714;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="m 204.639,449.273 v 144" />
+      <path
+         inkscape:connector-curvature="0"
+         id="path476"
+         style="fill:#231f20;fill-opacity:1;fill-rule:nonzero;stroke:none"
+         d="m 204.639,455.424 h 3.549 l -1.774,-3.076 -1.775,-3.075 -1.776,3.075 -1.773,3.076 h 3.549" />
+      <path
+         inkscape:connector-curvature="0"
+         id="path478"
+         style="fill:#231f20;fill-opacity:1;fill-rule:nonzero;stroke:none"
+         d="m 204.639,587.124 h -3.549 l 1.773,3.076 1.776,3.073 1.775,-3.073 1.774,-3.076 h -3.549" />
+    </g>
+    <g
+       transform="rotate(-90)"
+       style="font-style:normal;font-weight:normal;font-size:14.63270473px;line-height:521.00000381%;font-family:Sans;letter-spacing:0px;word-spacing:0px;display:inline;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       id="text8536-9">
+      <path
+         d="m -396.49494,509.63711 q 1.51471,0 2.40782,0.85024 0.90025,0.85024 0.90025,2.32923 0,1.7505 -1.07887,2.69362 -1.07888,0.94312 -3.08659,0.94312 -1.74335,0 -2.81508,-0.56444 v -1.90768 q 0.56445,0.30008 1.31466,0.49299 0.75021,0.18577 1.42183,0.18577 2.022,0 2.022,-1.65761 0,-1.57902 -2.09345,-1.57902 -0.37868,0 -0.83595,0.0786 -0.45727,0.0715 -0.74307,0.15719 l -0.87882,-0.47156 0.39297,-5.32293 h 5.66589 v 1.87195 h -3.72963 l -0.19291,2.05058 0.25007,-0.05 q 0.43584,-0.10003 1.07888,-0.10003 z"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:14.63270473px;line-height:521.00000381%;font-family:'Open Sans';-inkscape-font-specification:'Open Sans Bold';text-align:start;writing-mode:lr-tb;text-anchor:start"
+         id="path5051"
+         inkscape:connector-curvature="0" />
+      <path
+         d="m -391.70073,515.28871 q 0,-0.60017 0.32152,-0.9074 0.32152,-0.30723 0.93598,-0.30723 0.59302,0 0.91454,0.31437 0.32866,0.31438 0.32866,0.90026 0,0.56444 -0.32866,0.89311 -0.32866,0.32152 -0.91454,0.32152 -0.60017,0 -0.92884,-0.31438 -0.32866,-0.32152 -0.32866,-0.90025 z"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:14.63270473px;line-height:521.00000381%;font-family:'Open Sans';-inkscape-font-specification:'Open Sans Bold';text-align:start;writing-mode:lr-tb;text-anchor:start"
+         id="path5053"
+         inkscape:connector-curvature="0" />
+      <path
+         d="m -380.53329,511.08752 q 0,2.73649 -0.90026,4.05115 -0.89311,1.31465 -2.75792,1.31465 -1.80765,0 -2.72934,-1.35752 -0.91454,-1.35753 -0.91454,-4.00828 0,-2.76507 0.89311,-4.07258 0.8931,-1.31466 2.75077,-1.31466 1.80766,0 2.72934,1.37182 0.92884,1.37182 0.92884,4.01542 z m -5.10859,0 q 0,1.92197 0.32867,2.75792 0.33581,0.82881 1.12174,0.82881 0.77165,0 1.1146,-0.8431 0.34296,-0.84309 0.34296,-2.74363 0,-1.92197 -0.3501,-2.75792 -0.34296,-0.8431 -1.10746,-0.8431 -0.77879,0 -1.1146,0.8431 -0.33581,0.83595 -0.33581,2.75792 z"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:14.63270473px;line-height:521.00000381%;font-family:'Open Sans';-inkscape-font-specification:'Open Sans Bold';text-align:start;writing-mode:lr-tb;text-anchor:start"
+         id="path5055"
+         inkscape:connector-curvature="0" />
+      <path
+         d="m -375.83196,505.72886 q 1.50042,0 2.41496,0.68591 0.92169,0.67877 0.92169,1.83624 0,0.80022 -0.44298,1.42897 -0.44298,0.6216 -1.42897,1.1146 1.17176,0.62875 1.67904,1.31466 0.51443,0.67876 0.51443,1.49328 0,1.28607 -1.00742,2.07201 -1.00743,0.77879 -2.65075,0.77879 -1.71477,0 -2.69362,-0.72877 -0.97885,-0.72878 -0.97885,-2.06487 0,-0.89311 0.47156,-1.58617 0.47871,-0.69305 1.52901,-1.22177 -0.89311,-0.56445 -1.28608,-1.20748 -0.39297,-0.64304 -0.39297,-1.40754 0,-1.12175 0.92883,-1.8148 0.92884,-0.69306 2.42212,-0.69306 z m -1.62903,7.80221 q 0,0.61446 0.42869,0.95741 0.42869,0.34296 1.17176,0.34296 0.82166,0 1.22892,-0.3501 0.40725,-0.35725 0.40725,-0.93598 0,-0.47871 -0.40725,-0.89311 -0.40012,-0.42155 -1.30752,-0.89311 -1.52185,0.7002 -1.52185,1.77193 z m 1.61474,-6.18746 q -0.56445,0 -0.91455,0.29294 -0.34295,0.28579 -0.34295,0.77164 0,0.4287 0.2715,0.77165 0.27865,0.33581 1.00029,0.69305 0.70019,-0.32866 0.97885,-0.67162 0.27865,-0.34295 0.27865,-0.79308 0,-0.49299 -0.35725,-0.77879 -0.35724,-0.28579 -0.91454,-0.28579 z"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:14.63270473px;line-height:521.00000381%;font-family:'Open Sans';-inkscape-font-specification:'Open Sans Bold';text-align:start;writing-mode:lr-tb;text-anchor:start"
+         id="path5057"
+         inkscape:connector-curvature="0" />
+      <path
+         d="m -363.48562,516.45332 q -3.72962,0 -3.72962,-4.09401 0,-2.03629 1.01457,-3.10802 1.01457,-1.07888 2.90797,-1.07888 1.3861,0 2.48641,0.54301 l -0.64304,1.68619 q -0.51443,-0.2072 -0.95741,-0.33581 -0.44298,-0.13575 -0.88596,-0.13575 -1.70049,0 -1.70049,2.41497 0,2.34352 1.70049,2.34352 0.62874,0 1.16461,-0.16433 0.53587,-0.17148 1.07173,-0.52872 v 1.86481 q -0.52872,0.33581 -1.07173,0.46441 -0.53587,0.12861 -1.35753,0.12861 z"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:14.63270473px;line-height:521.00000381%;font-family:'Open Sans';-inkscape-font-specification:'Open Sans Bold';text-align:start;writing-mode:lr-tb;text-anchor:start"
+         id="path5059"
+         inkscape:connector-curvature="0" />
+      <path
+         d="m -352.06096,516.31042 h -2.17919 v -4.6656 q 0,-0.86453 -0.29294,-1.29322 -0.28579,-0.43584 -0.9074,-0.43584 -0.83595,0 -1.21463,0.61446 -0.37868,0.61446 -0.37868,2.022 v 3.7582 h -2.17918 v -7.98797 h 1.66475 l 0.29294,1.02172 h 0.12147 q 0.32152,-0.55015 0.92883,-0.85738 0.60731,-0.31438 1.39325,-0.31438 1.79336,0 2.42926,1.17176 h 0.19291 q 0.32152,-0.5573 0.94312,-0.86453 0.62875,-0.30723 1.41469,-0.30723 1.35752,0 2.05058,0.7002 0.7002,0.69305 0.7002,2.2292 v 5.20861 h -2.18634 v -4.6656 q 0,-0.86453 -0.29294,-1.29322 -0.28579,-0.43584 -0.9074,-0.43584 -0.80022,0 -1.20033,0.57159 -0.39297,0.57159 -0.39297,1.8148 z"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:14.63270473px;line-height:521.00000381%;font-family:'Open Sans';-inkscape-font-specification:'Open Sans Bold';text-align:start;writing-mode:lr-tb;text-anchor:start"
+         id="path5061"
+         inkscape:connector-curvature="0" />
+    </g>
+  </g>
+  <g
+     inkscape:groupmode="layer"
+     id="layer2"
+     inkscape:label="Preview Without Bleeds"
+     sodipodi:insensitive="true"
+     style="display:none">
+    <path
+       style="opacity:1;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:20.25;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:6.5;stroke-opacity:1"
+       d="M 269.94336,252.9082 V 497.0918 H 495.05664 V 252.9082 Z m 112.58594,32.66992 77.14648,44.73633 -0.0293,89.42188 -77.17578,44.68555 -77.14648,-44.73633 0.0293,-89.42188 z"
+       id="rect8416"
+       inkscape:connector-curvature="0" />
+  </g>
+</svg>

docs/logos/logo-sticker-square.svg

@@ -0,0 +1,771 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:xlink="http://www.w3.org/1999/xlink"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="8.5in"
+   height="11in"
+   viewBox="0 0 765.00001 990.00003"
+   id="svg7307"
+   version="1.1"
+   inkscape:version="0.92.2 (5c3e80d, 2017-08-06)"
+   sodipodi:docname="logo-sticker-square.svg">
+  <defs
+     id="defs7309">
+    <filter
+       style="color-interpolation-filters:sRGB"
+       inkscape:label="Drop Shadow"
+       id="filter5799">
+      <feFlood
+         flood-opacity="1"
+         flood-color="rgb(0,0,0)"
+         result="flood"
+         id="feFlood5801" />
+      <feComposite
+         in="flood"
+         in2="SourceGraphic"
+         operator="in"
+         result="composite1"
+         id="feComposite5803" />
+      <feGaussianBlur
+         in="composite1"
+         stdDeviation="6"
+         result="blur"
+         id="feGaussianBlur5805" />
+      <feOffset
+         dx="6"
+         dy="6"
+         result="offset"
+         id="feOffset5807" />
+      <feComposite
+         in="SourceGraphic"
+         in2="offset"
+         operator="over"
+         result="composite2"
+         id="feComposite5809" />
+    </filter>
+    <mask
+       maskUnits="userSpaceOnUse"
+       id="mask3913">
+      <path
+         style="fill:#2f6962"
+         id="path3915"
+         d="M 95.108,61.776 244.59,10.309 c 15.666,-5.394 32.738,2.933 38.132,18.599 l 39.799,115.58 c 5.394,15.666 -2.932,32.738 -18.598,38.131 l -103.98,35.801 z"
+         inkscape:connector-curvature="0" />
+    </mask>
+    <mask
+       maskUnits="userSpaceOnUse"
+       id="mask4168">
+      <path
+         style="fill:#7c858c"
+         id="path4170"
+         d="m 113.124,36.661 c 17.233,36.62 75.371,131.675 105.366,171.054 -4.069,13.505 -18.428,20.812 -30.299,17.44 L 72.849,58.555 C 72.779,46.208 95.748,31.956 113.124,36.661 Z"
+         sodipodi:nodetypes="ccccc"
+         inkscape:connector-curvature="0" />
+    </mask>
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3821"
+       id="linearGradient7006"
+       gradientUnits="userSpaceOnUse"
+       x1="128.61047"
+       y1="239.37396"
+       x2="138.61214"
+       y2="267.79517" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3821">
+      <stop
+         style="stop-color:#3e3e3e;stop-opacity:1;"
+         offset="0"
+         id="stop3823" />
+      <stop
+         style="stop-color:#3e3e3e;stop-opacity:0;"
+         offset="1"
+         id="stop3825" />
+    </linearGradient>
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3985"
+       id="linearGradient7008"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="translate(0,-2)"
+       x1="173.70392"
+       y1="267.11093"
+       x2="166.66296"
+       y2="246.63959" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient3985">
+      <stop
+         style="stop-color:#c8c7c5;stop-opacity:1;"
+         offset="0"
+         id="stop3987" />
+      <stop
+         style="stop-color:#c8c7c5;stop-opacity:0;"
+         offset="1"
+         id="stop3989" />
+    </linearGradient>
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient4501"
+       id="radialGradient3548"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(1.5433331,-0.1032133,0.09131267,1.3653854,-130.42141,-95.005447)"
+       cx="197.5676"
+       cy="252.71837"
+       fx="197.5676"
+       fy="252.71837"
+       r="166.51035" />
+    <linearGradient
+       inkscape:collect="always"
+       id="linearGradient4501">
+      <stop
+         style="stop-color:#ffffff;stop-opacity:1;"
+         offset="0"
+         id="stop4503" />
+      <stop
+         style="stop-color:#ffffff;stop-opacity:0;"
+         offset="1"
+         id="stop4505" />
+    </linearGradient>
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient4501"
+       id="radialGradient3552"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(1.870471,-0.6430111,0.256613,0.7464679,-116.69068,109.71214)"
+       cx="135.63954"
+       cy="12.000564"
+       fx="135.63954"
+       fy="12.000564"
+       r="161.65305" />
+    <filter
+       inkscape:label="Ridged Border"
+       inkscape:menu="Bevels"
+       inkscape:menu-tooltip="Ridged border with inner bevel"
+       style="color-interpolation-filters:sRGB"
+       id="filter5576">
+      <feMorphology
+         radius="4.3"
+         in="SourceAlpha"
+         result="result91"
+         id="feMorphology5578" />
+      <feComposite
+         operator="out"
+         in="SourceGraphic"
+         in2="result91"
+         id="feComposite5580" />
+      <feGaussianBlur
+         result="result0"
+         stdDeviation="1.2"
+         id="feGaussianBlur5582" />
+      <feDiffuseLighting
+         diffuseConstant="1"
+         id="feDiffuseLighting5584">
+        <feDistantLight
+           elevation="66"
+           azimuth="225"
+           id="feDistantLight5586" />
+      </feDiffuseLighting>
+      <feBlend
+         mode="multiply"
+         in2="SourceGraphic"
+         id="feBlend5588" />
+      <feComposite
+         operator="in"
+         in2="SourceAlpha"
+         id="feComposite5590" />
+    </filter>
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3301"
+       id="linearGradient7010"
+       gradientUnits="userSpaceOnUse"
+       x1="227.66476"
+       y1="217.85138"
+       x2="227.66476"
+       y2="275.00342" />
+    <linearGradient
+       id="linearGradient3301">
+      <stop
+         id="stop3303"
+         offset="0"
+         style="stop-color:#ffffff;stop-opacity:1;" />
+      <stop
+         id="stop3305"
+         offset="1"
+         style="stop-color:#868686;stop-opacity:1;" />
+    </linearGradient>
+    <mask
+       maskUnits="userSpaceOnUse"
+       id="mask4481">
+      <path
+         style="clip-rule:evenodd;fill:#aaaaaa;fill-rule:evenodd"
+         id="path4483"
+         d="m 213.96734,236.83626 c -1.97572,1.50086 -5.71734,14.75814 -3.57441,17.84065 3.18643,4.58465 22.42412,-12.69851 20.66112,-17.24646 -1.81294,-4.67518 -15.35694,-1.41227 -17.08671,-0.59419 z m -9.6286,-7.34722 2.48938,3.78195 c 0,0 0.69017,1.04372 0.29628,3.40302 -0.6156,3.68976 -3.17495,13.25876 -3.32578,21.12255 -0.0183,0.94976 -0.91914,9.5039 7.21943,7.07006 8.1393,-2.43309 24.96824,-17.85854 28.33195,-24.69252 3.36372,-6.83399 -0.96483,-10.63865 -6.21591,-10.98709 -5.2511,-0.34921 -13.3456,0.21962 -17.06874,0.84795 -3.72313,0.62832 -3.49361,-0.75818 -6.67723,-4.3506 -0.23896,-0.26961 -5.04938,3.80468 -5.04938,3.80468 z"
+         inkscape:connector-curvature="0" />
+    </mask>
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient4501"
+       id="radialGradient4507"
+       cx="143.59599"
+       cy="139.937"
+       fx="143.59599"
+       fy="139.937"
+       r="68.377998"
+       gradientTransform="matrix(1.3366435,0.07829819,-0.1078591,1.8412818,-33.247188,-128.96975)"
+       gradientUnits="userSpaceOnUse" />
+  </defs>
+  <sodipodi:namedview
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="2.4121212"
+     inkscape:cx="344.76295"
+     inkscape:cy="645.57066"
+     inkscape:document-units="px"
+     inkscape:current-layer="layer1"
+     showgrid="false"
+     units="in"
+     fit-margin-top="1"
+     fit-margin-bottom="1"
+     fit-margin-right="1"
+     fit-margin-left="1"
+     showguides="true"
+     inkscape:guide-bbox="true"
+     inkscape:window-width="1920"
+     inkscape:window-height="1016"
+     inkscape:window-x="0"
+     inkscape:window-y="27"
+     inkscape:window-maximized="1">
+    <sodipodi:guide
+       position="557.18594,704.35932"
+       orientation="0,1"
+       id="guide8412"
+       inkscape:locked="false" />
+    <sodipodi:guide
+       position="472.1985,525.26384"
+       orientation="0,1"
+       id="guide8414"
+       inkscape:locked="false" />
+    <inkscape:grid
+       type="xygrid"
+       id="grid2551"
+       units="mm"
+       spacingx="3.5433072"
+       spacingy="3.5433072" />
+  </sodipodi:namedview>
+  <metadata
+     id="metadata7312">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title></dc:title>
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     inkscape:label="Artwork"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(178.67433,582.63783)"
+     style="display:inline">
+    <rect
+       style="opacity:1;fill:#ffffff;fill-opacity:0;stroke:#005f61;stroke-width:16.96286774;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:6.5;stroke-opacity:1"
+       id="rect8616"
+       width="173.62204"
+       height="173.62207"
+       x="111.87686"
+       y="-294.21265" />
+    <g
+       transform="matrix(0.24684539,0,0,0.24684539,77.311588,-339.16301)"
+       id="g7244">
+      <text
+         id="text5728"
+         y="566.87408"
+         x="520.99365"
+         style="font-style:normal;font-weight:normal;font-size:180px;line-height:125%;font-family:Sans;text-align:start;letter-spacing:0px;word-spacing:0px;text-anchor:start;fill:#005f61;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+         xml:space="preserve"><tspan
+           style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-family:Overpass;-inkscape-font-specification:'Overpass Bold';letter-spacing:-10px;fill:#005f61;fill-opacity:1"
+           y="566.87408"
+           x="520.99365"
+           id="tspan5730"
+           sodipodi:role="line">vi<tspan
+   style="letter-spacing:-3px"
+   id="tspan4056">rt</tspan></tspan></text>
+      <g
+         transform="rotate(-1.0000002,22495.34,-11327.946)"
+         id="g4988">
+        <g
+           style="filter:url(#filter5799)"
+           id="g5736">
+          <path
+             inkscape:connector-curvature="0"
+             style="opacity:1;fill:#25514b"
+             id="path2789"
+             d="m 127.052,43.547 c 17.233,36.62 72.865,128.908 102.86,168.287 -2.858,14.11 -18.673,23.308 -29.809,18.791 L 84.761,64.024 c -0.07,-12.347 22.06,-27.271 42.291,-20.477 z"
+             mask="url(#mask3913)"
+             transform="translate(-1.9999998)" />
+          <path
+             inkscape:connector-curvature="0"
+             style="fill:#c8c7c5"
+             id="path2807"
+             d="M 192.119,225.881 73.534,54.687 c 3.174,-9.061 16.868,-17.988 30.225,-18.875 22.158,44.223 78.164,134.394 111.831,178.223 -5.194,8.137 -14.62,12.648 -23.471,11.846 z"
+             mask="url(#mask4168)"
+             transform="translate(3.0630824e-7,8.0000003)" />
+          <path
+             inkscape:connector-curvature="0"
+             style="fill:#7c858c"
+             id="path2645"
+             d="M 11.004,141.618 C 4.711,123.341 14.425,103.424 32.702,97.131 L 249.423,22.512 c 18.277,-6.293 38.195,3.422 44.488,21.699 l 43.577,126.552 c 6.293,18.277 -3.421,38.194 -21.698,44.487 L 99.069,289.869 C 80.792,296.161 60.874,286.447 54.581,268.17 Z" />
+          <path
+             inkscape:connector-curvature="0"
+             style="fill:url(#linearGradient7006);fill-opacity:1"
+             id="path2651"
+             d="M 7.097,130.272 C 0.803,111.995 10.518,92.078 28.795,85.785 L 245.517,11.166 c 18.277,-6.293 38.194,3.422 44.488,21.699 l 43.577,126.552 c 6.293,18.277 -3.421,38.194 -21.698,44.487 L 95.162,278.523 c -18.277,6.293 -38.195,-3.422 -44.488,-21.699 z" />
+          <path
+             d="m 156.599,246.825 13.562,-4.67 6.521,18.94 -13.562,4.67 z m 25.041,-8.622 13.562,-4.67 6.521,18.939 -13.562,4.67 z m 25.041,-8.622 13.563,-4.67 6.521,18.94 -13.562,4.67 z m 25.042,-8.623 13.562,-4.67 6.521,18.94 -13.562,4.67 z m 25.041,-8.622 13.562,-4.67 6.521,18.939 -13.562,4.67 z m -125.207,43.112 13.562,-4.67 6.521,18.94 -13.562,4.67 z"
+             id="path2655"
+             style="clip-rule:evenodd;opacity:0.7;fill:url(#linearGradient7008);fill-opacity:1;fill-rule:evenodd"
+             inkscape:connector-curvature="0" />
+          <path
+             inkscape:connector-curvature="0"
+             style="fill:url(#radialGradient3548);fill-opacity:1"
+             id="path2659"
+             d="M 2.568,124.472 C -3.725,106.195 5.989,86.278 24.266,79.985 L 245.516,3.807 c 18.277,-6.292 38.195,3.422 44.488,21.699 l 41.752,121.253 c 6.293,18.277 -3.421,38.194 -21.698,44.487 L 88.808,267.424 C 70.531,273.717 50.613,264.002 44.32,245.725 Z" />
+          <path
+             inkscape:connector-curvature="0"
+             style="fill:#7c858c"
+             id="path2665"
+             d="M 1.917,122.581 C -4.376,104.304 5.338,84.387 23.615,78.094 L 244.865,1.916 c 18.277,-6.293 38.194,3.422 44.488,21.699 l 41.752,121.253 c 6.293,18.277 -3.421,38.194 -21.698,44.487 L 88.157,265.533 C 69.88,271.826 49.962,262.111 43.669,243.834 Z" />
+          <path
+             inkscape:connector-curvature="0"
+             style="fill:url(#radialGradient3552);fill-opacity:1"
+             id="path2671"
+             d="M 5.763,123.175 C -0.35,105.42 9.086,86.072 26.841,79.958 L 243.342,5.416 c 17.755,-6.113 37.104,3.324 43.217,21.079 l 38.787,112.64 c 6.113,17.755 -3.323,37.103 -21.078,43.216 L 87.767,256.893 C 70.012,263.006 50.664,253.569 44.55,235.814 Z" />
+          <path
+             inkscape:connector-curvature="0"
+             style="fill:#3e3e3e"
+             id="path2677"
+             d="M 7.427,123.74 C 1.493,106.508 10.652,87.728 27.885,81.795 L 243.792,7.457 c 17.232,-5.933 36.012,3.226 41.946,20.459 l 39.771,115.497 c 5.934,17.233 -3.226,36.012 -20.458,41.945 L 89.143,259.696 C 71.91,265.629 53.131,256.469 47.197,239.237 Z" />
+          <path
+             inkscape:connector-curvature="0"
+             style="fill:#005f61;fill-opacity:1"
+             id="path3801"
+             d="m 11.049995,126.45117 c -5.3939998,-15.666 2.932,-32.737999 18.598,-38.131999 L 245.226,14.094171 c 15.666,-5.3940003 32.738,2.933 38.132,18.599 l 39.799,115.579999 c 5.394,15.666 -2.932,32.738 -18.598,38.131 l -215.578005,74.225 c -15.666,5.394 -32.738,-2.933 -38.133,-18.599 z" />
+          <g
+             transform="translate(0.31798936,1.8925831)"
+             id="g2695">
+            <path
+               inkscape:connector-curvature="0"
+               style="clip-rule:evenodd;fill:#ffe600;fill-rule:evenodd"
+               id="path2697"
+               d="m 30,102.111 c -1.771,-7.695 2.602,-9.355 2.672,-9.379 1.371,-0.472 6.183,-1.554 7.316,1.737 1.025,2.977 -4.531,7.82 -9.583,9.56 -5.015,1.727 -12.469,1.364 -13.494,-1.613 -1.133,-3.291 3.325,-5.401 4.696,-5.873 0.069,-0.024 4.342,-2.237 7.88,5.746 0.13,0.293 0.571,0.074 0.513,-0.178 z" />
+            <path
+               inkscape:connector-curvature="0"
+               style="fill:#000000;fill-opacity:1"
+               id="path2699"
+               d="m 32.867,154.308 c 7.274,17.049 17.313,28.317 23.916,26.044 6.602,-2.273 7.575,-17.334 2.812,-35.247 -0.367,-3.303 -0.911,-9.542 -0.275,-13.127 0.464,-2.615 -0.112,-3.379 -2.212,-1.079 -0.634,0.694 -1.14,1.345 -1.514,2.022 -7.335,-18.703 -18.159,-31.442 -25.141,-29.038 -6.982,2.404 -7.669,19.106 -1.934,38.36 -0.712,-0.304 -1.51,-0.505 -2.438,-0.662 -3.071,-0.52 -3.054,0.437 -1.079,2.212 2.709,2.435 6.121,7.686 7.865,10.515 z" />
+            <path
+               inkscape:connector-curvature="0"
+               style="clip-rule:evenodd;fill:#ffffff;fill-opacity:1;fill-rule:evenodd"
+               id="path2701"
+               d="m 30.621,139.494 c 5.498,15.966 14.795,27.243 20.766,25.187 5.971,-2.056 6.355,-16.666 0.857,-32.632 -5.498,-15.966 -14.795,-27.243 -20.766,-25.187 -5.971,2.056 -6.354,16.665 -0.857,32.632 z m 23.197,28.556 c 0.536,1.558 1.515,2.634 2.186,2.403 0.671,-0.231 0.78,-1.681 0.243,-3.239 -0.536,-1.558 -1.515,-2.633 -2.186,-2.403 -0.67,0.231 -0.779,1.682 -0.243,3.239 z m -4.7,1.619 c 0.536,1.558 1.515,2.634 2.186,2.403 0.67,-0.231 0.779,-1.681 0.243,-3.239 -0.536,-1.558 -1.515,-2.634 -2.186,-2.402 -0.671,0.23 -0.78,1.68 -0.243,3.238 z" />
+            <g
+               id="g2703">
+              <ellipse
+                 style="fill:#ffe600"
+                 id="ellipse2705"
+                 ry="2.142"
+                 rx="4.428"
+                 cy="163.328"
+                 cx="50.867001"
+                 transform="matrix(-0.9455,0.3255,-0.3255,-0.9455,152.1324,301.1998)" />
+              <path
+                 inkscape:connector-curvature="0"
+                 style="fill:#ffe600"
+                 id="path2707"
+                 d="" />
+            </g>
+          </g>
+          <g
+             transform="translate(0.31798936,1.8925831)"
+             id="g2709">
+            <path
+               inkscape:connector-curvature="0"
+               style="clip-rule:evenodd;fill:#ffe600;fill-rule:evenodd"
+               id="path2711"
+               d="m 64.282,90.307 c -1.771,-7.695 2.603,-9.355 2.672,-9.379 1.371,-0.472 6.183,-1.554 7.316,1.737 1.025,2.978 -4.531,7.82 -9.583,9.56 -5.015,1.727 -12.469,1.364 -13.494,-1.613 -1.133,-3.291 3.325,-5.401 4.696,-5.873 0.07,-0.024 4.342,-2.237 7.88,5.746 0.13,0.292 0.572,0.074 0.513,-0.178 z" />
+            <path
+               inkscape:connector-curvature="0"
+               style="fill:#000000;fill-opacity:1"
+               id="path2713"
+               d="m 67.15,142.503 c 7.274,17.049 17.313,28.317 23.916,26.044 6.602,-2.273 7.575,-17.333 2.812,-35.247 -0.367,-3.303 -0.911,-9.542 -0.275,-13.127 0.464,-2.615 -0.112,-3.379 -2.212,-1.079 -0.634,0.694 -1.139,1.345 -1.514,2.022 -7.334,-18.704 -18.159,-31.442 -25.141,-29.038 -6.982,2.404 -7.669,19.106 -1.934,38.36 -0.712,-0.304 -1.51,-0.505 -2.438,-0.662 -3.071,-0.52 -3.054,0.437 -1.079,2.211 2.709,2.436 6.121,7.687 7.865,10.516 z" />
+            <path
+               inkscape:connector-curvature="0"
+               style="clip-rule:evenodd;fill:#ffffff;fill-opacity:1;fill-rule:evenodd"
+               id="path2715"
+               d="m 64.904,127.689 c 5.498,15.967 14.795,27.243 20.766,25.187 5.971,-2.056 6.355,-16.666 0.857,-32.632 -5.498,-15.967 -14.795,-27.243 -20.766,-25.187 -5.971,2.056 -6.355,16.666 -0.857,32.632 z m 23.197,28.557 c 0.536,1.558 1.515,2.633 2.186,2.402 0.671,-0.231 0.779,-1.681 0.243,-3.239 -0.537,-1.558 -1.515,-2.633 -2.186,-2.402 -0.671,0.231 -0.779,1.681 -0.243,3.239 z m -4.7,1.619 c 0.536,1.558 1.515,2.633 2.185,2.402 0.67,-0.231 0.78,-1.681 0.243,-3.239 -0.536,-1.558 -1.515,-2.633 -2.186,-2.402 -0.671,0.231 -0.779,1.681 -0.242,3.239 z" />
+            <g
+               id="g2717">
+              <ellipse
+                 style="fill:#ffe600"
+                 id="ellipse2719"
+                 ry="2.142"
+                 rx="4.428"
+                 cy="151.524"
+                 cx="85.149002"
+                 transform="matrix(-0.9455,0.3255,-0.3255,-0.9455,214.9873,267.075)" />
+              <path
+                 inkscape:connector-curvature="0"
+                 style="fill:#ffe600"
+                 id="path2721"
+                 d="" />
+            </g>
+          </g>
+          <g
+             transform="translate(0.31798936,1.8925831)"
+             id="g2723">
+            <path
+               inkscape:connector-curvature="0"
+               style="clip-rule:evenodd;fill:#ffe600;fill-rule:evenodd"
+               id="path2725"
+               d="m 98.565,78.502 c -1.771,-7.694 2.602,-9.355 2.672,-9.379 1.371,-0.472 6.183,-1.554 7.316,1.736 1.025,2.978 -4.531,7.82 -9.583,9.56 -5.015,1.727 -12.469,1.364 -13.494,-1.613 -1.133,-3.291 3.325,-5.401 4.696,-5.873 0.069,-0.024 4.342,-2.237 7.88,5.746 0.13,0.293 0.572,0.075 0.513,-0.177 z" />
+            <path
+               inkscape:connector-curvature="0"
+               style="fill:#000000;fill-opacity:1"
+               id="path2727"
+               d="m 101.433,130.699 c 7.274,17.048 17.313,28.317 23.915,26.043 6.602,-2.274 7.576,-17.333 2.812,-35.246 -0.367,-3.303 -0.911,-9.542 -0.275,-13.127 0.464,-2.615 -0.112,-3.379 -2.212,-1.079 -0.634,0.695 -1.139,1.345 -1.514,2.022 C 116.825,90.609 106,77.871 99.019,80.274 c -6.982,2.404 -7.669,19.106 -1.934,38.36 -0.712,-0.303 -1.51,-0.504 -2.438,-0.662 -3.071,-0.52 -3.054,0.437 -1.079,2.212 2.709,2.435 6.121,7.686 7.865,10.515 z" />
+            <path
+               inkscape:connector-curvature="0"
+               style="clip-rule:evenodd;fill:#ffffff;fill-opacity:1;fill-rule:evenodd"
+               id="path2729"
+               d="m 99.187,115.885 c 5.498,15.967 14.795,27.243 20.766,25.187 5.971,-2.056 6.355,-16.666 0.857,-32.632 -5.498,-15.967 -14.795,-27.243 -20.766,-25.187 -5.971,2.056 -6.355,16.665 -0.857,32.632 z m 23.197,28.556 c 0.536,1.558 1.515,2.633 2.186,2.403 0.67,-0.231 0.779,-1.681 0.243,-3.239 -0.536,-1.558 -1.515,-2.634 -2.185,-2.403 -0.671,0.232 -0.78,1.682 -0.244,3.239 z m -4.701,1.619 c 0.536,1.558 1.515,2.633 2.186,2.402 0.671,-0.23 0.78,-1.681 0.243,-3.239 -0.536,-1.558 -1.515,-2.633 -2.185,-2.402 -0.671,0.231 -0.78,1.681 -0.244,3.239 z" />
+            <g
+               id="g2731">
+              <ellipse
+                 style="fill:#ffe600"
+                 id="ellipse2733"
+                 ry="2.142"
+                 rx="4.428"
+                 cy="139.72"
+                 cx="119.432"
+                 transform="matrix(-0.9455,0.3255,-0.3255,-0.9455,277.8429,232.9489)" />
+              <path
+                 inkscape:connector-curvature="0"
+                 style="fill:#ffe600"
+                 id="path2735"
+                 d="" />
+            </g>
+          </g>
+          <g
+             transform="translate(0.31798936,1.8925831)"
+             id="g2739">
+            <path
+               inkscape:connector-curvature="0"
+               style="clip-rule:evenodd;fill:#ffe600;fill-rule:evenodd"
+               id="path2741"
+               d="m 96.575,238.982 c 3.342,7.154 7.811,5.77 7.88,5.746 1.371,-0.472 5.829,-2.583 4.696,-5.873 -1.025,-2.977 -8.385,-3.373 -13.437,-1.633 -5.015,1.727 -10.665,6.602 -9.64,9.579 1.133,3.291 5.946,2.208 7.316,1.736 0.07,-0.023 4.799,-0.91 2.672,-9.379 -0.078,-0.31 0.403,-0.41 0.513,-0.176 z" />
+            <path
+               inkscape:connector-curvature="0"
+               style="fill:#000000;fill-opacity:1"
+               id="path2743"
+               d="m 66.699,196.085 c -4.764,-17.913 -3.791,-32.973 2.812,-35.247 6.602,-2.273 16.641,8.995 23.915,26.043 1.744,2.829 5.156,8.08 7.865,10.514 1.976,1.775 1.992,2.732 -1.079,2.212 -0.927,-0.157 -1.726,-0.358 -2.438,-0.662 5.735,19.254 5.048,35.956 -1.934,38.36 -6.982,2.404 -17.806,-10.334 -25.141,-29.038 -0.374,0.677 -0.88,1.328 -1.514,2.022 -2.1,2.3 -2.675,1.536 -2.212,-1.079 0.637,-3.583 0.093,-9.822 -0.274,-13.125 z" />
+            <path
+               inkscape:connector-curvature="0"
+               style="clip-rule:evenodd;fill:#ffffff;fill-opacity:1;fill-rule:evenodd"
+               id="path2745"
+               d="m 74.049,209.142 c -5.498,-15.966 -5.114,-30.576 0.857,-32.632 5.971,-2.056 15.269,9.22 20.766,25.187 5.498,15.967 5.114,30.577 -0.857,32.633 -5.971,2.054 -15.268,-9.222 -20.766,-25.188 z m 0.699,-36.785 c -0.536,-1.558 -0.428,-3.008 0.243,-3.239 0.67,-0.231 1.649,0.845 2.185,2.403 0.537,1.558 0.427,3.008 -0.243,3.239 -0.67,0.231 -1.649,-0.845 -2.185,-2.403 z m -4.701,1.619 c -0.536,-1.558 -0.427,-3.008 0.243,-3.239 0.67,-0.231 1.649,0.845 2.186,2.403 0.536,1.558 0.427,3.008 -0.243,3.239 -0.67,0.231 -1.65,-0.845 -2.186,-2.403 z" />
+            <g
+               id="g2747">
+              <ellipse
+                 style="fill:#ffe600"
+                 id="ellipse2749"
+                 ry="2.142"
+                 rx="4.428"
+                 cy="177.98599"
+                 cx="75.361"
+                 transform="matrix(-0.9455,0.3255,-0.3255,-0.9455,204.5578,321.744)" />
+              <path
+                 inkscape:connector-curvature="0"
+                 style="fill:#ffe600"
+                 id="path2751"
+                 d="" />
+            </g>
+          </g>
+          <g
+             transform="translate(0.31798936,1.8925831)"
+             id="g2753">
+            <path
+               inkscape:connector-curvature="0"
+               style="clip-rule:evenodd;fill:#ffe600;fill-rule:evenodd"
+               id="path2755"
+               d="m 130.858,227.178 c 3.341,7.154 7.81,5.77 7.88,5.746 1.371,-0.472 5.829,-2.582 4.696,-5.873 -1.025,-2.977 -8.385,-3.373 -13.437,-1.633 -5.015,1.727 -10.665,6.602 -9.64,9.579 1.133,3.291 5.946,2.208 7.316,1.737 0.069,-0.024 4.799,-0.91 2.672,-9.379 -0.078,-0.312 0.404,-0.412 0.513,-0.177 z" />
+            <path
+               inkscape:connector-curvature="0"
+               style="fill:#000000;fill-opacity:1"
+               id="path2757"
+               d="m 100.982,184.281 c -4.764,-17.913 -3.791,-32.973 2.812,-35.247 6.602,-2.273 16.641,8.995 23.915,26.044 1.745,2.829 5.157,8.08 7.865,10.513 1.976,1.775 1.993,2.732 -1.079,2.212 -0.927,-0.157 -1.726,-0.358 -2.438,-0.662 5.736,19.254 5.048,35.957 -1.934,38.36 -6.981,2.404 -17.806,-10.334 -25.141,-29.038 -0.374,0.678 -0.879,1.328 -1.513,2.022 -2.1,2.301 -2.676,1.537 -2.212,-1.079 0.636,-3.584 0.092,-9.822 -0.275,-13.125 z" />
+            <path
+               inkscape:connector-curvature="0"
+               style="clip-rule:evenodd;fill:#ffffff;fill-opacity:1;fill-rule:evenodd"
+               id="path2759"
+               d="m 108.332,197.337 c -5.498,-15.966 -5.114,-30.576 0.857,-32.632 5.971,-2.056 15.268,9.22 20.766,25.187 5.498,15.966 5.114,30.576 -0.857,32.632 -5.971,2.056 -15.268,-9.22 -20.766,-25.187 z m 0.699,-36.784 c -0.536,-1.558 -0.428,-3.008 0.243,-3.239 0.671,-0.231 1.649,0.845 2.186,2.402 0.536,1.558 0.427,3.008 -0.243,3.239 -0.671,0.231 -1.65,-0.845 -2.186,-2.402 z m -4.701,1.618 c -0.536,-1.558 -0.427,-3.008 0.243,-3.239 0.67,-0.231 1.649,0.845 2.185,2.402 0.536,1.557 0.428,3.008 -0.243,3.239 -0.671,0.231 -1.649,-0.844 -2.185,-2.402 z" />
+            <g
+               id="g2761">
+              <ellipse
+                 style="fill:#ffe600"
+                 id="ellipse2763"
+                 ry="2.142"
+                 rx="4.428"
+                 cy="166.18201"
+                 cx="109.643"
+                 transform="matrix(-0.9455,0.3255,-0.3255,-0.9455,267.4128,287.6192)" />
+              <path
+                 inkscape:connector-curvature="0"
+                 style="fill:#ffe600"
+                 id="path2765"
+                 d="" />
+            </g>
+          </g>
+          <g
+             transform="translate(0.31798936,1.8925831)"
+             id="g2767">
+            <path
+               inkscape:connector-curvature="0"
+               style="clip-rule:evenodd;fill:#ffe600;fill-rule:evenodd"
+               id="path2769"
+               d="m 165.141,215.373 c 3.342,7.154 7.811,5.77 7.88,5.746 1.371,-0.472 5.829,-2.582 4.696,-5.873 -1.025,-2.977 -8.385,-3.372 -13.438,-1.633 -5.015,1.727 -10.665,6.602 -9.64,9.579 1.133,3.291 5.945,2.208 7.316,1.737 0.069,-0.024 4.799,-0.91 2.672,-9.379 -0.078,-0.311 0.404,-0.411 0.514,-0.177 z" />
+            <path
+               inkscape:connector-curvature="0"
+               style="fill:#000000;fill-opacity:1"
+               id="path2771"
+               d="m 135.265,172.476 c -4.764,-17.913 -3.791,-32.973 2.812,-35.246 6.603,-2.273 16.641,8.995 23.916,26.043 1.744,2.829 5.156,8.08 7.865,10.514 1.975,1.775 1.992,2.731 -1.079,2.212 -0.927,-0.157 -1.726,-0.358 -2.438,-0.662 5.735,19.254 5.048,35.957 -1.934,38.36 -6.982,2.404 -17.806,-10.334 -25.141,-29.038 -0.374,0.678 -0.88,1.328 -1.514,2.022 -2.1,2.301 -2.676,1.537 -2.212,-1.079 0.636,-3.584 0.092,-9.823 -0.275,-13.126 z" />
+            <path
+               inkscape:connector-curvature="0"
+               style="clip-rule:evenodd;fill:#ffffff;fill-opacity:1;fill-rule:evenodd"
+               id="path2773"
+               d="m 142.615,185.533 c -5.498,-15.967 -5.114,-30.577 0.857,-32.633 5.971,-2.056 15.269,9.221 20.766,25.187 5.497,15.966 5.114,30.576 -0.857,32.632 -5.971,2.056 -15.268,-9.22 -20.766,-25.186 z m 0.699,-36.785 c -0.537,-1.558 -0.428,-3.008 0.243,-3.239 0.671,-0.231 1.649,0.845 2.186,2.402 0.537,1.558 0.428,3.008 -0.243,3.239 -0.671,0.231 -1.65,-0.844 -2.186,-2.402 z m -4.701,1.619 c -0.536,-1.558 -0.427,-3.008 0.243,-3.239 0.671,-0.231 1.649,0.845 2.186,2.402 0.537,1.558 0.428,3.008 -0.243,3.239 -0.671,0.231 -1.65,-0.845 -2.186,-2.402 z" />
+            <g
+               id="g2775">
+              <ellipse
+                 style="fill:#ffe600"
+                 id="ellipse2777"
+                 ry="2.142"
+                 rx="4.4289999"
+                 cy="154.379"
+                 cx="143.92599"
+                 transform="matrix(-0.9455,0.3256,-0.3256,-0.9455,330.2729,253.4852)" />
+              <path
+                 inkscape:connector-curvature="0"
+                 style="fill:#ffe600"
+                 id="path2779"
+                 d="" />
+            </g>
+          </g>
+          <path
+             d="M 95.108,61.776 244.59003,10.309068 c 15.666,-5.3939967 32.82494,3.185516 38.32619,19.163008 l 40.59032,117.878134 c 5.50125,15.97749 -2.7378,33.302 -18.40381,38.69497 l -103.98001,35.80096 z"
+             id="path2781"
+             style="fill:#3c857c;fill-opacity:1;filter:url(#filter5576)"
+             inkscape:connector-curvature="0" />
+          <text
+             xml:space="preserve"
+             style="font-style:normal;font-weight:normal;font-size:40px;line-height:125%;font-family:Sans;text-align:start;letter-spacing:0px;word-spacing:0px;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+             x="137.92564"
+             y="176.00142"
+             id="text5724"
+             transform="rotate(1.0000002)"><tspan
+               sodipodi:role="line"
+               id="tspan5726"
+               x="137.92564"
+               y="176.00142"
+               style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:180px;font-family:Overpass;-inkscape-font-specification:'Overpass Bold';letter-spacing:-10px;fill:#e6e6e6;fill-opacity:1">lib</tspan></text>
+          <path
+             d="m 218.304,241.188 c -2.9,1.834 -8.917,18.762 -6.01,22.858 4.325,6.093 32.696,-15.214 30.405,-21.183 -2.356,-6.136 -21.883,-2.64 -24.395,-1.675 z m -14.341,-9.677 3.368,5.018 c 0,0 0.934,1.385 0.252,4.412 -1.066,4.734 -5.207,16.96 -5.819,27.111 -0.074,1.226 -1.793,12.229 9.964,9.517 11.758,-2.711 36.593,-21.745 41.746,-30.395 5.153,-8.65 -0.843,-13.795 -8.332,-14.524 -7.489,-0.73 -19.089,-0.425 -24.443,0.189 -5.354,0.614 -4.956,-1.165 -9.326,-5.975 -0.327,-0.361 -7.41,4.647 -7.41,4.647 z"
+             id="path2795"
+             style="clip-rule:evenodd;fill:#3e3e3e;fill-rule:evenodd"
+             inkscape:connector-curvature="0" />
+          <path
+             d="m 216.503,238.52 c -2.9,1.834 -8.917,18.762 -6.009,22.858 4.324,6.092 32.696,-15.214 30.405,-21.183 -2.356,-6.136 -21.882,-2.64 -24.396,-1.675 z m -13.394,-10.003 3.368,5.018 c 0,0 0.934,1.385 0.252,4.412 -1.066,4.734 -5.207,16.96 -5.819,27.111 -0.074,1.226 -1.793,12.229 9.964,9.517 11.758,-2.711 36.593,-21.745 41.746,-30.395 5.153,-8.65 -0.843,-13.795 -8.332,-14.524 -7.489,-0.73 -19.089,-0.425 -24.443,0.189 -5.354,0.614 -4.956,-1.165 -9.326,-5.975 -0.328,-0.361 -7.41,4.647 -7.41,4.647 z"
+             id="path2797"
+             style="clip-rule:evenodd;fill:url(#linearGradient7010);fill-opacity:1;fill-rule:evenodd"
+             inkscape:connector-curvature="0" />
+          <path
+             mask="url(#mask4481)"
+             transform="matrix(1.4295286,0.05310508,-0.05040644,1.2918715,-77.431354,-78.804771)"
+             d="m 214.776,227.853 c -2.797,3.296 -6.24,5.845 -9.926,7.474 0.432,-2.596 -0.374,-3.792 -0.374,-3.792 l -3.368,-5.018 c 0,0 7.083,-5.008 7.41,-4.647 3.294,3.624 3.879,5.527 6.258,5.983 z"
+             id="path2799"
+             style="fill:#54575a;fill-opacity:1"
+             inkscape:connector-curvature="0" />
+          <path
+             d="m 116.052,45.547 c 17.234,36.62 72.865,128.908 102.86,168.287 -2.858,14.11 -18.673,23.308 -29.809,18.791 L 73.761,66.024 c -0.07,-12.347 22.06,-27.271 42.291,-20.477 z"
+             id="path2803"
+             style="fill:#c8c7c5"
+             inkscape:connector-curvature="0" />
+          <path
+             d="m 113.124,44.661 c 17.233,36.62 75.371,131.675 105.366,171.054 -4.069,13.505 -18.428,20.812 -30.299,17.44 L 72.849,66.555 C 72.779,54.208 95.748,39.956 113.124,44.661 Z"
+             id="path2805"
+             style="fill:#7c858c"
+             inkscape:connector-curvature="0" />
+          <path
+             d="M 203.927,231.912 80.383,53.463 c 3.583,-3.084 8.164,-5.73 13.116,-7.479 6.902,12.484 25.22,44.608 54.336,88.542 22.713,34.272 46.085,68.024 64.139,91.973 -2.35,2.316 -5.102,4.145 -8.047,5.413 z m -3.597,1.245 c -1.392,0.368 -2.805,0.615 -4.223,0.733 L 75.218,59.278 c 0.699,-1.099 1.537,-2.181 2.494,-3.23 z"
+             id="path2809"
+             style="clip-rule:evenodd;fill:url(#radialGradient4507);fill-opacity:1;fill-rule:evenodd"
+             inkscape:connector-curvature="0" />
+        </g>
+        <text
+           transform="rotate(1.0000002)"
+           id="text5053"
+           y="53.587437"
+           x="-408.52026"
+           style="font-style:normal;font-weight:normal;font-size:40px;line-height:125%;font-family:Sans;text-align:start;letter-spacing:0px;word-spacing:0px;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+           xml:space="preserve"><tspan
+             y="88.978058"
+             x="-408.52026"
+             id="tspan5055"
+             sodipodi:role="line" /></text>
+        <text
+           transform="rotate(1.0000002)"
+           id="text5057"
+           y="-232.88652"
+           x="-525.88629"
+           style="font-style:normal;font-weight:normal;font-size:90px;line-height:125%;font-family:Sans;text-align:start;letter-spacing:0px;word-spacing:0px;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+           xml:space="preserve"><tspan
+             y="-153.25761"
+             x="-525.88629"
+             id="tspan5059"
+             sodipodi:role="line" /></text>
+        <text
+           transform="rotate(1.0000002)"
+           id="text5069"
+           y="-200.07454"
+           x="543.02759"
+           style="font-style:normal;font-weight:normal;font-size:40px;line-height:125%;font-family:Sans;text-align:start;letter-spacing:0px;word-spacing:0px;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+           xml:space="preserve"><tspan
+             y="-164.68391"
+             x="543.02759"
+             id="tspan5071"
+             sodipodi:role="line" /></text>
+      </g>
+    </g>
+  </g>
+  <g
+     inkscape:groupmode="layer"
+     id="layer3"
+     inkscape:label="Trim Lines"
+     style="display:none"
+     sodipodi:insensitive="true">
+    <g
+       id="g4595"
+       transform="matrix(1.2367579,0,0,-1.2367579,267.26742,1019.9045)">
+      <path
+         inkscape:connector-curvature="0"
+         id="path470"
+         style="fill:none;stroke:#231f20;stroke-width:1.01070714;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="M 210.14,593.273 H 199.138" />
+      <path
+         inkscape:connector-curvature="0"
+         id="path472"
+         style="fill:none;stroke:#231f20;stroke-width:1.01070714;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="M 210.14,449.273 H 199.138" />
+      <path
+         inkscape:connector-curvature="0"
+         id="path474"
+         style="fill:none;stroke:#231f20;stroke-width:1.01070714;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="m 204.639,449.273 v 144" />
+      <path
+         inkscape:connector-curvature="0"
+         id="path476"
+         style="fill:#231f20;fill-opacity:1;fill-rule:nonzero;stroke:none"
+         d="m 204.639,455.424 h 3.549 l -1.774,-3.076 -1.775,-3.075 -1.776,3.075 -1.773,3.076 h 3.549" />
+      <path
+         inkscape:connector-curvature="0"
+         id="path478"
+         style="fill:#231f20;fill-opacity:1;fill-rule:nonzero;stroke:none"
+         d="m 204.639,587.124 h -3.549 l 1.773,3.076 1.776,3.073 1.775,-3.073 1.774,-3.076 h -3.549" />
+    </g>
+    <g
+       transform="rotate(-90)"
+       style="font-style:normal;font-weight:normal;font-size:14.63270473px;line-height:521.00000381%;font-family:Sans;letter-spacing:0px;word-spacing:0px;display:inline;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       id="text8536-9">
+      <path
+         d="m -396.49494,509.63711 q 1.51471,0 2.40782,0.85024 0.90025,0.85024 0.90025,2.32923 0,1.7505 -1.07887,2.69362 -1.07888,0.94312 -3.08659,0.94312 -1.74335,0 -2.81508,-0.56444 v -1.90768 q 0.56445,0.30008 1.31466,0.49299 0.75021,0.18577 1.42183,0.18577 2.022,0 2.022,-1.65761 0,-1.57902 -2.09345,-1.57902 -0.37868,0 -0.83595,0.0786 -0.45727,0.0715 -0.74307,0.15719 l -0.87882,-0.47156 0.39297,-5.32293 h 5.66589 v 1.87195 h -3.72963 l -0.19291,2.05058 0.25007,-0.05 q 0.43584,-0.10003 1.07888,-0.10003 z"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:14.63270473px;line-height:521.00000381%;font-family:'Open Sans';-inkscape-font-specification:'Open Sans Bold';text-align:start;writing-mode:lr-tb;text-anchor:start"
+         id="path5992"
+         inkscape:connector-curvature="0" />
+      <path
+         d="m -391.70073,515.28871 q 0,-0.60017 0.32152,-0.9074 0.32152,-0.30723 0.93598,-0.30723 0.59302,0 0.91454,0.31437 0.32866,0.31438 0.32866,0.90026 0,0.56444 -0.32866,0.89311 -0.32866,0.32152 -0.91454,0.32152 -0.60017,0 -0.92884,-0.31438 -0.32866,-0.32152 -0.32866,-0.90025 z"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:14.63270473px;line-height:521.00000381%;font-family:'Open Sans';-inkscape-font-specification:'Open Sans Bold';text-align:start;writing-mode:lr-tb;text-anchor:start"
+         id="path5994"
+         inkscape:connector-curvature="0" />
+      <path
+         d="m -380.53329,511.08752 q 0,2.73649 -0.90026,4.05115 -0.89311,1.31465 -2.75792,1.31465 -1.80765,0 -2.72934,-1.35752 -0.91454,-1.35753 -0.91454,-4.00828 0,-2.76507 0.89311,-4.07258 0.8931,-1.31466 2.75077,-1.31466 1.80766,0 2.72934,1.37182 0.92884,1.37182 0.92884,4.01542 z m -5.10859,0 q 0,1.92197 0.32867,2.75792 0.33581,0.82881 1.12174,0.82881 0.77165,0 1.1146,-0.8431 0.34296,-0.84309 0.34296,-2.74363 0,-1.92197 -0.3501,-2.75792 -0.34296,-0.8431 -1.10746,-0.8431 -0.77879,0 -1.1146,0.8431 -0.33581,0.83595 -0.33581,2.75792 z"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:14.63270473px;line-height:521.00000381%;font-family:'Open Sans';-inkscape-font-specification:'Open Sans Bold';text-align:start;writing-mode:lr-tb;text-anchor:start"
+         id="path5996"
+         inkscape:connector-curvature="0" />
+      <path
+         d="m -375.83196,505.72886 q 1.50042,0 2.41496,0.68591 0.92169,0.67877 0.92169,1.83624 0,0.80022 -0.44298,1.42897 -0.44298,0.6216 -1.42897,1.1146 1.17176,0.62875 1.67904,1.31466 0.51443,0.67876 0.51443,1.49328 0,1.28607 -1.00742,2.07201 -1.00743,0.77879 -2.65075,0.77879 -1.71477,0 -2.69362,-0.72877 -0.97885,-0.72878 -0.97885,-2.06487 0,-0.89311 0.47156,-1.58617 0.47871,-0.69305 1.52901,-1.22177 -0.89311,-0.56445 -1.28608,-1.20748 -0.39297,-0.64304 -0.39297,-1.40754 0,-1.12175 0.92883,-1.8148 0.92884,-0.69306 2.42212,-0.69306 z m -1.62903,7.80221 q 0,0.61446 0.42869,0.95741 0.42869,0.34296 1.17176,0.34296 0.82166,0 1.22892,-0.3501 0.40725,-0.35725 0.40725,-0.93598 0,-0.47871 -0.40725,-0.89311 -0.40012,-0.42155 -1.30752,-0.89311 -1.52185,0.7002 -1.52185,1.77193 z m 1.61474,-6.18746 q -0.56445,0 -0.91455,0.29294 -0.34295,0.28579 -0.34295,0.77164 0,0.4287 0.2715,0.77165 0.27865,0.33581 1.00029,0.69305 0.70019,-0.32866 0.97885,-0.67162 0.27865,-0.34295 0.27865,-0.79308 0,-0.49299 -0.35725,-0.77879 -0.35724,-0.28579 -0.91454,-0.28579 z"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:14.63270473px;line-height:521.00000381%;font-family:'Open Sans';-inkscape-font-specification:'Open Sans Bold';text-align:start;writing-mode:lr-tb;text-anchor:start"
+         id="path5998"
+         inkscape:connector-curvature="0" />
+      <path
+         d="m -363.48562,516.45332 q -3.72962,0 -3.72962,-4.09401 0,-2.03629 1.01457,-3.10802 1.01457,-1.07888 2.90797,-1.07888 1.3861,0 2.48641,0.54301 l -0.64304,1.68619 q -0.51443,-0.2072 -0.95741,-0.33581 -0.44298,-0.13575 -0.88596,-0.13575 -1.70049,0 -1.70049,2.41497 0,2.34352 1.70049,2.34352 0.62874,0 1.16461,-0.16433 0.53587,-0.17148 1.07173,-0.52872 v 1.86481 q -0.52872,0.33581 -1.07173,0.46441 -0.53587,0.12861 -1.35753,0.12861 z"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:14.63270473px;line-height:521.00000381%;font-family:'Open Sans';-inkscape-font-specification:'Open Sans Bold';text-align:start;writing-mode:lr-tb;text-anchor:start"
+         id="path6000"
+         inkscape:connector-curvature="0" />
+      <path
+         d="m -352.06096,516.31042 h -2.17919 v -4.6656 q 0,-0.86453 -0.29294,-1.29322 -0.28579,-0.43584 -0.9074,-0.43584 -0.83595,0 -1.21463,0.61446 -0.37868,0.61446 -0.37868,2.022 v 3.7582 h -2.17918 v -7.98797 h 1.66475 l 0.29294,1.02172 h 0.12147 q 0.32152,-0.55015 0.92883,-0.85738 0.60731,-0.31438 1.39325,-0.31438 1.79336,0 2.42926,1.17176 h 0.19291 q 0.32152,-0.5573 0.94312,-0.86453 0.62875,-0.30723 1.41469,-0.30723 1.35752,0 2.05058,0.7002 0.7002,0.69305 0.7002,2.2292 v 5.20861 h -2.18634 v -4.6656 q 0,-0.86453 -0.29294,-1.29322 -0.28579,-0.43584 -0.9074,-0.43584 -0.80022,0 -1.20033,0.57159 -0.39297,0.57159 -0.39297,1.8148 z"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:14.63270473px;line-height:521.00000381%;font-family:'Open Sans';-inkscape-font-specification:'Open Sans Bold';text-align:start;writing-mode:lr-tb;text-anchor:start"
+         id="path6002"
+         inkscape:connector-curvature="0" />
+    </g>
+    <rect
+       y="285.73621"
+       x="288.5"
+       height="178.99998"
+       width="179"
+       id="rect8620"
+       style="display:inline;opacity:1;fill:none;fill-opacity:1;stroke:#0093d9;stroke-width:1;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:2, 4.00000009;stroke-dashoffset:6.5;stroke-opacity:1" />
+    <rect
+       style="display:inline;opacity:1;fill:none;fill-opacity:1;stroke:#000000;stroke-width:1;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:6.5;stroke-opacity:1"
+       id="rect8624"
+       width="190.25003"
+       height="190.25002"
+       x="282.87497"
+       y="280.11118" />
+    <rect
+       y="291.36118"
+       x="294.125"
+       height="167.75"
+       width="167.75002"
+       id="rect8626"
+       style="display:inline;opacity:1;fill:none;fill-opacity:1;stroke:#db3279;stroke-width:0.99999994;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:6.5;stroke-opacity:1" />
+  </g>
+  <g
+     inkscape:groupmode="layer"
+     id="layer2"
+     inkscape:label="Preview Without Bleeds"
+     style="display:none"
+     sodipodi:insensitive="true">
+    <path
+       style="opacity:1;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:1;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:6.5;stroke-opacity:1"
+       d="M 258.60352,257.08203 V 493.38867 H 497.39648 V 257.08203 Z M 288.5,285.73633 h 179 v 179 h -179 z"
+       id="rect8631"
+       inkscape:connector-curvature="0" />
+  </g>
+</svg>

docs/newapi.xsl

@@ -258,7 +258,7 @@
       </xsl:call-template>
     </span>
     <xsl:text> </xsl:text>
-    <a name="{@name}"></a>
+    <a id="{@name}"></a>
     <xsl:value-of select="@name"/>
     <xsl:text>
 </xsl:text>
@@ -281,7 +281,7 @@
           </xsl:call-template>
         </span>
 	<xsl:text> </xsl:text>
-	<a name="{$name}"><xsl:value-of select="$name"/></a>
+	<a id="{$name}"><xsl:value-of select="$name"/></a>
 	<xsl:text>
 </xsl:text>
       </xsl:otherwise>
@@ -308,7 +308,7 @@
 
   <xsl:template match="typedef[@type = 'enum']">
     <xsl:variable name="name" select="string(@name)"/>
-    <h3><a name="{$name}"><code><xsl:value-of select="$name"/></code></a></h3>
+    <h3><a id="{$name}"><code><xsl:value-of select="$name"/></code></a></h3>
     <div class="api">
       <pre>
         <span class="keyword">enum</span><xsl:text> </xsl:text>
@@ -320,7 +320,7 @@
         <xsl:for-each select="/api/symbols/enum[@type = $name]">
           <xsl:sort select="@value" data-type="number" order="ascending"/>
           <tr>
-            <td><a name="{@name}"><xsl:value-of select="@name"/></a></td>
+            <td><a id="{@name}"><xsl:value-of select="@name"/></a></td>
             <td><xsl:text> = </xsl:text></td>
             <xsl:choose>
               <xsl:when test="@info != ''">
@@ -357,7 +357,7 @@
   </xsl:template>
 
   <xsl:template match="struct">
-    <h3><a name="{@name}"><code><xsl:value-of select="@name"/></code></a></h3>
+    <h3><a id="{@name}"><code><xsl:value-of select="@name"/></code></a></h3>
     <div class="api">
       <pre>
         <span class="keyword">struct </span>
@@ -447,7 +447,7 @@
 
   <xsl:template match="macro">
     <xsl:variable name="name" select="string(@name)"/>
-    <h3><a name="{$name}"><code><xsl:value-of select="$name"/></code></a></h3>
+    <h3><a id="{$name}"><code><xsl:value-of select="$name"/></code></a></h3>
     <pre class="api"><span class="directive">#define</span><xsl:text> </xsl:text><xsl:value-of select="$name"/></pre>
     <div class="description">
     <xsl:call-template name="formattext">
@@ -558,7 +558,7 @@
     <xsl:variable name="nlen" select="string-length($name)"/>
     <xsl:variable name="tlen" select="string-length(return/@type)"/>
     <xsl:variable name="blen" select="(($nlen + 8) - (($nlen + 8) mod 8)) + (($tlen + 8) - (($tlen + 8) mod 8))"/>
-    <h3><a name="{$name}"><code><xsl:value-of select="$name"/></code></a></h3>
+    <h3><a id="{$name}"><code><xsl:value-of select="$name"/></code></a></h3>
     <pre class="api">
     <span class="keyword">typedef</span><xsl:text> </xsl:text>
     <span class="type">
@@ -636,7 +636,7 @@
     <xsl:variable name="nlen" select="string-length($name)"/>
     <xsl:variable name="tlen" select="string-length(return/@type)"/>
     <xsl:variable name="blen" select="(($nlen + 8) - (($nlen + 8) mod 8)) + (($tlen + 8) - (($tlen + 8) mod 8))"/>
-    <h3><a name="{$name}"><code><xsl:value-of select="$name"/></code></a></h3>
+    <h3><a id="{$name}"><code><xsl:value-of select="$name"/></code></a></h3>
     <pre class="api">
     <span class="type">
       <xsl:call-template name="dumptext">
@@ -783,16 +783,16 @@
         <h2>Description</h2>
 
         <xsl:if test="count(exports[@type='macro']) > 0">
-          <h3><a name="macros">Macros</a></h3>
+          <h3><a id="macros">Macros</a></h3>
           <xsl:apply-templates select="exports[@type='macro']">
             <xsl:sort select='@symbol'/>
           </xsl:apply-templates>
         </xsl:if>
-        <h3><a name="types">Types</a></h3>
+        <h3><a id="types">Types</a></h3>
         <xsl:apply-templates select="exports[@type='typedef']">
           <xsl:sort select='@symbol'/>
         </xsl:apply-templates>
-        <h3><a name="functions">Functions</a></h3>
+        <h3><a id="functions">Functions</a></h3>
         <xsl:apply-templates select="exports[@type='function']">
           <xsl:sort select='@symbol'/>
         </xsl:apply-templates>

docs/news-2014.html.in

@@ -2041,7 +2041,7 @@
       build: avoid compiler warning on shadowed name (Jean-Baptiste Rouault),<br/>
       tests: link against libxml2 (Guido Günther),<br/>
       tests: build viridentitytest only WITH_ATTR. (Jincheng Miao),<br/>
-      maint: Correctly detect wether "gluster" cli tool is accessible (Peter Krempa),<br/>
+      maint: Correctly detect whether "gluster" cli tool is accessible (Peter Krempa),<br/>
       libvirt-guests: avoid bashism (Guido Günther),<br/>
       Use the force flag for mkfs -t xfs (Ján Tomko)<br/>
       </li>

docs/news-html.xsl

@@ -1,5 +1,7 @@
 <?xml version="1.0"?>
-<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:stylesheet version="1.0"
+                xmlns="http://www.w3.org/1999/xhtml"
+                xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
   <xsl:output method="xml" indent="yes" encoding="UTF-8"/>
 
   <!-- This XSLT stylesheet can be applied to the XML version of the release
@@ -39,12 +41,17 @@
   <!-- Release -->
   <xsl:template match="release">
     <h3>
-      <strong>
-        <xsl:value-of select="@version"/>
-        <xsl:text> (</xsl:text>
-        <xsl:value-of select="@date"/>
-        <xsl:text>)</xsl:text>
-      </strong>
+      <a>
+        <xsl:attribute name="id">
+          <xsl:value-of select="@version"/>
+        </xsl:attribute>
+        <strong>
+          <xsl:value-of select="@version"/>
+          <xsl:text> (</xsl:text>
+          <xsl:value-of select="@date"/>
+          <xsl:text>)</xsl:text>
+        </strong>
+      </a>
     </h3>
     <ul>
       <xsl:apply-templates select="section"/>
@@ -58,7 +65,7 @@
         <xsl:value-of select="@title"/>
       </strong>
       <xsl:if test="*">
-        <ul>
+        <ul class="news-section-content">
           <xsl:apply-templates select="change"/>
         </ul>
       </xsl:if>
@@ -68,8 +75,14 @@
   <!-- Change -->
   <xsl:template match="change">
     <li>
-      <xsl:apply-templates select="summary"/>
-      <xsl:apply-templates select="description"/>
+      <dl>
+        <dt>
+          <xsl:apply-templates select="summary"/>
+        </dt>
+        <dd>
+          <xsl:apply-templates select="description"/>
+        </dd>
+      </dl>
     </li>
   </xsl:template>
 
@@ -80,7 +93,6 @@
 
   <!-- Change description -->
   <xsl:template match="description">
-    <br/>
     <xsl:apply-templates/>
   </xsl:template>
 

docs/news.xml

@@ -39,10 +39,359 @@
      -->
 
 <libvirt>
-  <release version="v5.4.0" date="unreleased">
+  <release version="v5.7.0" date="unreleased">
     <section title="New features">
+      <change>
+        <summary>
+          qemu: Support Direct Mode for Hyper-V Synthetic timers
+        </summary>
+        <description>
+          The QEMU driver now supports Direct Mode for Hyper-V Synthetic timers
+          for Hyper-V guests.
+        </description>
+      </change>
+    </section>
+    <section title="Removed features">
+      <change>
+        <summary>
+          Remove KVM assignment support
+        </summary>
+        <description>
+          The KVM style of PCI device assignment was removed from
+          the kernel in version 4.12.0 after being deprecated since 4.2.0.
+          Libvirt defaults to VFIO for a long time. Remove support for
+          KVM device assignment from libvirt too.
+        </description>
+      </change>
     </section>
     <section title="Improvements">
+      <change>
+        <summary>
+          virsh: Support setting precopy bandwidth in migrate subcommand
+        </summary>
+        <description>
+          In addition to postcopy bandwidth, the <code>virsh migrate</code>
+          subcommand now supports specifying precopy bandwidth with the
+          <code>--precopy-bandwidth</code> parameter.
+        </description>
+      </change>
+    </section>
+    <section title="Bug fixes">
+    </section>
+  </release>
+  <release version="v5.6.0" date="2019-08-05">
+    <section title="New features">
+      <change>
+        <summary>
+          qemu: Introduce a new video model of type 'bochs'
+        </summary>
+        <description>
+          Introduce a new video model type that supports the
+          <code>bochs-display</code> device that was added in qemu version 3.0.
+        </description>
+      </change>
+      <change>
+        <summary>
+          api: new virDomainCheckpoint APIs
+        </summary>
+        <description>
+          Introduce several new APIs for creating and managing
+          checkpoints in the test and qemu drivers (the latter
+          requires qcow2 images). Checkpoints serve as a way to tell
+          which portions of a disk have changed since a point in time.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Add support for overriding max threads per process limit
+        </summary>
+        <description>
+          systemd-based systems impose a limit on the number of threads a
+          process can spawn, which in some cases can be exceeded by QEMU
+          processes running VMs. Add a <code>max_threads_per_process</code>
+          option to qemu.conf to override the system default.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Remember original owners and SELinux labels of files
+        </summary>
+        <description>
+          When a domain is starting up libvirt changes DAC and
+          SELinux labels so that domain can access it. However,
+          it never remembered the original labels and therefore
+          the file was returned back to <code>root:root</code>.
+          With this release, the original labels are remembered
+          and restored properly.
+        </description>
+      </change>
+      <change>
+        <summary>
+          network: Allow passing arbitrary options to dnsmasq
+        </summary>
+        <description>
+          This works similarly to the existing support for passing arbitary
+          options to QEMU, and just like that feature it comes with no
+          support guarantees.
+        </description>
+      </change>
+    </section>
+    <section title="Removed features">
+      <change>
+        <summary>
+          xen: Remove sxpr config support
+        </summary>
+        <description>
+          Remove the sxpr style config parser and formatter a year after the
+          xend driver was removed.
+        </description>
+      </change>
+    </section>
+    <section title="Improvements">
+      <change>
+        <summary>
+          qemu: Allow XML validation for snapshot creation
+        </summary>
+        <description>
+          Add flag <code>VIR_DOMAIN_SNAPSHOT_CREATE_VALIDATE</code> to validate
+          snapshot input XML. For virsh, users can use it as <code>virsh
+          snapshot-create --validate</code>.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Support encrypted soft TPM
+        </summary>
+        <description>
+          A soft TPM backend could be encrypted with passphrase. Now libvirt
+          supports using a <code>secret</code> object to hold the passphrase,
+          and referring to it via the <code>encryption</code> element of the
+          TPM device.
+        </description>
+      </change>
+      <change>
+        <summary>
+          test driver: Expand API coverage
+        </summary>
+        <description>
+          Additional APIs have been implemented in the test driver.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Implement per-driver locking
+        </summary>
+        <description>
+          Drivers now acquire a lock when they're loaded, ensuring that there
+          can never be two instances of the same driver active at a time.
+        </description>
+      </change>
+      <change>
+        <summary>
+          nss: Report newer addresses first
+        </summary>
+        <description>
+          In some cases, a guest might be assigned a new IP address by DHCP
+          before the previous lease has expired, in which case the NSS plugin
+          will correctly report both addresses; many applications, however,
+          ignore all addresses but the first, and may thus end up trying to
+          connect using a stale address. To prevent that from happening, the
+          NSS plugin will now always report the newest address first.
+        </description>
+      </change>
+      <change>
+        <summary>
+          util: Optimize mass closing of FDs when spawning child processes
+        </summary>
+        <description>
+          When the limit on the number of FDs is very high, closing all
+          unwanted FDs after calling <code>fork()</code> can take a lot of
+          time and delay the start of the child process. libvirt will now
+          use an optimized algorithm that minimizes such delays.
+        </description>
+      </change>
+    </section>
+    <section title="Bug fixes">
+      <change>
+        <summary>
+          logging: Ensure virtlogd rollover takes priority over logrotate
+        </summary>
+        <description>
+          virtlogd implements its own rollover mechanism, but until now
+          logrotate could end up acting on the logs before virtlogd had a
+          chance to do so itself.
+        </description>
+      </change>
+    </section>
+  </release>
+  <release version="v5.5.0" date="2019-07-02">
+    <section title="Security">
+      <change>
+        <summary>
+          api: Prevent access to several APIs over read-only connections
+        </summary>
+        <description>
+          Certain APIs give root-equivalent access to the host, and as such
+          should be limited to privileged users. CVE-2019-10161,
+          CVE-2019-10166, CVE-2019-10167, CVE-2019-10168.
+        </description>
+      </change>
+    </section>
+    <section title="New features">
+      <change>
+        <summary>
+          qemu: Support SMMUv3 IOMMU
+        </summary>
+        <description>
+          SMMUv3 is an IOMMU implementation for ARM virt guests.
+        </description>
+      </change>
+      <change>
+        <summary>
+          network: Introduce the network port API
+        </summary>
+        <description>
+          This new public API can be used by virtualization drivers to
+          manage network resources associated with guests, and is a further
+          step towards splitting libvirtd into multiple daemons.
+        </description>
+      </change>
+    </section>
+    <section title="Removed features">
+      <change>
+        <summary>
+          qemu: Remove support for virDomainQemuAttach and virConnectDomainXMLFromNative APIs
+        </summary>
+        <description>
+          The qemu implementations for the APIs mentioned above were removed
+          and the APIs now return an error. The implementation was stale for a
+          long time and did not work with modern QEMU command lines, generated
+          from libvirt or otherwise.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Stop supporting migration of config files from pre-XDG layout
+        </summary>
+        <description>
+          The new layout was introduced with libvirt 0.9.13 (Jul 2012).
+        </description>
+      </change>
+      <change>
+        <summary>
+          Remove Avahi mDNS support
+        </summary>
+        <description>
+          This feature was never used outside of virt-manager, which has
+          itself stopped using it a while ago.
+        </description>
+      </change>
+    </section>
+    <section title="Improvements">
+      <change>
+        <summary>
+          sysinfo: Report SMBIOS information on aarch64
+        </summary>
+        <description>
+          While SMBIOS support has historically been limited to x86_64, modern
+          aarch64 machines often offer access to the same information as well,
+          and libvirt now exposes it to the user when that's the case.
+        </description>
+      </change>
+      <change>
+        <summary>
+          test driver: Expand API coverage
+        </summary>
+        <description>
+          Even more APIs that were missing from the test driver have now been
+          implemented.
+        </description>
+      </change>
+      <change>
+        <summary>
+          virt-xml-validate: Allow input to be read from stdin
+        </summary>
+      </change>
+      <change>
+        <summary>
+          qemu: Validate spapr-vio addresses as 32-bit
+        </summary>
+        <description>
+          libvirt has always considered these addresses (used for pSeries
+          guests) as 64-bit, but the sPAPR specification says that they're
+          32-bit instead.
+        </description>
+      </change>
+    </section>
+    <section title="Bug fixes">
+      <change>
+        <summary>
+          qemu: Set process affinity correctly when using &lt;numatune&gt;
+        </summary>
+        <description>
+          libvirt would mistakenly interpret the <code>nodeset</code>
+          attribute as a list of CPUs instead of as a list of NUMA node, and
+          the process affinity would be set incorrectly as a result; this has
+          now been fixed.
+        </description>
+      </change>
+    </section>
+  </release>
+  <release version="v5.4.0" date="2019-06-03">
+    <section title="Security">
+      <change>
+        <summary>
+          cpu: Introduce support for the md-clear CPUID bit
+        </summary>
+        <description>
+          This bit is set when microcode provides the mechanism to invoke a
+          flush of various exploitable CPU buffers by invoking the x86
+          <code>VERW</code> instruction. CVE-2018-12126, CVE-2018-12127,
+          CVE-2018-12130, CVE-2019-11091.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Restrict user access to virt-admin, virtlogd and virtlockd
+        </summary>
+        <description>
+          The intended users for these facilities are the <code>root</code>
+          user and the <code>libvirtd</code> service respectively, but these
+          restrictions were not enforced correctly. CVE-2019-10132.
+        </description>
+      </change>
+    </section>
+    <section title="Improvements">
+      <change>
+        <summary>
+          test driver: Expand API coverage
+        </summary>
+        <description>
+          Several APIs that were missing from the test driver have now been
+          implemented.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Avoid unnecessary static linking
+        </summary>
+        <description>
+          Most binaries shipped as part of libvirt, for example
+          <code>virtlogd</code> and <code>libvirt_iohelper</code>, were
+          embedding parts of the library even though they also linked against
+          the <code>libvirt.so</code> dynamic library. This is no longer the
+          case, which results in both the disk and memory footprint being
+          reduced.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Report stat-htlb-pgalloc and stat-htlb-pgfail balloon stats
+        </summary>
+        <description>
+          These stats have been introduced in QEMU 3.0.
+        </description>
+      </change>
     </section>
     <section title="Bug fixes">
       <change>
@@ -54,9 +403,15 @@
           to start up other threads was misleading as it would affect other
           threads (vCPU and I/O) as well.  In some particular situations this
           could also lead to an error when the thread for vCPU #0 was being
-          moved to its cpu,cpuacct cgroup.  This was fixed so that the scheduler for the main thread is set after QEMU starts.
+          moved to its cpu,cpuacct cgroup.  This was fixed so that the
+          scheduler for the main thread is set after QEMU starts.
         </description>
       </change>
+      <change>
+        <summary>
+          apparmor: Allow hotplug of vhost-scsi devices
+        </summary>
+      </change>
     </section>
   </release>
   <release version="v5.3.0" date="2019-05-04">

docs/pci-hotplug.html.in

@@ -99,13 +99,12 @@
     </p>
 
 <pre>
-&lt;controller type='pci' model='dmi-to-pci-bridge'/&gt;
-&lt;controller type='pci' model='pci-bridge'/&gt;</pre>
+&lt;controller type='pci' model='pcie-to-pci-bridge'/&gt;</pre>
 
     <p>
       and you'll be able to hotplug up to 31 legacy PCI devices,
       either emulated or assigned from the host, in the slots
-      from 0x01 to 0x1f of the <code>pci-bridge</code> controller.
+      from 0x01 to 0x1f of the <code>pcie-to-pci-bridge</code> controller.
     </p>
 
     <h3><a id="x86_64-i440fx">i440fx (pc) machine type</a></h3>

docs/remote.html.in

@@ -206,6 +206,24 @@ Note that parameter values must be
         <td colspan="2"/>
         <td> Example: <code>tls_priority=NORMAL:-VERS-SSL3.0</code> </td>
       </tr>
+      <tr>
+        <td>
+          <code>mode</code>
+        </td>
+        <td> unix, ssh, libssh, libssh2 </td>
+        <td>
+          <dl>
+            <dt><code>auto</code></dt><dd>automatically determine the daemon</dd>
+            <dt><code>direct</code></dt><dd>connect to per-driver daemons</dd>
+            <dt><code>legacy</code></dt><dd>connect to libvirtd</dd>
+          </dl>
+          Can also be set in <code>libvirt.conf</code> as <code>remote_mode</code>
+        </td>
+      </tr>
+      <tr>
+        <td colspan="2"/>
+        <td> Example: <code>mode=direct</code> </td>
+      </tr>
       <tr>
         <td>
           <code>command</code>
@@ -821,23 +839,6 @@ Blank lines and comments beginning with <code>#</code> are ignored.
         <td> "16509" </td>
         <td>
   The port number or service name to listen on for unencrypted TCP connections.
-</td>
-      </tr>
-      <tr>
-        <td> mdns_adv <i>[0|1]</i> </td>
-        <td> 0 (advertise with mDNS) </td>
-        <td>
-  If set to 1 then the virtualization service will be advertised over
-  mDNS to hosts on the local LAN segment.
-</td>
-      </tr>
-      <tr>
-        <td> mdns_name <i>"name"</i> </td>
-        <td> "Virtualization Host HOSTNAME" </td>
-        <td>
-  The name to advertise for this host with Avahi mDNS. The default
-  includes the machine's short hostname. This must be unique to the
-  local LAN segment.
 </td>
       </tr>
       <tr>

docs/schemas/basictypes.rng

@@ -2,7 +2,7 @@
 <!-- network-related definitions used in multiple grammars -->
 <grammar xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
 
-  <!-- Our unsignedInt doesn"t allow a leading "+" in its lexical form -->
+  <!-- Our unsignedInt doesn't allow a leading "+" in its lexical form -->
   <define name="unsignedInt">
     <data type="unsignedInt">
       <param name="pattern">[0-9]+</param>
@@ -324,7 +324,7 @@
   </define>
 
   <define name="pciDomain">
-    <ref name="uint16"/>
+    <ref name="uint32"/>
   </define>
   <define name="pciBus">
     <ref name="uint8"/>

docs/schemas/domaincaps.rng

@@ -155,6 +155,9 @@
       <optional>
         <ref name='hostdev'/>
       </optional>
+      <optional>
+        <ref name='rng'/>
+      </optional>
     </element>
   </define>
 
@@ -186,6 +189,13 @@
     </element>
   </define>
 
+  <define name='rng'>
+    <element name='rng'>
+      <ref name='supported'/>
+      <ref name='enum'/>
+    </element>
+  </define>
+
   <define name='features'>
     <element name='features'>
       <optional>

docs/schemas/domaincheckpoint.rng

@@ -0,0 +1,94 @@
+<?xml version='1.0'?>
+<!-- A Relax NG schema for the libvirt domain checkpoint properties XML format -->
+<grammar xmlns='http://relaxng.org/ns/structure/1.0' datatypeLibrary='http://www.w3.org/2001/XMLSchema-datatypes'>
+  <start>
+    <ref name='domaincheckpoint'/>
+  </start>
+
+  <include href='domaincommon.rng'/>
+
+  <define name='domaincheckpoint'>
+    <element name='domaincheckpoint'>
+      <interleave>
+        <optional>
+          <element name='name'>
+            <ref name='checkpointName'/>
+          </element>
+        </optional>
+        <optional>
+          <element name='description'>
+            <text/>
+          </element>
+        </optional>
+        <optional>
+          <element name='creationTime'>
+            <ref name='unsignedLong'/>
+          </element>
+        </optional>
+        <optional>
+          <element name='disks'>
+            <oneOrMore>
+              <ref name='diskcheckpoint'/>
+            </oneOrMore>
+          </element>
+        </optional>
+        <optional>
+          <!-- Nested grammar ensures that any of our overrides of
+               storagecommon/domaincommon defines do not conflict
+               with any domain.rng overrides.  -->
+          <grammar>
+            <include href='domain.rng'/>
+          </grammar>
+        </optional>
+        <optional>
+          <element name='parent'>
+            <element name='name'>
+              <ref name='checkpointName'/>
+            </element>
+          </element>
+        </optional>
+      </interleave>
+    </element>
+  </define>
+
+  <define name='diskcheckpoint'>
+    <element name='disk'>
+      <attribute name='name'>
+        <choice>
+          <ref name='diskTarget'/>
+          <ref name='absFilePath'/>
+        </choice>
+      </attribute>
+      <choice>
+        <attribute name='checkpoint'>
+          <value>no</value>
+        </attribute>
+        <group>
+          <optional>
+            <attribute name='checkpoint'>
+              <value>bitmap</value>
+            </attribute>
+          </optional>
+          <optional>
+            <attribute name='bitmap'>
+              <text/>
+            </attribute>
+          </optional>
+          <optional>
+            <attribute name='size'>
+              <ref name='unsignedLong'/>
+            </attribute>
+          </optional>
+        </group>
+      </choice>
+    </element>
+  </define>
+
+  <define name='checkpointName'>
+    <data type='string'>
+      <!-- Notably: no leading '.' and no embedded '/' or newline -->
+      <param name='pattern'>[a-zA-Z0-9_\-][a-zA-Z0-9_\-.]*</param>
+    </data>
+  </define>
+
+</grammar>

docs/schemas/domaincommon.rng

@@ -72,6 +72,9 @@
         <optional>
           <ref name='qemucmdline'/>
         </optional>
+        <optional>
+          <ref name='qemucapabilities'/>
+        </optional>
         <optional>
           <ref name='lxcsharens'/>
         </optional>
@@ -2591,6 +2594,11 @@
         <ref name="deviceName"/>
       </attribute>
     </optional>
+    <optional>
+      <attribute name="portid">
+        <ref name="UUID"/>
+      </attribute>
+    </optional>
   </define>
 
   <define name="interface-bridge-attributes">
@@ -3576,6 +3584,7 @@
                 <value>virtio</value>
                 <value>gop</value>
                 <value>none</value>
+                <value>bochs</value>
               </choice>
             </attribute>
             <group>
@@ -4308,6 +4317,7 @@
           <attribute name="type">
              <value>emulator</value>
           </attribute>
+          <ref name="tpm-backend-emulator-encryption"/>
         </group>
       </choice>
       <choice>
@@ -4337,6 +4347,16 @@
     </optional>
   </define>
 
+  <define name="tpm-backend-emulator-encryption">
+    <optional>
+      <element name="encryption">
+        <attribute name="secret">
+          <ref name="UUID"/>
+        </attribute>
+      </element>
+    </optional>
+  </define>
+
   <define name="vsock">
     <element name="vsock">
       <optional>
@@ -4375,7 +4395,10 @@
   <define name="iommu">
     <element name="iommu">
       <attribute name="model">
-        <value>intel</value>
+        <choice>
+          <value>intel</value>
+          <value>smmuv3</value>
+        </choice>
       </attribute>
       <optional>
         <element name="driver">
@@ -5884,7 +5907,7 @@
         </optional>
         <optional>
           <element name="stimer">
-            <ref name="featurestate"/>
+            <ref name="stimer"/>
           </element>
         </optional>
         <optional>
@@ -5933,6 +5956,20 @@
     </element>
   </define>
 
+  <!-- Hyper-V stimer features -->
+  <define name="stimer">
+    <interleave>
+      <optional>
+        <ref name="featurestate"/>
+      </optional>
+      <optional>
+        <element name="direct">
+          <ref name="featurestate"/>
+        </element>
+      </optional>
+    </interleave>
+  </define>
+
   <!-- Optional KVM features -->
   <define name="kvm">
     <element name="kvm">
@@ -5942,6 +5979,11 @@
             <ref name="featurestate"/>
           </element>
         </optional>
+        <optional>
+          <element name="hint-dedicated">
+            <ref name="featurestate"/>
+          </element>
+        </optional>
       </interleave>
     </element>
   </define>
@@ -6189,6 +6231,22 @@
     </element>
   </define>
 
+  <define name="qemucapabilities">
+    <element name="capabilities" ns="http://libvirt.org/schemas/domain/qemu/1.0">
+      <zeroOrMore>
+        <element name="add">
+          <attribute name="capability"/>
+        </element>
+      </zeroOrMore>
+      <zeroOrMore>
+        <element name="del">
+          <attribute name="capability"/>
+        </element>
+      </zeroOrMore>
+    </element>
+  </define>
+
+
   <!--
        Optional hypervisor extensions in their own namespace:
        LXC
@@ -6383,7 +6441,7 @@
   </define>
   <define name="spaprvioReg">
     <data type="string">
-      <param name="pattern">(0x)?[0-9a-fA-F]{1,16}</param>
+      <param name="pattern">(0x)?[0-9a-fA-F]{1,8}</param>
     </data>
   </define>
   <define name='aliasName'>

docs/schemas/domainsnapshot.rng

@@ -157,6 +157,9 @@
                     <optional>
                       <ref name='storageStartupPolicy'/>
                     </optional>
+                    <zeroOrMore>
+                      <ref name='devSeclabel'/>
+                    </zeroOrMore>
                     <empty/>
                   </element>
                 </optional>
@@ -173,6 +176,9 @@
                     <attribute name="dev">
                       <ref name="absFilePath"/>
                     </attribute>
+                    <zeroOrMore>
+                      <ref name='devSeclabel'/>
+                    </zeroOrMore>
                     <empty/>
                   </element>
                 </optional>

docs/schemas/network.rng

@@ -405,6 +405,17 @@
         <zeroOrMore>
           <ref name="route"/>
         </zeroOrMore>
+
+      <!-- <dnsmasq:options> -->
+      <optional>
+        <element name="options" ns="http://libvirt.org/schemas/network/dnsmasq/1.0">
+          <zeroOrMore>
+            <element name="option">
+              <attribute name='value'/>
+            </element>
+          </zeroOrMore>
+        </element>
+      </optional>
       </interleave>
     </element>
   </define>

docs/schemas/networkcommon.rng

@@ -134,6 +134,11 @@
 
   <define name="bandwidth">
     <element name="bandwidth">
+      <optional>
+        <attribute name="classID">
+          <ref name="positiveInteger"/>
+        </attribute>
+      </optional>
       <interleave>
         <optional>
           <element name="inbound">

docs/schemas/networkport.rng

@@ -0,0 +1,154 @@
+<?xml version="1.0"?>
+<!-- A Relax NG schema for the libvirt network port XML format -->
+<grammar xmlns="http://relaxng.org/ns/structure/1.0"
+         datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
+  <include href='basictypes.rng'/>
+  <include href='networkcommon.rng'/>
+
+  <start>
+    <ref name="networkport"/>
+  </start>
+
+  <define name="networkport">
+    <element name="networkport">
+      <interleave>
+        <element name="uuid">
+          <ref name="UUID"/>
+        </element>
+        <ref name="owner"/>
+        <ref name="mac"/>
+        <optional>
+          <ref name="group"/>
+        </optional>
+        <optional>
+          <ref name="rxfilters"/>
+        </optional>
+        <optional>
+          <ref name="virtualPortProfile"/>
+        </optional>
+        <optional>
+          <ref name="bandwidth"/>
+        </optional>
+        <optional>
+          <ref name="plug"/>
+        </optional>
+      </interleave>
+    </element>
+  </define>
+
+  <define name="owner">
+    <element name="owner">
+      <element name="name">
+        <text/>
+      </element>
+      <element name="uuid">
+        <ref name="UUID"/>
+      </element>
+    </element>
+  </define>
+
+  <define name="mac">
+    <element name="mac">
+      <attribute name="address">
+        <ref name="uniMacAddr"/>
+      </attribute>
+      <empty/>
+    </element>
+  </define>
+
+  <define name="group">
+    <element name="group">
+      <ref name="deviceName"/>
+    </element>
+  </define>
+
+  <define name="rxfilters">
+    <element name="rxfilters">
+      <attribute name="trustGuest">
+        <ref name="virYesNo"/>
+      </attribute>
+    </element>
+  </define>
+
+  <define name="plug">
+    <element name="plug">
+      <choice>
+        <ref name="plugnetwork"/>
+        <ref name="plugbridge"/>
+        <ref name="plugdirect"/>
+        <ref name="plughostdevpci"/>
+      </choice>
+    </element>
+  </define>
+
+  <define name="plugnetwork">
+    <attribute name="type">
+      <value>network</value>
+    </attribute>
+    <attribute name="bridge">
+      <ref name="deviceName"/>
+    </attribute>
+    <optional>
+      <attribute name="macTableManager">
+        <ref name="macTableManager"/>
+      </attribute>
+    </optional>
+  </define>
+
+  <define name="plugbridge">
+    <attribute name="type">
+      <value>bridge</value>
+    </attribute>
+    <attribute name="bridge">
+      <ref name="deviceName"/>
+    </attribute>
+    <optional>
+      <attribute name="macTableManager">
+        <ref name="macTableManager"/>
+      </attribute>
+    </optional>
+  </define>
+
+  <define name="plugdirect">
+    <attribute name="type">
+      <value>direct</value>
+    </attribute>
+    <attribute name="dev">
+      <ref name="deviceName"/>
+    </attribute>
+    <attribute name="mode">
+      <choice>
+        <value>bridge</value>
+        <value>passthrough</value>
+        <value>private</value>
+        <value>vepa</value>
+      </choice>
+    </attribute>
+  </define>
+
+  <define name="plughostdevpci">
+    <attribute name="type">
+      <value>hostdev-pci</value>
+    </attribute>
+    <optional>
+      <attribute name="managed">
+        <ref name="virYesNo"/>
+      </attribute>
+    </optional>
+    <optional>
+      <element name="driver">
+        <attribute name="name">
+          <choice>
+            <value>kvm</value>
+            <value>vfio</value>
+          </choice>
+        </attribute>
+        <empty/>
+      </element>
+    </optional>
+    <element name='address'>
+      <ref name="pciaddress"/>
+    </element>
+  </define>
+
+</grammar>

docs/schemas/secret.rng

@@ -37,6 +37,7 @@
               <ref name='usageceph'/>
               <ref name='usageiscsi'/>
               <ref name='usagetls'/>
+              <ref name='usagevtpm'/>
               <!-- More choices later -->
             </choice>
           </element>
@@ -81,4 +82,13 @@
     </element>
   </define>
 
+  <define name='usagevtpm'>
+    <attribute name='type'>
+      <value>vtpm</value>
+    </attribute>
+    <element name='name'>
+      <ref name='genericName'/>
+    </element>
+  </define>
+
 </grammar>

docs/schemas/storagepool.rng

@@ -305,7 +305,10 @@
     <oneOrMore>
       <element name='host'>
         <attribute name='name'>
-          <text/>
+          <choice>
+            <ref name="dnsName"/>
+            <ref name="ipAddr"/>
+          </choice>
         </attribute>
         <optional>
           <attribute name='port'>

docs/storage.html.in

@@ -90,10 +90,10 @@
       A pool with a type of <code>dir</code> provides the means to manage
       files within a directory. The files can be fully allocated raw files,
       sparsely allocated raw files, or one of the special disk formats
-      such as <code>qcow</code>,<code>qcow2</code>,<code>vmdk</code>,
-      <code>cow</code>, etc as supported  by the <code>qemu-img</code>
-      program. If the directory does not exist at the time the pool is
-      defined, the <code>build</code> operation can be used to create it.
+      such as <code>qcow2</code>, <code>vmdk</code>, etc as supported
+      by the <code>qemu-img</code> program. If the directory does not exist
+      at the time the pool is defined, the <code>build</code>
+      operation can be used to create it.
     </p>
 
     <h3>Example pool input definition</h3>
@@ -132,9 +132,8 @@
       natively. When creating new volumes, only a subset may be
       available. The <code>raw</code> type is guaranteed always
       available. The <code>qcow2</code> type can be created if
-      either <code>qemu-img</code> or <code>qcow-create</code> tools
-      are present. The others are dependent on support of the
-      <code>qemu-img</code> tool.
+      the <code>qemu-img</code> tool is present. The others are
+      dependent on support of the <code>qemu-img</code> tool.
 
     </p>
 
@@ -309,7 +308,7 @@
       by adding partitions to the disk. Disk pools have constraints
       on the size and placement of volumes. The 'free extents'
       information will detail the regions which are available for creating
-      new volumes. A volume cannot span across 2 different free extents.
+      new volumes. A volume cannot span across two different free extents.
       It will default to using <code>dos</code> as the pool source format.
     </p>
 
@@ -360,7 +359,16 @@
       The formats <code>dos</code> ("msdos" in parted terminology,
       good for BIOS systems) or <code>gpt</code> (good for UEFI
       systems) are recommended for best portability - the latter is
-      needed for disks larger than 2TB.
+      needed for disks larger than 2TB. Note that the <code>lvm2</code>
+      format refers to the physical volume format (i.e. the whole
+      disk is a physical volume - not the usual usage of LVM where
+      physical volumes are partitions). This is not really
+      a partition table and such pool cannot be built by libvirt,
+      only detected.
+    </p>
+    <p>
+      Building a pool of a certain format depends on its availability
+      in <code>parted</code>.
     </p>
 
     <h3>Valid volume format types</h3>
@@ -600,7 +608,7 @@
 
     <h3>Valid volume format types</h3>
     <p>
-      The RBD pool does not use the volume format type element.
+      Only raw volumes are supported.
     </p>
 
     <h2><a id="StorageBackendSheepdog">Sheepdog pool</a></h2>

docs/windows.html.in

@@ -182,7 +182,6 @@
 <pre>
 ./configure \
   --without-sasl \
-  --without-avahi \
   --without-polkit \
   --without-python \
   --without-libxl \

examples/Makefile.am

@@ -16,106 +16,120 @@
 ## License along with this library.  If not, see
 ## <http://www.gnu.org/licenses/>.
 
-FILTERS = $(wildcard $(srcdir)/xml/nwfilter/*.xml)
+ADMIN_EXAMPLES = \
+	$(wildcard $(srcdir)/c/admin/*.c) \
+	$(NULL)
+
+DOMAIN_EXAMPLES = \
+	$(wildcard $(srcdir)/c/domain/*.c) \
+	$(NULL)
+
+MISC_EXAMPLES = \
+	$(wildcard $(srcdir)/c/misc/*.c) \
+	$(NULL)
+
+POLKIT_EXAMPLES = \
+	$(wildcard $(srcdir)/polkit/*.rules) \
+	$(NULL)
+
+SH_EXAMPLES = \
+	$(wildcard $(srcdir)/sh/*) \
+	$(NULL)
+
+STORAGE_XML_EXAMPLES = \
+	$(wildcard $(srcdir)/xml/storage/*.xml) \
+	$(NULL)
+
+SYSTEMTAP_EXAMPLES = \
+	$(wildcard $(srcdir)/systemtap/*.stp) \
+	$(NULL)
+
+TEST_XML_EXAMPLES = \
+	$(wildcard $(srcdir)/xml/test/*.xml) \
+	$(NULL)
 
 EXTRA_DIST = \
-	lxcconvert/virt-lxc-convert \
-	polkit/libvirt-acl.rules \
-	$(wildcard $(srcdir)/systemtap/*.stp) \
-	$(FILTERS) \
-	$(wildcard $(srcdir)/xml/storage/*.xml) \
-	$(wildcard $(srcdir)/xml/test/*.xml)
-
+	$(POLKIT_EXAMPLES) \
+	$(SH_EXAMPLES) \
+	$(STORAGE_XML_EXAMPLES) \
+	$(SYSTEMTAP_EXAMPLES) \
+	$(TEST_XML_EXAMPLES) \
+	$(NULL)
 
 AM_CPPFLAGS = \
-	-I$(top_builddir)/include -I$(top_srcdir)/include -I$(top_srcdir) \
-	$(WARN_CFLAGS)
-LDADD = $(STATIC_BINARIES) $(WARN_CFLAGS) \
-	$(top_builddir)/src/libvirt.la \
-	$(top_builddir)/src/libvirt-admin.la
+	-I$(top_builddir)/include \
+	-I$(top_srcdir)/include \
+	$(NULL)
 
-# List of example programs. We need to list them here instead of using
-# $(noinst_PROGRAMS) directly because we want to have access to the
-# unmodified list during (un)installation, but at the same time automake
-# might tweak $(noinst_PROGRAMS) to eg. automatically add the .exe file
-# extension when targeting Windows.
-EXAMPLES = \
-	admin/client_close \
-	admin/client_info \
-	admin/client_limits \
-	admin/list_clients \
-	admin/list_servers \
-	admin/logging \
-	admin/threadpool_params \
-	dominfo/info1 \
-	dommigrate/dommigrate \
-	domsuspend/suspend \
-	domtop/domtop \
-	hellolibvirt/hellolibvirt \
-	object-events/event-test \
-	openauth/openauth \
-	rename/rename \
+AM_CFLAGS = \
+	$(WARN_CFLAGS) \
+	$(NULL)
+
+AM_LDFLAGS = \
+	$(STATIC_BINARIES) \
+	$(NULL)
+
+LDADD = \
+	$(top_builddir)/src/libvirt.la \
+	$(top_builddir)/src/libvirt-admin.la \
 	$(NULL)
 
 noinst_PROGRAMS = \
-	$(EXAMPLES) \
+	c/admin/client_close \
+	c/admin/client_info \
+	c/admin/client_limits \
+	c/admin/list_clients \
+	c/admin/list_servers \
+	c/admin/logging \
+	c/admin/threadpool_params \
+	c/domain/dommigrate \
+	c/domain/domtop \
+	c/domain/info1 \
+	c/domain/rename \
+	c/domain/suspend \
+	c/misc/event-test \
+	c/misc/hellolibvirt \
+	c/misc/openauth \
 	$(NULL)
 
-dominfo_info1_SOURCES = dominfo/info1.c
-dommigrate_dommigrate_SOURCES = dommigrate/dommigrate.c
-domsuspend_suspend_SOURCES = domsuspend/suspend.c
-domtop_domtop_SOURCES = domtop/domtop.c
-hellolibvirt_hellolibvirt_SOURCES = hellolibvirt/hellolibvirt.c
-
-object_events_event_test_CFLAGS = \
-		$(WARN_CFLAGS) \
-		$(NULL)
-object_events_event_test_SOURCES = object-events/event-test.c
-
-openauth_openauth_SOURCES = openauth/openauth.c
-rename_rename_SOURCES = rename/rename.c
-
-admin_list_servers_SOURCES = admin/list_servers.c
-admin_list_clients_SOURCES = admin/list_clients.c
-admin_threadpool_params_SOURCES = admin/threadpool_params.c
-admin_client_limits_SOURCES = admin/client_limits.c
-admin_client_info_SOURCES = admin/client_info.c
-admin_client_close_SOURCES = admin/client_close.c
-admin_logging_SOURCES = admin/logging.c
-
-INSTALL_DATA_LOCAL =
-UNINSTALL_LOCAL =
-
-if WITH_NWFILTER
-NWFILTER_DIR = "$(DESTDIR)$(sysconfdir)/libvirt/nwfilter"
-
-install-nwfilter-local:
-	$(MKDIR_P) "$(NWFILTER_DIR)"
-	for f in $(FILTERS); do \
-		$(INSTALL_DATA) $$f "$(NWFILTER_DIR)"; \
-	done
-
-uninstall-nwfilter-local::
-	for f in $(FILTERS); do \
-		rm -f "$(NWFILTER_DIR)/`basename $$f`"; \
-	done
-	-test -z "$(shell ls $(NWFILTER_DIR))" || rmdir $(NWFILTER_DIR)
-
-INSTALL_DATA_LOCAL += install-nwfilter-local
-UNINSTALL_LOCAL += uninstall-nwfilter-local
-endif WITH_NWFILTER
+c_admin_client_close_SOURCES = c/admin/client_close.c
+c_admin_client_info_SOURCES = c/admin/client_info.c
+c_admin_client_limits_SOURCES = c/admin/client_limits.c
+c_admin_list_clients_SOURCES = c/admin/list_clients.c
+c_admin_list_servers_SOURCES = c/admin/list_servers.c
+c_admin_logging_SOURCES = c/admin/logging.c
+c_admin_threadpool_params_SOURCES = c/admin/threadpool_params.c
+c_domain_dommigrate_SOURCES = c/domain/dommigrate.c
+c_domain_domtop_SOURCES = c/domain/domtop.c
+c_domain_info1_SOURCES = c/domain/info1.c
+c_domain_rename_SOURCES = c/domain/rename.c
+c_domain_suspend_SOURCES = c/domain/suspend.c
+c_misc_event_test_SOURCES = c/misc/event-test.c
+c_misc_hellolibvirt_SOURCES = c/misc/hellolibvirt.c
+c_misc_openauth_SOURCES = c/misc/openauth.c
 
 examplesdir = $(docdir)/examples
 
-install-data-local: $(INSTALL_DATA_LOCAL)
-	$(mkinstalldirs) $(DESTDIR)$(examplesdir)
-	for p in $(EXAMPLES); do \
-		d=$$(dirname $$p); \
-		$(mkinstalldirs) $(DESTDIR)$(examplesdir)/$$d; \
-		$(INSTALL_DATA) $(srcdir)/$${p}.c $(DESTDIR)$(examplesdir)/$$d/; \
-	done
+adminexamplesdir = $(examplesdir)/c/admin
+adminexamples_DATA = $(ADMIN_EXAMPLES)
 
-uninstall-local: $(UNINSTALL_LOCAL)
-	for p in $(EXAMPLES); do \
-		rm -f $(DESTDIR)$(examplesdir)/$${p}.c; \
-	done
+domainexamplesdir = $(examplesdir)/c/domain
+domainexamples_DATA = $(DOMAIN_EXAMPLES)
+
+miscexamplesdir = $(examplesdir)/c/misc
+miscexamples_DATA = $(MISC_EXAMPLES)
+
+polkitexamplesdir = $(examplesdir)/polkit
+polkitexamples_DATA = $(POLKIT_EXAMPLES)
+
+shexamplesdir = $(examplesdir)/sh
+shexamples_DATA = $(SH_EXAMPLES)
+
+storagexmlexamplesdir = $(examplesdir)/xml/storage
+storagexmlexamples_DATA = $(STORAGE_XML_EXAMPLES)
+
+systemtapexamplesdir = $(examplesdir)/systemtap
+systemtapexamples_DATA = $(SYSTEMTAP_EXAMPLES)
+
+testxmlexamplesdir = $(examplesdir)/xml/test
+testxmlexamples_DATA = $(TEST_XML_EXAMPLES)