Release of libvirt-6.3.0

* docs/news.xml: updated for the release

Signed-off-by: Daniel Veillard <veillard@redhat.com>

.color_coded.in

@@ -1,7 +1,5 @@
 -I@abs_top_builddir@
 -I@abs_top_srcdir@
--I@abs_top_builddir@/gnulib/lib
--I@abs_top_srcdir@/gnulib/lib
 -I@abs_top_builddir@/include
 -I@abs_top_srcdir@/include
 -I@abs_top_builddir@/src

.editorconfig

@@ -0,0 +1,21 @@
+# EditorConfig is a file format and collection of text editor plugins
+# for maintaining consistent coding styles between different editors
+# and IDEs. Most popular editors support this either natively or via
+# plugin.
+#
+# Check https://editorconfig.org for details.
+
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+charset = utf-8
+
+[*.c]
+indent_style = space
+indent_size = 4
+
+[*.{rng,xml}]
+indent_style = space
+indent_size = 2

.github/lockdown.yml

@@ -0,0 +1,38 @@
+# Configuration for Repo Lockdown - https://github.com/dessant/repo-lockdown
+
+skipCreatedBefore: 2020-01-01
+
+# Close issues and pull requests
+close: true
+
+# Lock issues and pull requests
+lock: true
+
+# Optionally, specify configuration settings just for `issues` or `pulls`
+issues:
+  comment: |
+    Thank you for your interest in the libvirt project.
+
+    Since this repository is a read-only mirror of the project's master repostory hosted on GitLab, issues opened here are not processed.
+
+    We kindly request that new issues are reported to
+
+      https://gitlab.com/libvirt/libvirt/-/issues/new
+
+    Thank you for your time and understanding.
+
+pulls:
+  comment: |
+    Thank you for your interest in the libvirt project.
+
+    Since this repository is a read-only mirror of the project's master repostory hosted on GitLab, merge requests opened here are not processed.
+
+    We kindly request that contributors fork the project at
+
+      https://gitlab.com/libvirt/libvirt/
+
+    push changes to the fork, and then open a new merge request at
+
+      https://gitlab.com/libvirt/libvirt/-/merge_requests/new
+
+    Thank you for your time and understanding.

.gitignore

@@ -1,212 +1,40 @@
+# vim related ignores
+*.swp
+.lvimrc
+
+# emacs related ignores
 *#*#
 *.#*#
-*.[187]
-*.[187].in
-*.a
-*.cov
-*.exe
-*.exe.manifest
-*.gcda
-*.gcno
-*.gcov
-*.html
-*.i
-*.la
-*.lo
-*.loT
-*.o
-*.orig
-*.pem
-*.pyc
-*.rej
-*.s
-*.service
-*.socket
-*.swp
-*~
 .#*
-.color_coded
-.deps
-.dirstamp
-.gdb_history
-.git
-.git-module-status
-.libs
-.lvimrc
-.memdump
-.sc-start-sc_*
-.ycm_extra_conf.py
+*~
+
+# autotools related ignores
+!/m4/virt-*.m4
+*.cov
 /AUTHORS
-/GNUmakefile
 /INSTALL
-/NEWS
 /aclocal.m4
 /autom4te.cache
-/build-aux/*
-/build/
-/ci-tree/
-/confdefs.h
-/config.cache
-/config.guess
-/config.h
+/build-aux/compile
+/build-aux/config.guess
+/build-aux/config.sub
+/build-aux/depcomp
+/build-aux/install-sh
+/build-aux/ltmain.sh
+/build-aux/missing
+/build-aux/test-driver
 /config.h.in
 /config.log
-/config.rpath
-/config.status
-/config.sub
 /configure
-/configure.lineno
-/conftest.*
-/docs/aclperms.htmlinc
-/docs/apibuild.py.stamp
-/docs/devhelp/libvirt.devhelp
-/docs/hvsupport.html.in
-/docs/libvirt-admin-*.xml
-/docs/libvirt-api.xml
-/docs/libvirt-lxc-*.xml
-/docs/libvirt-qemu-*.xml
-/docs/libvirt-refs.xml
-/docs/news.html.in
-/docs/todo.html.in
-/examples/c/admin/client_close
-/examples/c/admin/client_info
-/examples/c/admin/client_limits
-/examples/c/admin/list_clients
-/examples/c/admin/list_servers
-/examples/c/admin/logging
-/examples/c/admin/threadpool_params
-/examples/c/domain/dommigrate
-/examples/c/domain/domtop
-/examples/c/domain/info1
-/examples/c/domain/rename
-/examples/c/domain/suspend
-/examples/c/misc/event-test
-/examples/c/misc/hellolibvirt
-/examples/c/misc/openauth
-/gnulib/lib/*
-/gnulib/m4/*
-/gnulib/tests/*
-/include/libvirt/libvirt-common.h
-/libtool
-/libvirt-*.tar.xz
-/libvirt-[0-9]*
-/libvirt*.pc
-/libvirt.spec
-/ltconfig
-/ltmain.sh
 /m4/*
-/maint.mk
-/mingw-libvirt.spec
-/mkinstalldirs
-/po/*gmo
-/po/*po
-!/po/*.mini.po
-/po/*pot
-/proxy/
-/python/
-/run
-/sc_*
-/src/.*.stamp
-/src/*.pc
-/src/access/org.libvirt.api.policy
-/src/access/viraccessapicheck.c
-/src/access/viraccessapicheck.h
-/src/access/viraccessapichecklxc.c
-/src/access/viraccessapichecklxc.h
-/src/access/viraccessapicheckqemu.c
-/src/access/viraccessapicheckqemu.h
-/src/admin/admin_client.h
-/src/admin/admin_protocol.[ch]
-/src/admin/admin_server_dispatch_stubs.h
-/src/esx/*.generated.*
-/src/hyperv/*.generated.*
-/src/libvirt*.def
-/src/libvirt.syms
-/src/libvirt_access.syms
-/src/libvirt_access.xml
-/src/libvirt_access_lxc.syms
-/src/libvirt_access_lxc.xml
-/src/libvirt_access_qemu.syms
-/src/libvirt_access_qemu.xml
-/src/libvirt_admin.syms
-/src/libvirt_*.stp
-/src/libvirt_*helper
-/src/libvirt_*probes.h
-/src/libvirt_lxc
-/src/libvirtd
-/src/libvirtd*.logrotate
-/src/locking/libxl-lockd.conf
-/src/locking/libxl-sanlock.conf
-/src/locking/lock_daemon_dispatch_stubs.h
-/src/locking/lock_protocol.[ch]
-/src/locking/qemu-lockd.conf
-/src/locking/qemu-sanlock.conf
-/src/locking/test_libvirt_sanlock.aug
-/src/logging/log_daemon_dispatch_stubs.h
-/src/logging/log_protocol.[ch]
-/src/lxc/lxc_controller_dispatch.h
-/src/lxc/lxc_monitor_dispatch.h
-/src/lxc/lxc_monitor_protocol.c
-/src/lxc/lxc_monitor_protocol.h
-/src/lxc/lxc_protocol.[ch]
-/src/lxc/test_libvirtd_lxc.aug
-/src/qemu/test_libvirtd_qemu.aug
-/src/remote/*_client_bodies.h
-/src/remote/*_protocol.[ch]
-/src/remote/*_stubs.h
-/src/rpc/virkeepaliveprotocol.[ch]
-/src/rpc/virnetprotocol.[ch]
-/src/test_libvirt*.aug
-/src/test_virtlockd.aug
-/src/test_virtlogd.aug
-/src/util/virkeycodetable*.h
-/src/util/virkeynametable*.h
-/src/virt-aa-helper
-/src/virtlockd
-/src/virtlogd
-/src/virt-guest-shutdown.target
-/tests/*.log
-/tests/*.pid
-/tests/*.trs
-/tests/*test
-/tests/commandhelper
-/tests/qemucapsprobe
-!/tests/virsh-self-test
-!/tests/virt-aa-helper-test
-!/tests/virt-admin-self-test
-/tests/objectlocking
-/tests/objectlocking-files.txt
-/tests/objectlocking.cm[ix]
-/tests/reconnect
-/tests/ssh
-/tests/test_file_access.txt
-/tests/test_conf
-/tools/libvirt-guests.sh
-/tools/virt-login-shell
-/tools/virsh
-/tools/virsh-*-edit.c
-/tools/virt-admin
-/tools/virt-*-validate
-/tools/virt-sanlock-cleanup
-/tools/wireshark/src/libvirt
-/update.log
-GPATH
-GRTAGS
-GTAGS
-Makefile
 Makefile.in
-TAGS
-coverage
-cscope.files
-cscope.in.out
-cscope.out
-cscope.po.out
-results.log
-stamp-h
-stamp-h.in
-stamp-h1
+
+# git related ignores
+*.rej
+*.orig
+.git-module-status
+
+# libvirt related ignores
+/build/
+/ci/scratch/
 tags
-!/build-aux/*.pl
-!/gnulib/lib/Makefile.am
-!/gnulib/tests/Makefile.am
-!/m4/virt-*.m4

.gitlab-ci.yml

@@ -1,46 +1,235 @@
-.job_template: &job_definition
+variables:
+  GIT_DEPTH: 100
+
+stages:
+  - prebuild
+  - native_build
+  - cross_build
+
+.script_variables: &script_variables |
+  export MAKEFLAGS="-j$(getconf _NPROCESSORS_ONLN)"
+  export CCACHE_BASEDIR="$(pwd)"
+  export CCACHE_DIR="$CCACHE_BASEDIR/ccache"
+  export CCACHE_MAXSIZE="500M"
+  export PATH="$CCACHE_WRAPPERSDIR:$PATH"
+
+# Common templates
+
+# Default native build jobs that are always run
+.native_build_default_job_template: &native_build_default_job_definition
+  stage: native_build
+  cache:
+    paths:
+      - ccache/
+    key: "$CI_JOB_NAME"
+  before_script:
+    - *script_variables
+  script:
+    - mkdir build
+    - cd build
+    - ../autogen.sh || (cat config.log && exit 1)
+    - $MAKE distcheck
+
+# Extra native build jobs that are only run post-merge, or
+# when code is pushed to a branch with "ci-full-" name prefix
+.native_build_extra_job_template: &native_build_extra_job_definition
+  <<: *native_build_default_job_definition
+  only:
+    - master
+    - /^ci-full-.*$/
+
+
+# Default cross build jobs that are always run
+.cross_build_default_job_template: &cross_build_default_job_definition
+  stage: cross_build
+  cache:
+    paths:
+      - ccache/
+    key: "$CI_JOB_NAME"
+  before_script:
+    - *script_variables
   script:
     - mkdir build
     - cd build
     - ../autogen.sh $CONFIGURE_OPTS || (cat config.log && exit 1)
-    - make -j $(getconf _NPROCESSORS_ONLN)
+    - $MAKE
 
-# We could run every arch on every versions, but it is a little
-# overkill. Instead we split jobs evenly across 9, 10 and sid
-# to achieve reasonable cross-coverage.
+# Extra cross build jobs that are only run post-merge, or
+# when code is pushed to a branch with "ci-full-" name prefix
+.cross_build_extra_job_template: &cross_build_extra_job_definition
+  <<: *cross_build_default_job_definition
+  only:
+    - master
+    - /^ci-full-.*$/
 
-debian-9-cross-armv6l:
-  <<: *job_definition
-  image: quay.io/libvirt/buildenv-debian-9-cross-armv6l:latest
 
-debian-9-cross-mips64el:
-  <<: *job_definition
-  image: quay.io/libvirt/buildenv-debian-9-cross-mips64el:latest
+# Native architecture build + test jobs
 
-debian-9-cross-mipsel:
-  <<: *job_definition
-  image: quay.io/libvirt/buildenv-debian-9-cross-mipsel:latest
+x64-debian-9:
+  <<: *native_build_extra_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-debian-9:latest
 
-debian-10-cross-aarch64:
-  <<: *job_definition
-  image: quay.io/libvirt/buildenv-debian-10-cross-aarch64:latest
+x64-debian-10:
+  <<: *native_build_default_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-debian-10:latest
 
-debian-10-cross-ppc64le:
-  <<: *job_definition
-  image: quay.io/libvirt/buildenv-debian-10-cross-ppc64le:latest
+x64-debian-sid:
+  <<: *native_build_extra_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-debian-sid:latest
 
-debian-10-cross-s390x:
-  <<: *job_definition
-  image: quay.io/libvirt/buildenv-debian-10-cross-s390x:latest
+x64-centos-7:
+  <<: *native_build_default_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-centos-7:latest
 
-debian-sid-cross-armv7l:
-  <<: *job_definition
-  image: quay.io/libvirt/buildenv-debian-sid-cross-armv7l:latest
+x64-centos-8:
+  <<: *native_build_extra_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-centos-8:latest
 
-debian-sid-cross-i686:
-  <<: *job_definition
-  image: quay.io/libvirt/buildenv-debian-sid-cross-i686:latest
+x64-fedora-31:
+  <<: *native_build_extra_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-fedora-31:latest
 
-debian-sid-cross-mips:
-  <<: *job_definition
-  image: quay.io/libvirt/buildenv-debian-sid-cross-mips:latest
+x64-fedora-32:
+  <<: *native_build_default_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-fedora-32:latest
+
+x64-fedora-rawhide:
+  <<: *native_build_default_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-fedora-rawhide:latest
+
+x64-opensuse-151:
+  <<: *native_build_default_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-opensuse-151:latest
+
+x64-ubuntu-1804:
+  <<: *native_build_extra_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-ubuntu-1804:latest
+
+x64-ubuntu-2004:
+  <<: *native_build_default_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-ubuntu-2004:latest
+
+
+# Cross compiled build jobs
+
+armv6l-debian-9:
+  <<: *cross_build_extra_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-debian-9-cross-armv6l:latest
+
+mips64el-debian-9:
+  <<: *cross_build_extra_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-debian-9-cross-mips64el:latest
+
+mips-debian-9:
+  <<: *cross_build_extra_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-debian-9-cross-mips:latest
+
+aarch64-debian-10:
+  <<: *cross_build_extra_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-debian-10-cross-aarch64:latest
+
+ppc64le-debian-10:
+  <<: *cross_build_extra_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-debian-10-cross-ppc64le:latest
+
+s390x-debian-10:
+  <<: *cross_build_default_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-debian-10-cross-s390x:latest
+
+armv7l-debian-sid:
+  <<: *cross_build_default_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-debian-sid-cross-armv7l:latest
+
+i686-debian-sid:
+  <<: *cross_build_extra_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-debian-sid-cross-i686:latest
+
+mipsel-debian-sid:
+  <<: *cross_build_extra_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-debian-sid-cross-mipsel:latest
+
+mingw32-fedora-rawhide:
+  <<: *cross_build_default_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-fedora-rawhide-cross-mingw32:latest
+
+mingw64-fedora-rawhide:
+  <<: *cross_build_default_job_definition
+  image: quay.io/libvirt/buildenv-libvirt-fedora-rawhide-cross-mingw64:latest
+
+
+# This artifact published by this job is downloaded by libvirt.org to
+# be deployed to the web root:
+#    https://gitlab.com/libvirt/libvirt/-/jobs/artifacts/master/download?job=website
+website:
+  stage: prebuild
+  before_script:
+    - *script_variables
+  script:
+    - mkdir build
+    - cd build
+    - ../autogen.sh --prefix=$(pwd)/../vroot || (cat config.log && exit 1)
+    - $MAKE -C docs
+    - $MAKE -C docs install
+    - cd ..
+    - mv vroot/share/doc/libvirt/html/ website
+  image: quay.io/libvirt/buildenv-libvirt-fedora-31:latest
+  artifacts:
+    expose_as: 'Website'
+    name: 'website'
+    when: on_success
+    expire_in: 30 days
+    paths:
+      - website
+
+
+codestyle:
+  stage: prebuild
+  before_script:
+    - *script_variables
+  script:
+    - mkdir build
+    - cd build
+    - ../autogen.sh || (cat config.log && exit 1)
+    - $MAKE syntax-check
+  image: quay.io/libvirt/buildenv-libvirt-fedora-31:latest
+
+
+# This artifact published by this job is downloaded to push to Weblate
+# for translation usage:
+#    https://gitlab.com/libvirt/libvirt/-/jobs/artifacts/master/download?job=potfile
+potfile:
+  stage: prebuild
+  only:
+    - master
+  before_script:
+    - *script_variables
+  script:
+    - mkdir build
+    - cd build
+    - ../autogen.sh || (cat config.log && exit 1)
+    - $MAKE -C src generated-sources
+    - $MAKE -C po libvirt.pot
+    - cd ..
+    - mv build/po/libvirt.pot libvirt.pot
+  image: quay.io/libvirt/buildenv-libvirt-fedora-31:latest
+  artifacts:
+    expose_as: 'Potfile'
+    name: 'potfile'
+    when: on_success
+    expire_in: 30 days
+    paths:
+      - libvirt.pot
+
+
+# Check that all commits are signed-off for the DCO.
+# Skip on "libvirt" namespace, since we only need to run
+# this test on developer's personal forks from which
+# merge requests are submitted
+check-dco:
+  stage: prebuild
+  image: registry.gitlab.com/libvirt/libvirt-ci/check-dco:master
+  script:
+    - /check-dco
+  except:
+    variables:
+      - $CI_PROJECT_NAMESPACE == 'libvirt'

.gitmodules

@@ -1,6 +1,3 @@
-[submodule "gnulib"]
-	path = .gnulib
-	url = https://git.savannah.gnu.org/git/gnulib.git/
 [submodule "keycodemapdb"]
 	path = src/keycodemapdb
 	url = https://gitlab.com/keycodemap/keycodemapdb.git

.gitpublish

@@ -1,3 +1,4 @@
 [gitpublishprofile "default"]
 base = master
 to = libvir-list@redhat.com
+prefix = libvirt PATCH

.travis.yml

@@ -1,5 +1,6 @@
-sudo: required
-language: generic
+language: c
+compiler: clang
+os: osx
 
 branches:
   except:
@@ -13,46 +14,29 @@ addons:
       - rpcgen
       - xz
       - yajl
+      - glib
+      - docutils
+      - gnutls
 
 matrix:
   include:
-    - services:
-        - docker
-      env:
-        - IMAGE="ubuntu-18"
-        - MAKE_ARGS="syntax-check distcheck"
-      script:
-        - make -f Makefile.ci ci-build@$IMAGE CI_MAKE_ARGS="$MAKE_ARGS"
-    - services:
-        - docker
-      env:
-        - IMAGE="centos-7"
-        - MAKE_ARGS="syntax-check distcheck"
-      script:
-        - make -f Makefile.ci ci-build@$IMAGE CI_MAKE_ARGS="$MAKE_ARGS"
-    - services:
-        - docker
-      env:
-        - IMAGE="fedora-rawhide"
-        - MINGW="mingw32"
-      script:
-        - make -f Makefile.ci ci-build@$IMAGE CI_CONFIGURE="$MINGW-configure"
-    - services:
-        - docker
-      env:
-        - IMAGE="fedora-rawhide"
-        - MINGW="mingw64"
-      script:
-        - make -f Makefile.ci ci-build@$IMAGE CI_CONFIGURE="$MINGW-configure"
-    - compiler: clang
-      language: c
-      os: osx
-      env:
+    - osx_image: xcode11.3
+    - osx_image: xcode10.3
+
+env:
+  global:
     - PATH="/usr/local/opt/gettext/bin:/usr/local/opt/ccache/libexec:/usr/local/opt/rpcgen/bin:$PATH"
-      script:
+    - PKG_CONFIG_PATH="/usr/local/opt/libxml2/lib/pkgconfig"
+
+before_script:
+  # Hack to blow away py2
+  - brew link --overwrite python
+
+script:
   # We can't run 'distcheck' or 'syntax-check' because they fail on
   # macOS, but doing 'install' and 'dist' gives us some useful coverage
-        - ./autogen.sh --prefix=$(pwd)/install-root && make -j3 && make -j3 install && make -j3 dist
+  - mkdir build && cd build
+  - ../autogen.sh --prefix=$(pwd)/install-root && make -j3 && make -j3 install && make -j3 dist
 
 git:
   submodules: true

.ycm_extra_conf.py.in

@@ -1,8 +1,6 @@
 flags = [
   '-I@abs_top_builddir@',
   '-I@abs_top_srcdir@',
-  '-I@abs_top_builddir@/gnulib/lib',
-  '-I@abs_top_srcdir@/gnulib/lib',
   '-I@abs_top_builddir@/include',
   '-I@abs_top_srcdir@/include',
   '-I@abs_top_builddir@/src',

ABOUT-NLS

@@ -1 +1 @@
-po/README.md
+po/README.rst

AUTHORS.in

@@ -19,6 +19,7 @@ Daniel Veillard <veillard@redhat.com>
 Doug Goldstein <cardoe@gentoo.org>
 Eric Blake <eblake@redhat.com>
 Erik Skultety <eskultet@redhat.com>
+Fabiano Fidêncio <fidencio@redhat.com>
 Gao Feng <gaofeng@cn.fujitsu.com>
 Guido Günther <agx@sigxcpu.org>
 Ján Tomko <jtomko@redhat.com>

CONTRIBUTING.rst

@@ -0,0 +1,46 @@
+=======================
+Contributing to libvirt
+=======================
+
+Full, up to date information on how to contribute to libvirt can be
+found on the libvirt website:
+
+https://libvirt.org/contribute.html
+
+To build the same document locally, from the top level directory of
+your git clone run:
+
+::
+
+   $ mkdir build && cd build
+   $ ../autogen.sh
+   $ make
+
+You'll find the freshly-built document in ``docs/contribute.html``.
+
+If ``configure`` fails because of missing dependencies, you can set
+up your system by calling
+
+::
+
+   $ sudo dnf builddep libvirt
+
+if you're on a RHEL-based distribution or
+
+::
+
+   $ sudo apt-get build-dep libvirt
+
+if you're on a Debian-based one.
+
+Note that, for the RHEL-based case, if you're on a machine where you
+haven't done any C development before, you will probably also need
+to run
+
+::
+
+   $ sudo dnf install gcc make libtool autoconf automake rpm-build
+
+You might still be missing some dependencies if your distribution is
+shipping an old libvirt version, but that will get you much closer to
+where you need to be to build successfully from source.

GNUmakefile

@@ -0,0 +1,74 @@
+# Having a separate GNUmakefile lets me 'include' the dynamically
+# generated rules created via cfg.mk (package-local configuration)
+# as well as maint.mk (generic maintainer rules).
+# This makefile is used only if you run GNU Make.
+# It is necessary if you want to build targets usually of interest
+# only to the maintainer.
+
+# Copyright (C) 2001, 2003, 2006-2019 Free Software Foundation, Inc.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+_build-aux ?= build-aux
+_autoreconf ?= autoreconf -v
+
+# If the user runs GNU make but has not yet run ./configure,
+# give them a diagnostic.
+_gl-Makefile := $(wildcard [M]akefile)
+ifneq ($(_gl-Makefile),)
+
+# Make tar archive easier to reproduce.
+export TAR_OPTIONS = --owner=0 --group=0 --numeric-owner
+
+# Allow the user to add to this in the Makefile.
+ALL_RECURSIVE_TARGETS =
+
+include Makefile
+include $(srcdir)/$(_build-aux)/syntax-check.mk
+
+else
+
+.DEFAULT_GOAL := abort-due-to-no-makefile
+srcdir = .
+
+# The package can override .DEFAULT_GOAL to run actions like autoreconf.
+include $(srcdir)/$(_build-aux)/syntax-check.mk
+
+ifeq ($(.DEFAULT_GOAL),abort-due-to-no-makefile)
+$(MAKECMDGOALS): abort-due-to-no-makefile
+endif
+
+abort-due-to-no-makefile:
+	@echo There seems to be no Makefile in this directory.   1>&2
+	@echo "You must run ./configure before running 'make'." 1>&2
+	@exit 1
+
+endif
+
+# Tell version 3.79 and up of GNU make to not build goals in this
+# directory in parallel, in case someone tries to build multiple
+# targets, and one of them can cause a recursive target to be invoked.
+
+# Only set this if Automake doesn't provide it.
+AM_RECURSIVE_TARGETS ?= $(RECURSIVE_TARGETS:-recursive=) \
+  $(RECURSIVE_CLEAN_TARGETS:-recursive=) \
+  dist distcheck tags ctags
+
+ALL_RECURSIVE_TARGETS += $(AM_RECURSIVE_TARGETS)
+
+ifneq ($(word 2, $(MAKECMDGOALS)), )
+ifneq ($(filter $(ALL_RECURSIVE_TARGETS), $(MAKECMDGOALS)), )
+.NOTPARALLEL:
+endif
+endif

Makefile.am

@@ -16,15 +16,19 @@
 ## License along with this library.  If not, see
 ## <http://www.gnu.org/licenses/>.
 
-SUBDIRS = . gnulib/lib include/libvirt src tools docs gnulib/tests \
+LCOV = lcov
+GENHTML = genhtml
+
+# when building from tarball -Werror isn't auto enabled
+# so force it explicitly
+DISTCHECK_CONFIGURE_FLAGS = --enable-werror
+
+SUBDIRS = . include/libvirt src tools docs \
   tests po examples
 
 XZ_OPT ?= -v -T0
 export XZ_OPT
 
-# have gnulib 'make coverage' output to 'cov' dir
-COVERAGE_OUT = "cov"
-
 ACLOCAL_AMFLAGS = -I m4
 
 EXTRA_DIST = \
@@ -35,22 +39,45 @@ EXTRA_DIST = \
   libvirt-qemu.pc.in \
   libvirt-lxc.pc.in \
   libvirt-admin.pc.in \
-  Makefile.ci \
   Makefile.nonreentrant \
   autogen.sh \
-  cfg.mk \
+  GNUmakefile \
   run.in \
-  README.md \
+  README.rst \
   AUTHORS.in \
-  build-aux/augeas-gentest.pl \
+  CONTRIBUTING.rst \
+  scripts/apibuild.py \
+  scripts/augeas-gentest.py \
   build-aux/check-spacing.pl \
-  build-aux/gitlog-to-changelog \
-  build-aux/header-ifdef.pl \
-  build-aux/minimize-po.pl \
-  build-aux/mock-noinline.pl \
-  build-aux/prohibit-duplicate-header.pl \
+  scripts/check-aclperms.py \
+  scripts/check-aclrules.py \
+  scripts/check-drivername.py \
+  scripts/check-driverimpls.py \
+  scripts/check-file-access.py \
+  scripts/check-remote-protocol.py \
+  scripts/check-symfile.py \
+  scripts/check-symsorting.py \
+  scripts/dtrace2systemtap.py \
+  scripts/esx_vi_generator.py \
+  scripts/genaclperms.py \
+  scripts/genpolkit.py \
+  scripts/gensystemtap.py \
+  scripts/group-qemu-caps.py \
+  scripts/header-ifdef.py \
+  scripts/hvsupport.py \
+  scripts/hyperv_wmi_generator.py \
+  scripts/minimize-po.py \
+  scripts/mock-noinline.py \
+  scripts/prohibit-duplicate-header.py \
+  scripts/reformat-news.py \
+  scripts/test-wrap-argv.py \
+  build-aux/syntax-check.mk \
   build-aux/useless-if-before-free \
   build-aux/vc-list-files \
+  ci/Makefile \
+  ci/build.sh \
+  ci/list-images.sh \
+  ci/prepare.sh \
   $(NULL)
 
 pkgconfigdir = $(libdir)/pkgconfig
@@ -59,7 +86,7 @@ pkgconfig_DATA = libvirt.pc libvirt-qemu.pc libvirt-lxc.pc libvirt-admin.pc
 NEWS: \
 	  $(srcdir)/docs/news.xml \
 	  $(srcdir)/docs/news-ascii.xsl \
-	  $(srcdir)/docs/reformat-news.py
+	  $(top_srcdir)/scripts/reformat-news.py
 	$(AM_V_GEN) \
 	if [ -x $(XSLTPROC) ]; then \
 	  $(XSLTPROC) --nonet \
@@ -67,14 +94,14 @@ NEWS: \
 	    $(srcdir)/docs/news.xml \
 	  >$@-tmp \
 	    || { rm -f $@-tmp; exit 1; }; \
-	  $(PYTHON) $(srcdir)/docs/reformat-news.py $@-tmp >$@ \
+	  $(RUNUTF8) $(PYTHON) $(top_srcdir)/scripts/reformat-news.py $@-tmp >$@ \
 	    || { rm -f $@-tmp; exit 1; }; \
 	  rm -f $@-tmp; \
 	fi
 EXTRA_DIST += \
 	$(srcdir)/docs/news.xml \
 	$(srcdir)/docs/news-ascii.xsl \
-	$(srcdir)/docs/reformat-news.py
+	$(NULL)
 
 rpm: clean
 	@(unset CDPATH ; $(MAKE) dist && rpmbuild -ta $(distdir).tar.xz)
@@ -87,8 +114,29 @@ check-local: all tests
 check-access: all
 	@($(MAKE) $(AM_MAKEFLAGS) -C tests check-access)
 
+cov: clean-cov
+	$(MKDIR_P) $(top_builddir)/coverage
+	$(LCOV) -c -o $(top_builddir)/coverage/libvirt.info.tmp \
+	  -d $(top_builddir)/src \
+	  -d $(top_builddir)/tests
+	$(LCOV) -r $(top_builddir)/coverage/libvirt.info.tmp \
+	  -o $(top_builddir)/coverage/libvirt.info
+	rm $(top_builddir)/coverage/libvirt.info.tmp
+	$(GENHTML) --show-details -t "libvirt" -o $(top_builddir)/coverage \
+	  --legend $(top_builddir)/coverage/libvirt.info
+
+clean-cov:
+	rm -rf $(top_builddir)/coverage
+
 MAINTAINERCLEANFILES = .git-module-status
 
+BUILT_SOURCES = configmake.h
+CLEANFILES = configmake.h
+
+distclean-local: clean-GNUmakefile
+clean-GNUmakefile:
+	test '$(srcdir)' = . || rm -f $(top_builddir)/GNUmakefile
+
 dist-hook: gen-AUTHORS
 
 .PHONY: gen-AUTHORS
@@ -109,4 +157,45 @@ gen-AUTHORS:
 	fi
 
 ci-%:
-	$(MAKE) -f Makefile.ci $@
+	$(MAKE) -C $(srcdir)/ci/ $@
+
+# Listed in the same order as the GNU makefile conventions, and
+# provided by autoconf 2.59c+ or 2.70.
+# The Automake-defined pkg* macros are appended, in the order
+# listed in the Automake 1.10a+ documentation.
+configmake.h: Makefile
+	$(AM_V_GEN)rm -f $@-t && \
+	{ echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \
+	  echo '#if WIN32'; \
+	  echo '# include <winsock2.h> /* avoid mingw pollution on DATADIR */'; \
+	  echo '#endif'; \
+	  echo '#define PREFIX "$(prefix)"'; \
+	  echo '#define EXEC_PREFIX "$(exec_prefix)"'; \
+	  echo '#define BINDIR "$(bindir)"'; \
+	  echo '#define SBINDIR "$(sbindir)"'; \
+	  echo '#define LIBEXECDIR "$(libexecdir)"'; \
+	  echo '#define DATAROOTDIR "$(datarootdir)"'; \
+	  echo '#define DATADIR "$(datadir)"'; \
+	  echo '#define SYSCONFDIR "$(sysconfdir)"'; \
+	  echo '#define SHAREDSTATEDIR "$(sharedstatedir)"'; \
+	  echo '#define LOCALSTATEDIR "$(localstatedir)"'; \
+	  echo '#define RUNSTATEDIR "$(runstatedir)"'; \
+	  echo '#define INCLUDEDIR "$(includedir)"'; \
+	  echo '#define OLDINCLUDEDIR "$(oldincludedir)"'; \
+	  echo '#define DOCDIR "$(docdir)"'; \
+	  echo '#define INFODIR "$(infodir)"'; \
+	  echo '#define HTMLDIR "$(htmldir)"'; \
+	  echo '#define DVIDIR "$(dvidir)"'; \
+	  echo '#define PDFDIR "$(pdfdir)"'; \
+	  echo '#define PSDIR "$(psdir)"'; \
+	  echo '#define LIBDIR "$(libdir)"'; \
+	  echo '#define LISPDIR "$(lispdir)"'; \
+	  echo '#define LOCALEDIR "$(localedir)"'; \
+	  echo '#define MANDIR "$(mandir)"'; \
+	  echo '#define MANEXT "$(manext)"'; \
+	  echo '#define PKGDATADIR "$(pkgdatadir)"'; \
+	  echo '#define PKGINCLUDEDIR "$(pkgincludedir)"'; \
+	  echo '#define PKGLIBDIR "$(pkglibdir)"'; \
+	  echo '#define PKGLIBEXECDIR "$(pkglibexecdir)"'; \
+	} | sed '/""/d' > $@-t && \
+	mv -f $@-t $@

README

@@ -1 +1 @@
-README.md
+README.rst

README-hacking

@@ -1,58 +0,0 @@
--*- outline -*-
-
-These notes intend to help people working on the checked-out sources.
-These requirements do not apply when building from a distribution tarball.
-See also docs/hacking.html (after building libvirt using the information
-included in this file) for more detailed contribution guidelines.
-
-* Requirements
-
-We've opted to keep only the highest-level sources in the GIT repository.
-This eases our maintenance burden, (fewer merges etc.), but imposes more
-requirements on anyone wishing to build from the just-checked-out sources.
-Note the requirements to build the released archive are much less and
-are just the requirements of the standard ./configure && make procedure.
-Specific development tools and versions will be checked for and listed by
-the bootstrap script.
-
-Valgrind <http://valgrind.org/> is also highly recommended, if
-Valgrind supports your architecture.
-
-While building from a just-cloned source tree may require installing a
-few prerequisites, later, a plain `git pull && make' should be sufficient.
-
-* First GIT checkout
-
-You can get a copy of the source repository like this:
-
-        $ git clone https://libvirt.org/git/libvirt.git
-        $ cd libvirt
-
-As an optional step, if you already have a copy of the gnulib git
-repository on your hard drive, then you can use it as a reference to
-reduce download time and disk space requirements:
-
-        $ export GNULIB_SRCDIR=/path/to/gnulib
-
-The next step is to get all required pieces from gnulib,
-to run autoreconf, and to invoke ./configure:
-
-        $ ./autogen.sh
-
-And there you are!  Just
-
-        $ make
-        $ make check
-
-At this point, there should be no difference between your local copy,
-and the GIT master copy:
-
-        $ git diff
-
-should output no difference.
-
-Enjoy!
-
-Local Variables:
-indent-tabs-mode: nil
-End:

README.rst

@@ -1,6 +1,14 @@
-[![Build Status](https://travis-ci.org/libvirt/libvirt.svg)](https://travis-ci.org/libvirt/libvirt)
- [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/355/badge)](https://bestpractices.coreinfrastructure.org/projects/355)
+.. image:: https://gitlab.com/libvirt/libvirt/badges/master/pipeline.svg
+     :target: https://gitlab.com/libvirt/libvirt/pipelines
+     :alt: GitLab CI Build Status
+.. image:: https://travis-ci.org/libvirt/libvirt.svg
+     :target: https://travis-ci.org/libvirt/libvirt
+     :alt: Travis CI Build Status
+.. image:: https://bestpractices.coreinfrastructure.org/projects/355/badge
+     :target: https://bestpractices.coreinfrastructure.org/projects/355
+     :alt: CII Best Practices
 
+==============================
 Libvirt API for virtualization
 ==============================
 
@@ -21,63 +29,66 @@ mappings into object systems such as GObject, CIM and SNMP.
 Further information about the libvirt project can be found on the
 website:
 
-[https://libvirt.org](https://libvirt.org)
+https://libvirt.org
 
 
 License
--------
+=======
 
 The libvirt C API is distributed under the terms of GNU Lesser General
 Public License, version 2.1 (or later). Some parts of the code that are
 not part of the C library may have the more restrictive GNU General
-Public License, version 2.0 (or later). See the files `COPYING.LESSER`
-and `COPYING` for full license terms & conditions.
+Public License, version 2.0 (or later). See the files ``COPYING.LESSER``
+and ``COPYING`` for full license terms & conditions.
 
 
 Installation
-------------
+============
 
 Libvirt uses the GNU Autotools build system, so in general can be built
-and installed with the usual commands. For example, to build in a manner
-that is suitable for installing as root, use:
+and installed with the usual commands, however, we mandate to have the
+build directory different than the source directory. For example, to build
+in a manner that is suitable for installing as root, use:
 
-```
-$ ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
-$ make
-$ sudo make install
-```
+::
+
+  $ mkdir build && cd build
+  $ ../configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
+  $ make
+  $ sudo make install
 
 While to build & install as an unprivileged user
 
-```
-$ ./configure --prefix=$HOME/usr
-$ make
-$ make install
-```
+::
+
+  $ mkdir build && cd build
+  $ ../configure --prefix=$HOME/usr
+  $ make
+  $ make install
 
 The libvirt code relies on a large number of 3rd party libraries. These will
-be detected during execution of the `configure` script and a summary printed
+be detected during execution of the ``configure`` script and a summary printed
 which lists any missing (optional) dependencies.
 
 
 Contributing
-------------
+============
 
 The libvirt project welcomes contributions in many ways. For most components
 the best way to contribute is to send patches to the primary development
 mailing list. Further guidance on this can be found on the website:
 
-[https://libvirt.org/contribute.html](https://libvirt.org/contribute.html)
+https://libvirt.org/contribute.html
 
 
 Contact
--------
+=======
 
 The libvirt project has two primary mailing lists:
 
-  * libvirt-users@redhat.com (**for user discussions**)
-  * libvir-list@redhat.com (**for development only**)
+* libvirt-users@redhat.com (**for user discussions**)
+* libvir-list@redhat.com (**for development only**)
 
 Further details on contacting the project are available on the website:
 
-[https://libvirt.org/contact.html](https://libvirt.org/contact.html)
+https://libvirt.org/contact.html

autogen.sh

@@ -1,208 +1,44 @@
 #!/bin/sh
 # Run this to generate all the initial makefiles, etc.
+test -n "$srcdir" || srcdir=$(dirname "$0")
+test -n "$srcdir" || srcdir=.
 
-die()
-{
-    echo "error: $1" >&2
+olddir=$(pwd)
+
+cd "$srcdir"
+
+(test -f src/libvirt.c) || {
+    echo -n "**Error**: Directory "\`$srcdir\'" does not look like the"
+    echo " top-level libvirt directory"
     exit 1
 }
 
-starting_point=$(pwd)
+git submodule update --init || exit 1
 
-srcdir=$(dirname "$0")
-test "$srcdir" || srcdir=.
+autoreconf --verbose --force --install || exit 1
 
-cd "$srcdir" || {
-    die "Failed to cd into $srcdir"
-}
-
-test -f src/libvirt.c || {
-    die "$0 must live in the top-level libvirt directory"
-}
-
-dry_run=
-no_git=
-gnulib_srcdir=
-extra_args=
-while test "$#" -gt 0; do
-    case "$1" in
-    --dry-run)
-        # This variable will serve both as an indicator of the fact that
-        # a dry run has been requested, and to store the result of the
-        # dry run. It will be ultimately used as return code for the
-        # script: 0 means no action is necessary, 2 means that autogen.sh
-        # needs to be executed, and 1 is reserved for failures
-        dry_run=0
+if test "x$1" = "x--system"; then
     shift
-        ;;
-    --no-git)
-        no_git=" $1"
-        shift
-        ;;
-    --gnulib-srcdir=*)
-        gnulib_srcdir=" $1"
-        shift
-        ;;
-    --gnulib-srcdir)
-        gnulib_srcdir=" $1=$2"
-        shift
-        shift
-        ;;
-    --system)
     prefix=/usr
+    libdir=$prefix/lib
     sysconfdir=/etc
     localstatedir=/var
-        if test -d $prefix/lib64; then
+    if [ -d /usr/lib64 ]; then
       libdir=$prefix/lib64
-        else
-            libdir=$prefix/lib
-        fi
-        extra_args="--prefix=$prefix --localstatedir=$localstatedir"
-        extra_args="$extra_args --sysconfdir=$sysconfdir --libdir=$libdir"
-        shift
-        ;;
-    *)
-        # All remaining arguments will be passed to configure verbatim
-        break
-        ;;
-    esac
-done
-no_git="$no_git$gnulib_srcdir"
-
-gnulib_hash()
-{
-    local no_git=$1
-
-    if test "$no_git"; then
-        echo "no-git"
-        return
-    fi
-
-    # Compute the hash we'll use to determine whether rerunning bootstrap
-    # is required. The first is just the SHA1 that selects a gnulib snapshot.
-    # The second ensures that whenever we change the set of gnulib modules used
-    # by this package, we rerun bootstrap to pull in the matching set of files.
-    # The third ensures that whenever we change the set of local gnulib diffs,
-    # we rerun bootstrap to pull in those diffs.
-    git submodule status .gnulib | awk '{ print $1 }'
-    git hash-object bootstrap.conf
-    git ls-tree -d HEAD gnulib/local | awk '{ print $3 }'
-}
-
-# Only look into git submodules if we're in a git checkout
-if test -d .git || test -f .git; then
-
-    # Check for dirty submodules
-    if test -z "$CLEAN_SUBMODULE"; then
-        for path in $(git submodule status | awk '{ print $2 }'); do
-            case "$(git diff "$path")" in
-                *-dirty*)
-                    echo "error: $path is dirty, please investigate" >&2
-                    echo "set CLEAN_SUBMODULE to discard submodule changes" >&2
-                    exit 1
-                    ;;
-            esac
-        done
-    fi
-    if test "$CLEAN_SUBMODULE" && test -z "$no_git"; then
-        if test -z "$dry_run"; then
-            echo "Cleaning up submodules..."
-            git submodule foreach 'git clean -dfqx && git reset --hard' || {
-                die "Cleaning up submodules failed"
-            }
-        fi
-    fi
-
-    # Update all submodules. If any of the submodules has not been
-    # initialized yet, it will be initialized now; moreover, any submodule
-    # with uncommitted changes will be returned to the expected state
-    echo "Updating submodules..."
-    git submodule update --init || {
-        die "Updating submodules failed"
-    }
-
-    # The expected hash, eg. the one computed after the last
-    # successful bootstrap run, is stored on disk
-    state_file=.git-module-status
-    expected_hash=$(cat "$state_file" 2>/dev/null)
-    actual_hash=$(gnulib_hash "$no_git")
-
-    if test "$actual_hash" = "$expected_hash" && test -f AUTHORS; then
-        # The gnulib hash matches our expectations, and all the files
-        # that can only be generated through bootstrap are present:
-        # we just need to run autoreconf. Unless we're performing a
-        # dry run, of course...
-        if test -z "$dry_run"; then
-            echo "Running autoreconf..."
-            autoreconf -if || {
-                die "autoreconf failed"
-            }
-        fi
-    else
-        # Whenever the gnulib submodule or any of the related bits
-        # has been changed in some way (see gnulib_hash) we need to
-        # run bootstrap again. If we're performing a dry run, we
-        # change the return code instead to signal our caller
-        if test "$dry_run"; then
-            dry_run=2
-        else
-            echo "Running bootstrap..."
-            ./bootstrap$no_git --bootstrap-sync || {
-                die "bootstrap failed"
-            }
-            gnulib_hash >"$state_file"
-        fi
     fi
+    EXTRA_ARGS="--prefix=$prefix --sysconfdir=$sysconfdir --localstatedir=$localstatedir --libdir=$libdir"
 fi
 
-# When performing a dry run, we can stop here
-test "$dry_run" && exit "$dry_run"
+cd "$olddir"
 
-# If asked not to run configure, we can stop here
-test "$NOCONFIGURE" && exit 0
+if [ "$NOCONFIGURE" = "" ]; then
+        $srcdir/configure $EXTRA_ARGS "$@" || exit 1
 
-cd "$starting_point" || {
-    die "Failed to cd into $starting_point"
-}
-
-if test "$OBJ_DIR"; then
-    mkdir -p "$OBJ_DIR" || {
-        die "Failed to create $OBJ_DIR"
-    }
-    cd "$OBJ_DIR" || {
-        die "Failed to cd into $OBJ_DIR"
-    }
-fi
-
-# Make sure we can find GNU make and tell the user
-# the right command to run
-MAKE=
-for cmd in make gmake; do
-    if $cmd -v 2>&1 | grep -q "GNU Make"; then
-        MAKE=$cmd
-        break
+        if [ "$1" = "--help" ]; then
+                exit 0
+        else
+                echo "Now type 'make' to compile libvirt" || exit 1
         fi
-done
-test "$MAKE" || {
-    die "GNU make is required to build libvirt"
-}
-
-if test -z "$*" && test -z "$extra_args" && test -f config.status; then
-    echo "Running config.status..."
-    ./config.status --recheck || {
-        die "config.status failed"
-    }
 else
-    if test -z "$*" && test -z "$extra_args"; then
-        echo "I am going to run configure with no arguments - if you wish"
-        echo "to pass any to it, please specify them on the $0 command line."
-    else
-        echo "Running configure with $extra_args $@"
-    fi
-    "$srcdir/configure" $extra_args "$@" || {
-        die "configure failed"
-    }
+        echo "Skipping configure process."
 fi
-
-echo
-echo "Now type '$MAKE' to compile libvirt."

bootstrap.conf

@@ -1,199 +0,0 @@
-# Bootstrap configuration.
-
-# Copyright (C) 2010-2014 Red Hat, Inc.
-
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Lesser General Public License for more details.
-
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library.  If not, see
-# <http://www.gnu.org/licenses/>.
-
-# gnulib modules used by this package.
-gnulib_modules='
-accept
-areadlink
-autobuild
-base64
-bind
-bitrotate
-byteswap
-c-ctype
-c-strcase
-c-strcasestr
-calloc-posix
-canonicalize-lgpl
-chown
-clock-time
-close
-connect
-configmake
-count-leading-zeros
-count-one-bits
-dirname-lgpl
-environ
-execinfo
-fclose
-fcntl
-fcntl-h
-fdatasync
-ffs
-ffsl
-fnmatch
-fsync
-func
-getaddrinfo
-getcwd-lgpl
-gethostname
-getopt-posix
-getpass
-getpeername
-getsockname
-gettimeofday
-gitlog-to-changelog
-gnumakefile
-ignore-value
-inet_pton
-intprops
-ioctl
-isatty
-largefile
-ldexp
-listen
-localeconv
-maintainer-makefile
-manywarnings
-mgetgroups
-mkdtemp
-mkostemp
-mkostemps
-mktempd
-net_if
-netdb
-nonblocking
-openpty
-passfd
-perror
-physmem
-pipe-posix
-pipe2
-poll
-posix-shell
-pthread
-pthread_sigmask
-recv
-regex
-sched
-secure_getenv
-send
-setenv
-setsockopt
-sigaction
-sigpipe
-snprintf
-socket
-stat-time
-stdarg
-stpcpy
-strchrnul
-strdup-posix
-strndup
-strerror
-strerror_r-posix
-strptime
-strsep
-strtok_r
-sys_stat
-sys_wait
-termios
-time_r
-timegm
-ttyname_r
-uname
-unsetenv
-useless-if-before-free
-usleep
-vasprintf
-verify
-vc-list-files
-vsnprintf
-waitpid
-warnings
-wcwidth
-'
-
-SKIP_PO=true
-
-# Enable copy-mode for MSYS/MinGW. MSYS' ln doesn't work well in the way
-# bootstrap uses it with relative paths.
-if test -n "$MSYSTEM"; then
-    copy=true
-fi
-
-
-# Tell gnulib to:
-#   require LGPLv2+
-#   apply any local diffs in gnulib/local/ dir
-#   put *.m4 files in m4/ dir
-#   put *.[ch] files in new gnulib/lib/ dir
-#   import gnulib tests in new gnulib/tests/ dir
-gnulib_name=libgnu
-m4_base=m4
-source_base=gnulib/lib
-tests_base=gnulib/tests
-gnulib_tool_option_extras="\
- --lgpl=2\
- --with-tests\
- --makefile-name=gnulib.mk\
- --avoid=pt_chown\
- --avoid=lock-tests\
-"
-local_gl_dir=gnulib/local
-
-# Build prerequisites
-# Note that some of these programs are only required for 'make dist' to
-# succeed from a fresh git checkout; not all of these programs are
-# required to run 'make dist' on a tarball.
-buildreq="\
-autoconf   2.59
-automake   1.9.6
-git        1.5.5
-gzip       -
-libtool    -
-patch      -
-perl       5.5
-pkg-config -
-rpcgen     -
-tar        -
-xmllint	   -
-xsltproc   -
-"
-
-# Automake requires that AUTHORS exist.
-touch AUTHORS || exit 1
-
-# Override bootstrap's list - we don't use mdate-sh or texinfo.tex.
-gnulib_extra_files="
-        build-aux/install-sh
-        build-aux/depcomp
-        build-aux/config.guess
-        build-aux/config.sub
-        doc/INSTALL
-"
-
-
-bootstrap_post_import_hook()
-{
-  # Change paths in gnulib/tests/gnulib.mk from "../../.." to "../..",
-  # and make tests conditional by changing "TESTS" to "GNULIB_TESTS".
-  m=gnulib/tests/gnulib.mk
-  sed 's,\.\./\.\./\.\.,../..,g; s/^TESTS /GNULIB_TESTS /' $m > $m-t
-  mv -f $m-t $m
-}

build-aux/augeas-gentest.pl

@@ -1,68 +0,0 @@
-#!/usr/bin/env perl
-#
-# augeas-gentest.pl: Generate an augeas test file, from an
-#                    example config file + test file template
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library.  If not, see
-# <http://www.gnu.org/licenses/>.
-
-use strict;
-use warnings;
-
-die "syntax: $0 CONFIG TEMPLATE AUGTEST\n" unless @ARGV == 3;
-
-my $config = shift @ARGV;
-my $template = shift @ARGV;
-my $augtest = shift @ARGV;
-
-open AUGTEST, ">", $augtest or die "cannot create $augtest: $!";
-
-$SIG{__DIE__} = sub {
-    unlink $augtest;
-};
-
-open CONFIG, "<", $config or die "cannot read $config: $!";
-open TEMPLATE, "<", $template or die "cannot read $template: $!";
-
-my $group = 0;
-while (<TEMPLATE>) {
-    if (/::CONFIG::/) {
-        my $group = 0;
-        print AUGTEST "  let conf = \"";
-        while (<CONFIG>) {
-            if (/^#\w/) {
-                s/^#//;
-                s/\"/\\\"/g;
-                print AUGTEST $_;
-                $group = /\[\s$/;
-            } elsif ($group) {
-                s/\"/\\\"/g;
-                if (/#\s*\]/) {
-                    $group = 0;
-                }
-                if (/^#/) {
-                    s/^#//;
-                    print AUGTEST $_;
-                }
-            }
-        }
-        print AUGTEST "\"\n";
-    } else {
-        print AUGTEST $_;
-    }
-}
-
-close TEMPLATE;
-close CONFIG;
-close AUGTEST or die "cannot save $augtest: $!";

build-aux/header-ifdef.pl

@@ -1,182 +0,0 @@
-#!/usr/bin/perl
-#
-# Validate that header files follow a standard layout:
-#
-# /*
-#  ...copyright header...
-#  */
-# <one blank line>
-# #pragma once
-# ....content....
-#
-#---
-#
-# For any file ending priv.h, before the #pragma once
-# We will have a further section
-#
-# #ifndef SYMBOL_ALLOW
-# # error ....
-# #endif /* SYMBOL_ALLOW */
-# <one blank line>
-#
-#---
-#
-# For public headers (files in include/), use the standard header guard instead of #pragma once:
-# #ifndef SYMBOL
-# # define SYMBOL
-# ....content....
-# #endif /* SYMBOL */
-
-use strict;
-use warnings;
-
-my $STATE_COPYRIGHT_COMMENT = 0;
-my $STATE_COPYRIGHT_BLANK = 1;
-my $STATE_PRIV_START = 2;
-my $STATE_PRIV_ERROR = 3;
-my $STATE_PRIV_END = 4;
-my $STATE_PRIV_BLANK = 5;
-my $STATE_GUARD_START = 6;
-my $STATE_GUARD_DEFINE = 7;
-my $STATE_GUARD_END = 8;
-my $STATE_EOF = 9;
-my $STATE_PRAGMA = 10;
-
-my $file = " ";
-my $ret = 0;
-my $ifdef = "";
-my $ifdefpriv = "";
-my $publicheader = 0;
-
-my $state = $STATE_EOF;
-my $mistake = 0;
-
-sub mistake {
-    my $msg = shift;
-    warn $msg;
-    $mistake = 1;
-    $ret = 1;
-}
-
-while (<>) {
-    if (not $file eq $ARGV) {
-        if ($state == $STATE_COPYRIGHT_COMMENT) {
-            &mistake("$file: missing copyright comment");
-        } elsif ($state == $STATE_COPYRIGHT_BLANK) {
-            &mistake("$file: missing blank line after copyright header");
-        } elsif ($state == $STATE_PRIV_START) {
-            &mistake("$file: missing '#ifndef $ifdefpriv'");
-        } elsif ($state == $STATE_PRIV_ERROR) {
-            &mistake("$file: missing '# error ...priv allow...'");
-        } elsif ($state == $STATE_PRIV_END) {
-            &mistake("$file: missing '#endif /* $ifdefpriv */'");
-        } elsif ($state == $STATE_PRIV_BLANK) {
-            &mistake("$file: missing blank line after priv header check");
-        } elsif ($state == $STATE_GUARD_START) {
-            if ($publicheader) {
-                &mistake("$file: missing '#ifndef $ifdef'");
-            } else {
-                &mistake("$file: missing '#pragma once' header guard");
-            }
-        } elsif ($state == $STATE_GUARD_DEFINE) {
-            &mistake("$file: missing '# define $ifdef'");
-        } elsif ($state == $STATE_GUARD_END) {
-            &mistake("$file: missing '#endif /* $ifdef */'");
-        }
-
-        $ifdef = uc $ARGV;
-        $ifdef =~ s,.*/,,;
-        $ifdef =~ s,[^A-Z0-9],_,g;
-        $ifdef =~ s,__+,_,g;
-        unless ($ifdef =~ /^LIBVIRT_/ && $ARGV !~ /libvirt_internal.h/) {
-            $ifdef = "LIBVIRT_" . $ifdef;
-        }
-        $ifdefpriv = $ifdef . "_ALLOW";
-
-        $file = $ARGV;
-        $state = $STATE_COPYRIGHT_COMMENT;
-        $mistake = 0;
-        $publicheader = ($ARGV =~ /include\//);
-    }
-
-    if ($mistake ||
-        $ARGV =~ /config-post\.h$/ ||
-        $ARGV =~ /vbox_(CAPI|XPCOM)/) {
-        $state = $STATE_EOF;
-        next;
-    }
-
-    if ($state == $STATE_COPYRIGHT_COMMENT) {
-        if (m,\*/,) {
-            $state = $STATE_COPYRIGHT_BLANK;
-        }
-    } elsif ($state == $STATE_COPYRIGHT_BLANK) {
-        if (! /^$/) {
-            &mistake("$file: missing blank line after copyright header");
-        }
-        if ($ARGV =~ /priv\.h$/) {
-            $state = $STATE_PRIV_START;
-        } else {
-            $state = $STATE_GUARD_START;
-        }
-    } elsif ($state == $STATE_PRIV_START) {
-        if (/^$/) {
-            &mistake("$file: too many blank lines after copyright header");
-        } elsif (/#ifndef $ifdefpriv$/) {
-            $state = $STATE_PRIV_ERROR;
-        } else {
-            &mistake("$file: missing '#ifndef $ifdefpriv'");
-        }
-    } elsif ($state == $STATE_PRIV_ERROR) {
-        if (/# error ".*"$/) {
-            $state = $STATE_PRIV_END;
-        } else {
-            &mistake("$file: missing '# error ...priv allow...'");
-        }
-    } elsif ($state == $STATE_PRIV_END) {
-        if (m,#endif /\* $ifdefpriv \*/,) {
-            $state = $STATE_PRIV_BLANK;
-        } else {
-            &mistake("$file: missing '#endif /* $ifdefpriv */'");
-        }
-    } elsif ($state == $STATE_PRIV_BLANK) {
-        if (! /^$/) {
-            &mistake("$file: missing blank line after priv guard");
-        }
-        $state = $STATE_GUARD_START;
-    } elsif ($state == $STATE_GUARD_START) {
-        if (/^$/) {
-            &mistake("$file: too many blank lines after copyright header");
-        }
-        if ($publicheader) {
-            if (/#ifndef $ifdef$/) {
-                $state = $STATE_GUARD_DEFINE;
-            } else {
-                &mistake("$file: missing '#ifndef $ifdef'");
-            }
-        } else {
-            if (/#pragma once/) {
-                $state = $STATE_PRAGMA;
-            } else {
-                &mistake("$file: missing '#pragma once' header guard");
-            }
-        }
-    } elsif ($state == $STATE_GUARD_DEFINE) {
-        if (/# define $ifdef$/) {
-            $state = $STATE_GUARD_END;
-        } else {
-            &mistake("$file: missing '# define $ifdef'");
-        }
-    } elsif ($state == $STATE_GUARD_END) {
-        if (m,#endif /\* $ifdef \*/$,) {
-            $state = $STATE_EOF;
-        }
-    } elsif ($state == $STATE_PRAGMA) {
-        next;
-    } elsif ($state == $STATE_EOF) {
-        die "$file: unexpected content after '#endif /* $ifdef */'";
-    } else {
-        die "$file: unexpected state $state";
-    }
-}
-exit $ret;

build-aux/minimize-po.pl

@@ -1,37 +0,0 @@
-#!/usr/bin/perl
-
-my @block;
-my $msgstr = 0;
-my $empty = 0;
-my $unused = 0;
-my $fuzzy = 0;
-while (<>) {
-    if (/^$/) {
-        if (!$empty && !$unused && !$fuzzy) {
-            print @block;
-        }
-        @block = ();
-        $msgstr = 0;
-        $fuzzy = 0;
-        push @block, $_;
-    } else {
-        if (/^msgstr/) {
-            $msgstr = 1;
-            $empty = 1;
-        }
-        if (/^#.*fuzzy/) {
-            $fuzzy = 1;
-        }
-        if (/^#~ msgstr/) {
-            $unused = 1;
-        }
-        if ($msgstr && /".+"/) {
-            $empty = 0;
-        }
-        push @block, $_;
-    }
-}
-
-if (@block && !$empty && !$unused) {
-    print @block;
-}

build-aux/mock-noinline.pl

@@ -1,75 +0,0 @@
-#!/usr/bin/env perl
-
-my %noninlined;
-my %mocked;
-
-# Functions in public header don't get the noinline annotation
-# so whitelist them here
-$noninlined{"virEventAddTimeout"} = 1;
-# This one confuses the script as its defined in the mock file
-# but is actually just a local helper
-$noninlined{"virMockStatRedirect"} = 1;
-
-foreach my $arg (@ARGV) {
-    if ($arg =~ /\.h$/) {
-        #print "Scan header $arg\n";
-        &scan_annotations($arg);
-    } elsif ($arg =~ /mock\.c$/) {
-        #print "Scan mock $arg\n";
-        &scan_overrides($arg);
-    }
-}
-
-my $warned = 0;
-foreach my $func (keys %mocked) {
-    next if exists $noninlined{$func};
-
-    $warned++;
-    print STDERR "$func is mocked at $mocked{$func} but missing noinline annotation\n";
-}
-
-exit $warned ? 1 : 0;
-
-
-sub scan_annotations {
-    my $file = shift;
-
-    open FH, $file or die "cannot read $file: $!";
-
-    my $func;
-    while (<FH>) {
-        if (/^\s*(\w+)\(/ || /^(?:\w+\*?\s+)+(?:\*\s*)?(\w+)\(/) {
-            my $name = $1;
-            if ($name !~ /ATTRIBUTE/) {
-                $func = $name;
-            }
-        } elsif (/^\s*$/) {
-            $func = undef;
-        }
-        if (/ATTRIBUTE_NOINLINE/) {
-            if (defined $func) {
-                $noninlined{$func} = 1;
-            }
-        }
-    }
-
-    close FH
-}
-
-sub scan_overrides {
-    my $file = shift;
-
-    open FH, $file or die "cannot read $file: $!";
-
-    my $func;
-    while (<FH>) {
-        if (/^(\w+)\(/ || /^\w+\s*(?:\*\s*)?(\w+)\(/) {
-            my $name = $1;
-            if ($name =~ /^vir/) {
-                $mocked{$name} = "$file:$.";
-            }
-        }
-    }
-
-    close FH
-}

build-aux/prohibit-duplicate-header.pl

@@ -1,26 +0,0 @@
-#!/usr/bin/env perl
-
-use strict;
-
-my $file = " ";
-my $ret = 0;
-my %includes = ( );
-my $lineno = 0;
-
-while (<>) {
-    if (not $file eq $ARGV) {
-        %includes = ( );
-        $file = $ARGV;
-        $lineno = 0;
-    }
-    $lineno++;
-    if (/^# *include *[<"]([^>"]*\.h)[">]/) {
-        $includes{$1}++;
-        if ($includes{$1} == 2) {
-            $ret = 1;
-            print STDERR "$ARGV:$lineno: $_";
-            print STDERR "Do not include a header more than once per file\n";
-        }
-    }
-}
-exit $ret;

build-aux/useless-if-before-free

@@ -0,0 +1,226 @@
+#!/bin/sh
+#! -*-perl-*-
+
+# Detect instances of "if (p) free (p);".
+# Likewise "if (p != 0)", "if (0 != p)", or with NULL; and with braces.
+
+# Copyright (C) 2008-2019 Free Software Foundation, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+#
+# Written by Jim Meyering
+
+# This is a prologue that allows to run a perl script as an executable
+# on systems that are compliant to a POSIX version before POSIX:2017.
+# On such systems, the usual invocation of an executable through execlp()
+# or execvp() fails with ENOEXEC if it is a script that does not start
+# with a #! line.  The script interpreter mentioned in the #! line has
+# to be /bin/sh, because on GuixSD systems that is the only program that
+# has a fixed file name.  The second line is essential for perl and is
+# also useful for editing this file in Emacs.  The next two lines below
+# are valid code in both sh and perl.  When executed by sh, they re-execute
+# the script through the perl program found in $PATH.  The '-x' option
+# is essential as well; without it, perl would re-execute the script
+# through /bin/sh.  When executed by  perl, the next two lines are a no-op.
+eval 'exec perl -wSx "$0" "$@"'
+     if 0;
+
+my $VERSION = '2018-03-07 03:47'; # UTC
+# The definition above must lie within the first 8 lines in order
+# for the Emacs time-stamp write hook (at end) to update it.
+# If you change this file with Emacs, please let the write hook
+# do its job.  Otherwise, update this string manually.
+
+use strict;
+use warnings;
+use Getopt::Long;
+
+(my $ME = $0) =~ s|.*/||;
+
+# use File::Coda; # https://meyering.net/code/Coda/
+END {
+  defined fileno STDOUT or return;
+  close STDOUT and return;
+  warn "$ME: failed to close standard output: $!\n";
+  $? ||= 1;
+}
+
+sub usage ($)
+{
+  my ($exit_code) = @_;
+  my $STREAM = ($exit_code == 0 ? *STDOUT : *STDERR);
+  if ($exit_code != 0)
+    {
+      print $STREAM "Try '$ME --help' for more information.\n";
+    }
+  else
+    {
+      print $STREAM <<EOF;
+Usage: $ME [OPTIONS] FILE...
+
+Detect any instance in FILE of a useless "if" test before a free call, e.g.,
+"if (p) free (p);".  Any such test may be safely removed without affecting
+the semantics of the C code in FILE.  Use --name=FOO --name=BAR to also
+detect free-like functions named FOO and BAR.
+
+OPTIONS:
+
+   --list       print only the name of each matching FILE (\\0-terminated)
+   --name=N     add name N to the list of \'free\'-like functions to detect;
+                  may be repeated
+
+   --help       display this help and exit
+   --version    output version information and exit
+
+Exit status:
+
+  0   one or more matches
+  1   no match
+  2   an error
+
+EXAMPLE:
+
+For example, this command prints all removable "if" tests before "free"
+and "kfree" calls in the linux kernel sources:
+
+    git ls-files -z |xargs -0 $ME --name=kfree
+
+EOF
+    }
+  exit $exit_code;
+}
+
+sub is_NULL ($)
+{
+  my ($expr) = @_;
+  return ($expr eq 'NULL' || $expr eq '0');
+}
+
+{
+  sub EXIT_MATCH {0}
+  sub EXIT_NO_MATCH {1}
+  sub EXIT_ERROR {2}
+  my $err = EXIT_NO_MATCH;
+
+  my $list;
+  my @name = qw(free);
+  GetOptions
+    (
+     help => sub { usage 0 },
+     version => sub { print "$ME version $VERSION\n"; exit },
+     list => \$list,
+     'name=s@' => \@name,
+    ) or usage 1;
+
+  # Make sure we have the right number of non-option arguments.
+  # Always tell the user why we fail.
+  @ARGV < 1
+    and (warn "$ME: missing FILE argument\n"), usage EXIT_ERROR;
+
+  my $or = join '|', @name;
+  my $regexp = qr/(?:$or)/;
+
+  # Set the input record separator.
+  # Note: this makes it impractical to print line numbers.
+  $/ = '"';
+
+  my $found_match = 0;
+ FILE:
+  foreach my $file (@ARGV)
+    {
+      open FH, '<', $file
+        or (warn "$ME: can't open '$file' for reading: $!\n"),
+          $err = EXIT_ERROR, next;
+      while (defined (my $line = <FH>))
+        {
+          # Skip non-matching lines early to save time
+          $line =~ /\bif\b/
+            or next;
+          while ($line =~
+              /\b(if\s*\(\s*([^)]+?)(?:\s*!=\s*([^)]+?))?\s*\)
+              #  1          2                  3
+               (?:   \s*$regexp\s*\((?:\s*\([^)]+\))?\s*([^)]+)\)\s*;|
+                \s*\{\s*$regexp\s*\((?:\s*\([^)]+\))?\s*([^)]+)\)\s*;\s*\}))/sxg)
+            {
+              my $all = $1;
+              my ($lhs, $rhs) = ($2, $3);
+              my ($free_opnd, $braced_free_opnd) = ($4, $5);
+              my $non_NULL;
+              if (!defined $rhs) { $non_NULL = $lhs }
+              elsif (is_NULL $rhs) { $non_NULL = $lhs }
+              elsif (is_NULL $lhs) { $non_NULL = $rhs }
+              else { next }
+
+              # Compare the non-NULL part of the "if" expression and the
+              # free'd expression, without regard to white space.
+              $non_NULL =~ tr/ \t//d;
+              my $e2 = defined $free_opnd ? $free_opnd : $braced_free_opnd;
+              $e2 =~ tr/ \t//d;
+              if ($non_NULL eq $e2)
+                {
+                  $found_match = 1;
+                  $list
+                    and (print "$file\0"), next FILE;
+                  print "$file: $all\n";
+                }
+            }
+        }
+    }
+  continue
+    {
+      close FH;
+    }
+
+  $found_match && $err == EXIT_NO_MATCH
+    and $err = EXIT_MATCH;
+
+  exit $err;
+}
+
+my $foo = <<'EOF';
+# The above is to *find* them.
+# This adjusts them, removing the unnecessary "if (p)" part.
+
+# FIXME: do something like this as an option (doesn't do braces):
+free=xfree
+git grep -l -z "$free *(" \
+  | xargs -0 useless-if-before-free -l --name="$free" \
+  | xargs -0 perl -0x3b -pi -e \
+   's/\bif\s*\(\s*(\S+?)(?:\s*!=\s*(?:0|NULL))?\s*\)\s+('"$free"'\s*\((?:\s*\([^)]+\))?\s*\1\s*\)\s*;)/$2/s'
+
+# Use the following to remove redundant uses of kfree inside braces.
+# Note that -0777 puts perl in slurp-whole-file mode;
+# but we have plenty of memory, these days...
+free=kfree
+git grep -l -z "$free *(" \
+  | xargs -0 useless-if-before-free -l --name="$free" \
+  | xargs -0 perl -0777 -pi -e \
+     's/\bif\s*\(\s*(\S+?)(?:\s*!=\s*(?:0|NULL))?\s*\)\s*\{\s*('"$free"'\s*\((?:\s*\([^)]+\))?\s*\1\s*\);)\s*\}[^\n]*$/$2/gms'
+
+Be careful that the result of the above transformation is valid.
+If the matched string is followed by "else", then obviously, it won't be.
+
+When modifying files, refuse to process anything other than a regular file.
+EOF
+
+## Local Variables:
+## mode: perl
+## indent-tabs-mode: nil
+## eval: (add-hook 'before-save-hook 'time-stamp)
+## time-stamp-line-limit: 50
+## time-stamp-start: "my $VERSION = '"
+## time-stamp-format: "%:y-%02m-%02d %02H:%02M"
+## time-stamp-time-zone: "UTC0"
+## time-stamp-end: "'; # UTC"
+## End:

build-aux/vc-list-files

@@ -0,0 +1,113 @@
+#!/bin/sh
+# List version-controlled file names.
+
+# Print a version string.
+scriptversion=2018-03-07.03; # UTC
+
+# Copyright (C) 2006-2019 Free Software Foundation, Inc.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+
+# List the specified version-controlled files.
+# With no argument, list them all.  With a single DIRECTORY argument,
+# list the version-controlled files in that directory.
+
+# If there's an argument, it must be a single, "."-relative directory name.
+# cvsu is part of the cvsutils package: http://www.red-bean.com/cvsutils/
+
+postprocess=
+case $1 in
+  --help) cat <<EOF
+Usage: $0 [-C SRCDIR] [DIR...]
+
+Output a list of version-controlled files in DIR (default .), relative to
+SRCDIR (default .).  SRCDIR must be the top directory of a checkout.
+
+Options:
+  --help     print this help, then exit
+  --version  print version number, then exit
+  -C SRCDIR  change directory to SRCDIR before generating list
+
+Report bugs and patches to <bug-gnulib@gnu.org>.
+EOF
+    exit ;;
+
+  --version)
+    year=`echo "$scriptversion" | sed 's/[^0-9].*//'`
+    cat <<EOF
+vc-list-files $scriptversion
+Copyright (C) $year Free Software Foundation, Inc,
+License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+EOF
+    exit ;;
+
+  -C)
+    test "$2" = . || postprocess="| sed 's|^|$2/|'"
+    cd "$2" || exit 1
+    shift; shift ;;
+esac
+
+test $# = 0 && set .
+
+for dir
+do
+  if test -d .git || test -f .git; then
+    test "x$dir" = x. \
+      && dir= sed_esc= \
+      || { dir="$dir/"; sed_esc=`echo "$dir"|env sed 's,\([\\/]\),\\\\\1,g'`; }
+    # Ignore git symlinks - either they point into the tree, in which case
+    # we don't need to visit the target twice, or they point somewhere
+    # else (often into a submodule), in which case the content does not
+    # belong to this package.
+    eval exec git ls-tree -r 'HEAD:"$dir"' \
+      \| sed -n '"s/^100[^	]*./$sed_esc/p"' $postprocess
+  elif test -d .hg; then
+    eval exec hg locate '"$dir/*"' $postprocess
+  elif test -d .bzr; then
+    test "$postprocess" = '' && postprocess="| sed 's|^\./||'"
+    eval exec bzr ls -R --versioned '"$dir"' $postprocess
+  elif test -d CVS; then
+    test "$postprocess" = '' && postprocess="| sed 's|^\./||'"
+    if test -x build-aux/cvsu; then
+      eval build-aux/cvsu --find --types=AFGM '"$dir"' $postprocess
+    elif (cvsu --help) >/dev/null 2>&1; then
+      eval cvsu --find --types=AFGM '"$dir"' $postprocess
+    else
+      eval awk -F/ \''{			\
+          if (!$1 && $3 !~ /^-/) {	\
+            f=FILENAME;			\
+            if (f ~ /CVS\/Entries$/)	\
+              f = substr(f, 1, length(f)-11); \
+            print f $2;			\
+          }}'\''				\
+        `find "$dir" -name Entries -print` /dev/null' $postprocess
+    fi
+  elif test -d .svn; then
+    eval exec svn list -R '"$dir"' $postprocess
+  else
+    echo "$0: Failed to determine type of version control used in `pwd`" 1>&2
+    exit 1
+  fi
+done
+
+# Local variables:
+# eval: (add-hook 'before-save-hook 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC0"
+# time-stamp-end: "; # UTC"
+# End:

ci/Makefile

@@ -1,16 +1,15 @@
 # -*- makefile -*-
 # vim: filetype=make
 
-# Figure out name and path to this file. This isn't
-# portable but we only care for modern GNU make
-CI_MAKEFILE = $(abspath $(firstword $(MAKEFILE_LIST)))
+# The root directory of the libvirt.git checkout
+CI_GIT_ROOT = $(shell git rev-parse --show-toplevel)
+
+# The root directory for all CI-related contents
+CI_ROOTDIR = $(CI_GIT_ROOT)/ci
 
 # The directory holding content on the host that we will
 # expose to the container.
-CI_SCRATCHDIR = $(shell pwd)/ci-tree
-
-# The root directory of the libvirt.git checkout
-CI_GIT_ROOT = $(shell git rev-parse --show-toplevel)
+CI_SCRATCHDIR = $(CI_ROOTDIR)/scratch
 
 # The directory holding the clone of the git repo that
 # we will expose to the container
@@ -19,7 +18,7 @@ CI_HOST_SRCDIR = $(CI_SCRATCHDIR)/src
 # The directory holding the source inside the
 # container, i.e. where we want to expose
 # the $(CI_HOST_SRCDIR) directory from the host
-CI_CONT_SRCDIR = /src
+CI_CONT_SRCDIR = $(CI_USER_HOME)/libvirt
 
 # Relative directory to perform the build in. This
 # defaults to using a separate build dir, but can be
@@ -42,14 +41,16 @@ CI_MAKE_ARGS =
 # Any extra arguments to pass to configure
 CI_CONFIGURE_ARGS =
 
-# Avoid pulling submodules over the network by locally
-# cloning them
-CI_SUBMODULES = $(shell git submodule | awk '{ print $$2 }')
+# Script containing environment preparation steps
+CI_PREPARE_SCRIPT = $(CI_ROOTDIR)/prepare.sh
+
+# Script containing build instructions
+CI_BUILD_SCRIPT = $(CI_ROOTDIR)/build.sh
 
 # Location of the container images we're going to pull
 # Can be useful to overridde to use a locally built
 # image instead
-CI_IMAGE_PREFIX = quay.io/libvirt/buildenv-
+CI_IMAGE_PREFIX = quay.io/libvirt/buildenv-libvirt-
 
 # The default tag is ':latest' but if the container
 # repo above uses different conventions this can override it
@@ -70,6 +71,11 @@ CI_REUSE = 0
 CI_UID = $(shell id -u)
 CI_GID = $(shell id -g)
 
+# We also need the user's login and home directory to prepare the
+# environment the way some programs expect it
+CI_USER_LOGIN = $(shell echo "$$USER")
+CI_USER_HOME = $(shell echo "$$HOME")
+
 CI_ENGINE = auto
 # Container engine we are going to use, can be overridden per make
 # invocation, if it is not we try podman and then default to docker.
@@ -86,36 +92,49 @@ endif
 # is liable to mess with SELinux labelling which will
 # then prevent the host accessing them. And podman cannot
 # relabel the files due to it running rootless. So
-# copying them first is safer and error-prone.
+# copying them first is safer and less error-prone.
 CI_PWDB_MOUNTS = \
 	--volume $(CI_SCRATCHDIR)/group:/etc/group:ro,z \
 	--volume $(CI_SCRATCHDIR)/passwd:/etc/passwd:ro,z \
 	$(NULL)
 
+CI_HOME_MOUNTS = \
+	--volume $(CI_SCRATCHDIR)/home:$(CI_USER_HOME):z \
+	$(NULL)
+
+CI_SCRIPT_MOUNTS = \
+	--volume $(CI_SCRATCHDIR)/prepare:$(CI_USER_HOME)/prepare:z \
+	--volume $(CI_SCRATCHDIR)/build:$(CI_USER_HOME)/build:z \
+	$(NULL)
+
 # Docker containers can have very large ulimits
 # for nofiles - as much as 1048576. This makes
 # libvirt very slow at exec'ing programs.
 CI_ULIMIT_FILES = 1024
 
 ifeq ($(CI_ENGINE),podman)
-	# Podman cannot reuse host namespace when running non-root containers.  Until
-	# support for --keep-uid is added we can just create another mapping that will
-	# do that for us.  Beware, that in {uid,git}map=container_id:host_id:range,
-	# the host_id does actually refer to the uid in the first mapping where 0
-	# (root) is mapped to the current user and rest is offset.
-
-	# In order to set up this mapping, we need to keep all the user IDs to prevent
-	# possible errors as some images might expect UIDs up to 90000 (looking at you
-	# fedora), so we don't want the overflowuid to be used for them.  For mapping
-	# all the other users properly ther eneeds to be some math done.  Don't worry,
-	# it's just addition and subtraction.
-
-	# 65536 ought to be enough (tm), but for really rare cases the maximums might
-	# need to be higher, but that only happens when your /etc/sub{u,g}id allow
-	# users to have more IDs.  Unless --keep-uid is supported, let's do this in a
-	# way that should work for everyone.
-	CI_MAX_UID = $(shell sed -n "s/^$USER:[^:]\+://p" /etc/subuid)
-	CI_MAX_GID = $(shell sed -n "s/^$USER:[^:]\+://p" /etc/subgid)
+	# Podman cannot reuse host namespace when running non-root
+	# containers.  Until support for --keep-uid is added we can
+	# just create another mapping that will do that for us.
+	# Beware, that in {uid,git}map=container_id:host_id:range, the
+	# host_id does actually refer to the uid in the first mapping
+	# where 0 (root) is mapped to the current user and rest is
+	# offset.
+	#
+	# In order to set up this mapping, we need to keep all the
+	# user IDs to prevent possible errors as some images might
+	# expect UIDs up to 90000 (looking at you fedora), so we don't
+	# want the overflowuid to be used for them.  For mapping all
+	# the other users properly, some math needs to be done.
+	# Don't worry, it's just addition and subtraction.
+	#
+	# 65536 ought to be enough (tm), but for really rare cases the
+	# maximums might need to be higher, but that only happens when
+	# your /etc/sub{u,g}id allow users to have more IDs.  Unless
+	# --keep-uid is supported, let's do this in a way that should
+	# work for everyone.
+	CI_MAX_UID = $(shell sed -n "s/^$(CI_USER_LOGIN):[^:]\+://p" /etc/subuid)
+	CI_MAX_GID = $(shell sed -n "s/^$(CI_USER_LOGIN):[^:]\+://p" /etc/subgid)
 	ifeq ($(CI_MAX_UID),)
 		CI_MAX_UID = 65536
 	endif
@@ -153,20 +172,20 @@ CI_GIT_ARGS = \
 #             as dev so that file ownership matches host
 #             instead of root:root
 #   --volume  to pass in the cloned git repo & config
-#   --workdir to set cwd to vpath build location
 #   --ulimit  lower files limit for performance reasons
 #   --interactive
 #   --tty     Ensure we have ability to Ctrl-C the build
 CI_ENGINE_ARGS = \
 	--rm \
-	--user $(CI_UID):$(CI_GID) \
 	--interactive \
 	--tty \
 	$(CI_PODMAN_ARGS) \
 	$(CI_PWDB_MOUNTS) \
+	$(CI_HOME_MOUNTS) \
+	$(CI_SCRIPT_MOUNTS) \
 	--volume $(CI_HOST_SRCDIR):$(CI_CONT_SRCDIR):z \
-	--workdir $(CI_CONT_SRCDIR) \
 	--ulimit nofile=$(CI_ULIMIT_FILES):$(CI_ULIMIT_FILES) \
+	--cap-add=SYS_PTRACE \
 	$(NULL)
 
 ci-check-engine:
@@ -179,9 +198,13 @@ ci-prepare-tree: ci-check-engine
 		mkdir -p $(CI_SCRATCHDIR); \
 		cp /etc/passwd $(CI_SCRATCHDIR); \
 		cp /etc/group $(CI_SCRATCHDIR); \
+		mkdir -p $(CI_SCRATCHDIR)/home; \
+		cp "$(CI_PREPARE_SCRIPT)" $(CI_SCRATCHDIR)/prepare; \
+		cp "$(CI_BUILD_SCRIPT)" $(CI_SCRATCHDIR)/build; \
+		chmod +x "$(CI_SCRATCHDIR)/prepare" "$(CI_SCRATCHDIR)/build"; \
 		echo "Cloning $(CI_GIT_ROOT) to $(CI_HOST_SRCDIR)"; \
 		git clone $(CI_GIT_ARGS) $(CI_GIT_ROOT) $(CI_HOST_SRCDIR) || exit 1; \
-		for mod in $(CI_SUBMODULES) ; \
+		for mod in $$(git submodule | awk '{ print $$2 }' | sed -E 's,^../,,g') ; \
 		do \
 			test -f $(CI_GIT_ROOT)/$$mod/.git || continue ; \
 			echo "Cloning $(CI_GIT_ROOT)/$$mod to $(CI_HOST_SRCDIR)/$$mod"; \
@@ -189,46 +212,43 @@ ci-prepare-tree: ci-check-engine
 		done ; \
 	fi
 
-# $CONFIGURE_OPTS is a env that can optionally be set in the container,
-# populated at build time from the Dockerfile. A typical use case would
-# be to pass --host/--target args to trigger cross-compilation
-#
-# This can be augmented by make local args in $(CI_CONFIGURE_ARGS)
-#
-# gl_public_submodule_commit= to disable gnulib's submodule check
-# which breaks due to way we clone the submodules
-ci-build@%: ci-prepare-tree
+ci-run-command@%: ci-prepare-tree
 	$(CI_ENGINE) run $(CI_ENGINE_ARGS) $(CI_IMAGE_PREFIX)$*$(CI_IMAGE_TAG) \
-		/bin/bash -c '\
-		mkdir -p $(CI_CONT_BUILDDIR) || exit 1 ; \
-		cd $(CI_CONT_BUILDDIR) ; \
-		NOCONFIGURE=1 $(CI_CONT_SRCDIR)/autogen.sh || exit 1 ; \
-		$(CI_CONFIGURE) $${CONFIGURE_OPTS} $(CI_CONFIGURE_ARGS) ; \
-		if test $$? != 0 ; \
-		then \
-			test -f config.log && cat config.log ; \
-			exit 1 ; \
-		fi; \
-		find -name test-suite.log -delete ; \
-		export VIR_TEST_DEBUG=1 ; \
-		make -j$(CI_SMP) gl_public_submodule_commit= $(CI_MAKE_ARGS) ; \
-		if test $$? != 0 ; then \
-			LOGS=`find -name test-suite.log` ; \
-			if test "$${LOGS}" != "" ; then \
-				echo "=== LOG FILE(S) START ===" ; \
-				cat $${LOGS} ; \
-				echo "=== LOG FILE(S) END ===" ; \
-			fi ; \
-			exit 1 ;\
-		fi'
+		/bin/bash -c ' \
+		$(CI_USER_HOME)/prepare || exit 1; \
+		sudo \
+		  --login \
+		  --user="#$(CI_UID)" \
+		  --group="#$(CI_GID)" \
+		  CONFIGURE_OPTS="$$CONFIGURE_OPTS" \
+		  CI_CONT_SRCDIR="$(CI_CONT_SRCDIR)" \
+		  CI_CONT_BUILDDIR="$(CI_CONT_BUILDDIR)" \
+		  CI_SMP="$(CI_SMP)" \
+		  CI_CONFIGURE="$(CI_CONFIGURE)" \
+		  CI_CONFIGURE_ARGS="$(CI_CONFIGURE_ARGS)" \
+		  CI_MAKE_ARGS="$(CI_MAKE_ARGS)" \
+		  $(CI_COMMAND) || exit 1'
 	@test "$(CI_CLEAN)" = "1" && rm -rf $(CI_SCRATCHDIR) || :
 
+ci-shell@%:
+	$(MAKE) -C $(CI_ROOTDIR) ci-run-command@$* CI_COMMAND="/bin/bash"
+
+ci-build@%:
+	$(MAKE) -C $(CI_ROOTDIR) ci-run-command@$* CI_COMMAND="$(CI_USER_HOME)/build"
+
 ci-check@%:
-	$(MAKE) -f $(CI_MAKEFILE) ci-build@$* CI_MAKE_ARGS="check"
+	$(MAKE) -C $(CI_ROOTDIR) ci-build@$* CI_MAKE_ARGS="check"
 
-ci-shell@%: ci-prepare-tree
-	$(CI_ENGINE) run $(CI_ENGINE_ARGS) $(CI_IMAGE_PREFIX)$*$(CI_IMAGE_TAG) /bin/bash
-	@test "$(CI_CLEAN)" = "1" && rm -rf $(CI_SCRATCHDIR) || :
+ci-list-images:
+	@echo
+	@echo "Available x86 container images:"
+	@echo
+	@sh list-images.sh "$(CI_ENGINE)" "$(CI_IMAGE_PREFIX)" | grep -v cross
+	@echo
+	@echo "Available cross-compiler container images:"
+	@echo
+	@sh list-images.sh "$(CI_ENGINE)" "$(CI_IMAGE_PREFIX)" | grep cross
+	@echo
 
 ci-help:
 	@echo "Build libvirt inside containers used for CI"
@@ -238,30 +258,8 @@ ci-help:
 	@echo "    ci-build@\$$IMAGE - run a default 'make'"
 	@echo "    ci-check@\$$IMAGE - run a 'make check'"
 	@echo "    ci-shell@\$$IMAGE - run an interactive shell"
-	@echo
-	@echo "Available x86 container images:"
-	@echo
-	@echo "    centos-7"
-	@echo "    debian-9"
-	@echo "    debian-10"
-	@echo "    debian-sid"
-	@echo "    fedora-29"
-	@echo "    fedora-30"
-	@echo "    fedora-rawhide"
-	@echo "    ubuntu-16"
-	@echo "    ubuntu-18"
-	@echo
-	@echo "Available cross-compiler container images:"
-	@echo
-	@echo "    debian-{9,10,sid}-cross-aarch64"
-	@echo "    debian-{9,10,sid}-cross-armv6l"
-	@echo "    debian-{9,10,sid}-cross-armv7l"
-	@echo "    debian-{10,sid}-cross-i686"
-	@echo "    debian-{9,10,sid}-cross-mips64el"
-	@echo "    debian-{9,10,sid}-cross-mips"
-	@echo "    debian-{9,10,sid}-cross-mipsel"
-	@echo "    debian-{9,10,sid}-cross-ppc64le"
-	@echo "    debian-{9,10,sid}-cross-s390x"
+	@echo "    ci-list-images  - list available images"
+	@echo "    ci-help         - show this help message"
 	@echo
 	@echo "Available make variables:"
 	@echo

ci/build.sh

@@ -0,0 +1,38 @@
+# This script is used to build libvirt inside the container.
+#
+# You can customize it to your liking, or alternatively use a
+# completely different script by passing
+#
+#  CI_BUILD_SCRIPT=/path/to/your/build/script
+#
+# to make.
+
+mkdir -p "$CI_CONT_BUILDDIR" || exit 1
+cd "$CI_CONT_BUILDDIR"
+
+export VIR_TEST_DEBUG=1
+NOCONFIGURE=1 "$CI_CONT_SRCDIR/autogen.sh" || exit 1
+
+# $CONFIGURE_OPTS is a env that can optionally be set in the container,
+# populated at build time from the Dockerfile. A typical use case would
+# be to pass --host/--target args to trigger cross-compilation
+#
+# This can be augmented by make local args in $CI_CONFIGURE_ARGS
+"$CI_CONFIGURE" $CONFIGURE_OPTS $CI_CONFIGURE_ARGS
+if test $? != 0; then
+    test -f config.log && cat config.log
+    exit 1
+fi
+find -name test-suite.log -delete
+
+make -j"$CI_SMP" $CI_MAKE_ARGS
+
+if test $? != 0; then \
+    LOGS=$(find -name test-suite.log)
+    if test "$LOGS"; then
+        echo "=== LOG FILE(S) START ==="
+        cat $LOGS
+        echo "=== LOG FILE(S) END ==="
+    fi
+    exit 1
+fi

ci/list-images.sh

@@ -0,0 +1,26 @@
+#!/bin/sh
+
+engine="$1"
+prefix="$2"
+
+do_podman() {
+    # Podman freaks out if the search term ends with a dash, which ours
+    # by default does, so let's strip it. The repository name is the
+    # second field in the output, and it already starts with the registry
+    podman search --limit 100 "${prefix%-}" | while read _ repo _; do
+        echo "$repo"
+    done
+}
+
+do_docker() {
+    # Docker doesn't include the registry name in the output, so we have
+    # to add it. The repository name is the first field in the output
+    registry="${prefix%%/*}"
+    docker search --limit 100 "$prefix" | while read repo _; do
+        echo "$registry/$repo"
+    done
+}
+
+"do_$engine" | grep "^$prefix" | sed "s,^$prefix,,g" | while read repo; do
+    echo "    $repo"
+done | sort -u

ci/prepare.sh

@@ -0,0 +1,13 @@
+# This script is used to prepare the environment that will be used
+# to build libvirt inside the container.
+#
+# You can customize it to your liking, or alternatively use a
+# completely different script by passing
+#
+#  CI_PREPARE_SCRIPT=/path/to/your/prepare/script
+#
+# to make.
+#
+# Note that this script will have root privileges inside the
+# container, so it can be used for things like installing additional
+# packages.

config-post.h

@@ -16,76 +16,43 @@
  * <http://www.gnu.org/licenses/>.
  */
 
-/*
- * Since virt-login-shell will be setuid, we must do everything
- * we can to avoid linking to other libraries. Many of them do
- * unsafe things in functions marked __attribute__((constructor)).
- * The only way to avoid such deps is to re-compile the
- * functions with the code in question disabled, and for that we
- * must override the main config.h rules. Hence this file :-(
- */
-
-#ifdef LIBVIRT_SETUID_RPC_CLIENT
-# undef HAVE_LIBNL
-# undef HAVE_LIBNL3
-# undef HAVE_LIBSASL2
-# undef HAVE_SYS_ACL_H
-# undef WITH_CAPNG
-# undef WITH_CURL
-# undef WITH_DBUS
-# undef WITH_DEVMAPPER
-# undef WITH_DTRACE_PROBES
-# undef WITH_GNUTLS
-# undef WITH_LIBSSH
-# undef WITH_MACVTAP
-# undef WITH_NUMACTL
-# undef WITH_SASL
-# undef WITH_SSH2
-# undef WITH_SYSTEMD_DAEMON
-# undef WITH_VIRTUALPORT
-# undef WITH_YAJL
-#endif
-
-/*
- * With the NSS module it's the same story as virt-login-shell. See the
- * explanation above.
- */
-#ifdef LIBVIRT_NSS
-# undef HAVE_LIBNL
-# undef HAVE_LIBNL3
-# undef HAVE_LIBSASL2
-# undef HAVE_SYS_ACL_H
-# undef WITH_CAPNG
-# undef WITH_CURL
-# undef WITH_DEVMAPPER
-# undef WITH_DTRACE_PROBES
-# undef WITH_GNUTLS
-# undef WITH_LIBSSH
-# undef WITH_MACVTAP
-# undef WITH_NUMACTL
-# undef WITH_SASL
-# undef WITH_SSH2
-# undef WITH_VIRTUALPORT
-# undef WITH_SECDRIVER_SELINUX
-# undef WITH_SECDRIVER_APPARMOR
-#endif /* LIBVIRT_NSS */
-
 #ifndef __GNUC__
-# error "Libvirt requires GCC >= 4.4, or CLang"
+# error "Libvirt requires GCC >= 4.8, or CLang"
 #endif
 
 /*
  * Define __GNUC_PREREQ to a sane default if it isn't yet defined.
- * This is done here so that it's included as early as possible; gnulib relies
- * on this to be defined in features.h, which should be included from ctype.h.
- * This doesn't happen on many non-glibc systems.
- * When __GNUC_PREREQ is not defined, gnulib defines it to 0, which breaks things.
+ * This is done here so that it's included as early as possible;
  */
 #ifndef __GNUC_PREREQ
 # define __GNUC_PREREQ(maj, min) \
     ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
 #endif
 
-#if !(__GNUC_PREREQ(4, 4) || defined(__clang__))
-# error "Libvirt requires GCC >= 4.4, or CLang"
+#if defined(__clang_major__) && defined(__clang_minor__)
+# ifdef __apple_build_version__
+#  if __clang_major__ < 5 || (__clang_major__ == 5 && __clang_minor__ < 1)
+#   error You need at least XCode Clang v5.1 to compile QEMU
+#  endif
+# else
+#  if __clang_major__ < 3 || (__clang_major__ == 3 && __clang_minor__ < 4)
+#   error You need at least Clang v3.4 to compile QEMU
+#  endif
+# endif
+#elif defined(__GNUC__) && defined(__GNUC_MINOR__)
+# if __GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ < 8)
+#  error You need at least GCC v4.8 to compile QEMU
+# endif
+#else
+# error You either need at least GCC 4.8 or Clang 3.4 or XCode Clang 5.1 to compile libvirt
 #endif
+
+/* Ask for warnings for anything that was marked deprecated in
+ * the defined version, or before. It is a candidate for rewrite.
+ */
+#define GLIB_VERSION_MIN_REQUIRED GLIB_VERSION_2_48
+
+/* Ask for warnings if code tries to use function that did not
+ * exist in the defined version. These risk breaking builds
+ */
+#define GLIB_VERSION_MAX_ALLOWED GLIB_VERSION_2_48

configure.ac

@@ -16,7 +16,13 @@ dnl You should have received a copy of the GNU Lesser General Public
 dnl License along with this library.  If not, see
 dnl <http://www.gnu.org/licenses/>.
 
-AC_INIT([libvirt], [5.6.0], [libvir-list@redhat.com], [], [https://libvirt.org])
+AC_INIT([libvirt], [6.3.0], [libvir-list@redhat.com], [], [https://libvirt.org])
+
+if test $srcdir = "."
+then
+  AC_MSG_ERROR([Build directory must be different from source directory])
+fi
+
 AC_CONFIG_SRCDIR([src/libvirt.c])
 AC_CONFIG_AUX_DIR([build-aux])
 AC_CONFIG_HEADERS([config.h])
@@ -36,11 +42,6 @@ dnl we don't really need the 'u' even in older toolchains.  Then there is
 dnl older libtool, which spelled it AR_FLAGS
 m4_divert_text([DEFAULTS], [: "${ARFLAGS=cr} ${AR_FLAGS=cr}"])
 
-# Maintainer note - comment this line out if you plan to rerun
-# GNULIB_POSIXCHECK testing to see if libvirt should be using more modules.
-# Leave it uncommented for normal releases, for faster ./configure.
-gl_ASSERT_NO_GNULIB_POSIXCHECK
-
 # Default to using the silent-rules feature when possible.  Formatting
 # chosen to bypass 'grep' checks that cause older automake to warn.
 # Users (include rpm) can still change the default at configure time.
@@ -49,6 +50,8 @@ m4_ifndef([AM_SILENT_RULES],
 
 AC_CANONICAL_HOST
 
+AC_USE_SYSTEM_EXTENSIONS
+
 # First extract pieces from the version number string
 LIBVIRT_MAJOR_VERSION=`echo $VERSION | awk -F. '{print $1}'`
 LIBVIRT_MINOR_VERSION=`echo $VERSION | awk -F. '{print $2}'`
@@ -123,14 +126,29 @@ AC_PROG_CC
 AC_PROG_INSTALL
 AC_PROG_CPP
 
-dnl Setting AB_VERSION makes the 'autobuild' lines of configure output
-dnl slightly more useful
-if test -d $srcdir/.git && git --version >/dev/null 2>&1 ; then
-  AB_VERSION=`cd $srcdir && git describe --match 'v[[0-9]]*' 2>/dev/null`
+dnl autoconf 2.70 adds a --runstatedir option so that downstreams
+dnl can point to /run instead of the historic /var/run, but
+dnl autoconf hasn't had a release since 2012.
+if test "x$runstatedir" = x; then
+  AC_SUBST([runstatedir], ['${localstatedir}/run'])
 fi
 
-gl_EARLY
-gl_INIT
+dnl we introduce --with-runstatedir and then overwrite the
+dnl value of $runstatedir so configmake.h is more useful
+AC_ARG_WITH(
+    [runstatedir],
+    [AS_HELP_STRING(
+        [--with-runstatedir],
+        [State directory for temporary sockets, pid files, etc])])
+
+if test -n "$with_runstatedir"
+then
+  runstatedir=$with_runstatedir
+fi
+
+
+dnl get 64-int interfaces on 32-bit platforms
+AC_SYS_LARGEFILE
 
 AC_TYPE_UID_T
 
@@ -160,8 +178,6 @@ case "$host" in
     # mingw's ld has the --version-script parameter, but it requires a .def file
     # instead to work properly, therefore clear --version-script here and use
     # -Wl, to pass the .def file to the linker
-    # cygwin's ld has the --version-script parameter too, but for some reason
-    # it's working there as expected
     VERSION_SCRIPT_FLAGS="-Wl,"
     ;;
   * )
@@ -183,13 +199,12 @@ dnl are also linux specific.  The "network" and storage_fs drivers are known
 dnl to not work on macOS presently, so we also make a note if compiling
 dnl for that
 
-with_linux=no with_macos=no with_freebsd=no with_win=no with_cygwin=no
+with_linux=no with_macos=no with_freebsd=no with_win=no
 case $host in
   *-*-linux*) with_linux=yes ;;
   *-*-darwin*) with_macos=yes ;;
   *-*-freebsd*) with_freebsd=yes ;;
   *-*-mingw* | *-*-msvc* ) with_win=yes ;;
-  *-*-cygwin*) with_cygwin=yes ;;
 esac
 
 if test $with_linux = no; then
@@ -206,16 +221,18 @@ if test $with_freebsd = yes; then
     with_firewalld=no
 fi
 
-if test $with_cygwin = yes; then
-    with_vbox=no
-fi
 
 AM_CONDITIONAL([WITH_LINUX], [test "$with_linux" = "yes"])
 AM_CONDITIONAL([WITH_FREEBSD], [test "$with_freebsd" = "yes"])
+AM_CONDITIONAL([WITH_MACOS], [test "$with_macos" = "yes"])
 
-# We don't support the daemon yet
 if test "$with_win" = "yes" ; then
+  # We don't support the daemon yet
   with_libvirtd=no
+
+  # For AI_ADDRCONFIG
+  AC_DEFINE([_WIN32_WINNT], [0x0600], [Win Vista / Server 2008])
+  AC_DEFINE([WINVER], [0x0600], [Win Vista / Server 2008])
 fi
 
 # The daemon requires remote support.  Likewise, if we are not using
@@ -280,7 +297,6 @@ LIBVIRT_ARG_YAJL
 
 LIBVIRT_CHECK_ACL
 LIBVIRT_CHECK_APPARMOR
-LIBVIRT_CHECK_ATOMIC
 LIBVIRT_CHECK_ATTR
 LIBVIRT_CHECK_AUDIT
 LIBVIRT_CHECK_BASH_COMPLETION
@@ -293,6 +309,7 @@ LIBVIRT_CHECK_DLOPEN
 LIBVIRT_CHECK_FIREWALLD
 LIBVIRT_CHECK_FIREWALLD_ZONE
 LIBVIRT_CHECK_FUSE
+LIBVIRT_CHECK_GLIB
 LIBVIRT_CHECK_GLUSTER
 LIBVIRT_CHECK_GNUTLS
 LIBVIRT_CHECK_HAL
@@ -328,8 +345,8 @@ AC_CHECK_SIZEOF([long])
 dnl Availability of various common functions (non-fatal if missing),
 dnl and various less common threadsafe functions
 AC_CHECK_FUNCS_ONCE([\
-  cfmakeraw \
   fallocate \
+  getegid \
   geteuid \
   getgid \
   getifaddrs \
@@ -337,11 +354,13 @@ AC_CHECK_FUNCS_ONCE([\
   getpwuid_r \
   getrlimit \
   getuid \
+  getutxid \
   if_indextoname \
   mmap \
   newlocale \
   posix_fallocate \
   posix_memalign \
+  pipe2 \
   prlimit \
   sched_getaffinity \
   sched_setscheduler \
@@ -357,18 +376,22 @@ dnl Availability of various common headers (non-fatal if missing).
 AC_CHECK_HEADERS([\
   ifaddrs.h \
   libtasn1.h \
+  util.h \
+  libutil.h \
   linux/magic.h \
   mntent.h \
   net/ethernet.h \
-  netinet/tcp.h \
+  net/if.h \
+  pty.h \
   pwd.h \
   stdarg.h \
   syslog.h \
+  sys/ioctl.h \
   sys/mount.h \
   sys/syscall.h \
   sys/sysctl.h \
   sys/ucred.h \
-  sys/un.h \
+  xlocale.h \
   ])
 dnl Check whether endian provides handy macros.
 AC_CHECK_DECLS([htole64], [], [], [[#include <endian.h>]])
@@ -404,6 +427,7 @@ dnl header could be found.
 AM_CONDITIONAL([HAVE_LIBTASN1], [test "x$ac_cv_header_libtasn1_h" = "xyes"])
 
 AC_CHECK_LIB([intl],[gettext],[])
+AC_CHECK_LIB([util],[openpty],[])
 
 
 dnl
@@ -430,8 +454,6 @@ dnl
 LIBVIRT_DRIVER_ARG_QEMU
 LIBVIRT_DRIVER_ARG_OPENVZ
 LIBVIRT_DRIVER_ARG_VMWARE
-LIBVIRT_DRIVER_ARG_PHYP
-LIBVIRT_DRIVER_ARG_XENAPI
 LIBVIRT_DRIVER_ARG_LIBXL
 LIBVIRT_DRIVER_ARG_VBOX
 LIBVIRT_DRIVER_ARG_LXC
@@ -448,8 +470,6 @@ LIBVIRT_DRIVER_ARG_INTERFACE
 LIBVIRT_DRIVER_CHECK_QEMU
 LIBVIRT_DRIVER_CHECK_OPENVZ
 LIBVIRT_DRIVER_CHECK_VMWARE
-LIBVIRT_DRIVER_CHECK_PHYP
-LIBVIRT_DRIVER_CHECK_XENAPI
 LIBVIRT_DRIVER_CHECK_LIBXL
 LIBVIRT_DRIVER_CHECK_VBOX
 LIBVIRT_DRIVER_CHECK_LXC
@@ -463,8 +483,6 @@ LIBVIRT_DRIVER_CHECK_LIBVIRTD
 LIBVIRT_DRIVER_CHECK_NETWORK
 LIBVIRT_DRIVER_CHECK_INTERFACE
 
-AM_CONDITIONAL([WITH_XENCONFIG], [test "$with_libxl" = "yes"])
-
 
 dnl
 dnl in case someone want to build static binaries
@@ -512,9 +530,6 @@ dnl
 AC_CHECK_HEADERS([linux/kvm.h])
 
 
-AM_CONDITIONAL([WITH_SETUID_RPC_CLIENT], [test "$with_lxc$with_login_shell" != "nono"])
-
-
 dnl
 dnl check for kernel headers required by src/bridge.c
 dnl
@@ -682,10 +697,23 @@ if test "$with_linux" = "yes"; then
 fi
 
 dnl Allow perl/python overrides
-AC_PATH_PROGS([PYTHON], [python3 python2 python])
+AC_PATH_PROGS([PYTHON], [python3])
 if test -z "$PYTHON"; then
-    AC_MSG_ERROR(['python3', 'python2' or 'python' binary is required to build libvirt])
+    AC_MSG_ERROR(['python3' binary is required to build libvirt])
 fi
+AC_DEFINE_UNQUOTED([PYTHON], "$PYTHON", [path to python binary])
+AC_PATH_PROG([FLAKE8], [flake8])
+if test -z "$FLAKE8"; then
+    AC_MSG_WARN(['flake8' binary is required to check python code style])
+fi
+
+dnl Python3 < 3.7 treats the C locale as 7-bit only.
+dnl We must force env vars so it treats it as UTF-8
+dnl regardless of the user's locale.
+RUNUTF8="LC_ALL= LANG=C LC_CTYPE=en_US.UTF-8"
+AC_SUBST(RUNUTF8)
+
+
 AC_PATH_PROG([PERL], [perl])
 if test -z "$PERL"; then
          AC_MSG_ERROR(['perl' binary is required to build libvirt])
@@ -710,7 +738,7 @@ AM_CONDITIONAL([WITH_TESTS], [test "$with_test_suite" = "yes"])
 
 LIBVIRT_ARG_ENABLE([EXPENSIVE_TESTS],
                    [set the default for enabling expensive tests ]
-                     [(gnulib and long timeouts), use VIR_TEST_EXPENSIVE to ]
+                     [(long timeouts), use VIR_TEST_EXPENSIVE to ]
                      [override during make],
                    [check])
 case "$enable_expensive_tests" in
@@ -729,37 +757,25 @@ fi
 AC_SUBST([VIR_TEST_EXPENSIVE_DEFAULT])
 AM_CONDITIONAL([WITH_EXPENSIVE_TESTS], [test $VIR_TEST_EXPENSIVE_DEFAULT = 1])
 
-LIBVIRT_ARG_ENABLE([TEST_OOM], [memory allocation failure checking], [no])
-case "$enable_test_oom" in
+LIBVIRT_ARG_ENABLE([TEST_COVERAGE], [turn on code coverage instrumentation], [no])
+case "$enable_test_coverage" in
   yes|no) ;;
-  *) AC_MSG_ERROR([bad value ${enable_test_oom} for test-oom option]) ;;
+  *) AC_MSG_ERROR([bad value ${enable_test_coverga} for test-coverage option]) ;;
 esac
 
-if test "$enable_test_oom" = yes; then
-  have_trace=yes
-  AC_CHECK_HEADER([execinfo.h],[],[have_trace=no])
-  AC_CHECK_FUNC([backtrace],[],[have_trace=no])
-  if test "$have_trace" = "yes"; then
-    AC_DEFINE([TEST_OOM_TRACE], 1, [Whether backtrace() is available])
-  fi
-  AC_DEFINE([TEST_OOM], 1, [Whether malloc OOM checking is enabled])
+if test "$enable_test_coverage" = yes; then
+  save_WARN_CFLAGS=$WARN_CFLAGS
+  WARN_CFLAGS=
+  gl_WARN_ADD([-fprofile-arcs])
+  gl_WARN_ADD([-ftest-coverage])
+  COVERAGE_FLAGS=$WARN_CFLAGS
+  AC_SUBST([COVERAGE_CFLAGS], [$COVERAGE_FLAGS])
+  AC_SUBST([COVERAGE_LDFLAGS], [$COVERAGE_FLAGS])
+  WARN_CFLAGS=$save_WARN_CFLAGS
 fi
 
-LIBVIRT_ARG_ENABLE([TEST_LOCKING], [thread locking tests using CIL], [no])
-case "$enable_test_locking" in
-  yes|no) ;;
-  *) AC_MSG_ERROR([bad value ${enable_test_locking} for test-locking option]) ;;
-esac
-
-if test "$enable_test_locking" = "yes"; then
-  LOCK_CHECKING_CFLAGS="-save-temps"
-  AC_SUBST([LOCK_CHECKING_CFLAGS])
-fi
-AM_CONDITIONAL([WITH_CIL],[test "$enable_test_locking" = "yes"])
-
-dnl Cygwin, MinGW and MSVC checks
+dnl MinGW checks
 LIBVIRT_WIN_CHECK_COMMON
-LIBVIRT_WIN_CHECK_CYGWIN
 LIBVIRT_WIN_CHECK_MINGW
 LIBVIRT_WIN_CHECK_SYMBOLS
 LIBVIRT_WIN_CHECK_WINDRES
@@ -861,6 +877,12 @@ AC_CHECK_DECLS([clock_serv_t, host_get_clock_service, clock_get_time],
                 #include <mach/mach.h>
                ])
 
+# Check if we have new enough kernel to support BPF devices for cgroups v2
+if test "$with_linux" = "yes"; then
+    AC_CHECK_DECLS([BPF_PROG_QUERY, BPF_CGROUP_DEVICE],
+                   [], [], [#include <linux/bpf.h>])
+fi
+
 # Check if we need to look for ifconfig
 if test "$want_ifconfig" = "yes"; then
      AC_PATH_PROG([IFCONFIG_PATH], [ifconfig])
@@ -885,17 +907,16 @@ test "x$lv_cv_static_analysis" = xyes && t=1
 AC_DEFINE_UNQUOTED([STATIC_ANALYSIS], [$t],
   [Define to 1 when performing static analysis.])
 
-# Some GNULIB base64 symbols clash with a kerberos library
-AC_DEFINE_UNQUOTED([isbase64],[libvirt_gl_isbase64],[Hack to avoid symbol clash])
-AC_DEFINE_UNQUOTED([base64_encode],[libvirt_gl_base64_encode],[Hack to avoid symbol clash])
-AC_DEFINE_UNQUOTED([base64_encode_alloc],[libvirt_gl_base64_encode_alloc],[Hack to avoid symbol clash])
+GNUmakefile=GNUmakefile
+m4_if(m4_version_compare([2.61a.100],
+        m4_defn([m4_PACKAGE_VERSION])), [1], [],
+      [AC_CONFIG_LINKS([$GNUmakefile:$GNUmakefile], [],
+        [GNUmakefile=$GNUmakefile])])
 
 AC_CONFIG_FILES([run],
                 [chmod +x,-w run])
 AC_CONFIG_FILES([\
         Makefile src/Makefile include/libvirt/Makefile docs/Makefile \
-        gnulib/lib/Makefile \
-        gnulib/tests/Makefile \
         .color_coded \
         .ycm_extra_conf.py \
         libvirt.pc \
@@ -923,10 +944,8 @@ LIBVIRT_DRIVER_RESULT_QEMU
 LIBVIRT_DRIVER_RESULT_OPENVZ
 LIBVIRT_DRIVER_RESULT_VMWARE
 LIBVIRT_DRIVER_RESULT_VBOX
-LIBVIRT_DRIVER_RESULT_XENAPI
 LIBVIRT_DRIVER_RESULT_LIBXL
 LIBVIRT_DRIVER_RESULT_LXC
-LIBVIRT_DRIVER_RESULT_PHYP
 LIBVIRT_DRIVER_RESULT_ESX
 LIBVIRT_DRIVER_RESULT_HYPERV
 LIBVIRT_DRIVER_RESULT_VZ
@@ -977,6 +996,7 @@ LIBVIRT_RESULT_DLOPEN
 LIBVIRT_RESULT_FIREWALLD
 LIBVIRT_RESULT_FIREWALLD_ZONE
 LIBVIRT_RESULT_FUSE
+LIBVIRT_RESULT_GLIB
 LIBVIRT_RESULT_GLUSTER
 LIBVIRT_RESULT_GNUTLS
 LIBVIRT_RESULT_HAL
@@ -1004,7 +1024,6 @@ LIBVIRT_RESULT_SSH2
 LIBVIRT_RESULT_UDEV
 LIBVIRT_RESULT_VIRTUALPORT
 LIBVIRT_RESULT_XDR
-LIBVIRT_RESULT_XENAPI
 LIBVIRT_RESULT_YAJL
 AC_MSG_NOTICE([])
 AC_MSG_NOTICE([Windows])
@@ -1014,13 +1033,13 @@ LIBVIRT_WIN_RESULT_WINDRES
 AC_MSG_NOTICE([])
 AC_MSG_NOTICE([Test suite])
 AC_MSG_NOTICE([])
-AC_MSG_NOTICE([        Alloc OOM: $enable_test_oom])
+LIBVIRT_RESULT([Coverage], [$enable_test_coverage])
 AC_MSG_NOTICE([])
 AC_MSG_NOTICE([Miscellaneous])
 AC_MSG_NOTICE([])
 LIBVIRT_RESULT_DEBUG
-AC_MSG_NOTICE([       Use -Werror: $enable_werror])
-AC_MSG_NOTICE([     Warning Flags: $WARN_CFLAGS])
+LIBVIRT_RESULT([Use -Werror], [$enable_werror])
+LIBVIRT_RESULT([Warning Flags], [$WARN_CFLAGS])
 LIBVIRT_RESULT_DTRACE
 LIBVIRT_RESULT_NUMAD
 LIBVIRT_RESULT_INIT_SCRIPT

docs/Makefile.am

@@ -17,7 +17,6 @@
 ## <http://www.gnu.org/licenses/>.
 
 HTML_DIR = $(docdir)/html
-DEVHELP_DIR=$(datadir)/gtk-doc/html/libvirt
 
 modules = \
 	libvirt-common \
@@ -36,6 +35,34 @@ modules = \
 	virterror \
 	$(NULL)
 
+modules_admin = libvirt-admin
+modules_qemu = libvirt-qemu
+modules_lxc = libvirt-lxc
+
+all: vpathhack
+
+# This hack enables us to view the web pages
+# from within the uninstalled build tree
+vpathhack:
+	@for dir in fonts js logos; \
+	do \
+	  test -e $$dir || ln -s $(srcdir)/$$dir $$dir ; \
+	done
+	@for file in $(assets); \
+	do \
+	  test -e $$file || ln -s $(srcdir)/$$file $$file ; \
+	done
+
+clean-local:
+	for dir in fonts js logos; \
+	do \
+	  rm -f $$dir ; \
+	done
+	for file in $(assets); \
+	do \
+	  rm -f $$file ; \
+	done
+
 apihtml = \
   html/index.html \
   $(apihtml_generated)
@@ -44,34 +71,48 @@ apihtml_generated = \
 	$(addprefix html/libvirt-,$(addsuffix .html,$(modules))) \
 	$(NULL)
 
+apiadminhtml = \
+  html/index-admin.html \
+  $(apiadminhtml_generated)
+
+apiadminhtml_generated = \
+	$(addprefix html/libvirt-,$(addsuffix .html,$(modules_admin))) \
+	$(NULL)
+
+apiqemuhtml = \
+  html/index-qemu.html \
+  $(apiqemuhtml_generated)
+
+apiqemuhtml_generated = \
+	$(addprefix html/libvirt-,$(addsuffix .html,$(modules_qemu))) \
+	$(NULL)
+
+apilxchtml = \
+  html/index-lxc.html \
+  $(apilxchtml_generated)
+
+apilxchtml_generated = \
+	$(addprefix html/libvirt-,$(addsuffix .html,$(modules_lxc))) \
+	$(NULL)
+
 apipng = \
   html/left.png \
   html/up.png \
   html/home.png \
   html/right.png
 
-devhelphtml = \
-  devhelp/libvirt.devhelp \
-  devhelp/index.html \
-  devhelp/general.html \
-  $(devhelphtml_generated)
-
-devhelphtml_generated = \
-	$(addprefix devhelp/libvirt-,$(addsuffix .html,$(modules))) \
-	$(NULL)
-
-css = \
-  generic.css \
-  libvirt.css \
-  mobile.css \
-  main.css
+apirefdir = $(HTML_DIR)/html
+apiref_DATA = $(apihtml) $(apiadminhtml) $(apiqemuhtml) $(apilxchtml) $(apipng)
 
 javascript = \
   js/main.js \
   $(NULL)
 
+javascriptdir = $(HTML_DIR)/js
+javascript_DATA = $(javascript)
+
 fonts = \
-  fonts/LICENSE.md \
+  fonts/LICENSE.rst \
   fonts/stylesheet.css \
   fonts/overpass-bold-italic.woff \
   fonts/overpass-bold.woff \
@@ -84,15 +125,8 @@ fonts = \
   fonts/overpass-mono-semibold.woff \
   fonts/overpass-regular.woff
 
-devhelppng = \
-  devhelp/home.png \
-  devhelp/left.png \
-  devhelp/right.png \
-  devhelp/up.png
-
-devhelpcss = devhelp/style.css
-
-devhelpxsl = devhelp/devhelp.xsl devhelp/html.xsl
+fontsdir = $(HTML_DIR)/fonts
+fonts_DATA = $(fonts)
 
 logofiles = \
   logos/logo-base.svg \
@@ -113,55 +147,192 @@ logofiles = \
   logos/logo-banner-light-256.png \
   logos/logo-banner-light-800.png
 
-png = \
-  32favicon.png \
+logofilesdir = $(HTML_DIR)/logos
+logofiles_DATA = $(logofiles)
+
+assets = \
+  android-chrome-192x192.png \
+  android-chrome-256x256.png \
+  apple-touch-icon.png \
+  architecture.gif \
+  browserconfig.xml \
+  favicon.ico \
+  favicon-16x16.png \
+  favicon-32x32.png \
+  generic.css \
+  libvirt.css \
   libvirt-daemon-arch.png \
   libvirt-driver-arch.png \
   libvirt-object-model.png \
+  libvirt-virConnect-example.png \
+  main.css \
+  manifest.json \
   migration-managed-direct.png \
   migration-managed-p2p.png \
   migration-native.png \
   migration-tunnel.png \
-  migration-unmanaged-direct.png
-
-gif = \
-  architecture.gif \
-  node.gif
-
+  migration-unmanaged-direct.png \
+  mobile.css \
+  mstile-150x150.png \
+  node.gif \
+  $(NULL)
 
 internals_html_in = \
   $(patsubst $(srcdir)/%,%,$(wildcard $(srcdir)/internals/*.html.in))
-internals_html = $(internals_html_in:%.html.in=%.html)
+internals_rst = \
+  $(patsubst $(srcdir)/%,%,$(wildcard $(srcdir)/internals/*.rst))
+internals_rst_html_in = \
+  $(internals_rst:%.rst=%.html.in)
+internals_html = \
+  $(internals_html_in:%.html.in=%.html) \
+  $(internals_rst_html_in:%.html.in=%.html)
+
+internalsdir = $(HTML_DIR)/internals
+internals_DATA = $(internals_html)
 
 kbase_html_in = \
   $(patsubst $(srcdir)/%,%,$(wildcard $(srcdir)/kbase/*.html.in))
-kbase_html = $(kbase_html_in:%.html.in=%.html)
+kbase_rst = \
+  $(patsubst $(srcdir)/%,%,$(wildcard $(srcdir)/kbase/*.rst))
+kbase_rst_html_in = \
+  $(kbase_rst:%.rst=%.html.in)
+kbase_html = \
+  $(kbase_html_in:%.html.in=%.html) \
+  $(kbase_rst_html_in:%.html.in=%.html)
+
+kbasedir = $(HTML_DIR)/kbase
+kbase_DATA = $(kbase_html)
+
+# Sync with src/util/
+KEYCODES = linux osx atset1 atset2 atset3 xtkbd usb win32 qnum
+KEYNAMES = linux osx win32
+
+manpages_rst = \
+  manpages/index.rst \
+  $(NULL)
+manpages1_rst = \
+  manpages/virt-pki-validate.rst \
+  manpages/virt-xml-validate.rst \
+  manpages/virt-admin.rst \
+  manpages/virsh.rst \
+  $(NULL)
+manpages7_rst = \
+  $(KEYCODES:%=manpages/virkeycode-%.rst) \
+  $(KEYNAMES:%=manpages/virkeyname-%.rst) \
+  $(NULL)
+manpages8_rst = $(NULL)
+manpages_rst += \
+  $(manpages1_rst) \
+  $(manpages7_rst) \
+  $(manpages8_rst) \
+  $(NULL)
+if WITH_LIBVIRTD
+manpages8_rst += \
+  manpages/libvirtd.rst \
+  manpages/virtlockd.rst \
+  manpages/virtlogd.rst \
+  $(NULL)
+else ! WITH_LIBVIRTD
+manpages_rst += \
+  manpages/libvirtd.rst \
+  manpages/virtlockd.rst \
+  manpages/virtlogd.rst \
+  $(NULL)
+endif ! WITH_LIBVIRTD
+if WITH_HOST_VALIDATE
+  manpages1_rst += manpages/virt-host-validate.rst
+else ! WITH_HOST_VALIDATE
+  manpages_rst += manpages/virt-host-validate.rst
+endif ! WITH_HOST_VALIDATE
+if WITH_LOGIN_SHELL
+  manpages1_rst += manpages/virt-login-shell.rst
+else ! WITH_LOGIN_SHELL
+  manpages_rst += manpages/virt-login-shell.rst
+endif ! WITH_LOGIN_SHELL
+if WITH_SANLOCK
+  manpages8_rst += manpages/virt-sanlock-cleanup.rst
+else ! WITH_SANLOCK
+  manpages_rst += manpages/virt-sanlock-cleanup.rst
+endif ! WITH_SANLOCK
+if WITH_QEMU
+  manpages1_rst += manpages/virt-qemu-run.rst
+else ! WITH_QEMU
+  manpages_rst += manpages/virt-qemu-run.rst
+endif ! WITH_QEMU
+manpages_rst_html_in = \
+  $(manpages_rst:%.rst=%.html.in)
+manpages_html = \
+  $(manpages_rst_html_in:%.html.in=%.html)
+
+man1_MANS = $(manpages1_rst:%.rst=%.1)
+man7_MANS = $(manpages7_rst:%.rst=%.7)
+man8_MANS = $(manpages8_rst:%.rst=%.8)
+
+%.1: %.rst
+	$(AM_V_GEN)$(MKDIR_P) `dirname $@` && \
+	   grep -v '^\.\. contents::' < $< | \
+	   sed -e 's|SYSCONFDIR|$(sysconfdir)|g' \
+	       -e 's|RUNSTATEDIR|$(runstatedir)|g' | \
+	   $(RST2MAN) --strict > $@ || { rm $@ && exit 1; }
+
+%.7: %.rst
+	$(AM_V_GEN)$(MKDIR_P) `dirname $@` && \
+	   grep -v '^\.\. contents::' < $< | \
+	   sed -e 's|SYSCONFDIR|$(sysconfdir)|g' \
+	       -e 's|RUNSTATEDIR|$(runstatedir)|g' | \
+	   $(RST2MAN) --strict > $@ || { rm $@ && exit 1; }
+
+%.8: %.rst
+	$(AM_V_GEN)$(MKDIR_P) `dirname $@` && \
+	   grep -v '^\.\. contents::' < $< | \
+	   sed -e 's|SYSCONFDIR|$(sysconfdir)|g' \
+	       -e 's|RUNSTATEDIR|$(runstatedir)|g' | \
+	   $(RST2MAN) --strict > $@ || { rm $@ && exit 1; }
+
+manpages/virkeycode-%.rst: $(top_srcdir)/src/keycodemapdb/data/keymaps.csv \
+		$(top_srcdir)/src/keycodemapdb/tools/keymap-gen Makefile.am
+	$(AM_V_GEN)export NAME=`echo $@ | \
+		sed -e 's,manpages/virkeycode-,,' -e 's,\.rst,,'` && \
+		$(MKDIR_P) manpages/ && \
+		$(RUNUTF8) $(PYTHON) $(top_srcdir)/src/keycodemapdb/tools/keymap-gen \
+		code-docs \
+		--lang rst \
+		--title "virkeycode-$$NAME" \
+		--subtitle "Key code values for $$NAME" \
+		$(top_srcdir)/src/keycodemapdb/data/keymaps.csv $$NAME > $@
+
+manpages/virkeyname-%.rst: $(top_srcdir)/src/keycodemapdb/data/keymaps.csv \
+		$(top_srcdir)/src/keycodemapdb/tools/keymap-gen Makefile.am
+	$(AM_V_GEN)export NAME=`echo $@ | \
+		sed -e 's,manpages/virkeyname-,,' -e 's,\.rst,,'` && \
+		$(MKDIR_P) manpages/ && \
+		$(RUNUTF8) $(PYTHON) $(top_srcdir)/src/keycodemapdb/tools/keymap-gen \
+		name-docs \
+		--lang rst \
+		--title "virkeyname-$$NAME" \
+		--subtitle "Key name values for $$NAME" \
+		$(top_srcdir)/src/keycodemapdb/data/keymaps.csv $$NAME > $@
+
+manpagesdir = $(HTML_DIR)/manpages
+manpages_DATA = $(manpages_html)
 
-# Since we ship pre-built html in the tarball, we must also
-# ship the sources, even when those sources are themselves
-# generated.
 # Generate hvsupport.html and news.html first, since they take one extra step.
-dot_html_in = \
+dot_html_generated_in = \
   hvsupport.html.in \
-  news.html.in \
+  news.html.in
+dot_html_in = \
   $(notdir $(wildcard $(srcdir)/*.html.in))
-dot_html = $(dot_html_in:%.html.in=%.html)
+dot_rst = \
+  $(notdir $(wildcard $(srcdir)/*.rst))
+dot_rst_html_in = \
+  $(dot_rst:%.rst=%.html)
+dot_html = \
+  $(dot_html_generated_in:%.html.in=%.html) \
+  $(dot_html_in:%.html.in=%.html) \
+  $(dot_rst_html_in:%.html.in=%.html)
 
-xml = \
-  libvirt-api.xml \
-  libvirt-refs.xml
-
-qemu_xml = \
-  libvirt-qemu-api.xml \
-  libvirt-qemu-refs.xml
-
-lxc_xml = \
-  libvirt-lxc-api.xml \
-  libvirt-lxc-refs.xml
-
-admin_xml = \
-  libvirt-admin-api.xml \
-  libvirt-admin-refs.xml
+htmldir = $(HTML_DIR)
+html_DATA = $(assets) $(dot_html)
 
 apidir = $(pkgdatadir)/api
 api_DATA = \
@@ -184,32 +355,39 @@ schemadir = $(pkgdatadir)/schemas
 schema_DATA = $(wildcard $(srcdir)/schemas/*.rng)
 
 EXTRA_DIST= \
-  apibuild.py genaclperms.pl \
   site.xsl subsite.xsl newapi.xsl page.xsl \
   wrapstring.xsl \
-  $(dot_html) $(dot_html_in) $(gif) $(apihtml) $(apipng) \
-  $(devhelphtml) $(devhelppng) $(devhelpcss) $(devhelpxsl) \
-  $(xml) $(qemu_xml) $(lxc_xml) $(admin_xml) $(fig) $(png) $(css) \
+  $(dot_html_in) $(dot_rst) $(apipng) \
+  $(fig) $(assets) \
   $(javascript) $(logofiles) \
-  $(internals_html_in) $(internals_html) $(fonts) \
-  $(kbase_html_in) $(kbase_html) \
+  $(internals_html_in) $(internals_rst) $(fonts) \
+  $(kbase_html_in) $(kbase_rst) \
+  $(manpages_rst) \
   aclperms.htmlinc \
-  hvsupport.pl \
   $(schema_DATA)
 
 acl_generated = aclperms.htmlinc
 
-$(srcdir)/aclperms.htmlinc: $(top_srcdir)/src/access/viraccessperm.h \
-        $(srcdir)/genaclperms.pl Makefile.am
-	$(AM_V_GEN)$(PERL) $(srcdir)/genaclperms.pl $< > $@
+aclperms.htmlinc: $(top_srcdir)/src/access/viraccessperm.h \
+        $(top_srcdir)/scripts/genaclperms.py Makefile.am
+	$(AM_V_GEN)$(RUNUTF8) $(PYTHON) $(top_srcdir)/scripts/genaclperms.py $< > $@
 
-MAINTAINERCLEANFILES = \
-  $(addprefix $(srcdir)/,$(dot_html)) \
-  $(addprefix $(srcdir)/,$(apihtml)) \
-  $(addprefix $(srcdir)/,$(devhelphtml)) \
-  $(addprefix $(srcdir)/,$(internals_html)) \
-  $(addprefix $(srcdir)/,$(kbase_html)) \
-  $(srcdir)/hvsupport.html.in $(srcdir)/aclperms.htmlinc
+CLEANFILES = \
+  $(dot_html) \
+  $(apihtml) \
+  $(apiadminhtml) \
+  $(apiqemuhtml) \
+  $(apilxchtml) \
+  $(internals_html) \
+  $(kbase_html) \
+  $(manpages_html) \
+  $(man1_MANS) \
+  $(man7_MANS) \
+  $(manpages7_rst) \
+  $(man8_MANS) \
+  $(api_DATA) \
+  $(dot_html_generated_in) \
+  aclperms.htmlinc
 
 timestamp="$(shell if test -n "$$SOURCE_DATE_EPOCH"; \
 		   then \
@@ -218,24 +396,14 @@ timestamp="$(shell if test -n "$$SOURCE_DATE_EPOCH"; \
 		     date -u; \
 		   fi)"
 
-all-am: web
+hvsupport.html: hvsupport.html.in
 
-api: $(srcdir)/libvirt-api.xml $(srcdir)/libvirt-refs.xml
-qemu_api: $(srcdir)/libvirt-qemu-api.xml $(srcdir)/libvirt-qemu-refs.xml
-lxc_api: $(srcdir)/libvirt-lxc-api.xml $(srcdir)/libvirt-lxc-refs.xml
-admin_api: $(srcdir)/libvirt-admin-api.xml $(srcdir)/libvirt-admin-refs.xml
-
-web: $(dot_html) $(internals_html) $(kbase_html) \
-	html/index.html devhelp/index.html
-
-hvsupport.html: $(srcdir)/hvsupport.html.in
-
-$(srcdir)/hvsupport.html.in: $(srcdir)/hvsupport.pl $(api_DATA) \
+hvsupport.html.in: $(top_srcdir)/scripts/hvsupport.py $(api_DATA) \
 		$(top_srcdir)/src/libvirt_public.syms \
 	$(top_srcdir)/src/libvirt_qemu.syms $(top_srcdir)/src/libvirt_lxc.syms \
 	$(top_srcdir)/src/driver.h
-	$(AM_V_GEN)$(PERL) $(srcdir)/hvsupport.pl $(top_srcdir)/src > $@ \
-		|| { rm $@ && exit 1; }
+	$(AM_V_GEN)$(RUNUTF8) $(PYTHON) $(top_srcdir)/scripts/hvsupport.py \
+		$(top_srcdir) $(top_builddir) > $@ || { rm $@ && exit 1; }
 
 news.html.in: \
 	  $(srcdir)/news.xml \
@@ -249,15 +417,28 @@ EXTRA_DIST += \
 	$(srcdir)/news.xml \
 	$(srcdir)/news.rng \
 	$(srcdir)/news-html.xsl
-MAINTAINERCLEANFILES += \
-	$(srcdir)/news.html.in
 
 %.png: %.fig
 	convert -rotate 90 $< $@
 
+manpages/%.html.in: manpages/%.rst
+	$(AM_V_GEN)$(MKDIR_P) `dirname $@` && \
+	 grep -v '^:Manual ' < $< | \
+	  sed -e 's|SYSCONFDIR|$(sysconfdir)|g' \
+	     -e 's|RUNSTATEDIR|$(runstatedir)|g' | \
+	  $(RST2HTML) --strict > $@ || { rm $@ && exit 1; }
+
+%.html.in: %.rst
+	$(AM_V_GEN)$(MKDIR_P) `dirname $@` && \
+	  $(RST2HTML) --strict $< > $@ || { rm $@ && exit 1; }
+
 %.html.tmp: %.html.in site.xsl subsite.xsl page.xsl \
 		$(acl_generated)
 	$(AM_V_GEN)name=`echo $@ | sed -e 's/.tmp//'`; \
+	  genhtmlin=`echo $@ | sed -e 's/.tmp/.in/'`; \
+	  rst=`echo $@ | sed -e 's/.html.tmp/.rst/'`; \
+	  src="$$genhtmlin"; \
+	  test -f "$$genhtmlin" && src="$$rst"; \
 	  dir=`dirname $@` ; \
 	  if test "$$dir" = "."; \
 	  then \
@@ -267,51 +448,54 @@ MAINTAINERCLEANFILES += \
 	    style=subsite.xsl; \
 	  fi; \
 	  $(XSLTPROC) --stringparam pagename $$name \
+	    --stringparam pagesrc $$src \
+	    --stringparam builddir '$(abs_top_builddir)' \
 	    --stringparam timestamp $(timestamp) --nonet \
 	    $(top_srcdir)/docs/$$style $< > $@ \
 	    || { rm $@ && exit 1; }
 
 %.html: %.html.tmp
-	$(AM_V_GEN)$(XMLLINT) --nonet --format $< > $(srcdir)/$@ \
-	  || { rm $(srcdir)/$@ && exit 1; }
+	$(AM_V_GEN)$(XMLLINT) --nonet --format $< > $@ \
+	  || { rm $@ && exit 1; }
 
 $(apihtml_generated): html/index.html
+$(apiadminhtml_generated): html/index-admin.html
+$(apiqemuhtml_generated): html/index-qemu.html
+$(apilxchtml_generated): html/index-lxc.html
 
 html/index.html: libvirt-api.xml newapi.xsl page.xsl $(APIBUILD_STAMP)
-	$(AM_V_GEN)$(XSLTPROC) --nonet -o $(srcdir)/ \
+	$(AM_V_GEN)$(XSLTPROC) --nonet -o ./ \
 	  --stringparam builddir '$(abs_top_builddir)' \
 	  --stringparam timestamp $(timestamp) \
-	  $(srcdir)/newapi.xsl $(srcdir)/libvirt-api.xml && \
-	  $(XMLLINT) --nonet --noout $(srcdir)/html/*.html
+	  $(srcdir)/newapi.xsl libvirt-api.xml
 
-$(addprefix $(srcdir)/,$(devhelphtml)): $(srcdir)/libvirt-api.xml $(devhelpxsl)
-	$(AM_V_GEN)$(XSLTPROC) --stringparam timestamp $(timestamp) \
-	  --nonet -o $(srcdir)/devhelp/ \
-	  $(top_srcdir)/docs/devhelp/devhelp.xsl $(srcdir)/libvirt-api.xml
+html/index-%.html: libvirt-%-api.xml newapi.xsl page.xsl $(APIBUILD_STAMP)
+	$(AM_V_GEN)$(XSLTPROC) --nonet -o ./ \
+	  --stringparam builddir '$(abs_top_builddir)' \
+	  --stringparam timestamp $(timestamp) \
+	  --stringparam indexfile $(@:html/%=%) \
+	  $(srcdir)/newapi.xsl $<
 
+check-html:
+	$(XMLLINT) --nonet --noout html/*.html
+
+check-local: check-html
 
 python_generated_files = \
-		$(srcdir)/html/libvirt-libvirt-lxc.html \
-		$(srcdir)/html/libvirt-libvirt-qemu.html \
-		$(srcdir)/html/libvirt-libvirt-admin.html \
-		$(srcdir)/html/libvirt-virterror.html \
-		$(srcdir)/libvirt-api.xml \
-		$(srcdir)/libvirt-refs.xml \
-		$(srcdir)/libvirt-lxc-api.xml \
-		$(srcdir)/libvirt-lxc-refs.xml \
-		$(srcdir)/libvirt-qemu-api.xml \
-		$(srcdir)/libvirt-qemu-refs.xml \
-		$(srcdir)/libvirt-admin-api.xml \
-		$(srcdir)/libvirt-admin-refs.xml \
+		html/libvirt-libvirt-lxc.html \
+		html/libvirt-libvirt-qemu.html \
+		html/libvirt-libvirt-admin.html \
+		html/libvirt-virterror.html \
+		$(api_DATA) \
 		$(NULL)
 
-APIBUILD=$(srcdir)/apibuild.py
-APIBUILD_STAMP=$(APIBUILD).stamp
-EXTRA_DIST += $(APIBUILD_STAMP)
+APIBUILD=$(top_srcdir)/scripts/apibuild.py
+APIBUILD_STAMP=apibuild.py.stamp
+CLEANFILES += $(APIBUILD_STAMP)
 
 $(python_generated_files): $(APIBUILD_STAMP)
 
-$(APIBUILD_STAMP): $(srcdir)/apibuild.py \
+$(APIBUILD_STAMP): $(top_srcdir)/scripts/apibuild.py \
 		$(top_srcdir)/include/libvirt/libvirt.h \
 		$(top_srcdir)/include/libvirt/libvirt-common.h.in \
 		$(top_srcdir)/include/libvirt/libvirt-domain-checkpoint.h \
@@ -344,77 +528,10 @@ $(APIBUILD_STAMP): $(srcdir)/apibuild.py \
 		$(top_srcdir)/src/libvirt-stream.c \
 		$(top_srcdir)/src/libvirt-lxc.c \
 		$(top_srcdir)/src/libvirt-qemu.c \
-		$(top_srcdir)/src/libvirt-admin.c \
+		$(top_srcdir)/src/admin/libvirt-admin.c \
 		$(top_srcdir)/src/util/virerror.c \
 		$(top_srcdir)/src/util/virevent.c \
-		$(top_srcdir)/src/util/virtypedparam.c
-	$(AM_V_GEN)srcdir=$(srcdir) builddir=$(builddir) $(PYTHON) $(APIBUILD)
+		$(top_srcdir)/src/util/virtypedparam-public.c
+	$(AM_V_GEN)srcdir=$(srcdir) builddir=$(builddir) \
+		$(RUNUTF8) $(PYTHON) $(APIBUILD)
 	touch $@
-
-
-check-local: all
-dist-local: all
-
-clean-local:
-	rm -f *~ *.bak *.hierarchy *.signals *-unused.txt *.html html/*.html
-
-maintainer-clean-local: clean-local
-	rm -rf $(srcdir)/libvirt-api.xml $(srcdir)/libvirt-refs.xml
-	rm -rf $(srcdir)/libvirt-qemu-api.xml $(srcdir)/libvirt-qemu-refs.xml
-	rm -rf $(srcdir)/libvirt-lxc-api.xml $(srcdir)/libvirt-lxc-refs.xml
-	rm -rf $(srcdir)/libvirt-admin-api.xml $(srcdir)/libvirt-admin-refs.xml
-	rm -rf $(APIBUILD_STAMP)
-
-rebuild: api qemu_api lxc_api admin_api all
-
-install-data-local:
-	$(mkinstalldirs) $(DESTDIR)$(HTML_DIR)
-	for f in $(css) $(dot_html) $(gif) $(png); do \
-	  $(INSTALL) -m 0644 $(srcdir)/$$f $(DESTDIR)$(HTML_DIR); done
-	$(mkinstalldirs) $(DESTDIR)$(HTML_DIR)/js
-	for f in $(javascript); do \
-	  $(INSTALL) -m 0644 $(srcdir)/$$f $(DESTDIR)$(HTML_DIR)/js/; done
-	$(mkinstalldirs) $(DESTDIR)$(HTML_DIR)/logos
-	for f in $(logofiles); do \
-	  $(INSTALL) -m 0644 $(srcdir)/$$f $(DESTDIR)$(HTML_DIR)/logos; done
-	$(mkinstalldirs) $(DESTDIR)$(HTML_DIR)/html
-	for h in $(apihtml); do \
-	  $(INSTALL) -m 0644 $(srcdir)/$$h $(DESTDIR)$(HTML_DIR)/html; done
-	for p in $(apipng); do \
-	  $(INSTALL) -m 0644 $(srcdir)/$$p $(DESTDIR)$(HTML_DIR)/html; done
-	$(mkinstalldirs) $(DESTDIR)$(HTML_DIR)/internals
-	for f in $(internals_html); do \
-	  $(INSTALL) -m 0644 $(srcdir)/$$f $(DESTDIR)$(HTML_DIR)/internals; done
-	$(mkinstalldirs) $(DESTDIR)$(HTML_DIR)/kbase
-	for f in $(kbase_html); do \
-	  $(INSTALL) -m 0644 $(srcdir)/$$f $(DESTDIR)$(HTML_DIR)/kbase; done
-	$(mkinstalldirs) $(DESTDIR)$(DEVHELP_DIR)
-	for file in $(devhelphtml) $(devhelppng) $(devhelpcss); do \
-	    $(INSTALL) -m 0644 $(srcdir)/$${file} $(DESTDIR)$(DEVHELP_DIR) ; \
-	done
-	$(mkinstalldirs) $(DESTDIR)$(HTML_DIR)/fonts
-	for f in $(fonts); do \
-	  $(INSTALL) -m 0644 $(srcdir)/$$f $(DESTDIR)$(HTML_DIR)/fonts; \
-	done
-
-uninstall-local:
-	for f in $(css) $(dot_html) $(gif) $(png) $(fonts); do \
-	  rm -f $(DESTDIR)$(HTML_DIR)/$$f; \
-	done
-	for f in $(logofiles); do \
-	  rm -f $(DESTDIR)$(HTML_DIR)/$$f; \
-	done
-	for f in $(javascript); do \
-	  rm -f $(DESTDIR)$(HTML_DIR)/$$f; \
-	done
-	for h in $(apihtml); do rm -f $(DESTDIR)$(HTML_DIR)/$$h; done
-	for p in $(apipng); do rm -f $(DESTDIR)$(HTML_DIR)/$$p; done
-	for f in $(internals_html); do \
-	  rm -f $(DESTDIR)$(HTML_DIR)/$$f; \
-	done
-	for f in $(kbase_html); do \
-	  rm -f $(DESTDIR)$(HTML_DIR)/$$f; \
-	done
-	for f in $(devhelphtml) $(devhelppng) $(devhelpcss); do \
-	  rm -f $(DESTDIR)$(DEVHELP_DIR)/$$(basename $$f); \
-	done

docs/aclpolkit.html.in

@@ -64,7 +64,7 @@
     </p>
 
     <h3><a id="object_connect">virConnectPtr</a></h3>
-    <table class="acl">
+    <table>
       <thead>
         <tr>
           <th>Attribute</th>
@@ -80,7 +80,7 @@
     </table>
 
     <h3><a id="object_domain">virDomainPtr</a></h3>
-    <table class="acl">
+    <table>
       <thead>
         <tr>
           <th>Attribute</th>
@@ -104,7 +104,7 @@
     </table>
 
     <h3><a id="object_interface">virInterfacePtr</a></h3>
-    <table class="acl">
+    <table>
       <thead>
         <tr>
           <th>Attribute</th>
@@ -128,7 +128,7 @@
     </table>
 
     <h3><a id="object_network">virNetworkPtr</a></h3>
-    <table class="acl">
+    <table>
       <thead>
         <tr>
           <th>Attribute</th>
@@ -152,7 +152,7 @@
     </table>
 
     <h3><a id="object_node_device">virNodeDevicePtr</a></h3>
-    <table class="acl">
+    <table>
       <thead>
         <tr>
           <th>Attribute</th>
@@ -172,7 +172,7 @@
     </table>
 
     <h3><a id="object_nwfilter">virNWFilterPtr</a></h3>
-    <table class="acl">
+    <table>
       <thead>
         <tr>
           <th>Attribute</th>
@@ -196,7 +196,7 @@
     </table>
 
     <h3><a id="object_secret">virSecretPtr</a></h3>
-    <table class="acl">
+    <table>
       <thead>
         <tr>
           <th>Attribute</th>
@@ -232,7 +232,7 @@
     </table>
 
     <h3><a id="object_storage_pool">virStoragePoolPtr</a></h3>
-    <table class="acl">
+    <table>
       <thead>
         <tr>
           <th>Attribute</th>
@@ -256,7 +256,7 @@
     </table>
 
     <h3><a id="object_storage_vol">virStorageVolPtr</a></h3>
-    <table class="acl">
+    <table>
       <thead>
         <tr>
           <th>Attribute</th>
@@ -317,7 +317,7 @@
     </p>
 
     <h3><a id="object_connect_driver">Connection Driver Name</a></h3>
-    <table class="acl">
+    <table>
       <thead>
         <tr>
           <th>Connection Driver</th>
@@ -365,10 +365,6 @@
           <td>openvz</td>
           <td>OPENVZ</td>
         </tr>
-        <tr>
-          <td>phyp</td>
-          <td>PHYP</td>
-        </tr>
         <tr>
           <td>qemu</td>
           <td>QEMU</td>
@@ -393,10 +389,6 @@
           <td>vz</td>
           <td>vz</td>
         </tr>
-        <tr>
-          <td>xenapi</td>
-          <td>XenAPI</td>
-        </tr>
       </tbody>
     </table>
 

docs/advanced-tests.rst

@@ -0,0 +1,178 @@
+=========================
+Advanced test suite usage
+=========================
+
+The basic requirement before submitting changes to libvirt is that
+
+::
+
+  $ make check
+  $ make syntax-check
+
+succeed after each commit.
+
+The libvirt test suite, however, support additional features: for
+example, it's possible to look for memory leaks and similar issues
+by running
+
+::
+
+  $ make -C tests valgrind
+
+`Valgrind <http://valgrind.org/>`__ is a test that checks for
+memory management issues, such as leaks or use of uninitialized
+variables.
+
+Some tests are skipped by default in a development environment,
+based on the time they take in comparison to the likelihood
+that those tests will turn up problems during incremental
+builds. These tests default to being run when building from a
+tarball or with the configure option --enable-expensive-tests;
+you can also force a one-time toggle of these tests by setting
+VIR_TEST_EXPENSIVE to 0 or 1 at make time, as in:
+
+::
+
+  $ make check VIR_TEST_EXPENSIVE=1
+
+If you encounter any failing tests, the VIR_TEST_DEBUG
+environment variable may provide extra information to debug the
+failures. Larger values of VIR_TEST_DEBUG may provide larger
+amounts of information:
+
+::
+
+  $ VIR_TEST_DEBUG=1 make check    (or)
+  $ VIR_TEST_DEBUG=2 make check
+
+When debugging failures during development, it is possible to
+focus in on just the failing subtests by using VIR_TEST_RANGE.
+I.e. to run all tests from 3 to 20 with the exception of tests
+6 and 16, use:
+
+::
+
+  $ VIR_TEST_DEBUG=1 VIR_TEST_RANGE=3-5,7-20,^16 ./run tests/qemuxml2argvtest
+
+Also, individual tests can be run from inside the ``tests/``
+directory, like:
+
+::
+
+  $ ./qemuxml2xmltest
+
+If you are adding new test cases, or making changes that alter
+existing test output, you can use the environment variable
+VIR_TEST_REGENERATE_OUTPUT to quickly update the saved test
+data. Of course you still need to review the changes VERY
+CAREFULLY to ensure they are correct.
+
+::
+
+  $ VIR_TEST_REGENERATE_OUTPUT=1 ./qemuxml2argvtest
+
+There is also a ``./run`` script at the top level, to make it
+easier to run programs that have not yet been installed, as
+well as to wrap invocations of various tests under gdb or
+Valgrind.
+
+When running our test suite it may happen that the test result
+is nondeterministic because of the test suite relying on a
+particular file in the system being accessible or having some
+specific value. To catch this kind of errors, the test suite
+has a module for that prints any path touched that fulfils
+constraints described above into a file. To enable it just set
+``VIR_TEST_FILE_ACCESS`` environment variable. Then
+``VIR_TEST_FILE_ACCESS_OUTPUT`` environment variable can alter
+location where the file is stored.
+
+::
+
+  $ VIR_TEST_FILE_ACCESS=1 VIR_TEST_FILE_ACCESS_OUTPUT="/tmp/file_access.txt" ./qemuxml2argvtest
+
+#. The Valgrind test should produce similar output to
+``make check``. If the output has traces within libvirt API's,
+then investigation is required in order to determine the cause
+of the issue. Output such as the following indicates some sort
+of leak:
+
+::
+
+  ==5414== 4 bytes in 1 blocks are definitely lost in loss record 3 of 89
+  ==5414==    at 0x4A0881C: malloc (vg_replace_malloc.c:270)
+  ==5414==    by 0x34DE0AAB85: xmlStrndup (in /usr/lib64/libxml2.so.2.7.8)
+  ==5414==    by 0x4CC97A6: virDomainVideoDefParseXML (domain_conf.c:7410)
+  ==5414==    by 0x4CD581D: virDomainDefParseXML (domain_conf.c:10188)
+  ==5414==    by 0x4CD8C73: virDomainDefParseNode (domain_conf.c:10640)
+  ==5414==    by 0x4CD8DDB: virDomainDefParse (domain_conf.c:10590)
+  ==5414==    by 0x41CB1D: testCompareXMLToArgvHelper (qemuxml2argvtest.c:100)
+  ==5414==    by 0x41E20F: virtTestRun (testutils.c:161)
+  ==5414==    by 0x41C7CB: mymain (qemuxml2argvtest.c:866)
+  ==5414==    by 0x41E84A: virtTestMain (testutils.c:723)
+  ==5414==    by 0x34D9021734: (below main) (in /usr/lib64/libc-2.15.so)
+
+In this example, the ``virDomainDefParseXML()`` had an error
+path where the ``virDomainVideoDefPtr video`` pointer was not
+properly disposed. By simply adding a
+``virDomainVideoDefFree(video);`` in the error path, the issue
+was resolved.
+
+Another common mistake is calling a printing function, such as
+``VIR_DEBUG()`` without initializing a variable to be printed.
+The following example involved a call which could return an
+error, but not set variables passed by reference to the call.
+The solution was to initialize the variables prior to the call.
+
+::
+
+  ==4749== Use of uninitialised value of size 8
+  ==4749==    at 0x34D904650B: _itoa_word (in /usr/lib64/libc-2.15.so)
+  ==4749==    by 0x34D9049118: vfprintf (in /usr/lib64/libc-2.15.so)
+  ==4749==    by 0x34D9108F60: __vasprintf_chk (in /usr/lib64/libc-2.15.so)
+  ==4749==    by 0x4CAEEF7: virVasprintf (stdio2.h:199)
+  ==4749==    by 0x4C8A55E: virLogVMessage (virlog.c:814)
+  ==4749==    by 0x4C8AA96: virLogMessage (virlog.c:751)
+  ==4749==    by 0x4DA0056: virNetTLSContextCheckCertKeyUsage (virnettlscontext.c:225)
+  ==4749==    by 0x4DA06DB: virNetTLSContextCheckCert (virnettlscontext.c:439)
+  ==4749==    by 0x4DA1620: virNetTLSContextNew (virnettlscontext.c:562)
+  ==4749==    by 0x4DA26FC: virNetTLSContextNewServer (virnettlscontext.c:927)
+  ==4749==    by 0x409C39: testTLSContextInit (virnettlscontexttest.c:467)
+  ==4749==    by 0x40AB8F: virtTestRun (testutils.c:161)
+
+Valgrind will also find some false positives or code paths
+which cannot be resolved by making changes to the libvirt code.
+For these paths, it is possible to add a filter to avoid the
+errors. For example:
+
+::
+
+  ==4643== 7 bytes in 1 blocks are possibly lost in loss record 4 of 20
+  ==4643==    at 0x4A0881C: malloc (vg_replace_malloc.c:270)
+  ==4643==    by 0x34D90853F1: strdup (in /usr/lib64/libc-2.15.so)
+  ==4643==    by 0x34EEC2C08A: ??? (in /usr/lib64/libnl.so.1.1)
+  ==4643==    by 0x34EEC15B81: ??? (in /usr/lib64/libnl.so.1.1)
+  ==4643==    by 0x34D8C0EE15: call_init.part.0 (in /usr/lib64/ld-2.15.so)
+  ==4643==    by 0x34D8C0EECF: _dl_init (in /usr/lib64/ld-2.15.so)
+  ==4643==    by 0x34D8C01569: ??? (in /usr/lib64/ld-2.15.so)
+
+In this instance, it is acceptable to modify the
+``tests/.valgrind.supp`` file in order to add a suppression
+filter. The filter should be unique enough to not suppress real
+leaks, but it should be generic enough to cover multiple code
+paths. The format of the entry can be found in the
+documentation found at the `Valgrind home
+page <http://valgrind.org/>`__. The following trace was added
+to ``tests/.valgrind.supp`` in order to suppress the warning:
+
+::
+
+  {
+      dlInitMemoryLeak1
+      Memcheck:Leak
+      fun:?alloc
+      ...
+      fun:call_init.part.0
+      fun:_dl_init
+      ...
+      obj:*/lib*/ld-2.*so*
+  }

docs/api.html.in

@@ -330,7 +330,7 @@
     daemon through the <a href="remote.html">remote</a> driver via an
     <a href="internals/rpc.html">RPC</a>. Some hypervisors do support
     client-side connections and responses, such as Test, OpenVZ, VMware,
-    Power VM (phyp), VirtualBox (vbox), ESX, Hyper-V, Xen, and Virtuozzo.
+    VirtualBox (vbox), ESX, Hyper-V, Xen, and Virtuozzo.
     The libvirtd daemon service is started on the host at system boot
     time and can also be restarted at any time by a properly privileged
     user, such as root. The libvirtd daemon uses the same libvirt API

docs/api_extension.html.in

@@ -89,7 +89,7 @@
       separately.
     </p>
 
-    <h2><a name='publicapi'>Defining the public API</a></h2>
+    <h2><a id='publicapi'>Defining the public API</a></h2>
 
     <p>The first task is to define the public API.  If the new API
       involves an XML extension, you have to enhance the RelaxNG
@@ -119,7 +119,7 @@
       rework it as you go through the process of implementing it.
     </p>
 
-    <h2><a name='internalapi'>Defining the internal API</a></h2>
+    <h2><a id='internalapi'>Defining the internal API</a></h2>
 
     <p>
       Each public API call is associated with a driver, such as a host
@@ -146,7 +146,7 @@
       provide a <code>NULL</code> stub for the new function.
     </p>
 
-    <h2><a name='implpublic'>Implementing the public API</a></h2>
+    <h2><a id='implpublic'>Implementing the public API</a></h2>
 
     <p>
       Implementing the public API is largely a formality in which we wire up
@@ -179,7 +179,7 @@
 
     <p><code>src/libvirt-$MODULE.c</code></p>
 
-    <h2><a name='remoteproto'>Implementing the remote protocol</a></h2>
+    <h2><a id='remoteproto'>Implementing the remote protocol</a></h2>
 
     <p>
       Implementing the remote protocol is essentially a
@@ -187,7 +187,7 @@
       understood by referring to the existing code.
     </p>
 
-    <h3><a name='wireproto'>Defining the wire protocol format</a></h3>
+    <h3><a id='wireproto'>Defining the wire protocol format</a></h3>
 
     <p>
       Defining the wire protocol involves making additions to:
@@ -226,7 +226,7 @@
         src/remote/remote_protocol.h
     </code></p>
 
-    <h3><a name='rpcclient'>Implement the RPC client</a></h3>
+    <h3><a id='rpcclient'>Implement the RPC client</a></h3>
 
     <p>
       Implementing the RPC client uses the rpcgen generated .h files.

docs/apps.html.in

@@ -224,7 +224,7 @@
       <dd>
         Eucalyptus is an on-premise Infrastructure as a Service cloud
         software platform that is open source and
-        AWS-compatible. Eucalyptus uses libivrt virtualization API to
+        AWS-compatible. Eucalyptus uses libvirt virtualization API to
         directly interact with Xen and KVM hypervisors.
       </dd>
 

docs/auditlog.html.in

@@ -42,7 +42,7 @@
       In addition to have formal messages sent to the audit subsystem it is
       possible to tell libvirt to inject messages into its own logging
       layer. This will result in messages ending up in the systemd journal
-      or <code>/var/log/libvirt/libivrtd.log</code> on non-systemd hosts.
+      or <code>/var/log/libvirt/libvirtd.log</code> on non-systemd hosts.
       This is disabled by default, but can be requested by setting the
       <code>audit_logging=1</code> configuration parameter in the same file
       mentioned above.

docs/auth.html.in

@@ -129,11 +129,9 @@ credentials=defgrp</pre>
       <li><code>libvirt</code> - used for connections to a libvirtd
         server, which is configured with SASL auth</li>
       <li><code>ssh</code> - used for connections to a Phyp server
-        over SSH</li>
+        over SSH, but the Phyp driver has been removed</li>
       <li><code>esx</code> - used for connections to an ESX or
         VirtualCenter server</li>
-      <li><code>xen</code> - used for connections to a Xen Enterprise
-        sever using XenAPI</li>
     </ol>
 
     <p>
@@ -276,7 +274,7 @@ to turn on SASL auth in these listeners.
     </p>
     <p>
 Since the libvirt SASL config file defaults to using GSSAPI (Kerberos), a
-config change is rquired to enable plain password auth. This is done by
+config change is required to enable plain password auth. This is done by
 editting <code>/etc/sasl2/libvirt.conf</code> to set the <code>mech_list</code>
 parameter to <code>scram-sha-1</code>.
     </p>
@@ -319,7 +317,7 @@ in these scenarios - only the plain TCP listener needs encryption
 Some operating systems do not install the SASL kerberos plugin by default. It
 may be necessary to install a sub-package such as <code>cyrus-sasl-gssapi</code>.
 To check whether the Kerberos plugin is installed run the <code>pluginviewer</code>
-program and verify that <code>gssapi</code> is listed,eg:
+program and verify that <code>gssapi</code> is listed, e.g.:
 </p>
     <pre>
 # pluginviewer
@@ -361,7 +359,7 @@ kadmin.local: quit
     <p>
 Any client application wishing to connect to a Kerberos enabled libvirt server
 merely needs to run <code>kinit</code> to gain a user principal. This may well
-be done automatically when a user logs into a desktop session, if PAM is setup
+be done automatically when a user logs into a desktop session, if PAM is set up
 to authenticate against Kerberos.
 </p>
   </body>

docs/best-practices.rst

@@ -0,0 +1,38 @@
+==============
+Best practices
+==============
+
+These are a few guidelines to keep in mind when submitting patches
+to libvirt: following them will maximise the chance of your patches
+being reviewed in a timely manner and being accepted into libvirt
+with minimal back-and-forth.
+
+-  Discuss any large changes on the mailing list first. Post
+   patches early and listen to feedback.
+
+-  In your commit message, make the summary line reasonably short
+   (60 characters is typical), followed by a blank line, followed
+   by any longer description of why your patch makes sense. If the
+   patch fixes a regression, and you know what commit introduced
+   the problem, mentioning that is useful. If the patch resolves a
+   upstream bug reported in GitLab, put "Fixes: #NNN" in the commit
+   message. For a downstream bug, mention the URL of the bug instead.
+   In both cases also summarize the issue rather than making all
+   readers follow the link. You can use 'git shortlog -30' to get
+   an idea of typical summary lines.
+
+-  Split large changes into a series of smaller patches,
+   self-contained if possible, with an explanation of each patch
+   and an explanation of how the sequence of patches fits
+   together. Moreover, please keep in mind that it's required to
+   be able to compile cleanly (**including**
+   ``make check`` and ``make syntax-check``) after each
+   patch. A feature does not have to work until the end of a
+   series, but intermediate patches must compile and not cause
+   test-suite failures (this is to preserve the usefulness of
+   ``git bisect``, among other things).
+
+There is more on this subject, including lots of links to
+background reading on the subject, on `Richard Jones' guide to
+working with open source
+projects <http://people.redhat.com/rjones/how-to-supply-code-to-open-source-projects/>`__.

docs/bugs.html.in

@@ -19,7 +19,7 @@
       <a href="securityprocess.html">security process</a> instead.
     </p>
 
-    <h2><a id="bugzilla">Bug Tracking</a></h2>
+    <h2><a id="bugtracking">Bug Tracking</a></h2>
 
     <p>
       If you are using libvirt binaries from a Linux distribution
@@ -30,22 +30,17 @@
     <h2><a id="general">General libvirt bug reports</a></h2>
 
     <p>
-      The <a href="http://bugzilla.redhat.com">Red Hat Bugzilla Server</a>
-      should be used to report bugs and request features in libvirt.
+      Bugs in upstream libvirt code should be reported as issues in the
+      appropriate <a href="https://gitlab.com/libvirt">project on GitLab.</a>
       Before submitting a ticket, check the existing tickets to see if
       the bug/feature is already tracked.
-
-      For general libvirt bug reports, from self-built releases, GIT snapshots
-      and any other non-distribution supported builds, enter tickets under
-      the <code>Virtualization Tools</code> product and the <code>libvirt</code>
-      component.
     </p>
     <p>
       It's always a good idea to file bug reports, as the process of
       filing the report always makes it easier to describe the
       problem, and the bug number provides a quick way of referring to
-      the problem.  However, not everybody in the community pays
-      attention to bugzilla, so after you file a bug, asking questions
+      the problem.  However, not everybody in the community pays frequent
+      attention to issues, so after you file a bug, asking questions
       and submitting patches on <a href="contact.html">the libvirt
       mailing lists</a> will increase your bug's visibility and
       encourage people to think about your problem.  Don't hesitate to
@@ -65,10 +60,16 @@
     </p>
 
     <ul>
-      <li><a href="http://bugzilla.redhat.com/buglist.cgi?component=libvirt&amp;product=Virtualization%20Tools">View libvirt tickets</a></li>
-      <li><a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi?product=Virtualization%20Tools&amp;component=libvirt">New libvirt ticket</a></li>
+      <li><a href="https://gitlab.com/libvirt/libvirt/-/issues">View libvirt.git tickets</a></li>
+      <li><a href="https://gitlab.com/libvirt/libvirt/-/issues/new">New libvirt.git ticket</a></li>
     </ul>
 
+    <p>
+      Note bugs in language bindings and other sub-projects should be
+      reported to their corresponding git repository rather than the
+      main libvirt.git linked above.
+    </p>
+
     <h2><a id="distribution">Linux Distribution specific bug reports</a></h2>
     <ul>
       <li>

docs/cgroups.html.in

@@ -155,24 +155,17 @@ $ROOT
       named <code>$VMNAME.libvirt-{qemu,lxc}</code>. Each consumer is associated
       with exactly one partition, which also have a corresponding cgroup usually
       named <code>$PARTNAME.partition</code>. The exceptions to this naming rule
-      are the three top level default partitions, named <code>/system</code> (for
-      system services), <code>/user</code> (for user login sessions) and
-      <code>/machine</code> (for virtual machines and containers). By default
-      every consumer will of course be associated with the <code>/machine</code>
-      partition.
+      is the top level default partition for virtual machines and containers
+      <code>/machine</code>.
     </p>
 
     <p>
-      Given this, a possible systemd cgroups layout involving 3 qemu guests,
+      Given this, a possible non-systemd cgroups layout involving 3 qemu guests,
       3 lxc containers and 2 custom child slices, would be:
     </p>
 
     <pre>
 $ROOT
-  |
-  +- system
-  |   |
-  |   +- libvirtd.service
   |
   +- machine
       |

docs/coding-style.rst

@@ -0,0 +1,919 @@
+============
+Coding style
+============
+
+.. contents::
+
+Naming conventions
+==================
+
+When reading libvirt code, a number of different naming
+conventions will be evident due to various changes in thinking
+over the course of the project's lifetime. The conventions
+documented below should be followed when creating any entirely new
+files in libvirt. When working on existing files, while it is
+desirable to apply these conventions, keeping a consistent style
+with existing code in that particular file is generally more
+important. The overall guiding principal is that every file, enum,
+struct, function, macro and typedef name must have a 'vir' or
+'VIR' prefix. All local scope variable names are exempt, and
+global variables are exempt, unless exported in a header file.
+
+File names
+   File naming varies depending on the subdirectory. The preferred
+   style is to have a 'vir' prefix, followed by a name which
+   matches the name of the functions / objects inside the file.
+   For example, a file containing an object 'virHashtable' is
+   stored in files 'virhashtable.c' and 'virhashtable.h'.
+   Sometimes, methods which would otherwise be declared 'static'
+   need to be exported for use by a test suite. For this purpose a
+   second header file should be added with a suffix of 'priv',
+   e.g. 'virhashtablepriv.h'. Use of underscores in file names is
+   discouraged when using the 'vir' prefix style. The 'vir' prefix
+   naming applies to src/util, src/rpc and tests/ directories.
+   Most other directories do not follow this convention.
+
+Enum type & field names
+   All enums should have a 'vir' prefix in their typedef name, and
+   each following word should have its first letter in uppercase.
+   The enum name should match the typedef name with a leading
+   underscore. The enum member names should be in all uppercase,
+   and use an underscore to separate each word. The enum member
+   name prefix should match the enum typedef name.
+
+   ::
+
+     typedef enum _virSocketType virSocketType;
+     enum _virSocketType {
+         VIR_SOCKET_TYPE_IPV4,
+         VIR_SOCKET_TYPE_IPV6,
+     };
+
+Struct type names
+   All structs should have a 'vir' prefix in their typedef name,
+   and each following word should have its first letter in
+   uppercase. The struct name should be the same as the typedef
+   name with a leading underscore. A second typedef should be
+   given for a pointer to the struct with a 'Ptr' suffix.
+
+   ::
+
+     typedef struct _virHashTable virHashTable;
+     typedef virHashTable *virHashTablePtr;
+     struct _virHashTable {
+         ...
+     };
+
+Function names
+   All functions should have a 'vir' prefix in their name,
+   followed by one or more words with first letter of each word
+   capitalized. Underscores should not be used in function names.
+   If the function is operating on an object, then the function
+   name prefix should match the object typedef name, otherwise it
+   should match the filename. Following this comes the verb /
+   action name, and finally an optional subject name. For example,
+   given an object 'virHashTable', all functions should have a
+   name 'virHashTable$VERB' or 'virHashTable$VERB$SUBJECT", e.g.
+   'virHashTableLookup' or 'virHashTableGetValue'.
+
+Macro names
+   All macros should have a "VIR" prefix in their name, followed
+   by one or more uppercase words separated by underscores. The
+   macro argument names should be in lowercase. Aside from having
+   a "VIR" prefix there are no common practices for the rest of
+   the macro name.
+
+Code indentation
+================
+
+Libvirt's C source code generally adheres to some basic
+code-formatting conventions. The existing code base is not totally
+consistent on this front, but we do prefer that contributed code
+be formatted similarly. In short, use spaces-not-TABs for
+indentation, use 4 spaces for each indentation level, and other
+than that, follow the K&R style.
+
+If you use Emacs, the project includes a file .dir-locals.el that
+sets up the preferred indentation. If you use vim, append the
+following to your ~/.vimrc file:
+
+::
+
+  set nocompatible
+  filetype on
+  set autoindent
+  set smartindent
+  set cindent
+  set tabstop=8
+  set shiftwidth=4
+  set expandtab
+  set cinoptions=(0,:0,l1,t0,L3
+  filetype plugin indent on
+  au FileType make setlocal noexpandtab
+  au BufRead,BufNewFile *.am setlocal noexpandtab
+  match ErrorMsg /\s\+$\| \+\ze\t/
+
+Or if you don't want to mess your ~/.vimrc up, you can save the
+above into a file called .lvimrc (not .vimrc) located at the root
+of libvirt source, then install a vim script from
+http://www.vim.org/scripts/script.php?script_id=1408, which will
+load the .lvimrc only when you edit libvirt code.
+
+Code formatting (especially for new code)
+=========================================
+
+With new code, we can be even more strict. Please apply the
+following function (using GNU indent) to any new code. Note that
+this also gives you an idea of the type of spacing we prefer
+around operators and keywords:
+
+::
+
+  indent-libvirt()
+  {
+    indent -bad -bap -bbb -bli4 -br -ce -brs -cs -i4 -l75 -lc75 \
+           -sbi4 -psl -saf -sai -saw -sbi4 -ss -sc -cdw -cli4 -npcs -nbc \
+           --no-tabs "$@"
+  }
+
+Note that sometimes you'll have to post-process that output
+further, by piping it through ``expand -i``, since some leading
+TABs can get through. Usually they're in macro definitions or
+strings, and should be converted anyhow.
+
+Libvirt requires a C99 compiler for various reasons. However, most
+of the code base prefers to stick to C89 syntax unless there is a
+compelling reason otherwise. For example, it is preferable to use
+``/* */`` comments rather than ``//``. Also, when declaring local
+variables, the prevailing style has been to declare them at the
+beginning of a scope, rather than immediately before use.
+
+Bracket spacing
+---------------
+
+The keywords ``if``, ``for``, ``while``, and ``switch`` must have
+a single space following them before the opening bracket. E.g.
+
+::
+
+  if(foo)   // Bad
+  if (foo)  // Good
+
+Function implementations must **not** have any whitespace between
+the function name and the opening bracket. E.g.
+
+::
+
+  int foo (int wizz)  // Bad
+  int foo(int wizz)   // Good
+
+Function calls must **not** have any whitespace between the
+function name and the opening bracket. E.g.
+
+::
+
+  bar = foo (wizz);  // Bad
+  bar = foo(wizz);   // Good
+
+Function typedefs must **not** have any whitespace between the
+closing bracket of the function name and opening bracket of the
+arg list. E.g.
+
+::
+
+  typedef int (*foo) (int wizz);  // Bad
+  typedef int (*foo)(int wizz);   // Good
+
+There must not be any whitespace immediately following any opening
+bracket, or immediately prior to any closing bracket. E.g.
+
+::
+
+  int foo( int wizz );  // Bad
+  int foo(int wizz);    // Good
+
+Commas
+------
+
+Commas should always be followed by a space or end of line, and
+never have leading space; this is enforced during 'make
+syntax-check'.
+
+::
+
+  call(a,b ,c);// Bad
+  call(a, b, c); // Good
+
+When declaring an enum or using a struct initializer that occupies
+more than one line, use a trailing comma. That way, future edits
+to extend the list only have to add a line, rather than modify an
+existing line to add the intermediate comma. Any sentinel
+enumerator value with a name ending in \_LAST is exempt, since you
+would extend such an enum before the \_LAST element. Another
+reason to favor trailing commas is that it requires less effort to
+produce via code generators. Note that the syntax checker is
+unable to enforce a style of trailing commas, so there are
+counterexamples in existing code which do not use it; also, while
+C99 allows trailing commas, remember that JSON and XDR do not.
+
+::
+
+  enum {
+      VALUE_ONE,
+      VALUE_TWO // Bad
+  };
+  enum {
+      VALUE_THREE,
+      VALUE_FOUR, // Good
+  };
+
+Semicolons
+----------
+
+Semicolons should never have a space beforehand. Inside the
+condition of a ``for`` loop, there should always be a space or
+line break after each semicolon, except for the special case of an
+infinite loop (although more infinite loops use ``while``). While
+not enforced, loop counters generally use post-increment.
+
+::
+
+  for (i = 0 ;i < limit ; ++i) { // Bad
+  for (i = 0; i < limit; i++) { // Good
+  for (;;) { // ok
+  while (1) { // Better
+
+Empty loop bodies are better represented with curly braces and a
+comment, although use of a semicolon is not currently rejected.
+
+::
+
+  while ((rc = waitpid(pid, &st, 0) == -1) &&
+         errno == EINTR); // ok
+  while ((rc = waitpid(pid, &st, 0) == -1) &&
+         errno == EINTR) { // Better
+      /* nothing */
+  }
+
+Curly braces
+------------
+
+Omit the curly braces around an ``if``, ``while``, ``for`` etc.
+body only when both that body and the condition itself occupy a
+single line. In every other case we require the braces. This
+ensures that it is trivially easy to identify a
+single-\ *statement* loop: each has only one *line* in its body.
+
+::
+
+  while (expr)             // single line body; {} is forbidden
+      single_line_stmt();
+
+::
+
+  while (expr(arg1,
+              arg2))      // indentation makes it obvious it is single line,
+      single_line_stmt(); // {} is optional (not enforced either way)
+
+::
+
+  while (expr1 &&
+         expr2) {         // multi-line, at same indentation, {} required
+      single_line_stmt();
+  }
+
+However, the moment your loop/if/else body extends on to a second
+line, for whatever reason (even if it's just an added comment),
+then you should add braces. Otherwise, it would be too easy to
+insert a statement just before that comment (without adding
+braces), thinking it is already a multi-statement loop:
+
+::
+
+  while (true) // BAD! multi-line body with no braces
+      /* comment... */
+      single_line_stmt();
+
+Do this instead:
+
+::
+
+  while (true) { // Always put braces around a multi-line body.
+      /* comment... */
+      single_line_stmt();
+  }
+
+There is one exception: when the second body line is not at the
+same indentation level as the first body line:
+
+::
+
+  if (expr)
+      die("a diagnostic that would make this line"
+          " extend past the 80-column limit"));
+
+It is safe to omit the braces in the code above, since the
+further-indented second body line makes it obvious that this is
+still a single-statement body.
+
+To reiterate, don't do this:
+
+::
+
+  if (expr)            // BAD: no braces around...
+      while (expr_2) { // ... a multi-line body
+          ...
+      }
+
+Do this, instead:
+
+::
+
+  if (expr) {
+      while (expr_2) {
+          ...
+      }
+  }
+
+However, there is one exception in the other direction, when even
+a one-line block should have braces. That occurs when that
+one-line, brace-less block is an ``if`` or ``else`` block, and the
+counterpart block **does** use braces. In that case, put braces
+around both blocks. Also, if the ``else`` block is much shorter
+than the ``if`` block, consider negating the ``if``-condition and
+swapping the bodies, putting the short block first and making the
+longer, multi-line block be the ``else`` block.
+
+::
+
+  if (expr) {
+      ...
+      ...
+  }
+  else
+      x = y;    // BAD: braceless "else" with braced "then",
+                // and short block last
+
+  if (expr)
+      x = y;    // BAD: braceless "if" with braced "else"
+  else {
+      ...
+      ...
+  }
+
+Keeping braces consistent and putting the short block first is
+preferred, especially when the multi-line body is more than a few
+lines long, because it is easier to read and grasp the semantics
+of an if-then-else block when the simpler block occurs first,
+rather than after the more involved block:
+
+::
+
+  if (!expr) {
+    x = y; // putting the smaller block first is more readable
+  } else {
+      ...
+      ...
+  }
+
+But if negating a complex condition is too ugly, then at least add
+braces:
+
+::
+
+  if (complex expr not worth negating) {
+      ...
+      ...
+  } else {
+      x = y;
+  }
+
+Use hanging braces for compound statements: the opening brace of a
+compound statement should be on the same line as the condition
+being tested. Only top-level function bodies, nested scopes, and
+compound structure declarations should ever have { on a line by
+itself.
+
+::
+
+  void
+  foo(int a, int b)
+  {                          // correct - function body
+      int 2d[][] = {
+        {                    // correct - complex initialization
+          1, 2,
+        },
+      };
+      if (a)
+      {                      // BAD: compound brace on its own line
+          do_stuff();
+      }
+      {                      // correct - nested scope
+          int tmp;
+          if (a < b) {       // correct - hanging brace
+              tmp = b;
+              b = a;
+              a = tmp;
+          }
+      }
+  }
+
+Conditional expressions
+-----------------------
+
+For readability reasons new code should avoid shortening
+comparisons to 0 for numeric types. Boolean and pointer
+comparisions may be shortened. All long forms are okay:
+
+::
+
+  virFooPtr foos = NULL;
+  size nfoos = 0;
+  bool hasFoos = false;
+
+  GOOD:
+    if (!foos)
+    if (!hasFoos)
+    if (nfoos == 0)
+    if (foos == NULL)
+    if (hasFoos == true)
+
+  BAD:
+    if (!nfoos)
+    if (nfoos)
+
+New code should avoid the ternary operator as much as possible.
+Specifically it must never span more than one line or nest:
+
+::
+
+  BAD:
+    char *foo = baz ?
+                virDoSomethingReallyComplex(driver, vm, something, baz->foo) :
+                NULL;
+
+    char *foo = bar ? bar->baz ? bar->baz->foo : "nobaz" : "nobar";
+
+Preprocessor
+------------
+
+Macros defined with an ALL_CAPS name should generally be assumed
+to be unsafe with regards to arguments with side-effects (that is,
+MAX(a++, b--) might increment a or decrement b too many or too few
+times). Exceptions to this rule are explicitly documented for
+macros in viralloc.h and virstring.h.
+
+For variadic macros, stick with C99 syntax:
+
+::
+
+  #define vshPrint(_ctl, ...) fprintf(stdout, __VA_ARGS__)
+
+Use parenthesis when checking if a macro is defined, and use
+indentation to track nesting:
+
+::
+
+  #if defined(HAVE_POSIX_FALLOCATE) && !defined(HAVE_FALLOCATE)
+  # define fallocate(a, ignored, b, c) posix_fallocate(a, b, c)
+  #endif
+
+C types
+-------
+
+Use the right type.
+
+Scalars
+~~~~~~~
+
+-  If you're using ``int`` or ``long``, odds are good that there's
+   a better type.
+-  If a variable is counting something, be sure to declare it with
+   an unsigned type.
+-  If it's memory-size-related, use ``size_t`` (use ``ssize_t``
+   only if required).
+-  If it's file-size related, use uintmax_t, or maybe ``off_t``.
+-  If it's file-offset related (i.e., signed), use ``off_t``.
+-  If it's just counting small numbers use ``unsigned int``; (on
+   all but oddball embedded systems, you can assume that that type
+   is at least four bytes wide).
+-  If a variable has boolean semantics, give it the ``bool`` type
+   and use the corresponding ``true`` and ``false`` macros.
+-  In the unusual event that you require a specific width, use a
+   standard type like ``int32_t``, ``uint32_t``, ``uint64_t``,
+   etc.
+-  While using ``bool`` is good for readability, it comes with
+   minor caveats:
+
+   -  Don't use ``bool`` in places where the type size must be
+      constant across all systems, like public interfaces and
+      on-the-wire protocols. Note that it would be possible
+      (albeit wasteful) to use ``bool`` in libvirt's logical wire
+      protocol, since XDR maps that to its lower-level ``bool_t``
+      type, which **is** fixed-size.
+   -  Don't compare a bool variable against the literal, ``true``,
+      since a value with a logical non-false value need not be
+      ``1``. I.e., don't write ``if (seen == true) ...``. Rather,
+      write ``if (seen)...``.
+
+Of course, take all of the above with a grain of salt. If you're
+about to use some system interface that requires a type like
+``size_t``, ``pid_t`` or ``off_t``, use matching types for any
+corresponding variables.
+
+Also, if you try to use e.g., ``unsigned int`` as a type, and that
+conflicts with the signedness of a related variable, sometimes
+it's best just to use the **wrong** type, if *pulling the thread*
+and fixing all related variables would be too invasive.
+
+Finally, while using descriptive types is important, be careful
+not to go overboard. If whatever you're doing causes warnings, or
+requires casts, then reconsider or ask for help.
+
+Pointers
+~~~~~~~~
+
+Ensure that all of your pointers are *const-correct*. Unless a
+pointer is used to modify the pointed-to storage, give it the
+``const`` attribute. That way, the reader knows up-front that this
+is a read-only pointer. Perhaps more importantly, if we're
+diligent about this, when you see a non-const pointer, you're
+guaranteed that it is used to modify the storage it points to, or
+it is aliased to another pointer that is.
+
+Attribute annotations
+---------------------
+
+Use the following annotations to help the compiler and/or static
+analysis tools understand the code better:
+
++-------------------------------+------------------------------------------------------------+
+| Macro                         | Meaning                                                    |
++===============================+============================================================+
+| ``ATTRIBUTE_NONNULL``         | passing NULL for this parameter is not allowed             |
++-------------------------------+------------------------------------------------------------+
+| ``ATTRIBUTE_PACKED``          | force a structure to be packed                             |
++-------------------------------+------------------------------------------------------------+
+| ``G_GNUC_FALLTHROUGH``        | allow code reuse by multiple switch cases                  |
++-------------------------------+------------------------------------------------------------+
+| ``G_GNUC_NO_INLINE``          | the function is mocked in the test suite                   |
++-------------------------------+------------------------------------------------------------+
+| ``G_GNUC_NORETURN``           | the function never returns                                 |
++-------------------------------+------------------------------------------------------------+
+| ``G_GNUC_NULL_TERMINATED``    | last parameter must be NULL                                |
++-------------------------------+------------------------------------------------------------+
+| ``G_GNUC_PRINTF``             | validate that the formatting string matches parameters     |
++-------------------------------+------------------------------------------------------------+
+| ``G_GNUC_UNUSED``             | parameter is unused in this implementation of the function |
++-------------------------------+------------------------------------------------------------+
+| ``G_GNUC_WARN_UNUSED_RESULT`` | the return value must be checked                           |
++-------------------------------+------------------------------------------------------------+
+
+File handling
+-------------
+
+Usage of the ``fdopen()``, ``close()``, ``fclose()`` APIs is
+deprecated in libvirt code base to help avoiding double-closing of
+files or file descriptors, which is particularly dangerous in a
+multi-threaded application. Instead of these APIs, use the macros
+from virfile.h
+
+-  Open a file from a file descriptor:
+
+   ::
+
+     if ((file = VIR_FDOPEN(fd, "r")) == NULL) {
+         virReportSystemError(errno, "%s",
+                              _("failed to open file from file descriptor"));
+         return -1;
+     }
+     /* fd is now invalid; only access the file using file variable */
+
+-  Close a file descriptor:
+
+   ::
+
+     if (VIR_CLOSE(fd) < 0) {
+         virReportSystemError(errno, "%s", _("failed to close file"));
+     }
+
+-  Close a file:
+
+   ::
+
+     if (VIR_FCLOSE(file) < 0) {
+         virReportSystemError(errno, "%s", _("failed to close file"));
+     }
+
+-  Close a file or file descriptor in an error path, without
+   losing the previous ``errno`` value:
+
+   ::
+
+     VIR_FORCE_CLOSE(fd);
+     VIR_FORCE_FCLOSE(file);
+
+String comparisons
+------------------
+
+Do not use the strcmp, strncmp, etc functions directly. Instead
+use one of the following semantically named macros
+
+-  For strict equality:
+
+   ::
+
+     STREQ(a,b)
+     STRNEQ(a,b)
+
+-  For case insensitive equality:
+
+   ::
+
+     STRCASEEQ(a,b)
+     STRCASENEQ(a,b)
+
+-  For strict equality of a substring:
+
+   ::
+
+     STREQLEN(a,b,n)
+     STRNEQLEN(a,b,n)
+
+-  For case insensitive equality of a substring:
+
+   ::
+
+     STRCASEEQLEN(a,b,n)
+     STRCASENEQLEN(a,b,n)
+
+-  For strict equality of a prefix:
+
+   ::
+
+     STRPREFIX(a,b)
+
+-  To avoid having to check if a or b are NULL:
+
+   ::
+
+     STREQ_NULLABLE(a, b)
+     STRNEQ_NULLABLE(a, b)
+
+String copying
+--------------
+
+Do not use the strncpy function. According to the man page, it
+does **not** guarantee a NULL-terminated buffer, which makes it
+extremely dangerous to use. Instead, use one of the replacement
+functions provided by libvirt:
+
+::
+
+  virStrncpy(char *dest, const char *src, size_t n, size_t destbytes)
+
+The first two arguments have the same meaning as for strncpy,
+namely the destination and source of the copy operation. Unlike
+strncpy, the function will always copy exactly the number of bytes
+requested and make sure the destination is NULL-terminated, as the
+source is required to be; sanity checks are performed to ensure
+the size of the destination, as specified by the last argument, is
+sufficient for the operation to succeed. On success, 0 is
+returned; on failure, a value <0 is returned instead.
+
+::
+
+  virStrcpy(char *dest, const char *src, size_t destbytes)
+
+Use this variant if you know you want to copy the entire src
+string into dest.
+
+::
+
+  virStrcpyStatic(char *dest, const char *src)
+
+Use this variant if you know you want to copy the entire src
+string into dest **and** you know that your destination string is
+a static string (i.e. that sizeof(dest) returns something
+meaningful). Note that this is a macro, so arguments could be
+evaluated more than once.
+
+::
+
+  dst = g_strdup(src);
+  dst = g_strndup(src, n);
+
+You should avoid using strdup or strndup directly as they do not
+handle out-of-memory errors, and do not allow a NULL source. Use
+``g_strdup`` and ``g_strndup`` from GLib which abort on OOM and
+handle NULL source by returning NULL.
+
+Variable length string buffer
+-----------------------------
+
+If there is a need for complex string concatenations, avoid using
+the usual sequence of malloc/strcpy/strcat/snprintf functions and
+make use of either the
+`GString <https://developer.gnome.org/glib/stable/glib-Strings.html>`__
+type from GLib or the virBuffer API. If formatting XML or QEMU
+command line is needed, use the virBuffer API described in
+virbuffer.h, since it has helper functions for those.
+
+Typical usage is as follows:
+
+::
+
+  char *
+  somefunction(...)
+  {
+     g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
+
+     ...
+
+     virBufferAddLit(&buf, "<domain>\n");
+
+     ...
+
+     if (some_error)
+         return NULL; /* g_auto will free the memory used so far */
+
+     ...
+
+     virBufferAddLit(&buf, "</domain>\n");
+
+     ...
+
+     if (virBufferCheckError(&buf) < 0)
+         return NULL;
+
+     return virBufferContentAndReset(&buf);
+  }
+
+Include files
+-------------
+
+There are now quite a large number of include files, both libvirt
+internal and external, and system includes. To manage all this
+complexity it's best to stick to the following general plan for
+all \*.c source files:
+
+::
+
+  /*
+   * Copyright notice
+   * ....
+   * ....
+   * ....
+   *
+   */
+
+  #include <config.h>             Must come first in every file.
+
+  #include <stdio.h>              Any system includes you need.
+  #include <string.h>
+  #include <limits.h>
+
+  #if WITH_NUMACTL                Some system includes aren't supported
+  # include <numa.h>              everywhere so need these #if guards.
+  #endif
+
+  #include "internal.h"           Include this first, after system includes.
+
+  #include "util.h"               Any libvirt internal header files.
+  #include "buf.h"
+
+  static int
+  myInternalFunc()                The actual code.
+  {
+      ...
+
+Of particular note: **Do not** include libvirt/libvirt.h,
+libvirt/virterror.h, libvirt/libvirt-qemu.h, or
+libvirt/libvirt-lxc.h. They are included by "internal.h" already
+and there are some special reasons why you cannot include these
+files explicitly. One of the special cases, "libvirt/libvirt.h" is
+included prior to "internal.h" in "remote_protocol.x", to avoid
+exposing \*_LAST enum elements.
+
+Printf-style functions
+----------------------
+
+Whenever you add a new printf-style function, i.e., one with a
+format string argument and following "..." in its prototype, be
+sure to use gcc's printf attribute directive in the prototype. For
+example, here's the one for virCommandAddEnvFormat in
+vircommand.h:
+
+::
+
+  void virCommandAddEnvFormat(virCommandPtr cmd, const char *format, ...)
+      G_GNUC_PRINTF(2, 3);
+
+This makes it so gcc's -Wformat and -Wformat-security options can
+do their jobs and cross-check format strings with the number and
+types of arguments.
+
+When printing to a string, consider using GString or virBuffer for
+incremental allocations, g_strdup_printf for a one-shot
+allocation, and g_snprintf for fixed-width buffers. Only use
+g_sprintf, if you can prove the buffer won't overflow.
+
+Error message format
+--------------------
+
+Error messages visible to the user should be short and
+descriptive. All error messages are translated using gettext and
+thus must be wrapped in ``_()`` macro. To simplify the translation
+work, the error message must not be concatenated from various
+parts. To simplify searching for the error message in the code the
+strings should not be broken even if they result into a line
+longer than 80 columns and any formatting modifier should be
+enclosed by quotes or other obvious separator. If a string used
+with ``%s`` can be NULL the NULLSTR macro must be used.
+
+::
+
+  GOOD: virReportError(VIR_ERR_INTERNAL_ERROR,
+                       _("Failed to connect to remote host '%s'"), hostname)
+
+  BAD: virReportError(VIR_ERR_INTERNAL_ERROR,
+                      _("Failed to %s to remote host '%s'"),
+                      "connect", hostname);
+
+  BAD: virReportError(VIR_ERR_INTERNAL_ERROR,
+                      _("Failed to connect "
+                      "to remote host '%s'),
+                      hostname);
+
+Use of goto
+-----------
+
+The use of goto is not forbidden, and goto is widely used
+throughout libvirt. While the uncontrolled use of goto will
+quickly lead to unmaintainable code, there is a place for it in
+well structured code where its use increases readability and
+maintainability. In general, if goto is used for error recovery,
+it's likely to be ok, otherwise, be cautious or avoid it all
+together.
+
+The typical use of goto is to jump to cleanup code in the case of
+a long list of actions, any of which may fail and cause the entire
+operation to fail. In this case, a function will have a single
+label at the end of the function. It's almost always ok to use
+this style. In particular, if the cleanup code only involves
+free'ing memory, then having multiple labels is overkill. g_free()
+and most of the functions named XXXFree() in libvirt is required
+to handle NULL as its arg. This does not apply to libvirt's public
+APIs. Thus you can safely call free on all the variables even if
+they were not yet allocated (yes they have to have been
+initialized to NULL). This is much simpler and clearer than having
+multiple labels. Note that most of libvirt's type declarations can
+be marked with either ``g_autofree`` or ``g_autoptr`` which uses
+the compiler's ``__attribute__((cleanup))`` that calls the
+appropriate free function when the variable goes out of scope.
+
+There are a couple of signs that a particular use of goto is not
+ok:
+
+-  You're using multiple labels. If you find yourself using
+   multiple labels, you're strongly encouraged to rework your code
+   to eliminate all but one of them.
+-  The goto jumps back up to a point above the current line of
+   code being executed. Please use some combination of looping
+   constructs to re-execute code instead; it's almost certainly
+   going to be more understandable by others. One well-known
+   exception to this rule is restarting an i/o operation following
+   EINTR.
+-  The goto jumps down to an arbitrary place in the middle of a
+   function followed by further potentially failing calls. You
+   should almost certainly be using a conditional and a block
+   instead of a goto. Perhaps some of your function's logic would
+   be better pulled out into a helper function.
+
+Although libvirt does not encourage the Linux kernel wind/unwind
+style of multiple labels, there's a good general discussion of the
+issue archived at
+`KernelTrap <http://kerneltrap.org/node/553/2131>`__
+
+When using goto, please use one of these standard labels if it
+makes sense:
+
+::
+
+  error:     A path only taken upon return with an error code
+  cleanup:   A path taken upon return with success code + optional error
+  no_memory: A path only taken upon return with an OOM error code
+  retry:     If needing to jump upwards (e.g., retry on EINTR)
+
+Top-level labels should be indented by one space (putting them on
+the beginning of the line confuses function context detection in
+git):
+
+::
+
+  int foo()
+  {
+      /* ... do stuff ... */
+   cleanup:
+      /* ... do other stuff ... */
+  }

docs/committer-guidelines.rst

@@ -0,0 +1,33 @@
+====================
+Committer guidelines
+====================
+
+The AUTHORS files indicates the list of people with commit access
+right who can actually merge the patches.
+
+The general rule for committing a patch is to make sure it has
+been reviewed properly in the mailing-list first, usually if a
+couple of people gave an ACK or +1 to a patch and nobody raised an
+objection on the list it should be good to go. If the patch
+touches a part of the code where you're not the main maintainer,
+or where you do not have a very clear idea of how things work,
+it's better to wait for a more authoritative feedback though.
+Before committing, please also rebuild locally, run 'make check
+syntax-check', and make sure you don't raise errors.
+
+An exception to 'review and approval on the list first' is fixing
+failures to build:
+
+-  if a recently committed patch breaks compilation on a platform
+   or for a given driver, then it's fine to commit a minimal fix
+   directly without getting the review feedback first
+-  if make check or make syntax-check breaks, if there is an
+   obvious fix, it's fine to commit immediately. The patch should
+   still be sent to the list (or tell what the fix was if
+   trivial), and 'make check syntax-check' should pass too, before
+   committing anything
+-  fixes for documentation and code comments can be managed in the
+   same way, but still make sure they get reviewed if non-trivial.
+-  (ir)regular pulls from other repositories or automated updates,
+   such as the keycodemap submodule updates, pulling in new
+   translations or updating the container images for the CI system

docs/compiling.html.in

@@ -9,13 +9,15 @@
     <h2><a id="compiling">Compiling a release tarball</a></h2>
 
     <p>
-      libvirt uses the standard configure/make/install steps:
+      libvirt uses the standard configure/make/install steps and mandates
+      that the build directory is different that the source directory:
     </p>
 
     <pre>
 $ xz -c libvirt-x.x.x.tar.xz | tar xvf -
 $ cd libvirt-x.x.x
-$ ./configure</pre>
+$ mkdir build &amp;&amp; cd build
+$ ../configure</pre>
 
     <p>
       The <i>configure</i> script can be given options to change its default
@@ -28,7 +30,7 @@ $ ./configure</pre>
     </p>
 
     <pre>
-$ ./configure <i>--help</i></pre>
+$ ../configure <i>--help</i></pre>
 
     <p>
       When you have determined which options you want to use (if any),
@@ -49,7 +51,7 @@ $ ./configure <i>--help</i></pre>
     </p>
 
     <pre>
-$ ./configure <i>[possible options]</i>
+$ ../configure <i>[possible options]</i>
 $ make
 $ <b>sudo</b> <i>make install</i></pre>
 
@@ -68,31 +70,6 @@ $ <b>sudo</b> <i>make install</i></pre>
       will turn on -Werror for builds. This can be disabled with
       --disable-werror, but this is not recommended.
     </p>
-    <p>
-      Libvirt takes advantage of
-      the <a href="http://www.gnu.org/software/gnulib/">gnulib</a>
-      project to provide portability to a number of platforms.  This
-      is normally done dynamically via a git submodule in
-      the <code>.gnulib</code> subdirectory, which is auto-updated as
-      needed when you do incremental builds.  Setting the environment
-      variable <code>GNULIB_SRCDIR</code> to a local directory
-      containing a git checkout of gnulib will let you reduce local
-      disk space requirements and network download time, regardless of
-      which actual commit you have in that reference directory.
-    </p>
-    <p>
-      However, if you are developing on a platform where git is not
-      available, or are behind a firewall that does not allow for git
-      to easily obtain the gnulib submodule, it is possible to instead
-      use a static mode of operation where you are then responsible
-      for updating the git submodule yourself.  In this mode, you must
-      track the exact gnulib commit needed by libvirt (usually not the
-      latest gnulib.git) via alternative means, such as a shared NFS
-      drive or manual download, and run this any time libvirt.git
-      updates the commit stored in the .gnulib submodule:</p>
-    <pre>
-$ GNULIB_SRCDIR=/path/to/gnulib ./autogen.sh --no-git
-    </pre>
 
     <p>To build &amp; install libvirt to your home
       directory the following commands can be run:

docs/daemons.rst

@@ -0,0 +1,692 @@
+===============
+Libvirt Daemons
+===============
+
+.. contents::
+
+A libvirt deployment for accessing one of the stateful drivers will require
+one or more daemons to be deployed on the virtualization host. There are a
+number of ways the daemons can be configured which will be outlined in this
+page.
+
+Architectural options
+=====================
+
+Monolithic vs modular daemons
+-----------------------------
+
+Traditionally libvirt provided a single monolithic daemon called ``libvirtd``
+which exposed support for all the stateful drivers, both primary hypervisor
+drivers and secondary supporting drivers. It also enables secure remote access
+from clients running off host.
+
+Work is underway for the monolithic daemon to be replaced by a new set of
+modular daemons ``virt${DRIVER}d``, each one servicing a single stateful
+driver. A further ``virtproxyd`` daemon will provide secure remote access, as
+well as backcompatibility for clients using the UNIX socket path of the
+monolithic daemon.
+
+The change to modular daemons should not affect API functionality used by
+management applications. It will, however, have an impact on host provisioning
+tools since there are new systemd services and configuration files to be
+managed.
+
+Currently both monolithic and modular daemons are built by default, but the RPC
+client still prefers connecting to the monolithic daemon. It is intended to
+switch the RPC client to prefer the modular daemons in the near future. At
+least 1 year after this switch (but not more than 2 years), the monolithic
+daemon will be deleted entirely.
+
+Operating modes
+---------------
+
+The libvirt daemons, whether monolithic or modular, can often operate in two
+modes
+
+* *System mode* - the daemon is running as the root user account, enabling
+  access to its full range of functionality. A read-write connection to
+  daemons in system mode **typically implies privileges equivalent to having
+  a root shell**. Suitable `authentication mechanisms <auth.html>`__ **must
+  be enabled** to secure it against untrustworthy clients/users.
+
+* *Session mode* - the daemon is running as any non-root user account,
+  providing access to a more restricted range of functionality. Only client
+  apps/users running under **the same UID are permitted to connect**, thus a
+  connection does not imply any elevation of privileges.
+
+  Not all drivers support session mode and as such the corresponding
+  modular daemon may not support running in this mode
+
+
+Monolithic driver daemon
+========================
+
+The monolithic daemon is known as ``libvirtd`` and has historically been the
+default in libvirt. It is configured via the file ``/etc/libvirt/libvirtd.conf``
+
+
+Monolithic sockets
+------------------
+
+When running in system mode, ``libvirtd`` exposes three UNIX domain sockets, and
+optionally, one or two TCP sockets:
+
+* ``/var/run/libvirt/libvirt-sock`` - the primary socket for accessing libvirt
+  APIs, with full read-write privileges. A connection to this socket gives the
+  client privileges that are equivalent to having a root shell. This is the
+  socket that most management applications connect to by default.
+
+* ``/var/run/libvirt/libvirt-sock-ro`` - the secondary socket for accessing
+  libvirt APIs, with limited read-only privileges. A connection to this socket
+  gives the ability to query the existence of objects and monitor some aspects
+  of their operation. This is the socket that most management applications
+  connect to when requesting read only mode. Typically this is what a
+  monitoring app would use.
+
+* ``/var/run/libvirt/libvirt-admin-sock`` - the administrative socket for
+  controlling operation of the daemon itself (as opposed to drivers it is
+  running). This can be used to dynamically reconfigure some aspects of the
+  daemon and monitor/control connected clients.
+
+* ``TCP 16509`` - the non-TLS socket for remotely accessing the libvirt APIs,
+  with full read-write privileges. A connection to this socket gives the
+  client privileges that are equivalent to having a root shell. Since it does
+  not use TLS, an `authentication mechanism <auth.html>`__ that provides
+  encryption must be used. Only the GSSAPI/Kerberos mechanism is capable of
+  satisfying this requirement. In general applications should not use this
+  socket except for debugging in a development/test environment.
+
+* ``TCP 16514`` - the TLS socket for remotely accessing the libvirt APIs,
+  with full read-write privileges. A connection to this socket gives the
+  client privileges that are equivalent to having a root shell. Access control
+  can be enforced either through validation of `x509 certificates
+  <tlscerts.html>`__, and/or by enabling an `authentication mechanism
+  <auth.html>`__.
+
+NB, some distros will use ``/run`` instead of ``/var/run``.
+
+When running in session mode, ``libvirtd`` exposes two UNIX domain sockets:
+
+* ``$XDG_RUNTIME_DIR/libvirt/libvirt-sock`` - the primary socket for accessing
+  libvirt APIs, with full read-write privileges. A connection to this socket
+  does not alter the privileges that the client already has. This is the
+  socket that most management applications connect to by default.
+
+* ``$XDG_RUNTIME_DIR/libvirt/libvirt-admin-sock`` - the administrative socket
+  for controlling operation of the daemon itself (as opposed to drivers it is
+  running). This can be used to dynamically reconfigure some aspects of the
+  daemon and monitor/control connected clients.
+
+Notice that the session mode does not have a separate read-only socket. Since
+the clients must be running as the same user as the daemon itself, there is
+not any security benefit from attempting to enforce a read-only mode.
+
+``$XDG_RUNTIME_DIR`` commonly points to a per-user private location on tmpfs,
+such as ``/run/user/$UID``.
+
+
+Monolithic Systemd Integration
+------------------------------
+
+When the ``libvirtd`` daemon is managed by ``systemd`` a number of desirable
+features are available, most notably socket activation.
+
+Libvirt ships a number of unit files for controlling ``libvirtd``:
+
+* ``libvirtd.service`` - the main unit file for launching the ``libvirtd``
+  daemon in system mode. The command line arguments passed can be configured by
+  editing ``/etc/sysconfig/libvirtd``. This is typically only needed to control
+  the use of the auto shutdown timeout value. It is recommended that this
+  service unit be configured to start on boot. This is because various
+  libvirt drivers support autostart of their objects. If it is known that
+  autostart is not required, this unit can be left to start on demand.
+
+* ``libvirtd.socket`` - the unit file corresponding to the main read-write
+  UNIX socket ``/var/run/libvirt/libvirt-sock``. This socket is recommended to
+  be started on boot by default.
+
+* ``libvirtd-ro.socket`` - the unit file corresponding to the main read-only
+  UNIX socket ``/var/run/libvirt/libvirt-sock-ro``. This socket is recommended
+  to be started on boot by default.
+
+* ``libvirtd-admin.socket`` - the unit file corresponding to the administrative
+  UNIX socket ``/var/run/libvirt/libvirt-admin-sock``. This socket is
+  recommended to be started on boot by default.
+
+* ``libvirtd-tcp.socket`` - the unit file corresponding to the TCP 16509 port
+  for non-TLS remote access. This socket should not be configured to start on
+  boot until the administrator has configured a suitable authentication
+  mechanism.
+
+* ``libvirtd-tls.socket`` - the unit file corresponding to the TCP 16509 port
+  for TLS remote access. This socket should not be configured to start on boot
+  until the administrator has deployed x509 certificates and optionally
+  configured a suitable authentication mechanism.
+
+NB, some distros will use ``/etc/default`` instead of ``/etc/sysconfig``.
+
+The socket unit files are newly introduced in 5.6.0. On newly installed hosts
+the UNIX socket units should be enabled by default. When upgrading an existing
+host from a previous version of libvirt, the socket unit files will be masked
+if ``libvirtd`` is currently configured to use the ``--listen`` argument, since
+the ``--listen`` argument is mutually exclusive with use of socket activation.
+
+When systemd socket activation is used a number of configuration settings in
+``libvirtd.conf`` are no longer honoured. Instead these settings must be
+controlled via the system unit files
+
+* ``listen_tcp`` - TCP socket usage is enabled by starting the
+  ``libvirtd-tcp.socket`` unit file.
+
+* ``listen_tls`` - TLS socket usage is enabled by starting the
+  ``libvirtd-tls.socket`` unit file.
+
+* ``tcp_port`` - Port for the non-TLS TCP socket, controlled via the
+  ``ListenStream`` parameter in the ``libvirtd-tcp.socket`` unit file.
+
+* ``tls_port`` - Port for the TLS TCP socket, controlled via the
+  ``ListenStream`` parameter in the ``libvirtd-tls.socket`` unit file.
+
+* ``listen_addr`` - IP address to listen on, independently controlled via the
+  ``ListenStream`` parameter in the ``libvirtd-tcp.socket``  or
+  ``libvirtd-tls.socket`` unit files.
+
+* ``unix_sock_group`` - UNIX socket group owner, controlled via the
+  ``SocketGroup`` parameter in the ``libvirtd.socket`` and
+  ``libvirtd-ro.socket`` unit files
+
+* ``unix_sock_ro_perms`` - read-only UNIX socket permissions, controlled via the
+  ``SocketMode`` parameter in the ``libvirtd-ro.socket`` unit file
+
+* ``unix_sock_rw_perms`` - read-write UNIX socket permissions, controlled via
+  the ``SocketMode`` parameter in the ``libvirtd.socket`` unit file
+
+* ``unix_sock_admin_perms`` - admin UNIX socket permissions, controlled via the
+  ``SocketMode`` parameter in the ``libvirtd-admin.socket`` unit file
+
+* ``unix_sock_dir`` - directory in which all UNIX sockets are created
+  independently controlled via the ``ListenStream`` parameter in any of the
+  ``libvirtd.socket``, ``libvirtd-ro.socket`` and ``libvirtd-admin.socket`` unit
+  files.
+
+Systemd releases prior to version 227 lacked support for passing the activation
+socket unit names into the service. When using these old versions, the
+``tcp_port``, ``tls_port`` and ``unix_sock_dir`` settings in ``libvirtd.conf``
+must be changed in lock-step with the equivalent settings in the unit files to
+ensure that ``libvirtd`` can identify the sockets.
+
+
+Modular driver daemons
+======================
+
+The modular daemons are named after the driver which they are running, with
+the pattern ``virt${DRIVER}d`` and will become the default in future libvirt.
+They are configured via the files ``/etc/libvirt/virt${DRIVER}d.conf``
+
+The following modular daemons currently exist for hypervisor drivers
+
+* ``virtqemud`` - the QEMU management daemon, for running virtual machines
+  on UNIX platforms, optionally with KVM acceleration, in either system or
+  session mode
+* ``virtxend`` - the Xen management daemon, for running virtual machines
+  on the Xen hypervisor, in system mode only
+* ``virtlxcd`` - the Linux Container management daemon, for running LXC guests
+  in system mode only
+* ``virtbhyved`` - the BHyve management daemon, for running virtual machines
+  on FreeBSD with the BHyve hypervisor, in system mode.
+* ``virtvboxd`` - the VirtualBox management daemon, for running virtual machines
+  on UNIX platforms.
+
+The additional modular daemons service secondary drivers
+
+* ``virtinterfaced`` - the host NIC management daemon, in system mode only
+* ``virtnetworkd`` - the virtual network management daemon, in system mode only
+* ``virtnodedevd`` - the host physical device management daemon, in system mode
+  only
+* ``virtnwfilterd`` - the host firewall management daemon, in system mode only
+* ``virtsecretd`` - the host secret management daemon, in system or session mode
+* ``virtstoraged`` - the host storage management daemon, in system or session
+  mode
+
+
+Modular Sockets
+---------------
+
+When running in system mode, ``virt${DRIVER}d`` exposes three UNIX domain
+sockets:
+
+* ``/var/run/libvirt/virt${DRIVER}d-sock`` - the primary socket for accessing
+  libvirt APIs, with full read-write privileges. For many of the daemons, a
+  connection to this socket gives the client privileges that are equivalent to
+  having a root shell. This is the socket that most management applications
+  connect to by default.
+
+* ``/var/run/libvirt/virt${DRIVER}d-sock-ro`` - the secondary socket for
+  accessing libvirt APIs, with limited read-only privileges. A connection to
+  this socket gives the ability to query the existence of objects and monitor
+  some aspects of their operation. This is the socket that most management
+  applications connect to when requesting read only mode. Typically this is
+  what a monitoring app would use.
+
+* ``/var/run/libvirt/virt${DRIVER}d-admin-sock`` - the administrative socket for
+  controlling operation of the daemon itself (as opposed to drivers it is
+  running). This can be used to dynamically reconfigure some aspects of the
+  daemon and monitor/control connected clients.
+
+NB, some distros will use ``/run`` instead of ``/var/run``.
+
+When running in session mode, ``virt${DRIVER}d`` exposes two UNIX domain sockets:
+
+* ``$XDG_RUNTIME_DIR/libvirt/virt${DRIVER}d-sock`` - the primary socket for
+  accessing libvirt APIs, with full read-write privileges. A connection to this
+  socket does not alter the privileges that the client already has. This is the
+  socket that most management applications connect to by default.
+
+* ``$XDG_RUNTIME_DIR/libvirt/virt${DRIVER}d-admin-sock`` - the administrative
+  socket for controlling operation of the daemon itself (as opposed to drivers
+  it is running). This can be used to dynamically reconfigure some aspects of
+  the daemon and monitor/control connected clients.
+
+Notice that the session mode does not have a separate read-only socket. Since
+the clients must be running as the same user as the daemon itself, there is
+not any security benefit from attempting to enforce a read-only mode.
+
+``$XDG_RUNTIME_DIR`` commonly points to a per-user private location on tmpfs,
+such as ``/run/user/$UID``.
+
+Modular Systemd Integration
+---------------------------
+
+When the ``virt${DRIVER}d`` daemon is managed by ``systemd`` a number of
+desirable features are available, most notably socket activation.
+
+Libvirt ships a number of unit files for controlling ``virt${DRIVER}d``:
+
+* ``virt${DRIVER}d.service`` - the main unit file for launching the
+  ``virt${DRIVER}d`` daemon in system mode. The command line arguments passed
+  can be configured by editing ``/etc/sysconfig/virt${DRIVER}d``. This is
+  typically only needed to control the use of the auto shutdown timeout value.
+  It is recommended that this service unit be configured to start on boot.
+  This is because various libvirt drivers support autostart of their objects.
+  If it is known that autostart is not required, this unit can be left to start
+  on demand.
+
+* ``virt${DRIVER}d.socket`` - the unit file corresponding to the main read-write
+  UNIX socket ``/var/run/libvirt/virt${DRIVER}d-sock``. This socket is
+  recommended to be started on boot by default.
+
+* ``virt${DRIVER}d-ro.socket`` - the unit file corresponding to the main
+  read-only UNIX socket ``/var/run/libvirt/virt${DRIVER}d-sock-ro``. This
+  socket is recommended to be started on boot by default.
+
+* ``virt${DRIVER}d-admin.socket`` - the unit file corresponding to the
+  administrative UNIX socket ``/var/run/libvirt/virt${DRIVER}d-admin-sock``.
+  This socket is recommended to be started on boot by default.
+
+NB, some distros will use ``/etc/default`` instead of ``/etc/sysconfig``.
+
+The socket unit files are newly introduced in 5.6.0. On newly installed hosts
+the UNIX socket units should be enabled by default. When upgrading an existing
+host from a previous version of libvirt, the socket unit files will be masked
+if ``virt${DRIVER}d`` is currently configured to use the ``--listen`` argument,
+since the ``--listen`` argument is mutually exclusive with use of socket
+activation.
+
+When systemd socket activation is used a number of configuration settings in
+``virt${DRIVER}d.conf`` are no longer honoured. Instead these settings must be
+controlled via the system unit files:
+
+* ``unix_sock_group`` - UNIX socket group owner, controlled via the
+  ``SocketGroup`` parameter in the ``virt${DRIVER}d.socket`` and
+  ``virt${DRIVER}d-ro.socket`` unit files
+
+* ``unix_sock_ro_perms`` - read-only UNIX socket permissions, controlled via the
+  ``SocketMode`` parameter in the ``virt${DRIVER}d-ro.socket`` unit file
+
+* ``unix_sock_rw_perms`` - read-write UNIX socket permissions, controlled via
+  the ``SocketMode`` parameter in the ``virt${DRIVER}d.socket`` unit file
+
+* ``unix_sock_admin_perms`` - admin UNIX socket permissions, controlled via the
+  ``SocketMode`` parameter in the ``virt${DRIVER}d-admin.socket`` unit file
+
+* ``unix_sock_dir`` - directory in which all UNIX sockets are created
+  independently controlled via the ``ListenStream`` parameter in any of the
+  ``virt${DRIVER}d.socket``, ``virt${DRIVER}d-ro.socket`` and
+  ``virt${DRIVER}d-admin.socket`` unit files.
+
+Systemd releases prior to version 227 lacked support for passing the activation
+socket unit names into the service. When using these old versions, the
+``unix_sock_dir`` setting in ``virt${DRIVER}d.conf`` must be changed in
+lock-step with the equivalent setting in the unit files to ensure that
+``virt${DRIVER}d`` can identify the sockets.
+
+
+Switching to modular daemons
+----------------------------
+
+If a host is currently set to use the monolithic ``libvirtd`` daemon and needs
+to be migrated to the monolithic daemons a number of services need to be
+changed. The steps below outline the process on hosts using the systemd init
+service.
+
+While it is technically possible to do this while virtual machines are running,
+it is recommended that virtual machines be stopped or live migrated to a new
+host first.
+
+#. Stop the current monolithic daemon and its socket units
+
+   ::
+
+      $ systemctl stop libvirtd.service
+      $ systemctl stop libvirtd{,-ro,-admin,-tcp,-tls}.socket
+
+#. Disable future start of the monolithic daemon
+
+   ::
+
+      $ systemctl disable libvirtd.service
+      $ systemctl disable libvirtd{,-ro,-admin,-tcp,-tls}.socket
+
+   For stronger protection it is valid to use ``mask`` instead of ``disable``
+   too.
+
+#. Enable the new daemons for the particular virtualizationd driver desired,
+   and any of the secondary drivers to accompany it. The following example
+   enables the QEMU driver and all the secondary drivers:
+
+   ::
+
+      $ for drv in qemu interface network nodedev nwfilter secret storage
+        do
+          systemctl unmask virt${drv}d.service
+          systemctl unmask virt${drv}d{,-ro,-admin}.socket
+          systemctl enable virt${drv}d.service
+          systemctl enable virt${drv}d{,-ro,-admin}.socket
+	done
+
+#. Start the sockets for the same set of daemons. There is no need to start the
+   services as they will get started when the first socket connection is
+   established
+
+   ::
+
+      $ for drv in qemu network nodedev nwfilter secret storage
+        do
+          systemctl start virt${drv}d{,-ro,-admin}.socket
+	done
+
+#. If connections from remote hosts need to be supported the proxy daemon
+   must be enabled and started
+
+   ::
+
+      $ systemctl unmask virtproxyd.service
+      $ systemctl unmask virtproxyd{,-ro,-admin}.socket
+      $ systemctl enable virtproxyd.service
+      $ systemctl enable virtproxyd{,-ro,-admin}.socket
+      $ systemctl start virtproxyd{,-ro,-admin}.socket
+
+   The UNIX sockets allow for remote access using SSH tunneling. If ``libvirtd``
+   had TCP or TLS sockets configured, those should be started too
+
+   ::
+
+      $ systemctl unmask virtproxyd-tls.socket
+      $ systemctl enable virtproxyd-tls.socket
+      $ systemctl start virtproxyd-tls.socket
+
+
+Proxy daemon
+============
+
+The monolithic daemon is known as ``libvirtd`` and has historically been the
+default in libvirt. It is configured via the file ``/etc/libvirt/libvirtd.conf``
+
+
+Proxy sockets
+-------------
+
+When running in system mode, ``virtproxyd`` exposes three UNIX domain sockets,
+and optionally, one or two TCP sockets. These sockets are identical to those
+provided by the traditional ``libvirtd`` so refer to earlier documentation in
+this page.
+
+When running in session mode, ``virtproxyd`` exposes two UNIX domain sockets,
+which are again identical to those provided by ``libvirtd``.
+
+Proxy Systemd Integration
+-------------------------
+
+When the ``virtproxyd`` daemon is managed by ``systemd`` a number of desirable
+features are available, most notably socket activation.
+
+Libvirt ships a number of unit files for controlling ``virtproxyd``:
+
+* ``virtproxyd.service`` - the main unit file for launching the ``virtproxyd``
+  daemon in system mode. The command line arguments passed can be configured by
+  editing ``/etc/sysconfig/virtproxyd``. This is typically only needed to
+  control the use of the auto shutdown timeout value.
+
+* ``virtproxyd.socket`` - the unit file corresponding to the main read-write
+  UNIX socket ``/var/run/libvirt/libvirt-sock``. This socket is recommended to
+  be started on boot by default.
+
+* ``virtproxyd-ro.socket`` - the unit file corresponding to the main read-only
+  UNIX socket ``/var/run/libvirt/libvirt-sock-ro``. This socket is recommended
+  to be started on boot by default.
+
+* ``virtproxyd-admin.socket`` - the unit file corresponding to the
+  administrative UNIX socket ``/var/run/libvirt/libvirt-admin-sock``. This
+  socket is recommended to be started on boot by default.
+
+* ``virtproxyd-tcp.socket`` - the unit file corresponding to the TCP 16509 port
+  for non-TLS remote access. This socket should not be configured to start on
+  boot until the administrator has configured a suitable authentication
+  mechanism.
+
+* ``virtproxyd-tls.socket`` - the unit file corresponding to the TCP 16509 port
+  for TLS remote access. This socket should not be configured to start on boot
+  until the administrator has deployed x509 certificates and optionally
+  configured a suitable authentication mechanism.
+
+NB, some distros will use ``/etc/default`` instead of ``/etc/sysconfig``.
+
+The socket unit files are newly introduced in 5.6.0. On newly installed hosts
+the UNIX socket units should be enabled by default. When upgrading an existing
+host from a previous version of libvirt, the socket unit files will be masked
+if ``virtproxyd`` is currently configured to use the ``--listen`` argument, since
+the ``--listen`` argument is mutually exclusive with use of socket activation.
+
+When systemd socket activation is used a number of configuration settings in
+``virtproxyd.conf`` are no longer honoured. Instead these settings must be
+controlled via the system unit files. Refer to the earlier documentation on
+the ``libvirtd`` service socket configuration for further information.
+
+
+Logging daemon
+==============
+
+The ``virtlogd`` daemon provides a service for managing log files associated
+with QEMU virtual machines. The QEMU process is given one or more pipes, the
+other end of which are owned by the ``virtlogd`` daemon. It will then write
+data on those pipes to log files, while enforcing a maximum file size and
+performing log rollover at the size limit.
+
+Since the daemon holds open anoymous pipe file descriptors, it must never be
+stopped while any QEMU virtual machines are running. To enable software updates
+to be applied, the daemon is capable of re-executing itself while keeping all
+file descriptors open. This can be triggered by sending the daemon ``SIGUSR1``
+
+Logging Sockets
+---------------
+
+When running in system mode, ``virtlogd`` exposes two UNIX domain sockets:
+
+* ``/var/run/libvirt/virtlogd-sock`` - the primary socket for accessing
+  libvirt APIs, with full read-write privileges. Access to the socket is
+  restricted to the root user.
+
+* ``/var/run/libvirt/virtlogd-admin-sock`` - the administrative socket for
+  controlling operation of the daemon itself (as opposed to drivers it is
+  running). This can be used to dynamically reconfigure some aspects of the
+  daemon and monitor/control connected clients.
+
+NB, some distros will use ``/run`` instead of ``/var/run``.
+
+When running in session mode, ``virtlogd`` exposes two UNIX domain sockets:
+
+* ``$XDG_RUNTIME_DIR/libvirt/virtlogd-sock`` - the primary socket for
+  accessing libvirt APIs, with full read-write privileges. Access to the
+  socket is restricted to the unprivileged user running the daemon.
+
+* ``$XDG_RUNTIME_DIR/libvirt/virtlogd-admin-sock`` - the administrative
+  socket for controlling operation of the daemon itself (as opposed to drivers
+  it is running). This can be used to dynamically reconfigure some aspects of
+  the daemon and monitor/control connected clients.
+
+``$XDG_RUNTIME_DIR`` commonly points to a per-user private location on tmpfs,
+such as ``/run/user/$UID``.
+
+Logging Systemd Integration
+---------------------------
+
+When the ``virtlogd`` daemon is managed by ``systemd`` a number of desirable
+features are available, most notably socket activation.
+
+Libvirt ships a number of unit files for controlling ``virtlogd``:
+
+* ``virtlogd.service`` - the main unit file for launching the
+  ``virtlogd`` daemon in system mode. The command line arguments passed
+  can be configured by editing ``/etc/sysconfig/virtlogd``. This is
+  typically only needed to control the use of the auto shutdown timeout value.
+
+* ``virtlogd.socket`` - the unit file corresponding to the main read-write
+  UNIX socket ``/var/run/libvirt/virtlogd-sock``. This socket is recommended
+  to be started on boot by default.
+
+* ``virtlogd-admin.socket`` - the unit file corresponding to the administrative
+  UNIX socket ``/var/run/libvirt/virtlogd-admin-sock``. This socket is
+  recommended to be started on boot by default.
+
+NB, some distros will use ``/etc/default`` instead of ``/etc/sysconfig``.
+
+When systemd socket activation is used a number of configuration settings in
+``virtlogd.conf`` are no longer honoured. Instead these settings must be
+controlled via the system unit files:
+
+* ``unix_sock_group`` - UNIX socket group owner, controlled via the
+  ``SocketGroup`` parameter in the ``virtlogd.socket`` and
+  ``virtlogd-ro.socket`` unit files
+
+* ``unix_sock_ro_perms`` - read-only UNIX socket permissions, controlled via the
+  ``SocketMode`` parameter in the ``virtlogd-ro.socket`` unit file
+
+* ``unix_sock_rw_perms`` - read-write UNIX socket permissions, controlled via
+  the ``SocketMode`` parameter in the ``virtlogd.socket`` unit file
+
+* ``unix_sock_admin_perms`` - admin UNIX socket permissions, controlled via the
+  ``SocketMode`` parameter in the ``virtlogd-admin.socket`` unit file
+
+* ``unix_sock_dir`` - directory in which all UNIX sockets are created
+  independently controlled via the ``ListenStream`` parameter in any of the
+  ``virtlogd.socket`` and ``virtlogd-admin.socket`` unit files.
+
+Systemd releases prior to version 227 lacked support for passing the activation
+socket unit names into the service. When using these old versions, the
+``unix_sock_dir`` setting in ``virtlogd.conf`` must be changed in
+lock-step with the equivalent setting in the unit files to ensure that
+``virtlogd`` can identify the sockets.
+
+Locking daemon
+==============
+
+The ``virtlockd`` daemon provides a service for holding locks against file
+images and devices serving as backing storage for virtual disks. The locks
+will be held for as long as there is a QEMU process running with the disk
+open.
+
+To ensure continuity of locking, the daemon holds open anoymous file
+descriptors, it must never be stopped while any QEMU virtual machines are
+running. To enable software updates to be applied, the daemon is capable of
+re-executing itself while keeping all file descriptors open. This can be
+triggered by sending the daemon ``SIGUSR1``
+
+Locking Sockets
+---------------
+
+When running in system mode, ``virtlockd`` exposes two UNIX domain sockets:
+
+* ``/var/run/libvirt/virtlockd-sock`` - the primary socket for accessing
+  libvirt APIs, with full read-write privileges. Access to the socket is
+  restricted to the root user.
+
+* ``/var/run/libvirt/virtlockd-admin-sock`` - the administrative socket for
+  controlling operation of the daemon itself (as opposed to drivers it is
+  running). This can be used to dynamically reconfigure some aspects of the
+  daemon and monitor/control connected clients.
+
+NB, some distros will use ``/run`` instead of ``/var/run``.
+
+When running in session mode, ``virtlockd`` exposes two UNIX domain sockets:
+
+* ``$XDG_RUNTIME_DIR/libvirt/virtlockd-sock`` - the primary socket for
+  accessing libvirt APIs, with full read-write privileges. Access to the
+  socket is restricted to the unprivileged user running the daemon.
+
+* ``$XDG_RUNTIME_DIR/libvirt/virtlockd-admin-sock`` - the administrative
+  socket for controlling operation of the daemon itself (as opposed to drivers
+  it is running). This can be used to dynamically reconfigure some aspects of
+  the daemon and monitor/control connected clients.
+
+``$XDG_RUNTIME_DIR`` commonly points to a per-user private location on tmpfs,
+such as ``/run/user/$UID``.
+
+Locking Systemd Integration
+---------------------------
+
+When the ``virtlockd`` daemon is managed by ``systemd`` a number of desirable
+features are available, most notably socket activation.
+
+Libvirt ships a number of unit files for controlling ``virtlockd``:
+
+* ``virtlockd.service`` - the main unit file for launching the
+  ``virtlockd`` daemon in system mode. The command line arguments passed
+  can be configured by editing ``/etc/sysconfig/virtlockd``. This is
+  typically only needed to control the use of the auto shutdown timeout value.
+
+* ``virtlockd.socket`` - the unit file corresponding to the main read-write
+  UNIX socket ``/var/run/libvirt/virtlockd-sock``. This socket is recommended
+  to be started on boot by default.
+
+* ``virtlockd-admin.socket`` - the unit file corresponding to the administrative
+  UNIX socket ``/var/run/libvirt/virtlockd-admin-sock``. This socket is
+  recommended to be started on boot by default.
+
+NB, some distros will use ``/etc/default`` instead of ``/etc/sysconfig``.
+
+When systemd socket activation is used a number of configuration settings in
+``virtlockd.conf`` are no longer honoured. Instead these settings must be
+controlled via the system unit files:
+
+* ``unix_sock_group`` - UNIX socket group owner, controlled via the
+  ``SocketGroup`` parameter in the ``virtlockd.socket`` and
+  ``virtlockd-ro.socket`` unit files
+
+* ``unix_sock_ro_perms`` - read-only UNIX socket permissions, controlled via the
+  ``SocketMode`` parameter in the ``virtlockd-ro.socket`` unit file
+
+* ``unix_sock_rw_perms`` - read-write UNIX socket permissions, controlled via
+  the ``SocketMode`` parameter in the ``virtlockd.socket`` unit file
+
+* ``unix_sock_admin_perms`` - admin UNIX socket permissions, controlled via the
+  ``SocketMode`` parameter in the ``virtlockd-admin.socket`` unit file
+
+* ``unix_sock_dir`` - directory in which all UNIX sockets are created
+  independently controlled via the ``ListenStream`` parameter in any of the
+  ``virtlockd.socket`` and ``virtlockd-admin.socket`` unit files.
+
+Systemd releases prior to version 227 lacked support for passing the activation
+socket unit names into the service. When using these old versions, the
+``unix_sock_dir`` setting in ``virtlockd.conf`` must be changed in
+lock-step with the equivalent setting in the unit files to ensure that
+``virtlockd`` can identify the sockets.

docs/dbus.html.in

@@ -6,14 +6,14 @@
 
     <ul id="toc"></ul>
 
-    <h2><a name="description">Description</a></h2>
+    <h2><a id="description">Description</a></h2>
 
     <p>
       libvirt-dbus wraps libvirt API to provide a high-level object-oriented
       API better suited for dbus-based applications.
     </p>
 
-    <h2><a name="git">GIT source repository</a></h2>
+    <h2><a id="git">GIT source repository</a></h2>
     <p>
       The D-Bus bindings source code is maintained in a
       <a href="https://git-scm.com/">git</a> repository available on
@@ -32,7 +32,7 @@ git clone https://libvirt.org/git/libvirt-dbus.git
 <a href="https://libvirt.org/git/?p=libvirt-dbus.git">https://libvirt.org/git/?p=libvirt-dbus.git</a>
 </pre>
 
-    <h2><a name="usage">Usage</a></h2>
+    <h2><a id="usage">Usage</a></h2>
 
     <p>
       libvirt-dbus exports libvirt API using D-Bus objects with methods and

docs/developer-tooling.rst

@@ -0,0 +1,13 @@
+=================
+Developer tooling
+=================
+
+libvirt includes support for some useful development tools right
+in its source repository, meaning users will be able to take
+advantage of them without little or no configuration. Examples
+include:
+
+-  `color_coded <https://github.com/jeaye/color_coded>`__, a vim
+   plugin for libclang-powered semantic syntax highlighting;
+-  `YouCompleteMe <http://valloric.github.io/YouCompleteMe/>`__, a
+   vim plugin for libclang-powered semantic code completion.

docs/devhelp/devhelp.xsl

@@ -1,131 +0,0 @@
-<?xml version="1.0"?>
-<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0"
-		xmlns="http://www.devhelp.net/book"
-		xmlns:exsl="http://exslt.org/common"
-		xmlns:str="http://exslt.org/strings"
-		extension-element-prefixes="exsl str"
-		exclude-result-prefixes="exsl str">
-  <!-- The stylesheet for the html pages -->
-  <xsl:import href="html.xsl"/>
-
-  <xsl:output method="xml" encoding="UTF-8" indent="yes"/>
-
-  <!-- Build keys for all symbols -->
-  <xsl:key name="symbols" match="/api/symbols/*" use="@name"/>
-
-  <xsl:template match="/">
-    <xsl:document xmlns="http://www.devhelp.net/book" href="libvirt.devhelp"
-                  method="xml" encoding="UTF-8" indent="yes">
-      <xsl:apply-templates/>
-    </xsl:document>
-  </xsl:template>
-
-  <xsl:template match="/api">
-    <book title="{@name} Reference Manual" link="index.html" author="" name="{@name}">
-      <xsl:apply-templates select="files"/>
-      <xsl:apply-templates select="symbols"/>
-    </book>
-    <xsl:call-template name="generate_index"/>
-    <xsl:call-template name="generate_general"/>
-  </xsl:template>
-  <xsl:template match="/api/files">
-    <chapters>
-      <sub name="API" link="general.html">
-        <xsl:apply-templates select="file"/>
-      </sub>
-    </chapters>
-  </xsl:template>
-  <xsl:template match="/api/files/file">
-    <xsl:variable name="module" select="@name"/>
-    <xsl:variable name="prev" select="string(preceding-sibling::file[position()=1]/@name)"/>
-    <xsl:variable name="next" select="string(following-sibling::file[position()=1]/@name)"/>
-    <sub name="{@name}" link="libvirt-{@name}.html"/>
-    <xsl:document xmlns="" href="libvirt-{@name}.html" method="xml" indent="yes" encoding="UTF-8">
-      <html>
-        <head>
-	  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
-	  <title><xsl:value-of select="concat(@name, ': ', summary)"/></title>
-	  <meta name="generator" content="Libvirt devhelp stylesheet"/>
-	  <link rel="start" href="index.html" title="libvirt Reference Manual"/>
-	  <link rel="up" href="general.html" title="API"/>
-	  <link rel="stylesheet" href="style.css" type="text/css"/>
-	  <link rel="chapter" href="general.html" title="API"/>
-        </head>
-	<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
-
-          <table class="navigation" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2">
-	    <tr valign="middle">
-	      <xsl:if test="$prev != ''">
-		<td><a accesskey="p" href="libvirt-{$prev}.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"/></a></td>
-	      </xsl:if>
-              <td><a accesskey="u" href="general.html"><img src="up.png" width="24" height="24" border="0" alt="Up"/></a></td>
-              <td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"/></a></td>
-	      <xsl:if test="$next != ''">
-		<td><a accesskey="n" href="libvirt-{$next}.html"><img src="right.png" width="24" height="24" border="0" alt="Next"/></a></td>
-	      </xsl:if>
-              <th width="100%" align="center">libvirt Reference Manual</th>
-            </tr>
-	  </table>
-	  <h2><span class="refentrytitle"><xsl:value-of select="@name"/></span></h2>
-	  <p><xsl:value-of select="@name"/> - <xsl:value-of select="summary"/></p>
-	  <p><xsl:value-of select="description"/></p>
-	  <xsl:if test="deprecated">
-	    <p> WARNING: this module is deprecated !</p>
-	  </xsl:if>
-	  <div class="refsynopsisdiv">
-	  <h2>Synopsis</h2>
-	  <pre class="synopsis">
-	    <xsl:apply-templates mode="synopsis" select="exports"/>
-	  </pre>
-	  </div>
-	  <div class="refsect1" lang="en">
-	  <h2>Description</h2>
-	  </div>
-	  <div class="refsect1" lang="en">
-	  <h2>Details</h2>
-	  <div class="refsect2" lang="en">
-	    <xsl:apply-templates mode="details" select="/api/symbols/macro[@file=$module]"/>
-	    <xsl:apply-templates mode="details" select="/api/symbols/typedef[@file=$module] | /api/symbols/struct[@file=$module]"/>
-	    <xsl:apply-templates mode="details" select="/api/symbols/functype[@file=$module]"/>
-	    <xsl:apply-templates mode="details" select="/api/symbols/variable[@file=$module]"/>
-	    <xsl:apply-templates mode="details" select="/api/symbols/function[@file=$module]"/>
-	  </div>
-	  </div>
-	</body>
-      </html>
-    </xsl:document>
-  </xsl:template>
-  <xsl:template match="/api/symbols">
-    <functions>
-      <xsl:apply-templates select="macro"/>
-      <xsl:apply-templates select="enum"/>
-      <xsl:apply-templates select="typedef"/>
-      <xsl:apply-templates select="struct"/>
-      <xsl:apply-templates select="functype"/>
-      <xsl:apply-templates select="variable"/>
-      <xsl:apply-templates select="function"/>
-    </functions>
-  </xsl:template>
-  <xsl:template match="/api/symbols/functype">
-    <function name="{@name}" link="libvirt-{@file}.html#{@name}"/>
-  </xsl:template>
-  <xsl:template match="/api/symbols/function">
-    <function name="{@name} ()" link="libvirt-{@file}.html#{@name}"/>
-  </xsl:template>
-  <xsl:template match="/api/symbols/typedef">
-    <function name="{@name}" link="libvirt-{@file}.html#{@name}"/>
-  </xsl:template>
-  <xsl:template match="/api/symbols/enum">
-    <function name="{@name}" link="libvirt-{@file}.html#{@name}"/>
-  </xsl:template>
-  <xsl:template match="/api/symbols/struct">
-    <function name="{@name}" link="libvirt-{@file}.html#{@name}"/>
-  </xsl:template>
-  <xsl:template match="/api/symbols/macro">
-    <function name="{@name}" link="libvirt-{@file}.html#{@name}"/>
-  </xsl:template>
-  <xsl:template match="/api/symbols/variable">
-    <function name="{@name}" link="libvirt-{@file}.html#{@name}"/>
-  </xsl:template>
-
-</xsl:stylesheet>

docs/devhelp/html.xsl

@@ -1,573 +0,0 @@
-<?xml version="1.0"?>
-<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0"
-		xmlns:exsl="http://exslt.org/common"
-		xmlns:str="http://exslt.org/strings"
-		extension-element-prefixes="exsl str"
-		exclude-result-prefixes="exsl str">
-  <xsl:output method="xml" encoding="UTF-8" indent="yes"/>
-
-  <!-- This is convoluted but needed to force the current document to
-       be the API one and not the result tree from the tokenize() result,
-       because the keys are only defined on the main document -->
-  <xsl:template mode="dumptoken" match='*'>
-    <xsl:param name="token"/>
-    <xsl:variable name="ref" select="key('symbols', $token)"/>
-    <xsl:choose>
-      <xsl:when test="$ref">
-        <a href="libvirt-{$ref/@file}.html#{$ref/@name}"><xsl:value-of select="$token"/></a>
-      </xsl:when>
-      <xsl:otherwise>
-        <xsl:value-of select="$token"/>
-      </xsl:otherwise>
-    </xsl:choose>
-  </xsl:template>
-
-  <!-- dumps a string, making cross-reference links -->
-  <xsl:template name="dumptext">
-    <xsl:param name="text"/>
-    <xsl:variable name="ctxt" select='.'/>
-    <!-- <xsl:value-of select="$text"/> -->
-    <xsl:for-each select="str:tokenize($text, ' &#9;')">
-      <xsl:apply-templates select="$ctxt" mode='dumptoken'>
-        <xsl:with-param name="token" select="string(.)"/>
-      </xsl:apply-templates>
-      <xsl:if test="position() != last()">
-        <xsl:text> </xsl:text>
-      </xsl:if>
-    </xsl:for-each>
-  </xsl:template>
-
-<!--
-
-             The following builds the Synopsis section
-
--->
-  <xsl:template mode="synopsis" match="function">
-    <xsl:variable name="name" select="string(@name)"/>
-    <xsl:variable name="nlen" select="string-length($name)"/>
-    <xsl:variable name="tlen" select="string-length(return/@type)"/>
-    <xsl:variable name="blen" select="(($nlen + 8) - (($nlen + 8) mod 8)) + (($tlen + 8) - (($tlen + 8) mod 8))"/>
-    <xsl:call-template name="dumptext">
-      <xsl:with-param name="text" select="return/@type"/>
-    </xsl:call-template>
-    <xsl:text>&#9;</xsl:text>
-    <a href="#{@name}"><xsl:value-of select="@name"/></a>
-    <xsl:if test="$blen - 40 &lt; -8">
-      <xsl:text>&#9;</xsl:text>
-    </xsl:if>
-    <xsl:if test="$blen - 40 &lt; 0">
-      <xsl:text>&#9;</xsl:text>
-    </xsl:if>
-    <xsl:text>&#9;(</xsl:text>
-    <xsl:if test="not(arg)">
-      <xsl:text>void</xsl:text>
-    </xsl:if>
-    <xsl:for-each select="arg">
-      <xsl:call-template name="dumptext">
-        <xsl:with-param name="text" select="@type"/>
-      </xsl:call-template>
-      <xsl:text> </xsl:text>
-      <xsl:value-of select="@name"/>
-      <xsl:if test="position() != last()">
-        <xsl:text>, </xsl:text><br/>
-	<xsl:if test="$blen - 40 &gt; 8">
-	  <xsl:text>&#9;</xsl:text>
-	</xsl:if>
-	<xsl:if test="$blen - 40 &gt; 0">
-	  <xsl:text>&#9;</xsl:text>
-	</xsl:if>
-	<xsl:text>&#9;&#9;&#9;&#9;&#9; </xsl:text>
-      </xsl:if>
-    </xsl:for-each>
-    <xsl:text>);</xsl:text>
-    <xsl:text>
-</xsl:text>
-  </xsl:template>
-
-  <xsl:template mode="synopsis" match="functype">
-    <xsl:variable name="name" select="string(@name)"/>
-    <xsl:variable name="nlen" select="string-length($name)"/>
-    <xsl:variable name="tlen" select="string-length(return/@type)"/>
-    <xsl:variable name="blen" select="(($nlen + 8) - (($nlen + 8) mod 8)) + (($tlen + 8) - (($tlen + 8) mod 8))"/>
-    <xsl:text>typedef </xsl:text>
-    <xsl:call-template name="dumptext">
-      <xsl:with-param name="text" select="return/@type"/>
-    </xsl:call-template>
-    <xsl:text> </xsl:text>
-    <a href="#{@name}"><xsl:value-of select="@name"/></a>
-    <xsl:if test="$blen - 40 &lt; -8">
-      <xsl:text>&#9;</xsl:text>
-    </xsl:if>
-    <xsl:if test="$blen - 40 &lt; 0">
-      <xsl:text>&#9;</xsl:text>
-    </xsl:if>
-    <xsl:text>&#9;(</xsl:text>
-    <xsl:if test="not(arg)">
-      <xsl:text>void</xsl:text>
-    </xsl:if>
-    <xsl:for-each select="arg">
-      <xsl:call-template name="dumptext">
-        <xsl:with-param name="text" select="@type"/>
-      </xsl:call-template>
-      <xsl:text> </xsl:text>
-      <xsl:value-of select="@name"/>
-      <xsl:if test="position() != last()">
-        <xsl:text>, </xsl:text><br/>
-	<xsl:if test="$blen - 40 &gt; 8">
-	  <xsl:text>&#9;</xsl:text>
-	</xsl:if>
-	<xsl:if test="$blen - 40 &gt; 0">
-	  <xsl:text>&#9;</xsl:text>
-	</xsl:if>
-	<xsl:text>&#9;&#9;&#9;&#9;&#9; </xsl:text>
-      </xsl:if>
-    </xsl:for-each>
-    <xsl:text>);</xsl:text>
-    <xsl:text>
-</xsl:text>
-  </xsl:template>
-
-  <xsl:template mode="synopsis" match="exports[@type='function']">
-    <xsl:variable name="def" select="key('symbols',@symbol)"/>
-    <xsl:apply-templates mode="synopsis" select="$def"/>
-  </xsl:template>
-
-  <xsl:template mode="synopsis" match="exports[@type='typedef']">
-    <xsl:text>typedef </xsl:text>
-    <xsl:call-template name="dumptext">
-      <xsl:with-param name="text" select="string(key('symbols',@symbol)/@type)"/>
-    </xsl:call-template>
-    <xsl:text> </xsl:text>
-    <a href="#{@symbol}"><xsl:value-of select="@symbol"/></a>
-    <xsl:text>;
-</xsl:text>
-  </xsl:template>
-
-  <xsl:template mode="synopsis" match="exports[@type='macro']">
-    <xsl:variable name="def" select="key('symbols',@symbol)"/>
-    <xsl:text>#define </xsl:text>
-    <a href="#{@symbol}"><xsl:value-of select="@symbol"/></a>
-    <xsl:if test="$def/arg">
-      <xsl:text>(</xsl:text>
-      <xsl:for-each select="$def/arg">
-        <xsl:value-of select="@name"/>
-	<xsl:if test="position() != last()">
-	  <xsl:text>, </xsl:text>
-	</xsl:if>
-      </xsl:for-each>
-      <xsl:text>)</xsl:text>
-    </xsl:if>
-    <xsl:text>;
-</xsl:text>
-  </xsl:template>
-  <xsl:template mode="synopsis" match="exports[@type='enum']">
-  </xsl:template>
-  <xsl:template mode="synopsis" match="exports[@type='struct']">
-  </xsl:template>
-
-<!--
-
-             The following builds the Details section
-
--->
-  <xsl:template mode="details" match="struct">
-    <xsl:variable name="name" select="string(@name)"/>
-    <div class="refsect2" lang="en">
-    <h3><a name="{$name}">Structure </a><xsl:value-of select="$name"/></h3>
-    <pre class="programlisting">
-    <xsl:value-of select="@type"/><xsl:text> {
-</xsl:text>
-    <xsl:if test="not(field)">
-      <xsl:text>The content of this structure is not made public by the API.
-</xsl:text>
-    </xsl:if>
-    <xsl:for-each select="field">
-        <xsl:text>    </xsl:text>
-	<xsl:call-template name="dumptext">
-	  <xsl:with-param name="text" select="@type"/>
-	</xsl:call-template>
-	<xsl:text>&#9;</xsl:text>
-	<xsl:value-of select="@name"/>
-	<xsl:if test="@info != ''">
-	  <xsl:text>&#9;: </xsl:text>
-	  <xsl:call-template name="dumptext">
-	    <xsl:with-param name="text" select="substring(@info, 1, 70)"/>
-	  </xsl:call-template>
-	</xsl:if>
-	<xsl:text>
-</xsl:text>
-    </xsl:for-each>
-    <xsl:text>} </xsl:text>
-    <xsl:value-of select="$name"/>
-    <xsl:text>;
-</xsl:text>
-    </pre>
-    <p>
-    <xsl:call-template name="dumptext">
-      <xsl:with-param name="text" select="info"/>
-    </xsl:call-template>
-    </p><xsl:text>
-</xsl:text>
-    </div><hr/>
-  </xsl:template>
-
-  <xsl:template mode="details" match="typedef[@type != 'enum']">
-    <xsl:variable name="name" select="string(@name)"/>
-    <div class="refsect2" lang="en">
-    <h3><a name="{$name}">Typedef </a><xsl:value-of select="$name"/></h3>
-    <pre class="programlisting">
-    <xsl:call-template name="dumptext">
-      <xsl:with-param name="text" select="string(@type)"/>
-    </xsl:call-template>
-    <xsl:text> </xsl:text>
-    <xsl:value-of select="$name"/>
-    <xsl:text>;
-</xsl:text>
-    </pre>
-    <p>
-    <xsl:call-template name="dumptext">
-      <xsl:with-param name="text" select="info"/>
-    </xsl:call-template>
-    </p><xsl:text>
-</xsl:text>
-    </div><hr/>
-  </xsl:template>
-
-  <xsl:template mode="details" match="variable">
-    <xsl:variable name="name" select="string(@name)"/>
-    <div class="refsect2" lang="en">
-    <h3><a name="{$name}">Variable </a><xsl:value-of select="$name"/></h3>
-    <pre class="programlisting">
-    <xsl:call-template name="dumptext">
-      <xsl:with-param name="text" select="string(@type)"/>
-    </xsl:call-template>
-    <xsl:text> </xsl:text>
-    <xsl:value-of select="$name"/>
-    <xsl:text>;
-</xsl:text>
-    </pre>
-    <p>
-    <xsl:call-template name="dumptext">
-      <xsl:with-param name="text" select="info"/>
-    </xsl:call-template>
-    </p><xsl:text>
-</xsl:text>
-    </div><hr/>
-  </xsl:template>
-
-  <xsl:template mode="details" match="typedef[@type = 'enum']">
-    <xsl:variable name="name" select="string(@name)"/>
-    <div class="refsect2" lang="en">
-    <h3><a name="{$name}">Enum </a><xsl:value-of select="$name"/></h3>
-    <pre class="programlisting">
-    <xsl:text>enum </xsl:text>
-    <a href="#{$name}"><xsl:value-of select="$name"/></a>
-    <xsl:text> {
-</xsl:text>
-    <xsl:for-each select="/api/symbols/enum[@type=$name]">
-      <xsl:sort select="@value" data-type="number" order="ascending"/>
-      <xsl:text>    </xsl:text>
-      <a name="{@name}"><xsl:value-of select="@name"/></a>
-      <xsl:if test="@value">
-        <xsl:text> = </xsl:text>
-	<xsl:value-of select="@value"/>
-      </xsl:if>
-      <xsl:if test="@info">
-        <xsl:text> /* </xsl:text>
-	<xsl:value-of select="@info"/>
-        <xsl:text> */</xsl:text>
-      </xsl:if>
-      <xsl:text>
-</xsl:text>
-    </xsl:for-each>
-    <xsl:text>};
-</xsl:text>
-    </pre>
-    <p>
-    <xsl:call-template name="dumptext">
-      <xsl:with-param name="text" select="info"/>
-    </xsl:call-template>
-    </p><xsl:text>
-</xsl:text>
-    </div><hr/>
-  </xsl:template>
-
-  <xsl:template mode="details" match="macro">
-    <xsl:variable name="name" select="string(@name)"/>
-    <div class="refsect2" lang="en">
-    <h3><a name="{$name}">Macro </a><xsl:value-of select="$name"/></h3>
-    <pre class="programlisting">
-    <xsl:text>#define </xsl:text>
-    <a href="#{$name}"><xsl:value-of select="$name"/></a>
-    <xsl:if test="arg">
-      <xsl:text>(</xsl:text>
-      <xsl:for-each select="arg">
-        <xsl:value-of select="@name"/>
-	<xsl:if test="position() != last()">
-	  <xsl:text>, </xsl:text>
-	</xsl:if>
-      </xsl:for-each>
-      <xsl:text>)</xsl:text>
-    </xsl:if>
-    <xsl:text>;
-</xsl:text>
-    </pre>
-    <p>
-    <xsl:call-template name="dumptext">
-      <xsl:with-param name="text" select="info"/>
-    </xsl:call-template>
-    </p>
-    <xsl:if test="arg">
-      <div class="variablelist"><table border="0"><col align="left"/><tbody>
-      <xsl:for-each select="arg">
-        <tr>
-          <td><span class="term"><i><tt><xsl:value-of select="@name"/></tt></i>:</span></td>
-	  <td>
-	    <xsl:call-template name="dumptext">
-	      <xsl:with-param name="text" select="@info"/>
-	    </xsl:call-template>
-	  </td>
-        </tr>
-      </xsl:for-each>
-      </tbody></table></div>
-    </xsl:if>
-    <xsl:text>
-</xsl:text>
-    </div><hr/>
-  </xsl:template>
-
-  <xsl:template mode="details" match="function">
-    <xsl:variable name="name" select="string(@name)"/>
-    <xsl:variable name="nlen" select="string-length($name)"/>
-    <xsl:variable name="tlen" select="string-length(return/@type)"/>
-    <xsl:variable name="blen" select="(($nlen + 8) - (($nlen + 8) mod 8)) + (($tlen + 8) - (($tlen + 8) mod 8))"/>
-    <div class="refsect2" lang="en">
-    <h3><a name="{$name}"></a><xsl:value-of select="$name"/> ()</h3>
-    <pre class="programlisting">
-    <xsl:call-template name="dumptext">
-      <xsl:with-param name="text" select="return/@type"/>
-    </xsl:call-template>
-    <xsl:text>&#9;</xsl:text>
-    <xsl:value-of select="@name"/>
-    <xsl:if test="$blen - 40 &lt; -8">
-      <xsl:text>&#9;</xsl:text>
-    </xsl:if>
-    <xsl:if test="$blen - 40 &lt; 0">
-      <xsl:text>&#9;</xsl:text>
-    </xsl:if>
-    <xsl:text>&#9;(</xsl:text>
-    <xsl:if test="not(arg)">
-      <xsl:text>void</xsl:text>
-    </xsl:if>
-    <xsl:for-each select="arg">
-      <xsl:call-template name="dumptext">
-        <xsl:with-param name="text" select="@type"/>
-      </xsl:call-template>
-      <xsl:text> </xsl:text>
-      <xsl:value-of select="@name"/>
-      <xsl:if test="position() != last()">
-        <xsl:text>, </xsl:text><br/>
-	<xsl:if test="$blen - 40 &gt; 8">
-	  <xsl:text>&#9;</xsl:text>
-	</xsl:if>
-	<xsl:if test="$blen - 40 &gt; 0">
-	  <xsl:text>&#9;</xsl:text>
-	</xsl:if>
-	<xsl:text>&#9;&#9;&#9;&#9;&#9; </xsl:text>
-      </xsl:if>
-    </xsl:for-each>
-    <xsl:text>)</xsl:text><br/>
-    <xsl:text>
-</xsl:text>
-    </pre>
-    <p>
-    <xsl:call-template name="dumptext">
-      <xsl:with-param name="text" select="info"/>
-    </xsl:call-template>
-    </p><xsl:text>
-</xsl:text>
-    <xsl:if test="arg | return/@info">
-      <div class="variablelist"><table border="0"><col align="left"/><tbody>
-      <xsl:for-each select="arg">
-        <tr>
-          <td><span class="term"><i><tt><xsl:value-of select="@name"/></tt></i>:</span></td>
-	  <td>
-	    <xsl:call-template name="dumptext">
-	      <xsl:with-param name="text" select="@info"/>
-	    </xsl:call-template>
-	  </td>
-        </tr>
-      </xsl:for-each>
-      <xsl:if test="return/@info">
-        <tr>
-          <td><span class="term"><i><tt>Returns</tt></i>:</span></td>
-	  <td>
-	    <xsl:call-template name="dumptext">
-	      <xsl:with-param name="text" select="return/@info"/>
-	    </xsl:call-template>
-	  </td>
-        </tr>
-      </xsl:if>
-      </tbody></table></div>
-    </xsl:if>
-    </div><hr/>
-  </xsl:template>
-
-  <xsl:template mode="details" match="functype">
-    <xsl:variable name="name" select="string(@name)"/>
-    <xsl:variable name="nlen" select="string-length($name)"/>
-    <xsl:variable name="tlen" select="string-length(return/@type)"/>
-    <xsl:variable name="blen" select="(($nlen + 8) - (($nlen + 8) mod 8)) + (($tlen + 8) - (($tlen + 8) mod 8))"/>
-    <div class="refsect2" lang="en">
-    <h3><a name="{$name}"></a>Function type <xsl:value-of select="$name"/> </h3>
-    <pre class="programlisting">
-    <xsl:call-template name="dumptext">
-      <xsl:with-param name="text" select="return/@type"/>
-    </xsl:call-template>
-    <xsl:text>&#9;</xsl:text>
-    <xsl:value-of select="@name"/>
-    <xsl:if test="$blen - 40 &lt; -8">
-      <xsl:text>&#9;</xsl:text>
-    </xsl:if>
-    <xsl:if test="$blen - 40 &lt; 0">
-      <xsl:text>&#9;</xsl:text>
-    </xsl:if>
-    <xsl:text>&#9;(</xsl:text>
-    <xsl:if test="not(arg)">
-      <xsl:text>void</xsl:text>
-    </xsl:if>
-    <xsl:for-each select="arg">
-      <xsl:call-template name="dumptext">
-        <xsl:with-param name="text" select="@type"/>
-      </xsl:call-template>
-      <xsl:text> </xsl:text>
-      <xsl:value-of select="@name"/>
-      <xsl:if test="position() != last()">
-        <xsl:text>, </xsl:text><br/>
-	<xsl:if test="$blen - 40 &gt; 8">
-	  <xsl:text>&#9;</xsl:text>
-	</xsl:if>
-	<xsl:if test="$blen - 40 &gt; 0">
-	  <xsl:text>&#9;</xsl:text>
-	</xsl:if>
-	<xsl:text>&#9;&#9;&#9;&#9;&#9; </xsl:text>
-      </xsl:if>
-    </xsl:for-each>
-    <xsl:text>)</xsl:text><br/>
-    <xsl:text>
-</xsl:text>
-    </pre>
-    <p>
-    <xsl:call-template name="dumptext">
-      <xsl:with-param name="text" select="info"/>
-    </xsl:call-template>
-    </p><xsl:text>
-</xsl:text>
-    <xsl:if test="arg | return/@info">
-      <div class="variablelist"><table border="0"><col align="left"/><tbody>
-      <xsl:for-each select="arg">
-        <tr>
-          <td><span class="term"><i><tt><xsl:value-of select="@name"/></tt></i>:</span></td>
-	  <td>
-	    <xsl:call-template name="dumptext">
-	      <xsl:with-param name="text" select="@info"/>
-	    </xsl:call-template>
-	  </td>
-        </tr>
-      </xsl:for-each>
-      <xsl:if test="return/@info">
-        <tr>
-          <td><span class="term"><i><tt>Returns</tt></i>:</span></td>
-	  <td>
-	    <xsl:call-template name="dumptext">
-	      <xsl:with-param name="text" select="return/@info"/>
-	    </xsl:call-template>
-	  </td>
-        </tr>
-      </xsl:if>
-      </tbody></table></div>
-    </xsl:if>
-    </div><hr/>
-  </xsl:template>
-
-<!--
-
-             The following builds the general.html page
-
--->
-  <xsl:template name="generate_general">
-    <xsl:variable name="next" select="string(/api/files/file[position()=1]/@name)"/>
-    <xsl:document xmlns="" href="general.html" method="xml" indent="yes" encoding="UTF-8">
-      <html>
-        <head>
-	  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
-	  <title><xsl:value-of select="concat(@name, ': ', summary)"/></title>
-	  <meta name="generator" content="Libvirt devhelp stylesheet"/>
-	  <link rel="start" href="index.html" title="libvirt Reference Manual"/>
-	  <link rel="up" href="index.html" title="libvirt Reference Manual"/>
-	  <link rel="stylesheet" href="style.css" type="text/css"/>
-	  <link rel="chapter" href="index.html" title="libvirt Reference Manual"/>
-        </head>
-	<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
-
-          <table class="navigation" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2">
-	    <tr valign="middle">
-              <td><a accesskey="u" href="index.html"><img src="up.png" width="24" height="24" border="0" alt="Up"/></a></td>
-              <td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"/></a></td>
-	      <xsl:if test="$next != ''">
-		<td><a accesskey="n" href="libvirt-{$next}.html"><img src="right.png" width="24" height="24" border="0" alt="Next"/></a></td>
-	      </xsl:if>
-              <th width="100%" align="center">libvirt Reference Manual</th>
-            </tr>
-	  </table>
-	  <h2><span class="refentrytitle">libvirt API Modules</span></h2>
-	  <p>
-	  <xsl:for-each select="/api/files/file">
-	    <a href="libvirt-{@name}.html"><xsl:value-of select="@name"/></a> - <xsl:value-of select="summary"/><br/>
-	  </xsl:for-each>
-	  </p>
-	</body>
-      </html>
-    </xsl:document>
-  </xsl:template>
-
-<!--
-
-             The following builds the index.html page
-
--->
-  <xsl:template name="generate_index">
-    <xsl:document xmlns="" href="index.html" method="xml" indent="yes" encoding="UTF-8">
-      <html>
-        <head>
-	  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
-	  <title>libvirt Reference Manual</title>
-	  <meta name="generator" content="Libvirt devhelp stylesheet"/>
-	  <link rel="stylesheet" href="style.css" type="text/css"/>
-        </head>
-	<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
-
-          <table class="navigation" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2">
-	    <tr valign="middle">
-              <td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"/></a></td>
-	      <td><a accesskey="n" href="general.html"><img src="right.png" width="24" height="24" border="0" alt="Next"/></a></td>
-              <th width="100%" align="center">libvirt Reference Manual</th>
-            </tr>
-	  </table>
-	  <h2><span class="refentrytitle">libvirt Reference Manual</span></h2>
-<p>Libvir is a C toolkit to interact with the virtualization capabilities of
-recent versions of Linux (and other OSes). It is free software available
-under the <a href="http://www.opensource.org/licenses/lgpl-license.html">GNU
-Lesser General Public License</a>. Virtualization of the Linux Operating
-System means the ability to run multiple instances of Operating Systems
-concurrently on a single hardware system where the basic resources are driven
-by a Linux instance. The library aim at providing long term stable C API
-initially for the <a href="http://www.cl.cam.ac.uk/Research/SRG/netos/xen/index.html">Xen
-paravirtualization</a> but should be able to integrate other virtualization
-mechanisms if needed.</p>
-	</body>
-      </html>
-    </xsl:document>
-  </xsl:template>
-
-</xsl:stylesheet>

docs/devhelp/style.css

@@ -1,66 +0,0 @@
-.synopsis, .classsynopsis
-{
-  background: #eeeeee;
-  border: solid 1px #aaaaaa;
-  padding: 0.5em;
-}
-.programlisting
-{
-  background: #eeeeff;
-  border: solid 1px #aaaaff;
-  padding: 0.5em;
-}
-.variablelist
-{
-  padding: 4px;
-  margin-left: 3em;
-}
-.variablelist td:first-child
-{
-  vertical-align: top;
-}
-table.navigation
-{
-  background: #ffeeee;
-  border: solid 1px #ffaaaa;
-  margin-top: 0.5em;
-  margin-bottom: 0.5em;
-}
-.navigation a
-{
-  color: #770000;
-}
-.navigation a:visited
-{
-  color: #550000;
-}
-.navigation .title
-{
-  font-size: 200%;
-}
-div.refnamediv
-{
-  margin-top: 2em;
-}
-div.gallery-float
-{
-  float: left;
-  padding: 10px;
-}
-div.gallery-float img
-{
-  border-style: none;
-}
-div.gallery-spacer
-{
-  clear: both;
-}
-a
-{
-  text-decoration: none;
-}
-a:hover
-{
-  text-decoration: underline;
-  color: #FF0000;
-}

docs/docs.html.in

@@ -9,15 +9,24 @@
         <dt><a href="apps.html">Applications</a></dt>
         <dd>Applications known to use libvirt</dd>
 
+        <dt><a href="manpages/index.html">Manual pages</a></dt>
+        <dd>Manual pages for libvirt tools / daemons</dd>
+
         <dt><a href="windows.html">Windows</a></dt>
         <dd>Downloads for Windows</dd>
 
         <dt><a href="migration.html">Migration</a></dt>
         <dd>Migrating guests between machines</dd>
 
+        <dt><a href="daemons.html">Daemons</a></dt>
+        <dd>Overview of the daemons provided by libvirt</dd>
+
         <dt><a href="remote.html">Remote access</a></dt>
         <dd>Enable remote access over TCP</dd>
 
+        <dt><a href="tlscerts.html">TLS certs</a></dt>
+        <dd>Generate and deploy x509 certificates for TLS</dd>
+
         <dt><a href="auth.html">Authentication</a></dt>
         <dd>Configure authentication for the libvirt daemon</dd>
 
@@ -48,11 +57,27 @@
     <div class="panel">
       <h2>Application development</h2>
       <dl>
-        <dt><a href="devguide.html">Development Guide</a></dt>
-        <dd>A guide and reference for developing with libvirt</dd>
-
-        <dt><a href="virshcmdref.html">Virsh Commands</a></dt>
-        <dd>Command reference for virsh</dd>
+        <dt><a href="html/index.html">API reference</a></dt>
+        <dd>Reference manual for the C public API, split in
+          <a href="html/libvirt-libvirt-common.html">common</a>,
+          <a href="html/libvirt-libvirt-domain.html">domain</a>,
+          <a href="html/libvirt-libvirt-domain-checkpoint.html">domain checkpoint</a>,
+          <a href="html/libvirt-libvirt-domain-snapshot.html">domain snapshot</a>,
+          <a href="html/libvirt-virterror.html">error</a>,
+          <a href="html/libvirt-libvirt-event.html">event</a>,
+          <a href="html/libvirt-libvirt-host.html">host</a>,
+          <a href="html/libvirt-libvirt-interface.html">interface</a>,
+          <a href="html/libvirt-libvirt-network.html">network</a>,
+          <a href="html/libvirt-libvirt-nodedev.html">node device</a>,
+          <a href="html/libvirt-libvirt-nwfilter.html">network filter</a>,
+          <a href="html/libvirt-libvirt-secret.html">secret</a>,
+          <a href="html/libvirt-libvirt-storage.html">storage</a>,
+          <a href="html/libvirt-libvirt-stream.html">stream</a>
+          and
+          <a href="html/index-admin.html">admin</a>,
+          <a href="html/index-qemu.html">QEMU</a>,
+          <a href="html/index-lxc.html">LXC</a> libs
+        </dd>
 
         <dt><a href="bindings.html">Language bindings and API modules</a></dt>
         <dd>Bindings of the libvirt API for
@@ -82,7 +107,8 @@
           <a href="formatnode.html">node devices</a>,
           <a href="formatsecret.html">secrets</a>,
           <a href="formatsnapshot.html">snapshots</a>,
-          <a href="formatcheckpoint.html">checkpoints</a></dd>
+          <a href="formatcheckpoint.html">checkpoints</a>,
+          <a href="formatbackup.html">backup jobs</a></dd>
 
         <dt><a href="uri.html">URI format</a></dt>
         <dd>The URI formats used for connecting to libvirt</dd>
@@ -90,24 +116,6 @@
         <dt><a href="cgroups.html">CGroups</a></dt>
         <dd>Control groups integration</dd>
 
-        <dt><a href="html/index.html">API reference</a></dt>
-        <dd>Reference manual for the C public API, split in
-          <a href="html/libvirt-libvirt-common.html">common</a>,
-          <a href="html/libvirt-libvirt-domain.html">domain</a>,
-          <a href="html/libvirt-libvirt-domain-checkpoint.html">domain checkpoint</a>,
-          <a href="html/libvirt-libvirt-domain-snapshot.html">domain snapshot</a>,
-          <a href="html/libvirt-virterror.html">error</a>,
-          <a href="html/libvirt-libvirt-event.html">event</a>,
-          <a href="html/libvirt-libvirt-host.html">host</a>,
-          <a href="html/libvirt-libvirt-interface.html">interface</a>,
-          <a href="html/libvirt-libvirt-network.html">network</a>,
-          <a href="html/libvirt-libvirt-nodedev.html">node device</a>,
-          <a href="html/libvirt-libvirt-nwfilter.html">network filter</a>,
-          <a href="html/libvirt-libvirt-secret.html">secret</a>,
-          <a href="html/libvirt-libvirt-storage.html">storage</a>,
-          <a href="html/libvirt-libvirt-stream.html">stream</a>
-        </dd>
-
         <dt><a href="drivers.html">Drivers</a></dt>
         <dd>Hypervisor specific driver information</dd>
 
@@ -128,6 +136,12 @@
         <dt><a href="hacking.html">Contributor guidelines</a></dt>
         <dd>General hacking guidelines for contributors</dd>
 
+        <dt><a href="styleguide.html">Docs style guide</a></dt>
+        <dd>Style guidelines for reStructuredText docs</dd>
+
+        <dt><a href="strategy.html">Project strategy</a></dt>
+        <dd>Sets a vision for future direction &amp; technical choices</dd>
+
         <dt><a href="bugs.html">Bug reports</a></dt>
         <dd>How and where to report bugs and request features</dd>
 
@@ -155,12 +169,12 @@
         <dt><a href="internals/locking.html">Lock managers</a></dt>
         <dd>Use lock managers to protect disk content</dd>
 
-        <dt><a href="internals/oomtesting.html">Out of memory testing</a></dt>
-        <dd>Simulating OOM conditions in the test suite</dd>
-
         <dt><a href="testsuites.html">Functional testing</a></dt>
         <dd>Testing libvirt with <a href="testtck.html">TCK test suite</a> and
          <a href="testapi.html">Libvirt-test-API</a></dd>
+
+        <dt><a href="newreposetup.html">New repo setup</a></dt>
+        <dd>Procedure for configuring new git repositories for libvirt</dd>
       </dl>
     </div>
 

docs/downloads.html.in

@@ -19,6 +19,7 @@
           <th>Module</th>
           <th>Releases</th>
           <th>GIT Repo</th>
+          <th>Bug Tracker</th>
           <th>GIT Mirrors</th>
           <th>Resources</th>
         </tr>
@@ -30,10 +31,13 @@
             <a href="https://libvirt.org/sources/">libvirt</a>
           </td>
           <td>
-            <a href="https://libvirt.org/git/?p=libvirt.git;a=summary">libvirt</a>
+            <a href="https://gitlab.com/libvirt/libvirt">gitlab</a>
           </td>
           <td>
-            <a href="https://gitlab.com/libvirt/libvirt">gitlab</a>
+            <a href="https://gitlab.com/libvirt/libvirt/-/issues">issues</a>
+          </td>
+          <td class="gitmirror">
+            <a href="https://libvirt.org/git/?p=libvirt.git;a=summary">libvirt</a>
             <a href="https://github.com/libvirt/libvirt">github</a>
           </td>
           <td>
@@ -50,10 +54,13 @@
             <a href="https://libvirt.org/sources/csharp/">libvirt</a>
           </td>
           <td>
-            <a href="https://libvirt.org/git/?p=libvirt-csharp.git;a=summary">libvirt</a>
+            <a href="https://gitlab.com/libvirt/libvirt-csharp">gitlab</a>
           </td>
           <td>
-            <a href="https://gitlab.com/libvirt/libvirt-csharp">gitlab</a>
+            <a href="https://gitlab.com/libvirt/libvirt-csharp/-/issues">issues</a>
+          </td>
+          <td class="gitmirror">
+            <a href="https://libvirt.org/git/?p=libvirt-csharp.git;a=summary">libvirt</a>
             <a href="https://github.com/libvirt/libvirt-csharp">github</a>
           </td>
           <td></td>
@@ -61,17 +68,20 @@
         <tr>
           <td>Go</td>
           <td>
-            <a href="https://libvirt.org/sources/go/">libvirt</a>
-          </td>
-          <td>
-            <a href="https://libvirt.org/git/?p=libvirt-go.git;a=summary">libvirt</a>
+            <a href="https://libvirt.org/libvirt-go">libvirt</a>
           </td>
           <td>
             <a href="https://gitlab.com/libvirt/libvirt-go">gitlab</a>
+          </td>
+          <td>
+            <a href="https://gitlab.com/libvirt/libvirt-go/-/issues">issues</a>
+          </td>
+          <td class="gitmirror">
+            <a href="https://libvirt.org/git/?p=libvirt-go.git;a=summary">libvirt</a>
             <a href="https://github.com/libvirt/libvirt-go">github</a>
           </td>
           <td>
-            <a href="https://godoc.org/github.com/libvirt/libvirt-go">api ref</a>
+            <a href="https://godoc.org/libvirt.org/libvirt-go">api ref</a>
           </td>
         </tr>
         <tr>
@@ -80,10 +90,13 @@
             <a href="https://libvirt.org/sources/java/">libvirt</a>
           </td>
           <td>
-            <a href="https://libvirt.org/git/?p=libvirt-java.git;a=summary">libvirt</a>
+            <a href="https://gitlab.com/libvirt/libvirt-java">gitlab</a>
           </td>
           <td>
-            <a href="https://gitlab.com/libvirt/libvirt-java">gitlab</a>
+            <a href="https://gitlab.com/libvirt/libvirt-java/-/issues">issues</a>
+          </td>
+          <td class="gitmirror">
+            <a href="https://libvirt.org/git/?p=libvirt-java.git;a=summary">libvirt</a>
             <a href="https://github.com/libvirt/libvirt-java">github</a>
           </td>
           <td></td>
@@ -94,10 +107,13 @@
             <a href="https://libvirt.org/sources/ocaml/">libvirt</a>
           </td>
           <td>
-            <a href="https://libvirt.org/git/?p=libvirt-ocaml.git;a=summary">libvirt</a>
+            <a href="https://gitlab.com/libvirt/libvirt-ocaml">gitlab</a>
           </td>
           <td>
-            <a href="https://gitlab.com/libvirt/libvirt-ocaml">gitlab</a>
+            <a href="https://gitlab.com/libvirt/libvirt-ocaml/-/issues">issues</a>
+          </td>
+          <td class="gitmirror">
+            <a href="https://libvirt.org/git/?p=libvirt-ocaml.git;a=summary">libvirt</a>
             <a href="https://github.com/libvirt/libvirt-ocaml">github</a>
           </td>
           <td></td>
@@ -108,10 +124,13 @@
             <a href="https://metacpan.org/release/Sys-Virt/">cpan</a>
           </td>
           <td>
-            <a href="https://libvirt.org/git/?p=libvirt-perl.git;a=summary">libvirt</a>
+            <a href="https://gitlab.com/libvirt/libvirt-perl">gitlab</a>
           </td>
           <td>
-            <a href="https://gitlab.com/libvirt/libvirt-perl">gitlab</a>
+            <a href="https://gitlab.com/libvirt/libvirt-perl/-/issues">issues</a>
+          </td>
+          <td class="gitmirror">
+            <a href="https://libvirt.org/git/?p=libvirt-perl.git;a=summary">libvirt</a>
             <a href="https://github.com/libvirt/libvirt-perl">github</a>
           </td>
           <td>
@@ -125,10 +144,13 @@
             <a href="https://libvirt.org/sources/php/">libvirt</a>
           </td>
           <td>
-            <a href="https://libvirt.org/git/?p=libvirt-php.git;a=summary">libvirt</a>
+            <a href="https://gitlab.com/libvirt/libvirt-php">gitlab</a>
           </td>
           <td>
-            <a href="https://gitlab.com/libvirt/libvirt-php">gitlab</a>
+            <a href="https://gitlab.com/libvirt/libvirt-php/-/issues">issues</a>
+          </td>
+          <td class="gitmirror">
+            <a href="https://libvirt.org/git/?p=libvirt-php.git;a=summary">libvirt</a>
             <a href="https://github.com/libvirt/libvirt-php">github</a>
           </td>
           <td></td>
@@ -140,10 +162,13 @@
             <a href="https://pypi.python.org/pypi/libvirt-python">pypi</a>
           </td>
           <td>
-            <a href="https://libvirt.org/git/?p=libvirt-python.git;a=summary">libvirt</a>
+            <a href="https://gitlab.com/libvirt/libvirt-python">gitlab</a>
           </td>
           <td>
-            <a href="https://gitlab.com/libvirt/libvirt-python">gitlab</a>
+            <a href="https://gitlab.com/libvirt/libvirt-python/-/issues">issues</a>
+          </td>
+          <td class="gitmirror">
+            <a href="https://libvirt.org/git/?p=libvirt-python.git;a=summary">libvirt</a>
             <a href="https://github.com/libvirt/libvirt-python">github</a>
           </td>
           <td></td>
@@ -154,10 +179,13 @@
             <a href="https://libvirt.org/sources/ruby/">libvirt</a>
           </td>
           <td>
-            <a href="https://libvirt.org/git/?p=ruby-libvirt.git;a=summary">libvirt</a>
+            <a href="https://gitlab.com/libvirt/ruby-libvirt">gitlab</a>
           </td>
           <td>
-            <a href="https://gitlab.com/libvirt/ruby-libvirt">gitlab</a>
+            <a href="https://gitlab.com/libvirt/ruby-libvirt/-/issues">issues</a>
+          </td>
+          <td class="gitmirror">
+            <a href="https://libvirt.org/git/?p=ruby-libvirt.git;a=summary">libvirt</a>
             <a href="https://github.com/libvirt/ruby-libvirt">github</a>
           </td>
           <td></td>
@@ -165,16 +193,21 @@
         <tr>
           <td>Rust</td>
           <td>
-            <a href="https://libvirt.org/sources/rust/">libvirt</a>
-          </td>
-          <td>
-            <a href="https://libvirt.org/git/?p=libvirt-rust.git;a=summary">libvirt</a>
+            <a href="https://crates.io/crates/virt">crates.io</a>
           </td>
           <td>
             <a href="https://gitlab.com/libvirt/libvirt-rust">gitlab</a>
+          </td>
+          <td>
+            <a href="https://gitlab.com/libvirt/libvirt-rust/-/issues">issues</a>
+          </td>
+          <td class="gitmirror">
+            <a href="https://libvirt.org/git/?p=libvirt-rust.git;a=summary">libvirt</a>
             <a href="https://github.com/libvirt/libvirt-rust">github</a>
           </td>
-          <td></td>
+          <td>
+            <a href="https://docs.rs/virt">api ref</a>
+          </td>
         </tr>
         <tr>
           <th colspan="7">Integration modules</th>
@@ -185,10 +218,13 @@
             <a href="https://libvirt.org/sources/glib/">libvirt</a>
           </td>
           <td>
-            <a href="https://libvirt.org/git/?p=libvirt-glib.git;a=summary">libvirt</a>
+            <a href="https://gitlab.com/libvirt/libvirt-glib">gitlab</a>
           </td>
           <td>
-            <a href="https://gitlab.com/libvirt/libvirt-glib">gitlab</a>
+            <a href="https://gitlab.com/libvirt/libvirt-glib/-/issues">issues</a>
+          </td>
+          <td class="gitmirror">
+            <a href="https://libvirt.org/git/?p=libvirt-glib.git;a=summary">libvirt</a>
             <a href="https://github.com/libvirt/libvirt-glib">github</a>
           </td>
           <td></td>
@@ -196,17 +232,20 @@
         <tr>
           <td>Go XML</td>
           <td>
-            <a href="https://libvirt.org/sources/go/">libvirt</a>
-          </td>
-          <td>
-            <a href="https://libvirt.org/git/?p=libvirt-go-xml.git;a=summary">libvirt</a>
+            <a href="https://libvirt.org/libvirt-go-xml">libvirt</a>
           </td>
           <td>
             <a href="https://gitlab.com/libvirt/libvirt-go-xml">gitlab</a>
+          </td>
+          <td>
+            <a href="https://gitlab.com/libvirt/libvirt-go-xml/-/issues">issues</a>
+          </td>
+          <td class="gitmirror">
+            <a href="https://libvirt.org/git/?p=libvirt-go-xml.git;a=summary">libvirt</a>
             <a href="https://github.com/libvirt/libvirt-go-xml">github</a>
           </td>
           <td>
-            <a href="https://godoc.org/github.com/libvirt/libvirt-go-xml">api ref</a>
+            <a href="https://godoc.org/libvirt.org/libvirt-go-xml">api ref</a>
           </td>
         </tr>
         <tr>
@@ -215,10 +254,13 @@
             <a href="https://libvirt.org/sources/dbus/">libvirt</a>
           </td>
           <td>
-            <a href="https://libvirt.org/git/?p=libvirt-dbus.git;a=summary">libvirt</a>
+            <a href="https://gitlab.com/libvirt/libvirt-dbus">gitlab</a>
           </td>
           <td>
-            <a href="https://gitlab.com/libvirt/libvirt-dbus">gitlab</a>
+            <a href="https://gitlab.com/libvirt/libvirt-dbus/-/issues">issues</a>
+          </td>
+          <td class="gitmirror">
+            <a href="https://libvirt.org/git/?p=libvirt-dbus.git;a=summary">libvirt</a>
             <a href="https://github.com/libvirt/libvirt-dbus">github</a>
           </td>
           <td></td>
@@ -229,10 +271,13 @@
             <a href="https://libvirt.org/sources/consoleproxy/">libvirt</a>
           </td>
           <td>
-            <a href="https://libvirt.org/git/?p=libvirt-console-proxy.git;a=summary">libvirt</a>
+            <a href="https://gitlab.com/libvirt/libvirt-console-proxy">gitlab</a>
           </td>
           <td>
-            <a href="https://gitlab.com/libvirt/libvirt-console-proxy">gitlab</a>
+            <a href="https://gitlab.com/libvirt/libvirt-console-proxy/-/issues">issues</a>
+          </td>
+          <td class="gitmirror">
+            <a href="https://libvirt.org/git/?p=libvirt-console-proxy.git;a=summary">libvirt</a>
             <a href="https://github.com/libvirt/libvirt-console-proxy">github</a>
           </td>
           <td></td>
@@ -243,10 +288,13 @@
             <a href="https://libvirt.org/sources/CIM/">libvirt</a>
           </td>
           <td>
-            <a href="https://libvirt.org/git/?p=libvirt-cim.git;a=summary">libvirt</a>
+            <a href="https://gitlab.com/libvirt/libvirt-cim">gitlab</a>
           </td>
           <td>
-            <a href="https://gitlab.com/libvirt/libvirt-cim">gitlab</a>
+            <a href="https://gitlab.com/libvirt/libvirt-cim/-/issues">issues</a>
+          </td>
+          <td class="gitmirror">
+            <a href="https://libvirt.org/git/?p=libvirt-cim.git;a=summary">libvirt</a>
             <a href="https://github.com/libvirt/libvirt-cim">github</a>
           </td>
           <td></td>
@@ -257,10 +305,13 @@
             <a href="https://libvirt.org/sources/CIM/">libvirt</a>
           </td>
           <td>
-            <a href="https://libvirt.org/git/?p=libcmpiutil.git;a=summary">libvirt</a>
+            <a href="https://gitlab.com/libvirt/libcmpiutil">gitlab</a>
           </td>
           <td>
-            <a href="https://gitlab.com/libvirt/libcmpiutil">gitlab</a>
+            <a href="https://gitlab.com/libvirt/libcmpiutil/-/issues">issues</a>
+          </td>
+          <td class="gitmirror">
+            <a href="https://libvirt.org/git/?p=libcmpiutil.git;a=summary">libvirt</a>
             <a href="https://github.com/libvirt/libcmpiutil">github</a>
           </td>
           <td></td>
@@ -271,10 +322,13 @@
             <a href="https://libvirt.org/sources/snmp/">libvirt</a>
           </td>
           <td>
-            <a href="https://libvirt.org/git/?p=libvirt-snmp.git;a=summary">libvirt</a>
+            <a href="https://gitlab.com/libvirt/libvirt-snmp">gitlab</a>
           </td>
           <td>
-            <a href="https://gitlab.com/libvirt/libvirt-snmp">gitlab</a>
+            <a href="https://gitlab.com/libvirt/libvirt-snmp/-/issues">issues</a>
+          </td>
+          <td class="gitmirror">
+            <a href="https://libvirt.org/git/?p=libvirt-snmp.git;a=summary">libvirt</a>
             <a href="https://github.com/libvirt/libvirt-snmp">github</a>
           </td>
           <td></td>
@@ -285,10 +339,13 @@
             <a href="https://libvirt.org/sources/sandbox/">libvirt</a>
           </td>
           <td>
-            <a href="https://libvirt.org/git/?p=libvirt-sandbox.git;a=summary">libvirt</a>
+            <a href="https://gitlab.com/libvirt/libvirt-sandbox">gitlab</a>
           </td>
           <td>
-            <a href="https://gitlab.com/libvirt/libvirt-sandbox">gitlab</a>
+            <a href="https://gitlab.com/libvirt/libvirt-sandbox/-/issues">issues</a>
+          </td>
+          <td class="gitmirror">
+            <a href="https://libvirt.org/git/?p=libvirt-sandbox.git;a=summary">libvirt</a>
             <a href="https://github.com/libvirt/libvirt-sandbox">github</a>
           </td>
           <td></td>
@@ -302,10 +359,13 @@
             <a href="https://libvirt.org/sources/tck/">libvirt</a>
           </td>
           <td>
-            <a href="https://libvirt.org/git/?p=libvirt-tck.git;a=summary">libvirt</a>
+            <a href="https://gitlab.com/libvirt/libvirt-tck">gitlab</a>
           </td>
           <td>
-            <a href="https://gitlab.com/libvirt/libvirt-tck">gitlab</a>
+            <a href="https://gitlab.com/libvirt/libvirt-tck/-/issues">issues</a>
+          </td>
+          <td class="gitmirror">
+            <a href="https://libvirt.org/git/?p=libvirt-tck.git;a=summary">libvirt</a>
             <a href="https://github.com/libvirt/libvirt-tck">github</a>
           </td>
           <td></td>
@@ -314,23 +374,29 @@
           <td>Test API</td>
           <td></td>
           <td>
-            <a href="https://libvirt.org/git/?p=libvirt-test-API.git;a=summary">libvirt</a>
+            <a href="https://gitlab.com/libvirt/libvirt-test-API">gitlab</a>
           </td>
           <td>
-            <a href="https://gitlab.com/libvirt/libvirt-test-API">gitlab</a>
+            <a href="https://gitlab.com/libvirt/libvirt-test-API/-/issues">issues</a>
+          </td>
+          <td class="gitmirror">
+            <a href="https://libvirt.org/git/?p=libvirt-test-API.git;a=summary">libvirt</a>
             <a href="https://github.com/libvirt/libvirt-test-API">github</a>
           </td>
           <td></td>
         </tr>
         <tr>
-          <td>Jenkins Config</td>
+          <td>Continuous Integration Config</td>
           <td></td>
           <td>
-            <a href="https://libvirt.org/git/?p=libvirt-jenkins-ci.git;a=summary">libvirt</a>
+            <a href="https://gitlab.com/libvirt/libvirt-ci">gitlab</a>
           </td>
           <td>
-            <a href="https://gitlab.com/libvirt/libvirt-jenkins-ci">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-jenkins-ci">github</a>
+            <a href="https://gitlab.com/libvirt/libvirt-ci/-/issues">issues</a>
+          </td>
+          <td class="gitmirror">
+            <a href="https://libvirt.org/git/?p=libvirt-ci.git;a=summary">libvirt</a>
+            <a href="https://github.com/libvirt/libvirt-ci">github</a>
           </td>
           <td></td>
         </tr>
@@ -338,10 +404,13 @@
           <td>CIM Test</td>
           <td></td>
           <td>
-            <a href="https://libvirt.org/git/?p=cimtest.git;a=summary">libvirt</a>
+            <a href="https://gitlab.com/libvirt/cimtest">gitlab</a>
           </td>
           <td>
-            <a href="https://gitlab.com/libvirt/cimtest">gitlab</a>
+            <a href="https://gitlab.com/libvirt/cimtest/-/issues">issues</a>
+          </td>
+          <td class="gitmirror">
+            <a href="https://libvirt.org/git/?p=cimtest.git;a=summary">libvirt</a>
             <a href="https://github.com/libvirt/cimtest">github</a>
           </td>
           <td></td>
@@ -353,10 +422,13 @@
           <td>Publican Brand</td>
           <td></td>
           <td>
-            <a href="https://libvirt.org/git/?p=libvirt-publican.git;a=summary">libvirt</a>
+            <a href="https://gitlab.com/libvirt/libvirt-publican">gitlab</a>
           </td>
           <td>
-            <a href="https://gitlab.com/libvirt/libvirt-publican">gitlab</a>
+            <a href="https://gitlab.com/libvirt/libvirt-publican/-/issues">issues</a>
+          </td>
+          <td class="gitmirror">
+            <a href="https://libvirt.org/git/?p=libvirt-publican.git;a=summary">libvirt</a>
             <a href="https://github.com/libvirt/libvirt-publican">github</a>
           </td>
           <td></td>
@@ -365,10 +437,13 @@
           <td>App Development Guide</td>
           <td></td>
           <td>
-            <a href="https://libvirt.org/git/?p=libvirt-appdev-guide.git;a=summary">libvirt</a>
+            <a href="https://gitlab.com/libvirt/libvirt-appdev-guide">gitlab</a>
           </td>
           <td>
-            <a href="https://gitlab.com/libvirt/libvirt-appdev-guide">gitlab</a>
+            <a href="https://gitlab.com/libvirt/libvirt-appdev-guide/-/issues">issues</a>
+          </td>
+          <td class="gitmirror">
+            <a href="https://libvirt.org/git/?p=libvirt-appdev-guide.git;a=summary">libvirt</a>
             <a href="https://github.com/libvirt/libvirt-appdev-guide">github</a>
           </td>
           <td></td>
@@ -377,10 +452,13 @@
           <td>App Development Guide Python</td>
           <td></td>
           <td>
-            <a href="https://libvirt.org/git/?p=libvirt-appdev-guide-python.git;a=summary">libvirt</a>
+            <a href="https://gitlab.com/libvirt/libvirt-appdev-guide-python">gitlab</a>
           </td>
           <td>
-            <a href="https://gitlab.com/libvirt/libvirt-appdev-guide-python">gitlab</a>
+            <a href="https://gitlab.com/libvirt/libvirt-appdev-guide-python/-/issues">issues</a>
+          </td>
+          <td class="gitmirror">
+            <a href="https://libvirt.org/git/?p=libvirt-appdev-guide-python.git;a=summary">libvirt</a>
             <a href="https://github.com/libvirt/libvirt-appdev-guide-python">github</a>
           </td>
           <td></td>
@@ -389,10 +467,13 @@
           <td>virsh Command Reference</td>
           <td></td>
           <td>
-            <a href="https://libvirt.org/git/?p=libvirt-virshcmdref.git;a=summary">libvirt</a>
+            <a href="https://gitlab.com/libvirt/libvirt-virshcmdref">gitlab</a>
           </td>
           <td>
-            <a href="https://gitlab.com/libvirt/libvirt-virshcmdref">gitlab</a>
+            <a href="https://gitlab.com/libvirt/libvirt-virshcmdref/-/issues">issues</a>
+          </td>
+          <td class="gitmirror">
+            <a href="https://libvirt.org/git/?p=libvirt-virshcmdref.git;a=summary">libvirt</a>
             <a href="https://github.com/libvirt/libvirt-virshcmdref">github</a>
           </td>
           <td></td>

docs/drivers.html.in

@@ -8,6 +8,7 @@
       <li><a href="#hypervisor">Hypervisor drivers</a></li>
       <li><a href="storage.html">Storage drivers</a></li>
       <li><a href="drvnodedev.html">Node device driver</a></li>
+      <li><a href="drvsecret.html">Secret driver</a></li>
     </ul>
 
     <p>
@@ -34,7 +35,6 @@
       <li><strong><a href="drvvmware.html">VMware Workstation/Player</a></strong></li>
       <li><strong><a href="drvxen.html">Xen</a></strong></li>
       <li><strong><a href="drvhyperv.html">Microsoft Hyper-V</a></strong></li>
-      <li><strong><a href="drvphyp.html">IBM PowerVM (phyp)</a></strong></li>
       <li><strong><a href="drvvirtuozzo.html">Virtuozzo</a></strong></li>
       <li><strong><a href="drvbhyve.html">Bhyve</a></strong> - The BSD Hypervisor</li>
     </ul>

docs/drvesx.html.in

@@ -337,7 +337,9 @@ error: invalid argument in libvirt was built without the 'esx' driver
             Memory size has to be a multiple of 4096
         </li>
         <li>
-            Number of virtual CPU has to be 1 or a multiple of 2
+            Number of virtual CPU has to be 1 or a multiple of 2.
+            <span class="since">Since 4.10.0</span> any number of vCPUs is
+            supported.
         </li>
         <li>
             Valid MAC address prefixes are <code>00:0c:29</code> and

docs/drvphyp.html.in

@@ -1,50 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>IBM PowerVM hypervisor driver (phyp)</h1>
-    <ul id="toc"></ul>
-    <p>
-        The IBM PowerVM driver can manage both HMC and IVM PowerVM
-        guests.  VIOS connections are tunneled through HMC.
-    </p>
-
-
-    <h2><a id="project">Project Links</a></h2>
-    <ul>
-      <li>
-        The <a href="http://www-03.ibm.com/systems/power/software/virtualization/index.html">IBM
-        PowerVM</a> hypervisor
-      </li>
-    </ul>
-
-
-    <h2><a id="uri">Connections to the PowerVM driver</a></h2>
-    <p>
-        Some example remote connection URIs for the driver are:
-    </p>
-<pre>
-phyp://user@hmc/system (HMC connection)
-phyp://user@ivm/system (IVM connection)
-</pre>
-    <p>
-        <strong>Note</strong>: In contrast to other drivers, the
-        PowerVM (or phyp) driver is a client-side-only driver,
-        internally using ssh to connect to the specified hmc or ivm
-        server. Therefore, the <a href="remote.html">remote transport
-        mechanism</a> provided by the remote driver and libvirtd will
-        not work, and you cannot use URIs like
-        <code>phyp+ssh://example.com</code>.
-    </p>
-
-
-    <h3><a id="uriformat">URI Format</a></h3>
-    <p>
-        URIs have this general form (<code>[...]</code> marks an
-        optional part, <code>{...|...}</code> marks a mandatory choice).
-    </p>
-<pre>
-phyp://[username@]{hmc|ivm}/managed_system
-</pre>
-
-</body></html>

docs/drvqemu.html.in

@@ -63,6 +63,105 @@ qemu+tcp://example.com/system        (remote access, SASl/Kerberos)
 qemu+ssh://root@example.com/system   (remote access, SSH tunnelled)
 </pre>
 
+    <h3><a id="uriembedded">Embedded driver</a></h3>
+
+    <p>
+      Since 6.1.0 the QEMU driver has experimental support for operating
+      in an embedded mode. In this scenario, rather than connecting to
+      the libvirtd daemon, the QEMU driver runs in the client application
+      process directly. To use this the client application must have
+      registered &amp; be running an instance of the event loop. To open
+      the driver in embedded mode the app use the new URI path and specify
+      a virtual root directory under which the driver will create content.
+    </p>
+
+    <pre>
+      qemu:///embed?root=/some/dir
+    </pre>
+
+    <p>
+      Broadly speaking the range of functionality is intended to be
+      on a par with that seen when using the traditional system or
+      session libvirt connections to QEMU. The features will of course
+      differ depending on whether the application using the embedded
+      driver is running privileged or unprivileged. For example PCI
+      device assignment or TAP based networking are only available
+      when running privileged. While the embedded mode is still classed
+      as experimental some features may change their default settings
+      between releases.
+    </p>
+
+    <p>
+      By default if the application uses any APIs associated with
+      secondary drivers, these will result in a connection being
+      opened to the corresponding driver in libvirtd. For example,
+      this allows a virtual machine from the embedded QEMU to connect
+      its NIC to a virtual network or connect its disk to a storage
+      volume. Some of the secondary drivers will also be able to support
+      running in embedded mode. Currently this is supported by the
+      secrets driver, to allow for use of VMs with encrypted disks
+    </p>
+
+    <h4><a id="embedTree">Directory tree</a></h4>
+
+    <p>
+      Under the specified root directory the following locations will
+      be used
+    </p>
+
+    <pre>
+/some/dir
+  |
+  +- log
+  |   |
+  |   +- qemu
+  |   +- swtpm
+  |
+  +- etc
+  |   |
+  |   +- qemu
+  |   +- pki
+  |       |
+  |       +- qemu
+  |
+  +- run
+  |   |
+  |   +- qemu
+  |   +- swtpm
+  |
+  +- cache
+  |   |
+  |   +- qemu
+  |
+  +- lib
+      |
+      +- qemu
+      +- swtpm
+    </pre>
+
+    <p>
+      Note that UNIX domain sockets used for QEMU virtual machines had
+      a maximum filename length of 108 characters. Bear this in mind
+      when picking a root directory to avoid risk of exhausting the
+      filename space. The application is responsible for recursively
+      purging the contents of this directory tree once they no longer
+      require a connection, though it can also be left intact for reuse
+      when opening a future connection.
+    </p>
+
+    <h4><a id="embedAPI">API usage with event loop</a></h4>
+
+    <p>
+      To use the QEMU driver in embedded mode the application must
+      register an event loop with libvirt. Many of the QEMU driver
+      API calls will rely on the event loop processing data. With this
+      in mind, applications must <strong>NEVER</strong> invoke API
+      calls from the event loop thread itself, only other threads.
+      Not following this rule will lead to deadlocks in the API.
+      This restriction is intended to be lifted in a future release
+      of libvirt, once QMP processing moves to a dedicated thread.
+    </p>
+
     <h2><a id="security">Driver security architecture</a></h2>
 
     <p>
@@ -187,41 +286,29 @@ chmod o+x /path/to/directory
       </li>
     </ul>
 
+    <p>
+      The libvirt maintainers <strong>strongly recommend against</strong>
+      running QEMU as the root user/group. This should not be required
+      in most supported usage scenarios, as libvirt will generally do the
+      right thing to grant QEMU access to files it is permitted to
+      use when it is running non-root.
+    </p>
+
     <h3><a id="securitycap">Linux process capabilities</a></h3>
 
     <p>
-      The libvirt QEMU driver has a build time option allowing it to use
-      the <a href="http://people.redhat.com/sgrubb/libcap-ng/index.html">libcap-ng</a>
-      library to manage process capabilities. If this build option is
-      enabled, then the QEMU driver will use this to ensure that all
-      process capabilities are dropped before executing a QEMU virtual
-      machine. Process capabilities are what gives the 'root' account
-      its high power, in particular the CAP_DAC_OVERRIDE capability
-      is what allows a process running as 'root' to access files owned
-      by any user.
+      In versions of libvirt prior to 6.0.0, even if QEMU was configured
+      to run as the root user / group, libvirt would strip all process
+      capabilities. This meant that QEMU could only read/write files
+      owned by root, or with open permissions. In reality, stripping
+      capabilities did not have any security benefit, as it was trivial
+      to get commands to run in another context with full capabilities,
+      for example, by creating a cronjob.
     </p>
-
     <p>
-      If the QEMU driver is configured to run virtual machines as non-root,
-      then they will already lose all their process capabilities at time
-      of startup. The Linux capability feature is thus aimed primarily at
-      the scenario where the QEMU processes are running as root. In this
-      case, before launching a QEMU virtual machine, libvirtd will use
-      libcap-ng APIs to drop all process capabilities. It is important
-      for administrators to note that this implies the QEMU process will
-      <strong>only</strong> be able to access files owned by root, and
-      not files owned by any other user.
-    </p>
-
-    <p>
-      Thus, if a vendor / distributor has configured their libvirt package
-      to run as 'qemu' by default, a number of changes will be required
-      before an administrator can change a host to run guests as root.
-      In particular it will be necessary to change ownership on the
-      directories <code>/var/run/libvirt/qemu/</code>,
-      <code>/var/lib/libvirt/qemu/</code> and
-      <code>/var/cache/libvirt/qemu/</code> back to root, in addition
-      to changing the <code>/etc/libvirt/qemu.conf</code> settings.
+      Thus since 6.0.0, if QEMU is running as root, it will keep all
+      process capabilities. Behaviour when QEMU is running non-root
+      is unchanged, it still has no capabilities.
     </p>
 
     <h3><a id="securityselinux">SELinux basic confinement</a></h3>
@@ -352,7 +439,8 @@ chmod o+x /path/to/directory
     <p>
       While users can define their own AppArmor profile scheme, a typical
       configuration will include a profile for <code>/usr/sbin/libvirtd</code>,
-      <code>/usr/lib/libvirt/virt-aa-helper</code> (a helper program which the
+      <code>/usr/lib/libvirt/virt-aa-helper</code> or
+      <code>/usr/libexec/virt-aa-helper</code>(a helper program which the
       libvirtd daemon uses instead of manipulating AppArmor directly), and
       an abstraction to be included by <code>/etc/apparmor.d/libvirt/TEMPLATE</code>
       (typically <code>/etc/apparmor.d/abstractions/libvirt-qemu</code>).
@@ -490,7 +578,7 @@ mount -t cgroup none /dev/cgroup -o devices
       typically, the namespace is given the name
       of <code>qemu</code>.  With the namespace in place, it is then
       possible to add an element <code>&lt;qemu:commandline&gt;</code>
-      under <code>driver</code>, with the following sub-elements
+      under <code>domain</code>, with the following sub-elements
       repeated as often as needed:
     </p>
       <dl>

docs/drvsecret.html.in

@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <body>
+    <h1>Secret information management</h1>
+
+    <p>
+      The secrets driver in libvirt provides a simple interface for
+      storing and retrieving secret information.
+    </p>
+
+        <h2><a id="uris">Connections to SECRET driver</a></h2>
+
+    <p>
+    The libvirt SECRET driver is a multi-instance driver, providing a single
+    system wide privileged driver (the "system" instance), and per-user
+    unprivileged drivers (the "session" instance). A connection to the secret
+    driver is automatically available when opening a connection to one of the
+    stateful primary hypervisor drivers. It is none the less also possible to
+    explicitly open just the secret driver, using the URI protocol "secret"
+    Some example connection URIs for the driver are:
+    </p>
+
+<pre>
+secret:///session                      (local access to per-user instance)
+secret+unix:///session                 (local access to per-user instance)
+
+secret:///system                       (local access to system instance)
+secret+unix:///system                  (local access to system instance)
+secret://example.com/system            (remote access, TLS/x509)
+secret+tcp://example.com/system        (remote access, SASl/Kerberos)
+secret+ssh://root@example.com/system   (remote access, SSH tunnelled)
+</pre>
+
+    <h3><a id="uriembedded">Embedded driver</a></h3>
+
+    <p>
+      Since 6.1.0 the secret driver has experimental support for operating
+      in an embedded mode. In this scenario, rather than connecting to
+      the libvirtd daemon, the secret driver runs in the client application
+      process directly. To open the driver in embedded mode the app use the
+      new URI path and specify a virtual root directory under which the
+      driver will create content.
+    </p>
+
+    <pre>
+      secret:///embed?root=/some/dir
+    </pre>
+
+    <p>
+      Under the specified root directory the following locations will
+      be used
+    </p>
+
+    <pre>
+/some/dir
+  |
+  +- etc
+  |   |
+  |   +- secrets
+  |
+  +- run
+      |
+      +- secrets
+    </pre>
+
+    <p>
+      The application is responsible for recursively purging the contents
+      of this directory tree once they no longer require a connection,
+      though it can also be left intact for reuse when opening a future
+      connection.
+    </p>
+
+    <p>
+      The range of functionality is intended to be on a par with that
+      seen when using the traditional system or session libvirt connections
+      to QEMU. Normal practice would be to open the secret driver in embedded
+      mode any time one of the other drivers is opened in embedded mode so
+      that the two drivers can interact in-process.
+    </p>
+  </body>
+</html>

docs/fonts/LICENSE.rst

@@ -1,18 +1,24 @@
-## License
+=======
+License
+=======
 
 Copyright (C) 2015 Red Hat, Inc.,
 
 This Font Software is licensed under the SIL Open Font License, Version 1.1.
 This license is copied below, and is also available with a FAQ at:
+
 http://scripts.sil.org/OFL
 
 
-#### SIL OPEN FONT LICENSE
+=====================
+SIL OPEN FONT LICENSE
+=====================
+
 Version 1.1 - 26 February 2007
 
----
+PREAMBLE
+========
 
-#### PREAMBLE
 The goals of the Open Font License (OFL) are to stimulate worldwide development
 of collaborative font projects, to support the font creation efforts of
 academic and linguistic communities, and to provide a free and open framework
@@ -27,7 +33,9 @@ any other type of license. The requirement for fonts to remain under this
 license does not apply to any document created using the fonts or their
 derivatives.
 
-#### DEFINITIONS
+DEFINITIONS
+===========
+
 “Font Software” refers to the set of files released by the Copyright Holder(s)
 under this license and clearly marked as such. This may include source files,
 build scripts and documentation.
@@ -45,7 +53,9 @@ by changing formats or by porting the Font Software to a new environment.
 “Author” refers to any designer, engineer, programmer, technical writer or
 other person who contributed to the Font Software.
 
-#### PERMISSION & CONDITIONS
+PERMISSION & CONDITIONS
+=======================
+
 Permission is hereby granted, free of charge, to any person obtaining a copy of
 the Font Software, to use, study, copy, merge, embed, modify, redistribute, and
 sell modified and unmodified copies of the Font Software, subject to the
@@ -76,10 +86,14 @@ distributed entirely under this license, and must not be distributed under any
 other license. The requirement for fonts to remain under this license does not
 apply to any document created using the Font Software.
 
-#### TERMINATION
+TERMINATION
+===========
+
 This license becomes null and void if any of the above conditions are not met.
 
-#### DISCLAIMER
+DISCLAIMER
+==========
+
 THE FONT SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF COPYRIGHT, PATENT,

docs/format.html.in

@@ -27,6 +27,7 @@
       <li><a href="formatsecret.html">Secrets</a></li>
       <li><a href="formatsnapshot.html">Snapshots</a></li>
       <li><a href="formatcheckpoint.html">Checkpoints</a></li>
+      <li><a href="formatbackup.html">Backup jobs</a></li>
     </ul>
 
     <h2>Command line validation</h2>

docs/formatbackup.html.in

@@ -0,0 +1,191 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <body>
+    <h1>Backup XML format</h1>
+
+    <ul id="toc"></ul>
+
+    <h2><a id="BackupAttributes">Backup XML</a></h2>
+
+    <p>
+      Creating a backup, whether full or incremental, is done
+      via <code>virDomainBackupBegin()</code>, which takes an XML
+      description of the actions to perform, as well as an optional
+      second XML document <a href="formatcheckpoint.html">describing a
+      checkpoint</a> to create at the same point in time. See
+      also <a href="kbase/domainstatecapture.html">a comparison</a> between
+      the various state capture APIs.
+    </p>
+    <p>
+      There are two general modes for backups: a push mode (where the
+      hypervisor writes out the data to the destination file, which
+      may be local or remote), and a pull mode (where the hypervisor
+      creates an NBD server that a third-party client can then read as
+      needed, and which requires the use of temporary storage,
+      typically local, until the backup is complete).
+    </p>
+    <p>
+      The instructions for beginning a backup job are provided as
+      attributes and elements of the
+      top-level <code>domainbackup</code> element. This element
+      includes an optional attribute <code>mode</code> which can be
+      either "push" or "pull" (default
+      push). <code>virDomainBackupGetXMLDesc()</code> can be used to
+      see the actual values selected for elements omitted during
+      creation (for example, learning which port the NBD server is
+      using in the pull model or what file names libvirt generated
+      when none were supplied). The following child elements and attributes
+      are supported:
+    </p>
+    <dl>
+      <dt><code>incremental</code></dt>
+      <dd>An optional element giving the name of an existing
+        checkpoint of the domain, which will be used to make this
+        backup an incremental one. In the push model, only changes
+        since the named checkpoint are written to the destination. In
+        the pull model, the NBD server uses the
+        NBD_OPT_SET_META_CONTEXT extension to advertise to the client
+        which portions of the export contain changes since the named
+        checkpoint. If omitted, a full backup is performed.
+      </dd>
+      <dt><code>server</code></dt>
+      <dd>Present only for a pull mode backup. Contains the same
+        attributes as
+        the <a href="formatdomain.html#elementsDisks"><code>protocol</code>
+        element of a disk</a> attached via NBD in the domain (such as
+        transport, socket, name, port, or tls), necessary to set up an
+        NBD server that exposes the content of each disk at the time
+        the backup is started.
+      </dd>
+      <dt><code>disks</code></dt>
+      <dd>An optional listing of instructions for disks participating
+        in the backup (if omitted, all disks participate and libvirt
+        attempts to generate filenames by appending the current
+        timestamp as a suffix). If the entire element was omitted on
+        input, then all disks participate in the backup, otherwise,
+        only the disks explicitly listed which do not also
+        use <code>backup='no'</code> will participate. On output, this
+        is the state of each of the domain's disk in relation to the
+        backup operation.
+        <dl>
+          <dt><code>disk</code></dt>
+          <dd>This sub-element describes the backup properties of a
+            specific disk, with the following attributes and child
+            elements:
+            <dl>
+              <dt><code>name</code></dt>
+              <dd>A mandatory attribute which must match
+                the <code>&lt;target dev='name'/&gt;</code>
+                of one of
+                the <a href="formatdomain.html#elementsDisks">disk
+                devices</a> specified for the domain at the time of
+                the checkpoint.</dd>
+              <dt><code>backup</code></dt>
+              <dd>Setting this attribute to <code>yes</code>(default) specifies
+                that the disk should take part in the backup and using
+                <code>no</code> excludes the disk from the backup.</dd>
+              <dt><code>exportname</code></dt>
+              <dd>Allows modification of the NBD export name for the given disk.
+                By default equal to disk target.
+                Valid only for pull mode backups.</dd>
+              <dt><code>exportbitmap</code></dt>
+              <dd>Allows modification of the name of the bitmap describing dirty
+                blocks for an incremental backup exported via NBD export name
+                for the given disk.
+                Valid only for pull mode backups.</dd>
+              <dt><code>type</code></dt>
+              <dd>A mandatory attribute to describe the type of the
+                disk, except when <code>backup='no'</code> is
+                used. Valid values include <code>file</code>, or
+                <code>block</code>.
+                Similar to a disk declaration for a domain, the choice of type
+                controls what additional sub-elements are needed to describe
+                the destination.</dd>
+              <dt><code>target</code></dt>
+              <dd>Valid only for push mode backups, this is the
+                primary sub-element that describes the file name of
+                the backup destination, similar to
+                the <code>source</code> sub-element of a domain
+                disk. An optional sub-element <code>driver</code> can
+                also be used, with an attribute <code>type</code> to
+                specify a destination format different from
+                qcow2. See documentation for <code>scratch</code> below for
+                additional configuration.</dd>
+              <dt><code>scratch</code></dt>
+              <dd>Valid only for pull mode backups, this is the
+                primary sub-element that describes the file name of
+                the local scratch file to be used in facilitating the
+                backup, and is similar to the <code>source</code>
+                sub-element of a domain disk. Currently only <code>file</code>
+                and <code>block</code> scratch storage is supported. The
+                <code>file</code> scratch file is created and deleted by
+                libvirt in the given location. A <code>block</code> scratch
+                device must exist prior to starting the backup and is formatted.
+                The block device must have enough space for the corresponding
+                disk data including format overhead.
+
+                If <code>VIR_DOMAIN_BACKUP_BEGIN_REUSE_EXTERNAL</code> flag is
+                used the file for a scratch of <code>file</code> type must
+                exist with the correct format and size to hold the copy and is
+                used without modification. The file is not deleted after the
+                backup but the contents of the file don't make sense outside
+                of the backup. The same applies for the block device which
+                must be formatted appropriately.
+
+                Similarly to the domain
+                <a href="formatdomain.html#elementsDisks"><code>disk</code></a>
+                definition <code>scratch</code> and <code>target</code> can
+                contain <code>seclabel</code> and/or <code>encryption</code>
+                subelements to configure the corresponding properties.
+              </dd>
+            </dl>
+          </dd>
+        </dl>
+      </dd>
+    </dl>
+
+    <h2><a id="example">Examples</a></h2>
+
+    <p>Use <code>virDomainBackupBegin()</code> to perform a full
+      backup using push mode. The example lets libvirt pick the
+      destination and format for 'vda', fully specifies that we want a
+      raw backup of 'vdb', and omits 'vdc' from the operation.
+    </p>
+    <pre>
+&lt;domainbackup&gt;
+  &lt;disks&gt;
+    &lt;disk name='vda' backup='yes'/&gt;
+    &lt;disk name='vdb' type='file'&gt;
+      &lt;target file='/path/to/vdb.backup'/&gt;
+      &lt;driver type='raw'/&gt;
+    &lt;/disk&gt;
+    &lt;disk name='vdc' backup='no'/&gt;
+  &lt;/disks&gt;
+&lt;/domainbackup&gt;
+    </pre>
+
+    <p>If the previous full backup also passed a parameter describing
+      <a href="formatcheckpoint.html">checkpoint XML</a> that resulted
+      in a checkpoint named <code>1525889631</code>, we can make
+      another call to <code>virDomainBackupBegin()</code> to perform
+      an incremental backup of just the data changed since that
+      checkpoint, this time using the following XML to start a pull
+      model export of the 'vda' and 'vdb' disks, where a third-party
+      NBD client connecting to '/path/to/server' completes the backup
+      (omitting 'vdc' from the explicit list has the same effect as
+      the backup='no' from the previous example):
+    </p>
+    <pre>
+&lt;domainbackup mode="pull"&gt;
+  &lt;incremental&gt;1525889631&lt;/incremental&gt;
+  &lt;server transport="unix" socket="/path/to/server"/&gt;
+  &lt;disks&gt;
+    &lt;disk name='vda' backup='yes' type='file'&gt;
+      &lt;scratch file='/path/to/file1.scratch'/&gt;
+    &lt;/disk&gt;
+  &lt;/disks&gt;
+&lt;/domainbackup&gt;
+    </pre>
+  </body>
+</html>

docs/formatcaps.html.in

@@ -173,7 +173,7 @@
       </features>
       <model>core2duo</model>
       <vendor>Intel</vendor>
-      <topology sockets="1" cores="2" threads="1"/>
+      <topology sockets="1" dies="1" cores="2" threads="1"/>
       <feature name="lahf_lm"/>
       <feature name='xtpr'/>
       ...

docs/formatcheckpoint.html.in

@@ -28,12 +28,12 @@
       first checkpoint and the second backup operation), it is
       possible to do an offline reconstruction of the state of the
       disk at the time of the second backup without having to copy as
-      much data as a second full backup would require.  Future API
-      additions will make it possible to create checkpoints in
-      conjunction with a backup
-      via <code>virDomainBackupBegin()</code> or with an external
-      snapshot via <code>virDomainSnapshotCreateXML2</code>; but for
-      now, libvirt exposes enough support to create disk checkpoints
+      much data as a second full backup would require. Most disk
+      checkpoints are created in conjunction with a backup
+      via <code>virDomainBackupBegin()</code>, although a future API
+      addition of <code>virDomainSnapshotCreateXML2()</code> will also
+      make this possible when creating external snapshots; however,
+      libvirt also exposes enough support to create disk checkpoints
       independently from a backup operation
       via <code>virDomainCheckpointCreateXML()</code> <span class="since">since
       5.6.0</span>.  Likewise, the creation of checkpoints when

docs/formatdomaincaps.html.in

@@ -143,38 +143,51 @@
 <domainCapabilities>
 </pre>
 
-    <p>The <code>firmware</code> enum corresponds to
-      <code>firmware</code> attribute of the <code>os</code> element.
-      Plain presence of this enum means that libvirt is capable of so
-      called firmware auto selection. The listed values then represent
-      accepted values for the domain attribute. Only values for which
-      there exists a firmware descriptor that matches machine type and
-      architecture are listed, i.e. those which won't cause a failure
-      on domain startup.
+    <p>The <code>firmware</code> enum corresponds to the
+      <code>firmware</code> attribute of the <code>os</code> element in
+      the domain XML. The presence of this enum means libvirt is capable
+      of the so-called firmware auto-selection feature. And the listed
+      firmware values represent the accepted input in the domain
+      XML. Note that the <code>firmware</code> enum reports only those
+      values for which a firmware "descriptor file" exists on the host.
+      Firmware descriptor file is a small JSON document that describes
+      details about a given BIOS or UEFI binary on the host, e.g. the
+      fimware binary path, its architecture, supported machine types,
+      NVRAM template, etc. This ensures that the reported values won't
+      cause a failure on guest boot.
     </p>
 
     <p>For the <code>loader</code> element, the following can occur:</p>
 
     <dl>
       <dt><code>value</code></dt>
-      <dd>List of known loader paths. Currently this is only used
-      to advertise known locations of OVMF binaries for qemu. Binaries
-      will only be listed if they actually exist on disk.</dd>
+      <dd>List of known firmware binary paths. Currently this is used
+      only to advertise the known location of OVMF binaries for
+      QEMU. OVMF binaries will only be listed if they actually exist on
+      host.</dd>
 
       <dt><code>type</code></dt>
-      <dd>Whether loader is a typical BIOS (<code>rom</code>) or
-      an UEFI binary (<code>pflash</code>). This refers to
-      <code>type</code> attribute of the &lt;loader/&gt;
-      element.</dd>
+      <dd>Whether the boot loader is a typical BIOS (<code>rom</code>)
+      or a UEFI firmware (<code>pflash</code>). Each <code>value</code>
+      sub-element under the <code>type</code> enum represents a possible
+      value for the <code>type</code> attribute for the &lt;loader/&gt;
+      element in the domain XML. E.g. the presence
+      of <code>pfalsh</code> under the <code>type</code> enum means that
+      a domain XML can use UEFI firmware via: &lt;loader/&gt;
+      type="pflash" ...&gt;/path/to/the/firmware/binary/&lt;/loader&gt;.
+      </dd>
 
       <dt><code>readonly</code></dt>
       <dd>Options for the <code>readonly</code> attribute of the
-      &lt;loader/&gt; element.</dd>
+      &lt;loader/&gt; element in the domain XML.</dd>
 
       <dt><code>secure</code></dt>
       <dd>Options for the <code>secure</code> attribute of the
-      &lt;loader/&gt; element. Note, that <code>yes</code> is listed
-      only if there is a firmware that supports it.</dd>
+      &lt;loader/&gt; element in the domain XML. Note that the
+      value <code>yes</code> is listed only if libvirt detects a
+      firmware descriptor file that has path to an OVMF binary that
+      supports Secure boot, and lists its architecture and supported
+      machine type.</dd>
     </dl>
 
     <h3><a id="elementsCPU">CPU configuration</a></h3>
@@ -236,9 +249,11 @@
         The <code>mode</code> element contains a list of supported CPU
         models, each described by a dedicated <code>model</code> element.
         The <code>usable</code> attribute specifies whether the model can
-        be used on the host. A special value <code>unknown</code> indicates
-        libvirt does not have enough information to provide the usability
-        data.
+        be used directly on the host. When usable='no' the corresponding model
+        cannot be used without disabling some features that the CPU of such
+        model is expected to have. A special value <code>unknown</code>
+        indicates libvirt does not have enough information to provide the
+        usability data.
       </dd>
     </dl>
 
@@ -450,6 +465,42 @@
       element.</dd>
     </dl>
 
+
+    <h4><a id="elementsRNG">RNG device</a></h4>
+    <p>RNG device capabilities are exposed under the
+    <code>rng</code> element. For instance:</p>
+
+<pre>
+&lt;domainCapabilities&gt;
+  ...
+  &lt;devices&gt;
+    &lt;rng supported='yes'&gt;
+      &lt;enum name='model'&gt;
+        &lt;value&gt;virtio&lt;/value&gt;
+        &lt;value&gt;virtio-transitional&lt;/value&gt;
+        &lt;value&gt;virtio-non-transitional&lt;/value&gt;
+      &lt;/enum&gt;
+      &lt;enum name='backendModel'&gt;
+        &lt;value&gt;random&lt;/value&gt;
+        &lt;value&gt;egd&lt;/value&gt;
+        &lt;value&gt;builtin&lt;/value&gt;
+      &lt;/enum&gt;
+    &lt;/rng&gt;
+    ...
+  &lt;/devices&gt;
+&lt;/domainCapabilities&gt;
+</pre>
+
+    <dl>
+      <dt><code>model</code></dt>
+      <dd>Options for the <code>model</code> attribute of the
+      &lt;rng&gt; element.</dd>
+      <dt><code>backendModel</code></dt>
+      <dd>Options for the <code>model</code> attribute of the
+      &lt;rng&gt;&lt;backend&gt; element.</dd>
+    </dl>
+
+
     <h3><a id="elementsFeatures">Features</a></h3>
 
     <p>One more set of XML elements describe the supported features and
@@ -468,6 +519,8 @@
     &lt;/gic&gt;
     &lt;vmcoreinfo supported='yes'/&gt;
     &lt;genid supported='yes'/&gt;
+    &lt;backingStoreInput supported='yes'/&gt;
+    &lt;backup supported='yes'/&gt;
     &lt;sev&gt;
       &lt;cbitpos&gt;47&lt;/cbitpos&gt;
       &lt;reduced-phys-bits&gt;1&lt;/reduced-phys-bits&gt;
@@ -504,6 +557,24 @@
 
     <p>Reports whether the genid feature can be used by the domain.</p>
 
+    <h4><a id="featureBackingStoreInput">backingStoreInput</a></h4>
+
+    <p>Reports whether the hypervisor will obey the &lt;backingStore&gt;
+    elements configured for a &lt;disk&gt; when booting the guest, hotplugging
+    the disk to a running guest, or similar.
+    <span class="since">(Since 5.10)</span>
+    </p>
+
+    <h4><a id="featureBackup">backup</a></h4>
+
+    <p>Reports whether the hypervisor supports the backup, checkpoint, and
+    related features. (<code>virDomainBackupBegin</code>,
+    <code>virDomainCheckpointCreateXML</code> etc). The presence of the
+    <code>backup</code> element even if <code>supported='no'</code> implies that
+    the <code>VIR_DOMAIN_UNDEFINE_CHECKPOINTS_METADATA</code> flag for
+    <code>virDomainUndefine</code> is supported.
+    </p>
+
     <h4><a id="elementsSEV">SEV capabilities</a></h4>
 
     <p>AMD Secure Encrypted Virtualization (SEV) capabilities are exposed under

docs/formatnetwork.html.in

@@ -548,10 +548,10 @@
         (<span class="since">since 0.9.4</span>). Setting
         <code>bandwidth</code> for a network is supported only
         for networks with a <code>&lt;forward&gt;</code> mode
-        of <code>route</code>, <code>nat</code>, or no mode at all
-        (i.e. an "isolated" network). Setting <code>bandwidth</code>
-        is <b>not</b> supported for forward modes
-        of <code>bridge</code>, <code>passthrough</code>, <code>private</code>,
+        of <code>route</code>, <code>nat</code>, <code>bridge</code>,
+        or no mode at all (i.e. an "isolated" network). Setting
+        <code>bandwidth</code> is <b>not</b> supported for forward modes
+        <code>passthrough</code>, <code>private</code>,
         or <code>hostdev</code>. Attempts to do this will lead to
         a failure to define the network or to create a transient network.
       </p>
@@ -631,7 +631,7 @@
           goes through one point where QoS decisions can take place, hence
           why this attribute works only for virtual networks for now
           (that is <code>&lt;interface type='network'/&gt;</code> with a
-          forward type of route, nat, or no forward at all). Moreover, the
+          forward type of route, nat, open or no forward at all). Moreover, the
           virtual network the interface is connected to is required to have
           at least inbound QoS set (<code>average</code> at least). If
           using the <code>floor</code> attribute users don't need to specify
@@ -729,6 +729,31 @@
       or <code>&lt;interface&gt;</code>.
     </p>
 
+    <h5><a id="elementPort">Isolating ports from one another</a></h5>
+
+<pre>
+&lt;network&gt;
+  &lt;name&gt;isolated-ports&lt;/name&gt;
+  &lt;forward mode='bridge'/&gt;
+  &lt;bridge name='br0'/&gt;
+  &lt;port isolated='yes'/&gt;
+&lt;/network&gt;
+</pre>
+
+    <p>
+      <span class="since">Since 6.1.0.</span> The <code>port</code>
+      element property <code>isolated</code>, when set
+      to <code>yes</code> (default setting is <code>no</code>) is used
+      to isolate the network traffic of each guest on the network from
+      all other guests connected to the network; it does not have an
+      effect on communication between the guests and the host, or
+      between the guests and destinations beyond this network. This
+      setting is only supported for networks that use a Linux host
+      bridge to connect guest interfaces via a standard tap device
+      (i.e. those with a forward mode of nat, route, open, bridge, or
+      no forward mode).
+    </p>
+
     <h5><a id="elementsPortgroup">Portgroups</a></h5>
 
 <pre>

docs/formatnetworkport.html.in

@@ -84,6 +84,7 @@
     <outbound average='128' peak='256' burst='256'/>
   </bandwidth>
   <rxfilters trustGuest='yes'/>
+  <port isolated='yes'/>
   <virtualport type='802.1Qbg'>
     <parameters managerid='11' typeid='1193047' typeidversion='2'/>
   </virtualport>
@@ -110,6 +111,16 @@
         only supported for the virtio device model and for macvtap
         connections on the host.
       </dd>
+      <dt><code>port</code></dt>
+      <dd> <span class="since">Since 6.1.0.</span>
+        The <code>port</code> element property
+        <code>isolated</code>, when set to <code>yes</code> (default
+        setting is <code>no</code>) is used to isolate this port's
+        network traffic from other ports on the same network that also
+        have <code>&lt;port isolated='yes'/&gt;</code>. This setting
+        is only supported for emulated network devices connected to a
+        Linux host bridge via a standard tap device.
+      </dd>
       <dt><code>virtualport</code></dt>
       <dd>The <code>virtualport</code> element describes metadata that
         needs to be provided to the underlying network subsystem. It

docs/formatsecret.html.in

@@ -76,13 +76,13 @@
     <pre>
 # virsh secret-define volume-secret.xml
 Secret 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f created
-#
-# MYSECRET=`printf %s "open sesame" | base64`
-# virsh secret-set-value 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f $MYSECRET
-Secret value set
-#
     </pre>
 
+    <p>
+      See <a href="#settingSecrets">virsh secret-set-value</a> on how
+      to set the value of the secret.
+    </p>
+
     <p>
       The volume type secret can be supplied either in volume XML during
       creation of a <a href="formatstorage.html#StorageVol">storage volume</a>
@@ -103,12 +103,11 @@ Secret value set
 
 # virsh secret-define luks-secret.xml
 Secret f52a81b2-424e-490c-823d-6bd4235bc57 created
-#
-# MYSECRET=`printf %s "letmein" | base64`
-# virsh secret-set-value f52a81b2-424e-490c-823d-6bd4235bc57 $MYSECRET
-Secret value set
-#
     </pre>
+    <p>
+      See <a href="#settingSecrets">virsh secret-set-value</a> on how
+      to set the value of the secret.
+    </p>
 
     <p>
       The volume type secret can be supplied in domain XML for a luks storage
@@ -156,13 +155,11 @@ Secret 1b40a534-8301-45d5-b1aa-11894ebb1735 created
  UUID                                 Usage
 -----------------------------------------------------------
  1b40a534-8301-45d5-b1aa-11894ebb1735 cephx ceph_example
-#
-# CEPHPHRASE=`printf %s "pass phrase" | base64`
-# virsh secret-set-value 1b40a534-8301-45d5-b1aa-11894ebb1735 $CEPHPHRASE
-Secret value set
-
-#
     </pre>
+    <p>
+      See <a href="#settingSecrets">virsh secret-set-value</a> on how
+      to set the value of the secret.
+    </p>
 
     <p>
       The ceph secret can then be used by UUID or by the
@@ -229,7 +226,9 @@ incominguser myname mysecret
 
     <p>
       Next, use <code>virsh secret-define iscsi-secret.xml</code> to define
-      the secret and <code>virsh secret-set-value</code> using the generated
+      the secret and
+      <code><a href="#settingSecrets">virsh secret-set-value</a></code>
+      using the generated
       UUID value and a base64 generated secret value in order to define the
       chosen secret pass phrase.  The pass phrase must match the password
       used in the iSCSI authentication configuration file.
@@ -243,12 +242,13 @@ Secret c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 created
 -----------------------------------------------------------
  c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 iscsi libvirtiscsi
 
-# MYSECRET=`printf %s "mysecret" | base64`
-# virsh secret-set-value c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 $MYSECRET
-Secret value set
-#
     </pre>
 
+    <p>
+      See <a href="#settingSecrets">virsh secret-set-value</a> on how
+      to set the value of the secret.
+    </p>
+
     <p>
       The iSCSI secret can then be used by UUID or by the
       usage name via the <code>&lt;auth&gt;</code> element in a domain's
@@ -313,19 +313,13 @@ Secret 718c71bd-67b5-4a2b-87ec-a24e8ca200dc created
       Once the secret is defined, a secret value will need to be set. The
       secret would be the passphrase used to access the TLS credentials.
       The following is a simple example of using
-      <code>virsh secret-set-value</code> to set the secret value. The
+      <code><a href="#settingSecrets">virsh secret-set-value</a></code> to set
+      the secret value. The
       <a href="html/libvirt-libvirt-secret.html#virSecretSetValue">
       <code>virSecretSetValue</code></a> API may also be used to set
       a more secure secret without using printable/readable characters.
     </p>
 
-    <pre>
-# MYSECRET=`printf %s "letmein" | base64`
-# virsh secret-set-value 718c71bd-67b5-4a2b-87ec-a24e8ca200dc $MYSECRET
-Secret value set
-
-    </pre>
-
     <h3><a id="vTPMUsageType">Usage type "vtpm"</a></h3>
 
     <p>
@@ -334,8 +328,8 @@ Secret value set
       of the vTPM.
       The <code>&lt;usage type='vtpm'&gt;</code> element must contain
       a single <code>name</code> element that specifies a usage name
-      for the secret.  The vTPM secret can then be used by UUID or by
-      this usage name via the <code>&lt;encryption&gt;</code> element of
+      for the secret.  The vTPM secret can then be used by UUID
+      via the <code>&lt;encryption&gt;</code> element of
       a <a href="formatdomain.html#elementsTpm">tpm</a> when using an
       emulator.
       <span class="since">Since 5.6.0</span>. The following is an example
@@ -370,17 +364,50 @@ Secret 6dd3e4a5-1d76-44ce-961f-f119f5aad935 created
       Once the secret is defined, a secret value will need to be set. The
       secret would be the passphrase used to decrypt the vTPM state.
       The following is a simple example of using
-      <code>virsh secret-set-value</code> to set the secret value. The
+      <code><a href="#settingSecrets">virsh secret-set-value</a></code>
+      to set the secret value. The
       <a href="html/libvirt-libvirt-secret.html#virSecretSetValue">
       <code>virSecretSetValue</code></a> API may also be used to set
       a more secure secret without using printable/readable characters.
     </p>
 
+    <h2><a id="settingSecrets">Setting secret values in virsh</a></h2>
+
+    <p>
+      To set the value of the secret you can use the following virsh commands.
+      If the secret is a password-like string (printable characters, no newline)
+      you can use:
+    </p>
+    <pre>
+# virsh secret-set-value --interactive 6dd3e4a5-1d76-44ce-961f-f119f5aad935
+Enter new value for secret:
+Secret value set
+    </pre>
+
+    <p>
+      Another secure option is to read the secret from a file. This way the
+      secret can contain any bytes (even NUL and non-printable characters). The
+      length of the secret is the length of the input file. Alternatively the
+      <code>--plain</code> option can be omitted if the file contents are
+      base64-encoded.
+    </p>
+
+    <pre>
+# virsh secret-set-value 6dd3e4a5-1d76-44ce-961f-f119f5aad935 --file --plain secretinfile
+Secret value set
+    </pre>
+
+    <p>
+      <b>WARNING</b> The following approach is <b>insecure</b> and deprecated.
+      The secret can also be set via an argument. Note that other users may see
+      the actual secret in the process listing!
+      The secret must be base64 encoded.
+    </p>
+
     <pre>
 # MYSECRET=`printf %s "open sesame" | base64`
 # virsh secret-set-value 6dd3e4a5-1d76-44ce-961f-f119f5aad935 $MYSECRET
 Secret value set
-
     </pre>
 
   </body>

docs/genaclperms.pl

@@ -1,125 +0,0 @@
-#!/usr/bin/env perl
-#
-# Copyright (C) 2013 Red Hat, Inc.
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library.  If not, see
-# <http://www.gnu.org/licenses/>.
-#
-
-use strict;
-use warnings;
-
-my @objects = (
-    "CONNECT", "DOMAIN", "INTERFACE",
-    "NETWORK_PORT", "NETWORK", "NODE_DEVICE",
-    "NWFILTER_BINDING", "NWFILTER",
-     "SECRET", "STORAGE_POOL", "STORAGE_VOL",
-    );
-
-my %class;
-
-foreach my $object (@objects) {
-    my $class = lc $object;
-
-    $class =~ s/(^\w|_\w)/uc $1/eg;
-    $class =~ s/_//g;
-    $class =~ s/Nwfilter/NWFilter/;
-    $class = "vir" . $class . "Ptr";
-
-    $class{$object} = $class;
-}
-
-my $objects = join ("|", @objects);
-
-my %opts;
-my $in_opts = 0;
-
-my %perms;
-
-while (<>) {
-    if ($in_opts) {
-        if (m,\*/,) {
-            $in_opts = 0;
-        } elsif (/\*\s*\@(\w+):\s*(.*?)\s*$/) {
-            $opts{$1} = $2;
-        }
-    } elsif (m,/\*\*,) {
-        $in_opts = 1;
-    } elsif (/VIR_ACCESS_PERM_($objects)_((?:\w|_)+),/) {
-        my $object = $1;
-        my $perm = lc $2;
-        next if $perm eq "last";
-
-        $perm =~ s/_/-/g;
-
-        $perms{$object} = {} unless exists $perms{$object};
-        $perms{$object}->{$perm} = {
-            desc => $opts{desc},
-            message => $opts{message},
-            anonymous => $opts{anonymous}
-        };
-        %opts = ();
-    }
-}
-
-print <<EOF;
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-EOF
-
-foreach my $object (sort { $a cmp $b } keys %perms) {
-    my $class = $class{$object};
-    my $olink = lc "object_" . $object;
-    print <<EOF;
-<h3><a name="$olink">$class</a></h3>
-<table class="acl">
-  <thead>
-    <tr>
-      <th>Permission</th>
-      <th>Description</th>
-    </tr>
-  </thead>
-  <tbody>
-EOF
-
-    foreach my $perm (sort { $a cmp $b } keys %{$perms{$object}}) {
-        my $description = $perms{$object}->{$perm}->{desc};
-
-        die "missing description for $object.$perm" unless
-            defined $description;
-
-        my $plink = lc "perm_" . $object . "_" . $perm;
-        $plink =~ s/-/_/g;
-
-        print <<EOF;
-    <tr>
-      <td><a name="$plink">$perm</a></td>
-      <td>$description</td>
-    </tr>
-EOF
-
-    }
-
-    print <<EOF;
-  </tbody>
-</table>
-EOF
-}
-
-print <<EOF;
-  </body>
-</html>
-EOF

docs/generic.css

@@ -72,11 +72,11 @@ h6 {
   font-size: 0.8em;
 }
 
-code, pre {
+code, pre, tt {
   font-family: LibvirtOverpassMono;
 }
 
-dd code, p code {
+dd code, p code, tt {
   background-color: #eeeeee;
 }
 

docs/gitdm/aliases

@@ -2,6 +2,7 @@
 
 "jdenemar redhat com" jdenemar@redhat.com
 "pkrempa@redhat st.com" pkrempa@redhat.com
+berrange@localhost.localdomain berrange@redhat.com
 jyang@redhat jyang@redhat.com
 wangjie88.huawei.com wangjie88@huawei.com
 

docs/gitdm/companies/ibm

@@ -0,0 +1,7 @@
+ibm.com
+
+# These IBM employees used their personal email address when contributing
+# to libvirt and we don't have the corresponding @ibm.com address on file.
+
+danielhb413@gmail.com
+jcfaracco@gmail.com

docs/gitdm/companies/others

@@ -8,15 +8,20 @@ aristanetworks.com Arista Networks
 arpnetworks.com ARP Networks
 av-test.de AV-TEST
 b1-systems.de B1 Systems
+baidu.com Baidu
 brightbox.co.uk Brightbox
+bytedance.com ByteDance
 cisco.com Cisco
 citrix.com Citrix
 cloudwatt.com Cloudwatt
+cmss.chinamobile.com China Mobile
 codethink.co.uk Codethink
+crudebyte.com Crudebyte
 cumulusnetworks.com Cumulus Networks
 dataductus.se Data Ductus
 datagravity.com DataGravity
 dell.com Dell
+designassembly.de Coffee-Break-Games
 diateam.net DIATEAM
 eldorado.org.br ELDORADO
 endocode.com Endocode
@@ -35,11 +40,13 @@ hitachi.com Hitachi
 hoster-ok.com hoster-ok.com
 hp.com HP
 huawei.com Huawei
-ibm.com IBM
+hupstream.com hupstream
+hygon.cn Hygon
 inktank.com Inktank Storage
 intel.com Intel
 intellilink.co.jp NTT DATA INTELLILINK
 invisiblethingslab.com Invisible Things Lab
+ixsystems.com iXsystems
 jtan.com JTAN
 juniper.net Juniper Networks
 laposte.net La Poste
@@ -49,7 +56,6 @@ linutronix.de Linutronix
 linux2go.dk Linux2Go
 liquidweb.com Liquid Web
 massclouds.com MassClouds
-designassembly.de Coffee-Break-Games
 mellanox.com Mellanox
 midokura.com Midokura
 mirantis.com Mirantis
@@ -60,6 +66,7 @@ nicira.com Nicira
 nimboxx.com NIMBOXX
 novell.com Novell
 ntt.co.jp NTT Group
+nutanix.com Nutanix
 ohmu.fi OHMU
 open-minds.org OpenThink
 oracle.com Oracle
@@ -78,6 +85,7 @@ smartjog.com SmartJog
 solarflare.com Solarflare
 ssatr.ch Swiss Satellite Radio
 sun.com Sun Microsystems
+tabit.pro Tabit
 taobao.com Taobao
 tdf.fr TDF
 tencent.com Tencent

docs/gitdm/groups/opensource

@@ -10,3 +10,4 @@ linux.com
 openbsd.org
 salasaga.org
 samba.org
+sdf.org

docs/gitdm/groups/unaffiliated

@@ -1,3 +1,8 @@
+# This domain will show up because of a mistake, and for that reason we
+# can't really pin it to a specific company or community, so here it is :)
+
+example.com
+
 # These are all domains you can get a personal email address from, so it's
 # fair to assume people using such addresses are contributing in their spare
 # time rather than on behalf of their respective employers.
@@ -5,10 +10,12 @@
 126.com
 gmail.com
 gmx.com
+gmx.de
 googlemail.com
 hotmail.com
 mail.ru
 pobox.com
+protonmail.com
 riseup.net
 web.de
 yahoo.com
@@ -18,10 +25,12 @@ yahoo.com
 # addresses directly rather than just the domain, because we can't really
 # consider the domain itself one way or the other.
 
+=@eater.me
 adam@pandorasboxen.com
 agx@sigxcpu.org
 alexander.nusov@nfvexpress.com
 andres@lagarcavilla.org
+andrew@interpretmath.pw
 asad.saeed@acidseed.com
 atler@pld-linux.org
 benoar@dolka.fr
@@ -38,6 +47,7 @@ exo@tty.sk
 fritz@fritz-elfert.de
 gene@czarc.net
 gordon@dragonsdawn.net
+gregor@kopka.net
 heathpetersen@kandre.com
 ibaldo@adinet.com.uy
 igor47@moomers.org

docs/glib-adoption.rst

@@ -0,0 +1,96 @@
+=====================
+Adoption of GLib APIs
+=====================
+
+Libvirt has adopted use of the `GLib
+library <https://developer.gnome.org/glib/stable/>`__. Due to
+libvirt's long history of development, there are many APIs in
+libvirt, for which GLib provides an alternative solution. The
+general rule to follow is that the standard GLib solution will be
+preferred over historical libvirt APIs. Existing code will be
+ported over to use GLib APIs over time, but new code should use
+the GLib APIs straight away where possible.
+
+The following is a list of libvirt APIs that should no longer be
+used in new code, and their suggested GLib replacements:
+
+``VIR_ALLOC``, ``VIR_REALLOC``, ``VIR_RESIZE_N``, ``VIR_EXPAND_N``, ``VIR_SHRINK_N``, ``VIR_FREE``, ``VIR_APPEND_ELEMENT``, ``VIR_INSERT_ELEMENT``, ``VIR_DELETE_ELEMENT``
+   Prefer the GLib APIs ``g_new0``/``g_renew``/ ``g_free`` in most
+   cases. There should rarely be a need to use
+   ``g_malloc``/``g_realloc``. Instead of using plain C arrays, it
+   is preferrable to use one of the GLib types, ``GArray``,
+   ``GPtrArray`` or ``GByteArray``. These all use a struct to
+   track the array memory and size together and efficiently
+   resize. **NEVER MIX** use of the classic libvirt memory
+   allocation APIs and GLib APIs within a single method. Keep the
+   style consistent, converting existing code to GLib style in a
+   separate, prior commit.
+``virStrerror``
+   The GLib ``g_strerror()`` function should be used instead,
+   which has a simpler calling convention as an added benefit.
+
+The following libvirt APIs have been deleted already:
+
+``VIR_AUTOPTR``, ``VIR_AUTOCLEAN``, ``VIR_AUTOFREE``
+   The GLib macros ``g_autoptr``, ``g_auto`` and ``g_autofree``
+   must be used instead in all new code. In existing code, the
+   GLib macros must never be mixed with libvirt macros within a
+   method, nor should they be mixed with ``VIR_FREE``. If
+   introducing GLib macros to an existing method, any use of
+   libvirt macros must be converted in an independent commit.
+``VIR_DEFINE_AUTOPTR_FUNC``, ``VIR_DEFINE_AUTOCLEAN_FUNC``
+   The GLib macros ``G_DEFINE_AUTOPTR_CLEANUP_FUNC`` and
+   ``G_DEFINE_AUTO_CLEANUP_CLEAR_FUNC`` must be used in all new
+   code. Existing code should be converted to the new macros where
+   relevant. It is permissible to use ``g_autoptr``, ``g_auto`` on
+   an object whose cleanup function is declared with the libvirt
+   macros and vice-versa.
+``VIR_AUTOUNREF``
+   The GLib macros ``g_autoptr`` and
+   ``G_DEFINE_AUTOPTR_CLEANUP_FUNC`` should be used to manage
+   autoclean of virObject classes. This matches usage with GObject
+   classes.
+``VIR_STRDUP``, ``VIR_STRNDUP``
+   Prefer the GLib APIs ``g_strdup`` and ``g_strndup``.
+
++-------------------------------+--------------------------------------+-------------------------------------------+
+| deleted version               | GLib version                         | Notes                                     |
++===============================+======================================+===========================================+
+| ``VIR_AUTOPTR``               | ``g_autoptr``                        |                                           |
++-------------------------------+--------------------------------------+-------------------------------------------+
+| ``VIR_AUTOCLEAN``             | ``g_auto``                           |                                           |
++-------------------------------+--------------------------------------+-------------------------------------------+
+| ``VIR_AUTOFREE``              | ``g_autofree``                       | The GLib version does not use parentheses |
++-------------------------------+--------------------------------------+-------------------------------------------+
+| ``VIR_AUTOUNREF``             | ``g_autoptr``                        | The cleanup function needs to be defined  |
++-------------------------------+--------------------------------------+-------------------------------------------+
+| ``VIR_DEFINE_AUTOPTR_FUNC``   | ``G_DEFINE_AUTOPTR_CLEANUP_FUNC``    |                                           |
++-------------------------------+--------------------------------------+-------------------------------------------+
+| ``VIR_DEFINE_AUTOCLEAN_FUNC`` | ``G_DEFINE_AUTO_CLEANUP_CLEAR_FUNC`` |                                           |
++-------------------------------+--------------------------------------+-------------------------------------------+
+| ``VIR_STEAL_PTR``             | ``g_steal_pointer``                  | ``a = f(&b)`` instead of ``f(a, b)``      |
++-------------------------------+--------------------------------------+-------------------------------------------+
+| ``VIR_RETURN_PTR``            | ``return g_steal_pointer``           |                                           |
++-------------------------------+--------------------------------------+-------------------------------------------+
+| ``ARRAY_CARDINALITY``         | ``G_N_ELEMENTS``                     |                                           |
++-------------------------------+--------------------------------------+-------------------------------------------+
+| ``ATTRIBUTE_FALLTHROUGH``     | ``G_GNUC_FALLTHROUGH``               |                                           |
++-------------------------------+--------------------------------------+-------------------------------------------+
+| ``ATTRIBUTE_FMT_PRINTF``      | ``G_GNUC_PRINTF``                    |                                           |
++-------------------------------+--------------------------------------+-------------------------------------------+
+| ``ATTRIBUTE_NOINLINE``        | ``G_GNUC_NO_INLINE``                 |                                           |
++-------------------------------+--------------------------------------+-------------------------------------------+
+| ``ATTRIBUTE_NORETURN``        | ``G_GNUC_NORETURN``                  |                                           |
++-------------------------------+--------------------------------------+-------------------------------------------+
+| ``ATTRIBUTE_RETURN_CHECK``    | ``G_GNUC_WARN_UNUSED_RESULT``        |                                           |
++-------------------------------+--------------------------------------+-------------------------------------------+
+| ``ATTRIBUTE_SENTINEL``        | ``G_GNUC_NULL_TERMINATED``           |                                           |
++-------------------------------+--------------------------------------+-------------------------------------------+
+| ``ATTRIBUTE_UNUSED``          | ``G_GNUC_UNUSED``                    |                                           |
++-------------------------------+--------------------------------------+-------------------------------------------+
+| ``VIR_STRDUP``                | ``g_strdup``                         |                                           |
++-------------------------------+--------------------------------------+-------------------------------------------+
+| ``VIR_STRNDUP``               | ``g_strndup``                        |                                           |
++-------------------------------+--------------------------------------+-------------------------------------------+
+| ``virStrerror``               | ``g_strerror``                       |                                           |
++-------------------------------+--------------------------------------+-------------------------------------------+

docs/hacking.rst

@@ -0,0 +1,79 @@
+============
+Contributing
+============
+
+These are the basics steps you need to follow to contribute to
+libvirt.
+
+Repositories and external resources
+===================================
+
+The official upstream repository is kept in git
+(``https://libvirt.org/git/libvirt.git``) and is browsable
+along with other libvirt-related repositories (e.g.
+libvirt-python) `online <https://libvirt.org/git/>`__.
+
+Patches to translations are maintained via the `zanata
+project <https://fedora.zanata.org/>`__. If you want to fix a
+translation in a .po file, join the appropriate language team.
+The libvirt release process automatically pulls the latest
+version of each translation file from zanata.
+
+Preparing patches
+=================
+
+Make sure your patches apply against libvirt git. Developers
+only follow git and don't care much about released versions.
+
+Run the automated tests on your code before submitting any
+changes. That is:
+
+::
+
+  $ make check
+  $ make syntax-check
+
+These tests help making sure that your changes don't introduce
+regressions in libvirt, as well as validating that any new code
+follows the project's `coding style <coding-style.html>`__.
+
+If you're going to submit multiple patches, the automated tests
+must pass **after each patch**, not just after the last one.
+
+Update tests and/or documentation, particularly if you are
+adding a new feature or changing the output of a program, and
+don't forget to update the `release notes <news.html>`__ if your
+changes are significant and user-visible.
+
+Submitting patches
+==================
+
+Libvirt uses a mailing list based development workflow.
+
+While preparing your patches for submissions, make sure you
+follow the `best practices <best-practices.html>`__ and, once
+you're satisfied with the result, go ahead and
+`submit your patches <submitting-patches.html>`__.
+
+Developer Certificate of Origin
+===============================
+
+Contributors to libvirt projects **must** assert that they are
+in compliance with the `Developer Certificate of Origin
+1.1 <https://developercertificate.org/>`__. This is achieved by
+adding a "Signed-off-by" line containing the contributor's name
+and e-mail to every commit message. The presence of this line
+attests that the contributor has read the above lined DCO and
+agrees with its statements.
+
+Further reading
+===============
+
+This page only covers the very basics, so it's recommended that
+you also take a look at the following documents:
+
+-  `Programming languages <programming-languages.html>`__
+-  `Developer tooling <developer-tooling.html>`__
+-  `Advanced test suite usage <advanced-tests.html>`__
+-  `Adoption of GLib APIs <glib-adoption.html>`__
+-  `Committer guidelines <committer-guidelines.html>`__

docs/hvsupport.pl

@@ -1,458 +0,0 @@
-#!/usr/bin/env perl
-
-use strict;
-use warnings;
-
-use File::Find;
-
-die "syntax: $0 SRCDIR\n" unless int(@ARGV) == 1;
-
-my $srcdir = shift @ARGV;
-
-my $symslibvirt = "$srcdir/libvirt_public.syms";
-my $symsqemu = "$srcdir/libvirt_qemu.syms";
-my $symslxc = "$srcdir/libvirt_lxc.syms";
-my @drivertable = (
-    "$srcdir/driver-hypervisor.h",
-    "$srcdir/driver-interface.h",
-    "$srcdir/driver-network.h",
-    "$srcdir/driver-nodedev.h",
-    "$srcdir/driver-nwfilter.h",
-    "$srcdir/driver-secret.h",
-    "$srcdir/driver-state.h",
-    "$srcdir/driver-storage.h",
-    "$srcdir/driver-stream.h",
-    );
-
-my %groupheaders = (
-    "virHypervisorDriver" => "Hypervisor APIs",
-    "virNetworkDriver" => "Virtual Network APIs",
-    "virInterfaceDriver" => "Host Interface APIs",
-    "virNodeDeviceDriver" => "Host Device APIs",
-    "virStorageDriver" => "Storage Pool APIs",
-    "virSecretDriver" => "Secret APIs",
-    "virNWFilterDriver" => "Network Filter APIs",
-    );
-
-
-my @srcs;
-find({
-    wanted => sub {
-        if (m!$srcdir/.*/\w+_(driver|common|tmpl|monitor|hal|udev)\.c$!) {
-            push @srcs, $_ if $_ !~ /vbox_driver\.c/;
-        }
-    }, no_chdir => 1}, $srcdir);
-
-# Map API functions to the header and documentation files they're in
-# so that we can generate proper hyperlinks to their documentation.
-#
-# The function names are grep'd from the XML output of apibuild.py.
-sub getAPIFilenames {
-    my $filename = shift;
-
-    my %files;
-    my $line;
-
-    open FILE, "<", $filename or die "cannot read $filename: $!";
-
-    while (defined($line = <FILE>)) {
-        if ($line =~ /function name='([^']+)' file='([^']+)'/) {
-            $files{$1} = $2;
-        }
-    }
-
-    close FILE;
-
-    if (keys %files == 0) {
-        die "No functions found in $filename. Has the apibuild.py output changed?";
-    }
-    return \%files;
-}
-
-sub parseSymsFile {
-    my $apisref = shift;
-    my $prefix = shift;
-    my $filename = shift;
-    my $xmlfilename = shift;
-
-    my $line;
-    my $vers;
-    my $prevvers;
-
-    my $filenames = getAPIFilenames($xmlfilename);
-
-    open FILE, "<$filename"
-        or die "cannot read $filename: $!";
-
-    while (defined($line = <FILE>)) {
-        chomp $line;
-        next if $line =~ /^\s*#/;
-        next if $line =~ /^\s*$/;
-        next if $line =~ /^\s*(global|local):/;
-        if ($line =~ /^\s*${prefix}_(\d+\.\d+\.\d+)\s*{\s*$/) {
-            if (defined $vers) {
-                die "malformed syms file";
-            }
-            $vers = $1;
-        } elsif ($line =~ /\s*}\s*;\s*$/) {
-            if (defined $prevvers) {
-                die "malformed syms file";
-            }
-            $prevvers = $vers;
-            $vers = undef;
-        } elsif ($line =~ /\s*}\s*${prefix}_(\d+\.\d+\.\d+)\s*;\s*$/) {
-            if ($1 ne $prevvers) {
-                die "malformed syms file $1 != $vers";
-            }
-            $prevvers = $vers;
-            $vers = undef;
-        } elsif ($line =~ /\s*(\w+)\s*;\s*$/) {
-            $$apisref{$1} = {};
-            $$apisref{$1}->{vers} = $vers;
-            $$apisref{$1}->{file} = $$filenames{$1};
-        } else {
-            die "unexpected data $line\n";
-        }
-    }
-
-    close FILE;
-}
-
-my %apis;
-# Get the list of all public APIs and their corresponding version
-parseSymsFile(\%apis, "LIBVIRT", $symslibvirt, "$srcdir/../docs/libvirt-api.xml");
-
-# And the same for the QEMU specific APIs
-parseSymsFile(\%apis, "LIBVIRT_QEMU", $symsqemu, "$srcdir/../docs/libvirt-qemu-api.xml");
-
-# And the same for the LXC specific APIs
-parseSymsFile(\%apis, "LIBVIRT_LXC", $symslxc, "$srcdir/../docs/libvirt-lxc-api.xml");
-
-
-# Some special things which aren't public APIs,
-# but we want to report
-$apis{virConnectSupportsFeature}->{vers} = "0.3.2";
-$apis{virDomainMigratePrepare}->{vers} = "0.3.2";
-$apis{virDomainMigratePerform}->{vers} = "0.3.2";
-$apis{virDomainMigrateFinish}->{vers} = "0.3.2";
-$apis{virDomainMigratePrepare2}->{vers} = "0.5.0";
-$apis{virDomainMigrateFinish2}->{vers} = "0.5.0";
-$apis{virDomainMigratePrepareTunnel}->{vers} = "0.7.2";
-
-$apis{virDomainMigrateBegin3}->{vers} = "0.9.2";
-$apis{virDomainMigratePrepare3}->{vers} = "0.9.2";
-$apis{virDomainMigratePrepareTunnel3}->{vers} = "0.9.2";
-$apis{virDomainMigratePerform3}->{vers} = "0.9.2";
-$apis{virDomainMigrateFinish3}->{vers} = "0.9.2";
-$apis{virDomainMigrateConfirm3}->{vers} = "0.9.2";
-
-$apis{virDomainMigrateBegin3Params}->{vers} = "1.1.0";
-$apis{virDomainMigratePrepare3Params}->{vers} = "1.1.0";
-$apis{virDomainMigratePrepareTunnel3Params}->{vers} = "1.1.0";
-$apis{virDomainMigratePerform3Params}->{vers} = "1.1.0";
-$apis{virDomainMigrateFinish3Params}->{vers} = "1.1.0";
-$apis{virDomainMigrateConfirm3Params}->{vers} = "1.1.0";
-
-
-
-# Now we want to get the mapping between public APIs
-# and driver struct fields. This lets us later match
-# update the driver impls with the public APis.
-
-my $line;
-
-# Group name -> hash of APIs { fields -> api name }
-my %groups;
-my $ingrp;
-foreach my $drivertable (@drivertable) {
-    open FILE, "<$drivertable"
-        or die "cannot read $drivertable: $!";
-
-    while (defined($line = <FILE>)) {
-        if ($line =~ /struct _(vir\w*Driver)/) {
-            my $grp = $1;
-            if ($grp ne "virStateDriver" &&
-                $grp ne "virStreamDriver") {
-                $ingrp = $grp;
-                $groups{$ingrp} = { apis => {}, drivers => {} };
-            }
-        } elsif ($ingrp) {
-            if ($line =~ /^\s*vir(?:Drv)(\w+)\s+(\w+);\s*$/) {
-                my $field = $2;
-                my $name = $1;
-
-                my $api;
-                if (exists $apis{"vir$name"}) {
-                    $api = "vir$name";
-                } elsif ($name =~ /\w+(Open|Close|URIProbe)/) {
-                    next;
-                } else {
-                    die "driver $name does not have a public API";
-                }
-                $groups{$ingrp}->{apis}->{$field} = $api;
-            } elsif ($line =~ /};/) {
-                $ingrp = undef;
-            }
-        }
-    }
-
-    close FILE;
-}
-
-
-# Finally, we read all the primary driver files and extract
-# the driver API tables from each one.
-
-foreach my $src (@srcs) {
-    open FILE, "<$src" or
-        die "cannot read $src: $!";
-
-    my $groups_regex = join("|", keys %groups);
-    $ingrp = undef;
-    my $impl;
-    while (defined($line = <FILE>)) {
-        if (!$ingrp) {
-            # skip non-matching lines early to save time
-            next if not $line =~ /$groups_regex/;
-
-            if ($line =~ /^\s*(?:static\s+)?($groups_regex)\s+(\w+)\s*=\s*{/ ||
-                $line =~ /^\s*(?:static\s+)?($groups_regex)\s+NAME\(\w+\)\s*=\s*{/) {
-                $ingrp = $1;
-                $impl = $src;
-
-                if ($impl =~ m,.*/node_device_(\w+)\.c,) {
-                    $impl = $1;
-                } else {
-                    $impl =~ s,.*/(\w+?)_((\w+)_)?(\w+)\.c,$1,;
-                }
-
-                if ($groups{$ingrp}->{drivers}->{$impl}) {
-                    die "Group $ingrp already contains $impl";
-                }
-
-                $groups{$ingrp}->{drivers}->{$impl} = {};
-            }
-
-        } else {
-            if ($line =~ m!\s*\.(\w+)\s*=\s*(\w+)\s*,?\s*(?:/\*\s*(\d+\.\d+\.\d+)\s*(?:-\s*(\d+\.\d+\.\d+))?\s*\*/\s*)?$!) {
-                my $api = $1;
-                my $meth = $2;
-                my $vers = $3;
-                my $deleted = $4;
-
-                next if $api eq "no" || $api eq "name";
-
-                if ($meth eq "NULL" && !defined $deleted) {
-                    die "Method impl for $api is NULL, but no deleted version is provided";
-                }
-                if ($meth ne "NULL" && defined $deleted) {
-                    die "Method impl for $api is non-NULL, but deleted version is provided";
-                }
-
-                die "Method $meth in $src is missing version" unless defined $vers || $api eq "connectURIProbe";
-
-                if (!exists($groups{$ingrp}->{apis}->{$api})) {
-                    next if $api =~ /\w(Open|Close|URIProbe)/;
-
-                    die "Found unexpected method $api in $ingrp\n";
-                }
-
-                $groups{$ingrp}->{drivers}->{$impl}->{$api} = {};
-                $groups{$ingrp}->{drivers}->{$impl}->{$api}->{vers} = $vers;
-                $groups{$ingrp}->{drivers}->{$impl}->{$api}->{deleted}  = $deleted;
-                if ($api eq "domainMigratePrepare" ||
-                    $api eq "domainMigratePrepare2" ||
-                    $api eq "domainMigratePrepare3") {
-                    if (!$groups{$ingrp}->{drivers}->{$impl}->{"domainMigrate"}) {
-                        $groups{$ingrp}->{drivers}->{$impl}->{"domainMigrate"} = {};
-                        $groups{$ingrp}->{drivers}->{$impl}->{"domainMigrate"}->{vers} = $vers;
-                    }
-                }
-
-            } elsif ($line =~ /}/) {
-                $ingrp = undef;
-            }
-        }
-    }
-
-    close FILE;
-}
-
-
-# The '.open' driver method is used for 3 public APIs, so we
-# have a bit of manual fixup todo with the per-driver versioning
-# and support matrix
-
-$groups{virHypervisorDriver}->{apis}->{"openAuth"} = "virConnectOpenAuth";
-$groups{virHypervisorDriver}->{apis}->{"openReadOnly"} = "virConnectOpenReadOnly";
-$groups{virHypervisorDriver}->{apis}->{"domainMigrate"} = "virDomainMigrate";
-
-my $openAuthVers = (0 * 1000 * 1000) + (4 * 1000) + 0;
-
-foreach my $drv (keys %{$groups{"virHypervisorDriver"}->{drivers}}) {
-    my $openVersStr = $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"connectOpen"}->{vers};
-    my $openVers;
-    if ($openVersStr =~ /(\d+)\.(\d+)\.(\d+)/) {
-        $openVers = ($1 * 1000 * 1000) + ($2 * 1000) + $3;
-    }
-
-    # virConnectOpenReadOnly always matches virConnectOpen version
-    $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"connectOpenReadOnly"} =
-        $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"connectOpen"};
-
-    $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"connectOpenAuth"} = {};
-
-    # virConnectOpenAuth is always 0.4.0 if the driver existed
-    # before this time, otherwise it matches the version of
-    # the driver's virConnectOpen entry
-    if ($openVersStr eq "Y" ||
-        $openVers >= $openAuthVers) {
-        $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"connectOpenAuth"}->{vers} = $openVersStr;
-    } else {
-        $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"connectOpenAuth"}->{vers} = "0.4.0";
-    }
-}
-
-
-# Another special case for the virDomainCreateLinux which was replaced
-# with virDomainCreateXML
-$groups{virHypervisorDriver}->{apis}->{"domainCreateLinux"} = "virDomainCreateLinux";
-
-my $createAPIVers = (0 * 1000 * 1000) + (0 * 1000) + 3;
-
-foreach my $drv (keys %{$groups{"virHypervisorDriver"}->{drivers}}) {
-    my $createVersStr = $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"domainCreateXML"}->{vers};
-    next unless defined $createVersStr;
-    my $createVers;
-    if ($createVersStr =~ /(\d+)\.(\d+)\.(\d+)/) {
-        $createVers = ($1 * 1000 * 1000) + ($2 * 1000) + $3;
-    }
-
-    $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"domainCreateLinux"} = {};
-
-    # virCreateLinux is always 0.0.3 if the driver existed
-    # before this time, otherwise it matches the version of
-    # the driver's virCreateXML entry
-    if ($createVersStr eq "Y" ||
-        $createVers >= $createAPIVers) {
-        $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"domainCreateLinux"}->{vers} = $createVersStr;
-    } else {
-        $groups{"virHypervisorDriver"}->{drivers}->{$drv}->{"domainCreateLinux"}->{vers} = "0.0.3";
-    }
-}
-
-
-# Finally we generate the HTML file with the tables
-
-print <<EOF;
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-<body class="hvsupport">
-<h1>libvirt API support matrix</h1>
-
-<ul id="toc"></ul>
-
-<p>
-This page documents which <a href="html/">libvirt calls</a> work on
-which libvirt drivers / hypervisors, and which version the API appeared
-in. If a hypervisor driver later dropped support for the API, the version
-when it was removed is also mentioned (highlighted in
-<span class="removedhv">dark red</span>).
-</p>
-
-EOF
-
-    foreach my $grp (sort { $a cmp $b } keys %groups) {
-    print "<h2><a name=\"$grp\">", $groupheaders{$grp}, "</a></h2>\n";
-    print <<EOF;
-<table class="top_table">
-<thead>
-<tr>
-<th>API</th>
-<th>Version</th>
-EOF
-
-    foreach my $drv (sort { $a cmp $b } keys %{$groups{$grp}->{drivers}}) {
-        print "  <th>$drv</th>\n";
-    }
-
-    print <<EOF;
-</tr>
-</thead>
-<tbody>
-EOF
-
-    my $row = 0;
-    foreach my $field (sort {
-        $groups{$grp}->{apis}->{$a}
-        cmp
-        $groups{$grp}->{apis}->{$b}
-        } keys %{$groups{$grp}->{apis}}) {
-        my $api = $groups{$grp}->{apis}->{$field};
-        my $vers = $apis{$api}->{vers};
-        my $htmlgrp = $apis{$api}->{file};
-        print <<EOF;
-<tr>
-<td>
-EOF
-
-        if (defined $htmlgrp) {
-            print <<EOF;
-<a href=\"html/libvirt-$htmlgrp.html#$api\">$api</a>
-EOF
-
-        } else {
-            print $api;
-        }
-        print <<EOF;
-</td>
-<td>$vers</td>
-EOF
-
-        foreach my $drv (sort {$a cmp $b } keys %{$groups{$grp}->{drivers}}) {
-            print "<td>";
-            if (exists $groups{$grp}->{drivers}->{$drv}->{$field}) {
-                if ($groups{$grp}->{drivers}->{$drv}->{$field}->{vers}) {
-                    print $groups{$grp}->{drivers}->{$drv}->{$field}->{vers};
-                }
-                if ($groups{$grp}->{drivers}->{$drv}->{$field}->{deleted}) {
-                    print " - <span class=\"removedhv\">", $groups{$grp}->{drivers}->{$drv}->{$field}->{deleted}, "</span>";
-                }
-            }
-            print "</td>\n";
-        }
-
-        print <<EOF;
-</tr>
-EOF
-
-        $row++;
-        if (($row % 15) == 0) {
-            print <<EOF;
-<tr>
-<th>API</th>
-<th>Version</th>
-EOF
-
-            foreach my $drv (sort { $a cmp $b } keys %{$groups{$grp}->{drivers}}) {
-                print "  <th>$drv</th>\n";
-            }
-
-        print <<EOF;
-</tr>
-EOF
-        }
-
-    }
-
-    print <<EOF;
-</tbody>
-</table>
-EOF
-}
-
-print <<EOF;
-</body>
-</html>
-EOF

docs/index.html.in

@@ -59,7 +59,8 @@
           <a href="formatnode.html">node devices</a>,
           <a href="formatsecret.html">secrets</a>,
           <a href="formatsnapshot.html">snapshots</a>,
-          <a href="formatcheckpoint.html">checkpoints</a></dd>
+          <a href="formatcheckpoint.html">checkpoints</a>,
+          <a href="formatbackup.html">backup jobs</a></dd>
         <dt><a href="http://wiki.libvirt.org">Wiki</a></dt>
         <dd>Read further community contributed content</dd>
       </dl>

docs/internals/command.html.in

@@ -226,7 +226,9 @@ virCommandSetPidFile(cmd, "/var/run/dnsmasq.pid");
 
     <p>
       This PID file is guaranteed to be written before
-      the intermediate process exits.
+      the intermediate process exits. Moreover, the daemonized
+      process will inherit the FD of the opened and locked PID
+      file.
     </p>
 
     <h3><a id="privs">Reducing command privileges</a></h3>

docs/internals/oomtesting.html.in

@@ -1,213 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Out of memory testing</h1>
-
-    <ul id="toc"></ul>
-
-
-    <p>
-      This page describes how to use the test suite todo out of memory
-      testing.
-    </p>
-
-    <h2>Building with OOM testing</h2>
-
-    <p>
-      Since OOM testing requires hooking into the malloc APIs, it is
-      not enabled by default. The flag <code>--enable-test-oom</code>
-      must be given to <code>configure</code>. When this is done the
-      libvirt allocation APIs will have some hooks enabled.
-    </p>
-
-    <pre>
-$ ./configure --enable-test-oom
-</pre>
-
-
-    <h2><a id="basicoom">Basic OOM testing support</a></h2>
-
-    <p>
-      The first step in validating OOM usage is to run a test suite
-      with full OOM testing enabled. This is done by setting the
-      <code>VIR_TEST_OOM=1</code> environment variable. The way this
-      works is that it runs the test once normally to "prime" any
-      static memory allocations. Then it runs it once more counting
-      the total number of memory allocations. Then it runs it in a
-      loop failing a different memory allocation each time. For every
-      memory allocation failure triggered, it expects the test case
-      to return an error. OOM testing is quite slow requiring each
-      test case to be executed O(n) times, where 'n' is the total
-      number of memory allocations. This results in a total number
-      of memory allocations of '(n * (n + 1) ) / 2'
-    </p>
-
-    <pre>
-$ VIR_TEST_OOM=1 ./qemuxml2argvtest
- 1) QEMU XML-2-ARGV minimal                                           ... OK
-    Test OOM for nalloc=42 .......................................... OK
- 2) QEMU XML-2-ARGV minimal-s390                                      ... OK
-    Test OOM for nalloc=28 ............................ OK
- 3) QEMU XML-2-ARGV machine-aliases1                                  ... OK
-    Test OOM for nalloc=38 ...................................... OK
- 4) QEMU XML-2-ARGV machine-aliases2                                  ... OK
-    Test OOM for nalloc=38 ...................................... OK
- 5) QEMU XML-2-ARGV machine-core-on                                   ... OK
-    Test OOM for nalloc=37 ..................................... OK
-...snip...
-</pre>
-
-    <p>
-      In this output, the first line shows the normal execution and
-      the test number, and the second line shows the total number
-      of memory allocations from that test case.
-    </p>
-
-    <h3><a id="valgrind">Tracking failures with valgrind</a></h3>
-
-    <p>
-      The test suite should obviously *not* crash during OOM testing.
-      If it does crash, then to assist in tracking down the problem
-      it is worth using valgrind and only running a single test case.
-      For example, supposing test case 5 crashed. Then re-run the
-      test with
-    </p>
-
-    <pre>
-$ VIR_TEST_OOM=1 VIR_TEST_RANGE=5 ../run valgrind ./qemuxml2argvtest
-...snip...
- 5) QEMU XML-2-ARGV machine-core-on                                   ... OK
-    Test OOM for nalloc=37 ..................................... OK
-...snip...
-    </pre>
-
-    <p>
-      Valgrind should report the cause of the crash - for example a
-      double free or use of uninitialized memory or NULL pointer
-      access.
-    </p>
-
-    <h3><a id="stacktraces">Tracking failures with stack traces</a></h3>
-
-    <p>
-      With some really difficult bugs valgrind is not sufficient to
-      identify the cause. In this case, it is useful to identify the
-      precise allocation which was failed, to allow the code path
-      to the error to be traced. The <code>VIR_TEST_OOM</code>
-      env variable can be given a range of memory allocations to
-      test. So if a test case has 150 allocations, it can be told
-      to only test allocation numbers 7-10. The <code>VIR_TEST_OOM_TRACE</code>
-      variable can be used to print out stack traces.
-    </p>
-
-    <pre>
-$ VIR_TEST_OOM_TRACE=2 VIR_TEST_OOM=1:7-10 VIR_TEST_RANGE=5 \
-    ../run valgrind ./qemuxml2argvtest
- 5) QEMU XML-2-ARGV machine-core-on                                   ... OK
-    Test OOM for nalloc=37 !virAllocN
-/home/berrange/src/virt/libvirt/src/util/viralloc.c:180
-virDomainDefParseXML
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:11786 (discriminator 1)
-virDomainDefParseNode
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:12677
-virDomainDefParse
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:12621
-testCompareXMLToArgvFiles
-/home/berrange/src/virt/libvirt/tests/qemuxml2argvtest.c:107
-virtTestRun
-/home/berrange/src/virt/libvirt/tests/testutils.c:266
-mymain
-/home/berrange/src/virt/libvirt/tests/qemuxml2argvtest.c:388 (discriminator 2)
-virtTestMain
-/home/berrange/src/virt/libvirt/tests/testutils.c:791
-__libc_start_main
-??:?
-_start
-??:?
-!virAlloc
-/home/berrange/src/virt/libvirt/src/util/viralloc.c:133
-virDomainDiskDefParseXML
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:4790
-virDomainDefParseXML
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:11797
-virDomainDefParseNode
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:12677
-virDomainDefParse
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:12621
-testCompareXMLToArgvFiles
-/home/berrange/src/virt/libvirt/tests/qemuxml2argvtest.c:107
-virtTestRun
-/home/berrange/src/virt/libvirt/tests/testutils.c:266
-mymain
-/home/berrange/src/virt/libvirt/tests/qemuxml2argvtest.c:388 (discriminator 2)
-virtTestMain
-/home/berrange/src/virt/libvirt/tests/testutils.c:791
-__libc_start_main
-??:?
-_start
-??:?
-!virAllocN
-/home/berrange/src/virt/libvirt/src/util/viralloc.c:180
-virXPathNodeSet
-/home/berrange/src/virt/libvirt/src/util/virxml.c:609
-virDomainDefParseXML
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:11805
-virDomainDefParseNode
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:12677
-virDomainDefParse
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:12621
-testCompareXMLToArgvFiles
-/home/berrange/src/virt/libvirt/tests/qemuxml2argvtest.c:107
-virtTestRun
-/home/berrange/src/virt/libvirt/tests/testutils.c:266
-mymain
-/home/berrange/src/virt/libvirt/tests/qemuxml2argvtest.c:388 (discriminator 2)
-virtTestMain
-/home/berrange/src/virt/libvirt/tests/testutils.c:791
-__libc_start_main
-??:?
-_start
-??:?
-!virAllocN
-/home/berrange/src/virt/libvirt/src/util/viralloc.c:180
-virDomainDefParseXML
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:11808 (discriminator 1)
-virDomainDefParseNode
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:12677
-virDomainDefParse
-/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:12621
-testCompareXMLToArgvFiles
-/home/berrange/src/virt/libvirt/tests/qemuxml2argvtest.c:107
-virtTestRun
-/home/berrange/src/virt/libvirt/tests/testutils.c:266
-mymain
-/home/berrange/src/virt/libvirt/tests/qemuxml2argvtest.c:388 (discriminator 2)
-virtTestMain
-/home/berrange/src/virt/libvirt/tests/testutils.c:791
-__libc_start_main
-??:?
-_start
-??:?
-    </pre>
-
-    <h3><a id="noncrash">Non-crash related problems</a></h3>
-
-    <p>
-      Not all memory allocation bugs result in code crashing. Sometimes
-      the code will be silently ignoring the allocation failure, resulting
-      in incorrect data being produced. For example the XML parser may
-      mistakenly treat an allocation failure as indicating that an XML
-      attribute was not set in the input document. It is hard to identify
-      these problems from the test suite automatically. For this, the
-      test suites should be run with <code>VIR_TEST_DEBUG=1</code> set
-      and then stderr analysed for any unexpected data. For example,
-      the XML conversion may show an embedded "(null)" literal, or the
-      test suite might complain about missing elements / attributes
-      in the actual vs expected data. These are all signs of bugs in
-      OOM handling. In the future the OOM tests will be enhanced to
-      validate that an error VIR_ERR_NO_MEMORY is returned for each
-      allocation failed, rather than some other error.
-    </p>
-  </body>
-</html>

docs/kbase.html.in

@@ -2,7 +2,7 @@
 <!DOCTYPE html>
 <html xmlns="http://www.w3.org/1999/xhtml">
   <body class="docs">
-    <h2>Knowledge base</h2>
+    <h1>Knowledge base</h1>
 
     <div class="panel">
       <dl>
@@ -21,6 +21,21 @@
             capture</a></dt>
         <dd>Comparison between different methods of capturing domain
           state</dd>
+
+        <dt><a href="kbase/rpm-deployment.html">RPM deployment</a></dt>
+        <dd>Explanation of the different RPM packages and illustration of
+          which to pick for installation</dd>
+
+        <dt><a href="kbase/backing_chains.html">Backing chain management</a></dt>
+        <dd>Explanation of how disk backing chain specification impacts libvirt's
+          behaviour and basic troubleshooting steps of disk problems.</dd>
+
+        <dt><a href="kbase/qemu-passthrough-security.html">Security with QEMU passthrough</a></dt>
+        <dd>Examination of the security protections used for QEMU and how they need
+          configuring to allow use of QEMU passthrough with host files/devices.</dd>
+
+        <dt><a href="kbase/virtiofs.html">Virtio-FS</a></dt>
+        <dd>Share a filesystem between the guest and the host</dd>
       </dl>
     </div>
 

docs/kbase/backing_chains.rst

@@ -0,0 +1,212 @@
+=================
+Disk image chains
+=================
+
+Modern disk image formats allow users to create an overlay on top of an
+existing image which will be the target of the new guest writes. This allows us
+to do snapshots of the disk state of a VM efficiently. The following text
+describes how libvirt manages such image chains and some problems which can
+occur. Note that many of the cases mentioned below are currently only relevant
+for the qemu driver.
+
+.. contents::
+
+Domain XML image and chain specification
+========================================
+
+Disk image chains can be partially or fully configured in the domain XML. The
+basic approach is to use the ``<backingStore>`` elements in the configuration.
+
+The ``<backingStore>`` elements present in the live VM xml represent the actual
+topology that libvirt knows of.
+
+Basic disk setup
+----------------
+
+Any default configuration or example usually refers only to the top (active)
+image of the backing chain.
+
+::
+
+  <disk type='file' device='disk'>
+    <driver name='qemu' type='qcow2'/>
+    <source file='/tmp/pull4.qcow2'/>
+    <target dev='vda' bus='virtio'/>
+    <address type='pci' domain='0x0000' bus='0x00' slot='0x0a' function='0x0'/>
+  </disk>
+
+This configuration will prompt libvirt to detect the backing image of the source
+image and recursively do the same thing until the end of the chain.
+
+Importance of proper backing chain setup
+----------------------------------------
+
+The disk image locations are used by libvirt to properly set up the security
+system used on the host so that the hypervisor can access the files; it can
+also be used to configure the hypervisor to use the appropriate images. Thus
+it's important to properly set up the formats and paths of the backing images.
+
+Any externally created image should always use the -F switch of ``qemu-img``
+to specify the format of the backing file to avoid probing.
+
+Image detection caveats
+-----------------------
+
+Detection of the backing chain requires libvirt to read and understand the
+``backing file`` field recorded in the image metadata and also being able to
+recurse and read the backing file. Due to security implications libvirt
+will refuse to use backing images of any image whose format was not specified
+explicitly in the XML or the overlay image itself.
+
+Libvirt also might lack support for a network disk storage technology and thus
+may be unable to visit and detect backing chains on such storage. This may
+result in the backing chain in the live XML looking incomplete or some
+operations not being possible. To prevent this it's possible to specify the
+image metadata explicitly in the XML.
+
+Advanced backing chain specifications
+-------------------------------------
+
+To specify the topology of disk images explicitly the following XML
+specification can be used:
+
+::
+
+ <disk type='file' device='disk'>
+   <driver name='qemu' type='qcow2'/>
+   <source file='/tmp/pull4.qcow2'/>
+   <backingStore type='file'>
+     <format type='qcow2'/>
+     <source file='/tmp/pull3.qcow2'/>
+     <backingStore type='file'>
+       <format type='qcow2'/>
+       <source file='/tmp/pull2.qcow2'/>
+       <backingStore type='file'>
+         <format type='qcow2'/>
+         <source file='/tmp/pull1.qcow2'/>
+         <backingStore type='file'>
+           <format type='qcow2'/>
+           <source file='/tmp/pull0.qcow2'/>
+           <backingStore/>
+         </backingStore>
+       </backingStore>
+     </backingStore>
+   </backingStore>
+   <target dev='vda' bus='virtio'/>
+   <address type='pci' domain='0x0000' bus='0x00' slot='0x0a' function='0x0'/>
+ </disk>
+
+This makes libvirt follow the settings as configured in the XML. Note that this
+is supported only when the https://libvirt.org/formatdomaincaps.html#featureBackingStoreInput
+capability is present.
+
+An empty ``<backingStore/>`` element signals the end of the chain. Using this
+will prevent libvirt or qemu from probing the backing chain.
+
+Note that it's also possible to partially specify the chain in the XML but omit
+the terminating element. This will result in probing from the last specified
+``<backingStore>``
+
+Any image specified explicitly will not be probed for backing file or format.
+
+
+Manual image creation
+=====================
+
+When creating disk images manually outside of libvirt it's important to create
+them properly so that they work with libvirt as expected. The created disk
+images must contain the format of the backing image in the metadata. This
+means that the **-F** parameter of ``qemu-img`` must always be used.
+
+::
+
+  qemu-img -f qcow2 -F qcow2 -b $BACKING_IMAGE_PATH $IMAGE_PATH
+
+Note that if ``$BACKING_IMAGE_PATH`` is relative the path is considered relative to
+the location of ``$IMAGE_PATH``.
+
+Troubleshooting
+===============
+
+A few common problems which occur when managing chains of disk images.
+
+VM refuses to start due to misconfigured backing store format
+-------------------------------------------------------------
+
+This problem happens on VMs where the backing chain was created manually outside
+of libvirt and can have multiple symptoms:
+
+- permission denied error reported on a backing image
+- ``format of backing image '%s' of image '%s' was not specified in the image metadata`` error reported
+- disk image looking corrupt inside the guest
+
+The cause of the above problem is that the image metadata does not record the
+format of the backing image along with the location of the image. When the
+format is not specified libvirt or qemu would have to do image format probing
+which is insecure to do as a malicious guest could rewrite the header of the
+disk leading to access of host files. Libvirt thus does not try to assume
+the format of the backing image. The following command can be used to check if
+the image has a backing image format specified:
+
+::
+
+ $ qemu-img info /tmp/copy4.qcow2
+ image: /tmp/copy4.qcow2
+ file format: qcow2
+ virtual size: 10 MiB (10485760 bytes)
+ disk size: 196 KiB
+ cluster_size: 65536
+ backing file: copy3.qcow2 (actual path: /tmp/copy3.qcow2)
+ backing file format: qcow2
+ Format specific information:
+     compat: 1.1
+     lazy refcounts: false
+     refcount bits: 16
+     corrupt: false
+
+If the ``backing file format`` field is missing above the format was not
+specified properly. The image can be fixed by the following command:
+
+::
+
+ qemu-img rebase -f $IMAGE_FORMAT -F $BACKING_IMAGE_FORMAT -b $BACKING_IMAGE_PATH $IMAGE_PATH
+
+It is important to fill out ``$BACKING_IMAGE_FORMAT`` and ``$IMAGE_FORMAT``
+properly. ``$BACKING_IMAGE_PATH`` should be specified as a full absolute path.
+If relative referencing of the backing image is desired, the path must be
+relative to the location of image described by ``$IMAGE_PATH``.
+
+**Important:** If the ``$BACKING_IMAGE_FORMAT`` is not known it can be queried
+using ``qemu-img info $BACKING_IMAGE_PATH`` and looking for the ``file format``
+field, but for security reasons the value should be used *only* if at least one
+of the following criteria is met:
+
+- ``file format`` is ``raw``
+- ``backing file`` is NOT present
+- ``backing file`` is present AND is correct/trusted
+
+Note that the last criterion may require manual inspection and thus should not
+be scripted unless the trust for the image can be expressed programatically.
+
+Also note that the above steps may need to be repeated recursively for any
+subsequent backing images.
+
+Missing images reported after moving disk images into a different path
+----------------------------------------------------------------------
+
+The path to the backing image which is recorded in the image metadata often
+contains a full path to the backing image. This is the default libvirt-created
+image configuration. When such images are moved to a different location the
+top image will no longer point to the correct image.
+
+To fix such issue you can either fully specify the image chain in the domain XML
+as pointed out above or the following ``qemu-img`` command can be used:
+
+::
+
+ qemu-img rebase -u -f $IMAGE_FORMAT -F $BACKING_IMAGE_FORMAT -b $BACKING_IMAGE_PATH $IMAGE_PATH
+
+It is important to fill out ``$BACKING_IMAGE_FORMAT`` and ``$IMAGE_FORMAT``
+properly. ``$BACKING_IMAGE_PATH`` should be specified as a full absolute path.
+If relative referencing of the backing image is desired, the path must be
+relative to the location of image described by ``$IMAGE_PATH``.

docs/kbase/domainstatecapture.html.in

@@ -1,303 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-
-    <h1>Domain state capture using Libvirt</h1>
-
-    <ul id="toc"></ul>
-
-    <p>
-      In order to aid application developers to choose which
-      operations best suit their needs, this page compares the
-      different means for capturing state related to a domain managed
-      by libvirt.
-    </p>
-
-    <p>
-      The information here is primarily geared towards capturing the
-      state of an active domain. Capturing the state of an inactive
-      domain essentially amounts to copying the contents of guest
-      disks, followed by a fresh boot of the same domain configuration
-      with disks restored back to that saved state.
-    </p>
-
-    <h2><a id="definitions">State capture trade-offs</a></h2>
-
-    <p>One of the features made possible with virtual machines is live
-      migration -- transferring all state related to the guest from
-      one host to another with minimal interruption to the guest's
-      activity. In this case, state includes domain memory (including
-      register and device contents), and domain storage (whether the
-      guest's view of the disks are backed by local storage on the
-      host, or by the hypervisor accessing shared storage over a
-      network).  A clever observer will then note that if all state is
-      available for live migration, then there is nothing stopping a
-      user from saving some or all of that state at a given point of
-      time in order to be able to later rewind guest execution back to
-      the state it previously had. The astute reader will also realize
-      that state capture at any level requires that the data must be
-      stored and managed by some mechanism. This processing might fit
-      in a single file, or more likely require a chain of related
-      files, and may require synchronization with third-party tools
-      built around managing the amount of data resulting from
-      capturing the state of multiple guests that each use multiple
-      disks.
-    </p>
-
-    <p>
-      There are several libvirt APIs associated with capturing the
-      state of a guest, which can later be used to rewind that guest
-      to the conditions it was in earlier.  The following is a list of
-      trade-offs and differences between the various facets that
-      affect capturing domain state for active domains:
-    </p>
-
-    <dl>
-      <dt>Duration</dt>
-      <dd>Capturing state can be a lengthy process, so while the
-        captured state ideally represents an atomic point in time
-        corresponding to something the guest was actually executing,
-        capturing state tends to focus on minimizing guest downtime
-        while performing the rest of the state capture in parallel
-        with guest execution.  Some interfaces require up-front
-        preparation (the state captured is not complete until the API
-        ends, which may be some time after the command was first
-        started), while other interfaces track the state when the
-        command was first issued, regardless of the time spent in
-        capturing the rest of the state.  Also, time spent in state
-        capture may be longer than the time required for live
-        migration, when state must be duplicated rather than shared.
-      </dd>
-
-      <dt>Amount of state</dt>
-      <dd>For an online guest, there is a choice between capturing the
-        guest's memory (all that is needed during live migration when
-        the storage is already shared between source and destination),
-        the guest's disk state (all that is needed if there are no
-        pending guest I/O transactions that would be lost without the
-        corresponding memory state), or both together.  Reverting to
-        partial state may still be viable, but typically, booting from
-        captured disk state without corresponding memory is comparable
-        to rebooting a machine that had power cut before I/O could be
-        flushed. Guests may need to use proper journaling methods to
-        avoid problems when booting from partial state.
-      </dd>
-
-      <dt>Quiescing of data</dt>
-      <dd>Even if a guest has no pending I/O, capturing disk state may
-        catch the guest at a time when the contents of the disk are
-        inconsistent. Cooperating with the guest to perform data
-        quiescing is an optional step to ensure that captured disk
-        state is fully consistent without requiring additional memory
-        state, rather than just crash-consistent.  But guest
-        cooperation may also have time constraints, where the guest
-        can rightfully panic if there is too much downtime while I/O
-        is frozen.
-      </dd>
-
-      <dt>Quantity of files</dt>
-      <dd>When capturing state, some approaches store all state within
-        the same file (internal), while others expand a chain of
-        related files that must be used together (external), for more
-        files that a management application must track.
-      </dd>
-
-      <dt>Impact to guest definition</dt>
-      <dd>Capturing state may require temporary changes to the guest
-        definition, such as associating new files into the domain
-        definition. While state capture should never impact the
-        running guest, a change to the domain's active XML may have
-        impact on other host operations being performed on the domain.
-      </dd>
-
-      <dt>Third-party integration</dt>
-      <dd>When capturing state, there are tradeoffs to how much of the
-        process must be done directly by the hypervisor, and how much
-        can be off-loaded to third-party software.  Since capturing
-        state is not instantaneous, it is essential that any
-        third-party integration see consistent data even if the
-        running guest continues to modify that data after the point in
-        time of the capture.</dd>
-
-      <dt>Full vs. incremental</dt>
-      <dd>When periodically repeating the action of state capture, it
-        is useful to minimize the amount of state that must be
-        captured by exploiting the relation to a previous capture,
-        such as focusing only on the portions of the disk that the
-        guest has modified in the meantime.  Some approaches are able
-        to take advantage of checkpoints to provide an incremental
-        backup, while others are only capable of a full backup even if
-        that means re-capturing unchanged portions of the disk.</dd>
-
-      <dt>Local vs. remote</dt>
-      <dd>Domains that completely use remote storage may only need
-        some mechanism to keep track of guest memory state while using
-        external means to manage storage. Still, hypervisor and guest
-        cooperation to ensure points in time when no I/O is in flight
-        across the network can be important for properly capturing
-        disk state.</dd>
-
-      <dt>Network latency</dt>
-      <dd>Whether it's domain storage or saving domain state into
-        remote storage, network latency has an impact on snapshot
-        data. Having dedicated network capacity, bandwidth, or quality
-        of service levels may play a role, as well as planning for how
-        much of the backup process needs to be local.</dd>
-    </dl>
-
-    <p>
-      An example of the various facets in action is migration of a
-      running guest. In order for the guest to be able to resume on
-      the destination at the same place it left off at the source, the
-      hypervisor has to get to a point where execution on the source
-      is stopped, the last remaining changes occurring since the
-      migration started are then transferred, and the guest is started
-      on the target. The management software thus must keep track of
-      the starting point and any changes since the starting
-      point. These last changes are often referred to as dirty page
-      tracking or dirty disk block bitmaps. At some point in time
-      during the migration, the management software must freeze the
-      source guest, transfer the dirty data, and then start the guest
-      on the target. This period of time must be minimal. To minimize
-      overall migration time, one is advised to use a dedicated
-      network connection with a high quality of service. Alternatively
-      saving the current state of the running guest can just be a
-      point in time type operation which doesn't require updating the
-      "last vestiges" of state prior to writing out the saved state
-      file. The state file is the point in time of whatever is current
-      and may contain incomplete data which if used to restart the
-      guest could cause confusion or problems because some operation
-      wasn't completed depending upon where in time the operation was
-      commenced.
-    </p>
-
-    <h2><a id="apis">State capture APIs</a></h2>
-    <p>With those definitions, the following libvirt APIs related to
-      state capture have these properties:</p>
-    <dl>
-      <dt><a href="html/libvirt-libvirt-domain.html#virDomainManagedSave"><code>virDomainManagedSave</code></a></dt>
-      <dd>This API saves guest memory, with libvirt managing all of
-        the saved state, then stops the guest. While stopped, the
-        disks can be copied by a third party.  However, since any
-        subsequent restart of the guest by libvirt API will restore
-        the memory state (which typically only works if the disk state
-        is unchanged in the meantime), and since it is not possible to
-        get at the memory state that libvirt is managing, this is not
-        viable as a means for rolling back to earlier saved states,
-        but is rather more suited to situations such as suspending a
-        guest prior to rebooting the host in order to resume the guest
-        when the host is back up. This API also has a drawback of
-        potentially long guest downtime, and therefore does not lend
-        itself well to live backups.</dd>
-
-      <dt><a href="html/libvirt-libvirt-domain.html#virDomainSave"><code>virDomainSave</code></a></dt>
-      <dd>This API is similar to virDomainManagedSave(), but moves the
-        burden on managing the stored memory state to the user. As
-        such, the user can now couple saved state with copies of the
-        disks to perform a revert to an arbitrary earlier saved state.
-        However, changing who manages the memory state does not change
-        the drawback of potentially long guest downtime when capturing
-        state.</dd>
-
-      <dt><a href="html/libvirt-libvirt-domain-snapshot.html#virDomainSnapshotCreateXML"><code>virDomainSnapshotCreateXML</code></a></dt>
-      <dd>This API wraps several approaches for capturing guest state,
-        with a general premise of creating a snapshot (where the
-        current guest resources are frozen in time and a new wrapper
-        layer is opened for tracking subsequent guest changes).  It
-        can operate on both offline and running guests, can choose
-        whether to capture the state of memory, disk, or both when
-        used on a running guest, and can choose between internal and
-        external storage for captured state.  However, it is geared
-        towards post-event captures (when capturing both memory and
-        disk state, the disk state is not captured until all memory
-        state has been collected first).  Using QEMU as the
-        hypervisor, internal snapshots currently have lengthy downtime
-        that is incompatible with freezing guest I/O, but external
-        snapshots are quick when memory contents are not also saved.
-        Since creating an external snapshot changes which disk image
-        resource is in use by the guest, this API can be coupled
-        with <a href="html/libvirt-libvirt-domain.html#virDomainBlockCommit"><code>virDomainBlockCommit()</code></a>
-        to restore things back to the guest using its original disk
-        image, where a third-party tool can read the backing file
-        prior to the live commit.  See also
-        the <a href="formatsnapshot.html">XML details</a> used with
-        this command.</dd>
-
-      <dt><a href="html/libvirt-libvirt-domain.html#virDomainFSFreeze"><code>virDomainFSFreeze</code></a>, <a href="html/libvirt-libvirt-domain.html#virDomainFSThaw"><code>virDomainFSThaw</code></a></dt>
-      <dd>This pair of APIs does not directly capture guest state, but
-        can be used to coordinate with a trusted live guest that state
-        capture is about to happen, and therefore guest I/O should be
-        quiesced so that the state capture is fully consistent, rather
-        than merely crash consistent.  Some APIs are able to
-        automatically perform a freeze and thaw via a flags parameter,
-        rather than having to make separate calls to these
-        functions. Also, note that freezing guest I/O is only possible
-        with trusted guests running a guest agent, and that some
-        guests place maximum time limits on how long I/O can be
-        frozen.</dd>
-
-      <dt><a href="html/libvirt-libvirt-domain-checkpoint.html#virDomainCheckpointCreateXML"><code>virDomainCheckpointCreateXML</code></a></dt>
-      <dd>This API does not actually capture guest state, rather it
-        makes it possible to track which portions of guest disks have
-        changed between a checkpoint and the current live execution of
-        the guest.  However, while it is possible use this API to
-        create checkpoints in isolation, it is more typical to create
-        a checkpoint as a side-effect of starting a new incremental
-        backup with <code>virDomainBackupBegin()</code> or at the
-        creation of an external snapshot
-        with <code>virDomainSnapshotCreateXML2()</code>, since a
-        second incremental backup is most useful when using the
-        checkpoint created during the first.  See also
-        the <a href="formatcheckpoint.html">XML details</a> used with
-        this command.</dd>
-
-      <dt><a href="html/libvirt-libvirt-domain.html#virDomainBackupBegin"><code>virDomainBackupBegin</code></a>, <a href="html/libvirt-libvirt-domain.html#virDomainBackupEnd"><code>virDomainBackupEnd</code></a></dt>
-      <dd>This API wraps approaches for capturing the state of disks
-        of a running guest, but does not track accompanying guest
-        memory state.  The capture is consistent to the start of the
-        operation, where the captured state is stored independently
-        from the disk image in use with the guest and where it can be
-        easily integrated with a third-party for capturing the disk
-        state.  Since the backup operation is stored externally from
-        the guest resources, there is no need to commit data back in
-        at the completion of the operation.  When coupled with
-        checkpoints, this can be used to capture incremental backups
-        instead of full.</dd>
-    </dl>
-
-    <h2><a id="examples">Examples</a></h2>
-    <p>The following two sequences both accomplish the task of
-      capturing the disk state of a running guest, then wrapping
-      things up so that the guest is still running with the same file
-      as its disk image as before the sequence of operations began.
-      The difference between the two sequences boils down to the
-      impact of an unexpected interruption made at any point in the
-      middle of the sequence: with such an interruption, the first
-      example leaves the guest tied to a temporary wrapper file rather
-      than the original disk, and requires manual clean up of the
-      domain definition; while the second example has no impact to the
-      domain definition.</p>
-
-    <p>1. Backup via temporary snapshot
-      <pre>
-virDomainFSFreeze()
-virDomainSnapshotCreateXML(VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY)
-virDomainFSThaw()
-third-party copy the backing file to backup storage # most time spent here
-virDomainBlockCommit(VIR_DOMAIN_BLOCK_COMMIT_ACTIVE) per disk
-wait for commit ready event per disk
-virDomainBlockJobAbort() per disk
-      </pre></p>
-
-    <p>2. Direct backup
-      <pre>
-virDomainFSFreeze()
-virDomainBackupBegin()
-virDomainFSThaw()
-wait for push mode event, or pull data over NBD # most time spent here
-virDomainBackupEnd()
-    </pre></p>
-
-  </body>
-</html>

docs/kbase/domainstatecapture.rst

@@ -0,0 +1,255 @@
+==================================
+Domain state capture using Libvirt
+==================================
+
+.. contents::
+
+In order to aid application developers to choose which operations best
+suit their needs, this page compares the different means for capturing
+state related to a domain managed by libvirt.
+
+The information here is primarily geared towards capturing the state of
+an active domain. Capturing the state of an inactive domain essentially
+amounts to copying the contents of guest disks, followed by a fresh boot
+of the same domain configuration with disks restored back to that saved
+state.
+
+State capture trade-offs
+========================
+
+One of the features made possible with virtual machines is live
+migration -- transferring all state related to the guest from one host
+to another with minimal interruption to the guest's activity. In this
+case, state includes domain memory (including register and device
+contents), and domain storage (whether the guest's view of the disks are
+backed by local storage on the host, or by the hypervisor accessing
+shared storage over a network). A clever observer will then note that if
+all state is available for live migration, then there is nothing
+stopping a user from saving some or all of that state at a given point
+of time in order to be able to later rewind guest execution back to the
+state it previously had. The astute reader will also realize that state
+capture at any level requires that the data must be stored and managed
+by some mechanism. This processing might fit in a single file, or more
+likely require a chain of related files, and may require synchronization
+with third-party tools built around managing the amount of data
+resulting from capturing the state of multiple guests that each use
+multiple disks.
+
+There are several libvirt APIs associated with capturing the state of a
+guest, which can later be used to rewind that guest to the conditions it
+was in earlier. The following is a list of trade-offs and differences
+between the various facets that affect capturing domain state for active
+domains:
+
+Duration
+   Capturing state can be a lengthy process, so while the captured state
+   ideally represents an atomic point in time corresponding to something
+   the guest was actually executing, capturing state tends to focus on
+   minimizing guest downtime while performing the rest of the state
+   capture in parallel with guest execution. Some interfaces require
+   up-front preparation (the state captured is not complete until the
+   API ends, which may be some time after the command was first
+   started), while other interfaces track the state when the command was
+   first issued, regardless of the time spent in capturing the rest of
+   the state. Also, time spent in state capture may be longer than the
+   time required for live migration, when state must be duplicated
+   rather than shared.
+Amount of state
+   For an online guest, there is a choice between capturing the guest's
+   memory (all that is needed during live migration when the storage is
+   already shared between source and destination), the guest's disk
+   state (all that is needed if there are no pending guest I/O
+   transactions that would be lost without the corresponding memory
+   state), or both together. Reverting to partial state may still be
+   viable, but typically, booting from captured disk state without
+   corresponding memory is comparable to rebooting a machine that had
+   power cut before I/O could be flushed. Guests may need to use proper
+   journaling methods to avoid problems when booting from partial state.
+Quiescing of data
+   Even if a guest has no pending I/O, capturing disk state may catch
+   the guest at a time when the contents of the disk are inconsistent.
+   Cooperating with the guest to perform data quiescing is an optional
+   step to ensure that captured disk state is fully consistent without
+   requiring additional memory state, rather than just crash-consistent.
+   But guest cooperation may also have time constraints, where the guest
+   can rightfully panic if there is too much downtime while I/O is
+   frozen.
+Quantity of files
+   When capturing state, some approaches store all state within the same
+   file (internal), while others expand a chain of related files that
+   must be used together (external), for more files that a management
+   application must track.
+Impact to guest definition
+   Capturing state may require temporary changes to the guest
+   definition, such as associating new files into the domain definition.
+   While state capture should never impact the running guest, a change
+   to the domain's active XML may have impact on other host operations
+   being performed on the domain.
+Third-party integration
+   When capturing state, there are tradeoffs to how much of the process
+   must be done directly by the hypervisor, and how much can be
+   off-loaded to third-party software. Since capturing state is not
+   instantaneous, it is essential that any third-party integration see
+   consistent data even if the running guest continues to modify that
+   data after the point in time of the capture.
+Full vs. incremental
+   When periodically repeating the action of state capture, it is useful
+   to minimize the amount of state that must be captured by exploiting
+   the relation to a previous capture, such as focusing only on the
+   portions of the disk that the guest has modified in the meantime.
+   Some approaches are able to take advantage of checkpoints to provide
+   an incremental backup, while others are only capable of a full backup
+   even if that means re-capturing unchanged portions of the disk.
+Local vs. remote
+   Domains that completely use remote storage may only need some
+   mechanism to keep track of guest memory state while using external
+   means to manage storage. Still, hypervisor and guest cooperation to
+   ensure points in time when no I/O is in flight across the network can
+   be important for properly capturing disk state.
+Network latency
+   Whether it's domain storage or saving domain state into remote
+   storage, network latency has an impact on snapshot data. Having
+   dedicated network capacity, bandwidth, or quality of service levels
+   may play a role, as well as planning for how much of the backup
+   process needs to be local.
+
+An example of the various facets in action is migration of a running
+guest. In order for the guest to be able to resume on the destination at
+the same place it left off at the source, the hypervisor has to get to a
+point where execution on the source is stopped, the last remaining
+changes occurring since the migration started are then transferred, and
+the guest is started on the target. The management software thus must
+keep track of the starting point and any changes since the starting
+point. These last changes are often referred to as dirty page tracking
+or dirty disk block bitmaps. At some point in time during the migration,
+the management software must freeze the source guest, transfer the dirty
+data, and then start the guest on the target. This period of time must
+be minimal. To minimize overall migration time, one is advised to use a
+dedicated network connection with a high quality of service.
+Alternatively saving the current state of the running guest can just be
+a point in time type operation which doesn't require updating the "last
+vestiges" of state prior to writing out the saved state file. The state
+file is the point in time of whatever is current and may contain
+incomplete data which if used to restart the guest could cause confusion
+or problems because some operation wasn't completed depending upon where
+in time the operation was commenced.
+
+State capture APIs
+==================
+
+With those definitions, the following libvirt APIs related to state
+capture have these properties:
+
+`virDomainManagedSave <../html/libvirt-libvirt-domain.html#virDomainManagedSave>`__
+   This API saves guest memory, with libvirt managing all of the saved
+   state, then stops the guest. While stopped, the disks can be copied
+   by a third party. However, since any subsequent restart of the guest
+   by libvirt API will restore the memory state (which typically only
+   works if the disk state is unchanged in the meantime), and since it
+   is not possible to get at the memory state that libvirt is managing,
+   this is not viable as a means for rolling back to earlier saved
+   states, but is rather more suited to situations such as suspending a
+   guest prior to rebooting the host in order to resume the guest when
+   the host is back up. This API also has a drawback of potentially long
+   guest downtime, and therefore does not lend itself well to live
+   backups.
+`virDomainSave <../html/libvirt-libvirt-domain.html#virDomainSave>`__
+   This API is similar to virDomainManagedSave(), but moves the burden
+   on managing the stored memory state to the user. As such, the user
+   can now couple saved state with copies of the disks to perform a
+   revert to an arbitrary earlier saved state. However, changing who
+   manages the memory state does not change the drawback of potentially
+   long guest downtime when capturing state.
+`virDomainSnapshotCreateXML <../html/libvirt-libvirt-domain-snapshot.html#virDomainSnapshotCreateXML>`__
+   This API wraps several approaches for capturing guest state, with a
+   general premise of creating a snapshot (where the current guest
+   resources are frozen in time and a new wrapper layer is opened for
+   tracking subsequent guest changes). It can operate on both offline
+   and running guests, can choose whether to capture the state of
+   memory, disk, or both when used on a running guest, and can choose
+   between internal and external storage for captured state. However, it
+   is geared towards post-event captures (when capturing both memory and
+   disk state, the disk state is not captured until all memory state has
+   been collected first). Using QEMU as the hypervisor, internal
+   snapshots currently have lengthy downtime that is incompatible with
+   freezing guest I/O, but external snapshots are quick when memory
+   contents are not also saved. Since creating an external snapshot
+   changes which disk image resource is in use by the guest, this API
+   can be coupled with
+   `virDomainBlockCommit() <html/libvirt-libvirt-domain.html#virDomainBlockCommit>`__
+   to restore things back to the guest using its original disk image,
+   where a third-party tool can read the backing file prior to the live
+   commit. See also the `XML details <formatsnapshot.html>`__ used with
+   this command.
+`virDomainFSFreeze <html/libvirt-libvirt-domain.html#virDomainFSFreeze>`__, `virDomainFSThaw <html/libvirt-libvirt-domain.html#virDomainFSThaw>`__
+   This pair of APIs does not directly capture guest state, but can be
+   used to coordinate with a trusted live guest that state capture is
+   about to happen, and therefore guest I/O should be quiesced so that
+   the state capture is fully consistent, rather than merely crash
+   consistent. Some APIs are able to automatically perform a freeze and
+   thaw via a flags parameter, rather than having to make separate calls
+   to these functions. Also, note that freezing guest I/O is only
+   possible with trusted guests running a guest agent, and that some
+   guests place maximum time limits on how long I/O can be frozen.
+`virDomainCheckpointCreateXML <html/libvirt-libvirt-domain-checkpoint.html#virDomainCheckpointCreateXML>`__
+   This API does not actually capture guest state, rather it makes it
+   possible to track which portions of guest disks have changed between
+   a checkpoint and the current live execution of the guest. However,
+   while it is possible use this API to create checkpoints in isolation,
+   it is more typical to create a checkpoint as a side-effect of
+   starting a new incremental backup with ``virDomainBackupBegin()`` or
+   at the creation of an external snapshot with
+   ``virDomainSnapshotCreateXML2()``, since a second incremental backup
+   is most useful when using the checkpoint created during the first.
+   See also the `XML details <formatcheckpoint.html>`__ used with this
+   command.
+`virDomainBackupBegin <html/libvirt-libvirt-domain.html#virDomainBackupBegin>`__, `virDomainBackupEnd <html/libvirt-libvirt-domain.html#virDomainBackupEnd>`__
+   This API wraps approaches for capturing the state of disks of a
+   running guest, but does not track accompanying guest memory state.
+   The capture is consistent to the start of the operation, where the
+   captured state is stored independently from the disk image in use
+   with the guest and where it can be easily integrated with a
+   third-party for capturing the disk state. Since the backup operation
+   is stored externally from the guest resources, there is no need to
+   commit data back in at the completion of the operation. When coupled
+   with checkpoints, this can be used to capture incremental backups
+   instead of full.
+
+Examples
+========
+
+The following two sequences both accomplish the task of capturing the
+disk state of a running guest, then wrapping things up so that the guest
+is still running with the same file as its disk image as before the
+sequence of operations began. The difference between the two sequences
+boils down to the impact of an unexpected interruption made at any point
+in the middle of the sequence: with such an interruption, the first
+example leaves the guest tied to a temporary wrapper file rather than
+the original disk, and requires manual clean up of the domain
+definition; while the second example has no impact to the domain
+definition.
+
+Backup via temporary snapshot
+-----------------------------
+
+::
+
+   virDomainFSFreeze()
+   virDomainSnapshotCreateXML(VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY)
+   virDomainFSThaw()
+   third-party copy the backing file to backup storage # most time spent here
+   virDomainBlockCommit(VIR_DOMAIN_BLOCK_COMMIT_ACTIVE) per disk
+   wait for commit ready event per disk
+   virDomainBlockJobAbort() per disk
+
+
+Direct backup
+-------------
+
+::
+
+   virDomainFSFreeze()
+   virDomainBackupBegin()
+   virDomainFSThaw()
+   wait for push mode event, or pull data over NBD # most time spent here
+   virDomainBackupEnd()

docs/kbase/launch_security_sev.html.in

@@ -1,521 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Launch security with AMD SEV</h1>
-
-    <ul id="toc"></ul>
-
-    <p>
-        Storage encryption in modern public cloud computing is a common practice.
-        However, from the point of view of a user of these cloud workloads, a
-        significant amount of trust needs to be put in the cloud platform security as
-        well as integrity (was the hypervisor tampered?). For this reason there's ever
-        rising demand for securing data in use, i.e. memory encryption.
-        One of the solutions addressing this matter is AMD SEV.
-    </p>
-
-    <h2>AMD SEV</h2>
-    <p>
-        SEV (Secure Encrypted Virtualization) is a feature extension of AMD's SME (Secure
-        Memory Encryption) intended for KVM virtual machines which is supported
-        primarily on AMD's EPYC CPU line. In contrast to SME, SEV uses a unique memory encryption
-        key for each VM. The whole encryption of memory pages is completely transparent
-        to the hypervisor and happens inside dedicated hardware in the on-die memory controller.
-        Each controller includes a high-performance Advanced Encryption Standard
-        (AES) engine that encrypts data when it is written to DRAM and decrypts it
-        when read.
-
-        For more details about the technology itself, you can visit
-      <a href="https://developer.amd.com/sev/">AMD's developer portal</a>.
-    </p>
-
-    <h2><a id="Host">Enabling SEV on the host</a></h2>
-      <p>
-          Before VMs can make use of the SEV feature you need to make sure your
-          AMD CPU does support SEV. You can check whether SEV is among the CPU
-          flags with:
-      </p>
-
-      <pre>
-$ cat /proc/cpuinfo | grep sev
-...
-sme ssbd sev ibpb</pre>
-
-      <p>
-          Next step is to enable SEV in the kernel, because it is disabled by default.
-          This is done by putting the following onto the kernel command line:
-      </p>
-
-      <pre>
-mem_encrypt=on kvm_amd.sev=1
-      </pre>
-
-      <p>
-          To make the changes persistent, append the above to the variable holding
-          parameters of the kernel command line in
-          <code>/etc/default/grub</code> to preserve SEV settings across reboots
-      </p>
-
-      <pre>
-$ cat /etc/default/grub
-...
-GRUB_CMDLINE_LINUX="... mem_encrypt=on kvm_amd.sev=1"
-$ grub2-mkconfig -o /boot/efi/EFI/&lt;distro&gt;/grub.cfg</pre>
-
-      <p>
-        <code>mem_encrypt=on</code> turns on the SME memory encryption feature on
-        the host which protects against the physical attack on the hypervisor
-        memory. The <code>kvm_amd.sev</code> parameter actually enables SEV in
-        the kvm module. It can be set on the command line alongside
-        <code>mem_encrypt</code> like shown above, or it can be put into a
-        module config under <code>/etc/modprobe.d/</code>
-      </p>
-
-      <pre>
-$ cat /etc/modprobe.d/sev.conf
-options kvm_amd sev=1
-      </pre>
-
-      <p>
-          After rebooting the host, you should see SEV being enabled in the kernel:
-      </p>
-
-      <pre>
-$ cat /sys/module/kvm_amd/parameters/sev
-1
-      </pre>
-
-      <h2><a id="Virt">Checking SEV support in the virt stack</a></h2>
-      <p>
-        <b>Note: All of the commands bellow need to be run with root privileges.</b>
-      </p>
-
-      <p>
-          First make sure you have the following packages in the specified versions:
-      </p>
-
-      <ul>
-        <li>
-            libvirt >= 4.5.0 (>5.1.0 recommended due to additional SEV bugfixes)
-        </li>
-        <li>
-            QEMU >= 2.12.0
-        </li>
-      </ul>
-      <p>
-          To confirm that the virtualization stack supports SEV, run the following:
-      </p>
-
-      <pre>
-# virsh domcapabilities
-&lt;domainCapabilities&gt;
-...
-  &lt;features&gt;
-    ...
-    &lt;sev supported='yes'&gt;
-      &lt;cbitpos&gt;47&lt;/cbitpos&gt;
-      &lt;reducedPhysBits&gt;1&lt;/reducedPhysBits&gt;
-    &lt;/sev&gt;
-    ...
-  &lt;/features&gt;
-&lt;/domainCapabilities&gt;</pre>
-      <p>
-          Note that if libvirt was already installed and libvirtd running before enabling SEV in the kernel followed by the host reboot you need to force libvirtd
-          to re-probe both the host and QEMU capabilities. First stop libvirtd:
-      </p>
-
-      <pre>
-# systemctl stop libvirtd.service
-      </pre>
-
-      <p>
-          Now you need to clean the capabilities cache:
-      </p>
-
-      <pre>
-# rm -f /var/cache/libvirt/qemu/capabilities/*
-      </pre>
-
-      <p>
-          If you now restart libvirtd, it will re-probe the capabilities and if
-          you now run:
-      </p>
-
-      <pre>
-# virsh domcapabilities
-      </pre>
-
-      <p>
-          SEV should be listed as supported. If you still see:
-      </p>
-
-      <pre>
-&lt;sev supported='no'/&gt;
-      </pre>
-
-      <p>
-          it means one of two things:
-        <ol>
-          <li>
-              libvirt does support SEV, but either QEMU or the host does not
-          </li>
-          <li>
-            you have libvirt &lt;=5.1.0 which suffered from getting a
-            <code>'Permission denied'</code> on <code>/dev/sev</code> because
-            of the default permissions on the character device which prevented
-            QEMU from opening it during capabilities probing - you can either
-            manually tweak the permissions so that QEMU has access to it or
-            preferably install libvirt 5.1.0 or higher
-          </li>
-        </ol>
-      </p>
-
-    <h2><a id="Configuration">VM Configuration</a></h2>
-    <p>
-        SEV is enabled in the XML by specifying the
-      <a href="https://libvirt.org/formatdomain.html#launchSecurity">&lt;launchSecurity&gt; </a> element. However, specifying <code>launchSecurity</code> isn't
-        enough to boot an SEV VM. Further configuration requirements are discussed
-          below.
-      </p>
-
-      <h3><a id="Machine">Machine type</a></h3>
-      <p>
-          Even though both Q35 and legacy PC machine types (for PC see also
-          "virtio") can be used with SEV, usage of the legacy PC machine type is
-          strongly discouraged, since depending on how your OVMF package was
-          built (e.g. including features like SecureBoot or SMM) Q35 may even be
-          required.
-      </p>
-
-      <h5>Q35</h5>
-<pre>
-...
-&lt;os&gt;
-  &lt;type arch='x86_64' machine='pc-q35-3.0'&gt;hvm&lt;/type&gt;
-  ...
-&lt;/os&gt;
-...</pre>
-
-      <h5>i440fx (discouraged)</h5>
-      <pre>
-...
-&lt;os&gt;
-  &lt;type arch='x86_64' machine='pc-i440fx-3.0'&gt;hvm&lt;/type&gt;
-  ...
-&lt;/os&gt;
-...
-      </pre>
-
-      <h3><a id="Boot">Boot loader</a></h3>
-      <p>
-          SEV is only going to work with OVMF (UEFI), so you'll need to point libvirt to
-          the correct OVMF binary.
-      </p>
-      <pre>
-...
-&lt;os&gt;
-  &lt;type arch='x86_64' machine='pc-q35-3.0'&gt;hvm&lt;/type&gt;
-  &lt;loader readonly='yes' type='pflash'&gt;/usr/share/edk2/ovmf/OVMF_CODE.fd&lt;/loader&gt;
-&lt;/os&gt;
-...</pre>
-
-      <h3><a id="Memory">Memory</a></h3>
-      <p>
-          Internally, SEV expects that the encrypted memory pages won't be swapped out or move
-          around so the VM memory needs to be pinned in physical RAM which will be
-          handled by QEMU. Apart from that, certain memory regions allocated by QEMU
-          itself (UEFI pflash, device ROMs, video RAM, etc.) have to be encrypted as
-          well. This causes a conflict in how libvirt tries to protect the host.
-          By default, libvirt enforces a memory hard limit on each VM's cgroup in order
-          to protect the host from malicious QEMU to allocate and lock all the available
-          memory. This limit corresponds to the total memory allocation for the VM given
-          by <code>&lt;currentMemory&gt;</code> element. However, trying to account for the additional
-          memory regions QEMU allocates when calculating the limit in an automated manner
-          is non-deterministic. One way to resolve this is to set the hard limit manually.
-
-        <p>
-          Note: Figuring out the right number so that your guest boots and isn't killed is
-          challenging, but 256MiB extra memory over the total guest RAM should suffice for
-          most workloads and may serve as a good starting point.
-
-          For example, a domain with 4GB memory with a 256MiB extra hard limit would look
-          like this:
-        </p>
-      </p>
-
-      <pre>
-# virsh edit &lt;domain&gt;
-&lt;domain&gt;
-  ...
-  &lt;currentMemory unit='KiB'&gt;4194304&lt;/currentMemory&gt;
-  &lt;memtune&gt;
-    &lt;hard_limit unit='KiB'&gt;4456448&lt;/hard_limit&gt;
-  &lt;/memtune&gt;
-  ...
-&lt;/domain&gt;</pre>
-      <p>
-          There's another, preferred method of taking care of the limits by
-          using the<code>&lt;memoryBacking&gt;</code> element along with the
-          <code>&lt;locked/&gt;</code> subelement:
-        </p>
-
-      <pre>
-&lt;domain&gt;
-  ...
-  &lt;memoryBacking&gt;
-    &lt;locked/&gt;
-  &lt;/memoryBacking&gt;
-  ...
-&lt;/domain&gt;</pre>
-
-      <p>
-          What that does is that it tells libvirt not to force any hard limit (well,
-          unlimited) upon the VM cgroup. The obvious advantage is that one doesn't need
-          to determine the hard limit for every single SEV-enabled VM. However, there is
-          a significant security-related drawback to this approach. Since no hard limit
-          is applied, a malicious QEMU could perform a DoS attack by locking all of the
-          host's available memory. The way to avoid this issue and to protect the host is
-          to enforce a bigger hard limit on the master cgroup containing all of the VMs
-          - on systemd this is <code>machine.slice</code>.
-      </p>
-
-      <pre>
-# systemctl set-property machine.slice MemoryHigh=&lt;value&gt;</pre>
-
-      <p>
-          To put even stricter measures in place which would involve the OOM killer, use
-        <pre>
-# systemctl set-property machine.slice MemoryMax=&lt;value&gt;</pre>
-          instead. Alternatively, you can create a systemd config (don't forget
-          to reload systemd configuration in this case):
-        <pre>
-# cat &lt;&lt; EOF &gt; /etc/systemd/system.control/machine.slice.d/90-MemoryMax.conf
-MemoryMax=&lt;value&gt;
-EOF</pre>
-          The trade-off to keep in mind with the second approach is that the VMs
-          can still perform DoS on each other.
-      </p>
-
-      <h3><a id="Virtio">Virtio</a></h3>
-      <p>
-          In order to make virtio devices work, we need to enable emulated IOMMU
-          on the devices so that virtual DMA can work.
-      </p>
-
-      <pre>
-# virsh edit &lt;domain&gt;
-&lt;domain&gt;
-  ...
-  &lt;controller type='virtio-serial' index='0'&gt;
-    &lt;driver iommu='on'/&gt;
-  &lt;/controller&gt;
-  &lt;controller type='scsi' index='0' model='virtio-scsi'&gt;
-    &lt;driver iommu='on'/&gt;
-  &lt;/controller&gt;
-  ...
-  &lt;memballoon model='virtio'&gt;
-    &lt;driver iommu='on'/&gt;
-  &lt;/memballoon&gt;
-  &lt;rng model='virtio'&gt;
-    &lt;backend model='random'&gt;/dev/urandom&lt;/backend&gt;
-    &lt;driver iommu='on'/&gt;
-  &lt;/rng&gt;
-  ...
-&lt;domain&gt;</pre>
-
-    <p>
-        If you for some reason want to use the legacy PC machine type, further changes
-        to the virtio
-        configuration is required, because SEV will not work with Virtio &lt;1.0. In
-        libvirt, this is handled by using the virtio-non-transitional device model
-        (libvirt &gt;= 5.2.0 required).
-
-      <p>
-        Note: some devices like video devices don't
-          support non-transitional model, which means that virtio GPU cannot be used.
-      </p>
-    </p>
-
-    <pre>
-&lt;domain&gt;
-  ...
-  &lt;devices&gt;
-    ...
-    &lt;memballoon model='virtio-non-transitional'&gt;
-      &lt;driver iommu='on'/&gt;
-    &lt;/memballoon&gt;
-  &lt;/devices&gt;
-  ...
-&lt;/domain&gt;</pre>
-
-    <h2><a id="Limitations">Limitations</a></h2>
-    <p>
-        Currently, the boot disk cannot be of type virtio-blk, instead, virtio-scsi
-        needs to be used if virtio is desired. This limitation is expected to be lifted
-        with future releases of kernel (the kernel used at the time of writing the
-        article is 5.0.14).
-        If you still cannot start an SEV VM, it could be because of wrong SELinux label on the <code>/dev/sev</code> device with selinux-policy &lt;3.14.2.40 which prevents QEMU from touching the device. This can be resolved by upgrading the package, tuning the selinux policy rules manually to allow svirt_t to access the device (see <code>audit2allow</code> on how to do that) or putting SELinux into permissive mode (discouraged).
-    </p>
-
-    <h2><a id="Examples">Full domain XML examples</a></h2>
-
-    <h5>Q35 machine</h5>
-    <pre>
-&lt;domain type='kvm'&gt;
-  &lt;name&gt;sev-dummy&lt;/name&gt;
-  &lt;memory unit='KiB'&gt;4194304&lt;/memory&gt;
-  &lt;currentMemory unit='KiB'&gt;4194304&lt;/currentMemory&gt;
-  &lt;memoryBacking&gt;
-    &lt;locked/&gt;
-  &lt;/memoryBacking&gt;
-  &lt;vcpu placement='static'&gt;4&lt;/vcpu&gt;
-  &lt;os&gt;
-    &lt;type arch='x86_64' machine='pc-q35-3.0'&gt;hvm&lt;/type&gt;
-    &lt;loader readonly='yes' type='pflash'&gt;/usr/share/edk2/ovmf/OVMF_CODE.fd&lt;/loader&gt;
-    &lt;nvram&gt;/var/lib/libvirt/qemu/nvram/sev-dummy_VARS.fd&lt;/nvram&gt;
-  &lt;/os&gt;
-  &lt;features&gt;
-    &lt;acpi/&gt;
-    &lt;apic/&gt;
-    &lt;vmport state='off'/&gt;
-  &lt;/features&gt;
-  &lt;cpu mode='host-model' check='partial'&gt;
-    &lt;model fallback='allow'/&gt;
-  &lt;/cpu&gt;
-  &lt;clock offset='utc'&gt;
-    &lt;timer name='rtc' tickpolicy='catchup'/&gt;
-    &lt;timer name='pit' tickpolicy='delay'/&gt;
-    &lt;timer name='hpet' present='no'/&gt;
-  &lt;/clock&gt;
-  &lt;on_poweroff&gt;destroy&lt;/on_poweroff&gt;
-  &lt;on_reboot&gt;restart&lt;/on_reboot&gt;
-  &lt;on_crash&gt;destroy&lt;/on_crash&gt;
-  &lt;pm&gt;
-    &lt;suspend-to-mem enabled='no'/&gt;
-    &lt;suspend-to-disk enabled='no'/&gt;
-  &lt;/pm&gt;
-  &lt;devices&gt;
-    &lt;emulator&gt;/usr/bin/qemu-kvm&lt;/emulator&gt;
-    &lt;disk type='file' device='disk'&gt;
-      &lt;driver name='qemu' type='qcow2'/&gt;
-      &lt;source file='/var/lib/libvirt/images/sev-dummy.qcow2'/&gt;
-      &lt;target dev='sda' bus='scsi'/&gt;
-      &lt;boot order='1'/&gt;
-    &lt;/disk&gt;
-    &lt;controller type='virtio-serial' index='0'&gt;
-      &lt;driver iommu='on'/&gt;
-    &lt;/controller&gt;
-    &lt;controller type='scsi' index='0' model='virtio-scsi'&gt;
-      &lt;driver iommu='on'/&gt;
-    &lt;/controller&gt;
-    &lt;interface type='network'&gt;
-      &lt;mac address='52:54:00:cc:56:90'/&gt;
-      &lt;source network='default'/&gt;
-      &lt;model type='virtio'/&gt;
-      &lt;driver iommu='on'/&gt;
-    &lt;/interface&gt;
-    &lt;graphics type='spice' autoport='yes'&gt;
-      &lt;listen type='address'/&gt;
-      &lt;gl enable='no'/&gt;
-    &lt;/graphics&gt;
-    &lt;video&gt;
-      &lt;model type='qxl'/&gt;
-    &lt;/video&gt;
-    &lt;memballoon model='virtio'&gt;
-      &lt;driver iommu='on'/&gt;
-    &lt;/memballoon&gt;
-    &lt;rng model='virtio'&gt;
-      &lt;driver iommu='on'/&gt;
-    &lt;/rng&gt;
-  &lt;/devices&gt;
-  &lt;launchSecurity type='sev'&gt;
-    &lt;cbitpos&gt;47&lt;/cbitpos&gt;
-    &lt;reducedPhysBits&gt;1&lt;/reducedPhysBits&gt;
-    &lt;policy&gt;0x0003&lt;/policy&gt;
-  &lt;/launchSecurity&gt;
-&lt;/domain&gt;</pre>
-
-    <h5>PC-i440fx machine:</h5>
-    <pre>
-&lt;domain type='kvm'&gt;
-  &lt;name&gt;sev-dummy-legacy&lt;/name&gt;
-  &lt;memory unit='KiB'&gt;4194304&lt;/memory&gt;
-  &lt;currentMemory unit='KiB'&gt;4194304&lt;/currentMemory&gt;
-  &lt;memtune&gt;
-    &lt;hard_limit unit='KiB'&gt;5242880&lt;/hard_limit&gt;
-  &lt;/memtune&gt;
-  &lt;vcpu placement='static'&gt;4&lt;/vcpu&gt;
-  &lt;os&gt;
-    &lt;type arch='x86_64' machine='pc-i440fx-3.0'&gt;hvm&lt;/type&gt;
-    &lt;loader readonly='yes' type='pflash'&gt;/usr/share/edk2/ovmf/OVMF_CODE.fd&lt;/loader&gt;
-    &lt;nvram&gt;/var/lib/libvirt/qemu/nvram/sev-dummy_VARS.fd&lt;/nvram&gt;
-    &lt;boot dev='hd'/&gt;
-  &lt;/os&gt;
-  &lt;features&gt;
-  &lt;acpi/&gt;
-  &lt;apic/&gt;
-  &lt;vmport state='off'/&gt;
-  &lt;/features&gt;
-  &lt;cpu mode='host-model' check='partial'&gt;
-    &lt;model fallback='allow'/&gt;
-  &lt;/cpu&gt;
-  &lt;clock offset='utc'&gt;
-    &lt;timer name='rtc' tickpolicy='catchup'/&gt;
-    &lt;timer name='pit' tickpolicy='delay'/&gt;
-    &lt;timer name='hpet' present='no'/&gt;
-  &lt;/clock&gt;
-  &lt;on_poweroff&gt;destroy&lt;/on_poweroff&gt;
-  &lt;on_reboot&gt;restart&lt;/on_reboot&gt;
-  &lt;on_crash&gt;destroy&lt;/on_crash&gt;
-  &lt;pm&gt;
-    &lt;suspend-to-mem enabled='no'/&gt;
-    &lt;suspend-to-disk enabled='no'/&gt;
-  &lt;/pm&gt;
-  &lt;devices&gt;
-    &lt;emulator&gt;/usr/bin/qemu-kvm&lt;/emulator&gt;
-    &lt;disk type='file' device='disk'&gt;
-      &lt;driver name='qemu' type='qcow2'/&gt;
-      &lt;source file='/var/lib/libvirt/images/sev-dummy-seabios.qcow2'/&gt;
-      &lt;target dev='sda' bus='sata'/&gt;
-    &lt;/disk&gt;
-    &lt;interface type='network'&gt;
-      &lt;mac address='52:54:00:d8:96:c8'/&gt;
-      &lt;source network='default'/&gt;
-      &lt;model type='virtio-non-transitional'/&gt;
-    &lt;/interface&gt;
-    &lt;serial type='pty'&gt;
-      &lt;target type='isa-serial' port='0'&gt;
-        &lt;model name='isa-serial'/&gt;
-      &lt;/target&gt;
-    &lt;/serial&gt;
-    &lt;console type='pty'&gt;
-      &lt;target type='serial' port='0'/&gt;
-    &lt;/console&gt;
-    &lt;input type='tablet' bus='usb'&gt;
-      &lt;address type='usb' bus='0' port='1'/&gt;
-    &lt;/input&gt;
-    &lt;input type='mouse' bus='ps2'/&gt;
-    &lt;input type='keyboard' bus='ps2'/&gt;
-    &lt;graphics type='spice' autoport='yes'&gt;
-      &lt;listen type='address'/&gt;
-      &lt;gl enable='no'/&gt;
-    &lt;/graphics&gt;
-    &lt;video&gt;
-      &lt;model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/&gt;
-    &lt;/video&gt;
-    &lt;memballoon model='virtio-non-transitional'&gt;
-      &lt;driver iommu='on'/&gt;
-    &lt;/memballoon&gt;
-      &lt;rng model='virtio-non-transitional'&gt;
-    &lt;driver iommu='on'/&gt;
-    &lt;/rng&gt;
-  &lt;/devices&gt;
-  &lt;launchSecurity type='sev'&gt;
-    &lt;cbitpos&gt;47&lt;/cbitpos&gt;
-    &lt;reducedPhysBits&gt;1&lt;/reducedPhysBits&gt;
-    &lt;policy&gt;0x0003&lt;/policy&gt;
-  &lt;/launchSecurity&gt;
-&lt;/domain&gt;</pre>
-  </body>
-</html>

docs/kbase/launch_security_sev.rst

@@ -0,0 +1,529 @@
+============================
+Launch security with AMD SEV
+============================
+
+.. contents::
+
+Storage encryption in modern public cloud computing is a common
+practice. However, from the point of view of a user of these cloud
+workloads, a significant amount of trust needs to be put in the cloud
+platform security as well as integrity (was the hypervisor tampered?).
+For this reason there's ever rising demand for securing data in use,
+i.e. memory encryption. One of the solutions addressing this matter is
+AMD SEV.
+
+AMD Secure Encrypted Virtualization (SEV)
+=========================================
+
+SEV (Secure Encrypted Virtualization) is a feature extension of AMD's
+SME (Secure Memory Encryption) intended for KVM virtual machines which
+is supported primarily on AMD's EPYC CPU line. In contrast to SME, SEV
+uses a unique memory encryption key for each VM. The whole encryption of
+memory pages is completely transparent to the hypervisor and happens
+inside dedicated hardware in the on-die memory controller. Each
+controller includes a high-performance Advanced Encryption Standard
+(AES) engine that encrypts data when it is written to DRAM and decrypts
+it when read. For more details about the technology itself, you can
+visit `AMD's developer portal <https://developer.amd.com/sev/>`__.
+
+Enabling SEV on the host
+========================
+
+Before VMs can make use of the SEV feature you need to make sure your
+AMD CPU does support SEV. You can check whether SEV is among the CPU
+flags with:
+
+::
+
+   $ cat /proc/cpuinfo | grep sev
+   ...
+   sme ssbd sev ibpb
+
+Next step is to enable SEV in the kernel, because it is disabled by
+default. This is done by putting the following onto the kernel command
+line:
+
+::
+
+   mem_encrypt=on kvm_amd.sev=1
+
+To make the changes persistent, append the above to the variable holding
+parameters of the kernel command line in ``/etc/default/grub`` to
+preserve SEV settings across reboots
+
+::
+
+   $ cat /etc/default/grub
+   ...
+   GRUB_CMDLINE_LINUX="... mem_encrypt=on kvm_amd.sev=1"
+   $ grub2-mkconfig -o /boot/efi/EFI/<distro>/grub.cfg
+
+``mem_encrypt=on`` turns on the SME memory encryption feature on the
+host which protects against the physical attack on the hypervisor
+memory. The ``kvm_amd.sev`` parameter actually enables SEV in the kvm
+module. It can be set on the command line alongside ``mem_encrypt`` like
+shown above, or it can be put into a module config under
+``/etc/modprobe.d/``
+
+::
+
+   $ cat /etc/modprobe.d/sev.conf
+   options kvm_amd sev=1
+
+After rebooting the host, you should see SEV being enabled in the
+kernel:
+
+::
+
+   $ cat /sys/module/kvm_amd/parameters/sev
+   1
+
+
+Checking SEV support in the virt stack
+======================================
+
+**Note: All of the commands bellow need to be run with root
+privileges.**
+
+First make sure you have the following packages in the specified
+versions:
+
+-  libvirt >= 4.5.0 (>5.1.0 recommended due to additional SEV bugfixes)
+-  QEMU >= 2.12.0
+
+To confirm that the virtualization stack supports SEV, run the
+following:
+
+::
+
+   # virsh domcapabilities
+   <domainCapabilities>
+   ...
+     <features>
+       ...
+       <sev supported='yes'>
+         <cbitpos>47</cbitpos>
+         <reducedPhysBits>1</reducedPhysBits>
+       </sev>
+       ...
+     </features>
+   </domainCapabilities>
+
+Note that if libvirt was already installed and libvirtd running before
+enabling SEV in the kernel followed by the host reboot you need to force
+libvirtd to re-probe both the host and QEMU capabilities. First stop
+libvirtd:
+
+::
+
+   # systemctl stop libvirtd.service
+
+Now you need to clean the capabilities cache:
+
+::
+
+   # rm -f /var/cache/libvirt/qemu/capabilities/*
+
+If you now restart libvirtd, it will re-probe the capabilities and if
+you now run:
+
+::
+
+   # virsh domcapabilities
+
+SEV should be listed as supported. If you still see:
+
+::
+
+   <sev supported='no'/>
+
+it means one of two things:
+
+#. libvirt does support SEV, but either QEMU or the host does not
+#. you have libvirt <=5.1.0 which suffered from getting a
+   ``'Permission denied'`` on ``/dev/sev`` because of the default
+   permissions on the character device which prevented QEMU from opening
+   it during capabilities probing - you can either manually tweak the
+   permissions so that QEMU has access to it or preferably install
+   libvirt 5.1.0 or higher
+
+VM Configuration
+================
+
+SEV is enabled in the XML by specifying the
+`<launchSecurity> <https://libvirt.org/formatdomain.html#launchSecurity>`__
+element. However, specifying ``launchSecurity`` isn't enough to boot an
+SEV VM. Further configuration requirements are discussed below.
+
+Machine type
+------------
+
+Even though both Q35 and legacy PC machine types (for PC see also
+"virtio") can be used with SEV, usage of the legacy PC machine type is
+strongly discouraged, since depending on how your OVMF package was built
+(e.g. including features like SecureBoot or SMM) Q35 may even be
+required.
+
+Q35
+~~~
+
+::
+
+   ...
+   <os>
+     <type arch='x86_64' machine='pc-q35-3.0'>hvm</type>
+     ...
+   </os>
+   ...
+
+i440fx (discouraged)
+~~~~~~~~~~~~~~~~~~~~
+
+::
+
+   ...
+   <os>
+     <type arch='x86_64' machine='pc-i440fx-3.0'>hvm</type>
+     ...
+   </os>
+   ...
+
+Boot loader
+-----------
+
+SEV is only going to work with OVMF (UEFI), so you'll need to point
+libvirt to the correct OVMF binary.
+
+::
+
+   ...
+   <os>
+     <type arch='x86_64' machine='pc-q35-3.0'>hvm</type>
+     <loader readonly='yes' type='pflash'>/usr/share/edk2/ovmf/OVMF_CODE.fd</loader>
+   </os>
+   ...
+
+Memory
+------
+
+Internally, SEV expects that the encrypted memory pages won't be swapped
+out or move around so the VM memory needs to be pinned in physical RAM
+which will be handled by QEMU. Apart from that, certain memory regions
+allocated by QEMU itself (UEFI pflash, device ROMs, video RAM, etc.)
+have to be encrypted as well. This causes a conflict in how libvirt
+tries to protect the host. By default, libvirt enforces a memory hard
+limit on each VM's cgroup in order to protect the host from malicious
+QEMU to allocate and lock all the available memory. This limit
+corresponds to the total memory allocation for the VM given by
+``<currentMemory>`` element. However, trying to account for the
+additional memory regions QEMU allocates when calculating the limit in
+an automated manner is non-deterministic. One way to resolve this is to
+set the hard limit manually.
+
+Note: Figuring out the right number so that your guest boots and isn't
+killed is challenging, but 256MiB extra memory over the total guest RAM
+should suffice for most workloads and may serve as a good starting
+point. For example, a domain with 4GB memory with a 256MiB extra hard
+limit would look like this:
+
+::
+
+   # virsh edit <domain>
+   <domain>
+     ...
+     <currentMemory unit='KiB'>4194304</currentMemory>
+     <memtune>
+       <hard_limit unit='KiB'>4456448</hard_limit>
+     </memtune>
+     ...
+   </domain>
+
+There's another, preferred method of taking care of the limits by using
+the\ ``<memoryBacking>`` element along with the ``<locked/>``
+subelement:
+
+::
+
+   <domain>
+     ...
+     <memoryBacking>
+       <locked/>
+     </memoryBacking>
+     ...
+   </domain>
+
+What that does is that it tells libvirt not to force any hard limit
+(well, unlimited) upon the VM cgroup. The obvious advantage is that one
+doesn't need to determine the hard limit for every single SEV-enabled
+VM. However, there is a significant security-related drawback to this
+approach. Since no hard limit is applied, a malicious QEMU could perform
+a DoS attack by locking all of the host's available memory. The way to
+avoid this issue and to protect the host is to enforce a bigger hard
+limit on the master cgroup containing all of the VMs - on systemd this
+is ``machine.slice``.
+
+::
+
+   # systemctl set-property machine.slice MemoryHigh=<value>
+
+To put even stricter measures in place which would involve the OOM
+killer, use
+
+::
+
+   # systemctl set-property machine.slice MemoryMax=<value>
+
+instead. Alternatively, you can create a systemd config (don't forget to
+reload systemd configuration in this case):
+
+::
+
+   # cat << EOF > /etc/systemd/system.control/machine.slice.d/90-MemoryMax.conf
+   MemoryMax=<value>
+   EOF
+
+The trade-off to keep in mind with the second approach is that the VMs
+can still perform DoS on each other.
+
+Virtio
+------
+
+In order to make virtio devices work, we need to enable emulated IOMMU
+on the devices so that virtual DMA can work.
+
+::
+
+   # virsh edit <domain>
+   <domain>
+     ...
+     <controller type='virtio-serial' index='0'>
+       <driver iommu='on'/>
+     </controller>
+     <controller type='scsi' index='0' model='virtio-scsi'>
+       <driver iommu='on'/>
+     </controller>
+     ...
+     <memballoon model='virtio'>
+       <driver iommu='on'/>
+     </memballoon>
+     <rng model='virtio'>
+       <backend model='random'>/dev/urandom</backend>
+       <driver iommu='on'/>
+     </rng>
+     ...
+   <domain>
+
+If you for some reason want to use the legacy PC machine type, further
+changes to the virtio configuration is required, because SEV will not
+work with Virtio <1.0. In libvirt, this is handled by using the
+virtio-non-transitional device model (libvirt >= 5.2.0 required).
+
+Note: some devices like video devices don't support non-transitional
+model, which means that virtio GPU cannot be used.
+
+::
+
+   <domain>
+     ...
+     <devices>
+       ...
+       <memballoon model='virtio-non-transitional'>
+         <driver iommu='on'/>
+       </memballoon>
+     </devices>
+     ...
+   </domain>
+
+Checking SEV from within the guest
+==================================
+
+After making the necessary adjustments discussed in
+`Configuration <#Configuration>`__, the VM should now boot successfully
+with SEV enabled. You can then verify that the guest has SEV enabled by
+running:
+
+::
+
+   # dmesg | grep -i sev
+   AMD Secure Encrypted Virtualization (SEV) active
+
+Limitations
+===========
+
+Currently, the boot disk cannot be of type virtio-blk, instead,
+virtio-scsi needs to be used if virtio is desired. This limitation is
+expected to be lifted with future releases of kernel (the kernel used at
+the time of writing the article is 5.0.14). If you still cannot start an
+SEV VM, it could be because of wrong SELinux label on the ``/dev/sev``
+device with selinux-policy <3.14.2.40 which prevents QEMU from touching
+the device. This can be resolved by upgrading the package, tuning the
+selinux policy rules manually to allow svirt_t to access the device (see
+``audit2allow`` on how to do that) or putting SELinux into permissive
+mode (discouraged).
+
+Full domain XML examples
+========================
+
+Q35 machine
+-----------
+
+::
+
+   <domain type='kvm'>
+     <name>sev-dummy</name>
+     <memory unit='KiB'>4194304</memory>
+     <currentMemory unit='KiB'>4194304</currentMemory>
+     <memoryBacking>
+       <locked/>
+     </memoryBacking>
+     <vcpu placement='static'>4</vcpu>
+     <os>
+       <type arch='x86_64' machine='pc-q35-3.0'>hvm</type>
+       <loader readonly='yes' type='pflash'>/usr/share/edk2/ovmf/OVMF_CODE.fd</loader>
+       <nvram>/var/lib/libvirt/qemu/nvram/sev-dummy_VARS.fd</nvram>
+     </os>
+     <features>
+       <acpi/>
+       <apic/>
+       <vmport state='off'/>
+     </features>
+     <cpu mode='host-model' check='partial'>
+       <model fallback='allow'/>
+     </cpu>
+     <clock offset='utc'>
+       <timer name='rtc' tickpolicy='catchup'/>
+       <timer name='pit' tickpolicy='delay'/>
+       <timer name='hpet' present='no'/>
+     </clock>
+     <on_poweroff>destroy</on_poweroff>
+     <on_reboot>restart</on_reboot>
+     <on_crash>destroy</on_crash>
+     <pm>
+       <suspend-to-mem enabled='no'/>
+       <suspend-to-disk enabled='no'/>
+     </pm>
+     <devices>
+       <emulator>/usr/bin/qemu-kvm</emulator>
+       <disk type='file' device='disk'>
+         <driver name='qemu' type='qcow2'/>
+         <source file='/var/lib/libvirt/images/sev-dummy.qcow2'/>
+         <target dev='sda' bus='scsi'/>
+         <boot order='1'/>
+       </disk>
+       <controller type='virtio-serial' index='0'>
+         <driver iommu='on'/>
+       </controller>
+       <controller type='scsi' index='0' model='virtio-scsi'>
+         <driver iommu='on'/>
+       </controller>
+       <interface type='network'>
+         <mac address='52:54:00:cc:56:90'/>
+         <source network='default'/>
+         <model type='virtio'/>
+         <driver iommu='on'/>
+       </interface>
+       <graphics type='spice' autoport='yes'>
+         <listen type='address'/>
+         <gl enable='no'/>
+       </graphics>
+       <video>
+         <model type='qxl'/>
+       </video>
+       <memballoon model='virtio'>
+         <driver iommu='on'/>
+       </memballoon>
+       <rng model='virtio'>
+         <driver iommu='on'/>
+       </rng>
+     </devices>
+     <launchSecurity type='sev'>
+       <cbitpos>47</cbitpos>
+       <reducedPhysBits>1</reducedPhysBits>
+       <policy>0x0003</policy>
+     </launchSecurity>
+   </domain>
+
+PC-i440fx machine
+-----------------
+
+::
+
+   <domain type='kvm'>
+     <name>sev-dummy-legacy</name>
+     <memory unit='KiB'>4194304</memory>
+     <currentMemory unit='KiB'>4194304</currentMemory>
+     <memtune>
+       <hard_limit unit='KiB'>5242880</hard_limit>
+     </memtune>
+     <vcpu placement='static'>4</vcpu>
+     <os>
+       <type arch='x86_64' machine='pc-i440fx-3.0'>hvm</type>
+       <loader readonly='yes' type='pflash'>/usr/share/edk2/ovmf/OVMF_CODE.fd</loader>
+       <nvram>/var/lib/libvirt/qemu/nvram/sev-dummy_VARS.fd</nvram>
+       <boot dev='hd'/>
+     </os>
+     <features>
+     <acpi/>
+     <apic/>
+     <vmport state='off'/>
+     </features>
+     <cpu mode='host-model' check='partial'>
+       <model fallback='allow'/>
+     </cpu>
+     <clock offset='utc'>
+       <timer name='rtc' tickpolicy='catchup'/>
+       <timer name='pit' tickpolicy='delay'/>
+       <timer name='hpet' present='no'/>
+     </clock>
+     <on_poweroff>destroy</on_poweroff>
+     <on_reboot>restart</on_reboot>
+     <on_crash>destroy</on_crash>
+     <pm>
+       <suspend-to-mem enabled='no'/>
+       <suspend-to-disk enabled='no'/>
+     </pm>
+     <devices>
+       <emulator>/usr/bin/qemu-kvm</emulator>
+       <disk type='file' device='disk'>
+         <driver name='qemu' type='qcow2'/>
+         <source file='/var/lib/libvirt/images/sev-dummy-seabios.qcow2'/>
+         <target dev='sda' bus='sata'/>
+       </disk>
+       <interface type='network'>
+         <mac address='52:54:00:d8:96:c8'/>
+         <source network='default'/>
+         <model type='virtio-non-transitional'/>
+       </interface>
+       <serial type='pty'>
+         <target type='isa-serial' port='0'>
+           <model name='isa-serial'/>
+         </target>
+       </serial>
+       <console type='pty'>
+         <target type='serial' port='0'/>
+       </console>
+       <input type='tablet' bus='usb'>
+         <address type='usb' bus='0' port='1'/>
+       </input>
+       <input type='mouse' bus='ps2'/>
+       <input type='keyboard' bus='ps2'/>
+       <graphics type='spice' autoport='yes'>
+         <listen type='address'/>
+         <gl enable='no'/>
+       </graphics>
+       <video>
+         <model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/>
+       </video>
+       <memballoon model='virtio-non-transitional'>
+         <driver iommu='on'/>
+       </memballoon>
+         <rng model='virtio-non-transitional'>
+       <driver iommu='on'/>
+       </rng>
+     </devices>
+     <launchSecurity type='sev'>
+       <cbitpos>47</cbitpos>
+       <reducedPhysBits>1</reducedPhysBits>
+       <policy>0x0003</policy>
+     </launchSecurity>
+   </domain>

docs/kbase/locking-lockd.html.in

@@ -1,160 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Virtual machine lock manager, virtlockd plugin</h1>
-
-    <ul id="toc"></ul>
-
-    <p>
-      This page describes use of the <code>virtlockd</code>
-      service as a <a href="locking.html">lock driver</a>
-      plugin for virtual machine disk mutual exclusion.
-    </p>
-
-    <h2><a id="background">virtlockd background</a></h2>
-
-    <p>
-      The virtlockd daemon is a single purpose binary which
-      focuses exclusively on the task of acquiring and holding
-      locks on behalf of running virtual machines. It is
-      designed to offer a low overhead, portable locking
-      scheme can be used out of the box on virtualization
-      hosts with minimal configuration overheads. It makes
-      use of the POSIX fcntl advisory locking capability
-      to hold locks, which is supported by the majority of
-      commonly used filesystems.
-    </p>
-
-    <h2><a id="sanlock">virtlockd daemon setup</a></h2>
-
-    <p>
-      In most OS, the virtlockd daemon itself will not require
-      any upfront configuration work. It is installed by default
-      when libvirtd is present, and a systemd socket unit is
-      registered such that the daemon will be automatically
-      started when first required. With OS that predate systemd
-      though, it will be necessary to start it at boot time,
-      prior to libvirtd being started. On RHEL/Fedora distros,
-      this can be achieved as follows
-    </p>
-
-    <pre>
-# chkconfig virtlockd on
-# service virtlockd start
-    </pre>
-
-    <p>
-      The above instructions apply to the instance of virtlockd
-      that runs privileged, and is used by the libvirtd daemon
-      that runs privileged. If running libvirtd as an unprivileged
-      user, it will always automatically spawn an instance of
-      the virtlockd daemon unprivileged too. This requires no
-      setup at all.
-    </p>
-
-    <h2><a id="lockdplugin">libvirt lockd plugin configuration</a></h2>
-
-    <p>
-      Once the virtlockd daemon is running, or setup to autostart,
-      the next step is to configure the libvirt lockd plugin.
-      There is a separate configuration file for each libvirt
-      driver that is using virtlockd. For QEMU, we will edit
-      <code>/etc/libvirt/qemu-lockd.conf</code>
-    </p>
-
-    <p>
-      The default behaviour of the lockd plugin is to acquire locks
-      directly on the virtual disk images associated with the guest
-      &lt;disk&gt; elements. This ensures it can run out of the box
-      with no configuration, providing locking for disk images on
-      shared filesystems such as NFS. It does not provide any cross
-      host protection for storage that is backed by block devices,
-      since locks acquired on device nodes in /dev only apply within
-      the host. It may also be the case that the filesystem holding
-      the disk images is not capable of supporting fcntl locks.
-    </p>
-
-    <p>
-      To address these problems it is possible to tell lockd to
-      acquire locks on an indirect file. Essentially lockd will
-      calculate the SHA256 checksum of the fully qualified path,
-      and create a zero length file in a given directory whose
-      filename is the checksum. It will then acquire a lock on
-      that file. Assuming the block devices assigned to the guest
-      are using stable paths (eg /dev/disk/by-path/XXXXXXX) then
-      this will allow for locks to apply across hosts. This
-      feature can be enabled by setting a configuration setting
-      that specifies the directory in which to create the lock
-      files. The directory referred to should of course be
-      placed on a shared filesystem (eg NFS) that is accessible
-      to all hosts which can see the shared block devices.
-    </p>
-
-    <pre>
-$ su - root
-# augtool -s set \
-  /files/etc/libvirt/qemu-lockd.conf/file_lockspace_dir \
-  "/var/lib/libvirt/lockd/files"
-    </pre>
-
-    <p>
-      If the guests are using either LVM and SCSI block devices
-      for their virtual disks, there is a unique identifier
-      associated with each device. It is possible to tell lockd
-      to use this UUID as the basis for acquiring locks, rather
-      than the SHA256 sum of the filename. The benefit of this
-      is that the locking protection will work even if the file
-      paths to the given block device are different on each
-      host.
-    </p>
-
-    <pre>
-$ su - root
-# augtool -s set \
-  /files/etc/libvirt/qemu-lockd.conf/scsi_lockspace_dir \
-  "/var/lib/libvirt/lockd/scsi"
-# augtool -s set \
-  /files/etc/libvirt/qemu-lockd.conf/lvm_lockspace_dir \
-  "/var/lib/libvirt/lockd/lvm"
-    </pre>
-
-    <p>
-      It is important to remember that the changes made to the
-      <code>/etc/libvirt/qemu-lockd.conf</code> file must be
-      propagated to all hosts before any virtual machines are
-      launched on them. This ensures that all hosts are using
-      the same locking mechanism
-    </p>
-
-    <h2><a id="qemuconfig">QEMU/KVM driver configuration</a></h2>
-
-    <p>
-      The QEMU driver is capable of using the virtlockd plugin
-      since the release <span>1.0.2</span>.
-      The out of the box configuration, however, currently
-      uses the <strong>nop</strong> lock manager plugin.
-      To get protection for disks, it is thus necessary
-      to reconfigure QEMU to activate the <strong>lockd</strong>
-      driver. This is achieved by editing the QEMU driver
-      configuration file (<code>/etc/libvirt/qemu.conf</code>)
-      and changing the <code>lock_manager</code> configuration
-      tunable.
-    </p>
-
-    <pre>
-$ su - root
-# augtool -s  set /files/etc/libvirt/qemu.conf/lock_manager lockd
-# service libvirtd restart
-    </pre>
-
-    <p>
-      Every time you start a guest, the virtlockd daemon will acquire
-      locks on the disk files directly, or in one of the configured
-      lookaside directories based on SHA256 sum. To check that locks
-      are being acquired as expected, the <code>lslocks</code> tool
-      can be run.
-    </p>
-
-  </body>
-</html>

docs/kbase/locking-lockd.rst

@@ -0,0 +1,121 @@
+==============================================
+Virtual machine lock manager, virtlockd plugin
+==============================================
+
+.. contents::
+
+This page describes use of the ``virtlockd`` service as a `lock
+driver <locking.html>`__ plugin for virtual machine disk mutual
+exclusion.
+
+virtlockd background
+====================
+
+The virtlockd daemon is a single purpose binary which focuses
+exclusively on the task of acquiring and holding locks on behalf of
+running virtual machines. It is designed to offer a low overhead,
+portable locking scheme can be used out of the box on virtualization
+hosts with minimal configuration overheads. It makes use of the POSIX
+fcntl advisory locking capability to hold locks, which is supported by
+the majority of commonly used filesystems.
+
+virtlockd daemon setup
+======================
+
+In most OS, the virtlockd daemon itself will not require any upfront
+configuration work. It is installed by default when libvirtd is present,
+and a systemd socket unit is registered such that the daemon will be
+automatically started when first required. With OS that predate systemd
+though, it will be necessary to start it at boot time, prior to libvirtd
+being started. On RHEL/Fedora distros, this can be achieved as follows
+
+::
+
+   # chkconfig virtlockd on
+   # service virtlockd start
+
+The above instructions apply to the instance of virtlockd that runs
+privileged, and is used by the libvirtd daemon that runs privileged. If
+running libvirtd as an unprivileged user, it will always automatically
+spawn an instance of the virtlockd daemon unprivileged too. This
+requires no setup at all.
+
+libvirt lockd plugin configuration
+==================================
+
+Once the virtlockd daemon is running, or setup to autostart, the next
+step is to configure the libvirt lockd plugin. There is a separate
+configuration file for each libvirt driver that is using virtlockd. For
+QEMU, we will edit ``/etc/libvirt/qemu-lockd.conf``
+
+The default behaviour of the lockd plugin is to acquire locks directly
+on the virtual disk images associated with the guest <disk> elements.
+This ensures it can run out of the box with no configuration, providing
+locking for disk images on shared filesystems such as NFS. It does not
+provide any cross host protection for storage that is backed by block
+devices, since locks acquired on device nodes in /dev only apply within
+the host. It may also be the case that the filesystem holding the disk
+images is not capable of supporting fcntl locks.
+
+To address these problems it is possible to tell lockd to acquire locks
+on an indirect file. Essentially lockd will calculate the SHA256
+checksum of the fully qualified path, and create a zero length file in a
+given directory whose filename is the checksum. It will then acquire a
+lock on that file. Assuming the block devices assigned to the guest are
+using stable paths (eg /dev/disk/by-path/XXXXXXX) then this will allow
+for locks to apply across hosts. This feature can be enabled by setting
+a configuration setting that specifies the directory in which to create
+the lock files. The directory referred to should of course be placed on
+a shared filesystem (eg NFS) that is accessible to all hosts which can
+see the shared block devices.
+
+::
+
+   $ su - root
+   # augtool -s set \
+     /files/etc/libvirt/qemu-lockd.conf/file_lockspace_dir \
+     "/var/lib/libvirt/lockd/files"
+
+If the guests are using either LVM and SCSI block devices for their
+virtual disks, there is a unique identifier associated with each device.
+It is possible to tell lockd to use this UUID as the basis for acquiring
+locks, rather than the SHA256 sum of the filename. The benefit of this
+is that the locking protection will work even if the file paths to the
+given block device are different on each host.
+
+::
+
+   $ su - root
+   # augtool -s set \
+     /files/etc/libvirt/qemu-lockd.conf/scsi_lockspace_dir \
+     "/var/lib/libvirt/lockd/scsi"
+   # augtool -s set \
+     /files/etc/libvirt/qemu-lockd.conf/lvm_lockspace_dir \
+     "/var/lib/libvirt/lockd/lvm"
+
+It is important to remember that the changes made to the
+``/etc/libvirt/qemu-lockd.conf`` file must be propagated to all hosts
+before any virtual machines are launched on them. This ensures that all
+hosts are using the same locking mechanism
+
+QEMU/KVM driver configuration
+=============================
+
+The QEMU driver is capable of using the virtlockd plugin since the
+release 1.0.2. The out of the box configuration, however, currently uses
+the **nop** lock manager plugin. To get protection for disks, it is thus
+necessary to reconfigure QEMU to activate the **lockd** driver. This is
+achieved by editing the QEMU driver configuration file
+(``/etc/libvirt/qemu.conf``) and changing the ``lock_manager``
+configuration tunable.
+
+::
+
+   $ su - root
+   # augtool -s  set /files/etc/libvirt/qemu.conf/lock_manager lockd
+   # service libvirtd restart
+
+Every time you start a guest, the virtlockd daemon will acquire locks on
+the disk files directly, or in one of the configured lookaside
+directories based on SHA256 sum. To check that locks are being acquired
+as expected, the ``lslocks`` tool can be run.