Release of libvirt-8.0.0

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>

.github/lockdown.yml

@@ -1,38 +0,0 @@
-# Configuration for Repo Lockdown - https://github.com/dessant/repo-lockdown
-
-skipCreatedBefore: 2020-01-01
-
-# Close issues and pull requests
-close: true
-
-# Lock issues and pull requests
-lock: true
-
-# Optionally, specify configuration settings just for `issues` or `pulls`
-issues:
-  comment: |
-    Thank you for your interest in the libvirt project.
-
-    Since this repository is a read-only mirror of the project's master repostory hosted on GitLab, issues opened here are not processed.
-
-    We kindly request that new issues are reported to
-
-      https://gitlab.com/libvirt/libvirt/-/issues/new
-
-    Thank you for your time and understanding.
-
-pulls:
-  comment: |
-    Thank you for your interest in the libvirt project.
-
-    Since this repository is a read-only mirror of the project's master repostory hosted on GitLab, merge requests opened here are not processed.
-
-    We kindly request that contributors fork the project at
-
-      https://gitlab.com/libvirt/libvirt/
-
-    push changes to the fork, and then open a new merge request at
-
-      https://gitlab.com/libvirt/libvirt/-/merge_requests/new
-
-    Thank you for your time and understanding.

.github/workflows/lockdown.yml

@@ -0,0 +1,52 @@
+---
+# Configuration for Repo Lockdown - https://github.com/dessant/repo-lockdown
+
+name: 'Repo Lockdown'
+
+on:
+  issues:
+    types: opened
+  pull_request_target:
+    types: opened
+
+permissions:
+  pull-requests: write
+  issues: write
+
+jobs:
+  action:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: dessant/repo-lockdown@v2
+        with:
+          issue-comment: |
+            Thank you for your interest in the libvirt project.
+
+            Since this repository is a read-only mirror of the project's master
+            repostory hosted on GitLab, issues opened here are not processed.
+
+            We kindly request that new issues are reported to
+
+              https://gitlab.com/libvirt/libvirt/-/issues/new
+
+            Thank you for your time and understanding.
+          lock-issue: true
+          close-issue: true
+          pr-comment: |
+            Thank you for your interest in the libvirt project.
+
+            Since this repository is a read-only mirror of the project's master
+            repostory hosted on GitLab, merge requests opened here are not
+            processed.
+
+            We kindly request that contributors fork the project at
+
+              https://gitlab.com/libvirt/libvirt/
+
+            push changes to the fork, and then open a new merge request at
+
+              https://gitlab.com/libvirt/libvirt/-/merge_requests/new
+
+            Thank you for your time and understanding.
+          lock-pr: true
+          close-pr: true

.gitignore

@@ -13,6 +13,9 @@
 *.orig
 .git-module-status
 
+# python related ignores
+__pycache__/
+
 # libvirt related ignores
 /build/
 /ci/scratch/

.gitlab-ci.yml

@@ -11,501 +11,44 @@ stages:
   export CCACHE_DIR="$CCACHE_BASEDIR/ccache"
   export CCACHE_MAXSIZE="500M"
   export PATH="$CCACHE_WRAPPERSDIR:$PATH"
+  export VIR_TEST_VERBOSE="1"
+  export VIR_TEST_DEBUG="1"
 
-# Common templates
+include: '/ci/gitlab.yml'
 
-.container_job_template: &container_job_definition
-  image: docker:stable
-  stage: containers
-  needs: []
-  services:
-    - docker:dind
-  before_script:
-    - export TAG="$CI_REGISTRY_IMAGE/ci-$NAME:latest"
-    - export COMMON_TAG="$CI_REGISTRY/libvirt/libvirt/ci-$NAME:latest"
-    - docker info
-    - docker login registry.gitlab.com -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD"
-  script:
-    - docker pull "$TAG" || docker pull "$COMMON_TAG" || true
-    - docker build --cache-from "$TAG" --cache-from "$COMMON_TAG" --tag "$TAG" -f "ci/containers/libvirt-$NAME.Dockerfile" ci/containers
-    - docker push "$TAG"
-  after_script:
-    - docker logout
-
-# We build many containers which can be useful to debug problems but are not
-# needed for the pipeline itself to complete: those sometimes fail, and when
-# that happens it's mostly because of temporary issues with Debian sid. We
-# don't want those failures to affect the overall pipeline status
-.container_optional_job_template: &container_optional_job_definition
-  <<: *container_job_definition
-  allow_failure: true
-
-.native_build_job_template: &native_build_job_definition
-  stage: builds
-  image: $CI_REGISTRY_IMAGE/ci-$NAME:latest
+.native_build_job:
+  extends: .gitlab_native_build_job
   cache:
     paths:
       - ccache/
     key: "$CI_JOB_NAME"
   before_script:
     - *script_variables
+    - cat /packages.txt
   script:
-    - meson build --werror || (cat build/meson-logs/meson-log.txt && exit 1)
-    - if test "$DIST" != "skip";
-      then
-        ninja -C build dist;
-      else
-        ninja -C build;
-        ninja -C build test;
-      fi
+    - meson setup build --werror $MESON_ARGS || (cat build/meson-logs/meson-log.txt && exit 1)
+    - meson dist -C build --no-tests
     - if test -x /usr/bin/rpmbuild && test "$RPM" != "skip";
       then
         rpmbuild --nodeps -ta build/meson-dist/libvirt-*.tar.xz;
+      else
+        meson compile -C build;
+        meson test -C build --no-suite syntax-check --print-errorlogs;
       fi
 
-# Jobs that we delegate to Cirrus CI because they require an operating
-# system other than Linux. These jobs will only run if the required
-# setup has been performed on the GitLab account (see ci/README.rst).
-#
-# The Cirrus CI configuration is generated by replacing target-specific
-# variables in a generic template: some of these variables are provided
-# when the GitLab CI job is defined, others are taken from a shell
-# snippet generated using lcitool.
-#
-# Note that the $PATH environment variable has to be treated with
-# special care, because we can't just override it at the GitLab CI job
-# definition level or we risk breaking it completely.
-.cirrus_build_job_template: &cirrus_build_job_definition
-  stage: builds
-  image: registry.gitlab.com/libvirt/libvirt-ci/cirrus-run:master
-  needs: []
-  script:
-    - source ci/cirrus/libvirt-$NAME.vars
-    - sed -e "s|[@]CI_REPOSITORY_URL@|$CI_REPOSITORY_URL|g"
-          -e "s|[@]CI_COMMIT_REF_NAME@|$CI_COMMIT_REF_NAME|g"
-          -e "s|[@]CI_COMMIT_SHA@|$CI_COMMIT_SHA|g"
-          -e "s|[@]CIRRUS_VM_INSTANCE_TYPE@|$CIRRUS_VM_INSTANCE_TYPE|g"
-          -e "s|[@]CIRRUS_VM_IMAGE_SELECTOR@|$CIRRUS_VM_IMAGE_SELECTOR|g"
-          -e "s|[@]CIRRUS_VM_IMAGE_NAME@|$CIRRUS_VM_IMAGE_NAME|g"
-          -e "s|[@]INSTALL_COMMAND@|$INSTALL_COMMAND|g"
-          -e "s|[@]PATH@|$PATH_EXTRA${PATH_EXTRA:+:}\$PATH|g"
-          -e "s|[@]PKG_CONFIG_PATH@|$PKG_CONFIG_PATH|g"
-          -e "s|[@]PKGS@|$PKGS|g"
-          -e "s|[@]MAKE@|$MAKE|g"
-          -e "s|[@]PYTHON@|$PYTHON|g"
-          -e "s|[@]PIP@|$PIP|g"
-          -e "s|[@]PYPI_PKGS@|$PYPI_PKGS|g"
-      <ci/cirrus/build.yml >ci/cirrus/$NAME.yml
-    - cat ci/cirrus/$NAME.yml
-    - cirrus-run -v --show-build-log always ci/cirrus/$NAME.yml
-  only:
-    variables:
-      - $CIRRUS_GITHUB_REPO
-      - $CIRRUS_API_TOKEN
-
-.cross_build_default_job_template: &cross_build_job_definition
-  stage: builds
-  image: $CI_REGISTRY_IMAGE/ci-$NAME-cross-$CROSS:latest
+.cross_build_job:
+  extends: .gitlab_cross_build_job
   cache:
     paths:
       - ccache/
     key: "$CI_JOB_NAME"
   before_script:
     - *script_variables
+    - cat /packages.txt
   script:
-    - meson build --werror $MESON_OPTS || (cat build/meson-logs/meson-log.txt && exit 1)
-    - ninja -C build
-    - if test "$CROSS" = "i686" ; then ninja -C build test ; fi
-
-
-# Native container build jobs
-
-x64-centos-7-container:
-  <<: *container_job_definition
-  variables:
-    NAME: centos-7
-
-x64-centos-8-container:
-  <<: *container_job_definition
-  variables:
-    NAME: centos-8
-
-x64-centos-stream-container:
-  <<: *container_job_definition
-  variables:
-    NAME: centos-stream
-
-x64-debian-10-container:
-  <<: *container_job_definition
-  variables:
-    NAME: debian-10
-
-x64-debian-sid-container:
-  <<: *container_job_definition
-  variables:
-    NAME: debian-sid
-
-x64-fedora-31-container:
-  <<: *container_job_definition
-  variables:
-    NAME: fedora-31
-
-x64-fedora-32-container:
-  <<: *container_job_definition
-  variables:
-    NAME: fedora-32
-
-x64-fedora-rawhide-container:
-  <<: *container_job_definition
-  variables:
-    NAME: fedora-rawhide
-
-x64-opensuse-151-container:
-  <<: *container_job_definition
-  variables:
-    NAME: opensuse-151
-
-x64-ubuntu-1804-container:
-  <<: *container_job_definition
-  variables:
-    NAME: ubuntu-1804
-
-x64-ubuntu-2004-container:
-  <<: *container_job_definition
-  variables:
-    NAME: ubuntu-2004
-
-
-# Cross-build containers build jobs
-
-aarch64-debian-10-container:
-  <<: *container_job_definition
-  variables:
-    NAME: debian-10-cross-aarch64
-
-armv6l-debian-10-container:
-  <<: *container_job_definition
-  variables:
-    NAME: debian-10-cross-armv6l
-
-armv7l-debian-10-container:
-  <<: *container_optional_job_definition
-  variables:
-    NAME: debian-10-cross-armv7l
-
-i686-debian-10-container:
-  <<: *container_optional_job_definition
-  variables:
-    NAME: debian-10-cross-i686
-
-mips-debian-10-container:
-  <<: *container_job_definition
-  variables:
-    NAME: debian-10-cross-mips
-
-mips64el-debian-10-container:
-  <<: *container_job_definition
-  variables:
-    NAME: debian-10-cross-mips64el
-
-mipsel-debian-10-container:
-  <<: *container_job_definition
-  variables:
-    NAME: debian-10-cross-mipsel
-
-ppc64le-debian-10-container:
-  <<: *container_optional_job_definition
-  variables:
-    NAME: debian-10-cross-ppc64le
-
-s390x-debian-10-container:
-  <<: *container_optional_job_definition
-  variables:
-    NAME: debian-10-cross-s390x
-
-aarch64-debian-sid-container:
-  <<: *container_optional_job_definition
-  variables:
-    NAME: debian-sid-cross-aarch64
-
-armv6l-debian-sid-container:
-  <<: *container_optional_job_definition
-  variables:
-    NAME: debian-sid-cross-armv6l
-
-armv7l-debian-sid-container:
-  <<: *container_job_definition
-  variables:
-    NAME: debian-sid-cross-armv7l
-
-i686-debian-sid-container:
-  <<: *container_job_definition
-  variables:
-    NAME: debian-sid-cross-i686
-
-mips64el-debian-sid-container:
-  <<: *container_optional_job_definition
-  variables:
-    NAME: debian-sid-cross-mips64el
-
-mipsel-debian-sid-container:
-  <<: *container_optional_job_definition
-  variables:
-    NAME: debian-sid-cross-mipsel
-
-ppc64le-debian-sid-container:
-  <<: *container_job_definition
-  variables:
-    NAME: debian-sid-cross-ppc64le
-
-s390x-debian-sid-container:
-  <<: *container_optional_job_definition
-  variables:
-    NAME: debian-sid-cross-s390x
-
-mingw32-fedora-rawhide-container:
-  <<: *container_job_definition
-  variables:
-    NAME: fedora-rawhide-cross-mingw32
-
-mingw64-fedora-rawhide-container:
-  <<: *container_job_definition
-  variables:
-    NAME: fedora-rawhide-cross-mingw64
-
-
-# Native architecture build + test jobs
-
-x64-debian-10:
-  <<: *native_build_job_definition
-  needs:
-    - x64-debian-10-container
-  variables:
-    NAME: debian-10
-
-x64-debian-10-clang:
-  <<: *native_build_job_definition
-  needs:
-    - x64-debian-10-container
-  variables:
-    NAME: debian-10
-    CC: clang
-
-x64-debian-sid:
-  <<: *native_build_job_definition
-  needs:
-    - x64-debian-sid-container
-  variables:
-    NAME: debian-sid
-
-x64-centos-7:
-  <<: *native_build_job_definition
-  needs:
-    - x64-centos-7-container
-  variables:
-    NAME: centos-7
-    # meson dist fails on CentOS 7 because of old git that fails to clone
-    # from shallow git repository which is done when running meson dist
-    DIST: skip
-    RPM: skip
-
-x64-centos-8:
-  <<: *native_build_job_definition
-  needs:
-    - x64-centos-8-container
-  variables:
-    NAME: centos-8
-    RPM: skip
-
-x64-centos-8-clang:
-  <<: *native_build_job_definition
-  needs:
-    - x64-centos-8-container
-  variables:
-    NAME: centos-8
-    CC: clang
-    RPM: skip
-
-x64-centos-stream:
-  <<: *native_build_job_definition
-  needs:
-    - x64-centos-stream-container
-  variables:
-    NAME: centos-stream
-    RPM: skip
-
-x64-fedora-31:
-  <<: *native_build_job_definition
-  needs:
-    - x64-fedora-31-container
-  variables:
-    NAME: fedora-31
-    RPM: skip
-
-x64-fedora-32:
-  <<: *native_build_job_definition
-  needs:
-    - x64-fedora-32-container
-  variables:
-    NAME: fedora-32
-
-x64-fedora-rawhide:
-  <<: *native_build_job_definition
-  needs:
-    - x64-fedora-rawhide-container
-  variables:
-    NAME: fedora-rawhide
-
-x64-fedora-rawhide-clang:
-  <<: *native_build_job_definition
-  needs:
-    - x64-fedora-rawhide-container
-  variables:
-    NAME: fedora-rawhide
-    CC: clang
-    RPM: skip
-
-x64-opensuse-151:
-  <<: *native_build_job_definition
-  needs:
-    - x64-opensuse-151-container
-  variables:
-    NAME: opensuse-151
-    RPM: skip
-
-x64-ubuntu-1804:
-  <<: *native_build_job_definition
-  needs:
-    - x64-ubuntu-1804-container
-  variables:
-    NAME: ubuntu-1804
-
-x64-ubuntu-2004:
-  <<: *native_build_job_definition
-  needs:
-    - x64-ubuntu-2004-container
-  variables:
-    NAME: ubuntu-2004
-
-x64-freebsd-11-build:
-  <<: *cirrus_build_job_definition
-  variables:
-    NAME: freebsd-11
-    CIRRUS_VM_INSTANCE_TYPE: freebsd_instance
-    CIRRUS_VM_IMAGE_SELECTOR: image_family
-    CIRRUS_VM_IMAGE_NAME: freebsd-11-4
-    INSTALL_COMMAND: pkg install -y
-
-x64-freebsd-12-build:
-  <<: *cirrus_build_job_definition
-  variables:
-    NAME: freebsd-12
-    CIRRUS_VM_INSTANCE_TYPE: freebsd_instance
-    CIRRUS_VM_IMAGE_SELECTOR: image_family
-    CIRRUS_VM_IMAGE_NAME: freebsd-12-1
-    INSTALL_COMMAND: pkg install -y
-
-x64-macos-1015-build:
-  <<: *cirrus_build_job_definition
-  variables:
-    NAME: macos-1015
-    CIRRUS_VM_INSTANCE_TYPE: osx_instance
-    CIRRUS_VM_IMAGE_SELECTOR: image
-    CIRRUS_VM_IMAGE_NAME: catalina-base
-    INSTALL_COMMAND: brew install
-    PATH_EXTRA: /usr/local/opt/ccache/libexec:/usr/local/opt/gettext/bin:/usr/local/opt/libpcap/bin:/usr/local/opt/libxslt/bin:/usr/local/opt/rpcgen/bin
-    PKG_CONFIG_PATH: /usr/local/opt/curl/lib/pkgconfig:/usr/local/opt/libpcap/lib/pkgconfig:/usr/local/opt/libxml2/lib/pkgconfig:/usr/local/opt/ncurses/lib/pkgconfig:/usr/local/opt/readline/lib/pkgconfig
-
-
-# Cross compiled build jobs
-
-armv6l-debian-10:
-  <<: *cross_build_job_definition
-  needs:
-    - armv6l-debian-10-container
-  variables:
-    NAME: debian-10
-    CROSS: armv6l
-
-armv7l-debian-10:
-  <<: *cross_build_job_definition
-  needs:
-    - armv7l-debian-10-container
-  variables:
-    NAME: debian-10
-    CROSS: armv7l
-
-mips64el-debian-10:
-  <<: *cross_build_job_definition
-  needs:
-    - mips64el-debian-10-container
-  variables:
-    NAME: debian-10
-    CROSS: mips64el
-
-mips-debian-10:
-  <<: *cross_build_job_definition
-  needs:
-    - mips-debian-10-container
-  variables:
-    NAME: debian-10
-    CROSS: mips
-
-aarch64-debian-10:
-  <<: *cross_build_job_definition
-  needs:
-    - aarch64-debian-10-container
-  variables:
-    NAME: debian-10
-    CROSS: aarch64
-
-mipsel-debian-10:
-  <<: *cross_build_job_definition
-  needs:
-    - mipsel-debian-10-container
-  variables:
-    NAME: debian-10
-    CROSS: mipsel
-
-s390x-debian-sid:
-  <<: *cross_build_job_definition
-  needs:
-    - s390x-debian-10-container
-  variables:
-    NAME: debian-sid
-    CROSS: s390x
-
-i686-debian-sid:
-  <<: *cross_build_job_definition
-  needs:
-    - i686-debian-sid-container
-  variables:
-    NAME: debian-sid
-    CROSS: i686
-
-ppc64le-debian-sid:
-  <<: *cross_build_job_definition
-  needs:
-    - ppc64le-debian-10-container
-  variables:
-    NAME: debian-sid
-    CROSS: ppc64le
-
-mingw32-fedora-rawhide:
-  <<: *cross_build_job_definition
-  needs:
-    - mingw32-fedora-rawhide-container
-  variables:
-    NAME: fedora-rawhide
-    CROSS: mingw32
-
-mingw64-fedora-rawhide:
-  <<: *cross_build_job_definition
-  needs:
-    - mingw64-fedora-rawhide-container
-  variables:
-    NAME: fedora-rawhide
-    CROSS: mingw64
+    - meson setup build --werror $MESON_OPTS || (cat build/meson-logs/meson-log.txt && exit 1)
+    - meson compile -C build
+    - if test "$CROSS" = "i686" ; then meson test -C build --no-suite syntax-check --print-errorlogs ; fi
 
 
 # This artifact published by this job is downloaded by libvirt.org to
@@ -515,11 +58,11 @@ website:
   stage: builds
   image: $CI_REGISTRY_IMAGE/ci-centos-8:latest
   needs:
-    - x64-centos-8-container
+    - x86_64-centos-8-container
   before_script:
     - *script_variables
   script:
-    - meson build --prefix=$(pwd)/vroot || (cat build/meson-logs/meson-log.txt && exit 1)
+    - meson setup build --werror --prefix=$(pwd)/vroot || (cat build/meson-logs/meson-log.txt && exit 1)
     - ninja -C build install-web
     - mv vroot/share/doc/libvirt/html/ website
   artifacts:
@@ -532,16 +75,16 @@ website:
 
 
 codestyle:
-  stage: builds
-  image: $CI_REGISTRY_IMAGE/ci-opensuse-151:latest
+  stage: sanity_checks
+  image: $CI_REGISTRY_IMAGE/ci-opensuse-leap-152:latest
   needs:
-    - x64-opensuse-151-container
+    - x86_64-opensuse-leap-152-container
   before_script:
     - *script_variables
   script:
-    - meson build || (cat build/meson-logs/meson-log.txt && exit 1)
+    - meson setup build --werror || (cat build/meson-logs/meson-log.txt && exit 1)
     - ninja -C build libvirt-pot-dep
-    - meson test -C build --suite syntax-check --no-rebuild || (cat build/meson-logs/testlog.txt && exit 1)
+    - meson test -C build --suite syntax-check --no-rebuild --print-errorlogs
 
 
 # This artifact published by this job is downloaded to push to Weblate
@@ -551,13 +94,13 @@ potfile:
   stage: builds
   image: $CI_REGISTRY_IMAGE/ci-centos-8:latest
   needs:
-    - x64-centos-8-container
-  only:
-    - master
+    - x86_64-centos-8-container
+  rules:
+    - if: "$CI_COMMIT_BRANCH == 'master'"
   before_script:
     - *script_variables
   script:
-    - meson build || (cat build/meson-logs/meson-log.txt && exit 1)
+    - meson setup build --werror || (cat build/meson-logs/meson-log.txt && exit 1)
     - ninja -C build libvirt-pot-dep
     - ninja -C build libvirt-pot
     - cp po/libvirt.pot libvirt.pot
@@ -569,39 +112,18 @@ potfile:
     paths:
       - libvirt.pot
 
-
-# Check that all commits are signed-off for the DCO.
-# Skip on "libvirt" namespace, since we only need to run
-# this test on developer's personal forks from which
-# merge requests are submitted
-check-dco:
-  stage: sanity_checks
-  needs: []
-  image: registry.gitlab.com/libvirt/libvirt-ci/check-dco:master
-  script:
-    - /check-dco
-  except:
-    variables:
-      - $CI_PROJECT_NAMESPACE == 'libvirt'
-  variables:
-    GIT_DEPTH: 1000
-
-
 # Coverity job that is run only by schedules
 coverity:
   image: $CI_REGISTRY_IMAGE/ci-centos-8:latest
   needs:
-    - x64-centos-8-container
+    - x86_64-centos-8-container
   stage: builds
   script:
     - curl https://scan.coverity.com/download/linux64 --form project=$COVERITY_SCAN_PROJECT_NAME --form token=$COVERITY_SCAN_TOKEN -o /tmp/cov-analysis-linux64.tgz
     - tar xfz /tmp/cov-analysis-linux64.tgz
-    - meson build
-    - cov-analysis-linux64-*/bin/cov-build --dir cov-int ninja -C build
+    - meson setup build --werror || (cat build/meson-logs/meson-log.txt && exit 1)
+    - cov-analysis-linux64-*/bin/cov-build --dir cov-int meson compile -C build
     - tar cfz cov-int.tar.gz cov-int
     - curl https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME --form token=$COVERITY_SCAN_TOKEN --form email=$GITLAB_USER_EMAIL --form file=@cov-int.tar.gz --form version="$(git describe --tags)" --form description="$(git describe --tags) / $CI_COMMIT_TITLE / $CI_COMMIT_REF_NAME:$CI_PIPELINE_ID"
-  only:
-    refs:
-      - schedules
-    variables:
-      - $COVERITY_SCAN_PROJECT_NAME && $COVERITY_SCAN_TOKEN
+  rules:
+    - if: "$CI_PIPELINE_SOURCE == 'schedule' && $COVERITY_SCAN_PROJECT_NAME && $COVERITY_SCAN_TOKEN"

.gitlab/issue_templates/bug.md

@@ -0,0 +1,24 @@
+<!-- See https://libvirt.org/bugs.html#quality for guidance -->
+
+## Software environment
+ - Operating system:
+ - Architecture:
+ - kernel version:
+ - libvirt version:
+ - Hypervisor and version:
+
+## Description of problem
+
+## Steps to reproduce
+1.
+2.
+3.
+
+## Additional information
+<!-- Attach XML configs, logs, stack traces, etc. Compress the files if necessary -->
+<!-- See https://libvirt.org/kbase/debuglogs.html on how to configure logging -->
+
+
+
+<!-- The line below ensures that proper tags are added to the issue. -- >
+/label ~bug

.gitlab/issue_templates/feature.md

@@ -0,0 +1,30 @@
+<!--
+This is the upstream libvirt issue tracker.
+
+Please note that libvirt, like most open source projects, relies on
+contributors who have motivation, skills and available time to work on
+implementing particular features.
+
+Feature requests can be helpful for determining demand and interest, but
+they are not a guarantee that a contributor will volunteer to implement
+it. We welcome and encourage even draft patches to implement a feature
+be sent to the mailing list where it can be discussed and developed
+further by the community.
+
+Thank you for your interest in helping us to make libvirt better!
+-->
+
+## Goal
+<!-- Describe the final result you want to achieve. Avoid design specifics. -->
+
+
+## Technical details
+<!-- Describe technical details, design specifics, suggestions, versions, etc. -->
+
+
+## Additional information
+
+
+
+<!-- The line below ensures that proper tags are added to the issue. -- >
+/label ~enhancement

AUTHORS.rst.in

@@ -31,6 +31,7 @@ The primary maintainers and people with commit access rights:
 * Pino Toscano <ptoscano@redhat.com>
 * Richard W.M. Jones <rjones@redhat.com>
 * Roman Bogorodskiy <bogorodskiy@gmail.com>
+* Tim Wiederhake <twiederh@redhat.com>
 
 Previous maintainers:
 

NEWS.rst

@@ -8,7 +8,893 @@ the changes introduced by each of them.
 For a more fine-grained view, use the `git log`_.
 
 
-v6.10.0 (unreleased)
+v8.0.0 (2022-01-14)
+===================
+
+* **Security**
+
+  * libxl: Fix potential deadlock and crash (CVE-2021-4147)
+
+    A rogue guest could continuously reboot itself and cause libvirtd on the
+    host to deadlock or crash, resulting in a denial of service condition.
+
+* **Removed features**
+
+  * qemu: Explicitly forbid live changing nodeset for strict numatune
+
+    For ``strict`` mode of <numatune/> it can't be guaranteed that memory is
+    moved completely onto new set of nodes (e.g. QEMU might have locked pieces
+    of its memory) thus breaking the strict promise. If live migration of QEMU
+    memory between NUMA nodes is desired, users are advised to use
+    ``restrictive`` mode instead.
+
+* **New features**
+
+  * qemu: Synchronous write mode for disk copy operations
+
+    The ``blockdev-mirror`` block job supports a mode where writes from the VM
+    are synchronously propagated to the destination of the copy. This ensures
+    that the job will converge under heavy I/O.
+
+    Implement the mode for the copy blockjob as
+    ``VIR_DOMAIN_BLOCK_COPY_SYNCHRONOUS_WRITES`` flag exposed via
+    ``virsh blockcopy --synchronous-writes`` and for non-shared storage migration
+    as ``VIR_MIGRATE_NON_SHARED_SYNCHRONOUS_WRITES`` exposed via
+    ``virsh migrate --copy-storage-synchronous-writes``.
+
+  * Introduce TCG domain features
+
+    Libvirt is now able to set the size of translation block cache size
+    (tb-size) for TCG domains.
+
+  * qemu: Add new API to inject a launch secret in a domain
+
+    New API ``virDomainSetLaunchSecurityState()`` and virsh command
+    ``domsetlaunchsecstate`` are added to support injecting a launch secret
+    in a domain's memory.
+
+* **Improvements**
+
+  * libxl: Implement the virDomainGetMessages API
+
+  * qemu: Preserve qcow2 sub-cluster allocation state after external snapshots and block-copy
+
+    The new image which is installed as an overlay on top of the current chain
+    when taking an external snapshot, or the target of a block copy operation
+    now enables sub-cluster allocation (``extended_l2``) if the original
+    image has the option enabled.
+
+* **Bug fixes**
+
+  * qemu: Fix device hot-unplug with ``libvirt-7.9`` or ``libvirt-7.10`` used with ``qemu-6.2``
+
+    An internal change to the configuration format used by the above libvirt
+    versions triggers a bug in ``qemu-6.2`` where qemu no longer emits the
+    event notifying that the device was unplugged successfully and thus libvirt
+    never removes the device from the definition.
+
+    This impacts only devices which were present at startup of the VM, hotplugged
+    devices behave correctly.
+
+    This is fixed in ``libvirt-8.0`` by reverting to the old configuration
+    approach until qemu is fixed.
+
+    As a workaround for ``libvirt-7.9`` and ``libvirt-7.10`` the old configuration
+    approach can be forced by:
+
+    Option 1, global ``qemu.conf``::
+
+     capability_filters = [ "device.json" ]
+
+    Option 2, per VM XML override::
+
+     <domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>
+
+      [...]
+
+      <qemu:capabilities>
+        <qemu:del capability='device.json'/>
+      </qemu:capabilities>
+     </domain>
+
+  * Fix sparse streams with split daemon
+
+    In split daemon scenario, a client connected to a hypervisor driver and
+    using sparse streams (e.g. ``virsh vol-download --sparse``) would make the
+    hypervisor daemon enter an infinite loop without any data transfer. This is
+    now fixed.
+
+  * Build no longer requires RPC library
+
+    Code and its cross dependencies were fixed so that build without remote
+    driver and thus an RPC library (like ``tirpc``) fails no more.
+
+  * virnetdevopenvswitch: Fix 'burst' value passed to ovs-vsctl
+
+    When a ``<bandwidth/>`` was defined for a TAP device that's plugged into an
+    OvS bridge values passed to the OvS were incorrectly recalculated resulting
+    in slightly different limits being applied.
+
+
+v7.10.0 (2021-12-01)
+====================
+
+* **New features**
+
+  * Added virt-pki-query-dn binary
+
+    This binary helps users figure out the format of Distinguished Name
+    from a certificate file the way that libvirt expects it in
+    tls_allowed_dn_list option of libvirtd.conf configuration file
+
+* **Improvements**
+
+  * qemu: Report guest interface information in ``virDomainGetGuestInfo``
+
+    Libvirt is now able to report interface information from the guest's
+    perspective (using guest agent).
+
+  * qemu: detect guest side errors during device removal
+
+    Libvirt is now able to detect guest side errors during device removal by
+    using the DEVICE_UNPLUG_GUEST_ERROR event, available in QEMU 6.2.0.
+
+  * Minimum SSF setting
+
+    The libvirtd.conf option tcp_min_ssf can be used to override the minimum
+    permitted security strength factor for non-TLS remote connections.
+    The current hardcoded minimum is 56 (single-DES) and will be raised to 112
+    in the future. Setting a minimum lower than 112 is not supported.
+
+  * qemu: Report stats also for block copy destination and backup job scratch
+    images
+
+    The statistics are available via the bulk domain stats API.
+
+* **Bug fixes**
+
+  * qemu: Don't format 'ramfb' attribute when disabled
+
+    Fix a regression caused by the conversion to JSON -device arguments where
+    'ramfb' would be put on the commandline of 'vfio-pci' which doesn't have it,
+    thus breaking VMs with a mediated host device.
+
+  * qemu: Fix block copy and backup to encrypted storage
+
+    An oversight in last release lead to a spurious error being reported when
+    encrypted storage was requested for disk images which are not directly
+    backing the disk, which is now fixed.
+
+
+v7.9.0 (2021-11-01)
+===================
+
+* **New features**
+
+  * Introduce virtio-mem ``<memory/>`` model
+
+    New virtio-mem model is introduced for ``<memory/>`` device which is a
+    paravirtualized mechanism of adding/removing memory to/from a VM. Use
+    ``virDomainUpdateDeviceFlags()`` API to adjust amount of memory or ``virsh
+    update-memory-device`` for convenience.
+
+  * qemu: support disabling hotplug of devices on the pci-root controller
+
+    the <target hotplug='on|off'/> option is now supported for the
+    pci-root controller on i440fx-based (x86 "pc") machinetypes. This
+    can be used to disable hotplug/unplug of devices from this
+    controller. The default behavior is unchanged (hotplug is
+    allowed).
+
+  * Support hotplug and hotunplug for virtiofs
+
+    Filesystems backed by virtiofsd can now be hotplugged and hotunplugged.
+
+  * virpcivpd: Add a PCI VPD parser
+
+    A parser for the standard PCI/PCIe VPD ("I.3. VPD Definitions" in PCI 2.2+
+    and an equivalent definition in "6.28.1 VPD Format" PCIe 4.0) was added
+    along with relevant types to represent PCI VPD in memory. This
+    functionality got added for Linux only at this point (kernels above
+    v2.6.26 have support for exposing VPD via sysfs).
+
+  * virpci: Add PCI VPD-related helper functions to virpci
+
+    In order to utilize the PCI VPD parser, a couple of helper functions got
+    introduced to check for the presence of a VPD file in the sysfs tree and
+    to invoke the PCI VPD parser to get a list of resources representing PCI
+    VPD contents in memory.
+
+  * nodedev: Add PCI VPD capability support
+
+    Support for serializing and deserializing PCI VPD data structures is added
+    following the addition of the PCI VPD parser. A new PCI device capability
+    called "vpd" is introduced holding string resources and keyword resources
+    found in PCI VPD.
+
+  * qemu: Support page_per_vq for driver element
+
+    This optional virtio attribute ``page_per_vq`` controls the layout of the
+    notification capabilities exposed to the guest. It is recommended for the
+    vDPA devices.
+
+  * qemu: Support librbd encryption
+
+    Add an encryption engine ``librbd``. It will provides the image-level
+    encryption of librbd. It requires QEMU >= 6.1.0 and librbd >= 16.1.0.
+
+* **Improvements**
+
+  * Use of JSON syntax with ``-device`` with upcoming QEMU-6.2
+
+    Libvirt started using JSON directly with the ``-device`` commandline
+    parameter as it's considered the preferred stable syntax for further QEMU
+    releases. If any problems with the conversion are encountered please
+    report them as soon as possible.
+
+* **Bug fixes**
+
+  * qemu: Fix problems on ``virsh domstats`` with qemu <5.2.0
+
+    Libvirt v7.2.0 and later called query-dirty-rate, which was introduced in
+    qemu-5.2.0, regardless of qemu version and failed in qemu-5.1.0. This
+    release fixes the bug.
+
+ * Don't enter endless loop when unable to accept new clients
+
+   If libvirtd (or any other daemon) hit the ulimit for maximum number of open
+   files but there are still client connections pending then libvirtd (or
+   corresponding split daemon) would enter an endless loop from which it would
+   never recover. This behaviour is now fixed.
+
+ * qemu: Run secondary driver hooks in split daemon mode
+
+   Because of a bug in implementation it may happen that hooks from secondary
+   drivers were not called in all cases, for instance a network hook wasn't
+   called upon removal of interface after domain shut off itself. With this
+   release the bug is fixed.
+
+
+v7.8.0 (2021-10-01)
+===================
+
+* **New features**
+
+  * nodedev: Add ability to automatically start mediated devices
+
+    The autostart status of a persistent mediated devices can be managed with
+    the new APIs ``virNodeDeviceSetAutostart()`` and
+    ``virNodeDeviceGetAutostart()``. The corresponding virsh command is
+    ``nodedev-autostart``. In addition, two new APIs were added to get
+    additional information about node devices: ``virNodeDeviceIsPersistent()``
+    checks whether the device is persistently defined, and
+    ``virNodeDeviceIsActive()`` checks whether the node device is currently
+    active. This information can also be retrieved with the new virsh command
+    ``nodedev-info``.
+
+
+v7.7.0 (2021-09-01)
+===================
+
+* **New features**
+
+  * Add support for Fibre Channel VMID
+
+    New VM element ``<fibrechannel appid=''/>`` was added to allow users to set
+    their ``appid`` for each VM which will be used by kernel to create Fibre
+    Channel VMID. This allows various QoS levels, access control or collecting
+    telemetry data per VM.
+
+* **Improvements**
+
+  * virsh: Allow XML validation for define of: storage pool, network, secret,
+    nwfilter, interface
+
+    * Add flag ``VIR_STORAGE_POOL_DEFINE_VALIDATE`` to validate storage pool
+      input xml. For virsh, users can use it as ``virsh pool-define --validate``.
+    * Add flag ``VIR_NETWORK_DEFINE_VALIDATE`` to validate network input xml. For
+      virsh, users can use it as ``net-define --validate``.
+    * Add flag ``VIR_SECRET_DEFINE_VALIDATE`` to validate secret input xml. For
+      virsh, users can use it as ``secret-define --validate``.
+    * Add flag ``VIR_NWFILTER_DEFINE_VALIDATE`` to validate nwfilter input xml.
+      For virsh, users can use it as ``nwfilter-define --validate``.
+    * Add flag ``VIR_INTERFACE_DEFINE_VALIDATE`` to validate interface input xml.
+      For virsh, users can use it as ``iface-define --validate``.
+
+  * Add SecurityManager APIs for labeling network devices
+
+    New ``virSecurityManagerSetNetdevLabel`` and ``virSecurityManagerSetNetdevLabel``
+    APIs are introduced and implemented in the Apparmor security driver.
+    The qemu driver uses the APIs to label vhostuser ports on hotplug and
+    restore labeling on unplug.
+
+  * vmx: Parse vm.genid and support super wide SCSI bus
+
+    The genid attribute is now reported for VMX guests. Libvirt can now
+    properly process super wide SCSI bus (64 units).
+
+  * qemu: Lifecycle action (``on_poweroff``/``on_reboot``) handling improvements
+
+    The handling of lifecycle actions was fixed and improved in multiple ways:
+
+    - ``restart-rename`` action was forbidden
+
+      The action was never properly implemented in the qemu driver and didn't
+      actually result in a restart of the VM but rather termination. The qemu
+      driver now rejects such configurations.
+
+    - ``preserve`` action was forbidden
+
+      Similarly to the previous case this never worked as the intended semantics
+      of the actions dictate. It's better to not allow it at all until there's a
+      proper implementation
+
+    - ``reboot`` action of ``on_poweroff`` now actually works
+
+      The guest OS is now rebooted instead of terminating the VM when the
+      ``reboot`` action is used and the guest OS powers down. Note that it's
+      incompatible with ``on_reboot`` set to ``destroy``.
+
+    - Changes in action action of ``on_reboot`` are now updated with qemu
+
+      Libvirtd can now properly update the ``on_reboot`` action in qemu which
+      allows proper handling when changing between ``reboot`` and ``destroy``
+      actions. In addition, switching from ``reboot`` to ``destroy`` was
+      forbidden for older qemus which don't support the update API as the guest
+      could still reboot and execute some instructions until it was terminated.
+
+* **Bug fixes**
+
+  * qemu: Open chardev logfile on behalf of QEMU
+
+    Guests with a logfile configured for their chardevs are now able to start
+    even when no virtlogd is configured.
+
+  * virhostmem: Handle numactl-less build in hugepages allocation/reporting
+
+    Some architectures don't have notion of NUMA (e.g. s390x) but do support
+    hugepages. Libvirt silently ignored requests to allocate/report hugepage
+    pool when built without numactl. This is now fixed and the pool can be
+    allocated/reported on properly.
+
+  * qemu: Record proper ``backing`` format for overlays of qcow2+luks images
+
+    Libvirt would record ``luks`` instead of ``qcow2`` into the metadata. In
+    practice this is a problem only when inspecting images manually via
+    ``qemu-img`` as with libvirt users must use full specification of the
+    backing chain in the domain XML which supersedes information recorded in
+    the image metadata.
+
+
+v7.6.0 (2021-08-02)
+===================
+
+* **Security**
+
+  * storage: Unlock pool objects on ACL check failures in ``storagePoolLookupByTargetPath`` (CVE-2021-3667)
+
+    A logic bug in ``storagePoolLookupByTargetPath`` where the storage pool
+    object was left locked after a failure of the ACL check could potentially
+    deprive legitimate users access to a storage pool object by users who don't
+    have access.
+
+* **New features**
+
+  * qemu: Incremental backup support via ``virDomainBackupBegin``
+
+    libvirt-7.6 along with the unreleased qemu-6.1 will fully support the change
+    block tracking features (block-dirty-bitmaps) to be able to do incremental
+    backups and management of the checkpoint states via the appropriate APIs.
+
+  * qemu: Add support for launch security type s390-pv
+
+    Specifying s390-pv as launch security type in an s390 domain prepares for
+    running the guest in protected virtualization secure mode, also known as
+    IBM Secure Execution. This simplifies the definition and reduces the risk
+    of an incorrect definition, e.g. by forgetting to specify ``iommu=on`` on
+    all virtio devices.
+
+  * domstats: Add haltpolling time statistic interface
+
+    Domstats now provide the data of cpu haltpolling time. This feature relies
+    on statistics available after kernel version 5.8. This will allow the user
+    to get more accurate CPU usage information if needed.
+
+* **Bug fixes**
+
+  * qemu: Fix migration with ``VIR_MIGRATE_NON_SHARED_INC``
+
+    libvirt 7.3.0 introduced a bug where ``VIR_MIGRATE_NON_SHARED_INC`` would
+    not actually migrate the contents of the disk due to broken logic and at
+    the same time could trigger migration of storage when
+    ``VIR_MIGRATE_TUNNELLED`` is requested. This release fixes the bug.
+
+  * qemu: Don't emit ``VIR_DOMAIN_EVENT_ID_BLOCK_THRESHOLD`` twice when registered with index
+
+    When registering the threshold event with the index notation (e.g.
+    ``vda[3]``) libvirt would emit the event also for ``vda`` if the image is
+    in the top layer. The intention was to emit two events only when the
+    original registration was done without the index.
+
+  * qemu: Pass discard requests for disks with ``copy_on_read='on'``
+
+    When a disk using the ``copy_on_read='on'`` option is configured also with
+    ``discard='unmap'`` the discard requests will now be passed to the
+    underlying image freeing up the space.
+
+
+v7.5.0 (2021-07-01)
+===================
+
+* **Security**
+
+  * svirt: fix MCS label generation (CVE-2021-3631)
+
+    A flaw in the way MCS labels were generated could result in a VM's
+    resource not being fully protected from access by another VM were
+    it to be compromised. https://gitlab.com/libvirt/libvirt/-/issues/153
+
+* **Removed features**
+
+  * xen: Remove support for Xen < 4.9
+
+    In accordance with our platform support policy, the oldest supported Xen
+    version is now bumped from 4.6 to 4.9.
+
+* **Improvements**
+
+  * docs: Document disk serial truncation status quo
+
+    Disk ``<serial>`` is being truncated by QEMU before passed to the guest.
+    Since it's impossible to fix it without running into further regressions
+    the documentation was improved to document the intricacies.
+
+* **Bug fixes**
+
+  * qemu: Fixed validation of disk ``iothread`` configuration
+
+    The validation of ``iothread`` config was previously moved to a place where
+    it caused bogus errors when address wasn't allocated when hotplugging a
+    disk. The check is now removed as it wasn't actually necessary at all.
+
+
+v7.4.0 (2021-06-01)
+===================
+
+* **Removed features**
+
+  * qemu: Remove support for QEMU < 2.11
+
+    In accordance with our platform support policy, the oldest supported QEMU
+    version is now bumped from 1.5 to 2.11.
+
+* **New features**
+
+  * qemu: Add support for hotplugging ``<transient/>`` disks
+
+    The disk hotplug code in the qemu driver now can handle hotplug of disks
+    with automatically added overlay.
+
+  * qemu: Add support for sharing base image of ``<transient/>`` disks
+
+    Users can use ``<transient shareBacking='yes'/>`` to tell the qemu driver to
+    never open the base image in write mode thus multiple VMs can share the
+    same image. Note that the disk will be hotplugged during startup.
+
+* **Improvements**
+
+  * Add win-dmp crashdump format
+
+    New ``win-dmp`` format for ``virDomainCoreDumpWithFormat`` API and/or virsh
+    ``dump --format`` was introduced.
+
+* **Bug fixes**
+
+  * Allow 0 offset in XML schema for ``<slice type='storage' offset='0' size='321'/>``
+
+    Having a 0 offset so that the size of the image can be limited is a
+    valid configuration so it was allowed in the XML schema.
+
+
+v7.3.0 (2021-05-03)
+===================
+
+* **New features**
+
+  * xen: Support domains with more than 4TB
+
+    The xen driver now supports domains with more than 4TB of memory with
+    xen >= 4.13.
+
+  * qemu: add socket for virtiofs filesystems
+
+    Libvirt now supports ``filesystem`` devices that connect to
+    a ``virtiofsd`` daemon launched outside of libvirtd, via the
+    ``socket`` attribute of the ``source`` element.
+
+  * nodedev: Add ability to manage persistent mediated devices
+
+    Persistent mediated devices can now be managed with libvirt.
+    ``virNodeDeviceDefineXML()`` defines a new device,
+    ``virNodeDeviceUndefine()`` removes an existing definition, and
+    ``virNodeDeviceCreate()`` starts a device definition that is currently
+    inactive. Corresponding virsh commands ``nodedev-define``,
+    ``nodedev-undefine``, and ``nodedev-start`` were also added.
+    ``nodedev-list`` only lists active devices by default. Inactive device
+    definitions can be shown with the new ``--inactive`` and ``--all`` flags.
+
+  * qemu: Allow use of qemu's ``-compat`` option
+
+    Curious developers or testers now can enable certain ``-compat`` modes which
+    allow to notice use of deprecated commands and options as qemu will use the
+    selected method to notify the user. The new behaviour can be requested using
+    either the ``deprecation_behavior`` option in ``qemu.conf`` for all VMs or
+    using ``<qemu:deprecation behavior='...'/>`` in the VM XML.
+
+* **Improvements**
+
+  * virsh: Improve errors with ``virsh snapshot-create-as``
+
+    The XML document constructed by virsh was forced through XML schema
+    validation which yielded unintelligible error messages in cases such as
+    when the path to the new image did not start with a slash. XML documents
+    are no longer validated as the XML parser actually has better error
+    messages which allow users to figure the problem out quickly.
+
+  * qemu: Terminate backing store when doing a full-chain block pull
+
+    When pulling everything into the overlay image the chain can be terminated
+    since we know that it won't depend on any backing image and thus can prevent
+    attempts to probe the backing chain.
+
+  * qemu: Expose disk serial in virDomainGetGuestInfo()
+
+    The ``virDomainGetGuestInfo()`` reports disk serial number among with other
+    disk information.
+
+* **Bug fixes**
+
+  * qemu: Fix crash of libvirt on full block pull of a disk
+
+    When the persistent definition contains a compatible disk (meaning the
+    definition of the running and persistent config match) a block pull job
+    would leave a dangling pointer in the config definition which resulted
+    in a crash.
+
+  * qemu: Use proper job cancelling command
+
+    Libvirt's API contract for aborting a block copy job in 'ready' state
+    declares that the destination image of the copy will contain a consistent
+    image of the disk from the time when the block job was aborted. This
+    requires that libvirt uses the proper cancelling qemu command to ensure
+    that the data is consistent which was not the case.
+
+  * qemu: Don't attempt storage migration when there are no migratable disks
+
+    Due to a logic bug introduced in the previous release libvirt would attempt
+    to migrate disks in case when no disks are selected/eligible for migration.
+
+  * qemu: Fix very rare race when two block job 'ready' events are delivered
+
+    In certain high-load scenarios, qemu might deliver the 'ready' event twice
+    and if it's delivered when pivoting to the destination during a block copy
+    job, libvirt would get confused and execute the code as if the job were
+    aborted.
+
+  * lxc: Fix container destroy with CGroupsV2
+
+    When an LXC container was started and the host used CGroupsV2 it might have
+    had created nested controllers under the container's scope. Libvirt was
+    unaware and thus destroying the container failed with a cryptic error:
+    ``failed to get cgroup backend for 'pathOfController'``. The CGroup removal
+    code was reworked and is now capable of dealing with such scenario.
+
+  * bash-completion: Fix argument passing to $1
+
+    Due to a bug in bash completion script, the auto completion did not work
+    properly when a connection URI or read only flag were specified on
+    ``virsh`` or ``virt-admin`` command line.
+
+
+v7.2.0 (2021-04-01)
+===================
+
+* **New features**
+
+  * qemu: Implement domain memory dirty rate calculation API
+
+    New API ``virDomainStartDirtyRateCalc()`` and virsh command
+    ``domdirtyrate-calc`` are added to start calculating a live domain's
+    memory dirty rate.
+
+  * qemu: Support reporting memory dirty rate stats
+
+    The memory dirty rate stats can be obtained through ``virsh domstats
+    --dirtyrate`` via the virConnectGetAllDomainStats API.
+
+  * qemu: Full disk backups via ``virDomainBackupBegin``
+
+    The qemu hypervisor driver now allows taking full disk backups via the
+    ``virDomainBackupBegin`` API and the corresponding virsh wrapper.
+
+    In future releases the feature will be extended to also support incremental
+    backups (where only the difference since the last backup is copied) when
+    qemu adds the required functionality.
+
+  * Add support for audio backend specific settings
+
+    With this release a new ``<audio/>`` element is introduced that allows
+    users to configure audio output for their guests.
+
+* **Improvements**
+
+  * qemu: Compatibility with QEMU 6.0 for certain hot-(un)-plug operations
+
+    Libvirt 7.2.0 is required for compatibility with the upcoming QEMU 6.0
+    release for hotplug and hotunplug of certain devices and helpers, such as
+    iothreads, chardevs, RNG devices, disks with secret, ...
+
+  * qemu: Various improvements to embedded mode
+
+    Embedded mode for the QEMU driver, as well as the ``virt-qemu-run`` tool
+    saw improvements in handling of domain life cycle, temporary directories
+    creation (important when using disk secrets) and other minor fixes.
+
+  * Documentation of split daemon related config files
+
+    Split daemons read configuration files upon their start. These were never
+    documented though.
+
+* **Bug fixes**
+
+  * Check host CPU for forbidden features
+
+    CPU feature policy did not work as expected with ``host-passthrough`` and
+    features supported by physical host. CPU features were not filtered out
+    when ``@check`` was set to ``full``.
+
+  * Fix virNetworkUpdate() to work with split daemons
+
+    Due to a bug in our code, virNetworkUpdate() did not work with split daemon
+    unless management application connected to virtnetworkd directly.
+
+  * qemu: increase locked memory limit when a vDPA device is present
+
+    Just like VFIO devices, vDPA devices may need to have all guest memory
+    pages locked/pinned in order to operate properly. These devices are now
+    included when calculating the limit for memory lock.
+
+  * Don't log error if SRIOV PF has no associated netdev
+
+    Some SRIOV PFs don't have a netdev associated with them in which case
+    libvirtd reported an error and refused to start. This is now fixed.
+
+  * qemu: Only raise memlock limit if necessary
+
+    Attempting to set the memlock limit might fail if we're running
+    in a containerized environment where ``CAP_SYS_RESOURCE`` is not
+    available, and if the limit is already high enough there's no
+    point in trying to raise it anyway.
+
+  * Restore security context of swtpm.log
+
+    If a guest with emulated TPM was started and the daemon was restarted
+    afterwards, the security context of the per-domain ``swtpm.log`` file was
+    not restored on domain shutdown leaving it unable to be started again.
+
+  * virtlogd|virtlockd: Fixed crash when upgrading the daemons in-place
+
+    A bug preventing the in-place upgrade of ``virtlogd`` and ``virtlockd``
+    daemons was fixed, so they can again be upgraded without dropping the log
+    file descriptors or locks on files.
+
+
+v7.1.0 (2021-03-01)
+===================
+
+* **Portability**
+
+  * Implement Apple Silicon support
+
+    libvirt now runs on the ARM-based Apple Silicon Macs.
+
+* **New features**
+
+  * Introduce virtio-pmem ``<memory/>`` model
+
+    The virtio-pmem is a virtio variant of NVDIMM and just like NVDIMM
+    virtio-pmem also allows accessing host pages bypassing guest page cache.
+
+  * Introduce ``<boot order/>`` for ``<filesystem>``
+
+    Booting is possible from virtiofs filesystems. Introduce an option
+    to control the boot order, like we do for other bootable devices.
+
+  * hyperv: implement new APIs
+
+    The ``virDomainUndefine()``, ``virDomainUndefineFlags()``,
+    ``virDomainDefineXML()``, ``virDomainAttachDevice()``, and
+    ``virDomainAttachDeviceFlags()``, ``virConnectListAllNetworks()``,
+    ``virConnectNumOfNetworks()``, ``virNetworkLookupByName()``,
+    ``virNetworkLookupByUUID()``, ``virConnectNumOfDefinedNetworks()``,
+    ``virConnectListDefinedNetworks()``, ``virNetworkGetAutostart()``,
+    ``virNetworkIsActive()``, ``virNetworkIsPersistent()``,
+    ``virNetworkGetXMLDesc()``, and ``virDomainScreenshot()``, APIs have been
+    implemented in the Hyper-V driver.
+
+  * Support <teaming> element in plain <hostdev> devices
+
+    This is useful when libvirt doesn't have the privileges necessary
+    to set the hostdev device's MAC address (which is a necessary
+    part of the alternate <interface type='hostdev'>).
+
+  * Introduce ``<disk type='vhostuser'>`` support
+
+    Introduces support for QEMU vhost-user-blk device that can be used
+    to access storage exported via the vhost-user protocol by daemons such
+    as the ``qemu-storage-daemon``.
+
+* **Bug fixes**
+
+  * qemu: Fix disk quiescing rollback when creating external snapshots
+
+   If the qemu guest agent call to freeze filesystems failed when creating
+   an external snapshot with ``VIR_DOMAIN_SNAPSHOT_CREATE_QUIESCE`` flag the
+   filesystems would be unconditionally thawed. This could cause problems when
+   the filesystems were frozen by an explicit call to ``virDomainFSFreeze``
+   since the guest agent then rejects any further freeze attempts once are
+   filesystems frozen, an explicit freeze followed by a quiesced snapshot
+   would fail and thaw filesystems.
+
+   Users are also encouraged to use ``virDomainFSFreeze/Thaw`` manually instead
+   of relying on ``VIR_DOMAIN_SNAPSHOT_CREATE_QUIESCE`` if they need finer
+   grained control.
+
+  * cgroups: Fix how we setup and configure cgroups on hosts with systemd
+
+    When libvirt is running on host with systemd we register every VM with
+    machined which creates the VM root cgroup for us as well. Before this fix
+    we were directly modifying files in the VM root cgroup which was incorrect
+    because all the files are managed by systemd. The implication was that any
+    change done by libvirt to cgroup attributes supported by systemd could be
+    removed which happens for example by running ``systemctl daemon-reload``.
+
+    To fix the issue libvirt now uses DBus calls for some of the cgroup
+    attributes that distribute the resources proportionally to the cgroup
+    siblings and for the rest we have a new sub-cgroup that libvirt can
+    managed directly.
+
+    For more details why this is necessary see
+    `systemd cgroup <https://systemd.io/CGROUP_DELEGATION/>`_ documentation.
+
+  * qemu: Fix swtpm device with aarch64
+
+    The TPM TIS device name for x86 is ``tpm-tis``, whereas for aarch64 it is
+    ``tpm-tis-device``. Fix the use of TPM TIS device with aarch64 by using
+    the proper device name when building the QEMU command line.
+
+  * libxl: Fix domain shutdown
+
+    Commit fa30ee04a2 introduced the possibility of a race between the
+    shutdown and death threads used to process domain shutdown and death
+    events from libxl. On normal domain shutdown the shutdown thread handles
+    all aspects of shutting down and cleaning up the domain. The death
+    thread is only used to handle out-of-band domain destruction and is
+    inhibited when domain shutdown is under libvirt's control. The race is
+    avoided by also inhibiting the death thread when libvirt starts the
+    shutdown thread.
+
+
+v7.0.0 (2021-01-15)
+===================
+
+* **Project governance**
+
+  * Formal handover of release tarball signing
+
+    Starting from libvirt-6.6 the release tarballs are signed by Jiří Denemark.
+    Releases starting with 7.0 contain a note from the previous maintainer
+    Daniel Veillard officially handing over the signing of packages so that the
+    transition can be verified.
+
+* **New features**
+
+  * nodedev: Add node device driver support for AP devices
+
+    Add support for detecting and listing Adjunct Processor(AP) cards, AP
+    queues and AP matrix devices (which are capable of MDEV) of a KVM host
+    system in libvirt node device driver with correct object relationships.
+
+  * qemu: Allow control of ``qcow2`` metadata cache
+
+    In specific usecases such as when massive storage images are used it's
+    possible to achieve better performance by increasing the metadata cache
+    size. The new knob allows advanced users setting the size according to
+    qemu's documentation to suit their image.
+
+  * conf: Add support for keeping TPM emulator state
+
+    Currently, swtpm TPM state file is removed when a transient domain is
+    powered off or undefined. Add per-TPM emulator option ``persistent_state``
+    for keeping TPM state.
+
+* **Improvements**
+
+  * qemu: Discourage users from polling ``virDomainGetBlockJobInfo`` for block
+    job completion
+
+    Document that waiting for events is a more robust solution.
+
+  * secret: Relax XML schema for the ``usage`` name of a ``secret``
+
+    Various bits of documentation of how to use libvirt with RBD volumes used
+    an usage name which would not pass the XML validation. Relax the requirement
+    to make such XMLs valid.
+
+  * virnetdevopenvswitch: Various improvements
+
+    The code that handles ``<interface type='vhostuser'/>`` was given various
+    improvements. So far, libvirt assumed vhostuser interfaces are handled
+    exclusively by OpenVSwitch and refused to start a guest if it was not so.
+    Now a guest can be started successfully even if the interface is created by
+    some other tool (e.g. ``dpdk-testpmd``). Also, the code that detects the
+    interface name was adapted to new versions of OpenVSwitch and thus can
+    detect name more reliably.
+
+  * qemu: Report guest disks information in ``virDomainGetGuestInfo``
+
+    Libvirt is now able to report disks and filesystems from the guest's
+    perspective (using guest agent). And with sufficiently new guest agent
+    (5.3.0 or newer) the API also handles disks on CCW bus.
+
+* **Bug fixes**
+
+  * qemu: Fix logic bug in inactive snapshot deletion
+
+    This release fixes a bug introduced in libvirt-6.9 where libvirt's
+    snapshot metadata would not be deleted on successful snapshot deletion.
+
+  * qemu: Fix VMs with ``<iotune>`` on an empty cdrom
+
+    Specifying ``<iotune>`` for an empty cdrom would prevent the VM from
+    starting as qemu doesn't accept the tuning for an empty drive. We now
+    postpone setting the parameters until a new media is inserted.
+
+  * Avoid taking extra host memory when launching pSeries guests
+
+    Under certain conditions, pSeries guests were being launched with more
+    RAM than it was specified in the domain XML by the user. New pSeries
+    domains created with libvirt 7.0.0 will always launch with the right
+    amount of initial memory. Existing guests that migrate from an older
+    libvirt version to 7.0.0 will not be affected by this change.
+
+  * qemu: Don't cache NUMA caps
+
+    ``virsh capabilities`` contains ``<topology/>`` section which reports NUMA
+    topology among with amount of free hugepages per each NUMA node. However,
+    these amounts were not updated between calls.
+
+  * networkGetDHCPLeases: Handle leases with infinite expiry time
+
+    Since libvirt-6.3.0 it is possible to configure expiry time for DHCP
+    leases. If the expiry time was infinite then ``virsh net-dhcp-leases``
+    and NSS plugins refused to work.
+
+  * qemu: Don't prealloc mem for real NVDIMMs
+
+    If a real life NVDIMM is assigned to a guest via ``<memory model='nvdimm'/>``
+    then QEMU is no longer instructed to preallocate memory
+    for it. This prevents unnecessary wear on the NVDIMM.
+
+  * network: Introduce mutex for bridge name generation
+
+    When new libvirt network is defined or created and the input XML does not
+    contain any bridge name, libvirt generates one. However, it might have
+    happened that the same name would be generated for different networks if
+    two or more networks were defined/created at once.
+
+
+v6.10.0 (2020-12-01)
 ====================
 
 * **Security**
@@ -42,8 +928,23 @@ v6.10.0 (unreleased)
 
 * **Improvements**
 
+  * virsh: Support network disks in ``virsh attach-disk``
+
+    The ``virsh attach-disk`` helper command which simplifies attaching of disks
+    without the need for the user to formulate the disk XML manually now
+    supports network-backed images. Users can specify the protocol and host
+    specification with new command line arguments. Please refer to the man
+    page of virsh for further information.
+
 * **Bug fixes**
 
+  * remote: fixed performance regression in SSH tunnelling
+
+    The ``virt-ssh-helper`` binary introduced in 6.8.0 had very
+    poor scalability which impacted libvirt tunnelled migration
+    and storage volume upload/download in particular. It has been
+    updated and now has performance on par with netcat.
+
 * **Removed features**
 
   * hyperv: removed support for the Hyper-V V1 WMI API
@@ -185,7 +1086,7 @@ v6.8.0 (2020-10-01)
   * qemu: Preserve qcow2 cluster size after external snapshots
 
     The new overlay image which is installed on top of the current chain when
-    taking an external snapshot now preserves the cluser size of the original
+    taking an external snapshot now preserves the cluster size of the original
     top image to preserve any performance tuning done on the original image.
 
 * **Bug fixes**
@@ -2159,8 +3060,8 @@ v4.6.0 (2018-08-06)
 
   * qemu: Enable VNC console for mediated devices
 
-    Host devices now support a new atribute 'display' which can be used to turn
-    on frame buffer rendering on a vgpu mediated device instead of on an
+    Host devices now support a new attribute 'display' which can be used to
+    turn on frame buffer rendering on a vgpu mediated device instead of on an
     emulated GPU, like QXL.
 
 * **Improvements**

build-aux/Makefile.in

@@ -5,6 +5,8 @@ top_builddir = @top_builddir@
 FLAKE8 = @flake8_path@
 RUNUTF8 = @runutf8@
 PYTHON = @PYTHON3@
+GREP = @GREP@
+SED = @SED@
 
 # include syntax-check.mk file
 include $(top_srcdir)/build-aux/syntax-check.mk

build-aux/meson.build

@@ -10,18 +10,38 @@ syntax_check_conf.set('flake8_path', flake8_path)
 syntax_check_conf.set('runutf8', ' '.join(runutf8))
 syntax_check_conf.set('PYTHON3', python3_prog.path())
 
+if host_machine.system() == 'freebsd' or host_machine.system() == 'darwin'
+  make_prog = find_program('gmake')
+  sed_prog = find_program('gsed')
+else
+  make_prog = find_program('make')
+  sed_prog = find_program('sed')
+endif
+
+if host_machine.system() == 'freebsd'
+  grep_prog = find_program('grep')
+  grep_cmd = run_command(grep_prog, '--version')
+  if grep_cmd.stdout().startswith('grep (BSD grep')
+    grep_prog = find_program('/usr/local/bin/grep', required: false)
+    if not grep_prog.found()
+      error('GNU grep not found')
+    endif
+  endif
+elif host_machine.system() == 'darwin'
+  grep_prog = find_program('ggrep')
+else
+  grep_prog = find_program('grep')
+endif
+
+syntax_check_conf.set('GREP', grep_prog.path())
+syntax_check_conf.set('SED', sed_prog.path())
+
 configure_file(
   input: 'Makefile.in',
   output: '@BASENAME@',
   configuration: syntax_check_conf,
 )
 
-if host_machine.system() == 'freebsd'
-  make_prog = find_program('gmake')
-else
-  make_prog = find_program('make')
-endif
-
 rc = run_command(
   'sed', '-n',
   's/^\\(sc_[a-zA-Z0-9_-]*\\):.*/\\1/p',

build-aux/syntax-check.mk

@@ -27,16 +27,6 @@ ME := build-aux/syntax-check.mk
 # of the module description. But some packages import this file directly,
 # ignoring the module description.
 AWK ?= awk
-GREP ?= grep
-# FreeBSD (and probably some other OSes too) ships own version of sed(1), not
-# compatible with the GNU sed. GNU sed is available as gsed(1), so use this
-# instead
-UNAME := $(shell uname)
-ifeq ($(UNAME),FreeBSD)
-SED ?= gsed
-else
-SED ?= sed
-endif
 
 # Helper variables.
 _empty =
@@ -47,10 +37,8 @@ _sp = $(_empty) $(_empty)
 # If S1 == S2, return S1, otherwise the empty string.
 _equal = $(and $(findstring $(1),$(2)),$(findstring $(2),$(1)))
 
-GIT = git
-VC = $(GIT)
-
-VC_LIST = $(top_srcdir)/build-aux/vc-list-files -C $(top_srcdir)
+VC_LIST = cd $(top_srcdir); git ls-tree -r 'HEAD:' | \
+          sed -n "s|^100[^	]*.||p"
 
 # You can override this variable in syntax-check.mk to set your own regexp
 # matching files to ignore.
@@ -76,8 +64,7 @@ endif
 _sc_excl = \
   $(or $(exclude_file_name_regexp--$@),^$$)
 VC_LIST_EXCEPT = \
-  $(VC_LIST) | $(SED) 's|^$(_dot_escaped_srcdir)/||' \
-	| $(GREP) -Ev -e '($(VC_LIST_ALWAYS_EXCLUDE_REGEX)|$(_sc_excl))' \
+  $(VC_LIST) | $(GREP) -Ev -e '($(VC_LIST_ALWAYS_EXCLUDE_REGEX)|$(_sc_excl))' \
 	$(_prepend_srcdir_prefix)
 
 # Prevent programs like 'sort' from considering distinct strings to be equal.
@@ -95,15 +82,6 @@ syntax-check-rules := $(sort $(shell $(SED) -n \
    's/^\(sc_[a-zA-Z0-9_-]*\):.*/\1/p' $(top_srcdir)/$(ME) $(_cfg_mk)))
 .PHONY: $(syntax-check-rules)
 
-ifeq ($(shell $(VC_LIST) >/dev/null 2>&1; echo $$?),0)
-  local-checks-available += $(syntax-check-rules)
-else
-  local-checks-available += no-vc-detected
-no-vc-detected:
-	@echo "No version control files detected; skipping syntax check"
-endif
-.PHONY: $(local-checks-available)
-
 # Arrange to print the name of each syntax-checking rule just before running it.
 $(syntax-check-rules): %: %.m
 sc_m_rules_ = $(patsubst %, %.m, $(syntax-check-rules))
@@ -126,191 +104,14 @@ $(sc_z_rules_): %.z: %
 # that computes and prints elapsed time.
 local-check :=								\
   $(patsubst sc_%, sc_%.z,						\
-    $(filter-out $(local-checks-to-skip), $(local-checks-available)))
+    $(filter-out $(local-checks-to-skip), $(syntax-check-rules)))
 
 syntax-check: $(local-check)
 
-_test_script_regex = \<test-lib\.sh\>
-
 # Files that should never cause syntax check failures.
 VC_LIST_ALWAYS_EXCLUDE_REGEX = \
   (^(docs/(news(-[0-9]*)?\.html\.in|.*\.patch))|\.(po|fig|gif|ico|png))$$
 
-# Functions like free() that are no-ops on NULL arguments.
-useless_free_options = \
-  --name=VBOX_UTF16_FREE \
-  --name=VBOX_UTF8_FREE \
-  --name=VBOX_COM_UNALLOC_MEM \
-  --name=VIR_FREE \
-  --name=qemuCapsFree \
-  --name=qemuMigrationCookieFree \
-  --name=qemuMigrationCookieGraphicsFree \
-  --name=sexpr_free \
-  --name=usbFreeDevice \
-  --name=virBandwidthDefFree \
-  --name=virBitmapFree \
-  --name=virCPUDefFree \
-  --name=virCapabilitiesFree \
-  --name=virCapabilitiesFreeGuest \
-  --name=virCapabilitiesFreeGuestDomain \
-  --name=virCapabilitiesFreeGuestFeature \
-  --name=virCapabilitiesFreeGuestMachine \
-  --name=virCapabilitiesFreeHostNUMACell \
-  --name=virCapabilitiesFreeMachines \
-  --name=virCgroupFree \
-  --name=virCommandFree \
-  --name=virConfFreeList \
-  --name=virConfFreeValue \
-  --name=virDomainActualNetDefFree \
-  --name=virDomainChrDefFree \
-  --name=virDomainControllerDefFree \
-  --name=virDomainDefFree \
-  --name=virDomainDeviceDefFree \
-  --name=virDomainDiskDefFree \
-  --name=virDomainEventCallbackListFree \
-  --name=virObjectEventQueueFree \
-  --name=virDomainFSDefFree \
-  --name=virDomainGraphicsDefFree \
-  --name=virDomainHostdevDefFree \
-  --name=virDomainInputDefFree \
-  --name=virDomainNetDefFree \
-  --name=virDomainObjFree \
-  --name=virDomainSmartcardDefFree \
-  --name=virDomainSnapshotObjFree \
-  --name=virDomainSoundDefFree \
-  --name=virDomainVideoDefFree \
-  --name=virDomainWatchdogDefFree \
-  --name=virFileDirectFdFree \
-  --name=virHashFree \
-  --name=virInterfaceDefFree \
-  --name=virInterfaceIpDefFree \
-  --name=virInterfaceObjFree \
-  --name=virInterfaceProtocolDefFree \
-  --name=virJSONValueFree \
-  --name=virLastErrFreeData \
-  --name=virNetMessageFree \
-  --name=virNWFilterDefFree \
-  --name=virNWFilterEntryFree \
-  --name=virNWFilterHashTableFree \
-  --name=virNWFilterIPAddrLearnReqFree \
-  --name=virNWFilterIncludeDefFree \
-  --name=virNWFilterObjFree \
-  --name=virNWFilterRuleDefFree \
-  --name=virNWFilterRuleInstFree \
-  --name=virNetworkDefFree \
-  --name=virNodeDeviceDefFree \
-  --name=virNodeDeviceObjFree \
-  --name=virObjectUnref \
-  --name=virObjectFreeCallback \
-  --name=virPCIDeviceFree \
-  --name=virSecretDefFree \
-  --name=virStorageEncryptionFree \
-  --name=virStorageEncryptionSecretFree \
-  --name=virStorageFileFreeMetadata \
-  --name=virStoragePoolDefFree \
-  --name=virStoragePoolObjFree \
-  --name=virStoragePoolSourceFree \
-  --name=virStorageVolDefFree \
-  --name=virThreadPoolFree \
-  --name=xmlBufferFree \
-  --name=xmlFree \
-  --name=xmlFreeDoc \
-  --name=xmlFreeNode \
-  --name=xmlXPathFreeContext \
-  --name=xmlXPathFreeObject
-
-# The following template was generated by this command:
-# make ID && aid free|grep '^vi'|sed 's/ .*//;s/^/#   /'
-# N virBufferFreeAndReset
-# y virCPUDefFree
-# y virCapabilitiesFree
-# y virCapabilitiesFreeGuest
-# y virCapabilitiesFreeGuestDomain
-# y virCapabilitiesFreeGuestFeature
-# y virCapabilitiesFreeGuestMachine
-# y virCapabilitiesFreeHostNUMACell
-# y virCapabilitiesFreeMachines
-# N virCapabilitiesFreeNUMAInfo FIXME
-# y virCgroupFree
-# N virConfFree               (diagnoses the "error")
-# y virConfFreeList
-# y virConfFreeValue
-# y virDomainChrDefFree
-# y virDomainControllerDefFree
-# y virDomainDefFree
-# y virDomainDeviceDefFree
-# y virDomainDiskDefFree
-# y virDomainEventCallbackListFree
-# y virDomainEventQueueFree
-# y virDomainFSDefFree
-# n virDomainFree
-# n virDomainFreeName (can't fix -- returns int)
-# y virDomainGraphicsDefFree
-# y virDomainHostdevDefFree
-# y virDomainInputDefFree
-# y virDomainNetDefFree
-# y virDomainObjFree
-# n virDomainSnapshotFree (returns int)
-# n virDomainSnapshotFreeName (returns int)
-# y virDomainSnapshotObjFree
-# y virDomainSoundDefFree
-# y virDomainVideoDefFree
-# y virDomainWatchdogDefFree
-# n virDrvNodeGetCellsFreeMemory (returns int)
-# n virDrvNodeGetFreeMemory (returns long long)
-# n virFree - dereferences param
-# n virFreeError
-# n virHashFree (takes 2 args)
-# y virInterfaceDefFree
-# n virInterfaceFree (returns int)
-# n virInterfaceFreeName
-# y virInterfaceIpDefFree
-# y virInterfaceObjFree
-# n virInterfaceObjListFree
-# y virInterfaceProtocolDefFree
-# y virJSONValueFree
-# y virLastErrFreeData
-# y virNWFilterDefFree
-# y virNWFilterEntryFree
-# n virNWFilterFree (returns int)
-# y virNWFilterHashTableFree
-# y virNWFilterIPAddrLearnReqFree
-# y virNWFilterIncludeDefFree
-# n virNWFilterFreeName (returns int)
-# y virNWFilterObjFree
-# n virNWFilterObjListFree FIXME
-# y virNWFilterRuleDefFree
-# n virNWFilterRuleFreeInstanceData (typedef)
-# y virNWFilterRuleInstFree
-# y virNetworkDefFree
-# n virNetworkFree (returns int)
-# n virNetworkFreeName (returns int)
-# n virNodeDevCapsDefFree FIXME
-# y virNodeDeviceDefFree
-# n virNodeDeviceFree (returns int)
-# y virNodeDeviceObjFree
-# n virNodeDeviceObjListFree FIXME
-# n virNodeGetCellsFreeMemory (returns int)
-# n virNodeGetFreeMemory (returns non-void)
-# y virSecretDefFree
-# n virSecretFree (returns non-void)
-# n virSecretFreeName (2 args)
-# n virSecurityLabelDefFree FIXME
-# n virStorageBackendDiskMakeFreeExtent (returns non-void)
-# y virStorageEncryptionFree
-# y virStorageEncryptionSecretFree
-# n virStorageFreeType (enum)
-# y virStoragePoolDefFree
-# n virStoragePoolFree (returns non-void)
-# n virStoragePoolFreeName (returns non-void)
-# y virStoragePoolObjFree
-# n virStoragePoolObjListFree FIXME
-# y virStoragePoolSourceFree
-# y virStorageVolDefFree
-# n virStorageVolFree (returns non-void)
-# n virStorageVolFreeName (returns non-void)
-# n virStreamFree
-
 # Avoid uses of write(2).  Either switch to streams (fwrite), or use
 # the safewrite wrapper.
 sc_avoid_write:
@@ -482,7 +283,7 @@ sc_prohibit_gethostname:
 sc_prohibit_readdir:
 	@prohibit='\b(read|close|open)dir *\(' \
 	exclude='exempt from syntax-check' \
-	halt='use virDirOpen, virDirRead and VIR_DIR_CLOSE' \
+	halt='use virDirOpen, virDirRead and g_autoptr(DIR)' \
 	  $(_sc_search_regexp)
 
 sc_prohibit_gettext_noop:
@@ -490,11 +291,6 @@ sc_prohibit_gettext_noop:
 	halt='use N_, not gettext_noop' \
 	  $(_sc_search_regexp)
 
-sc_prohibit_VIR_ERR_NO_MEMORY:
-	@prohibit='\<VIR_ERR_NO_MEMORY\>' \
-	halt='use virReportOOMError, not VIR_ERR_NO_MEMORY' \
-	  $(_sc_search_regexp)
-
 sc_prohibit_PATH_MAX:
 	@prohibit='\<PATH_MAX\>' \
 	halt='dynamically allocate paths, do not use PATH_MAX' \
@@ -503,6 +299,7 @@ sc_prohibit_PATH_MAX:
 include $(top_srcdir)/build-aux/Makefile.nonreentrant
 sc_prohibit_nonreentrant:
 	@prohibit="\\<(${NON_REENTRANT_RE}) *\\(" \
+	exclude='exempt from syntax-check' \
 	halt="use re-entrant functions (usually ending with _r)" \
 	  $(_sc_search_regexp)
 
@@ -789,26 +586,6 @@ sc_spec_indentation:
 	  echo '$(ME): skipping test $@: cppi not installed' 1>&2; \
 	fi
 
-# Long lines can be harder to diff; too long, and git send-email chokes.
-# For now, only enforce line length on files where we have intentionally
-# fixed things and don't want to regress.
-sc_prohibit_long_lines:
-	@prohibit='.{90}' \
-	in_vc_files='\.arg[sv]' \
-	halt='Wrap long lines in expected output files' \
-	  $(_sc_search_regexp)
-
-sc_copyright_format:
-	@require='Copyright .*Red 'Hat', Inc\.' \
-	containing='Copyright .*Red 'Hat \
-	halt='Red Hat copyright is missing Inc.' \
-	  $(_sc_search_regexp)
-	@prohibit='Copyright [^(].*Red 'Hat \
-	halt='consistently use (C) in Red Hat copyright' \
-	  $(_sc_search_regexp)
-	@prohibit='\<RedHat\>' \
-	halt='spell Red Hat as two words' \
-	  $(_sc_search_regexp)
 
 # Prefer the new URL listing over the old street address listing when
 # calling out where to get a copy of the [L]GPL.  Also, while we have
@@ -882,8 +659,10 @@ FLAKE8_IGNORE = E501,W504
 
 sc_flake8:
 	@if [ -n "$(FLAKE8)" ]; then \
-		$(VC_LIST_EXCEPT) | $(GREP) '\.py$$' | xargs \
-			$(FLAKE8) --ignore $(FLAKE8_IGNORE) --show-source; \
+		DOT_PY=$$($(VC_LIST_EXCEPT) | $(GREP) '\.py$$'); \
+		BANG_PY=$$($(VC_LIST_EXCEPT) | xargs grep -l '^#!/usr/bin/env python3$$'); \
+		ALL_PY=$$(printf "%s\n%s" "$$DOT_PY" "$$BANG_PY" | sort -u); \
+		echo "$$ALL_PY" | xargs $(FLAKE8) --ignore $(FLAKE8_IGNORE) --show-source; \
 	else \
 		echo '$(ME): skipping test $@: flake8 not installed' 1>&2; \
 	fi
@@ -996,9 +775,9 @@ sc_prohibit_windows_special_chars_in_filename:
 	{ echo '$(ME): Windows special chars in filename not allowed' 1>&2; echo exit 1; } || :
 
 sc_prohibit_mixed_case_abbreviations:
-	@prohibit='Pci|Usb|Scsi' \
+	@prohibit='Pci|Usb|Scsi|Vpd' \
 	in_vc_files='\.[ch]$$' \
-	halt='Use PCI, USB, SCSI, not Pci, Usb, Scsi' \
+	halt='Use PCI, USB, SCSI, VPD, not Pci, Usb, Scsi, Vpd' \
 	  $(_sc_search_regexp)
 
 # Require #include <locale.h> in all files that call setlocale()
@@ -1010,7 +789,8 @@ sc_require_locale_h:
 
 sc_prohibit_empty_first_line:
 	@$(VC_LIST_EXCEPT) | xargs awk 'BEGIN { fail=0; } \
-	FNR == 1 { if ($$0 == "") { print FILENAME ":1:"; fail=1; } } \
+	FNR == 1 { maybe_fail = $$0 == ""; } \
+	FNR == 2 { if (maybe_fail == 1) { print FILENAME ":1:"; fail=1; } } \
 	END { if (fail == 1) { \
 	  print "$(ME): Prohibited empty first line" > "/dev/stderr"; \
 	} exit fail; }'
@@ -1055,10 +835,10 @@ sc_prohibit_sysconf_pagesize:
 	halt='use virGetSystemPageSize[KB] instead of sysconf(_SC_PAGESIZE)' \
 	  $(_sc_search_regexp)
 
-sc_prohibit_virSecurity:
+sc_prohibit_virSecurityManager:
 	@$(VC_LIST_EXCEPT) | $(GREP) 'src/qemu/' | \
 		$(GREP) -v 'src/qemu/qemu_security' | \
-		xargs $(GREP) -Pn 'virSecurityManager(?!Ptr)' /dev/null && \
+		xargs $(GREP) -Pn 'virSecurityManager\S*\(' /dev/null && \
 		{ echo '$(ME): prefer qemuSecurity wrappers' 1>&2; exit 1; } || :
 
 sc_prohibit_pthread_create:
@@ -1088,10 +868,10 @@ sc_gettext_init:
 	  $(_sc_search_regexp)
 
 sc_prohibit_obj_free_apis_in_virsh:
-	@prohibit='\bvir(Domain|DomainSnapshot|Secret)Free\b' \
+	@prohibit='\bvir(Domain|DomainSnapshot|Interface|Network|NodeDevice|NWFilter|Secret|StoragePool|StorageVol|Stream)Free\b' \
 	in_vc_files='virsh.*\.[ch]$$' \
 	exclude='sc_prohibit_obj_free_apis_in_virsh' \
-	halt='avoid using virDomain(Snapshot)Free in virsh, use virsh-prefixed wrappers instead' \
+	halt='avoid using public virXXXFree in virsh, use virsh-prefixed wrappers instead' \
 	  $(_sc_search_regexp)
 
 https_sites = www.libvirt.org
@@ -1130,7 +910,7 @@ sc_prohibit_backslash_alignment:
 # Rule to ensure that variables declared using a cleanup macro are
 # always initialized.
 sc_require_attribute_cleanup_initialization:
-	@prohibit='((g_auto(ptr|free)?)|(VIR_AUTO((FREE|PTR|UNREF|CLEAN)\(.+\)|CLOSE|STRINGLIST))) *[^=]+;' \
+	@prohibit='((g_auto(ptr|free|slist)?)|VIR_AUTOCLOSE) *[^=]+;' \
 	in_vc_files='\.[chx]$$' \
 	halt='variable declared with a cleanup macro must be initialized' \
 	  $(_sc_search_regexp)
@@ -1293,17 +1073,6 @@ define _sc_search_regexp
    fi || :;
 endef
 
-sc_avoid_if_before_free:
-	@$(VC_LIST_EXCEPT)						\
-	  | $(GREP) -v useless-if-before-free				\
-	  | xargs							\
-	      $(top_srcdir)/build-aux/useless-if-before-free		\
-	      $(useless_free_options)					\
-	  && { printf '$(ME): found useless "if"'			\
-		      ' before "free" above\n' 1>&2;			\
-	       exit 1; }						\
-	  || :
-
 sc_cast_of_argument_to_free:
 	@prohibit='\<free *\( *\(' halt="don't cast free argument"	\
 	  $(_sc_search_regexp)
@@ -1405,11 +1174,6 @@ sc_require_config_h_first:
 	else :;								\
 	fi
 
-sc_prohibit_WITH_MBRTOWC:
-	@prohibit='\bWITH_MBRTOWC\b'					\
-	halt="do not use $$prohibit; it is always defined"		\
-	  $(_sc_search_regexp)
-
 # To use this "command" macro, you must first define two shell variables:
 # h: the header name, with no enclosing <> or ""
 # re: a regular expression that matches IFF something provided by $h is used.
@@ -1430,97 +1194,10 @@ endef
 sc_prohibit_assert_without_use:
 	@h='assert.h' re='\<assert *\(' $(_sc_header_without_use)
 
-# Prohibit the inclusion of close-stream.h without an actual use.
-sc_prohibit_close_stream_without_use:
-	@h='close-stream.h' re='\<close_stream *\(' $(_sc_header_without_use)
-
 # Prohibit the inclusion of getopt.h without an actual use.
 sc_prohibit_getopt_without_use:
 	@h='getopt.h' re='\<getopt(_long)? *\(' $(_sc_header_without_use)
 
-# Don't include this header unless you use one of its functions.
-sc_prohibit_long_options_without_use:
-	@h='long-options.h' re='\<parse_(long_options|gnu_standard_options_only) *\(' \
-	  $(_sc_header_without_use)
-
-# Don't include this header unless you use one of its functions.
-sc_prohibit_inttostr_without_use:
-	@h='inttostr.h' re='\<(off|[iu]max|uint)tostr *\(' \
-	  $(_sc_header_without_use)
-
-# Don't include this header unless you use one of its functions.
-sc_prohibit_ignore_value_without_use:
-	@h='ignore-value.h' re='\<ignore_(value|ptr) *\(' \
-	  $(_sc_header_without_use)
-
-# Don't include this header unless you use one of its functions.
-sc_prohibit_error_without_use:
-	@h='error.h' \
-	re='\<error(_at_line|_print_progname|_one_per_line|_message_count)? *\('\
-	  $(_sc_header_without_use)
-
-# Don't include xalloc.h unless you use one of its functions.
-# Consider these symbols:
-# perl -lne '/^# *define (\w+)\(/ and print $1' lib/xalloc.h|grep -v '^__';
-# perl -lne '/^(?:extern )?(?:void|char) \*?(\w+) *\(/ and print $1' lib/xalloc.h
-# Divide into two sets on case, and filter each through this:
-# | sort | perl -MRegexp::Assemble -le \
-#  'print Regexp::Assemble->new(file => "/dev/stdin")->as_string'|sed 's/\?://g'
-# Note this was produced by the above:
-# _xa1 = \
-#x(((2n?)?re|c(har)?|n(re|m)|z)alloc|alloc_(oversized|die)|m(alloc|emdup)|strdup)
-# But we can do better, in at least two ways:
-# 1) take advantage of two "dup"-suffixed strings:
-# x(((2n?)?re|c(har)?|n(re|m)|[mz])alloc|alloc_(oversized|die)|(mem|str)dup)
-# 2) notice that "c(har)?|[mz]" is equivalent to the shorter and more readable
-# "char|[cmz]"
-# x(((2n?)?re|char|n(re|m)|[cmz])alloc|alloc_(oversized|die)|(mem|str)dup)
-_xa1 = x(((2n?)?re|char|n(re|m)|[cmz])alloc|alloc_(oversized|die)|(mem|str)dup)
-_xa2 = X([CZ]|N?M)ALLOC
-sc_prohibit_xalloc_without_use:
-	@h='xalloc.h' \
-	re='\<($(_xa1)|$(_xa2)) *\('\
-	  $(_sc_header_without_use)
-
-sc_prohibit_cloexec_without_use:
-	@h='cloexec.h' re='\<(set_cloexec_flag|dup_cloexec) *\(' \
-	  $(_sc_header_without_use)
-
-sc_prohibit_posixver_without_use:
-	@h='posixver.h' re='\<posix2_version *\(' $(_sc_header_without_use)
-
-sc_prohibit_same_without_use:
-	@h='same.h' re='\<same_name(at)? *\(' $(_sc_header_without_use)
-
-sc_prohibit_hash_pjw_without_use:
-	@h='hash-pjw.h' \
-	re='\<hash_pjw\>' \
-	  $(_sc_header_without_use)
-
-sc_prohibit_safe_read_without_use:
-	@h='safe-read.h' re='(\<SAFE_READ_ERROR\>|\<safe_read *\()' \
-	  $(_sc_header_without_use)
-
-sc_prohibit_argmatch_without_use:
-	@h='argmatch.h' \
-	re='(\<(ARRAY_CARDINALITY|X?ARGMATCH(|_TO_ARGUMENT|_VERIFY))\>|\<(invalid_arg|argmatch(_exit_fn|_(in)?valid)?) *\()' \
-	  $(_sc_header_without_use)
-
-sc_prohibit_canonicalize_without_use:
-	@h='canonicalize.h' \
-	re='CAN_(EXISTING|ALL_BUT_LAST|MISSING)|canonicalize_(mode_t|filename_mode|file_name)' \
-	  $(_sc_header_without_use)
-
-sc_prohibit_root_dev_ino_without_use:
-	@h='root-dev-ino.h' \
-	re='(\<ROOT_DEV_INO_(CHECK|WARN)\>|\<get_root_dev_ino *\()' \
-	  $(_sc_header_without_use)
-
-sc_prohibit_openat_without_use:
-	@h='openat.h' \
-	re='\<(openat_(permissive|needs_fchdir|(save|restore)_fail)|l?(stat|ch(own|mod))at|(euid)?accessat|(FCHMOD|FCHOWN|STAT)AT_INLINE)\>' \
-	  $(_sc_header_without_use)
-
 # The following list was generated by running:
 # man signal.h|col -b|perl -ne '/bsd_signal.*;/.../sigwaitinfo.*;/ and print' \
 #   | perl -lne '/^\s+(?:int|void).*?(\w+).*/ and print $1' | fmt
@@ -1561,19 +1238,6 @@ sc_prohibit_stdio--_without_use:
 	@h='stdio--.h' re='\<((f(re)?|p)open|tmpfile) *\('		\
 	  $(_sc_header_without_use)
 
-# Don't include stdio-safer.h unless you use one of its functions.
-sc_prohibit_stdio-safer_without_use:
-	@h='stdio-safer.h' re='\<((f(re)?|p)open|tmpfile)_safer *\('	\
-	  $(_sc_header_without_use)
-
-# Prohibit the inclusion of strings.h without a sensible use.
-# Using the likes of bcmp, bcopy, bzero, index or rindex is not sensible.
-sc_prohibit_strings_without_use:
-	@h='strings.h'							\
-	re='\<(strn?casecmp|ffs(ll)?)\>'				\
-	  $(_sc_header_without_use)
-
-
 _stddef_syms_re = NULL|offsetof|ptrdiff_t|size_t|wchar_t
 # Prohibit the inclusion of stddef.h without an actual use.
 sc_prohibit_stddef_without_use:
@@ -1591,10 +1255,6 @@ sc_prohibit_dirent_without_use:
 	re='\<($(_dirent_syms_re))\>'					\
 	  $(_sc_header_without_use)
 
-# Don't include xfreopen.h unless you use one of its functions.
-sc_prohibit_xfreopen_without_use:
-	@h='xfreopen.h' re='\<xfreopen *\(' $(_sc_header_without_use)
-
 # Ensure that each .c file containing a "main" function also
 # calls bindtextdomain.
 sc_bindtextdomain:
@@ -1637,14 +1297,6 @@ sc_prohibit_backup_files:
 	  { echo '$(ME): found version controlled backup file' 1>&2;	\
 	    exit 1; } || :
 
-# Require the latest GFDL.  Two regexp, since some .texi files end up
-# line wrapping between 'Free Documentation License,' and 'Version'.
-_GFDL_regexp = (Free ''Documentation.*Version 1\.[^3]|Version 1\.[^3] or any)
-sc_GFDL_version:
-	@prohibit='$(_GFDL_regexp)'					\
-	halt='GFDL vN, N!=3'						\
-	  $(_sc_search_regexp)
-
 # This Perl code is slightly obfuscated.  Not only is each "$" doubled
 # because it's in a Makefile, but the $$c's are comments;  we cannot
 # use "#" due to the way the script ends up concatenated onto one line.
@@ -1828,7 +1480,7 @@ sc_prohibit_path_max_allocation:
 	  $(_sc_search_regexp)
 
 ifneq ($(_gl-Makefile),)
-syntax-check: sc_spacing-check sc_test-wrap-argv \
+syntax-check: sc_spacing-check \
 	sc_prohibit-duplicate-header sc_mock-noinline sc_group-qemu-caps \
         sc_header-ifdef
 	@if ! cppi --version >/dev/null 2>&1; then \
@@ -1849,26 +1501,29 @@ sc_prohibit-duplicate-header:
 	$(PYTHON) $(top_srcdir)/scripts/prohibit-duplicate-header.py
 
 sc_spacing-check:
-	$(AM_V_GEN)$(VC_LIST) | $(GREP) '\.c$$' | xargs \
+	$(AM_V_GEN)$(VC_LIST_EXCEPT) | $(GREP) '\.c$$' | xargs \
 	$(PERL) $(top_srcdir)/build-aux/check-spacing.pl || \
 	  { echo '$(ME): incorrect formatting' 1>&2; exit 1; }
 
 sc_mock-noinline:
-	$(AM_V_GEN)$(VC_LIST) | $(GREP) '\.[ch]$$' | $(RUNUTF8) xargs \
+	$(AM_V_GEN)$(VC_LIST_EXCEPT) | $(GREP) '\.[ch]$$' | $(RUNUTF8) xargs \
 	$(PYTHON) $(top_srcdir)/scripts/mock-noinline.py
 
 sc_header-ifdef:
-	$(AM_V_GEN)$(VC_LIST) | $(GREP) '\.[h]$$' | $(RUNUTF8) xargs \
+	$(AM_V_GEN)$(VC_LIST_EXCEPT) | $(GREP) '\.[h]$$' | $(RUNUTF8) xargs \
 	$(PYTHON) $(top_srcdir)/scripts/header-ifdef.py
 
-sc_test-wrap-argv:
-	$(AM_V_GEN)$(VC_LIST) | $(GREP) -E '\.(ldargs|args)' | $(RUNUTF8) xargs \
-	$(PYTHON) $(top_srcdir)/scripts/test-wrap-argv.py --check
-
 sc_group-qemu-caps:
 	$(AM_V_GEN)$(RUNUTF8) $(PYTHON) $(top_srcdir)/scripts/group-qemu-caps.py \
 		--check --prefix $(top_srcdir)/
 
+sc_prohibit_enum_impl_with_vir_prefix_in_virsh:
+	@prohibit='VIR_ENUM_(IMPL|DECL)\(vir[^s]'			\
+	in_vc_files='tools/virsh.*\.[ch]$$'					\
+	halt='avoid "vir" prefix for enums in virsh'				\
+	  $(_sc_search_regexp)
+
+
 # List all syntax-check exemptions:
 exclude_file_name_regexp--sc_avoid_strcase = ^tools/vsh\.h$$
 
@@ -1881,9 +1536,6 @@ exclude_file_name_regexp--sc_bindtextdomain = .*
 
 exclude_file_name_regexp--sc_gettext_init = ^((tests|examples)/|tools/virt-login-shell.c|src/util/vireventglib\.c)
 
-exclude_file_name_regexp--sc_copyright_format = \
-	^build-aux/syntax-check\.mk$$
-
 exclude_file_name_regexp--sc_copyright_usage = \
   ^COPYING(|\.LESSER)|build-aux/syntax-check.mk$$
 
@@ -1895,11 +1547,8 @@ exclude_file_name_regexp--sc_libvirt_unmarked_diagnostics = \
 
 exclude_file_name_regexp--sc_po_check = ^(docs/|src/rpc/gendispatch\.pl$$|tests/commandtest.c$$)
 
-exclude_file_name_regexp--sc_prohibit_VIR_ERR_NO_MEMORY = \
-  ^(build-aux/syntax-check\.mk|include/libvirt/virterror\.h|src/remote/remote_daemon_dispatch\.c|src/util/virerror\.c|docs/internals/oomtesting\.html\.in)$$
-
 exclude_file_name_regexp--sc_prohibit_PATH_MAX = \
-	^build-aux/syntax-check\.mk$$
+	^(build-aux/syntax-check\.mk|tests/virfilemock.c)$$
 
 exclude_file_name_regexp--sc_prohibit_access_xok = \
 	^(src/util/virutil\.c)$$
@@ -1914,12 +1563,12 @@ exclude_file_name_regexp--sc_prohibit_close = \
   (\.p[yl]$$|\.spec\.in$$|^docs/|^(src/util/vir(file|event)\.c|src/libvirt-stream\.c|tests/(vir.+mock\.c|commandhelper\.c|qemusecuritymock\.c)|tools/nss/libvirt_nss_(leases|macs)\.c)$$)
 
 exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF = \
-  (^tests/(nodedevmdevctl|virhostcpu|virpcitest)data/|docs/js/.*\.js|docs/fonts/.*\.woff|\.diff|tests/virconfdata/no-newline\.conf$$)
+  (^tests/(nodedevmdevctl|virhostcpu|virpcitest|virstoragetest)data/|docs/js/.*\.js|docs/fonts/.*\.woff|\.diff|tests/virconfdata/no-newline\.conf$$)
 
 exclude_file_name_regexp--sc_prohibit_fork_wrappers = \
   (^(src/(util/(vircommand|virdaemon)|lxc/lxc_controller)|tests/testutils)\.c$$)
 
-exclude_file_name_regexp--sc_prohibit_gethostname = ^src/util/vir(util|log)\.c$$
+exclude_file_name_regexp--sc_prohibit_gethostname = ^src/util/virutil\.c$$
 
 exclude_file_name_regexp--sc_prohibit_internal_functions = \
   ^src/(util/(viralloc|virutil|virfile)\.[hc]|esx/esx_vi\.c)$$
@@ -1940,7 +1589,7 @@ exclude_file_name_regexp--sc_prohibit_canonicalize_file_name = \
   ^(build-aux/syntax-check\.mk|tests/virfilemock\.c)$$
 
 exclude_file_name_regexp--sc_prohibit_raw_allocation = \
-  ^(docs/advanced-tests\.rst|src/util/viralloc\.[ch]|examples/.*|tests/(securityselinuxhelper|(vircgroup|nss)mock|commandhelper)\.c|tools/wireshark/src/packet-libvirt\.c|tools/nss/libvirt_nss(_leases|_macs)?\.c|build-aux/useless-if-before-free)$$
+  ^(docs/advanced-tests\.rst|src/util/viralloc\.[ch]|examples/.*|tests/(securityselinuxhelper|(vircgroup|nss)mock|commandhelper)\.c|tools/wireshark/src/packet-libvirt\.c|tools/nss/libvirt_nss(_leases|_macs)?\.c)$$
 
 exclude_file_name_regexp--sc_prohibit_readlink = \
   ^src/(util/virutil|lxc/lxc_container)\.c$$
@@ -1956,7 +1605,7 @@ exclude_file_name_regexp--sc_prohibit_xmlGetProp = ^src/util/virxml\.c$$
 
 exclude_file_name_regexp--sc_prohibit_xmlURI = ^src/util/viruri\.c$$
 
-exclude_file_name_regexp--sc_prohibit_return_as_function = \.py|build-aux/useless-if-before-free$$
+exclude_file_name_regexp--sc_prohibit_return_as_function = \.py$$
 
 exclude_file_name_regexp--sc_require_config_h = \
 	^(examples/|tools/virsh-edit\.c$$|tests/virmockstathelpers.c)
@@ -1994,7 +1643,7 @@ exclude_file_name_regexp--sc_prohibit_mixed_case_abbreviations = \
   ^src/(vbox/vbox_CAPI.*.h|esx/esx_vi.(c|h)|esx/esx_storage_backend_iscsi.c)$$
 
 exclude_file_name_regexp--sc_prohibit_empty_first_line = \
-  ^(src/esx/README|tests/(vmwarever|virhostcpu)data/.*)$$
+  ^tests/vmwareverdata/fusion-5.0.3.txt$$
 
 exclude_file_name_regexp--sc_prohibit_useless_translation = \
   ^tests/virpolkittest.c

build-aux/useless-if-before-free

@@ -1,226 +0,0 @@
-#!/bin/sh
-#! -*-perl-*-
-
-# Detect instances of "if (p) free (p);".
-# Likewise "if (p != 0)", "if (0 != p)", or with NULL; and with braces.
-
-# Copyright (C) 2008-2019 Free Software Foundation, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <https://www.gnu.org/licenses/>.
-#
-# Written by Jim Meyering
-
-# This is a prologue that allows to run a perl script as an executable
-# on systems that are compliant to a POSIX version before POSIX:2017.
-# On such systems, the usual invocation of an executable through execlp()
-# or execvp() fails with ENOEXEC if it is a script that does not start
-# with a #! line.  The script interpreter mentioned in the #! line has
-# to be /bin/sh, because on GuixSD systems that is the only program that
-# has a fixed file name.  The second line is essential for perl and is
-# also useful for editing this file in Emacs.  The next two lines below
-# are valid code in both sh and perl.  When executed by sh, they re-execute
-# the script through the perl program found in $PATH.  The '-x' option
-# is essential as well; without it, perl would re-execute the script
-# through /bin/sh.  When executed by  perl, the next two lines are a no-op.
-eval 'exec perl -wSx "$0" "$@"'
-     if 0;
-
-my $VERSION = '2018-03-07 03:47'; # UTC
-# The definition above must lie within the first 8 lines in order
-# for the Emacs time-stamp write hook (at end) to update it.
-# If you change this file with Emacs, please let the write hook
-# do its job.  Otherwise, update this string manually.
-
-use strict;
-use warnings;
-use Getopt::Long;
-
-(my $ME = $0) =~ s|.*/||;
-
-# use File::Coda; # https://meyering.net/code/Coda/
-END {
-  defined fileno STDOUT or return;
-  close STDOUT and return;
-  warn "$ME: failed to close standard output: $!\n";
-  $? ||= 1;
-}
-
-sub usage ($)
-{
-  my ($exit_code) = @_;
-  my $STREAM = ($exit_code == 0 ? *STDOUT : *STDERR);
-  if ($exit_code != 0)
-    {
-      print $STREAM "Try '$ME --help' for more information.\n";
-    }
-  else
-    {
-      print $STREAM <<EOF;
-Usage: $ME [OPTIONS] FILE...
-
-Detect any instance in FILE of a useless "if" test before a free call, e.g.,
-"if (p) free (p);".  Any such test may be safely removed without affecting
-the semantics of the C code in FILE.  Use --name=FOO --name=BAR to also
-detect free-like functions named FOO and BAR.
-
-OPTIONS:
-
-   --list       print only the name of each matching FILE (\\0-terminated)
-   --name=N     add name N to the list of \'free\'-like functions to detect;
-                  may be repeated
-
-   --help       display this help and exit
-   --version    output version information and exit
-
-Exit status:
-
-  0   one or more matches
-  1   no match
-  2   an error
-
-EXAMPLE:
-
-For example, this command prints all removable "if" tests before "free"
-and "kfree" calls in the linux kernel sources:
-
-    git ls-files -z |xargs -0 $ME --name=kfree
-
-EOF
-    }
-  exit $exit_code;
-}
-
-sub is_NULL ($)
-{
-  my ($expr) = @_;
-  return ($expr eq 'NULL' || $expr eq '0');
-}
-
-{
-  sub EXIT_MATCH {0}
-  sub EXIT_NO_MATCH {1}
-  sub EXIT_ERROR {2}
-  my $err = EXIT_NO_MATCH;
-
-  my $list;
-  my @name = qw(free);
-  GetOptions
-    (
-     help => sub { usage 0 },
-     version => sub { print "$ME version $VERSION\n"; exit },
-     list => \$list,
-     'name=s@' => \@name,
-    ) or usage 1;
-
-  # Make sure we have the right number of non-option arguments.
-  # Always tell the user why we fail.
-  @ARGV < 1
-    and (warn "$ME: missing FILE argument\n"), usage EXIT_ERROR;
-
-  my $or = join '|', @name;
-  my $regexp = qr/(?:$or)/;
-
-  # Set the input record separator.
-  # Note: this makes it impractical to print line numbers.
-  $/ = '"';
-
-  my $found_match = 0;
- FILE:
-  foreach my $file (@ARGV)
-    {
-      open FH, '<', $file
-        or (warn "$ME: can't open '$file' for reading: $!\n"),
-          $err = EXIT_ERROR, next;
-      while (defined (my $line = <FH>))
-        {
-          # Skip non-matching lines early to save time
-          $line =~ /\bif\b/
-            or next;
-          while ($line =~
-              /\b(if\s*\(\s*([^)]+?)(?:\s*!=\s*([^)]+?))?\s*\)
-              #  1          2                  3
-               (?:   \s*$regexp\s*\((?:\s*\([^)]+\))?\s*([^)]+)\)\s*;|
-                \s*\{\s*$regexp\s*\((?:\s*\([^)]+\))?\s*([^)]+)\)\s*;\s*\}))/sxg)
-            {
-              my $all = $1;
-              my ($lhs, $rhs) = ($2, $3);
-              my ($free_opnd, $braced_free_opnd) = ($4, $5);
-              my $non_NULL;
-              if (!defined $rhs) { $non_NULL = $lhs }
-              elsif (is_NULL $rhs) { $non_NULL = $lhs }
-              elsif (is_NULL $lhs) { $non_NULL = $rhs }
-              else { next }
-
-              # Compare the non-NULL part of the "if" expression and the
-              # free'd expression, without regard to white space.
-              $non_NULL =~ tr/ \t//d;
-              my $e2 = defined $free_opnd ? $free_opnd : $braced_free_opnd;
-              $e2 =~ tr/ \t//d;
-              if ($non_NULL eq $e2)
-                {
-                  $found_match = 1;
-                  $list
-                    and (print "$file\0"), next FILE;
-                  print "$file: $all\n";
-                }
-            }
-        }
-    }
-  continue
-    {
-      close FH;
-    }
-
-  $found_match && $err == EXIT_NO_MATCH
-    and $err = EXIT_MATCH;
-
-  exit $err;
-}
-
-my $foo = <<'EOF';
-# The above is to *find* them.
-# This adjusts them, removing the unnecessary "if (p)" part.
-
-# FIXME: do something like this as an option (doesn't do braces):
-free=xfree
-git grep -l -z "$free *(" \
-  | xargs -0 useless-if-before-free -l --name="$free" \
-  | xargs -0 perl -0x3b -pi -e \
-   's/\bif\s*\(\s*(\S+?)(?:\s*!=\s*(?:0|NULL))?\s*\)\s+('"$free"'\s*\((?:\s*\([^)]+\))?\s*\1\s*\)\s*;)/$2/s'
-
-# Use the following to remove redundant uses of kfree inside braces.
-# Note that -0777 puts perl in slurp-whole-file mode;
-# but we have plenty of memory, these days...
-free=kfree
-git grep -l -z "$free *(" \
-  | xargs -0 useless-if-before-free -l --name="$free" \
-  | xargs -0 perl -0777 -pi -e \
-     's/\bif\s*\(\s*(\S+?)(?:\s*!=\s*(?:0|NULL))?\s*\)\s*\{\s*('"$free"'\s*\((?:\s*\([^)]+\))?\s*\1\s*\);)\s*\}[^\n]*$/$2/gms'
-
-Be careful that the result of the above transformation is valid.
-If the matched string is followed by "else", then obviously, it won't be.
-
-When modifying files, refuse to process anything other than a regular file.
-EOF
-
-## Local Variables:
-## mode: perl
-## indent-tabs-mode: nil
-## eval: (add-hook 'before-save-hook 'time-stamp)
-## time-stamp-line-limit: 50
-## time-stamp-start: "my $VERSION = '"
-## time-stamp-format: "%:y-%02m-%02d %02H:%02M"
-## time-stamp-time-zone: "UTC0"
-## time-stamp-end: "'; # UTC"
-## End:

build-aux/vc-list-files

@@ -1,113 +0,0 @@
-#!/bin/sh
-# List version-controlled file names.
-
-# Print a version string.
-scriptversion=2018-03-07.03; # UTC
-
-# Copyright (C) 2006-2019 Free Software Foundation, Inc.
-
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-
-# List the specified version-controlled files.
-# With no argument, list them all.  With a single DIRECTORY argument,
-# list the version-controlled files in that directory.
-
-# If there's an argument, it must be a single, "."-relative directory name.
-# cvsu is part of the cvsutils package: http://www.red-bean.com/cvsutils/
-
-postprocess=
-case $1 in
-  --help) cat <<EOF
-Usage: $0 [-C SRCDIR] [DIR...]
-
-Output a list of version-controlled files in DIR (default .), relative to
-SRCDIR (default .).  SRCDIR must be the top directory of a checkout.
-
-Options:
-  --help     print this help, then exit
-  --version  print version number, then exit
-  -C SRCDIR  change directory to SRCDIR before generating list
-
-Report bugs and patches to <bug-gnulib@gnu.org>.
-EOF
-    exit ;;
-
-  --version)
-    year=`echo "$scriptversion" | sed 's/[^0-9].*//'`
-    cat <<EOF
-vc-list-files $scriptversion
-Copyright (C) $year Free Software Foundation, Inc,
-License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
-This is free software: you are free to change and redistribute it.
-There is NO WARRANTY, to the extent permitted by law.
-EOF
-    exit ;;
-
-  -C)
-    test "$2" = . || postprocess="| sed 's|^|$2/|'"
-    cd "$2" || exit 1
-    shift; shift ;;
-esac
-
-test $# = 0 && set .
-
-for dir
-do
-  if test -d .git || test -f .git; then
-    test "x$dir" = x. \
-      && dir= sed_esc= \
-      || { dir="$dir/"; sed_esc=`echo "$dir"|env sed 's,\([\\/]\),\\\\\1,g'`; }
-    # Ignore git symlinks - either they point into the tree, in which case
-    # we don't need to visit the target twice, or they point somewhere
-    # else (often into a submodule), in which case the content does not
-    # belong to this package.
-    eval exec git ls-tree -r 'HEAD:"$dir"' \
-      \| sed -n '"s/^100[^	]*./$sed_esc/p"' $postprocess
-  elif test -d .hg; then
-    eval exec hg locate '"$dir/*"' $postprocess
-  elif test -d .bzr; then
-    test "$postprocess" = '' && postprocess="| sed 's|^\./||'"
-    eval exec bzr ls -R --versioned '"$dir"' $postprocess
-  elif test -d CVS; then
-    test "$postprocess" = '' && postprocess="| sed 's|^\./||'"
-    if test -x build-aux/cvsu; then
-      eval build-aux/cvsu --find --types=AFGM '"$dir"' $postprocess
-    elif (cvsu --help) >/dev/null 2>&1; then
-      eval cvsu --find --types=AFGM '"$dir"' $postprocess
-    else
-      eval awk -F/ \''{			\
-          if (!$1 && $3 !~ /^-/) {	\
-            f=FILENAME;			\
-            if (f ~ /CVS\/Entries$/)	\
-              f = substr(f, 1, length(f)-11); \
-            print f $2;			\
-          }}'\''				\
-        `find "$dir" -name Entries -print` /dev/null' $postprocess
-    fi
-  elif test -d .svn; then
-    eval exec svn list -R '"$dir"' $postprocess
-  else
-    echo "$0: Failed to determine type of version control used in `pwd`" 1>&2
-    exit 1
-  fi
-done
-
-# Local variables:
-# eval: (add-hook 'before-save-hook 'time-stamp)
-# time-stamp-start: "scriptversion="
-# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC0"
-# time-stamp-end: "; # UTC"
-# End:

ci/Makefile

@@ -20,9 +20,6 @@ CI_HOST_SRCDIR = $(CI_SCRATCHDIR)/src
 # the $(CI_HOST_SRCDIR) directory from the host
 CI_CONT_SRCDIR = $(CI_USER_HOME)/libvirt
 
-# Script containing environment preparation steps
-CI_PREPARE_SCRIPT = $(CI_ROOTDIR)/prepare.sh
-
 # Script containing build instructions
 CI_BUILD_SCRIPT = $(CI_ROOTDIR)/build.sh
 
@@ -45,15 +42,15 @@ CI_CLEAN = 1
 # preserved env
 CI_REUSE = 0
 
-# We need the container process to run with current host IDs
-# so that it can access the passed in build directory
-CI_UID = $(shell id -u)
-CI_GID = $(shell id -g)
-
-# We also need the user's login and home directory to prepare the
+# We need the user's login and home directory to prepare the
 # environment the way some programs expect it
-CI_USER_LOGIN = $(shell echo "$$USER")
-CI_USER_HOME = $(shell echo "$$HOME")
+CI_USER_LOGIN = $(shell whoami)
+CI_USER_HOME = $(shell eval echo "~$(CI_USER_LOGIN)")
+
+# We also need the container process to run with current host IDs
+# so that it can access the passed in build directory
+CI_UID = $(shell id -u "$(CI_USER_LOGIN)")
+CI_GID = $(shell id -g "$(CI_USER_LOGIN)")
 
 CI_ENGINE = auto
 # Container engine we are going to use, can be overridden per make
@@ -82,7 +79,6 @@ CI_HOME_MOUNTS = \
 	$(NULL)
 
 CI_SCRIPT_MOUNTS = \
-	--volume $(CI_SCRATCHDIR)/prepare:$(CI_USER_HOME)/prepare:z \
 	--volume $(CI_SCRATCHDIR)/build:$(CI_USER_HOME)/build:z \
 	$(NULL)
 
@@ -125,14 +121,16 @@ ifeq ($(CI_ENGINE),podman)
 	CI_UID_OTHER_RANGE = $(shell echo $$(($(CI_MAX_UID)-$(CI_UID))))
 	CI_GID_OTHER_RANGE = $(shell echo $$(($(CI_MAX_GID)-$(CI_GID))))
 
-	CI_PODMAN_ARGS = \
-		--uidmap 0:1:$(CI_UID) \
-		--uidmap $(CI_UID):0:1 \
-		--uidmap $(CI_UID_OTHER):$(CI_UID_OTHER):$(CI_UID_OTHER_RANGE) \
-		--gidmap 0:1:$(CI_GID) \
-		--gidmap $(CI_GID):0:1 \
-		--gidmap $(CI_GID_OTHER):$(CI_GID_OTHER):$(CI_GID_OTHER_RANGE) \
-		$(NULL)
+	ifneq ($(CI_UID), 0)
+		CI_PODMAN_ARGS = \
+			--uidmap 0:1:$(CI_UID) \
+			--uidmap $(CI_UID):0:1 \
+			--uidmap $(CI_UID_OTHER):$(CI_UID_OTHER):$(CI_UID_OTHER_RANGE) \
+			--gidmap 0:1:$(CI_GID) \
+			--gidmap $(CI_GID):0:1 \
+			--gidmap $(CI_GID_OTHER):$(CI_GID_OTHER):$(CI_GID_OTHER_RANGE) \
+			$(NULL)
+	endif
 endif
 
 # Args to use when cloning a git repo.
@@ -150,6 +148,8 @@ CI_GIT_ARGS = \
 #   --user    we execute as the same user & group account
 #             as dev so that file ownership matches host
 #             instead of root:root
+#   --workdir we change to user's home dir in the container
+#             before running the workload
 #   --volume  to pass in the cloned git repo & config
 #   --ulimit  lower files limit for performance reasons
 #   --interactive
@@ -158,6 +158,11 @@ CI_ENGINE_ARGS = \
 	--rm \
 	--interactive \
 	--tty \
+	--user "$(CI_UID)":"$(CI_GID)" \
+	--workdir "$(CI_USER_HOME)" \
+	--env CI_CONT_SRCDIR="$(CI_CONT_SRCDIR)" \
+	--env CI_MESON_ARGS="$(CI_MESON_ARGS)" \
+	--env CI_NINJA_ARGS="$(CI_NINJA_ARGS)" \
 	$(CI_PODMAN_ARGS) \
 	$(CI_PWDB_MOUNTS) \
 	$(CI_HOME_MOUNTS) \
@@ -178,9 +183,8 @@ ci-prepare-tree: ci-check-engine
 		cp /etc/passwd $(CI_SCRATCHDIR); \
 		cp /etc/group $(CI_SCRATCHDIR); \
 		mkdir -p $(CI_SCRATCHDIR)/home; \
-		cp "$(CI_PREPARE_SCRIPT)" $(CI_SCRATCHDIR)/prepare; \
 		cp "$(CI_BUILD_SCRIPT)" $(CI_SCRATCHDIR)/build; \
-		chmod +x "$(CI_SCRATCHDIR)/prepare" "$(CI_SCRATCHDIR)/build"; \
+		chmod +x "$(CI_SCRATCHDIR)/build"; \
 		echo "Cloning $(CI_GIT_ROOT) to $(CI_HOST_SRCDIR)"; \
 		git clone $(CI_GIT_ARGS) $(CI_GIT_ROOT) $(CI_HOST_SRCDIR) || exit 1; \
 		for mod in $$(git submodule | awk '{ print $$2 }' | sed -E 's,^../,,g') ; \
@@ -192,18 +196,10 @@ ci-prepare-tree: ci-check-engine
 	fi
 
 ci-run-command@%: ci-prepare-tree
-	$(CI_ENGINE) run $(CI_ENGINE_ARGS) $(CI_IMAGE_PREFIX)$*$(CI_IMAGE_TAG) \
-		/bin/bash -c ' \
-		$(CI_USER_HOME)/prepare || exit 1; \
-		sudo \
-		  --login \
-		  --user="#$(CI_UID)" \
-		  --group="#$(CI_GID)" \
-		  MESON_OPTS="$$MESON_OPTS" \
-		  CI_CONT_SRCDIR="$(CI_CONT_SRCDIR)" \
-		  CI_MESON_ARGS="$(CI_MESON_ARGS)" \
-		  CI_NINJA_ARGS="$(CI_NINJA_ARGS)" \
-		  $(CI_COMMAND) || exit 1'
+	$(CI_ENGINE) run \
+		$(CI_ENGINE_ARGS) \
+		$(CI_IMAGE_PREFIX)$*$(CI_IMAGE_TAG) \
+		$(CI_COMMAND)
 	@test "$(CI_CLEAN)" = "1" && rm -rf $(CI_SCRATCHDIR) || :
 
 ci-shell@%:
@@ -215,33 +211,35 @@ ci-build@%:
 ci-test@%:
 	$(MAKE) -C $(CI_ROOTDIR) ci-build@$* CI_NINJA_ARGS=test
 
-ci-list-images:
-	@echo
-	@echo "Available x86 container images:"
-	@echo
-	@sh list-images.sh "$(CI_IMAGE_PREFIX)" | grep -v cross
-	@echo
-	@echo "Available cross-compiler container images:"
-	@echo
-	@sh list-images.sh "$(CI_IMAGE_PREFIX)" | grep cross
-	@echo
-
 ci-help:
+	@echo
+	@echo
+	@echo
+	@echo "      !!!  PLEASE DON'T USE THIS DIRECTLY  !!!"
+	@echo
+	@echo "          Use the ci/helper script instead"
+	@echo
+	@echo "      !!!  PLEASE DON'T USE THIS DIRECTLY  !!!"
+	@echo
+	@echo
+	@echo
 	@echo "Build libvirt inside containers used for CI"
 	@echo
 	@echo "Available targets:"
 	@echo
 	@echo "    ci-build@\$$IMAGE - run a default 'ninja' build"
-	@echo "    ci-check@\$$IMAGE - run a 'ninja test'"
+	@echo "    ci-test@\$$IMAGE  - run a 'ninja test'"
 	@echo "    ci-shell@\$$IMAGE - run an interactive shell"
-	@echo "    ci-list-images  - list available images"
 	@echo "    ci-help         - show this help message"
 	@echo
 	@echo "Available make variables:"
 	@echo
-	@echo "    CI_CLEAN=0          - do not delete '$(CI_SCRATCHDIR)' after completion"
-	@echo "    CI_REUSE=1          - re-use existing '$(CI_SCRATCHDIR)' content"
-	@echo "    CI_ENGINE=auto      - container engine to use (podman, docker)"
-	@echo "    CI_MESON_ARGS=      - extra arguments passed to meson"
-	@echo "    CI_NINJA_ARGS=      - extra arguments passed to ninja"
+	@echo "    CI_CLEAN=0              - do not delete '$(CI_SCRATCHDIR)' after completion"
+	@echo "    CI_REUSE=1              - re-use existing '$(CI_SCRATCHDIR)' content"
+	@echo "    CI_ENGINE=auto          - container engine to use (podman, docker)"
+	@echo "    CI_USER_LOGIN=          - which user should run in the container (default is $$USER)"
+	@echo "    CI_IMAGE_PREFIX=        - override to prefer a locally built image, (default is $(CI_IMAGE_PREFIX))"
+	@echo "    CI_IMAGE_TAG=:latest    - optionally use in conjunction with 'CI_IMAGE_PREFIX'"
+	@echo "    CI_MESON_ARGS=          - extra arguments passed to meson"
+	@echo "    CI_NINJA_ARGS=          - extra arguments passed to ninja"
 	@echo

ci/README.rst

@@ -34,6 +34,12 @@ builds to happen when you push to your GitLab repository, you need to
 
 * grab an API token from the `Cirrus CI settings`_ page;
 
+* it may be necessary to push an empty ``.cirrus.yml`` file to your github fork
+  for Cirrus CI to properly recognize the project. You can check whether
+  Cirrus CI knows about your project by navigating to:
+
+  ``https://cirrus-ci.com/yourusername/libvirt``
+
 * in the *CI/CD / Variables* section of the settings page for your GitLab
   repository, create two new variables:
 
@@ -57,3 +63,25 @@ repository as usual and you'll automatically get the additional CI coverage.
 .. _Cirrus CI: https://cirrus-ci.com/
 .. _MinGW: http://mingw.org/
 .. _cirrus-run: https://github.com/sio/cirrus-run/
+
+
+Coverity scan integration
+=========================
+
+This will be used only by the main repository for master branch by running
+scheduled pipeline in GitLab.
+
+The service is proved by `Coverity Scan`_ and requires that the project is
+registered there to get free coverity analysis which we already have for
+`libvirt project`_.
+
+To run the coverity job it requires two new variables:
+
+  * ``COVERITY_SCAN_PROJECT_NAME``, containing the `libvirt project`_
+    name.
+
+  * ``COVERITY_SCAN_TOKEN``, token visible to admins of `libvirt project`_
+
+
+.. _Coverity Scan: https://scan.coverity.com/
+.. _libvirt project: https://scan.coverity.com/projects/libvirt

ci/build.sh

@@ -1,3 +1,5 @@
+#!/bin/sh
+
 # This script is used to build libvirt inside the container.
 #
 # You can customize it to your liking, or alternatively use a

ci/cirrus/build.yml

@@ -9,15 +9,21 @@ env:
   PKG_CONFIG_PATH: "@PKG_CONFIG_PATH@"
   PYTHON: "@PYTHON@"
   MAKE: "@MAKE@"
+  VIR_TEST_VERBOSE: "1"
+  VIR_TEST_DEBUG: "1"
 
 build_task:
   install_script:
+    - @UPDATE_COMMAND@
+    - @UPGRADE_COMMAND@
     - @INSTALL_COMMAND@ @PKGS@
-    - @PIP@ install @PYPI_PKGS@
+    - if test -n "@PYPI_PKGS@" ; then @PIP3@ install @PYPI_PKGS@ ; fi
   clone_script:
     - git clone --depth 100 "$CI_REPOSITORY_URL" .
     - git fetch origin "$CI_COMMIT_REF_NAME"
     - git reset --hard "$CI_COMMIT_SHA"
   build_script:
-    - meson build --prefix=$(pwd)/install-root
-    - ninja -C build dist
+    - meson setup build
+    - meson dist -C build --no-tests
+    - meson compile -C build
+    - meson test -C build --no-suite syntax-check

ci/cirrus/freebsd-12.vars

@@ -0,0 +1,16 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+CCACHE='/usr/local/bin/ccache'
+CPAN_PKGS=''
+CROSS_PKGS=''
+MAKE='/usr/local/bin/gmake'
+NINJA='/usr/local/bin/ninja'
+PACKAGING_COMMAND='pkg'
+PIP3='/usr/local/bin/pip-3.8'
+PKGS='augeas bash-completion ca_root_nss ccache codespell cppi curl cyrus-sasl diffutils diskscrub dnsmasq fusefs-libs gettext git glib gmake gnugrep gnutls gsed libpcap libpciaccess libssh libssh2 libxml2 libxslt meson ninja perl5 pkgconf polkit py38-docutils py38-flake8 python3 qemu readline yajl'
+PYPI_PKGS=''
+PYTHON='/usr/local/bin/python3'

ci/cirrus/freebsd-13.vars

@@ -0,0 +1,16 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+CCACHE='/usr/local/bin/ccache'
+CPAN_PKGS=''
+CROSS_PKGS=''
+MAKE='/usr/local/bin/gmake'
+NINJA='/usr/local/bin/ninja'
+PACKAGING_COMMAND='pkg'
+PIP3='/usr/local/bin/pip-3.8'
+PKGS='augeas bash-completion ca_root_nss ccache codespell cppi curl cyrus-sasl diffutils diskscrub dnsmasq fusefs-libs gettext git glib gmake gnugrep gnutls gsed libpcap libpciaccess libssh libssh2 libxml2 libxslt meson ninja perl5 pkgconf polkit py38-docutils py38-flake8 python3 qemu readline yajl'
+PYPI_PKGS=''
+PYTHON='/usr/local/bin/python3'

ci/cirrus/freebsd-current.vars

@@ -0,0 +1,16 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+CCACHE='/usr/local/bin/ccache'
+CPAN_PKGS=''
+CROSS_PKGS=''
+MAKE='/usr/local/bin/gmake'
+NINJA='/usr/local/bin/ninja'
+PACKAGING_COMMAND='pkg'
+PIP3='/usr/local/bin/pip-3.8'
+PKGS='augeas bash-completion ca_root_nss ccache codespell cppi curl cyrus-sasl diffutils diskscrub dnsmasq fusefs-libs gettext git glib gmake gnugrep gnutls gsed libpcap libpciaccess libssh libssh2 libxml2 libxslt meson ninja perl5 pkgconf polkit py38-docutils py38-flake8 python3 qemu readline yajl'
+PYPI_PKGS=''
+PYTHON='/usr/local/bin/python3'

ci/cirrus/libvirt-freebsd-11.vars

@@ -1,9 +0,0 @@
-PACKAGING_COMMAND='pkg'
-CC='/usr/bin/clang'
-CCACHE='/usr/local/bin/ccache'
-MAKE='/usr/local/bin/gmake'
-NINJA='/usr/local/bin/ninja'
-PYTHON='/usr/local/bin/python3'
-PIP='/usr/local/bin/pip-3.7'
-PKGS='augeas autoconf automake avahi bash bash-completion ca_root_nss ccache chrony cppi curl cyrus-sasl dbus diskscrub dnsmasq fusefs-libs gdb gettext gettext-tools git glib gmake gnutls hal libpcap libpciaccess libssh libssh2 libtool libxml2 libxslt lsof ncurses ninja p5-App-cpanminus patch perl5 pkgconf polkit py37-docutils py37-flake8 py37-pip py37-setuptools py37-wheel python3 qemu-utils radvd readline screen sudo vim yajl'
-PYPI_PKGS='meson==0.54.0'

ci/cirrus/libvirt-freebsd-12.vars

@@ -1,9 +0,0 @@
-PACKAGING_COMMAND='pkg'
-CC='/usr/bin/clang'
-CCACHE='/usr/local/bin/ccache'
-MAKE='/usr/local/bin/gmake'
-NINJA='/usr/local/bin/ninja'
-PYTHON='/usr/local/bin/python3'
-PIP='/usr/local/bin/pip-3.7'
-PKGS='augeas autoconf automake avahi bash bash-completion ca_root_nss ccache chrony cppi curl cyrus-sasl dbus diskscrub dnsmasq fusefs-libs gdb gettext gettext-tools git glib gmake gnutls hal libpcap libpciaccess libssh libssh2 libtool libxml2 libxslt lsof ncurses ninja p5-App-cpanminus patch perl5 pkgconf polkit py37-docutils py37-flake8 py37-pip py37-setuptools py37-wheel python3 qemu-utils radvd readline screen sudo vim yajl'
-PYPI_PKGS='meson==0.54.0'

ci/cirrus/libvirt-macos-1015.vars

@@ -1,9 +0,0 @@
-PACKAGING_COMMAND='brew'
-CC='/usr/bin/clang'
-CCACHE='/usr/local/bin/ccache'
-MAKE='/usr/local/bin/gmake'
-NINJA='/usr/local/bin/ninja'
-PYTHON='/usr/local/bin/python3'
-PIP='/usr/local/bin/pip3'
-PKGS='augeas autoconf automake bash bash-completion ccache cpanminus cppi curl dbus dnsmasq docutils flake8 gdb gettext git glib gnutls gpatch libiscsi libpcap libssh libssh2 libtool libxml2 libxslt lsof make ncurses ninja perl pkg-config python3 qemu readline rpcgen screen scrub vim xz yajl'
-PYPI_PKGS='meson==0.54.0'

ci/cirrus/macos-11.vars

@@ -0,0 +1,16 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+CCACHE='/usr/local/bin/ccache'
+CPAN_PKGS=''
+CROSS_PKGS=''
+MAKE='/usr/local/bin/gmake'
+NINJA='/usr/local/bin/ninja'
+PACKAGING_COMMAND='brew'
+PIP3='/usr/local/bin/pip3'
+PKGS='augeas bash-completion ccache codespell cppi curl diffutils dnsmasq docutils flake8 gettext git glib gnu-sed gnutls grep libiscsi libpcap libssh libssh2 libxml2 libxslt make meson ninja perl pkg-config python3 qemu readline rpcgen scrub yajl'
+PYPI_PKGS=''
+PYTHON='/usr/local/bin/python3'

ci/cirrus/refresh

@@ -1,22 +0,0 @@
-#!/bin/sh
-
-if test -z "$1"
-then
-    echo "syntax: $0 PATH-TO-LCITOOL"
-    exit 1
-fi
-
-LCITOOL=$1
-
-if ! test -x "$LCITOOL"
-then
-    echo "$LCITOOL is not executable"
-    exit 1
-fi
-
-HOSTS=$($LCITOOL hosts | grep -E 'freebsd-12|macos')
-
-for host in $HOSTS
-do
-    $LCITOOL variables "$host" libvirt >"$host.vars"
-done

ci/containers/README.rst

@@ -1,36 +0,0 @@
-CI job assets
-=============
-
-This directory contains assets used in the automated CI jobs, most
-notably the Dockerfiles used to build container images in which the
-CI jobs then run.
-
-The ``refresh`` script is used to re-create the Dockerfiles using the
-``lcitool`` command that is provided by repo
-https://gitlab.com/libvirt/libvirt-ci
-
-The containers are built during the CI process and cached in the GitLab
-container registry of the project doing the build. The cached containers
-can be deleted at any time and will be correctly rebuilt.
-
-
-Coverity scan integration
-=========================
-
-This will be used only by the main repository for master branch by running
-scheduled pipeline in GitLab.
-
-The service is proved by `Coverity Scan`_ and requires that the project is
-registered there to get free coverity analysis which we already have for
-`libvirt project`_.
-
-To run the coverity job it requires two new variables:
-
-  * ``COVERITY_SCAN_PROJECT_NAME``, containing the `libvirt project`_
-    name.
-
-  * ``COVERITY_SCAN_TOKEN``, token visible to admins of `libvirt project`_
-
-
-.. _Coverity Scan: https://scan.coverity.com/
-.. _libvirt project: https://scan.coverity.com/projects/libvirt

ci/containers/centos-8.Dockerfile

@@ -1,39 +1,44 @@
-FROM fedora:32
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM docker.io/library/centos:8
 
 RUN dnf update -y && \
+    dnf install 'dnf-command(config-manager)' -y && \
+    dnf config-manager --set-enabled -y powertools && \
+    dnf install -y centos-release-advanced-virtualization && \
+    dnf install -y epel-release && \
     dnf install -y \
         audit-libs-devel \
         augeas \
-        autoconf \
-        automake \
-        avahi-devel \
-        bash \
         bash-completion \
         ca-certificates \
         ccache \
-        chrony \
         clang \
-        cppi \
+        cpp \
         cyrus-sasl-devel \
-        dbus-devel \
         device-mapper-devel \
+        diffutils \
         dnsmasq \
         dwarves \
         ebtables \
         firewalld-filesystem \
         fuse-devel \
         gcc \
-        gdb \
         gettext \
-        gettext-devel \
         git \
         glib2-devel \
         glibc-devel \
         glibc-langpack-en \
         glusterfs-api-devel \
         gnutls-devel \
+        grep \
         iproute \
         iproute-tc \
+        iptables \
         iscsi-initiator-utils \
         kmod \
         libacl-devel \
@@ -50,64 +55,46 @@ RUN dnf update -y && \
         libssh-devel \
         libssh2-devel \
         libtirpc-devel \
-        libtool \
-        libudev-devel \
         libwsman-devel \
         libxml2 \
         libxml2-devel \
         libxslt \
-        lsof \
         lvm2 \
         make \
         meson \
-        net-tools \
         netcf-devel \
         nfs-utils \
         ninja-build \
         numactl-devel \
         numad \
-        parted \
         parted-devel \
-        patch \
         perl \
-        perl-App-cpanminus \
         pkgconfig \
         polkit \
         python3 \
         python3-docutils \
         python3-flake8 \
-        python3-pip \
-        python3-setuptools \
-        python3-wheel \
         qemu-img \
-        radvd \
         readline-devel \
         rpcgen \
         rpm-build \
         sanlock-devel \
-        screen \
         scrub \
-        sheepdog \
-        strace \
-        sudo \
+        sed \
+        systemd-devel \
         systemtap-sdt-devel \
-        vim \
         wireshark-devel \
-        xen-devel \
-        xfsprogs-devel \
-        xz \
-        yajl-devel \
-        zfs-fuse && \
+        yajl-devel && \
     dnf autoremove -y && \
     dnf clean all -y && \
+    rpm -qa | sort > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/$(basename /usr/bin/gcc)
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/clang && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/gcc
 
 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

ci/containers/centos-stream-8.Dockerfile

@@ -1,42 +1,44 @@
-FROM centos:8
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
 
-RUN dnf install -y centos-release-stream && \
+FROM quay.io/centos/centos:stream8
+
+RUN dnf update -y && \
     dnf install 'dnf-command(config-manager)' -y && \
-    dnf config-manager --set-enabled -y Stream-PowerTools && \
+    dnf config-manager --set-enabled -y powertools && \
+    dnf install -y centos-release-advanced-virtualization && \
     dnf install -y epel-release && \
-    dnf update -y && \
     dnf install -y \
         audit-libs-devel \
         augeas \
-        autoconf \
-        automake \
-        avahi-devel \
-        bash \
         bash-completion \
         ca-certificates \
         ccache \
-        chrony \
         clang \
+        cpp \
         cyrus-sasl-devel \
-        dbus-devel \
         device-mapper-devel \
+        diffutils \
         dnsmasq \
         dwarves \
         ebtables \
         firewalld-filesystem \
         fuse-devel \
         gcc \
-        gdb \
         gettext \
-        gettext-devel \
         git \
         glib2-devel \
         glibc-devel \
         glibc-langpack-en \
         glusterfs-api-devel \
         gnutls-devel \
+        grep \
         iproute \
         iproute-tc \
+        iptables \
         iscsi-initiator-utils \
         kmod \
         libacl-devel \
@@ -53,63 +55,46 @@ RUN dnf install -y centos-release-stream && \
         libssh-devel \
         libssh2-devel \
         libtirpc-devel \
-        libtool \
-        libudev-devel \
         libwsman-devel \
         libxml2 \
         libxml2-devel \
         libxslt \
-        lsof \
         lvm2 \
         make \
-        net-tools \
+        meson \
         netcf-devel \
         nfs-utils \
         ninja-build \
         numactl-devel \
         numad \
-        parted \
         parted-devel \
-        patch \
         perl \
-        perl-App-cpanminus \
         pkgconfig \
         polkit \
         python3 \
         python3-docutils \
         python3-flake8 \
-        python3-pip \
-        python3-setuptools \
-        python3-wheel \
         qemu-img \
-        radvd \
         readline-devel \
         rpcgen \
         rpm-build \
         sanlock-devel \
-        screen \
         scrub \
-        strace \
-        sudo \
+        sed \
+        systemd-devel \
         systemtap-sdt-devel \
-        vim \
         wireshark-devel \
-        xfsprogs-devel \
-        xz \
         yajl-devel && \
     dnf autoremove -y && \
     dnf clean all -y && \
+    rpm -qa | sort > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/$(basename /usr/bin/gcc)
-
-RUN pip3 install \
-         meson==0.54.0
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/clang && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/gcc
 
 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

ci/containers/debian-10-cross-aarch64.Dockerfile

@@ -1,47 +1,44 @@
-FROM debian:10
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM docker.io/library/debian:10-slim
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
             augeas-lenses \
             augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
             bash-completion \
             ca-certificates \
             ccache \
-            chrony \
-            clang \
-            cpanminus \
+            codespell \
+            cpp \
+            diffutils \
             dnsmasq-base \
             dwarves \
             ebtables \
             flake8 \
-            gcc \
-            gdb \
             gettext \
             git \
+            grep \
             iproute2 \
+            iptables \
             kmod \
             libc-dev-bin \
-            libtool \
-            libtool-bin \
             libxml2-utils \
             locales \
-            lsof \
             lvm2 \
             make \
-            net-tools \
             nfs-common \
             ninja-build \
             numad \
             open-iscsi \
-            parted \
-            patch \
-            perl \
+            perl-base \
             pkgconf \
             policykit-1 \
             python3 \
@@ -50,40 +47,38 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
             python3-setuptools \
             python3-wheel \
             qemu-utils \
-            radvd \
-            screen \
             scrub \
-            strace \
-            sudo \
-            vim \
-            xsltproc \
-            xz-utils \
-            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            sed \
+            xsltproc && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales && \
-    mkdir -p /usr/libexec/ccache-wrappers && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/aarch64-linux-gnu-cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/aarch64-linux-gnu-$(basename /usr/bin/gcc)
+    dpkg-reconfigure locales
+
+RUN pip3 install \
+         meson==0.56.0
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     dpkg --add-architecture arm64 && \
-    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y dpkg-dev && \
-    apt-get install --no-install-recommends -y \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
             gcc-aarch64-linux-gnu \
             libacl1-dev:arm64 \
             libapparmor-dev:arm64 \
             libattr1-dev:arm64 \
             libaudit-dev:arm64 \
-            libavahi-client-dev:arm64 \
             libblkid-dev:arm64 \
             libc6-dev:arm64 \
             libcap-ng-dev:arm64 \
             libcurl4-gnutls-dev:arm64 \
-            libdbus-1-dev:arm64 \
             libdevmapper-dev:arm64 \
             libfuse-dev:arm64 \
             libglib2.0-dev:arm64 \
@@ -108,9 +103,9 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
             libxen-dev:arm64 \
             libxml2-dev:arm64 \
             libyajl-dev:arm64 \
-            xfslibs-dev:arm64 && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            systemtap-sdt-dev:arm64 && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     mkdir -p /usr/local/share/meson/cross && \
     echo "[binaries]\n\
 c = '/usr/bin/aarch64-linux-gnu-gcc'\n\
@@ -122,19 +117,11 @@ pkgconfig = '/usr/bin/aarch64-linux-gnu-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'aarch64'\n\
 cpu = 'aarch64'\n\
-endian = 'little'" > /usr/local/share/meson/cross/aarch64-linux-gnu
-
-RUN pip3 install \
-         meson==0.54.0
-
-ENV LANG "en_US.UTF-8"
-
-ENV MAKE "/usr/bin/make"
-ENV NINJA "/usr/bin/ninja"
-ENV PYTHON "/usr/bin/python3"
-
-ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+endian = 'little'" > /usr/local/share/meson/cross/aarch64-linux-gnu && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/aarch64-linux-gnu-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/aarch64-linux-gnu-gcc
 
 ENV ABI "aarch64-linux-gnu"
-ENV CONFIGURE_OPTS "--host=aarch64-linux-gnu"
 ENV MESON_OPTS "--cross-file=aarch64-linux-gnu"

ci/containers/debian-10-cross-armv6l.Dockerfile

@@ -1,47 +1,44 @@
-FROM debian:10
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM docker.io/library/debian:10-slim
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
             augeas-lenses \
             augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
             bash-completion \
             ca-certificates \
             ccache \
-            chrony \
-            clang \
-            cpanminus \
+            codespell \
+            cpp \
+            diffutils \
             dnsmasq-base \
             dwarves \
             ebtables \
             flake8 \
-            gcc \
-            gdb \
             gettext \
             git \
+            grep \
             iproute2 \
+            iptables \
             kmod \
             libc-dev-bin \
-            libtool \
-            libtool-bin \
             libxml2-utils \
             locales \
-            lsof \
             lvm2 \
             make \
-            net-tools \
             nfs-common \
             ninja-build \
             numad \
             open-iscsi \
-            parted \
-            patch \
-            perl \
+            perl-base \
             pkgconf \
             policykit-1 \
             python3 \
@@ -50,40 +47,38 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
             python3-setuptools \
             python3-wheel \
             qemu-utils \
-            radvd \
-            screen \
             scrub \
-            strace \
-            sudo \
-            vim \
-            xsltproc \
-            xz-utils \
-            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            sed \
+            xsltproc && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales && \
-    mkdir -p /usr/libexec/ccache-wrappers && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabi-cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabi-$(basename /usr/bin/gcc)
+    dpkg-reconfigure locales
+
+RUN pip3 install \
+         meson==0.56.0
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     dpkg --add-architecture armel && \
-    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y dpkg-dev && \
-    apt-get install --no-install-recommends -y \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
             gcc-arm-linux-gnueabi \
             libacl1-dev:armel \
             libapparmor-dev:armel \
             libattr1-dev:armel \
             libaudit-dev:armel \
-            libavahi-client-dev:armel \
             libblkid-dev:armel \
             libc6-dev:armel \
             libcap-ng-dev:armel \
             libcurl4-gnutls-dev:armel \
-            libdbus-1-dev:armel \
             libdevmapper-dev:armel \
             libfuse-dev:armel \
             libglib2.0-dev:armel \
@@ -107,9 +102,9 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
             libudev-dev:armel \
             libxml2-dev:armel \
             libyajl-dev:armel \
-            xfslibs-dev:armel && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            systemtap-sdt-dev:armel && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     mkdir -p /usr/local/share/meson/cross && \
     echo "[binaries]\n\
 c = '/usr/bin/arm-linux-gnueabi-gcc'\n\
@@ -121,19 +116,11 @@ pkgconfig = '/usr/bin/arm-linux-gnueabi-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'arm'\n\
 cpu = 'arm'\n\
-endian = 'little'" > /usr/local/share/meson/cross/arm-linux-gnueabi
-
-RUN pip3 install \
-         meson==0.54.0
-
-ENV LANG "en_US.UTF-8"
-
-ENV MAKE "/usr/bin/make"
-ENV NINJA "/usr/bin/ninja"
-ENV PYTHON "/usr/bin/python3"
-
-ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+endian = 'little'" > /usr/local/share/meson/cross/arm-linux-gnueabi && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabi-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabi-gcc
 
 ENV ABI "arm-linux-gnueabi"
-ENV CONFIGURE_OPTS "--host=arm-linux-gnueabi"
 ENV MESON_OPTS "--cross-file=arm-linux-gnueabi"

ci/containers/debian-10-cross-armv7l.Dockerfile

@@ -1,47 +1,44 @@
-FROM debian:10
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM docker.io/library/debian:10-slim
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
             augeas-lenses \
             augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
             bash-completion \
             ca-certificates \
             ccache \
-            chrony \
-            clang \
-            cpanminus \
+            codespell \
+            cpp \
+            diffutils \
             dnsmasq-base \
             dwarves \
             ebtables \
             flake8 \
-            gcc \
-            gdb \
             gettext \
             git \
+            grep \
             iproute2 \
+            iptables \
             kmod \
             libc-dev-bin \
-            libtool \
-            libtool-bin \
             libxml2-utils \
             locales \
-            lsof \
             lvm2 \
             make \
-            net-tools \
             nfs-common \
             ninja-build \
             numad \
             open-iscsi \
-            parted \
-            patch \
-            perl \
+            perl-base \
             pkgconf \
             policykit-1 \
             python3 \
@@ -50,40 +47,38 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
             python3-setuptools \
             python3-wheel \
             qemu-utils \
-            radvd \
-            screen \
             scrub \
-            strace \
-            sudo \
-            vim \
-            xsltproc \
-            xz-utils \
-            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            sed \
+            xsltproc && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales && \
-    mkdir -p /usr/libexec/ccache-wrappers && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabihf-cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabihf-$(basename /usr/bin/gcc)
+    dpkg-reconfigure locales
+
+RUN pip3 install \
+         meson==0.56.0
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     dpkg --add-architecture armhf && \
-    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y dpkg-dev && \
-    apt-get install --no-install-recommends -y \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
             gcc-arm-linux-gnueabihf \
             libacl1-dev:armhf \
             libapparmor-dev:armhf \
             libattr1-dev:armhf \
             libaudit-dev:armhf \
-            libavahi-client-dev:armhf \
             libblkid-dev:armhf \
             libc6-dev:armhf \
             libcap-ng-dev:armhf \
             libcurl4-gnutls-dev:armhf \
-            libdbus-1-dev:armhf \
             libdevmapper-dev:armhf \
             libfuse-dev:armhf \
             libglib2.0-dev:armhf \
@@ -108,9 +103,9 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
             libxen-dev:armhf \
             libxml2-dev:armhf \
             libyajl-dev:armhf \
-            xfslibs-dev:armhf && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            systemtap-sdt-dev:armhf && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     mkdir -p /usr/local/share/meson/cross && \
     echo "[binaries]\n\
 c = '/usr/bin/arm-linux-gnueabihf-gcc'\n\
@@ -122,19 +117,11 @@ pkgconfig = '/usr/bin/arm-linux-gnueabihf-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'arm'\n\
 cpu = 'armhf'\n\
-endian = 'little'" > /usr/local/share/meson/cross/arm-linux-gnueabihf
-
-RUN pip3 install \
-         meson==0.54.0
-
-ENV LANG "en_US.UTF-8"
-
-ENV MAKE "/usr/bin/make"
-ENV NINJA "/usr/bin/ninja"
-ENV PYTHON "/usr/bin/python3"
-
-ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+endian = 'little'" > /usr/local/share/meson/cross/arm-linux-gnueabihf && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabihf-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabihf-gcc
 
 ENV ABI "arm-linux-gnueabihf"
-ENV CONFIGURE_OPTS "--host=arm-linux-gnueabihf"
 ENV MESON_OPTS "--cross-file=arm-linux-gnueabihf"

ci/containers/debian-10-cross-i686.Dockerfile

@@ -1,47 +1,44 @@
-FROM debian:10
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM docker.io/library/debian:10-slim
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
             augeas-lenses \
             augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
             bash-completion \
             ca-certificates \
             ccache \
-            chrony \
-            clang \
-            cpanminus \
+            codespell \
+            cpp \
+            diffutils \
             dnsmasq-base \
             dwarves \
             ebtables \
             flake8 \
-            gcc \
-            gdb \
             gettext \
             git \
+            grep \
             iproute2 \
+            iptables \
             kmod \
             libc-dev-bin \
-            libtool \
-            libtool-bin \
             libxml2-utils \
             locales \
-            lsof \
             lvm2 \
             make \
-            net-tools \
             nfs-common \
             ninja-build \
             numad \
             open-iscsi \
-            parted \
-            patch \
-            perl \
+            perl-base \
             pkgconf \
             policykit-1 \
             python3 \
@@ -50,40 +47,38 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
             python3-setuptools \
             python3-wheel \
             qemu-utils \
-            radvd \
-            screen \
             scrub \
-            strace \
-            sudo \
-            vim \
-            xsltproc \
-            xz-utils \
-            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            sed \
+            xsltproc && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales && \
-    mkdir -p /usr/libexec/ccache-wrappers && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-linux-gnu-cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-linux-gnu-$(basename /usr/bin/gcc)
+    dpkg-reconfigure locales
+
+RUN pip3 install \
+         meson==0.56.0
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     dpkg --add-architecture i386 && \
-    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y dpkg-dev && \
-    apt-get install --no-install-recommends -y \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
             gcc-i686-linux-gnu \
             libacl1-dev:i386 \
             libapparmor-dev:i386 \
             libattr1-dev:i386 \
             libaudit-dev:i386 \
-            libavahi-client-dev:i386 \
             libblkid-dev:i386 \
             libc6-dev:i386 \
             libcap-ng-dev:i386 \
             libcurl4-gnutls-dev:i386 \
-            libdbus-1-dev:i386 \
             libdevmapper-dev:i386 \
             libfuse-dev:i386 \
             libglib2.0-dev:i386 \
@@ -107,9 +102,9 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
             libudev-dev:i386 \
             libxml2-dev:i386 \
             libyajl-dev:i386 \
-            xfslibs-dev:i386 && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            systemtap-sdt-dev:i386 && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     mkdir -p /usr/local/share/meson/cross && \
     echo "[binaries]\n\
 c = '/usr/bin/i686-linux-gnu-gcc'\n\
@@ -121,19 +116,11 @@ pkgconfig = '/usr/bin/i686-linux-gnu-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'x86'\n\
 cpu = 'i686'\n\
-endian = 'little'" > /usr/local/share/meson/cross/i686-linux-gnu
-
-RUN pip3 install \
-         meson==0.54.0
-
-ENV LANG "en_US.UTF-8"
-
-ENV MAKE "/usr/bin/make"
-ENV NINJA "/usr/bin/ninja"
-ENV PYTHON "/usr/bin/python3"
-
-ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+endian = 'little'" > /usr/local/share/meson/cross/i686-linux-gnu && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-linux-gnu-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-linux-gnu-gcc
 
 ENV ABI "i686-linux-gnu"
-ENV CONFIGURE_OPTS "--host=i686-linux-gnu"
 ENV MESON_OPTS "--cross-file=i686-linux-gnu"

ci/containers/debian-10-cross-mips.Dockerfile

@@ -1,47 +1,44 @@
-FROM debian:10
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM docker.io/library/debian:10-slim
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
             augeas-lenses \
             augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
             bash-completion \
             ca-certificates \
             ccache \
-            chrony \
-            clang \
-            cpanminus \
+            codespell \
+            cpp \
+            diffutils \
             dnsmasq-base \
             dwarves \
             ebtables \
             flake8 \
-            gcc \
-            gdb \
             gettext \
             git \
+            grep \
             iproute2 \
+            iptables \
             kmod \
             libc-dev-bin \
-            libtool \
-            libtool-bin \
             libxml2-utils \
             locales \
-            lsof \
             lvm2 \
             make \
-            net-tools \
             nfs-common \
             ninja-build \
             numad \
             open-iscsi \
-            parted \
-            patch \
-            perl \
+            perl-base \
             pkgconf \
             policykit-1 \
             python3 \
@@ -50,40 +47,38 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
             python3-setuptools \
             python3-wheel \
             qemu-utils \
-            radvd \
-            screen \
             scrub \
-            strace \
-            sudo \
-            vim \
-            xsltproc \
-            xz-utils \
-            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            sed \
+            xsltproc && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales && \
-    mkdir -p /usr/libexec/ccache-wrappers && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mips-linux-gnu-cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mips-linux-gnu-$(basename /usr/bin/gcc)
+    dpkg-reconfigure locales
+
+RUN pip3 install \
+         meson==0.56.0
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     dpkg --add-architecture mips && \
-    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y dpkg-dev && \
-    apt-get install --no-install-recommends -y \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
             gcc-mips-linux-gnu \
             libacl1-dev:mips \
             libapparmor-dev:mips \
             libattr1-dev:mips \
             libaudit-dev:mips \
-            libavahi-client-dev:mips \
             libblkid-dev:mips \
             libc6-dev:mips \
             libcap-ng-dev:mips \
             libcurl4-gnutls-dev:mips \
-            libdbus-1-dev:mips \
             libdevmapper-dev:mips \
             libfuse-dev:mips \
             libglib2.0-dev:mips \
@@ -107,9 +102,9 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
             libudev-dev:mips \
             libxml2-dev:mips \
             libyajl-dev:mips \
-            xfslibs-dev:mips && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            systemtap-sdt-dev:mips && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     mkdir -p /usr/local/share/meson/cross && \
     echo "[binaries]\n\
 c = '/usr/bin/mips-linux-gnu-gcc'\n\
@@ -121,19 +116,11 @@ pkgconfig = '/usr/bin/mips-linux-gnu-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'mips'\n\
 cpu = 'mips'\n\
-endian = 'little'" > /usr/local/share/meson/cross/mips-linux-gnu
-
-RUN pip3 install \
-         meson==0.54.0
-
-ENV LANG "en_US.UTF-8"
-
-ENV MAKE "/usr/bin/make"
-ENV NINJA "/usr/bin/ninja"
-ENV PYTHON "/usr/bin/python3"
-
-ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+endian = 'big'" > /usr/local/share/meson/cross/mips-linux-gnu && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mips-linux-gnu-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mips-linux-gnu-gcc
 
 ENV ABI "mips-linux-gnu"
-ENV CONFIGURE_OPTS "--host=mips-linux-gnu"
 ENV MESON_OPTS "--cross-file=mips-linux-gnu"

ci/containers/debian-10-cross-mips64el.Dockerfile

@@ -1,47 +1,44 @@
-FROM debian:10
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM docker.io/library/debian:10-slim
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
             augeas-lenses \
             augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
             bash-completion \
             ca-certificates \
             ccache \
-            chrony \
-            clang \
-            cpanminus \
+            codespell \
+            cpp \
+            diffutils \
             dnsmasq-base \
             dwarves \
             ebtables \
             flake8 \
-            gcc \
-            gdb \
             gettext \
             git \
+            grep \
             iproute2 \
+            iptables \
             kmod \
             libc-dev-bin \
-            libtool \
-            libtool-bin \
             libxml2-utils \
             locales \
-            lsof \
             lvm2 \
             make \
-            net-tools \
             nfs-common \
             ninja-build \
             numad \
             open-iscsi \
-            parted \
-            patch \
-            perl \
+            perl-base \
             pkgconf \
             policykit-1 \
             python3 \
@@ -50,40 +47,38 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
             python3-setuptools \
             python3-wheel \
             qemu-utils \
-            radvd \
-            screen \
             scrub \
-            strace \
-            sudo \
-            vim \
-            xsltproc \
-            xz-utils \
-            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            sed \
+            xsltproc && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales && \
-    mkdir -p /usr/libexec/ccache-wrappers && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mips64el-linux-gnuabi64-cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mips64el-linux-gnuabi64-$(basename /usr/bin/gcc)
+    dpkg-reconfigure locales
+
+RUN pip3 install \
+         meson==0.56.0
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     dpkg --add-architecture mips64el && \
-    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y dpkg-dev && \
-    apt-get install --no-install-recommends -y \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
             gcc-mips64el-linux-gnuabi64 \
             libacl1-dev:mips64el \
             libapparmor-dev:mips64el \
             libattr1-dev:mips64el \
             libaudit-dev:mips64el \
-            libavahi-client-dev:mips64el \
             libblkid-dev:mips64el \
             libc6-dev:mips64el \
             libcap-ng-dev:mips64el \
             libcurl4-gnutls-dev:mips64el \
-            libdbus-1-dev:mips64el \
             libdevmapper-dev:mips64el \
             libfuse-dev:mips64el \
             libglib2.0-dev:mips64el \
@@ -107,9 +102,9 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
             libudev-dev:mips64el \
             libxml2-dev:mips64el \
             libyajl-dev:mips64el \
-            xfslibs-dev:mips64el && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            systemtap-sdt-dev:mips64el && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     mkdir -p /usr/local/share/meson/cross && \
     echo "[binaries]\n\
 c = '/usr/bin/mips64el-linux-gnuabi64-gcc'\n\
@@ -121,19 +116,11 @@ pkgconfig = '/usr/bin/mips64el-linux-gnuabi64-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'mips64'\n\
 cpu = 'mips64el'\n\
-endian = 'little'" > /usr/local/share/meson/cross/mips64el-linux-gnuabi64
-
-RUN pip3 install \
-         meson==0.54.0
-
-ENV LANG "en_US.UTF-8"
-
-ENV MAKE "/usr/bin/make"
-ENV NINJA "/usr/bin/ninja"
-ENV PYTHON "/usr/bin/python3"
-
-ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+endian = 'little'" > /usr/local/share/meson/cross/mips64el-linux-gnuabi64 && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mips64el-linux-gnuabi64-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mips64el-linux-gnuabi64-gcc
 
 ENV ABI "mips64el-linux-gnuabi64"
-ENV CONFIGURE_OPTS "--host=mips64el-linux-gnuabi64"
 ENV MESON_OPTS "--cross-file=mips64el-linux-gnuabi64"

ci/containers/debian-10-cross-mipsel.Dockerfile

@@ -1,47 +1,44 @@
-FROM debian:10
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM docker.io/library/debian:10-slim
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
             augeas-lenses \
             augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
             bash-completion \
             ca-certificates \
             ccache \
-            chrony \
-            clang \
-            cpanminus \
+            codespell \
+            cpp \
+            diffutils \
             dnsmasq-base \
             dwarves \
             ebtables \
             flake8 \
-            gcc \
-            gdb \
             gettext \
             git \
+            grep \
             iproute2 \
+            iptables \
             kmod \
             libc-dev-bin \
-            libtool \
-            libtool-bin \
             libxml2-utils \
             locales \
-            lsof \
             lvm2 \
             make \
-            net-tools \
             nfs-common \
             ninja-build \
             numad \
             open-iscsi \
-            parted \
-            patch \
-            perl \
+            perl-base \
             pkgconf \
             policykit-1 \
             python3 \
@@ -50,40 +47,38 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
             python3-setuptools \
             python3-wheel \
             qemu-utils \
-            radvd \
-            screen \
             scrub \
-            strace \
-            sudo \
-            vim \
-            xsltproc \
-            xz-utils \
-            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            sed \
+            xsltproc && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales && \
-    mkdir -p /usr/libexec/ccache-wrappers && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mipsel-linux-gnu-cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mipsel-linux-gnu-$(basename /usr/bin/gcc)
+    dpkg-reconfigure locales
+
+RUN pip3 install \
+         meson==0.56.0
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     dpkg --add-architecture mipsel && \
-    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y dpkg-dev && \
-    apt-get install --no-install-recommends -y \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
             gcc-mipsel-linux-gnu \
             libacl1-dev:mipsel \
             libapparmor-dev:mipsel \
             libattr1-dev:mipsel \
             libaudit-dev:mipsel \
-            libavahi-client-dev:mipsel \
             libblkid-dev:mipsel \
             libc6-dev:mipsel \
             libcap-ng-dev:mipsel \
             libcurl4-gnutls-dev:mipsel \
-            libdbus-1-dev:mipsel \
             libdevmapper-dev:mipsel \
             libfuse-dev:mipsel \
             libglib2.0-dev:mipsel \
@@ -107,9 +102,9 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
             libudev-dev:mipsel \
             libxml2-dev:mipsel \
             libyajl-dev:mipsel \
-            xfslibs-dev:mipsel && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            systemtap-sdt-dev:mipsel && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     mkdir -p /usr/local/share/meson/cross && \
     echo "[binaries]\n\
 c = '/usr/bin/mipsel-linux-gnu-gcc'\n\
@@ -121,19 +116,11 @@ pkgconfig = '/usr/bin/mipsel-linux-gnu-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'mips'\n\
 cpu = 'mipsel'\n\
-endian = 'little'" > /usr/local/share/meson/cross/mipsel-linux-gnu
-
-RUN pip3 install \
-         meson==0.54.0
-
-ENV LANG "en_US.UTF-8"
-
-ENV MAKE "/usr/bin/make"
-ENV NINJA "/usr/bin/ninja"
-ENV PYTHON "/usr/bin/python3"
-
-ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+endian = 'little'" > /usr/local/share/meson/cross/mipsel-linux-gnu && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mipsel-linux-gnu-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mipsel-linux-gnu-gcc
 
 ENV ABI "mipsel-linux-gnu"
-ENV CONFIGURE_OPTS "--host=mipsel-linux-gnu"
 ENV MESON_OPTS "--cross-file=mipsel-linux-gnu"

ci/containers/debian-10-cross-ppc64le.Dockerfile

@@ -1,47 +1,44 @@
-FROM debian:10
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM docker.io/library/debian:10-slim
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
             augeas-lenses \
             augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
             bash-completion \
             ca-certificates \
             ccache \
-            chrony \
-            clang \
-            cpanminus \
+            codespell \
+            cpp \
+            diffutils \
             dnsmasq-base \
             dwarves \
             ebtables \
             flake8 \
-            gcc \
-            gdb \
             gettext \
             git \
+            grep \
             iproute2 \
+            iptables \
             kmod \
             libc-dev-bin \
-            libtool \
-            libtool-bin \
             libxml2-utils \
             locales \
-            lsof \
             lvm2 \
             make \
-            net-tools \
             nfs-common \
             ninja-build \
             numad \
             open-iscsi \
-            parted \
-            patch \
-            perl \
+            perl-base \
             pkgconf \
             policykit-1 \
             python3 \
@@ -50,40 +47,38 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
             python3-setuptools \
             python3-wheel \
             qemu-utils \
-            radvd \
-            screen \
             scrub \
-            strace \
-            sudo \
-            vim \
-            xsltproc \
-            xz-utils \
-            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            sed \
+            xsltproc && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales && \
-    mkdir -p /usr/libexec/ccache-wrappers && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/powerpc64le-linux-gnu-cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/powerpc64le-linux-gnu-$(basename /usr/bin/gcc)
+    dpkg-reconfigure locales
+
+RUN pip3 install \
+         meson==0.56.0
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     dpkg --add-architecture ppc64el && \
-    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y dpkg-dev && \
-    apt-get install --no-install-recommends -y \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
             gcc-powerpc64le-linux-gnu \
             libacl1-dev:ppc64el \
             libapparmor-dev:ppc64el \
             libattr1-dev:ppc64el \
             libaudit-dev:ppc64el \
-            libavahi-client-dev:ppc64el \
             libblkid-dev:ppc64el \
             libc6-dev:ppc64el \
             libcap-ng-dev:ppc64el \
             libcurl4-gnutls-dev:ppc64el \
-            libdbus-1-dev:ppc64el \
             libdevmapper-dev:ppc64el \
             libfuse-dev:ppc64el \
             libglib2.0-dev:ppc64el \
@@ -107,9 +102,9 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
             libudev-dev:ppc64el \
             libxml2-dev:ppc64el \
             libyajl-dev:ppc64el \
-            xfslibs-dev:ppc64el && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            systemtap-sdt-dev:ppc64el && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     mkdir -p /usr/local/share/meson/cross && \
     echo "[binaries]\n\
 c = '/usr/bin/powerpc64le-linux-gnu-gcc'\n\
@@ -121,19 +116,11 @@ pkgconfig = '/usr/bin/powerpc64le-linux-gnu-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'ppc64'\n\
 cpu = 'powerpc64le'\n\
-endian = 'little'" > /usr/local/share/meson/cross/powerpc64le-linux-gnu
-
-RUN pip3 install \
-         meson==0.54.0
-
-ENV LANG "en_US.UTF-8"
-
-ENV MAKE "/usr/bin/make"
-ENV NINJA "/usr/bin/ninja"
-ENV PYTHON "/usr/bin/python3"
-
-ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+endian = 'little'" > /usr/local/share/meson/cross/powerpc64le-linux-gnu && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/powerpc64le-linux-gnu-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/powerpc64le-linux-gnu-gcc
 
 ENV ABI "powerpc64le-linux-gnu"
-ENV CONFIGURE_OPTS "--host=powerpc64le-linux-gnu"
 ENV MESON_OPTS "--cross-file=powerpc64le-linux-gnu"

ci/containers/debian-10-cross-s390x.Dockerfile

@@ -1,47 +1,44 @@
-FROM debian:10
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM docker.io/library/debian:10-slim
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
             augeas-lenses \
             augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
             bash-completion \
             ca-certificates \
             ccache \
-            chrony \
-            clang \
-            cpanminus \
+            codespell \
+            cpp \
+            diffutils \
             dnsmasq-base \
             dwarves \
             ebtables \
             flake8 \
-            gcc \
-            gdb \
             gettext \
             git \
+            grep \
             iproute2 \
+            iptables \
             kmod \
             libc-dev-bin \
-            libtool \
-            libtool-bin \
             libxml2-utils \
             locales \
-            lsof \
             lvm2 \
             make \
-            net-tools \
             nfs-common \
             ninja-build \
             numad \
             open-iscsi \
-            parted \
-            patch \
-            perl \
+            perl-base \
             pkgconf \
             policykit-1 \
             python3 \
@@ -50,40 +47,38 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
             python3-setuptools \
             python3-wheel \
             qemu-utils \
-            radvd \
-            screen \
             scrub \
-            strace \
-            sudo \
-            vim \
-            xsltproc \
-            xz-utils \
-            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            sed \
+            xsltproc && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales && \
-    mkdir -p /usr/libexec/ccache-wrappers && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/s390x-linux-gnu-cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/s390x-linux-gnu-$(basename /usr/bin/gcc)
+    dpkg-reconfigure locales
+
+RUN pip3 install \
+         meson==0.56.0
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     dpkg --add-architecture s390x && \
-    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y dpkg-dev && \
-    apt-get install --no-install-recommends -y \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
             gcc-s390x-linux-gnu \
             libacl1-dev:s390x \
             libapparmor-dev:s390x \
             libattr1-dev:s390x \
             libaudit-dev:s390x \
-            libavahi-client-dev:s390x \
             libblkid-dev:s390x \
             libc6-dev:s390x \
             libcap-ng-dev:s390x \
             libcurl4-gnutls-dev:s390x \
-            libdbus-1-dev:s390x \
             libdevmapper-dev:s390x \
             libfuse-dev:s390x \
             libglib2.0-dev:s390x \
@@ -107,9 +102,9 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
             libudev-dev:s390x \
             libxml2-dev:s390x \
             libyajl-dev:s390x \
-            xfslibs-dev:s390x && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            systemtap-sdt-dev:s390x && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     mkdir -p /usr/local/share/meson/cross && \
     echo "[binaries]\n\
 c = '/usr/bin/s390x-linux-gnu-gcc'\n\
@@ -121,19 +116,11 @@ pkgconfig = '/usr/bin/s390x-linux-gnu-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 's390x'\n\
 cpu = 's390x'\n\
-endian = 'little'" > /usr/local/share/meson/cross/s390x-linux-gnu
-
-RUN pip3 install \
-         meson==0.54.0
-
-ENV LANG "en_US.UTF-8"
-
-ENV MAKE "/usr/bin/make"
-ENV NINJA "/usr/bin/ninja"
-ENV PYTHON "/usr/bin/python3"
-
-ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+endian = 'big'" > /usr/local/share/meson/cross/s390x-linux-gnu && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/s390x-linux-gnu-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/s390x-linux-gnu-gcc
 
 ENV ABI "s390x-linux-gnu"
-ENV CONFIGURE_OPTS "--host=s390x-linux-gnu"
 ENV MESON_OPTS "--cross-file=s390x-linux-gnu"

ci/containers/debian-10.Dockerfile

@@ -1,42 +1,45 @@
-FROM debian:10
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM docker.io/library/debian:10-slim
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
             augeas-lenses \
             augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
             bash-completion \
             ca-certificates \
             ccache \
-            chrony \
             clang \
-            cpanminus \
+            codespell \
+            cpp \
+            diffutils \
             dnsmasq-base \
             dwarves \
             ebtables \
             flake8 \
             gcc \
-            gdb \
             gettext \
             git \
+            grep \
             iproute2 \
+            iptables \
             kmod \
             libacl1-dev \
             libapparmor-dev \
             libattr1-dev \
             libaudit-dev \
-            libavahi-client-dev \
             libblkid-dev \
             libc-dev-bin \
             libc6-dev \
             libcap-ng-dev \
             libcurl4-gnutls-dev \
-            libdbus-1-dev \
             libdevmapper-dev \
             libfuse-dev \
             libglib2.0-dev \
@@ -58,25 +61,19 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
             libssh-gcrypt-dev \
             libssh2-1-dev \
             libtirpc-dev \
-            libtool \
-            libtool-bin \
             libudev-dev \
             libxen-dev \
             libxml2-dev \
             libxml2-utils \
             libyajl-dev \
             locales \
-            lsof \
             lvm2 \
             make \
-            net-tools \
             nfs-common \
             ninja-build \
             numad \
             open-iscsi \
-            parted \
-            patch \
-            perl \
+            perl-base \
             pkgconf \
             policykit-1 \
             python3 \
@@ -85,33 +82,26 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
             python3-setuptools \
             python3-wheel \
             qemu-utils \
-            radvd \
-            screen \
             scrub \
-            strace \
-            sudo \
+            sed \
             systemtap-sdt-dev \
-            vim \
             wireshark-dev \
-            xfslibs-dev \
-            xsltproc \
-            xz-utils \
-            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            xsltproc && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
     dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/$(basename /usr/bin/gcc)
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/clang && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/gcc
 
 RUN pip3 install \
-         meson==0.54.0
+         meson==0.56.0
 
 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

ci/containers/debian-11-cross-aarch64.Dockerfile

@@ -1,90 +1,79 @@
-FROM debian:sid
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM docker.io/library/debian:11-slim
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
             augeas-lenses \
             augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
             bash-completion \
             ca-certificates \
             ccache \
-            chrony \
-            clang \
-            cpanminus \
+            codespell \
+            cpp \
+            diffutils \
             dnsmasq-base \
             dwarves \
             ebtables \
             flake8 \
-            gcc \
-            gdb \
             gettext \
             git \
+            grep \
             iproute2 \
+            iptables \
             kmod \
             libc-dev-bin \
-            libtool \
-            libtool-bin \
             libxml2-utils \
             locales \
-            lsof \
             lvm2 \
             make \
             meson \
-            net-tools \
             nfs-common \
             ninja-build \
             numad \
             open-iscsi \
-            parted \
-            patch \
-            perl \
+            perl-base \
             pkgconf \
             policykit-1 \
             python3 \
             python3-docutils \
-            python3-pip \
-            python3-setuptools \
-            python3-wheel \
             qemu-utils \
-            radvd \
-            screen \
             scrub \
-            strace \
-            sudo \
-            vim \
-            xsltproc \
-            xz-utils \
-            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            sed \
+            xsltproc && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales && \
-    mkdir -p /usr/libexec/ccache-wrappers && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/aarch64-linux-gnu-cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/aarch64-linux-gnu-$(basename /usr/bin/gcc)
+    dpkg-reconfigure locales
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     dpkg --add-architecture arm64 && \
-    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y dpkg-dev && \
-    apt-get install --no-install-recommends -y \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
             gcc-aarch64-linux-gnu \
             libacl1-dev:arm64 \
             libapparmor-dev:arm64 \
             libattr1-dev:arm64 \
             libaudit-dev:arm64 \
-            libavahi-client-dev:arm64 \
             libblkid-dev:arm64 \
             libc6-dev:arm64 \
             libcap-ng-dev:arm64 \
             libcurl4-gnutls-dev:arm64 \
-            libdbus-1-dev:arm64 \
             libdevmapper-dev:arm64 \
             libfuse-dev:arm64 \
             libglib2.0-dev:arm64 \
@@ -109,9 +98,9 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
             libxen-dev:arm64 \
             libxml2-dev:arm64 \
             libyajl-dev:arm64 \
-            xfslibs-dev:arm64 && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            systemtap-sdt-dev:arm64 && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     mkdir -p /usr/local/share/meson/cross && \
     echo "[binaries]\n\
 c = '/usr/bin/aarch64-linux-gnu-gcc'\n\
@@ -123,16 +112,11 @@ pkgconfig = '/usr/bin/aarch64-linux-gnu-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'aarch64'\n\
 cpu = 'aarch64'\n\
-endian = 'little'" > /usr/local/share/meson/cross/aarch64-linux-gnu
-
-ENV LANG "en_US.UTF-8"
-
-ENV MAKE "/usr/bin/make"
-ENV NINJA "/usr/bin/ninja"
-ENV PYTHON "/usr/bin/python3"
-
-ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+endian = 'little'" > /usr/local/share/meson/cross/aarch64-linux-gnu && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/aarch64-linux-gnu-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/aarch64-linux-gnu-gcc
 
 ENV ABI "aarch64-linux-gnu"
-ENV CONFIGURE_OPTS "--host=aarch64-linux-gnu"
 ENV MESON_OPTS "--cross-file=aarch64-linux-gnu"

ci/containers/debian-11-cross-armv6l.Dockerfile

@@ -1,90 +1,79 @@
-FROM debian:sid
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM docker.io/library/debian:11-slim
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
             augeas-lenses \
             augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
             bash-completion \
             ca-certificates \
             ccache \
-            chrony \
-            clang \
-            cpanminus \
+            codespell \
+            cpp \
+            diffutils \
             dnsmasq-base \
             dwarves \
             ebtables \
             flake8 \
-            gcc \
-            gdb \
             gettext \
             git \
+            grep \
             iproute2 \
+            iptables \
             kmod \
             libc-dev-bin \
-            libtool \
-            libtool-bin \
             libxml2-utils \
             locales \
-            lsof \
             lvm2 \
             make \
             meson \
-            net-tools \
             nfs-common \
             ninja-build \
             numad \
             open-iscsi \
-            parted \
-            patch \
-            perl \
+            perl-base \
             pkgconf \
             policykit-1 \
             python3 \
             python3-docutils \
-            python3-pip \
-            python3-setuptools \
-            python3-wheel \
             qemu-utils \
-            radvd \
-            screen \
             scrub \
-            strace \
-            sudo \
-            vim \
-            xsltproc \
-            xz-utils \
-            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            sed \
+            xsltproc && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales && \
-    mkdir -p /usr/libexec/ccache-wrappers && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabi-cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabi-$(basename /usr/bin/gcc)
+    dpkg-reconfigure locales
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     dpkg --add-architecture armel && \
-    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y dpkg-dev && \
-    apt-get install --no-install-recommends -y \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
             gcc-arm-linux-gnueabi \
             libacl1-dev:armel \
             libapparmor-dev:armel \
             libattr1-dev:armel \
             libaudit-dev:armel \
-            libavahi-client-dev:armel \
             libblkid-dev:armel \
             libc6-dev:armel \
             libcap-ng-dev:armel \
             libcurl4-gnutls-dev:armel \
-            libdbus-1-dev:armel \
             libdevmapper-dev:armel \
             libfuse-dev:armel \
             libglib2.0-dev:armel \
@@ -108,9 +97,9 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
             libudev-dev:armel \
             libxml2-dev:armel \
             libyajl-dev:armel \
-            xfslibs-dev:armel && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            systemtap-sdt-dev:armel && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     mkdir -p /usr/local/share/meson/cross && \
     echo "[binaries]\n\
 c = '/usr/bin/arm-linux-gnueabi-gcc'\n\
@@ -122,16 +111,11 @@ pkgconfig = '/usr/bin/arm-linux-gnueabi-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'arm'\n\
 cpu = 'arm'\n\
-endian = 'little'" > /usr/local/share/meson/cross/arm-linux-gnueabi
-
-ENV LANG "en_US.UTF-8"
-
-ENV MAKE "/usr/bin/make"
-ENV NINJA "/usr/bin/ninja"
-ENV PYTHON "/usr/bin/python3"
-
-ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+endian = 'little'" > /usr/local/share/meson/cross/arm-linux-gnueabi && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabi-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabi-gcc
 
 ENV ABI "arm-linux-gnueabi"
-ENV CONFIGURE_OPTS "--host=arm-linux-gnueabi"
 ENV MESON_OPTS "--cross-file=arm-linux-gnueabi"

ci/containers/debian-11-cross-armv7l.Dockerfile

@@ -1,90 +1,79 @@
-FROM debian:sid
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM docker.io/library/debian:11-slim
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
             augeas-lenses \
             augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
             bash-completion \
             ca-certificates \
             ccache \
-            chrony \
-            clang \
-            cpanminus \
+            codespell \
+            cpp \
+            diffutils \
             dnsmasq-base \
             dwarves \
             ebtables \
             flake8 \
-            gcc \
-            gdb \
             gettext \
             git \
+            grep \
             iproute2 \
+            iptables \
             kmod \
             libc-dev-bin \
-            libtool \
-            libtool-bin \
             libxml2-utils \
             locales \
-            lsof \
             lvm2 \
             make \
             meson \
-            net-tools \
             nfs-common \
             ninja-build \
             numad \
             open-iscsi \
-            parted \
-            patch \
-            perl \
+            perl-base \
             pkgconf \
             policykit-1 \
             python3 \
             python3-docutils \
-            python3-pip \
-            python3-setuptools \
-            python3-wheel \
             qemu-utils \
-            radvd \
-            screen \
             scrub \
-            strace \
-            sudo \
-            vim \
-            xsltproc \
-            xz-utils \
-            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            sed \
+            xsltproc && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales && \
-    mkdir -p /usr/libexec/ccache-wrappers && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabihf-cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabihf-$(basename /usr/bin/gcc)
+    dpkg-reconfigure locales
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     dpkg --add-architecture armhf && \
-    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y dpkg-dev && \
-    apt-get install --no-install-recommends -y \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
             gcc-arm-linux-gnueabihf \
             libacl1-dev:armhf \
             libapparmor-dev:armhf \
             libattr1-dev:armhf \
             libaudit-dev:armhf \
-            libavahi-client-dev:armhf \
             libblkid-dev:armhf \
             libc6-dev:armhf \
             libcap-ng-dev:armhf \
             libcurl4-gnutls-dev:armhf \
-            libdbus-1-dev:armhf \
             libdevmapper-dev:armhf \
             libfuse-dev:armhf \
             libglib2.0-dev:armhf \
@@ -109,9 +98,9 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
             libxen-dev:armhf \
             libxml2-dev:armhf \
             libyajl-dev:armhf \
-            xfslibs-dev:armhf && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            systemtap-sdt-dev:armhf && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     mkdir -p /usr/local/share/meson/cross && \
     echo "[binaries]\n\
 c = '/usr/bin/arm-linux-gnueabihf-gcc'\n\
@@ -123,16 +112,11 @@ pkgconfig = '/usr/bin/arm-linux-gnueabihf-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'arm'\n\
 cpu = 'armhf'\n\
-endian = 'little'" > /usr/local/share/meson/cross/arm-linux-gnueabihf
-
-ENV LANG "en_US.UTF-8"
-
-ENV MAKE "/usr/bin/make"
-ENV NINJA "/usr/bin/ninja"
-ENV PYTHON "/usr/bin/python3"
-
-ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+endian = 'little'" > /usr/local/share/meson/cross/arm-linux-gnueabihf && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabihf-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabihf-gcc
 
 ENV ABI "arm-linux-gnueabihf"
-ENV CONFIGURE_OPTS "--host=arm-linux-gnueabihf"
 ENV MESON_OPTS "--cross-file=arm-linux-gnueabihf"

ci/containers/debian-11-cross-i686.Dockerfile

@@ -1,90 +1,79 @@
-FROM debian:sid
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM docker.io/library/debian:11-slim
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
             augeas-lenses \
             augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
             bash-completion \
             ca-certificates \
             ccache \
-            chrony \
-            clang \
-            cpanminus \
+            codespell \
+            cpp \
+            diffutils \
             dnsmasq-base \
             dwarves \
             ebtables \
             flake8 \
-            gcc \
-            gdb \
             gettext \
             git \
+            grep \
             iproute2 \
+            iptables \
             kmod \
             libc-dev-bin \
-            libtool \
-            libtool-bin \
             libxml2-utils \
             locales \
-            lsof \
             lvm2 \
             make \
             meson \
-            net-tools \
             nfs-common \
             ninja-build \
             numad \
             open-iscsi \
-            parted \
-            patch \
-            perl \
+            perl-base \
             pkgconf \
             policykit-1 \
             python3 \
             python3-docutils \
-            python3-pip \
-            python3-setuptools \
-            python3-wheel \
             qemu-utils \
-            radvd \
-            screen \
             scrub \
-            strace \
-            sudo \
-            vim \
-            xsltproc \
-            xz-utils \
-            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            sed \
+            xsltproc && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales && \
-    mkdir -p /usr/libexec/ccache-wrappers && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-linux-gnu-cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-linux-gnu-$(basename /usr/bin/gcc)
+    dpkg-reconfigure locales
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     dpkg --add-architecture i386 && \
-    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y dpkg-dev && \
-    apt-get install --no-install-recommends -y \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
             gcc-i686-linux-gnu \
             libacl1-dev:i386 \
             libapparmor-dev:i386 \
             libattr1-dev:i386 \
             libaudit-dev:i386 \
-            libavahi-client-dev:i386 \
             libblkid-dev:i386 \
             libc6-dev:i386 \
             libcap-ng-dev:i386 \
             libcurl4-gnutls-dev:i386 \
-            libdbus-1-dev:i386 \
             libdevmapper-dev:i386 \
             libfuse-dev:i386 \
             libglib2.0-dev:i386 \
@@ -108,9 +97,9 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
             libudev-dev:i386 \
             libxml2-dev:i386 \
             libyajl-dev:i386 \
-            xfslibs-dev:i386 && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            systemtap-sdt-dev:i386 && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     mkdir -p /usr/local/share/meson/cross && \
     echo "[binaries]\n\
 c = '/usr/bin/i686-linux-gnu-gcc'\n\
@@ -122,16 +111,11 @@ pkgconfig = '/usr/bin/i686-linux-gnu-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'x86'\n\
 cpu = 'i686'\n\
-endian = 'little'" > /usr/local/share/meson/cross/i686-linux-gnu
-
-ENV LANG "en_US.UTF-8"
-
-ENV MAKE "/usr/bin/make"
-ENV NINJA "/usr/bin/ninja"
-ENV PYTHON "/usr/bin/python3"
-
-ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+endian = 'little'" > /usr/local/share/meson/cross/i686-linux-gnu && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-linux-gnu-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-linux-gnu-gcc
 
 ENV ABI "i686-linux-gnu"
-ENV CONFIGURE_OPTS "--host=i686-linux-gnu"
 ENV MESON_OPTS "--cross-file=i686-linux-gnu"

ci/containers/debian-11-cross-mips64el.Dockerfile

@@ -1,90 +1,79 @@
-FROM debian:sid
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM docker.io/library/debian:11-slim
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
             augeas-lenses \
             augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
             bash-completion \
             ca-certificates \
             ccache \
-            chrony \
-            clang \
-            cpanminus \
+            codespell \
+            cpp \
+            diffutils \
             dnsmasq-base \
             dwarves \
             ebtables \
             flake8 \
-            gcc \
-            gdb \
             gettext \
             git \
+            grep \
             iproute2 \
+            iptables \
             kmod \
             libc-dev-bin \
-            libtool \
-            libtool-bin \
             libxml2-utils \
             locales \
-            lsof \
             lvm2 \
             make \
             meson \
-            net-tools \
             nfs-common \
             ninja-build \
             numad \
             open-iscsi \
-            parted \
-            patch \
-            perl \
+            perl-base \
             pkgconf \
             policykit-1 \
             python3 \
             python3-docutils \
-            python3-pip \
-            python3-setuptools \
-            python3-wheel \
             qemu-utils \
-            radvd \
-            screen \
             scrub \
-            strace \
-            sudo \
-            vim \
-            xsltproc \
-            xz-utils \
-            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            sed \
+            xsltproc && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales && \
-    mkdir -p /usr/libexec/ccache-wrappers && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mips64el-linux-gnuabi64-cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mips64el-linux-gnuabi64-$(basename /usr/bin/gcc)
+    dpkg-reconfigure locales
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     dpkg --add-architecture mips64el && \
-    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y dpkg-dev && \
-    apt-get install --no-install-recommends -y \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
             gcc-mips64el-linux-gnuabi64 \
             libacl1-dev:mips64el \
             libapparmor-dev:mips64el \
             libattr1-dev:mips64el \
             libaudit-dev:mips64el \
-            libavahi-client-dev:mips64el \
             libblkid-dev:mips64el \
             libc6-dev:mips64el \
             libcap-ng-dev:mips64el \
             libcurl4-gnutls-dev:mips64el \
-            libdbus-1-dev:mips64el \
             libdevmapper-dev:mips64el \
             libfuse-dev:mips64el \
             libglib2.0-dev:mips64el \
@@ -108,9 +97,9 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
             libudev-dev:mips64el \
             libxml2-dev:mips64el \
             libyajl-dev:mips64el \
-            xfslibs-dev:mips64el && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            systemtap-sdt-dev:mips64el && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     mkdir -p /usr/local/share/meson/cross && \
     echo "[binaries]\n\
 c = '/usr/bin/mips64el-linux-gnuabi64-gcc'\n\
@@ -122,16 +111,11 @@ pkgconfig = '/usr/bin/mips64el-linux-gnuabi64-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'mips64'\n\
 cpu = 'mips64el'\n\
-endian = 'little'" > /usr/local/share/meson/cross/mips64el-linux-gnuabi64
-
-ENV LANG "en_US.UTF-8"
-
-ENV MAKE "/usr/bin/make"
-ENV NINJA "/usr/bin/ninja"
-ENV PYTHON "/usr/bin/python3"
-
-ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+endian = 'little'" > /usr/local/share/meson/cross/mips64el-linux-gnuabi64 && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mips64el-linux-gnuabi64-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mips64el-linux-gnuabi64-gcc
 
 ENV ABI "mips64el-linux-gnuabi64"
-ENV CONFIGURE_OPTS "--host=mips64el-linux-gnuabi64"
 ENV MESON_OPTS "--cross-file=mips64el-linux-gnuabi64"

ci/containers/debian-11-cross-mipsel.Dockerfile

@@ -1,90 +1,79 @@
-FROM debian:sid
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM docker.io/library/debian:11-slim
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
             augeas-lenses \
             augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
             bash-completion \
             ca-certificates \
             ccache \
-            chrony \
-            clang \
-            cpanminus \
+            codespell \
+            cpp \
+            diffutils \
             dnsmasq-base \
             dwarves \
             ebtables \
             flake8 \
-            gcc \
-            gdb \
             gettext \
             git \
+            grep \
             iproute2 \
+            iptables \
             kmod \
             libc-dev-bin \
-            libtool \
-            libtool-bin \
             libxml2-utils \
             locales \
-            lsof \
             lvm2 \
             make \
             meson \
-            net-tools \
             nfs-common \
             ninja-build \
             numad \
             open-iscsi \
-            parted \
-            patch \
-            perl \
+            perl-base \
             pkgconf \
             policykit-1 \
             python3 \
             python3-docutils \
-            python3-pip \
-            python3-setuptools \
-            python3-wheel \
             qemu-utils \
-            radvd \
-            screen \
             scrub \
-            strace \
-            sudo \
-            vim \
-            xsltproc \
-            xz-utils \
-            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            sed \
+            xsltproc && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales && \
-    mkdir -p /usr/libexec/ccache-wrappers && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mipsel-linux-gnu-cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mipsel-linux-gnu-$(basename /usr/bin/gcc)
+    dpkg-reconfigure locales
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     dpkg --add-architecture mipsel && \
-    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y dpkg-dev && \
-    apt-get install --no-install-recommends -y \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
             gcc-mipsel-linux-gnu \
             libacl1-dev:mipsel \
             libapparmor-dev:mipsel \
             libattr1-dev:mipsel \
             libaudit-dev:mipsel \
-            libavahi-client-dev:mipsel \
             libblkid-dev:mipsel \
             libc6-dev:mipsel \
             libcap-ng-dev:mipsel \
             libcurl4-gnutls-dev:mipsel \
-            libdbus-1-dev:mipsel \
             libdevmapper-dev:mipsel \
             libfuse-dev:mipsel \
             libglib2.0-dev:mipsel \
@@ -108,9 +97,9 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
             libudev-dev:mipsel \
             libxml2-dev:mipsel \
             libyajl-dev:mipsel \
-            xfslibs-dev:mipsel && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            systemtap-sdt-dev:mipsel && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     mkdir -p /usr/local/share/meson/cross && \
     echo "[binaries]\n\
 c = '/usr/bin/mipsel-linux-gnu-gcc'\n\
@@ -122,16 +111,11 @@ pkgconfig = '/usr/bin/mipsel-linux-gnu-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'mips'\n\
 cpu = 'mipsel'\n\
-endian = 'little'" > /usr/local/share/meson/cross/mipsel-linux-gnu
-
-ENV LANG "en_US.UTF-8"
-
-ENV MAKE "/usr/bin/make"
-ENV NINJA "/usr/bin/ninja"
-ENV PYTHON "/usr/bin/python3"
-
-ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+endian = 'little'" > /usr/local/share/meson/cross/mipsel-linux-gnu && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mipsel-linux-gnu-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mipsel-linux-gnu-gcc
 
 ENV ABI "mipsel-linux-gnu"
-ENV CONFIGURE_OPTS "--host=mipsel-linux-gnu"
 ENV MESON_OPTS "--cross-file=mipsel-linux-gnu"

ci/containers/debian-11-cross-ppc64le.Dockerfile

@@ -1,90 +1,79 @@
-FROM debian:sid
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM docker.io/library/debian:11-slim
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
             augeas-lenses \
             augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
             bash-completion \
             ca-certificates \
             ccache \
-            chrony \
-            clang \
-            cpanminus \
+            codespell \
+            cpp \
+            diffutils \
             dnsmasq-base \
             dwarves \
             ebtables \
             flake8 \
-            gcc \
-            gdb \
             gettext \
             git \
+            grep \
             iproute2 \
+            iptables \
             kmod \
             libc-dev-bin \
-            libtool \
-            libtool-bin \
             libxml2-utils \
             locales \
-            lsof \
             lvm2 \
             make \
             meson \
-            net-tools \
             nfs-common \
             ninja-build \
             numad \
             open-iscsi \
-            parted \
-            patch \
-            perl \
+            perl-base \
             pkgconf \
             policykit-1 \
             python3 \
             python3-docutils \
-            python3-pip \
-            python3-setuptools \
-            python3-wheel \
             qemu-utils \
-            radvd \
-            screen \
             scrub \
-            strace \
-            sudo \
-            vim \
-            xsltproc \
-            xz-utils \
-            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            sed \
+            xsltproc && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales && \
-    mkdir -p /usr/libexec/ccache-wrappers && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/powerpc64le-linux-gnu-cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/powerpc64le-linux-gnu-$(basename /usr/bin/gcc)
+    dpkg-reconfigure locales
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     dpkg --add-architecture ppc64el && \
-    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y dpkg-dev && \
-    apt-get install --no-install-recommends -y \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
             gcc-powerpc64le-linux-gnu \
             libacl1-dev:ppc64el \
             libapparmor-dev:ppc64el \
             libattr1-dev:ppc64el \
             libaudit-dev:ppc64el \
-            libavahi-client-dev:ppc64el \
             libblkid-dev:ppc64el \
             libc6-dev:ppc64el \
             libcap-ng-dev:ppc64el \
             libcurl4-gnutls-dev:ppc64el \
-            libdbus-1-dev:ppc64el \
             libdevmapper-dev:ppc64el \
             libfuse-dev:ppc64el \
             libglib2.0-dev:ppc64el \
@@ -108,9 +97,9 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
             libudev-dev:ppc64el \
             libxml2-dev:ppc64el \
             libyajl-dev:ppc64el \
-            xfslibs-dev:ppc64el && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            systemtap-sdt-dev:ppc64el && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     mkdir -p /usr/local/share/meson/cross && \
     echo "[binaries]\n\
 c = '/usr/bin/powerpc64le-linux-gnu-gcc'\n\
@@ -122,16 +111,11 @@ pkgconfig = '/usr/bin/powerpc64le-linux-gnu-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 'ppc64'\n\
 cpu = 'powerpc64le'\n\
-endian = 'little'" > /usr/local/share/meson/cross/powerpc64le-linux-gnu
-
-ENV LANG "en_US.UTF-8"
-
-ENV MAKE "/usr/bin/make"
-ENV NINJA "/usr/bin/ninja"
-ENV PYTHON "/usr/bin/python3"
-
-ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+endian = 'little'" > /usr/local/share/meson/cross/powerpc64le-linux-gnu && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/powerpc64le-linux-gnu-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/powerpc64le-linux-gnu-gcc
 
 ENV ABI "powerpc64le-linux-gnu"
-ENV CONFIGURE_OPTS "--host=powerpc64le-linux-gnu"
 ENV MESON_OPTS "--cross-file=powerpc64le-linux-gnu"

ci/containers/debian-11-cross-s390x.Dockerfile

@@ -1,90 +1,79 @@
-FROM debian:sid
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM docker.io/library/debian:11-slim
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
             augeas-lenses \
             augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
             bash-completion \
             ca-certificates \
             ccache \
-            chrony \
-            clang \
-            cpanminus \
+            codespell \
+            cpp \
+            diffutils \
             dnsmasq-base \
             dwarves \
             ebtables \
             flake8 \
-            gcc \
-            gdb \
             gettext \
             git \
+            grep \
             iproute2 \
+            iptables \
             kmod \
             libc-dev-bin \
-            libtool \
-            libtool-bin \
             libxml2-utils \
             locales \
-            lsof \
             lvm2 \
             make \
             meson \
-            net-tools \
             nfs-common \
             ninja-build \
             numad \
             open-iscsi \
-            parted \
-            patch \
-            perl \
+            perl-base \
             pkgconf \
             policykit-1 \
             python3 \
             python3-docutils \
-            python3-pip \
-            python3-setuptools \
-            python3-wheel \
             qemu-utils \
-            radvd \
-            screen \
             scrub \
-            strace \
-            sudo \
-            vim \
-            xsltproc \
-            xz-utils \
-            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            sed \
+            xsltproc && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
-    dpkg-reconfigure locales && \
-    mkdir -p /usr/libexec/ccache-wrappers && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/s390x-linux-gnu-cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/s390x-linux-gnu-$(basename /usr/bin/gcc)
+    dpkg-reconfigure locales
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     dpkg --add-architecture s390x && \
-    apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y dpkg-dev && \
-    apt-get install --no-install-recommends -y \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
             gcc-s390x-linux-gnu \
             libacl1-dev:s390x \
             libapparmor-dev:s390x \
             libattr1-dev:s390x \
             libaudit-dev:s390x \
-            libavahi-client-dev:s390x \
             libblkid-dev:s390x \
             libc6-dev:s390x \
             libcap-ng-dev:s390x \
             libcurl4-gnutls-dev:s390x \
-            libdbus-1-dev:s390x \
             libdevmapper-dev:s390x \
             libfuse-dev:s390x \
             libglib2.0-dev:s390x \
@@ -108,9 +97,9 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
             libudev-dev:s390x \
             libxml2-dev:s390x \
             libyajl-dev:s390x \
-            xfslibs-dev:s390x && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            systemtap-sdt-dev:s390x && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     mkdir -p /usr/local/share/meson/cross && \
     echo "[binaries]\n\
 c = '/usr/bin/s390x-linux-gnu-gcc'\n\
@@ -122,16 +111,11 @@ pkgconfig = '/usr/bin/s390x-linux-gnu-pkg-config'\n\
 system = 'linux'\n\
 cpu_family = 's390x'\n\
 cpu = 's390x'\n\
-endian = 'little'" > /usr/local/share/meson/cross/s390x-linux-gnu
-
-ENV LANG "en_US.UTF-8"
-
-ENV MAKE "/usr/bin/make"
-ENV NINJA "/usr/bin/ninja"
-ENV PYTHON "/usr/bin/python3"
-
-ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+endian = 'big'" > /usr/local/share/meson/cross/s390x-linux-gnu && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/s390x-linux-gnu-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/s390x-linux-gnu-gcc
 
 ENV ABI "s390x-linux-gnu"
-ENV CONFIGURE_OPTS "--host=s390x-linux-gnu"
 ENV MESON_OPTS "--cross-file=s390x-linux-gnu"

ci/containers/debian-11.Dockerfile

@@ -1,42 +1,45 @@
-FROM debian:sid
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM docker.io/library/debian:11-slim
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
             augeas-lenses \
             augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
             bash-completion \
             ca-certificates \
             ccache \
-            chrony \
             clang \
-            cpanminus \
+            codespell \
+            cpp \
+            diffutils \
             dnsmasq-base \
             dwarves \
             ebtables \
             flake8 \
             gcc \
-            gdb \
             gettext \
             git \
+            grep \
             iproute2 \
+            iptables \
             kmod \
             libacl1-dev \
             libapparmor-dev \
             libattr1-dev \
             libaudit-dev \
-            libavahi-client-dev \
             libblkid-dev \
             libc-dev-bin \
             libc6-dev \
             libcap-ng-dev \
             libcurl4-gnutls-dev \
-            libdbus-1-dev \
             libdevmapper-dev \
             libfuse-dev \
             libglib2.0-dev \
@@ -58,58 +61,42 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
             libssh-gcrypt-dev \
             libssh2-1-dev \
             libtirpc-dev \
-            libtool \
-            libtool-bin \
             libudev-dev \
             libxen-dev \
             libxml2-dev \
             libxml2-utils \
             libyajl-dev \
             locales \
-            lsof \
             lvm2 \
             make \
             meson \
-            net-tools \
             nfs-common \
             ninja-build \
             numad \
             open-iscsi \
-            parted \
-            patch \
-            perl \
+            perl-base \
             pkgconf \
             policykit-1 \
             python3 \
             python3-docutils \
-            python3-pip \
-            python3-setuptools \
-            python3-wheel \
             qemu-utils \
-            radvd \
-            screen \
             scrub \
-            strace \
-            sudo \
+            sed \
             systemtap-sdt-dev \
-            vim \
             wireshark-dev \
-            xfslibs-dev \
-            xsltproc \
-            xz-utils \
-            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            xsltproc && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
     dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/$(basename /usr/bin/gcc)
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/clang && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/gcc
 
 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

ci/containers/debian-sid-cross-aarch64.Dockerfile

@@ -0,0 +1,122 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM docker.io/library/debian:sid-slim
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    apt-get update && \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
+            augeas-lenses \
+            augeas-tools \
+            bash-completion \
+            ca-certificates \
+            ccache \
+            codespell \
+            cpp \
+            diffutils \
+            dnsmasq-base \
+            dwarves \
+            ebtables \
+            flake8 \
+            gettext \
+            git \
+            grep \
+            iproute2 \
+            iptables \
+            kmod \
+            libc-dev-bin \
+            libxml2-utils \
+            locales \
+            lvm2 \
+            make \
+            meson \
+            nfs-common \
+            ninja-build \
+            numad \
+            open-iscsi \
+            perl-base \
+            pkgconf \
+            policykit-1 \
+            python3 \
+            python3-docutils \
+            qemu-utils \
+            scrub \
+            sed \
+            xsltproc && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
+    dpkg-reconfigure locales
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    dpkg --add-architecture arm64 && \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
+            gcc-aarch64-linux-gnu \
+            libacl1-dev:arm64 \
+            libapparmor-dev:arm64 \
+            libattr1-dev:arm64 \
+            libaudit-dev:arm64 \
+            libblkid-dev:arm64 \
+            libc6-dev:arm64 \
+            libcap-ng-dev:arm64 \
+            libcurl4-gnutls-dev:arm64 \
+            libdevmapper-dev:arm64 \
+            libfuse-dev:arm64 \
+            libglib2.0-dev:arm64 \
+            libglusterfs-dev:arm64 \
+            libgnutls28-dev:arm64 \
+            libiscsi-dev:arm64 \
+            libnl-3-dev:arm64 \
+            libnl-route-3-dev:arm64 \
+            libnuma-dev:arm64 \
+            libparted-dev:arm64 \
+            libpcap0.8-dev:arm64 \
+            libpciaccess-dev:arm64 \
+            librbd-dev:arm64 \
+            libreadline-dev:arm64 \
+            libsanlock-dev:arm64 \
+            libsasl2-dev:arm64 \
+            libselinux1-dev:arm64 \
+            libssh-gcrypt-dev:arm64 \
+            libssh2-1-dev:arm64 \
+            libtirpc-dev:arm64 \
+            libudev-dev:arm64 \
+            libxen-dev:arm64 \
+            libxml2-dev:arm64 \
+            libyajl-dev:arm64 \
+            systemtap-sdt-dev:arm64 && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    mkdir -p /usr/local/share/meson/cross && \
+    echo "[binaries]\n\
+c = '/usr/bin/aarch64-linux-gnu-gcc'\n\
+ar = '/usr/bin/aarch64-linux-gnu-gcc-ar'\n\
+strip = '/usr/bin/aarch64-linux-gnu-strip'\n\
+pkgconfig = '/usr/bin/aarch64-linux-gnu-pkg-config'\n\
+\n\
+[host_machine]\n\
+system = 'linux'\n\
+cpu_family = 'aarch64'\n\
+cpu = 'aarch64'\n\
+endian = 'little'" > /usr/local/share/meson/cross/aarch64-linux-gnu && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/aarch64-linux-gnu-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/aarch64-linux-gnu-gcc
+
+ENV ABI "aarch64-linux-gnu"
+ENV MESON_OPTS "--cross-file=aarch64-linux-gnu"

ci/containers/debian-sid-cross-armv6l.Dockerfile

@@ -0,0 +1,121 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM docker.io/library/debian:sid-slim
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    apt-get update && \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
+            augeas-lenses \
+            augeas-tools \
+            bash-completion \
+            ca-certificates \
+            ccache \
+            codespell \
+            cpp \
+            diffutils \
+            dnsmasq-base \
+            dwarves \
+            ebtables \
+            flake8 \
+            gettext \
+            git \
+            grep \
+            iproute2 \
+            iptables \
+            kmod \
+            libc-dev-bin \
+            libxml2-utils \
+            locales \
+            lvm2 \
+            make \
+            meson \
+            nfs-common \
+            ninja-build \
+            numad \
+            open-iscsi \
+            perl-base \
+            pkgconf \
+            policykit-1 \
+            python3 \
+            python3-docutils \
+            qemu-utils \
+            scrub \
+            sed \
+            xsltproc && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
+    dpkg-reconfigure locales
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    dpkg --add-architecture armel && \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
+            gcc-arm-linux-gnueabi \
+            libacl1-dev:armel \
+            libapparmor-dev:armel \
+            libattr1-dev:armel \
+            libaudit-dev:armel \
+            libblkid-dev:armel \
+            libc6-dev:armel \
+            libcap-ng-dev:armel \
+            libcurl4-gnutls-dev:armel \
+            libdevmapper-dev:armel \
+            libfuse-dev:armel \
+            libglib2.0-dev:armel \
+            libglusterfs-dev:armel \
+            libgnutls28-dev:armel \
+            libiscsi-dev:armel \
+            libnl-3-dev:armel \
+            libnl-route-3-dev:armel \
+            libnuma-dev:armel \
+            libparted-dev:armel \
+            libpcap0.8-dev:armel \
+            libpciaccess-dev:armel \
+            librbd-dev:armel \
+            libreadline-dev:armel \
+            libsanlock-dev:armel \
+            libsasl2-dev:armel \
+            libselinux1-dev:armel \
+            libssh-gcrypt-dev:armel \
+            libssh2-1-dev:armel \
+            libtirpc-dev:armel \
+            libudev-dev:armel \
+            libxml2-dev:armel \
+            libyajl-dev:armel \
+            systemtap-sdt-dev:armel && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    mkdir -p /usr/local/share/meson/cross && \
+    echo "[binaries]\n\
+c = '/usr/bin/arm-linux-gnueabi-gcc'\n\
+ar = '/usr/bin/arm-linux-gnueabi-gcc-ar'\n\
+strip = '/usr/bin/arm-linux-gnueabi-strip'\n\
+pkgconfig = '/usr/bin/arm-linux-gnueabi-pkg-config'\n\
+\n\
+[host_machine]\n\
+system = 'linux'\n\
+cpu_family = 'arm'\n\
+cpu = 'arm'\n\
+endian = 'little'" > /usr/local/share/meson/cross/arm-linux-gnueabi && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabi-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabi-gcc
+
+ENV ABI "arm-linux-gnueabi"
+ENV MESON_OPTS "--cross-file=arm-linux-gnueabi"

ci/containers/debian-sid-cross-armv7l.Dockerfile

@@ -0,0 +1,122 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM docker.io/library/debian:sid-slim
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    apt-get update && \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
+            augeas-lenses \
+            augeas-tools \
+            bash-completion \
+            ca-certificates \
+            ccache \
+            codespell \
+            cpp \
+            diffutils \
+            dnsmasq-base \
+            dwarves \
+            ebtables \
+            flake8 \
+            gettext \
+            git \
+            grep \
+            iproute2 \
+            iptables \
+            kmod \
+            libc-dev-bin \
+            libxml2-utils \
+            locales \
+            lvm2 \
+            make \
+            meson \
+            nfs-common \
+            ninja-build \
+            numad \
+            open-iscsi \
+            perl-base \
+            pkgconf \
+            policykit-1 \
+            python3 \
+            python3-docutils \
+            qemu-utils \
+            scrub \
+            sed \
+            xsltproc && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
+    dpkg-reconfigure locales
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    dpkg --add-architecture armhf && \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
+            gcc-arm-linux-gnueabihf \
+            libacl1-dev:armhf \
+            libapparmor-dev:armhf \
+            libattr1-dev:armhf \
+            libaudit-dev:armhf \
+            libblkid-dev:armhf \
+            libc6-dev:armhf \
+            libcap-ng-dev:armhf \
+            libcurl4-gnutls-dev:armhf \
+            libdevmapper-dev:armhf \
+            libfuse-dev:armhf \
+            libglib2.0-dev:armhf \
+            libglusterfs-dev:armhf \
+            libgnutls28-dev:armhf \
+            libiscsi-dev:armhf \
+            libnl-3-dev:armhf \
+            libnl-route-3-dev:armhf \
+            libnuma-dev:armhf \
+            libparted-dev:armhf \
+            libpcap0.8-dev:armhf \
+            libpciaccess-dev:armhf \
+            librbd-dev:armhf \
+            libreadline-dev:armhf \
+            libsanlock-dev:armhf \
+            libsasl2-dev:armhf \
+            libselinux1-dev:armhf \
+            libssh-gcrypt-dev:armhf \
+            libssh2-1-dev:armhf \
+            libtirpc-dev:armhf \
+            libudev-dev:armhf \
+            libxen-dev:armhf \
+            libxml2-dev:armhf \
+            libyajl-dev:armhf \
+            systemtap-sdt-dev:armhf && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    mkdir -p /usr/local/share/meson/cross && \
+    echo "[binaries]\n\
+c = '/usr/bin/arm-linux-gnueabihf-gcc'\n\
+ar = '/usr/bin/arm-linux-gnueabihf-gcc-ar'\n\
+strip = '/usr/bin/arm-linux-gnueabihf-strip'\n\
+pkgconfig = '/usr/bin/arm-linux-gnueabihf-pkg-config'\n\
+\n\
+[host_machine]\n\
+system = 'linux'\n\
+cpu_family = 'arm'\n\
+cpu = 'armhf'\n\
+endian = 'little'" > /usr/local/share/meson/cross/arm-linux-gnueabihf && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabihf-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabihf-gcc
+
+ENV ABI "arm-linux-gnueabihf"
+ENV MESON_OPTS "--cross-file=arm-linux-gnueabihf"

ci/containers/debian-sid-cross-i686.Dockerfile

@@ -0,0 +1,121 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM docker.io/library/debian:sid-slim
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    apt-get update && \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
+            augeas-lenses \
+            augeas-tools \
+            bash-completion \
+            ca-certificates \
+            ccache \
+            codespell \
+            cpp \
+            diffutils \
+            dnsmasq-base \
+            dwarves \
+            ebtables \
+            flake8 \
+            gettext \
+            git \
+            grep \
+            iproute2 \
+            iptables \
+            kmod \
+            libc-dev-bin \
+            libxml2-utils \
+            locales \
+            lvm2 \
+            make \
+            meson \
+            nfs-common \
+            ninja-build \
+            numad \
+            open-iscsi \
+            perl-base \
+            pkgconf \
+            policykit-1 \
+            python3 \
+            python3-docutils \
+            qemu-utils \
+            scrub \
+            sed \
+            xsltproc && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
+    dpkg-reconfigure locales
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    dpkg --add-architecture i386 && \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
+            gcc-i686-linux-gnu \
+            libacl1-dev:i386 \
+            libapparmor-dev:i386 \
+            libattr1-dev:i386 \
+            libaudit-dev:i386 \
+            libblkid-dev:i386 \
+            libc6-dev:i386 \
+            libcap-ng-dev:i386 \
+            libcurl4-gnutls-dev:i386 \
+            libdevmapper-dev:i386 \
+            libfuse-dev:i386 \
+            libglib2.0-dev:i386 \
+            libglusterfs-dev:i386 \
+            libgnutls28-dev:i386 \
+            libiscsi-dev:i386 \
+            libnl-3-dev:i386 \
+            libnl-route-3-dev:i386 \
+            libnuma-dev:i386 \
+            libparted-dev:i386 \
+            libpcap0.8-dev:i386 \
+            libpciaccess-dev:i386 \
+            librbd-dev:i386 \
+            libreadline-dev:i386 \
+            libsanlock-dev:i386 \
+            libsasl2-dev:i386 \
+            libselinux1-dev:i386 \
+            libssh-gcrypt-dev:i386 \
+            libssh2-1-dev:i386 \
+            libtirpc-dev:i386 \
+            libudev-dev:i386 \
+            libxml2-dev:i386 \
+            libyajl-dev:i386 \
+            systemtap-sdt-dev:i386 && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    mkdir -p /usr/local/share/meson/cross && \
+    echo "[binaries]\n\
+c = '/usr/bin/i686-linux-gnu-gcc'\n\
+ar = '/usr/bin/i686-linux-gnu-gcc-ar'\n\
+strip = '/usr/bin/i686-linux-gnu-strip'\n\
+pkgconfig = '/usr/bin/i686-linux-gnu-pkg-config'\n\
+\n\
+[host_machine]\n\
+system = 'linux'\n\
+cpu_family = 'x86'\n\
+cpu = 'i686'\n\
+endian = 'little'" > /usr/local/share/meson/cross/i686-linux-gnu && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-linux-gnu-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-linux-gnu-gcc
+
+ENV ABI "i686-linux-gnu"
+ENV MESON_OPTS "--cross-file=i686-linux-gnu"

ci/containers/debian-sid-cross-mips64el.Dockerfile

@@ -0,0 +1,121 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM docker.io/library/debian:sid-slim
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    apt-get update && \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
+            augeas-lenses \
+            augeas-tools \
+            bash-completion \
+            ca-certificates \
+            ccache \
+            codespell \
+            cpp \
+            diffutils \
+            dnsmasq-base \
+            dwarves \
+            ebtables \
+            flake8 \
+            gettext \
+            git \
+            grep \
+            iproute2 \
+            iptables \
+            kmod \
+            libc-dev-bin \
+            libxml2-utils \
+            locales \
+            lvm2 \
+            make \
+            meson \
+            nfs-common \
+            ninja-build \
+            numad \
+            open-iscsi \
+            perl-base \
+            pkgconf \
+            policykit-1 \
+            python3 \
+            python3-docutils \
+            qemu-utils \
+            scrub \
+            sed \
+            xsltproc && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
+    dpkg-reconfigure locales
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    dpkg --add-architecture mips64el && \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
+            gcc-mips64el-linux-gnuabi64 \
+            libacl1-dev:mips64el \
+            libapparmor-dev:mips64el \
+            libattr1-dev:mips64el \
+            libaudit-dev:mips64el \
+            libblkid-dev:mips64el \
+            libc6-dev:mips64el \
+            libcap-ng-dev:mips64el \
+            libcurl4-gnutls-dev:mips64el \
+            libdevmapper-dev:mips64el \
+            libfuse-dev:mips64el \
+            libglib2.0-dev:mips64el \
+            libglusterfs-dev:mips64el \
+            libgnutls28-dev:mips64el \
+            libiscsi-dev:mips64el \
+            libnl-3-dev:mips64el \
+            libnl-route-3-dev:mips64el \
+            libnuma-dev:mips64el \
+            libparted-dev:mips64el \
+            libpcap0.8-dev:mips64el \
+            libpciaccess-dev:mips64el \
+            librbd-dev:mips64el \
+            libreadline-dev:mips64el \
+            libsanlock-dev:mips64el \
+            libsasl2-dev:mips64el \
+            libselinux1-dev:mips64el \
+            libssh-gcrypt-dev:mips64el \
+            libssh2-1-dev:mips64el \
+            libtirpc-dev:mips64el \
+            libudev-dev:mips64el \
+            libxml2-dev:mips64el \
+            libyajl-dev:mips64el \
+            systemtap-sdt-dev:mips64el && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    mkdir -p /usr/local/share/meson/cross && \
+    echo "[binaries]\n\
+c = '/usr/bin/mips64el-linux-gnuabi64-gcc'\n\
+ar = '/usr/bin/mips64el-linux-gnuabi64-gcc-ar'\n\
+strip = '/usr/bin/mips64el-linux-gnuabi64-strip'\n\
+pkgconfig = '/usr/bin/mips64el-linux-gnuabi64-pkg-config'\n\
+\n\
+[host_machine]\n\
+system = 'linux'\n\
+cpu_family = 'mips64'\n\
+cpu = 'mips64el'\n\
+endian = 'little'" > /usr/local/share/meson/cross/mips64el-linux-gnuabi64 && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mips64el-linux-gnuabi64-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mips64el-linux-gnuabi64-gcc
+
+ENV ABI "mips64el-linux-gnuabi64"
+ENV MESON_OPTS "--cross-file=mips64el-linux-gnuabi64"

ci/containers/debian-sid-cross-mipsel.Dockerfile

@@ -0,0 +1,121 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM docker.io/library/debian:sid-slim
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    apt-get update && \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
+            augeas-lenses \
+            augeas-tools \
+            bash-completion \
+            ca-certificates \
+            ccache \
+            codespell \
+            cpp \
+            diffutils \
+            dnsmasq-base \
+            dwarves \
+            ebtables \
+            flake8 \
+            gettext \
+            git \
+            grep \
+            iproute2 \
+            iptables \
+            kmod \
+            libc-dev-bin \
+            libxml2-utils \
+            locales \
+            lvm2 \
+            make \
+            meson \
+            nfs-common \
+            ninja-build \
+            numad \
+            open-iscsi \
+            perl-base \
+            pkgconf \
+            policykit-1 \
+            python3 \
+            python3-docutils \
+            qemu-utils \
+            scrub \
+            sed \
+            xsltproc && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
+    dpkg-reconfigure locales
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    dpkg --add-architecture mipsel && \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
+            gcc-mipsel-linux-gnu \
+            libacl1-dev:mipsel \
+            libapparmor-dev:mipsel \
+            libattr1-dev:mipsel \
+            libaudit-dev:mipsel \
+            libblkid-dev:mipsel \
+            libc6-dev:mipsel \
+            libcap-ng-dev:mipsel \
+            libcurl4-gnutls-dev:mipsel \
+            libdevmapper-dev:mipsel \
+            libfuse-dev:mipsel \
+            libglib2.0-dev:mipsel \
+            libglusterfs-dev:mipsel \
+            libgnutls28-dev:mipsel \
+            libiscsi-dev:mipsel \
+            libnl-3-dev:mipsel \
+            libnl-route-3-dev:mipsel \
+            libnuma-dev:mipsel \
+            libparted-dev:mipsel \
+            libpcap0.8-dev:mipsel \
+            libpciaccess-dev:mipsel \
+            librbd-dev:mipsel \
+            libreadline-dev:mipsel \
+            libsanlock-dev:mipsel \
+            libsasl2-dev:mipsel \
+            libselinux1-dev:mipsel \
+            libssh-gcrypt-dev:mipsel \
+            libssh2-1-dev:mipsel \
+            libtirpc-dev:mipsel \
+            libudev-dev:mipsel \
+            libxml2-dev:mipsel \
+            libyajl-dev:mipsel \
+            systemtap-sdt-dev:mipsel && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    mkdir -p /usr/local/share/meson/cross && \
+    echo "[binaries]\n\
+c = '/usr/bin/mipsel-linux-gnu-gcc'\n\
+ar = '/usr/bin/mipsel-linux-gnu-gcc-ar'\n\
+strip = '/usr/bin/mipsel-linux-gnu-strip'\n\
+pkgconfig = '/usr/bin/mipsel-linux-gnu-pkg-config'\n\
+\n\
+[host_machine]\n\
+system = 'linux'\n\
+cpu_family = 'mips'\n\
+cpu = 'mipsel'\n\
+endian = 'little'" > /usr/local/share/meson/cross/mipsel-linux-gnu && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mipsel-linux-gnu-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mipsel-linux-gnu-gcc
+
+ENV ABI "mipsel-linux-gnu"
+ENV MESON_OPTS "--cross-file=mipsel-linux-gnu"

ci/containers/debian-sid-cross-ppc64le.Dockerfile

@@ -0,0 +1,121 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM docker.io/library/debian:sid-slim
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    apt-get update && \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
+            augeas-lenses \
+            augeas-tools \
+            bash-completion \
+            ca-certificates \
+            ccache \
+            codespell \
+            cpp \
+            diffutils \
+            dnsmasq-base \
+            dwarves \
+            ebtables \
+            flake8 \
+            gettext \
+            git \
+            grep \
+            iproute2 \
+            iptables \
+            kmod \
+            libc-dev-bin \
+            libxml2-utils \
+            locales \
+            lvm2 \
+            make \
+            meson \
+            nfs-common \
+            ninja-build \
+            numad \
+            open-iscsi \
+            perl-base \
+            pkgconf \
+            policykit-1 \
+            python3 \
+            python3-docutils \
+            qemu-utils \
+            scrub \
+            sed \
+            xsltproc && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
+    dpkg-reconfigure locales
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    dpkg --add-architecture ppc64el && \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
+            gcc-powerpc64le-linux-gnu \
+            libacl1-dev:ppc64el \
+            libapparmor-dev:ppc64el \
+            libattr1-dev:ppc64el \
+            libaudit-dev:ppc64el \
+            libblkid-dev:ppc64el \
+            libc6-dev:ppc64el \
+            libcap-ng-dev:ppc64el \
+            libcurl4-gnutls-dev:ppc64el \
+            libdevmapper-dev:ppc64el \
+            libfuse-dev:ppc64el \
+            libglib2.0-dev:ppc64el \
+            libglusterfs-dev:ppc64el \
+            libgnutls28-dev:ppc64el \
+            libiscsi-dev:ppc64el \
+            libnl-3-dev:ppc64el \
+            libnl-route-3-dev:ppc64el \
+            libnuma-dev:ppc64el \
+            libparted-dev:ppc64el \
+            libpcap0.8-dev:ppc64el \
+            libpciaccess-dev:ppc64el \
+            librbd-dev:ppc64el \
+            libreadline-dev:ppc64el \
+            libsanlock-dev:ppc64el \
+            libsasl2-dev:ppc64el \
+            libselinux1-dev:ppc64el \
+            libssh-gcrypt-dev:ppc64el \
+            libssh2-1-dev:ppc64el \
+            libtirpc-dev:ppc64el \
+            libudev-dev:ppc64el \
+            libxml2-dev:ppc64el \
+            libyajl-dev:ppc64el \
+            systemtap-sdt-dev:ppc64el && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    mkdir -p /usr/local/share/meson/cross && \
+    echo "[binaries]\n\
+c = '/usr/bin/powerpc64le-linux-gnu-gcc'\n\
+ar = '/usr/bin/powerpc64le-linux-gnu-gcc-ar'\n\
+strip = '/usr/bin/powerpc64le-linux-gnu-strip'\n\
+pkgconfig = '/usr/bin/powerpc64le-linux-gnu-pkg-config'\n\
+\n\
+[host_machine]\n\
+system = 'linux'\n\
+cpu_family = 'ppc64'\n\
+cpu = 'powerpc64le'\n\
+endian = 'little'" > /usr/local/share/meson/cross/powerpc64le-linux-gnu && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/powerpc64le-linux-gnu-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/powerpc64le-linux-gnu-gcc
+
+ENV ABI "powerpc64le-linux-gnu"
+ENV MESON_OPTS "--cross-file=powerpc64le-linux-gnu"

ci/containers/debian-sid-cross-s390x.Dockerfile

@@ -0,0 +1,121 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM docker.io/library/debian:sid-slim
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    apt-get update && \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
+            augeas-lenses \
+            augeas-tools \
+            bash-completion \
+            ca-certificates \
+            ccache \
+            codespell \
+            cpp \
+            diffutils \
+            dnsmasq-base \
+            dwarves \
+            ebtables \
+            flake8 \
+            gettext \
+            git \
+            grep \
+            iproute2 \
+            iptables \
+            kmod \
+            libc-dev-bin \
+            libxml2-utils \
+            locales \
+            lvm2 \
+            make \
+            meson \
+            nfs-common \
+            ninja-build \
+            numad \
+            open-iscsi \
+            perl-base \
+            pkgconf \
+            policykit-1 \
+            python3 \
+            python3-docutils \
+            qemu-utils \
+            scrub \
+            sed \
+            xsltproc && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
+    dpkg-reconfigure locales
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    dpkg --add-architecture s390x && \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
+            gcc-s390x-linux-gnu \
+            libacl1-dev:s390x \
+            libapparmor-dev:s390x \
+            libattr1-dev:s390x \
+            libaudit-dev:s390x \
+            libblkid-dev:s390x \
+            libc6-dev:s390x \
+            libcap-ng-dev:s390x \
+            libcurl4-gnutls-dev:s390x \
+            libdevmapper-dev:s390x \
+            libfuse-dev:s390x \
+            libglib2.0-dev:s390x \
+            libglusterfs-dev:s390x \
+            libgnutls28-dev:s390x \
+            libiscsi-dev:s390x \
+            libnl-3-dev:s390x \
+            libnl-route-3-dev:s390x \
+            libnuma-dev:s390x \
+            libparted-dev:s390x \
+            libpcap0.8-dev:s390x \
+            libpciaccess-dev:s390x \
+            librbd-dev:s390x \
+            libreadline-dev:s390x \
+            libsanlock-dev:s390x \
+            libsasl2-dev:s390x \
+            libselinux1-dev:s390x \
+            libssh-gcrypt-dev:s390x \
+            libssh2-1-dev:s390x \
+            libtirpc-dev:s390x \
+            libudev-dev:s390x \
+            libxml2-dev:s390x \
+            libyajl-dev:s390x \
+            systemtap-sdt-dev:s390x && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    mkdir -p /usr/local/share/meson/cross && \
+    echo "[binaries]\n\
+c = '/usr/bin/s390x-linux-gnu-gcc'\n\
+ar = '/usr/bin/s390x-linux-gnu-gcc-ar'\n\
+strip = '/usr/bin/s390x-linux-gnu-strip'\n\
+pkgconfig = '/usr/bin/s390x-linux-gnu-pkg-config'\n\
+\n\
+[host_machine]\n\
+system = 'linux'\n\
+cpu_family = 's390x'\n\
+cpu = 's390x'\n\
+endian = 'big'" > /usr/local/share/meson/cross/s390x-linux-gnu && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/s390x-linux-gnu-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/s390x-linux-gnu-gcc
+
+ENV ABI "s390x-linux-gnu"
+ENV MESON_OPTS "--cross-file=s390x-linux-gnu"

ci/containers/debian-sid.Dockerfile

@@ -0,0 +1,101 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM docker.io/library/debian:sid-slim
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    apt-get update && \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
+            augeas-lenses \
+            augeas-tools \
+            bash-completion \
+            ca-certificates \
+            ccache \
+            clang \
+            codespell \
+            cpp \
+            diffutils \
+            dnsmasq-base \
+            dwarves \
+            ebtables \
+            flake8 \
+            gcc \
+            gettext \
+            git \
+            grep \
+            iproute2 \
+            iptables \
+            kmod \
+            libacl1-dev \
+            libapparmor-dev \
+            libattr1-dev \
+            libaudit-dev \
+            libblkid-dev \
+            libc-dev-bin \
+            libc6-dev \
+            libcap-ng-dev \
+            libcurl4-gnutls-dev \
+            libdevmapper-dev \
+            libfuse-dev \
+            libglib2.0-dev \
+            libglusterfs-dev \
+            libgnutls28-dev \
+            libiscsi-dev \
+            libnl-3-dev \
+            libnl-route-3-dev \
+            libnuma-dev \
+            libparted-dev \
+            libpcap0.8-dev \
+            libpciaccess-dev \
+            librbd-dev \
+            libreadline-dev \
+            libsanlock-dev \
+            libsasl2-dev \
+            libselinux1-dev \
+            libssh-gcrypt-dev \
+            libssh2-1-dev \
+            libtirpc-dev \
+            libudev-dev \
+            libxen-dev \
+            libxml2-dev \
+            libxml2-utils \
+            libyajl-dev \
+            locales \
+            lvm2 \
+            make \
+            meson \
+            nfs-common \
+            ninja-build \
+            numad \
+            open-iscsi \
+            perl-base \
+            pkgconf \
+            policykit-1 \
+            python3 \
+            python3-docutils \
+            qemu-utils \
+            scrub \
+            sed \
+            systemtap-sdt-dev \
+            wireshark-dev \
+            xsltproc && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
+    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/clang && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/gcc
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

ci/containers/fedora-34.Dockerfile

@@ -1,39 +1,52 @@
-FROM fedora:31
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
 
-RUN dnf update -y && \
-    dnf install -y \
+FROM registry.fedoraproject.org/fedora:34
+
+RUN dnf install -y nosync && \
+    echo -e '#!/bin/sh\n\
+if test -d /usr/lib64\n\
+then\n\
+    export LD_PRELOAD=/usr/lib64/nosync/nosync.so\n\
+else\n\
+    export LD_PRELOAD=/usr/lib/nosync/nosync.so\n\
+fi\n\
+exec "$@"' > /usr/bin/nosync && \
+    chmod +x /usr/bin/nosync && \
+    nosync dnf update -y && \
+    nosync dnf install -y \
         audit-libs-devel \
         augeas \
-        autoconf \
-        automake \
-        avahi-devel \
-        bash \
         bash-completion \
         ca-certificates \
         ccache \
-        chrony \
         clang \
+        codespell \
+        cpp \
         cppi \
         cyrus-sasl-devel \
-        dbus-devel \
         device-mapper-devel \
+        diffutils \
         dnsmasq \
         dwarves \
         ebtables \
         firewalld-filesystem \
         fuse-devel \
         gcc \
-        gdb \
         gettext \
-        gettext-devel \
         git \
         glib2-devel \
         glibc-devel \
         glibc-langpack-en \
         glusterfs-api-devel \
         gnutls-devel \
+        grep \
         iproute \
         iproute-tc \
+        iptables \
         iscsi-initiator-utils \
         kmod \
         libacl-devel \
@@ -50,66 +63,48 @@ RUN dnf update -y && \
         libssh-devel \
         libssh2-devel \
         libtirpc-devel \
-        libtool \
-        libudev-devel \
         libwsman-devel \
         libxml2 \
         libxml2-devel \
         libxslt \
-        lsof \
         lvm2 \
         make \
-        net-tools \
+        meson \
         netcf-devel \
         nfs-utils \
         ninja-build \
         numactl-devel \
         numad \
-        parted \
         parted-devel \
-        patch \
-        perl \
-        perl-App-cpanminus \
+        perl-base \
         pkgconfig \
         polkit \
         python3 \
         python3-docutils \
         python3-flake8 \
-        python3-pip \
-        python3-setuptools \
-        python3-wheel \
         qemu-img \
-        radvd \
         readline-devel \
         rpcgen \
         rpm-build \
         sanlock-devel \
-        screen \
         scrub \
+        sed \
         sheepdog \
-        strace \
-        sudo \
+        systemd-devel \
         systemtap-sdt-devel \
-        vim \
         wireshark-devel \
         xen-devel \
-        xfsprogs-devel \
-        xz \
-        yajl-devel \
-        zfs-fuse && \
-    dnf autoremove -y && \
-    dnf clean all -y && \
+        yajl-devel && \
+    nosync dnf autoremove -y && \
+    nosync dnf clean all -y && \
+    rpm -qa | sort > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/$(basename /usr/bin/gcc)
-
-RUN pip3 install \
-         meson==0.54.0
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/clang && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/gcc
 
 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

ci/containers/fedora-35-cross-mingw32.Dockerfile

@@ -0,0 +1,89 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM registry.fedoraproject.org/fedora:35
+
+RUN dnf install -y nosync && \
+    echo -e '#!/bin/sh\n\
+if test -d /usr/lib64\n\
+then\n\
+    export LD_PRELOAD=/usr/lib64/nosync/nosync.so\n\
+else\n\
+    export LD_PRELOAD=/usr/lib/nosync/nosync.so\n\
+fi\n\
+exec "$@"' > /usr/bin/nosync && \
+    chmod +x /usr/bin/nosync && \
+    nosync dnf update -y && \
+    nosync dnf install -y \
+        augeas \
+        bash-completion \
+        ca-certificates \
+        ccache \
+        codespell \
+        cpp \
+        cppi \
+        diffutils \
+        dnsmasq \
+        dwarves \
+        ebtables \
+        firewalld-filesystem \
+        git \
+        glibc-langpack-en \
+        grep \
+        iproute \
+        iproute-tc \
+        iptables \
+        iscsi-initiator-utils \
+        kmod \
+        libxml2 \
+        libxslt \
+        lvm2 \
+        make \
+        meson \
+        nfs-utils \
+        ninja-build \
+        numad \
+        perl-base \
+        polkit \
+        python3 \
+        python3-docutils \
+        python3-flake8 \
+        qemu-img \
+        rpcgen \
+        rpm-build \
+        scrub \
+        sed \
+        sheepdog && \
+    nosync dnf autoremove -y && \
+    nosync dnf clean all -y
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+
+RUN nosync dnf install -y \
+        mingw32-curl \
+        mingw32-dlfcn \
+        mingw32-gcc \
+        mingw32-gettext \
+        mingw32-glib2 \
+        mingw32-gnutls \
+        mingw32-headers \
+        mingw32-libssh2 \
+        mingw32-libxml2 \
+        mingw32-pkg-config \
+        mingw32-portablexdr \
+        mingw32-readline && \
+    nosync dnf clean all -y && \
+    rpm -qa | sort > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-w64-mingw32-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-w64-mingw32-gcc
+
+ENV ABI "i686-w64-mingw32"
+ENV MESON_OPTS "--cross-file=/usr/share/mingw/toolchain-mingw32.meson"

ci/containers/fedora-35-cross-mingw64.Dockerfile

@@ -0,0 +1,89 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM registry.fedoraproject.org/fedora:35
+
+RUN dnf install -y nosync && \
+    echo -e '#!/bin/sh\n\
+if test -d /usr/lib64\n\
+then\n\
+    export LD_PRELOAD=/usr/lib64/nosync/nosync.so\n\
+else\n\
+    export LD_PRELOAD=/usr/lib/nosync/nosync.so\n\
+fi\n\
+exec "$@"' > /usr/bin/nosync && \
+    chmod +x /usr/bin/nosync && \
+    nosync dnf update -y && \
+    nosync dnf install -y \
+        augeas \
+        bash-completion \
+        ca-certificates \
+        ccache \
+        codespell \
+        cpp \
+        cppi \
+        diffutils \
+        dnsmasq \
+        dwarves \
+        ebtables \
+        firewalld-filesystem \
+        git \
+        glibc-langpack-en \
+        grep \
+        iproute \
+        iproute-tc \
+        iptables \
+        iscsi-initiator-utils \
+        kmod \
+        libxml2 \
+        libxslt \
+        lvm2 \
+        make \
+        meson \
+        nfs-utils \
+        ninja-build \
+        numad \
+        perl-base \
+        polkit \
+        python3 \
+        python3-docutils \
+        python3-flake8 \
+        qemu-img \
+        rpcgen \
+        rpm-build \
+        scrub \
+        sed \
+        sheepdog && \
+    nosync dnf autoremove -y && \
+    nosync dnf clean all -y
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+
+RUN nosync dnf install -y \
+        mingw64-curl \
+        mingw64-dlfcn \
+        mingw64-gcc \
+        mingw64-gettext \
+        mingw64-glib2 \
+        mingw64-gnutls \
+        mingw64-headers \
+        mingw64-libssh2 \
+        mingw64-libxml2 \
+        mingw64-pkg-config \
+        mingw64-portablexdr \
+        mingw64-readline && \
+    nosync dnf clean all -y && \
+    rpm -qa | sort > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/x86_64-w64-mingw32-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/x86_64-w64-mingw32-gcc
+
+ENV ABI "x86_64-w64-mingw32"
+ENV MESON_OPTS "--cross-file=/usr/share/mingw/toolchain-mingw64.meson"

ci/containers/fedora-35.Dockerfile

@@ -0,0 +1,110 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM registry.fedoraproject.org/fedora:35
+
+RUN dnf install -y nosync && \
+    echo -e '#!/bin/sh\n\
+if test -d /usr/lib64\n\
+then\n\
+    export LD_PRELOAD=/usr/lib64/nosync/nosync.so\n\
+else\n\
+    export LD_PRELOAD=/usr/lib/nosync/nosync.so\n\
+fi\n\
+exec "$@"' > /usr/bin/nosync && \
+    chmod +x /usr/bin/nosync && \
+    nosync dnf update -y && \
+    nosync dnf install -y \
+        audit-libs-devel \
+        augeas \
+        bash-completion \
+        ca-certificates \
+        ccache \
+        clang \
+        codespell \
+        cpp \
+        cppi \
+        cyrus-sasl-devel \
+        device-mapper-devel \
+        diffutils \
+        dnsmasq \
+        dwarves \
+        ebtables \
+        firewalld-filesystem \
+        fuse-devel \
+        gcc \
+        gettext \
+        git \
+        glib2-devel \
+        glibc-devel \
+        glibc-langpack-en \
+        glusterfs-api-devel \
+        gnutls-devel \
+        grep \
+        iproute \
+        iproute-tc \
+        iptables \
+        iscsi-initiator-utils \
+        kmod \
+        libacl-devel \
+        libattr-devel \
+        libblkid-devel \
+        libcap-ng-devel \
+        libcurl-devel \
+        libiscsi-devel \
+        libnl3-devel \
+        libpcap-devel \
+        libpciaccess-devel \
+        librbd-devel \
+        libselinux-devel \
+        libssh-devel \
+        libssh2-devel \
+        libtirpc-devel \
+        libwsman-devel \
+        libxml2 \
+        libxml2-devel \
+        libxslt \
+        lvm2 \
+        make \
+        meson \
+        netcf-devel \
+        nfs-utils \
+        ninja-build \
+        numactl-devel \
+        numad \
+        parted-devel \
+        perl-base \
+        pkgconfig \
+        polkit \
+        python3 \
+        python3-docutils \
+        python3-flake8 \
+        qemu-img \
+        readline-devel \
+        rpcgen \
+        rpm-build \
+        sanlock-devel \
+        scrub \
+        sed \
+        sheepdog \
+        systemd-devel \
+        systemtap-sdt-devel \
+        wireshark-devel \
+        xen-devel \
+        yajl-devel && \
+    nosync dnf autoremove -y && \
+    nosync dnf clean all -y && \
+    rpm -qa | sort > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/clang && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/gcc
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

ci/containers/fedora-rawhide-cross-mingw32.Dockerfile

@@ -1,75 +1,74 @@
-FROM fedora:rawhide
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM registry.fedoraproject.org/fedora:rawhide
 
 RUN dnf update -y --nogpgcheck fedora-gpg-keys && \
-    dnf update -y && \
-    dnf install -y \
+    dnf install -y nosync && \
+    echo -e '#!/bin/sh\n\
+if test -d /usr/lib64\n\
+then\n\
+    export LD_PRELOAD=/usr/lib64/nosync/nosync.so\n\
+else\n\
+    export LD_PRELOAD=/usr/lib/nosync/nosync.so\n\
+fi\n\
+exec "$@"' > /usr/bin/nosync && \
+    chmod +x /usr/bin/nosync && \
+    nosync dnf distro-sync -y && \
+    nosync dnf install -y \
         augeas \
-        autoconf \
-        automake \
-        bash \
         bash-completion \
         ca-certificates \
         ccache \
-        chrony \
-        clang \
+        codespell \
+        cpp \
         cppi \
+        diffutils \
         dnsmasq \
         dwarves \
         ebtables \
         firewalld-filesystem \
-        gcc \
-        gdb \
-        gettext-devel \
         git \
         glibc-langpack-en \
+        grep \
         iproute \
         iproute-tc \
+        iptables \
         iscsi-initiator-utils \
         kmod \
-        libtool \
-        libwsman-devel \
         libxml2 \
         libxslt \
-        lsof \
         lvm2 \
         make \
         meson \
-        net-tools \
         nfs-utils \
         ninja-build \
         numad \
-        parted \
-        patch \
-        perl \
-        perl-App-cpanminus \
+        perl-base \
         polkit \
         python3 \
         python3-docutils \
         python3-flake8 \
-        python3-pip \
-        python3-setuptools \
-        python3-wheel \
         qemu-img \
-        radvd \
         rpcgen \
         rpm-build \
-        screen \
         scrub \
-        sheepdog \
-        strace \
-        sudo \
-        vim \
-        xz \
-        zfs-fuse && \
-    dnf autoremove -y && \
-    dnf clean all -y && \
-    mkdir -p /usr/libexec/ccache-wrappers && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-w64-mingw32-cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-w64-mingw32-$(basename /usr/bin/gcc)
+        sed \
+        sheepdog && \
+    nosync dnf autoremove -y && \
+    nosync dnf clean all -y
 
-RUN dnf install -y \
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+
+RUN nosync dnf install -y \
         mingw32-curl \
-        mingw32-dbus \
         mingw32-dlfcn \
         mingw32-gcc \
         mingw32-gettext \
@@ -81,16 +80,11 @@ RUN dnf install -y \
         mingw32-pkg-config \
         mingw32-portablexdr \
         mingw32-readline && \
-    dnf clean all -y
-
-ENV LANG "en_US.UTF-8"
-
-ENV MAKE "/usr/bin/make"
-ENV NINJA "/usr/bin/ninja"
-ENV PYTHON "/usr/bin/python3"
-
-ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+    nosync dnf clean all -y && \
+    rpm -qa | sort > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-w64-mingw32-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-w64-mingw32-gcc
 
 ENV ABI "i686-w64-mingw32"
-ENV CONFIGURE_OPTS "--host=i686-w64-mingw32"
 ENV MESON_OPTS "--cross-file=/usr/share/mingw/toolchain-mingw32.meson"

ci/containers/fedora-rawhide-cross-mingw64.Dockerfile

@@ -1,75 +1,74 @@
-FROM fedora:rawhide
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM registry.fedoraproject.org/fedora:rawhide
 
 RUN dnf update -y --nogpgcheck fedora-gpg-keys && \
-    dnf update -y && \
-    dnf install -y \
+    dnf install -y nosync && \
+    echo -e '#!/bin/sh\n\
+if test -d /usr/lib64\n\
+then\n\
+    export LD_PRELOAD=/usr/lib64/nosync/nosync.so\n\
+else\n\
+    export LD_PRELOAD=/usr/lib/nosync/nosync.so\n\
+fi\n\
+exec "$@"' > /usr/bin/nosync && \
+    chmod +x /usr/bin/nosync && \
+    nosync dnf distro-sync -y && \
+    nosync dnf install -y \
         augeas \
-        autoconf \
-        automake \
-        bash \
         bash-completion \
         ca-certificates \
         ccache \
-        chrony \
-        clang \
+        codespell \
+        cpp \
         cppi \
+        diffutils \
         dnsmasq \
         dwarves \
         ebtables \
         firewalld-filesystem \
-        gcc \
-        gdb \
-        gettext-devel \
         git \
         glibc-langpack-en \
+        grep \
         iproute \
         iproute-tc \
+        iptables \
         iscsi-initiator-utils \
         kmod \
-        libtool \
-        libwsman-devel \
         libxml2 \
         libxslt \
-        lsof \
         lvm2 \
         make \
         meson \
-        net-tools \
         nfs-utils \
         ninja-build \
         numad \
-        parted \
-        patch \
-        perl \
-        perl-App-cpanminus \
+        perl-base \
         polkit \
         python3 \
         python3-docutils \
         python3-flake8 \
-        python3-pip \
-        python3-setuptools \
-        python3-wheel \
         qemu-img \
-        radvd \
         rpcgen \
         rpm-build \
-        screen \
         scrub \
-        sheepdog \
-        strace \
-        sudo \
-        vim \
-        xz \
-        zfs-fuse && \
-    dnf autoremove -y && \
-    dnf clean all -y && \
-    mkdir -p /usr/libexec/ccache-wrappers && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/x86_64-w64-mingw32-cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/x86_64-w64-mingw32-$(basename /usr/bin/gcc)
+        sed \
+        sheepdog && \
+    nosync dnf autoremove -y && \
+    nosync dnf clean all -y
 
-RUN dnf install -y \
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+
+RUN nosync dnf install -y \
         mingw64-curl \
-        mingw64-dbus \
         mingw64-dlfcn \
         mingw64-gcc \
         mingw64-gettext \
@@ -81,16 +80,11 @@ RUN dnf install -y \
         mingw64-pkg-config \
         mingw64-portablexdr \
         mingw64-readline && \
-    dnf clean all -y
-
-ENV LANG "en_US.UTF-8"
-
-ENV MAKE "/usr/bin/make"
-ENV NINJA "/usr/bin/ninja"
-ENV PYTHON "/usr/bin/python3"
-
-ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+    nosync dnf clean all -y && \
+    rpm -qa | sort > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/x86_64-w64-mingw32-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/x86_64-w64-mingw32-gcc
 
 ENV ABI "x86_64-w64-mingw32"
-ENV CONFIGURE_OPTS "--host=x86_64-w64-mingw32"
 ENV MESON_OPTS "--cross-file=/usr/share/mingw/toolchain-mingw64.meson"

ci/containers/fedora-rawhide.Dockerfile

@@ -1,40 +1,53 @@
-FROM fedora:rawhide
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM registry.fedoraproject.org/fedora:rawhide
 
 RUN dnf update -y --nogpgcheck fedora-gpg-keys && \
-    dnf update -y && \
-    dnf install -y \
+    dnf install -y nosync && \
+    echo -e '#!/bin/sh\n\
+if test -d /usr/lib64\n\
+then\n\
+    export LD_PRELOAD=/usr/lib64/nosync/nosync.so\n\
+else\n\
+    export LD_PRELOAD=/usr/lib/nosync/nosync.so\n\
+fi\n\
+exec "$@"' > /usr/bin/nosync && \
+    chmod +x /usr/bin/nosync && \
+    nosync dnf distro-sync -y && \
+    nosync dnf install -y \
         audit-libs-devel \
         augeas \
-        autoconf \
-        automake \
-        avahi-devel \
-        bash \
         bash-completion \
         ca-certificates \
         ccache \
-        chrony \
         clang \
+        codespell \
+        cpp \
         cppi \
         cyrus-sasl-devel \
-        dbus-devel \
         device-mapper-devel \
+        diffutils \
         dnsmasq \
         dwarves \
         ebtables \
         firewalld-filesystem \
         fuse-devel \
         gcc \
-        gdb \
         gettext \
-        gettext-devel \
         git \
         glib2-devel \
         glibc-devel \
         glibc-langpack-en \
         glusterfs-api-devel \
         gnutls-devel \
+        grep \
         iproute \
         iproute-tc \
+        iptables \
         iscsi-initiator-utils \
         kmod \
         libacl-devel \
@@ -51,64 +64,47 @@ RUN dnf update -y --nogpgcheck fedora-gpg-keys && \
         libssh-devel \
         libssh2-devel \
         libtirpc-devel \
-        libtool \
-        libudev-devel \
         libwsman-devel \
         libxml2 \
         libxml2-devel \
         libxslt \
-        lsof \
         lvm2 \
         make \
         meson \
-        net-tools \
-        netcf-devel \
         nfs-utils \
         ninja-build \
         numactl-devel \
         numad \
-        parted \
         parted-devel \
-        patch \
-        perl \
-        perl-App-cpanminus \
+        perl-base \
         pkgconfig \
         polkit \
         python3 \
         python3-docutils \
         python3-flake8 \
-        python3-pip \
-        python3-setuptools \
-        python3-wheel \
         qemu-img \
-        radvd \
         readline-devel \
         rpcgen \
         rpm-build \
         sanlock-devel \
-        screen \
         scrub \
+        sed \
         sheepdog \
-        strace \
-        sudo \
+        systemd-devel \
         systemtap-sdt-devel \
-        vim \
         wireshark-devel \
         xen-devel \
-        xfsprogs-devel \
-        xz \
-        yajl-devel \
-        zfs-fuse && \
-    dnf autoremove -y && \
-    dnf clean all -y && \
+        yajl-devel && \
+    nosync dnf autoremove -y && \
+    nosync dnf clean all -y && \
+    rpm -qa | sort > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/$(basename /usr/bin/gcc)
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/clang && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/gcc
 
 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

ci/containers/libvirt-centos-7.Dockerfile

@@ -1,140 +0,0 @@
-FROM centos:7
-
-RUN echo -e '[openvz]\n\
-name=OpenVZ addons\n\
-baseurl=https://download.openvz.org/virtuozzo/releases/openvz-7.0.11-235/x86_64/os/\n\
-enabled=1\n\
-gpgcheck=1\n\
-skip_if_unavailable=0\n\
-metadata_expire=6h\n\
-priority=90\n\
-includepkgs=libprl*' > /etc/yum.repos.d/openvz.repo && \
-    echo -e '-----BEGIN PGP PUBLIC KEY BLOCK-----\n\
-Version: GnuPG v2.0.22 (GNU/Linux)\n\
-\n\
-mI0EVl80nQEEAKrEeyeTCwrzS9kYedZ/sAc/GUqlb81C7pA9SaR3fyck5mVw1Ogk\n\
-YdmNBPM2kY7QDxR9F0EpSpnxSCAXZXugsQ8KzZ0DRLVeBDQyGs9IGK5hI0zzxIil\n\
-BzfvIexLiQQhLy7YlIi8Jt/uUqKkW0pIMNMGcduY97VATtczpncpkmSzABEBAAG0\n\
-SFZpcnR1b3p6byBUZWFtIChHUEcga2V5IHNpZ25hdHVyZSBmb3IgcGFja2FnZXMp\n\
-IDxzZWN1cml0eUB2aXJ0dW96em8uY29tPoi5BBMBAgAjBQJWXzSdAhsDBwsJCAcD\n\
-AgEGFQgCCQoLBBYCAwECHgECF4AACgkQygt9GUTNrSruIgP/er70Eyo73A1gfrjv\n\
-oPUkyo4rslVRZu3qqCwoMFtJc/Z/UxWgEka1buorlcGLa6eO/EZ49c0n+KGa4Kvt\n\
-EUboIq0yEu5i0FyAj92ifm+hNhoAbGfm0cZ4/fD0oGr3l8OsQo4+iHX4xAPwFe7Y\n\
-zABuB8I1ZDZ4OIp5tDfTTuF2LT24jQRWXzSdAQQAog2Aqb+Ptl68O7cQhWLjVGkj\n\
-yyigZrdeReLx3HloKJPBeQ/kA6uvMJc/IYS3uppMWXv9v+QenS6uhP1TUJ2k9FvM\n\
-t94MQZfALN7Vpf8AF+UeWu4Ru+y4BNzcFhrPhIFNFChOR2QqW6FkgE57D9I177NC\n\
-oJMyrlNe8wcGa178An8AEQEAAYifBBgBAgAJBQJWXzSdAhsMAAoJEMoLfRlEza0q\n\
-bKwD/3+OFVIEXnIv5XgdGRNX5fHggsUN1bb8gva7HANRlKdd4LD8foDM3F/yv/3V\n\
-igG14D5EjKz56SaBDNgiI4++hOzb2M8jhAsR86jxkXFrrP1U3ZNRKg6av9DPFAPS\n\
-WEiJKtQrZDJloqtyi/mmRa1VsV7RYR0VPJjhK/R8EQ7Ysshy\n\
-=fRMg\n\
------END PGP PUBLIC KEY BLOCK-----' > /etc/pki/rpm-gpg/RPM-GPG-KEY-OpenVZ && \
-    rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-OpenVZ && \
-    yum install -y epel-release && \
-    yum update -y && \
-    yum install -y \
-        audit-libs-devel \
-        augeas \
-        autoconf \
-        automake \
-        avahi-devel \
-        bash \
-        bash-completion \
-        ca-certificates \
-        ccache \
-        chrony \
-        clang \
-        cyrus-sasl-devel \
-        dbus-devel \
-        device-mapper-devel \
-        dnsmasq \
-        dwarves \
-        ebtables \
-        firewalld-filesystem \
-        fuse-devel \
-        gcc \
-        gdb \
-        gettext \
-        gettext-devel \
-        git \
-        glib2-devel \
-        glibc-common \
-        glibc-devel \
-        glusterfs-api-devel \
-        gnutls-devel \
-        iproute \
-        iscsi-initiator-utils \
-        kmod \
-        libacl-devel \
-        libattr-devel \
-        libblkid-devel \
-        libcap-ng-devel \
-        libcurl-devel \
-        libiscsi-devel \
-        libnl3-devel \
-        libpcap-devel \
-        libpciaccess-devel \
-        libprlsdk-devel \
-        librbd1-devel \
-        libselinux-devel \
-        libssh-devel \
-        libssh2-devel \
-        libtirpc-devel \
-        libtool \
-        libudev-devel \
-        libwsman-devel \
-        libxml2 \
-        libxml2-devel \
-        libxslt \
-        lsof \
-        lvm2 \
-        make \
-        net-tools \
-        netcf-devel \
-        nfs-utils \
-        ninja-build \
-        numactl-devel \
-        numad \
-        parted \
-        parted-devel \
-        patch \
-        perl \
-        perl-App-cpanminus \
-        pkgconfig \
-        polkit \
-        python3 \
-        python3-pip \
-        python3-setuptools \
-        python3-wheel \
-        python36-docutils \
-        qemu-img \
-        radvd \
-        readline-devel \
-        rpm-build \
-        sanlock-devel \
-        screen \
-        scrub \
-        strace \
-        sudo \
-        systemtap-sdt-devel \
-        vim \
-        wireshark-devel \
-        xfsprogs-devel \
-        xz \
-        yajl-devel && \
-    yum autoremove -y && \
-    yum clean all -y && \
-    mkdir -p /usr/libexec/ccache-wrappers && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/$(basename /usr/bin/gcc)
-
-RUN pip3 install \
-         meson==0.54.0
-
-ENV LANG "en_US.UTF-8"
-
-ENV MAKE "/usr/bin/make"
-ENV NINJA "/usr/bin/ninja-build"
-ENV PYTHON "/usr/bin/python3"
-
-ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

ci/containers/libvirt-centos-8.Dockerfile

@@ -1,114 +0,0 @@
-FROM centos:8
-
-RUN dnf install 'dnf-command(config-manager)' -y && \
-    dnf config-manager --set-enabled -y PowerTools && \
-    dnf install -y epel-release && \
-    dnf update -y && \
-    dnf install -y \
-        audit-libs-devel \
-        augeas \
-        autoconf \
-        automake \
-        avahi-devel \
-        bash \
-        bash-completion \
-        ca-certificates \
-        ccache \
-        chrony \
-        clang \
-        cyrus-sasl-devel \
-        dbus-devel \
-        device-mapper-devel \
-        dnsmasq \
-        dwarves \
-        ebtables \
-        firewalld-filesystem \
-        fuse-devel \
-        gcc \
-        gdb \
-        gettext \
-        gettext-devel \
-        git \
-        glib2-devel \
-        glibc-devel \
-        glibc-langpack-en \
-        glusterfs-api-devel \
-        gnutls-devel \
-        iproute \
-        iproute-tc \
-        iscsi-initiator-utils \
-        kmod \
-        libacl-devel \
-        libattr-devel \
-        libblkid-devel \
-        libcap-ng-devel \
-        libcurl-devel \
-        libiscsi-devel \
-        libnl3-devel \
-        libpcap-devel \
-        libpciaccess-devel \
-        librbd-devel \
-        libselinux-devel \
-        libssh-devel \
-        libssh2-devel \
-        libtirpc-devel \
-        libtool \
-        libudev-devel \
-        libwsman-devel \
-        libxml2 \
-        libxml2-devel \
-        libxslt \
-        lsof \
-        lvm2 \
-        make \
-        net-tools \
-        netcf-devel \
-        nfs-utils \
-        ninja-build \
-        numactl-devel \
-        numad \
-        parted \
-        parted-devel \
-        patch \
-        perl \
-        perl-App-cpanminus \
-        pkgconfig \
-        polkit \
-        python3 \
-        python3-docutils \
-        python3-flake8 \
-        python3-pip \
-        python3-setuptools \
-        python3-wheel \
-        qemu-img \
-        radvd \
-        readline-devel \
-        rpcgen \
-        rpm-build \
-        sanlock-devel \
-        screen \
-        scrub \
-        strace \
-        sudo \
-        systemtap-sdt-devel \
-        vim \
-        wireshark-devel \
-        xfsprogs-devel \
-        xz \
-        yajl-devel && \
-    dnf autoremove -y && \
-    dnf clean all -y && \
-    mkdir -p /usr/libexec/ccache-wrappers && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/$(basename /usr/bin/gcc)
-
-RUN pip3 install \
-         meson==0.54.0
-
-ENV LANG "en_US.UTF-8"
-
-ENV MAKE "/usr/bin/make"
-ENV NINJA "/usr/bin/ninja"
-ENV PYTHON "/usr/bin/python3"
-
-ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

ci/containers/opensuse-leap-152.Dockerfile

@@ -1,37 +1,40 @@
-FROM opensuse/leap:15.1
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM registry.opensuse.org/opensuse/leap:15.2
 
 RUN zypper update -y && \
     zypper install -y \
            audit-devel \
            augeas \
            augeas-lenses \
-           autoconf \
-           automake \
-           avahi-devel \
-           bash \
            bash-completion \
            ca-certificates \
            ccache \
-           chrony \
            clang \
+           codespell \
+           cpp \
            cppi \
            cyrus-sasl-devel \
-           dbus-1-devel \
            device-mapper-devel \
+           diffutils \
            dnsmasq \
            dwarves \
            ebtables \
            fuse-devel \
            gcc \
-           gdb \
-           gettext \
-           gettext-devel \
+           gettext-runtime \
            git \
            glib2-devel \
            glibc-devel \
            glibc-locale \
            glusterfs-devel \
+           grep \
            iproute2 \
+           iptables \
            kmod \
            libacl-devel \
            libapparmor-devel \
@@ -50,62 +53,50 @@ RUN zypper update -y && \
            libssh-devel \
            libssh2-devel \
            libtirpc-devel \
-           libtool \
            libudev-devel \
            libwsman-devel \
            libxml2 \
            libxml2-devel \
            libxslt \
            libyajl-devel \
-           lsof \
            lvm2 \
            make \
-           net-tools \
            nfs-utils \
            ninja \
            numad \
            open-iscsi \
-           parted \
            parted-devel \
-           patch \
-           perl \
-           perl-App-cpanminus \
+           perl-base \
            pkgconfig \
            polkit \
-           python3 \
+           python3-base \
            python3-docutils \
            python3-flake8 \
            python3-pip \
            python3-setuptools \
            python3-wheel \
            qemu-tools \
-           radvd \
            readline-devel \
            rpcgen \
            rpm-build \
            sanlock-devel \
-           screen \
            scrub \
-           strace \
-           sudo \
+           sed \
            systemtap-sdt-devel \
-           vim \
            wireshark-devel \
-           xen-devel \
-           xfsprogs-devel \
-           xz && \
+           xen-devel && \
     zypper clean --all && \
+    rpm -qa | sort > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/$(basename /usr/bin/gcc)
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/clang && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/gcc
 
 RUN pip3 install \
-         meson==0.54.0
+         meson==0.56.0
 
 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

ci/containers/opensuse-tumbleweed.Dockerfile

@@ -0,0 +1,97 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM registry.opensuse.org/opensuse/tumbleweed:latest
+
+RUN zypper dist-upgrade -y && \
+    zypper install -y \
+           audit-devel \
+           augeas \
+           augeas-lenses \
+           bash-completion \
+           ca-certificates \
+           ccache \
+           clang \
+           codespell \
+           cpp \
+           cppi \
+           cyrus-sasl-devel \
+           device-mapper-devel \
+           diffutils \
+           dnsmasq \
+           dwarves \
+           ebtables \
+           fuse-devel \
+           gcc \
+           gettext-runtime \
+           git \
+           glib2-devel \
+           glibc-devel \
+           glibc-locale \
+           glusterfs-devel \
+           grep \
+           iproute2 \
+           iptables \
+           kmod \
+           libacl-devel \
+           libapparmor-devel \
+           libattr-devel \
+           libblkid-devel \
+           libcap-ng-devel \
+           libcurl-devel \
+           libgnutls-devel \
+           libiscsi-devel \
+           libnl3-devel \
+           libnuma-devel \
+           libpcap-devel \
+           libpciaccess-devel \
+           librbd-devel \
+           libselinux-devel \
+           libssh-devel \
+           libssh2-devel \
+           libtirpc-devel \
+           libudev-devel \
+           libwsman-devel \
+           libxml2 \
+           libxml2-devel \
+           libxslt \
+           libyajl-devel \
+           lvm2 \
+           make \
+           meson \
+           nfs-utils \
+           ninja \
+           numad \
+           open-iscsi \
+           parted-devel \
+           perl-base \
+           pkgconfig \
+           polkit \
+           python3-base \
+           python3-docutils \
+           python3-flake8 \
+           qemu-tools \
+           readline-devel \
+           rpcgen \
+           rpm-build \
+           sanlock-devel \
+           scrub \
+           sed \
+           systemtap-sdt-devel \
+           wireshark-devel \
+           xen-devel && \
+    zypper clean --all && \
+    rpm -qa | sort > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/clang && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/gcc
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

ci/containers/refresh

@@ -1,42 +0,0 @@
-#!/bin/sh
-
-if test -z "$1"
-then
-    echo "syntax: $0 PATH-TO-LCITOOL"
-    exit 1
-fi
-
-LCITOOL=$1
-
-if ! test -x "$LCITOOL"
-then
-    echo "$LCITOOL is not executable"
-    exit 1
-fi
-
-HOSTS=$($LCITOOL hosts | grep -Ev 'freebsd|macos')
-
-for host in $HOSTS
-do
-    case "$host" in
-    libvirt-fedora-rawhide)
-        for cross in mingw32 mingw64
-        do
-            $LCITOOL dockerfile $host libvirt --cross $cross >$host-cross-$cross.Dockerfile
-        done
-        ;;
-    libvirt-debian-*)
-        for cross in aarch64 armv6l armv7l i686 mips mips64el mipsel ppc64le s390x
-        do
-            if test "$host-cross-$cross" = "libvirt-debian-9-cross-i686" ||
-               test "$host-cross-$cross" = "libvirt-debian-sid-cross-mips"
-            then
-                continue
-            fi
-            $LCITOOL dockerfile $host libvirt --cross $cross >$host-cross-$cross.Dockerfile
-        done
-        ;;
-    esac
-
-    $LCITOOL dockerfile $host libvirt >$host.Dockerfile
-done

ci/containers/ubuntu-1804.Dockerfile

@@ -1,43 +1,46 @@
-FROM ubuntu:18.04
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM docker.io/library/ubuntu:18.04
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
             augeas-lenses \
             augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
             bash-completion \
             ca-certificates \
             ccache \
-            chrony \
             clang \
-            cpanminus \
+            codespell \
+            cpp \
+            diffutils \
             dnsmasq-base \
             dwarves \
             ebtables \
             flake8 \
             gcc \
-            gdb \
             gettext \
             git \
             glusterfs-common \
+            grep \
             iproute2 \
+            iptables \
             kmod \
             libacl1-dev \
             libapparmor-dev \
             libattr1-dev \
             libaudit-dev \
-            libavahi-client-dev \
             libblkid-dev \
             libc-dev-bin \
             libc6-dev \
             libcap-ng-dev \
             libcurl4-gnutls-dev \
-            libdbus-1-dev \
             libdevmapper-dev \
             libfuse-dev \
             libglib2.0-dev \
@@ -59,25 +62,19 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
             libssh-dev \
             libssh2-1-dev \
             libtirpc-dev \
-            libtool \
-            libtool-bin \
             libudev-dev \
             libxen-dev \
             libxml2-dev \
             libxml2-utils \
             libyajl-dev \
             locales \
-            lsof \
             lvm2 \
             make \
-            net-tools \
             nfs-common \
             ninja-build \
             numad \
             open-iscsi \
-            parted \
-            patch \
-            perl \
+            perl-base \
             pkgconf \
             policykit-1 \
             python3 \
@@ -86,34 +83,27 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
             python3-setuptools \
             python3-wheel \
             qemu-utils \
-            radvd \
-            screen \
             scrub \
+            sed \
             sheepdog \
-            strace \
-            sudo \
             systemtap-sdt-dev \
-            vim \
             wireshark-dev \
-            xfslibs-dev \
-            xsltproc \
-            xz-utils \
-            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            xsltproc && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
     dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/$(basename /usr/bin/gcc)
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/clang && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/gcc
 
 RUN pip3 install \
-         meson==0.54.0
+         meson==0.56.0
 
 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

ci/containers/ubuntu-2004.Dockerfile

@@ -1,42 +1,45 @@
-FROM ubuntu:20.04
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM docker.io/library/ubuntu:20.04
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
             augeas-lenses \
             augeas-tools \
-            autoconf \
-            automake \
-            autopoint \
-            bash \
             bash-completion \
             ca-certificates \
             ccache \
-            chrony \
             clang \
-            cpanminus \
+            codespell \
+            cpp \
+            diffutils \
             dnsmasq-base \
             dwarves \
             ebtables \
             flake8 \
             gcc \
-            gdb \
             gettext \
             git \
+            grep \
             iproute2 \
+            iptables \
             kmod \
             libacl1-dev \
             libapparmor-dev \
             libattr1-dev \
             libaudit-dev \
-            libavahi-client-dev \
             libblkid-dev \
             libc-dev-bin \
             libc6-dev \
             libcap-ng-dev \
             libcurl4-gnutls-dev \
-            libdbus-1-dev \
             libdevmapper-dev \
             libfuse-dev \
             libglib2.0-dev \
@@ -59,25 +62,19 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
             libssh-dev \
             libssh2-1-dev \
             libtirpc-dev \
-            libtool \
-            libtool-bin \
             libudev-dev \
             libxen-dev \
             libxml2-dev \
             libxml2-utils \
             libyajl-dev \
             locales \
-            lsof \
             lvm2 \
             make \
-            net-tools \
             nfs-common \
             ninja-build \
             numad \
             open-iscsi \
-            parted \
-            patch \
-            perl \
+            perl-base \
             pkgconf \
             policykit-1 \
             python3 \
@@ -86,33 +83,26 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
             python3-setuptools \
             python3-wheel \
             qemu-utils \
-            radvd \
-            screen \
             scrub \
-            strace \
-            sudo \
+            sed \
             systemtap-sdt-dev \
-            vim \
             wireshark-dev \
-            xfslibs-dev \
-            xsltproc \
-            xz-utils \
-            zfs-fuse && \
-    apt-get autoremove -y && \
-    apt-get autoclean -y && \
+            xsltproc && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
     sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
     dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
     mkdir -p /usr/libexec/ccache-wrappers && \
     ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
-    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/$(basename /usr/bin/gcc)
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/clang && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/gcc
 
 RUN pip3 install \
-         meson==0.54.0
+         meson==0.56.0
 
 ENV LANG "en_US.UTF-8"
-
 ENV MAKE "/usr/bin/make"
 ENV NINJA "/usr/bin/ninja"
 ENV PYTHON "/usr/bin/python3"
-
 ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

ci/gitlab.yml

@@ -0,0 +1,689 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool manifest ci/manifest.yml
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+
+.container_job:
+  image: docker:stable
+  stage: containers
+  needs: []
+  services:
+    - name: registry.gitlab.com/libvirt/libvirt-ci/docker-dind:master
+      alias: docker
+  before_script:
+    - export TAG="$CI_REGISTRY_IMAGE/ci-$NAME:latest"
+    - export COMMON_TAG="$CI_REGISTRY/libvirt/libvirt/ci-$NAME:latest"
+    - docker info
+    - docker login registry.gitlab.com -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD"
+  script:
+    - docker pull "$TAG" || docker pull "$COMMON_TAG" || true
+    - docker build --cache-from "$TAG" --cache-from "$COMMON_TAG" --tag "$TAG" -f "ci/containers/$NAME.Dockerfile" ci/containers
+    - docker push "$TAG"
+  after_script:
+    - docker logout
+
+
+.gitlab_native_build_job:
+  image: $CI_REGISTRY_IMAGE/ci-$NAME:latest
+  stage: builds
+
+
+.gitlab_cross_build_job:
+  image: $CI_REGISTRY_IMAGE/ci-$NAME-cross-$CROSS:latest
+  stage: builds
+
+
+.cirrus_build_job:
+  stage: builds
+  image: registry.gitlab.com/libvirt/libvirt-ci/cirrus-run:master
+  needs: []
+  script:
+    - source ci/cirrus/$NAME.vars
+    - sed -e "s|[@]CI_REPOSITORY_URL@|$CI_REPOSITORY_URL|g"
+          -e "s|[@]CI_COMMIT_REF_NAME@|$CI_COMMIT_REF_NAME|g"
+          -e "s|[@]CI_COMMIT_SHA@|$CI_COMMIT_SHA|g"
+          -e "s|[@]CIRRUS_VM_INSTANCE_TYPE@|$CIRRUS_VM_INSTANCE_TYPE|g"
+          -e "s|[@]CIRRUS_VM_IMAGE_SELECTOR@|$CIRRUS_VM_IMAGE_SELECTOR|g"
+          -e "s|[@]CIRRUS_VM_IMAGE_NAME@|$CIRRUS_VM_IMAGE_NAME|g"
+          -e "s|[@]UPDATE_COMMAND@|$UPDATE_COMMAND|g"
+          -e "s|[@]UPGRADE_COMMAND@|$UPGRADE_COMMAND|g"
+          -e "s|[@]INSTALL_COMMAND@|$INSTALL_COMMAND|g"
+          -e "s|[@]PATH@|$PATH_EXTRA${PATH_EXTRA:+:}\$PATH|g"
+          -e "s|[@]PKG_CONFIG_PATH@|$PKG_CONFIG_PATH|g"
+          -e "s|[@]PKGS@|$PKGS|g"
+          -e "s|[@]MAKE@|$MAKE|g"
+          -e "s|[@]PYTHON@|$PYTHON|g"
+          -e "s|[@]PIP3@|$PIP3|g"
+          -e "s|[@]PYPI_PKGS@|$PYPI_PKGS|g"
+          -e "s|[@]XML_CATALOG_FILES@|$XML_CATALOG_FILES|g"
+      <ci/cirrus/build.yml >ci/cirrus/$NAME.yml
+    - cat ci/cirrus/$NAME.yml
+    - cirrus-run -v --show-build-log always ci/cirrus/$NAME.yml
+  rules:
+    - if: "$CIRRUS_GITHUB_REPO && $CIRRUS_API_TOKEN"
+
+
+check-dco:
+  stage: sanity_checks
+  needs: []
+  image: registry.gitlab.com/libvirt/libvirt-ci/check-dco:master
+  script:
+    - /check-dco libvirt
+  except:
+    variables:
+      - $CI_PROJECT_NAMESPACE == 'libvirt'
+  variables:
+    GIT_DEPTH: 1000
+
+
+# Native container jobs
+
+x86_64-centos-8-container:
+  extends: .container_job
+  allow_failure: false
+  variables:
+    NAME: centos-8
+
+
+x86_64-centos-stream-8-container:
+  extends: .container_job
+  allow_failure: false
+  variables:
+    NAME: centos-stream-8
+
+
+x86_64-debian-10-container:
+  extends: .container_job
+  allow_failure: false
+  variables:
+    NAME: debian-10
+
+
+x86_64-debian-11-container:
+  extends: .container_job
+  allow_failure: false
+  variables:
+    NAME: debian-11
+
+
+x86_64-debian-sid-container:
+  extends: .container_job
+  allow_failure: true
+  variables:
+    NAME: debian-sid
+
+
+x86_64-fedora-34-container:
+  extends: .container_job
+  allow_failure: false
+  variables:
+    NAME: fedora-34
+
+
+x86_64-fedora-35-container:
+  extends: .container_job
+  allow_failure: false
+  variables:
+    NAME: fedora-35
+
+
+x86_64-fedora-rawhide-container:
+  extends: .container_job
+  allow_failure: true
+  variables:
+    NAME: fedora-rawhide
+
+
+x86_64-opensuse-leap-152-container:
+  extends: .container_job
+  allow_failure: false
+  variables:
+    NAME: opensuse-leap-152
+
+
+x86_64-opensuse-tumbleweed-container:
+  extends: .container_job
+  allow_failure: true
+  variables:
+    NAME: opensuse-tumbleweed
+
+
+x86_64-ubuntu-1804-container:
+  extends: .container_job
+  allow_failure: false
+  variables:
+    NAME: ubuntu-1804
+
+
+x86_64-ubuntu-2004-container:
+  extends: .container_job
+  allow_failure: false
+  variables:
+    NAME: ubuntu-2004
+
+
+
+# Cross container jobs
+
+aarch64-debian-10-container:
+  extends: .container_job
+  allow_failure: true
+  variables:
+    NAME: debian-10-cross-aarch64
+
+
+armv6l-debian-10-container:
+  extends: .container_job
+  allow_failure: false
+  variables:
+    NAME: debian-10-cross-armv6l
+
+
+armv7l-debian-10-container:
+  extends: .container_job
+  allow_failure: true
+  variables:
+    NAME: debian-10-cross-armv7l
+
+
+i686-debian-10-container:
+  extends: .container_job
+  allow_failure: true
+  variables:
+    NAME: debian-10-cross-i686
+
+
+mips-debian-10-container:
+  extends: .container_job
+  allow_failure: false
+  variables:
+    NAME: debian-10-cross-mips
+
+
+mips64el-debian-10-container:
+  extends: .container_job
+  allow_failure: true
+  variables:
+    NAME: debian-10-cross-mips64el
+
+
+mipsel-debian-10-container:
+  extends: .container_job
+  allow_failure: false
+  variables:
+    NAME: debian-10-cross-mipsel
+
+
+ppc64le-debian-10-container:
+  extends: .container_job
+  allow_failure: true
+  variables:
+    NAME: debian-10-cross-ppc64le
+
+
+s390x-debian-10-container:
+  extends: .container_job
+  allow_failure: true
+  variables:
+    NAME: debian-10-cross-s390x
+
+
+aarch64-debian-11-container:
+  extends: .container_job
+  allow_failure: true
+  variables:
+    NAME: debian-11-cross-aarch64
+
+
+armv6l-debian-11-container:
+  extends: .container_job
+  allow_failure: true
+  variables:
+    NAME: debian-11-cross-armv6l
+
+
+armv7l-debian-11-container:
+  extends: .container_job
+  allow_failure: false
+  variables:
+    NAME: debian-11-cross-armv7l
+
+
+i686-debian-11-container:
+  extends: .container_job
+  allow_failure: true
+  variables:
+    NAME: debian-11-cross-i686
+
+
+mips64el-debian-11-container:
+  extends: .container_job
+  allow_failure: false
+  variables:
+    NAME: debian-11-cross-mips64el
+
+
+mipsel-debian-11-container:
+  extends: .container_job
+  allow_failure: true
+  variables:
+    NAME: debian-11-cross-mipsel
+
+
+ppc64le-debian-11-container:
+  extends: .container_job
+  allow_failure: false
+  variables:
+    NAME: debian-11-cross-ppc64le
+
+
+s390x-debian-11-container:
+  extends: .container_job
+  allow_failure: true
+  variables:
+    NAME: debian-11-cross-s390x
+
+
+aarch64-debian-sid-container:
+  extends: .container_job
+  allow_failure: true
+  variables:
+    NAME: debian-sid-cross-aarch64
+
+
+armv6l-debian-sid-container:
+  extends: .container_job
+  allow_failure: true
+  variables:
+    NAME: debian-sid-cross-armv6l
+
+
+armv7l-debian-sid-container:
+  extends: .container_job
+  allow_failure: true
+  variables:
+    NAME: debian-sid-cross-armv7l
+
+
+i686-debian-sid-container:
+  extends: .container_job
+  allow_failure: true
+  variables:
+    NAME: debian-sid-cross-i686
+
+
+mips64el-debian-sid-container:
+  extends: .container_job
+  allow_failure: true
+  variables:
+    NAME: debian-sid-cross-mips64el
+
+
+mipsel-debian-sid-container:
+  extends: .container_job
+  allow_failure: true
+  variables:
+    NAME: debian-sid-cross-mipsel
+
+
+ppc64le-debian-sid-container:
+  extends: .container_job
+  allow_failure: true
+  variables:
+    NAME: debian-sid-cross-ppc64le
+
+
+s390x-debian-sid-container:
+  extends: .container_job
+  allow_failure: true
+  variables:
+    NAME: debian-sid-cross-s390x
+
+
+mingw32-fedora-35-container:
+  extends: .container_job
+  allow_failure: true
+  variables:
+    NAME: fedora-35-cross-mingw32
+
+
+mingw64-fedora-35-container:
+  extends: .container_job
+  allow_failure: false
+  variables:
+    NAME: fedora-35-cross-mingw64
+
+
+mingw32-fedora-rawhide-container:
+  extends: .container_job
+  allow_failure: true
+  variables:
+    NAME: fedora-rawhide-cross-mingw32
+
+
+mingw64-fedora-rawhide-container:
+  extends: .container_job
+  allow_failure: true
+  variables:
+    NAME: fedora-rawhide-cross-mingw64
+
+
+# Native build jobs
+
+x86_64-centos-8:
+  extends: .native_build_job
+  needs:
+    - x86_64-centos-8-container
+  allow_failure: false
+  variables:
+    NAME: centos-8
+    RPM: skip
+
+
+x86_64-centos-8-clang:
+  extends: .native_build_job
+  needs:
+    - x86_64-centos-8-container
+  allow_failure: false
+  variables:
+    NAME: centos-8
+    RPM: skip
+    CC: clang
+
+
+x86_64-centos-stream-8:
+  extends: .native_build_job
+  needs:
+    - x86_64-centos-stream-8-container
+  allow_failure: false
+  variables:
+    NAME: centos-stream-8
+    RPM: skip
+
+
+x86_64-debian-10:
+  extends: .native_build_job
+  needs:
+    - x86_64-debian-10-container
+  allow_failure: false
+  variables:
+    NAME: debian-10
+
+
+x86_64-debian-11:
+  extends: .native_build_job
+  needs:
+    - x86_64-debian-11-container
+  allow_failure: false
+  variables:
+    NAME: debian-11
+
+
+x86_64-debian-11-clang:
+  extends: .native_build_job
+  needs:
+    - x86_64-debian-11-container
+  allow_failure: false
+  variables:
+    NAME: debian-11
+
+
+x86_64-debian-sid:
+  extends: .native_build_job
+  needs:
+    - x86_64-debian-sid-container
+  allow_failure: true
+  variables:
+    NAME: debian-sid
+
+
+x86_64-fedora-34:
+  extends: .native_build_job
+  needs:
+    - x86_64-fedora-34-container
+  allow_failure: false
+  variables:
+    NAME: fedora-34
+
+
+x86_64-fedora-35:
+  extends: .native_build_job
+  needs:
+    - x86_64-fedora-35-container
+  allow_failure: false
+  variables:
+    NAME: fedora-35
+
+
+x86_64-fedora-rawhide:
+  extends: .native_build_job
+  needs:
+    - x86_64-fedora-rawhide-container
+  allow_failure: true
+  variables:
+    NAME: fedora-rawhide
+
+
+x86_64-fedora-rawhide-clang:
+  extends: .native_build_job
+  needs:
+    - x86_64-fedora-rawhide-container
+  allow_failure: true
+  variables:
+    NAME: fedora-rawhide
+    CC: clang
+    RPM: skip
+
+
+x86_64-opensuse-leap-152:
+  extends: .native_build_job
+  needs:
+    - x86_64-opensuse-leap-152-container
+  allow_failure: false
+  variables:
+    NAME: opensuse-leap-152
+    RPM: skip
+
+
+x86_64-opensuse-tumbleweed:
+  extends: .native_build_job
+  needs:
+    - x86_64-opensuse-tumbleweed-container
+  allow_failure: true
+  variables:
+    NAME: opensuse-tumbleweed
+    RPM: skip
+
+
+x86_64-ubuntu-1804:
+  extends: .native_build_job
+  needs:
+    - x86_64-ubuntu-1804-container
+  allow_failure: false
+  variables:
+    NAME: ubuntu-1804
+
+
+x86_64-ubuntu-2004:
+  extends: .native_build_job
+  needs:
+    - x86_64-ubuntu-2004-container
+  allow_failure: false
+  variables:
+    NAME: ubuntu-2004
+    ASAN_OPTIONS: verify_asan_link_order=0
+    MESON_ARGS: -Db_lundef=false -Db_sanitize=address,undefined
+    UBSAN_OPTIONS: print_stacktrace=1:halt_on_error=1
+
+
+x86_64-ubuntu-2004-clang:
+  extends: .native_build_job
+  needs:
+    - x86_64-ubuntu-2004-container
+  allow_failure: false
+  variables:
+    NAME: ubuntu-2004
+    CC: clang
+    MESON_ARGS: -Db_lundef=false -Db_sanitize=address,undefined
+    UBSAN_OPTIONS: print_stacktrace=1:halt_on_error=1
+
+
+
+# Cross build jobs
+
+armv6l-debian-10:
+  extends: .cross_build_job
+  needs:
+    - armv6l-debian-10-container
+  allow_failure: false
+  variables:
+    NAME: debian-10
+    CROSS: armv6l
+
+
+mips-debian-10:
+  extends: .cross_build_job
+  needs:
+    - mips-debian-10-container
+  allow_failure: false
+  variables:
+    NAME: debian-10
+    CROSS: mips
+
+
+mipsel-debian-10:
+  extends: .cross_build_job
+  needs:
+    - mipsel-debian-10-container
+  allow_failure: false
+  variables:
+    NAME: debian-10
+    CROSS: mipsel
+
+
+armv7l-debian-11:
+  extends: .cross_build_job
+  needs:
+    - armv7l-debian-11-container
+  allow_failure: false
+  variables:
+    NAME: debian-11
+    CROSS: armv7l
+
+
+mips64el-debian-11:
+  extends: .cross_build_job
+  needs:
+    - mips64el-debian-11-container
+  allow_failure: false
+  variables:
+    NAME: debian-11
+    CROSS: mips64el
+
+
+ppc64le-debian-11:
+  extends: .cross_build_job
+  needs:
+    - ppc64le-debian-11-container
+  allow_failure: false
+  variables:
+    NAME: debian-11
+    CROSS: ppc64le
+
+
+aarch64-debian-sid:
+  extends: .cross_build_job
+  needs:
+    - aarch64-debian-sid-container
+  allow_failure: true
+  variables:
+    NAME: debian-sid
+    CROSS: aarch64
+
+
+i686-debian-sid:
+  extends: .cross_build_job
+  needs:
+    - i686-debian-sid-container
+  allow_failure: true
+  variables:
+    NAME: debian-sid
+    CROSS: i686
+
+
+s390x-debian-sid:
+  extends: .cross_build_job
+  needs:
+    - s390x-debian-sid-container
+  allow_failure: true
+  variables:
+    NAME: debian-sid
+    CROSS: s390x
+
+
+mingw64-fedora-35:
+  extends: .cross_build_job
+  needs:
+    - mingw64-fedora-35-container
+  allow_failure: false
+  variables:
+    NAME: fedora-35
+    CROSS: mingw64
+
+
+mingw32-fedora-rawhide:
+  extends: .cross_build_job
+  needs:
+    - mingw32-fedora-rawhide-container
+  allow_failure: true
+  variables:
+    NAME: fedora-rawhide
+    CROSS: mingw32
+
+
+# Native cirrus build jobs
+
+x86_64-freebsd-12:
+  extends: .cirrus_build_job
+  needs: []
+  allow_failure: false
+  variables:
+    NAME: freebsd-12
+    CIRRUS_VM_INSTANCE_TYPE: freebsd_instance
+    CIRRUS_VM_IMAGE_SELECTOR: image_family
+    CIRRUS_VM_IMAGE_NAME: freebsd-12-2
+    UPDATE_COMMAND: pkg update
+    UPGRADE_COMMAND: pkg upgrade -y
+    INSTALL_COMMAND: pkg install -y
+
+
+x86_64-freebsd-13:
+  extends: .cirrus_build_job
+  needs: []
+  allow_failure: false
+  variables:
+    NAME: freebsd-13
+    CIRRUS_VM_INSTANCE_TYPE: freebsd_instance
+    CIRRUS_VM_IMAGE_SELECTOR: image_family
+    CIRRUS_VM_IMAGE_NAME: freebsd-13-0
+    UPDATE_COMMAND: pkg update
+    UPGRADE_COMMAND: pkg upgrade -y
+    INSTALL_COMMAND: pkg install -y
+
+
+x86_64-macos-11:
+  extends: .cirrus_build_job
+  needs: []
+  allow_failure: false
+  variables:
+    NAME: macos-11
+    CIRRUS_VM_INSTANCE_TYPE: osx_instance
+    CIRRUS_VM_IMAGE_SELECTOR: image
+    CIRRUS_VM_IMAGE_NAME: big-sur-base
+    UPDATE_COMMAND: brew update
+    UPGRADE_COMMAND: brew upgrade
+    INSTALL_COMMAND: brew install
+    PATH_EXTRA: /usr/local/opt/ccache/libexec:/usr/local/opt/gettext/bin:/usr/local/opt/libpcap/bin:/usr/local/opt/libxslt/bin:/usr/local/opt/rpcgen/bin
+    PKG_CONFIG_PATH: /usr/local/opt/curl/lib/pkgconfig:/usr/local/opt/libpcap/lib/pkgconfig:/usr/local/opt/libxml2/lib/pkgconfig:/usr/local/opt/ncurses/lib/pkgconfig:/usr/local/opt/readline/lib/pkgconfig

ci/helper

@@ -0,0 +1,240 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2021 Red Hat, Inc.
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+import argparse
+import os
+import pathlib
+import pty
+import subprocess
+import sys
+import textwrap
+
+import util
+
+
+class Parser:
+    def __init__(self):
+        # Options that are common to all actions that use containers
+        containerparser = argparse.ArgumentParser(add_help=False)
+        containerparser.add_argument(
+            "target",
+            help="perform action on target OS",
+        )
+        containerparser.add_argument(
+            "--engine",
+            choices=["auto", "podman", "docker"],
+            default="auto",
+            help="container engine to use",
+        )
+        containerparser.add_argument(
+            "--login",
+            default=os.getlogin(),  # exempt from syntax-check
+            help="login to use inside the container",
+        )
+        containerparser.add_argument(
+            "--image-prefix",
+            default="registry.gitlab.com/libvirt/libvirt/ci-",
+            help="use container images from non-default location",
+        )
+        containerparser.add_argument(
+            "--image-tag",
+            default=":latest",
+            help="use container images with non-default tags",
+        )
+
+        # Options that are common to all actions that call the
+        # project's build system
+        mesonparser = argparse.ArgumentParser(add_help=False)
+        mesonparser.add_argument(
+            "--meson-args",
+            default="",
+            help="additional arguments passed to meson "
+                 "(eg --meson-args='-Dopt1=enabled -Dopt2=disabled')",
+        )
+        mesonparser.add_argument(
+            "--ninja-args",
+            default="",
+            help="additional arguments passed to ninja",
+        )
+
+        # Options that are common to actions communicating with a GitLab
+        # instance
+        gitlabparser = argparse.ArgumentParser(add_help=False)
+        gitlabparser.add_argument(
+            "--namespace",
+            default="libvirt/libvirt",
+            help="GitLab project namespace"
+        )
+        gitlabparser.add_argument(
+            "--gitlab-uri",
+            default="https://gitlab.com",
+            help="base GitLab URI"
+        )
+
+        # Main parser
+        self._parser = argparse.ArgumentParser()
+        subparsers = self._parser.add_subparsers(
+            dest="action",
+            metavar="ACTION",
+        )
+        subparsers.required = True
+
+        # build action
+        buildparser = subparsers.add_parser(
+            "build",
+            help="run a build in a container",
+            parents=[containerparser, mesonparser],
+            formatter_class=argparse.ArgumentDefaultsHelpFormatter,
+        )
+        buildparser.set_defaults(func=Application._action_build)
+
+        # test action
+        testparser = subparsers.add_parser(
+            "test",
+            help="run a build in a container (including tests)",
+            parents=[containerparser, mesonparser],
+            formatter_class=argparse.ArgumentDefaultsHelpFormatter,
+        )
+        testparser.set_defaults(func=Application._action_test)
+
+        # shell action
+        shellparser = subparsers.add_parser(
+            "shell",
+            help="start a shell in a container",
+            parents=[containerparser],
+            formatter_class=argparse.ArgumentDefaultsHelpFormatter,
+        )
+        shellparser.set_defaults(func=Application._action_shell)
+
+        # list-images action
+        listimagesparser = subparsers.add_parser(
+            "list-images",
+            help="list known container images",
+            parents=[gitlabparser],
+            formatter_class=argparse.ArgumentDefaultsHelpFormatter,
+        )
+        listimagesparser.set_defaults(func=Application._action_list_images)
+
+        # check_stale action
+        check_staleparser = subparsers.add_parser(
+            "check-stale",
+            help="check for existence of stale images on the GitLab instance",
+            parents=[gitlabparser],
+            formatter_class=argparse.ArgumentDefaultsHelpFormatter,
+        )
+        check_staleparser.set_defaults(func=Application._action_check_stale)
+
+    def parse(self):
+        return self._parser.parse_args()
+
+
+class Application:
+    def __init__(self):
+        self._basedir = pathlib.Path(__file__).resolve().parent
+        self._args = Parser().parse()
+
+    def _make_run(self, target):
+        args = [
+            "-C",
+            self._basedir,
+            target,
+        ]
+
+        if self._args.action in ["build", "test", "shell"]:
+            args.extend([
+                f"CI_ENGINE={self._args.engine}",
+                f"CI_USER_LOGIN={self._args.login}",
+                f"CI_IMAGE_PREFIX={self._args.image_prefix}",
+                f"CI_IMAGE_TAG={self._args.image_tag}",
+            ])
+
+        if self._args.action in ["build", "test"]:
+            args.extend([
+                f"CI_MESON_ARGS={self._args.meson_args}",
+                f"CI_NINJA_ARGS={self._args.ninja_args}",
+            ])
+
+        if pty.spawn(["make"] + args) != 0:
+            sys.exit("error: 'make' failed")
+
+    def _lcitool_run(self, args):
+        output = subprocess.check_output([self._args.lcitool] + args)
+        return output.decode("utf-8")
+
+    def _lcitool_get_targets(self):
+        output = self._lcitool_run(["targets"])
+        return output.splitlines()
+
+    def _check_stale_images(self):
+        namespace = self._args.namespace
+        gitlab_uri = self._args.gitlab_uri
+        registry_uri = util.get_registry_uri(namespace, gitlab_uri)
+
+        stale_images = util.get_registry_stale_images(registry_uri, self._basedir)
+        if stale_images:
+            spacing = "\n" + 4 * " "
+            stale_fmt = [f"{k} (ID: {v})" for k, v in stale_images.items()]
+            stale_details = spacing.join(stale_fmt)
+            stale_ids = ' '.join([str(id) for id in stale_images.values()])
+            registry_uri = util.get_registry_uri(namespace, gitlab_uri)
+
+            msg = textwrap.dedent(f"""
+                The following images are stale and can be purged from the registry:
+
+                    STALE_DETAILS
+
+                You can delete the images listed above using this shell snippet:
+
+                    $ for image_id in {stale_ids}; do
+                          curl --request DELETE --header "PRIVATE-TOKEN: <access_token>" \\
+                               {registry_uri}/$image_id;
+                      done
+
+                You can generate a personal access token here:
+
+                    {gitlab_uri}/-/profile/personal_access_tokens
+            """)
+            print(msg.replace("STALE_DETAILS", stale_details))
+
+    def _action_build(self):
+        self._make_run(f"ci-build@{self._args.target}")
+
+    def _action_test(self):
+        self._make_run(f"ci-test@{self._args.target}")
+
+    def _action_shell(self):
+        self._make_run(f"ci-shell@{self._args.target}")
+
+    def _action_list_images(self):
+        registry_uri = util.get_registry_uri(self._args.namespace,
+                                             self._args.gitlab_uri)
+        images = util.get_registry_images(registry_uri)
+
+        # skip the "ci-" prefix each of our container images' name has
+        name_prefix = "ci-"
+        names = [i["name"][len(name_prefix):] for i in images]
+        names.sort()
+
+        native = [name for name in names if "-cross-" not in name]
+        cross = [name for name in names if "-cross-" in name]
+
+        spacing = 4 * " "
+        print("Available x86 container images:\n")
+        print(spacing + ("\n" + spacing).join(native))
+
+        if cross:
+            print()
+            print("Available cross-compiler container images:\n")
+            print(spacing + ("\n" + spacing).join(cross))
+
+    def _action_check_stale(self):
+        self._check_stale_images()
+
+    def run(self):
+        self._args.func(self)
+
+
+if __name__ == "__main__":
+    Application().run()

ci/list-images.sh

@@ -1,14 +0,0 @@
-#!/bin/sh
-
-prefix="${1##registry.gitlab.com/}"
-
-PROJECT_ID=192693
-
-all_repos() {
-  curl -s "https://gitlab.com/api/v4/projects/$PROJECT_ID/registry/repositories?per_page=100" \
-    | tr , '\n' | grep '"path":' | sed 's,"path":",,g;s,"$,,g'
-}
-
-all_repos | grep "^$prefix" | sed "s,^$prefix,,g" | while read repo; do
-    echo "    $repo"
-done | sort -u

ci/manifest.yml

@@ -0,0 +1,204 @@
+projects:
+  - libvirt
+
+gitlab:
+  namespace: libvirt
+  project: libvirt
+
+targets:
+  centos-8:
+    jobs:
+      - arch: x86_64
+        variables:
+          RPM: skip
+
+      - arch: x86_64
+        suffix: -clang
+        variables:
+          RPM: skip
+          CC: clang
+
+  centos-stream-8:
+    jobs:
+      - arch: x86_64
+        variables:
+          RPM: skip
+
+  debian-10:
+    jobs:
+      - arch: x86_64
+
+      - arch: aarch64
+        allow-failure: true
+        builds: false
+
+      - arch: armv6l
+
+      - arch: armv7l
+        allow-failure: true
+        builds: false
+
+      - arch: i686
+        allow-failure: true
+        builds: false
+
+      - arch: mips
+
+      - arch: mips64el
+        allow-failure: true
+        builds: false
+
+      - arch: mipsel
+
+      - arch: ppc64le
+        allow-failure: true
+        builds: false
+
+      - arch: s390x
+        allow-failure: true
+        builds: false
+
+  debian-11:
+    jobs:
+      - arch: x86_64
+
+      - arch: x86_64
+        suffix: -clang
+
+      - arch: aarch64
+        allow-failure: true
+        builds: false
+
+      - arch: armv6l
+        allow-failure: true
+        builds: false
+
+      - arch: armv7l
+
+      - arch: i686
+        allow-failure: true
+        builds: false
+
+      - arch: mips64el
+
+      - arch: mipsel
+        allow-failure: true
+        builds: false
+
+      - arch: ppc64le
+
+      - arch: s390x
+        allow-failure: true
+        builds: false
+
+  debian-sid:
+    jobs:
+      - arch: x86_64
+        allow-failure: true
+
+      - arch: aarch64
+        allow-failure: true
+
+      - arch: armv6l
+        allow-failure: true
+        builds: false
+
+      - arch: armv7l
+        allow-failure: true
+        builds: false
+
+      - arch: i686
+        allow-failure: true
+
+      - arch: mips64el
+        allow-failure: true
+        builds: false
+
+      - arch: mipsel
+        allow-failure: true
+        builds: false
+
+      - arch: ppc64le
+        allow-failure: true
+        builds: false
+
+      - arch: s390x
+        allow-failure: true
+
+  fedora-34: x86_64
+
+  fedora-35:
+    jobs:
+      - arch: x86_64
+
+      - arch: mingw32
+        allow-failure: true
+        builds: false
+
+      - arch: mingw64
+
+  fedora-rawhide:
+    jobs:
+      - arch: x86_64
+        allow-failure: true
+
+      - arch: x86_64
+        suffix: -clang
+        allow-failure: true
+        variables:
+          CC: clang
+          RPM: skip
+
+      - arch: mingw32
+        allow-failure: true
+
+      - arch: mingw64
+        allow-failure: true
+        builds: false
+
+  freebsd-12: x86_64
+
+  freebsd-13: x86_64
+
+  freebsd-current:
+    jobs:
+      - arch: x86_64
+        allow-failure: true
+        builds: False
+
+  opensuse-leap-152:
+    jobs:
+      - arch: x86_64
+        variables:
+          RPM: skip
+
+  opensuse-tumbleweed:
+    jobs:
+      - arch: x86_64
+        allow-failure: true
+        variables:
+          RPM: skip
+
+  macos-11:
+    jobs:
+      - arch: x86_64
+        variables:
+          PATH_EXTRA: /usr/local/opt/ccache/libexec:/usr/local/opt/gettext/bin:/usr/local/opt/libpcap/bin:/usr/local/opt/libxslt/bin:/usr/local/opt/rpcgen/bin
+          PKG_CONFIG_PATH: /usr/local/opt/curl/lib/pkgconfig:/usr/local/opt/libpcap/lib/pkgconfig:/usr/local/opt/libxml2/lib/pkgconfig:/usr/local/opt/ncurses/lib/pkgconfig:/usr/local/opt/readline/lib/pkgconfig
+
+  ubuntu-1804: x86_64
+
+  ubuntu-2004:
+    jobs:
+      - arch: x86_64
+        variables:
+          ASAN_OPTIONS: verify_asan_link_order=0
+          MESON_ARGS: -Db_lundef=false -Db_sanitize=address,undefined
+          UBSAN_OPTIONS: print_stacktrace=1:halt_on_error=1
+
+      - arch: x86_64
+        suffix: -clang
+        variables:
+          CC: clang
+          MESON_ARGS: -Db_lundef=false -Db_sanitize=address,undefined
+          UBSAN_OPTIONS: print_stacktrace=1:halt_on_error=1

ci/prepare.sh

@@ -1,13 +0,0 @@
-# This script is used to prepare the environment that will be used
-# to build libvirt inside the container.
-#
-# You can customize it to your liking, or alternatively use a
-# completely different script by passing
-#
-#  CI_PREPARE_SCRIPT=/path/to/your/prepare/script
-#
-# to make.
-#
-# Note that this script will have root privileges inside the
-# container, so it can be used for things like installing additional
-# packages.

ci/util.py

@@ -0,0 +1,78 @@
+import json
+import pathlib
+import urllib.request
+import urllib.parse
+
+from typing import Dict, List
+
+
+def get_registry_uri(namespace: str,
+                     gitlab_uri: str = "https://gitlab.com") -> str:
+    """
+    Construct a v4 API URI pointing the namespaced project's image registry.
+
+    :param namespace: GitLab project namespace, e.g. "libvirt/libvirt"
+    :param gitlab_uri: GitLab base URI, can be a private deployment
+    :param api_version: GitLab REST API version number
+    :return: URI pointing to a namespaced project's image registry
+    """
+
+    # this converts something like "libvirt/libvirt" to "libvirt%2Flibvirt"
+    namespace_urlenc = urllib.parse.quote_plus(namespace)
+
+    project_uri = f"{gitlab_uri}/api/v4/projects/{namespace_urlenc}"
+
+    uri = project_uri + "/registry/repositories"
+    return uri
+
+
+def get_registry_images(uri: str) -> List[Dict]:
+    """
+    List all container images that are currently available in the given GitLab
+    project.
+
+    :param uri: URI pointing to a GitLab instance's image registry
+    :return: list of container image names
+    """
+
+    r = urllib.request.urlopen(uri + "?per_page=100")
+
+    # read the HTTP response and load the JSON part of it
+    return json.loads(r.read().decode())
+
+
+def get_dockerfiles(base_dir) -> List:
+    """
+    List all container dockerfiles in the local directory.
+
+    :return: list of dockerfile names
+    """
+
+    dkrs = []
+    d = pathlib.Path(base_dir, "containers")
+    for f in d.iterdir():
+        if f.suffix == ".Dockerfile":
+            dkrs.append(f.stem)
+    return dkrs
+
+
+def get_registry_stale_images(registry_uri: str, base_dir: str) -> Dict[str, int]:
+    """
+    Check the GitLab image registry for images that we no longer support and
+    which should be deleted.
+
+    :param uri: URI pointing to a GitLab instance's image registry
+    :param base_dir: local repository base directory
+    :return: dictionary formatted as: {<gitlab_image_name>: <gitlab_image_id>}
+    """
+
+    dockerfiles = get_dockerfiles(base_dir)
+    images = get_registry_images(registry_uri)
+    name_prefix = "ci-"
+
+    stale_images = {}
+    for img in images:
+        if img["name"][len(name_prefix):] not in dockerfiles:
+            stale_images[img["name"]] = img["id"]
+
+    return stale_images

config.h

@@ -25,10 +25,6 @@
 # define _FORTIFY_SOURCE 2
 #endif
 
-#ifndef __GNUC__
-# error "Libvirt requires GCC >= 4.8, or Clang"
-#endif
-
 /*
  * Define __GNUC_PREREQ to a sane default if it isn't yet defined.
  * This is done here so that it's included as early as possible;
@@ -41,27 +37,17 @@
 #if defined(__clang_major__) && defined(__clang_minor__)
 # ifdef __apple_build_version__
 #  if __clang_major__ < 5 || (__clang_major__ == 5 && __clang_minor__ < 1)
-#   error You need at least XCode Clang v5.1 to compile QEMU
+#   error You need at least XCode Clang v5.1 to compile libvirt
 #  endif
 # else
 #  if __clang_major__ < 3 || (__clang_major__ == 3 && __clang_minor__ < 4)
-#   error You need at least Clang v3.4 to compile QEMU
+#   error You need at least Clang v3.4 to compile libvirt
 #  endif
 # endif
 #elif defined(__GNUC__) && defined(__GNUC_MINOR__)
 # if __GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ < 8)
-#  error You need at least GCC v4.8 to compile QEMU
+#  error You need at least GCC v4.8 to compile libvirt
 # endif
 #else
 # error You either need at least GCC 4.8 or Clang 3.4 or XCode Clang 5.1 to compile libvirt
 #endif
-
-/* Ask for warnings for anything that was marked deprecated in
- * the defined version, or before. It is a candidate for rewrite.
- */
-#define GLIB_VERSION_MIN_REQUIRED GLIB_VERSION_2_48
-
-/* Ask for warnings if code tries to use function that did not
- * exist in the defined version. These risk breaking builds
- */
-#define GLIB_VERSION_MAX_ALLOWED GLIB_VERSION_2_48

docs/aclpolkit.html.in

@@ -1,523 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Polkit access control</h1>
-
-    <p>
-      Libvirt's client <a href="acl.html">access control framework</a> allows
-      administrators to setup fine grained permission rules across client users,
-      managed objects and API operations. This allows client connections
-      to be locked down to a minimal set of privileges. The polkit driver
-      provides a simple implementation of the access control framework.
-    </p>
-
-    <ul id="toc"></ul>
-
-    <h2><a id="intro">Introduction</a></h2>
-
-    <p>
-      A default install of libvirt will typically use
-      <a href="https://www.freedesktop.org/wiki/Software/polkit/">polkit</a>
-      to authenticate the initial user connection to libvirtd. This is a
-      very coarse grained check though, either allowing full read-write
-      access to all APIs, or just read-only access. The polkit access
-      control driver in libvirt builds on this capability to allow for
-      fine grained control over the operations a user may perform on an
-      object.
-    </p>
-
-    <h2><a id="perms">Permission names</a></h2>
-
-    <p>
-      The libvirt <a href="acl.html#perms">object names and permission names</a>
-      are mapped onto polkit action names using the simple pattern:
-    </p>
-
-    <pre>org.libvirt.api.$object.$permission
-</pre>
-
-    <p>
-      The only caveat is that any underscore characters in the
-      object or permission names are converted to hyphens. So,
-      for example, the <code>search_storage_vols</code> permission
-      on the <code>storage_pool</code> object maps to the polkit
-      action:
-    </p>
-    <pre>org.libvirt.api.storage-pool.search-storage-vols
-</pre>
-
-    <p>
-      The default policy for any permission which corresponds to
-      a "read only" operation, is to allow access. All other
-      permissions default to deny access.
-    </p>
-
-    <h2><a id="attrs">Object identity attributes</a></h2>
-
-    <p>
-      To allow polkit authorization rules to be written to match
-      against individual object instances, libvirt provides a number
-      of authorization detail attributes when performing a permission
-      check. The set of attributes varies according to the type
-      of object being checked
-    </p>
-
-    <h3><a id="object_connect">virConnectPtr</a></h3>
-    <table>
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a id="object_domain">virDomainPtr</a></h3>
-    <table>
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>domain_name</td>
-          <td>Name of the domain, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>domain_uuid</td>
-          <td>UUID of the domain, globally unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a id="object_interface">virInterfacePtr</a></h3>
-    <table>
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>interface_name</td>
-          <td>Name of the network interface, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>interface_macaddr</td>
-          <td>MAC address of the network interface, not unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a id="object_network">virNetworkPtr</a></h3>
-    <table>
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>network_name</td>
-          <td>Name of the network, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>network_uuid</td>
-          <td>UUID of the network, globally unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a id="object_node_device">virNodeDevicePtr</a></h3>
-    <table>
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>node_device_name</td>
-          <td>Name of the node device, unique to the local host</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a id="object_nwfilter">virNWFilterPtr</a></h3>
-    <table>
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>nwfilter_name</td>
-          <td>Name of the network filter, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>nwfilter_uuid</td>
-          <td>UUID of the network filter, globally unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a id="object_secret">virSecretPtr</a></h3>
-    <table>
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>secret_uuid</td>
-          <td>UUID of the secret, globally unique</td>
-        </tr>
-        <tr>
-          <td>secret_usage_volume</td>
-          <td>Name of the associated volume, if any</td>
-        </tr>
-        <tr>
-          <td>secret_usage_ceph</td>
-          <td>Name of the associated Ceph server, if any</td>
-        </tr>
-        <tr>
-          <td>secret_usage_target</td>
-          <td>Name of the associated iSCSI target, if any</td>
-        </tr>
-        <tr>
-          <td>secret_usage_name</td>
-          <td>Name of the associated TLS secret, if any</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a id="object_storage_pool">virStoragePoolPtr</a></h3>
-    <table>
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>pool_name</td>
-          <td>Name of the storage pool, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>pool_uuid</td>
-          <td>UUID of the storage pool, globally unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a id="object_storage_vol">virStorageVolPtr</a></h3>
-    <table>
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>pool_name</td>
-          <td>Name of the storage pool, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>pool_uuid</td>
-          <td>UUID of the storage pool, globally unique</td>
-        </tr>
-        <tr>
-          <td>vol_name</td>
-          <td>Name of the storage volume, unique to the pool</td>
-        </tr>
-        <tr>
-          <td>vol_key</td>
-          <td>Key of the storage volume, globally unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h2><a id="connect_driver">Hypervisor Driver connect_driver</a></h2>
-    <p>
-      The <code>connect_driver</code> parameter describes the
-      client's <a href="remote.html">remote Connection Driver</a>
-      name based on the <a href="uri.html">URI</a> used for the
-      connection.
-    </p>
-    <p>
-      <span class="since">Since 4.1.0</span>, when calling an API
-      outside the scope of the primary connection driver, the
-      primary driver will attempt to open a secondary connection
-      to the specific API driver in order to process the API. For
-      example, when hypervisor domain processing needs to make an
-      API call within the storage driver or the network filter driver
-      an attempt to open a connection to the "storage" or "nwfilter"
-      driver will be made. Similarly, a "storage" primary connection
-      may need to create a connection to the "secret" driver in order
-      to process secrets for the API. If successful, then calls to
-      those API's will occur in the <code>connect_driver</code> context
-      of the secondary connection driver rather than in the context of
-      the primary driver. This affects the <code>connect_driver</code>
-      returned from rule generation from the <code>action.loookup</code>
-      function. The following table provides a list of the various
-      connection drivers and the <code>connect_driver</code> name
-      used by each regardless of primary or secondary connection.
-      The access denied error message from libvirt will list the
-      connection driver by name that denied the access.
-    </p>
-
-    <h3><a id="object_connect_driver">Connection Driver Name</a></h3>
-    <table>
-      <thead>
-        <tr>
-          <th>Connection Driver</th>
-          <th><code>connect_driver</code> name</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>bhyve</td>
-          <td>bhyve</td>
-        </tr>
-        <tr>
-          <td>esx</td>
-          <td>ESX</td>
-        </tr>
-        <tr>
-          <td>hyperv</td>
-          <td>Hyper-V</td>
-        </tr>
-        <tr>
-          <td>interface</td>
-          <td>interface</td>
-        </tr>
-        <tr>
-          <td>xen</td>
-          <td>Xen</td>
-        </tr>
-        <tr>
-          <td>lxc</td>
-          <td>LXC</td>
-        </tr>
-        <tr>
-          <td>network</td>
-          <td>network</td>
-        </tr>
-        <tr>
-          <td>nodedev</td>
-          <td>nodedev</td>
-        </tr>
-        <tr>
-          <td>nwfilter</td>
-          <td>NWFilter</td>
-        </tr>
-        <tr>
-          <td>openvz</td>
-          <td>OPENVZ</td>
-        </tr>
-        <tr>
-          <td>qemu</td>
-          <td>QEMU</td>
-        </tr>
-        <tr>
-          <td>secret</td>
-          <td>secret</td>
-        </tr>
-        <tr>
-          <td>storage</td>
-          <td>storage</td>
-        </tr>
-        <tr>
-          <td>vbox</td>
-          <td>VBOX</td>
-        </tr>
-        <tr>
-          <td>vmware</td>
-          <td>VMWARE</td>
-        </tr>
-        <tr>
-          <td>vz</td>
-          <td>vz</td>
-        </tr>
-      </tbody>
-    </table>
-
-
-    <h2><a id="user">User identity attributes</a></h2>
-
-    <p>
-      At this point in time, the only attribute provided by
-      libvirt to identify the user invoking the operation
-      is the PID of the client program. This means that the
-      polkit access control driver is only useful if connections
-      to libvirt are restricted to its UNIX domain socket. If
-      connections are being made to a TCP socket, no identifying
-      information is available and access will be denied.
-      Also note that if the client is connecting via an SSH
-      tunnel, it is the local SSH user that will be identified.
-      In future versions, it is expected that more information
-      about the client user will be provided, including the
-      SASL / Kerberos username and/or x509 distinguished
-      name obtained from the authentication provider in use.
-    </p>
-
-
-    <h2><a id="checks">Writing access control policies</a></h2>
-
-    <p>
-      If using versions of polkit prior to 0.106 then it is only
-      possible to validate (user, permission) pairs via the <code>.pkla</code>
-      files. Fully validation of the (user, permission, object) triple
-      requires the new JavaScript <code>.rules</code> support that
-      was introduced in version 0.106. The latter is what will be
-      described here.
-    </p>
-
-    <p>
-      Libvirt does not ship any rules files by default. It merely
-      provides a definition of the default behaviour for each
-      action (permission). As noted earlier, permissions which
-      correspond to read-only operations in libvirt will be allowed
-      to all users by default; everything else is denied by default.
-      Defining custom rules requires creation of a file in the
-      <code>/etc/polkit-1/rules.d</code> directory with a name
-      chosen by the administrator (<code>100-libvirt-acl.rules</code>
-      would be a reasonable choice). See the <code>polkit(8)</code>
-      manual page for a description of how to write these files
-      in general. The key idea is to create a file containing
-      something like
-    </p>
-
-    <pre>
-polkit.addRule(function(action, subject) {
-  ....logic to check 'action' and 'subject'...
-});
-    </pre>
-
-    <p>
-      In this code snippet above, the <code>action</code> object
-      instance will represent the libvirt permission being checked
-      along with identifying attributes for the object it is being
-      applied to. The <code>subject</code> meanwhile will identify
-      the libvirt client app (with the caveat above about it only
-      dealing with local clients connected via the UNIX socket).
-      On the <code>action</code> object, the permission name is
-      accessible via the <code>id</code> attribute, while the
-      object identifying attributes are exposed via the
-      <code>lookup</code> method.
-    </p>
-
-    <p>
-    See
-    <a href="https://gitlab.com/libvirt/libvirt/-/tree/master/examples/polkit">source code</a>
-    for a more complex example.
-    </p>
-
-    <h3><a id="exconnect">Example: restricting ability to connect to drivers</a></h3>
-
-    <p>
-      Consider a local user <code>berrange</code>
-      who has been granted permission to connect to libvirt in
-      full read-write mode. The goal is to only allow them to
-      use the <code>QEMU</code> driver and not the Xen or LXC
-      drivers which are also available in libvirtd.
-      To achieve this we need to write a rule which checks
-      whether the <code>connect_driver</code> attribute
-      is <code>QEMU</code>, and match on an action
-      name of <code>org.libvirt.api.connect.getattr</code>. Using
-      the javascript rules format, this ends up written as
-    </p>
-
-    <pre>
-polkit.addRule(function(action, subject) {
-    if (action.id == "org.libvirt.api.connect.getattr" &amp;&amp;
-        subject.user == "berrange") {
-          if (action.lookup("connect_driver") == 'QEMU') {
-            return polkit.Result.YES;
-          } else {
-            return polkit.Result.NO;
-          }
-    }
-});
-    </pre>
-
-    <h3><a id="exdomain">Example: restricting access to a single domain</a></h3>
-
-    <p>
-      Consider a local user <code>berrange</code>
-      who has been granted permission to connect to libvirt in
-      full read-write mode. The goal is to only allow them to
-      see the domain called <code>demo</code> on the LXC driver.
-      To achieve this we need to write a rule which checks
-      whether the <code>connect_driver</code> attribute
-      is <code>LXC</code> and the <code>domain_name</code>
-      attribute is <code>demo</code>, and match on an action
-      name of <code>org.libvirt.api.domain.getattr</code>. Using
-      the javascript rules format, this ends up written as
-    </p>
-
-    <pre>
-polkit.addRule(function(action, subject) {
-    if (action.id == "org.libvirt.api.domain.getattr" &amp;&amp;
-        subject.user == "berrange") {
-          if (action.lookup("connect_driver") == 'LXC' &amp;&amp;
-              action.lookup("domain_name") == 'demo') {
-            return polkit.Result.YES;
-          } else {
-            return polkit.Result.NO;
-          }
-    }
-});
-    </pre>
-  </body>
-</html>

docs/aclpolkit.rst

@@ -0,0 +1,310 @@
+.. role:: since
+
+=====================
+Polkit access control
+=====================
+
+Libvirt's client `access control framework <acl.html>`__ allows
+administrators to setup fine grained permission rules across client
+users, managed objects and API operations. This allows client
+connections to be locked down to a minimal set of privileges. The polkit
+driver provides a simple implementation of the access control framework.
+
+.. contents::
+
+Introduction
+------------
+
+A default install of libvirt will typically use
+`polkit <https://www.freedesktop.org/wiki/Software/polkit/>`__ to
+authenticate the initial user connection to libvirtd. This is a very
+coarse grained check though, either allowing full read-write access to
+all APIs, or just read-only access. The polkit access control driver in
+libvirt builds on this capability to allow for fine grained control over
+the operations a user may perform on an object.
+
+Permission names
+----------------
+
+The libvirt `object names and permission names <acl.html#perms>`__ are
+mapped onto polkit action names using the simple pattern:
+
+::
+
+   org.libvirt.api.$object.$permission
+
+The only caveat is that any underscore characters in the object or
+permission names are converted to hyphens. So, for example, the
+``search_storage_vols`` permission on the ``storage_pool`` object maps
+to the polkit action:
+
+::
+
+   org.libvirt.api.storage-pool.search-storage-vols
+
+The default policy for any permission which corresponds to a "read only"
+operation, is to allow access. All other permissions default to deny
+access.
+
+Object identity attributes
+--------------------------
+
+To allow polkit authorization rules to be written to match against
+individual object instances, libvirt provides a number of authorization
+detail attributes when performing a permission check. The set of
+attributes varies according to the type of object being checked
+
+virConnectPtr
+~~~~~~~~~~~~~
+
+============== =====================================
+Attribute      Description
+============== =====================================
+connect_driver Name of the libvirt connection driver
+============== =====================================
+
+virDomainPtr
+~~~~~~~~~~~~
+
+============== ============================================
+Attribute      Description
+============== ============================================
+connect_driver Name of the libvirt connection driver
+domain_name    Name of the domain, unique to the local host
+domain_uuid    UUID of the domain, globally unique
+============== ============================================
+
+virInterfacePtr
+~~~~~~~~~~~~~~~
+
++-------------------+---------------------------------------------------------+
+| Attribute         | Description                                             |
++===================+=========================================================+
+| connect_driver    | Name of the libvirt connection driver                   |
++-------------------+---------------------------------------------------------+
+| interface_name    | Name of the network interface, unique to the local host |
++-------------------+---------------------------------------------------------+
+| interface_macaddr | MAC address of the network interface, not unique        |
++-------------------+---------------------------------------------------------+
+
+virNetworkPtr
+~~~~~~~~~~~~~
+
+============== =============================================
+Attribute      Description
+============== =============================================
+connect_driver Name of the libvirt connection driver
+network_name   Name of the network, unique to the local host
+network_uuid   UUID of the network, globally unique
+============== =============================================
+
+virNodeDevicePtr
+~~~~~~~~~~~~~~~~
+
+================ =================================================
+Attribute        Description
+================ =================================================
+connect_driver   Name of the libvirt connection driver
+node_device_name Name of the node device, unique to the local host
+================ =================================================
+
+virNWFilterPtr
+~~~~~~~~~~~~~~
+
+============== ====================================================
+Attribute      Description
+============== ====================================================
+connect_driver Name of the libvirt connection driver
+nwfilter_name  Name of the network filter, unique to the local host
+nwfilter_uuid  UUID of the network filter, globally unique
+============== ====================================================
+
+virSecretPtr
+~~~~~~~~~~~~
+
+=================== ===========================================
+Attribute           Description
+=================== ===========================================
+connect_driver      Name of the libvirt connection driver
+secret_uuid         UUID of the secret, globally unique
+secret_usage_volume Name of the associated volume, if any
+secret_usage_ceph   Name of the associated Ceph server, if any
+secret_usage_target Name of the associated iSCSI target, if any
+secret_usage_name   Name of the associated TLS secret, if any
+=================== ===========================================
+
+virStoragePoolPtr
+~~~~~~~~~~~~~~~~~
+
+============== ==================================================
+Attribute      Description
+============== ==================================================
+connect_driver Name of the libvirt connection driver
+pool_name      Name of the storage pool, unique to the local host
+pool_uuid      UUID of the storage pool, globally unique
+============== ==================================================
+
+virStorageVolPtr
+~~~~~~~~~~~~~~~~
+
+============== ==================================================
+Attribute      Description
+============== ==================================================
+connect_driver Name of the libvirt connection driver
+pool_name      Name of the storage pool, unique to the local host
+pool_uuid      UUID of the storage pool, globally unique
+vol_name       Name of the storage volume, unique to the pool
+vol_key        Key of the storage volume, globally unique
+============== ==================================================
+
+Hypervisor Driver connect_driver
+--------------------------------
+
+The ``connect_driver`` parameter describes the client's `remote
+Connection Driver <remote.html>`__ name based on the `URI <uri.html>`__
+used for the connection.
+
+:since:`Since 4.1.0`, when calling an API outside the scope of the primary
+connection driver, the primary driver will attempt to open a secondary
+connection to the specific API driver in order to process the API. For
+example, when hypervisor domain processing needs to make an API call
+within the storage driver or the network filter driver an attempt to
+open a connection to the "storage" or "nwfilter" driver will be made.
+Similarly, a "storage" primary connection may need to create a
+connection to the "secret" driver in order to process secrets for the
+API. If successful, then calls to those API's will occur in the
+``connect_driver`` context of the secondary connection driver rather
+than in the context of the primary driver. This affects the
+``connect_driver`` returned from rule generation from the
+``action.loookup`` function. The following table provides a list of the
+various connection drivers and the ``connect_driver`` name used by each
+regardless of primary or secondary connection. The access denied error
+message from libvirt will list the connection driver by name that denied
+the access.
+
+Connection Driver Name
+~~~~~~~~~~~~~~~~~~~~~~
+
+================= =======================
+Connection Driver ``connect_driver`` name
+================= =======================
+bhyve             bhyve
+esx               ESX
+hyperv            Hyper-V
+interface         interface
+xen               Xen
+lxc               LXC
+network           network
+nodedev           nodedev
+nwfilter          NWFilter
+openvz            OPENVZ
+qemu              QEMU
+secret            secret
+storage           storage
+vbox              VBOX
+vmware            VMWARE
+vz                vz
+================= =======================
+
+User identity attributes
+------------------------
+
+At this point in time, the only attribute provided by libvirt to
+identify the user invoking the operation is the PID of the client
+program. This means that the polkit access control driver is only useful
+if connections to libvirt are restricted to its UNIX domain socket. If
+connections are being made to a TCP socket, no identifying information
+is available and access will be denied. Also note that if the client is
+connecting via an SSH tunnel, it is the local SSH user that will be
+identified. In future versions, it is expected that more information
+about the client user will be provided, including the SASL / Kerberos
+username and/or x509 distinguished name obtained from the authentication
+provider in use.
+
+Writing access control policies
+-------------------------------
+
+If using versions of polkit prior to 0.106 then it is only possible to
+validate (user, permission) pairs via the ``.pkla`` files. Fully
+validation of the (user, permission, object) triple requires the new
+JavaScript ``.rules`` support that was introduced in version 0.106. The
+latter is what will be described here.
+
+Libvirt does not ship any rules files by default. It merely provides a
+definition of the default behaviour for each action (permission). As
+noted earlier, permissions which correspond to read-only operations in
+libvirt will be allowed to all users by default; everything else is
+denied by default. Defining custom rules requires creation of a file in
+the ``/etc/polkit-1/rules.d`` directory with a name chosen by the
+administrator (``100-libvirt-acl.rules`` would be a reasonable choice).
+See the ``polkit(8)`` manual page for a description of how to write
+these files in general. The key idea is to create a file containing
+something like
+
+::
+
+   polkit.addRule(function(action, subject) {
+     ....logic to check 'action' and 'subject'...
+   });
+
+In this code snippet above, the ``action`` object instance will
+represent the libvirt permission being checked along with identifying
+attributes for the object it is being applied to. The ``subject``
+meanwhile will identify the libvirt client app (with the caveat above
+about it only dealing with local clients connected via the UNIX socket).
+On the ``action`` object, the permission name is accessible via the
+``id`` attribute, while the object identifying attributes are exposed
+via the ``lookup`` method.
+
+See `source
+code <https://gitlab.com/libvirt/libvirt/-/tree/master/examples/polkit>`__
+for a more complex example.
+
+Example: restricting ability to connect to drivers
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Consider a local user ``berrange`` who has been granted permission to
+connect to libvirt in full read-write mode. The goal is to only allow
+them to use the ``QEMU`` driver and not the Xen or LXC drivers which are
+also available in libvirtd. To achieve this we need to write a rule
+which checks whether the ``connect_driver`` attribute is ``QEMU``, and
+match on an action name of ``org.libvirt.api.connect.getattr``. Using
+the javascript rules format, this ends up written as
+
+::
+
+   polkit.addRule(function(action, subject) {
+       if (action.id == "org.libvirt.api.connect.getattr" &&
+           subject.user == "berrange") {
+             if (action.lookup("connect_driver") == 'QEMU') {
+               return polkit.Result.YES;
+             } else {
+               return polkit.Result.NO;
+             }
+       }
+   });
+
+Example: restricting access to a single domain
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Consider a local user ``berrange`` who has been granted permission to
+connect to libvirt in full read-write mode. The goal is to only allow
+them to see the domain called ``demo`` on the LXC driver. To achieve
+this we need to write a rule which checks whether the ``connect_driver``
+attribute is ``LXC`` and the ``domain_name`` attribute is ``demo``, and
+match on an action name of ``org.libvirt.api.domain.getattr``. Using the
+javascript rules format, this ends up written as
+
+::
+
+   polkit.addRule(function(action, subject) {
+       if (action.id == "org.libvirt.api.domain.getattr" &&
+           subject.user == "berrange") {
+             if (action.lookup("connect_driver") == 'LXC' &&
+                 action.lookup("domain_name") == 'demo') {
+               return polkit.Result.YES;
+             } else {
+               return polkit.Result.NO;
+             }
+       }
+   });

docs/advanced-tests.rst

@@ -105,7 +105,7 @@ of leak:
   ==5414==    by 0x34D9021734: (below main) (in /usr/lib64/libc-2.15.so)
 
 In this example, the ``virDomainDefParseXML()`` had an error
-path where the ``virDomainVideoDefPtr video`` pointer was not
+path where the ``virDomainVideoDef *video`` pointer was not
 properly disposed. By simply adding a
 ``virDomainVideoDefFree(video);`` in the error path, the issue
 was resolved.

docs/api.html.in

@@ -1,380 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>The libvirt API concepts</h1>
-
-    <p> This page describes the main principles and architecture choices
-    behind the definition of the libvirt API:</p>
-
-    <ul id="toc"></ul>
-
-    <h2><a id="Objects">Objects Exposed</a></h2>
-    <p> As defined in the <a href="goals.html">goals section</a>, the libvirt
-    API is designed to expose all the resources needed to manage the
-    virtualization support of recent operating systems. The first object
-    manipulated through the API is the <code>virConnectPtr</code>, which
-    represents the connection to a hypervisor. Any application using libvirt
-    is likely to start using the
-    API by calling one of <a href="html/libvirt-libvirt-host.html#virConnectOpen"
-    >the virConnectOpen functions</a>. You will note that those functions take
-    a name argument which is actually a <a href="uri.html">connection URI</a>
-    to select the right hypervisor to open.
-    A URI is needed to allow remote connections and also select between
-    different possible hypervisors. For example, on a Linux system it may be
-    possible to use both KVM and LinuxContainers on the same node. A NULL
-    name will default to a preselected hypervisor, but it's probably not a
-    wise thing to do in most cases. See the <a href="uri.html">connection
-    URI</a> page for a full descriptions of the values allowed.</p>
-    <p> OnDevice the application obtains a
-      <a href="/html/libvirt-libvirt-host.html#virConnectPtr">
-        <code>virConnectPtr</code>
-      </a>
-    connection to the hypervisor it can then use it to manage the hypervisor's
-    available domains and related virtualization
-    resources, such as storage and networking. All those are
-    exposed as first class objects and connected to the hypervisor connection
-    (and the node or cluster where it is available).</p>
-    <p class="image">
-      <img alt="first class objects exposed by the API"
-           src="libvirt-object-model.png"/>
-    </p>
-    <p> The figure above shows the five main objects exported by the API:</p>
-    <ul>
-      <li>
-        <a href="html/libvirt-libvirt-host.html#virConnectPtr">
-          <code>virConnectPtr</code>
-        </a>
-      <p>Represents the connection to a hypervisor. Use one of the
-      <a href="html/libvirt-libvirt-host.html#virConnectOpen">virConnectOpen</a>
-      functions to obtain connection to the hypervisor which is then used
-      as a parameter to other connection API's.</p></li>
-      <li>
-        <a href="html/libvirt-libvirt-domain.html#virDomainPtr">
-          <code>virDomainPtr</code>
-        </a>
-      <p>Represents one domain either active or defined (i.e. existing as
-      permanent config file and storage but not currently running on that
-      node). The function
-        <a href="html/libvirt-libvirt-domain.html#virConnectListAllDomains">
-          <code>virConnectListAllDomains</code>
-        </a>
-      lists all the domains for the hypervisor.</p></li>
-      <li>
-        <a href="html/libvirt-libvirt-network.html#virNetworkPtr">
-          <code>virNetworkPtr</code>
-        </a>
-      <p>Represents one network either active or defined (i.e. existing
-      as permanent config file and storage but not currently activated).
-      The function
-        <a href="html/libvirt-libvirt-network.html#virConnectListAllNetworks">
-          <code>virConnectListAllNetworks</code>
-        </a>
-      lists all the virtualization networks for the hypervisor.</p></li>
-      <li>
-        <a href="html/libvirt-libvirt-storage.html#virStorageVolPtr">
-          <code>virStorageVolPtr</code>
-        </a>
-      <p>Represents one storage volume generally used
-      as a block device available to one of the domains. The function
-        <a href="html/libvirt-libvirt-storage.html#virStorageVolLookupByPath">
-          <code>virStorageVolLookupByPath</code>
-        </a>
-      finds the storage volume object based on its path on the node.</p></li>
-      <li>
-        <a href="html/libvirt-libvirt-storage.html#virStoragePoolPtr">
-          <code>virStoragePoolPtr</code>
-        </a>
-      <p>Represents a storage pool, which is a logical area
-      used to allocate and store storage volumes. The function
-        <a href="html/libvirt-libvirt-storage.html#virConnectListAllStoragePools">
-          <code>virConnectListAllStoragePools</code>
-        </a>
-      lists all of the virtualization storage pools on the hypervisor.
-      The function
-        <a href="html/libvirt-libvirt-storage.html#virStoragePoolLookupByVolume">
-          <code>virStoragePoolLookupByVolume</code>
-        </a>
-      finds the storage pool containing a given storage volume.</p></li>
-    </ul>
-    <p> Most objects manipulated by the library can also be represented using
-      XML descriptions. This is used primarily to create those object, but is
-      also helpful to modify or save their description back.</p>
-    <p> Domains, networks, and storage pools can be either <code>active</code>
-      i.e. either running or available for immediate use, or
-      <code>defined</code> in which case they are inactive but there is
-      a permanent definition available in the system for them. Based on this
-      they can be activated dynamically in order to be used.</p>
-    <p> Most objects can also be named in various ways:</p>
-    <ul>
-      <li><code>name</code>
-      <p>A user friendly identifier but whose uniqueness
-      cannot be guaranteed between two nodes.</p></li>
-      <li><code>ID</code>
-      <p>A runtime unique identifier
-      provided by the hypervisor for one given activation of the object;
-      however, it becomes invalid once the resource is deactivated.</p></li >
-      <li><code>UUID</code>
-      <p> A 16 byte unique identifier
-      as defined in <a href="https://www.ietf.org/rfc/rfc4122.txt">RFC 4122</a>,
-      which is guaranteed to be unique for long term usage and across a
-      set of nodes.</p></li>
-    </ul>
-
-    <h2><a id="Functions">Functions and Naming Conventions</a></h2>
-    <p> The naming of the functions present in the library is usually
-      composed by a prefix describing the object associated to the function
-      and a verb describing the action on that object.</p>
-    <p> For each first class object you will find APIs
-      for the following actions:</p>
-    <ul>
-      <li><b>Lookup</b> [...LookupBy...]
-      <p>Used to perform lookups on objects by some type of identifier,
-      such as:</p>
-          <ul>
-            <li>
-              <a href="html/libvirt-libvirt-domain.html#virDomainLookupByID">
-                <code>virDomainLookupByID</code>
-              </a>
-            </li>
-            <li>
-              <a href="html/libvirt-libvirt-domain.html#virDomainLookupByName">
-                <code>virDomainLookupByName</code>
-              </a>
-            </li>
-            <li>
-              <a href="html/libvirt-libvirt-domain.html#virDomainLookupByUUID">
-                <code>virDomainLookupByUUID</code>
-              </a>
-            </li>
-            <li>
-              <a href="html/libvirt-libvirt-domain.html#virDomainLookupByUUIDString">
-                <code>virDomainLookupByUUIDString</code>
-              </a>
-            </li>
-          </ul>
-      </li>
-      <li><b>Enumeration</b> [virConnectList..., virConnectNumOf...]
-      <p>Used to enumerate a set of object available to a given
-      hypervisor connection such as:</p>
-          <ul>
-            <li>
-              <a href="html/libvirt-libvirt-domain.html#virConnectListDomains">
-                <code>virConnectListDomains</code>
-              </a>
-            </li>
-            <li>
-              <a href="html/libvirt-libvirt-domain.html#virConnectNumOfDomains">
-                <code>virConnectNumOfDomains</code>
-              </a>
-            </li>
-            <li>
-              <a href="html/libvirt-libvirt-network.html#virConnectListNetworks">
-                <code>virConnectListNetworks</code>
-              </a>
-            </li>
-            <li>
-              <a href="html/libvirt-libvirt-storage.html#virConnectListStoragePools">
-                <code>virConnectListStoragePools</code>
-              </a>
-            </li>
-          </ul>
-      </li>
-      <li><b>Description</b> [...GetInfo]
-      <p>Generic accessor providing a set of generic information about an
-      object, such as: </p>
-        <ul>
-          <li>
-            <a href="html/libvirt-libvirt-host.html#virNodeGetInfo">
-              <code>virNodeGetInfo</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-domain.html#virDomainGetInfo">
-              <code>virDomainGetInfo</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-storage.html#virStoragePoolGetInfo">
-              <code>virStoragePoolGetInfo</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-storage.html#virStorageVolGetInfo">
-              <code>virStorageVolGetInfo</code>
-            </a>
-          </li>
-        </ul>
-      </li>
-      <li><b>Accessors</b> [...Get..., ...Set...]
-      <p>Specific accessors used to query or modify data for the given object,
-      such as: </p>
-        <ul>
-          <li>
-            <a href="html/libvirt-libvirt-host.html#virConnectGetType">
-              <code>virConnectGetType</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-domain.html#virDomainGetMaxMemory">
-              <code>virDomainGetMaxMemory</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-domain.html#virDomainSetMemory">
-              <code>virDomainSetMemory</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-domain.html#virDomainGetVcpus">
-              <code>virDomainGetVcpus</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-storage.html#virStoragePoolSetAutostart">
-              <code>virStoragePoolSetAutostart</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-network.html#virNetworkGetBridgeName">
-              <code>virNetworkGetBridgeName</code>
-            </a>
-          </li>
-        </ul>
-      </li>
-      <li><b>Creation</b> [...Create, ...CreateXML]
-      <p>Used to create and start objects.  The ...CreateXML APIs will create
-      the object based on an XML description, while the ...Create APIs will
-      create the object based on existing object pointer, such as: </p>
-        <ul>
-          <li>
-            <a href="html/libvirt-libvirt-domain.html#virDomainCreate">
-              <code>virDomainCreate</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-domain.html#virDomainCreateXML">
-              <code>virDomainCreateXML</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-network.html#virNetworkCreate">
-              <code>virNetworkCreate</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-network.html#virNetworkCreateXML">
-              <code>virNetworkCreateXML</code>
-            </a>
-          </li>
-        </ul>
-      </li>
-      <li><b>Destruction</b> [...Destroy]
-      <p>Used to shutdown or deactivate and destroy objects, such as: </p>
-        <ul>
-          <li>
-            <a href="html/libvirt-libvirt-domain.html#virDomainDestroy">
-              <code>virDomainDestroy</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-network.html#virNetworkDestroy">
-              <code>virNetworkDestroy</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-storage.html#virStoragePoolDestroy">
-              <code>virStoragePoolDestroy</code>
-            </a>
-          </li>
-        </ul>
-      </li>
-    </ul>
-    <p>Note: functions returning vir*Ptr (like the virDomainLookup functions)
-    allocate memory which needs to be freed by the caller by the corresponding
-    vir*Free function (e.g. virDomainFree for a virDomainPtr object).
-    </p>
-    <p> For more in-depth details of the storage related APIs see
-      <a href="storage.html">the storage management page</a>.
-    </p>
-    <h2><a id="Drivers">The libvirt Drivers</a></h2>
-    <p>Drivers are the basic building block for libvirt functionality
-    to support the capability to handle specific hypervisor driver calls.
-    Drivers are discovered and registered during connection processing as
-    part of the
-      <a href="html/libvirt-libvirt-host.html#virInitialize">
-        <code>virInitialize</code>
-      </a>
-    API. Each driver
-    has a registration API which loads up the driver specific function
-    references for the libvirt APIs to call. The following is a simplistic
-    view of the hypervisor driver mechanism. Consider the stacked list of
-    drivers as a series of modules that can be plugged into the architecture
-    depending on how libvirt is configured to be built.</p>
-    <p class="image">
-      <img alt="The libvirt driver architecture"
-           src="libvirt-driver-arch.png"/>
-    </p>
-    <p>The driver architecture is also used to support other virtualization
-    components such as storage, storage pools, host device, networking,
-    network interfaces, and network filters.</p>
-    <p>See the <a href="drivers.html">libvirt drivers</a> page for more
-    information on hypervisor and storage specific drivers.</p>
-    <p>Not all drivers support every virtualization function possible.
-    The <a href="hvsupport.html">libvirt API support matrix</a> lists
-    the various functions and support found in each driver by the version
-    support was added into libvirt.
-    </p>
-    <h2><a id="Remote">Daemon and Remote Access</a></h2>
-    <p>Access to libvirt drivers is primarily handled by the libvirtd
-    daemon through the <a href="remote.html">remote</a> driver via an
-    <a href="internals/rpc.html">RPC</a>. Some hypervisors do support
-    client-side connections and responses, such as Test, OpenVZ, VMware,
-    VirtualBox (vbox), ESX, Hyper-V, Xen, and Virtuozzo.
-    The libvirtd daemon service is started on the host at system boot
-    time and can also be restarted at any time by a properly privileged
-    user, such as root. The libvirtd daemon uses the same libvirt API
-    <a href="html/libvirt-libvirt-host.html#virInitialize">
-      <code>virInitialize</code>
-    </a>
-    sequence as applications
-    for client-side driver registrations, but then extends the registered
-    driver list to encompass all known drivers supported for all driver
-    types supported on the host. </p>
-    <p>The libvirt client <a href="apps.html">applications</a> use a
-    <a href="uri.html">URI</a> to obtain the <code>virConnectPtr</code>.
-    The <code>virConnectPtr</code> keeps track of the driver connection
-    plus a variety of other connections (network, interface, storage, etc.).
-    The <code>virConnectPtr</code> is then used as a parameter to other
-    virtualization <a href="#Functions">functions</a>. Depending upon the
-    driver being used, calls will be routed through the remote driver to
-    the libvirtd daemon. The daemon will reference the connection specific
-    driver in order to retrieve the requested information and then pass
-    back status and/or data through the connection back to the application.
-    The application can then decide what to do with that data, such as
-    display, write log data, etc. <a href="migration.html">Migration</a>
-    is an example of many facets of the architecture in use.</p>
-
-    <p class="image">
-      <img alt="The libvirt daemon and remote architecture"
-           src="libvirt-daemon-arch.png"/>
-    </p>
-    <p>
-    The key takeaway from the above diagram is that there is a remote driver
-    which handles transactions for a majority of the drivers. The libvirtd
-    daemon running on the host will receive transaction requests from the
-    remote driver and will then query the hypervisor driver as specified in
-    the <code>virConnectPtr</code> in order to fetch the data. The data will
-    then be returned through the remote driver to the client application
-    for processing.
-    </p>
-    <p>If you are interested in contributing to libvirt, read the
-    <a href="https://wiki.libvirt.org/page/FAQ">FAQ</a> and
-    <a href="hacking.html">hacking</a> guidelines to gain an understanding
-    of basic rules and guidelines.  In order to add new API functionality
-    follow the instructions regarding
-    <a href="api_extension.html">implementing a new API in libvirt</a>.
-    </p>
-
-  </body>
-</html>

docs/api.rst

@@ -0,0 +1,265 @@
+========================
+The libvirt API concepts
+========================
+
+This page describes the main principles and architecture choices behind
+the definition of the libvirt API:
+
+.. contents::
+
+Objects Exposed
+---------------
+
+As defined in the `goals section <goals.html>`__, the libvirt API is
+designed to expose all the resources needed to manage the virtualization
+support of recent operating systems. The first object manipulated
+through the API is the ``virConnectPtr``, which represents the
+connection to a hypervisor. Any application using libvirt is likely to
+start using the API by calling one of `the virConnectOpen
+functions <html/libvirt-libvirt-host.html#virConnectOpen>`__. You will
+note that those functions take a name argument which is actually a
+`connection URI <uri.html>`__ to select the right hypervisor to open. A
+URI is needed to allow remote connections and also select between
+different possible hypervisors. For example, on a Linux system it may be
+possible to use both KVM and LinuxContainers on the same node. A NULL
+name will default to a preselected hypervisor, but it's probably not a
+wise thing to do in most cases. See the `connection URI <uri.html>`__
+page for a full descriptions of the values allowed.
+
+OnDevice the application obtains a
+`virConnectPtr </html/libvirt-libvirt-host.html#virConnectPtr>`__
+connection to the hypervisor it can then use it to manage the
+hypervisor's available domains and related virtualization resources,
+such as storage and networking. All those are exposed as first class
+objects and connected to the hypervisor connection (and the node or
+cluster where it is available).
+
+|first class objects exposed by the API|
+
+The figure above shows the five main objects exported by the API:
+
+-  `virConnectPtr <html/libvirt-libvirt-host.html#virConnectPtr>`__
+
+   Represents the connection to a hypervisor. Use one of the
+   `virConnectOpen <html/libvirt-libvirt-host.html#virConnectOpen>`__
+   functions to obtain connection to the hypervisor which is then used
+   as a parameter to other connection API's.
+
+-  `virDomainPtr <html/libvirt-libvirt-domain.html#virDomainPtr>`__
+
+   Represents one domain either active or defined (i.e. existing as
+   permanent config file and storage but not currently running on that
+   node). The function
+   `virConnectListAllDomains <html/libvirt-libvirt-domain.html#virConnectListAllDomains>`__
+   lists all the domains for the hypervisor.
+
+-  `virNetworkPtr <html/libvirt-libvirt-network.html#virNetworkPtr>`__
+
+   Represents one network either active or defined (i.e. existing as
+   permanent config file and storage but not currently activated). The
+   function
+   `virConnectListAllNetworks <html/libvirt-libvirt-network.html#virConnectListAllNetworks>`__
+   lists all the virtualization networks for the hypervisor.
+
+-  `virStorageVolPtr <html/libvirt-libvirt-storage.html#virStorageVolPtr>`__
+
+   Represents one storage volume generally used as a block device
+   available to one of the domains. The function
+   `virStorageVolLookupByPath <html/libvirt-libvirt-storage.html#virStorageVolLookupByPath>`__
+   finds the storage volume object based on its path on the node.
+
+-  `virStoragePoolPtr <html/libvirt-libvirt-storage.html#virStoragePoolPtr>`__
+
+   Represents a storage pool, which is a logical area used to allocate
+   and store storage volumes. The function
+   `virConnectListAllStoragePools <html/libvirt-libvirt-storage.html#virConnectListAllStoragePools>`__
+   lists all of the virtualization storage pools on the hypervisor. The
+   function
+   `virStoragePoolLookupByVolume <html/libvirt-libvirt-storage.html#virStoragePoolLookupByVolume>`__
+   finds the storage pool containing a given storage volume.
+
+Most objects manipulated by the library can also be represented using
+XML descriptions. This is used primarily to create those object, but is
+also helpful to modify or save their description back.
+
+Domains, networks, and storage pools can be either ``active`` i.e.
+either running or available for immediate use, or ``defined`` in which
+case they are inactive but there is a permanent definition available in
+the system for them. Based on this they can be activated dynamically in
+order to be used.
+
+Most objects can also be named in various ways:
+
+-  ``name``
+
+   A user friendly identifier but whose uniqueness cannot be guaranteed
+   between two nodes.
+
+-  ``ID``
+
+   A runtime unique identifier provided by the hypervisor for one given
+   activation of the object; however, it becomes invalid once the
+   resource is deactivated.
+
+-  ``UUID``
+
+   A 16 byte unique identifier as defined in `RFC
+   4122 <https://www.ietf.org/rfc/rfc4122.txt>`__, which is guaranteed
+   to be unique for long term usage and across a set of nodes.
+
+Functions and Naming Conventions
+--------------------------------
+
+The naming of the functions present in the library is usually composed
+by a prefix describing the object associated to the function and a verb
+describing the action on that object.
+
+For each first class object you will find APIs for the following
+actions:
+
+-  **Lookup** [...LookupBy...]
+
+   Used to perform lookups on objects by some type of identifier, such
+   as:
+
+   -  `virDomainLookupByID <html/libvirt-libvirt-domain.html#virDomainLookupByID>`__
+   -  `virDomainLookupByName <html/libvirt-libvirt-domain.html#virDomainLookupByName>`__
+   -  `virDomainLookupByUUID <html/libvirt-libvirt-domain.html#virDomainLookupByUUID>`__
+   -  `virDomainLookupByUUIDString <html/libvirt-libvirt-domain.html#virDomainLookupByUUIDString>`__
+
+-  **Enumeration** [virConnectList..., virConnectNumOf...]
+
+   Used to enumerate a set of object available to a given hypervisor
+   connection such as:
+
+   -  `virConnectListDomains <html/libvirt-libvirt-domain.html#virConnectListDomains>`__
+   -  `virConnectNumOfDomains <html/libvirt-libvirt-domain.html#virConnectNumOfDomains>`__
+   -  `virConnectListNetworks <html/libvirt-libvirt-network.html#virConnectListNetworks>`__
+   -  `virConnectListStoragePools <html/libvirt-libvirt-storage.html#virConnectListStoragePools>`__
+
+-  **Description** [...GetInfo]
+
+   Generic accessor providing a set of generic information about an
+   object, such as:
+
+   -  `virNodeGetInfo <html/libvirt-libvirt-host.html#virNodeGetInfo>`__
+   -  `virDomainGetInfo <html/libvirt-libvirt-domain.html#virDomainGetInfo>`__
+   -  `virStoragePoolGetInfo <html/libvirt-libvirt-storage.html#virStoragePoolGetInfo>`__
+   -  `virStorageVolGetInfo <html/libvirt-libvirt-storage.html#virStorageVolGetInfo>`__
+
+-  **Accessors** [...Get..., ...Set...]
+
+   Specific accessors used to query or modify data for the given object,
+   such as:
+
+   -  `virConnectGetType <html/libvirt-libvirt-host.html#virConnectGetType>`__
+   -  `virDomainGetMaxMemory <html/libvirt-libvirt-domain.html#virDomainGetMaxMemory>`__
+   -  `virDomainSetMemory <html/libvirt-libvirt-domain.html#virDomainSetMemory>`__
+   -  `virDomainGetVcpus <html/libvirt-libvirt-domain.html#virDomainGetVcpus>`__
+   -  `virStoragePoolSetAutostart <html/libvirt-libvirt-storage.html#virStoragePoolSetAutostart>`__
+   -  `virNetworkGetBridgeName <html/libvirt-libvirt-network.html#virNetworkGetBridgeName>`__
+
+-  **Creation** [...Create, ...CreateXML]
+
+   Used to create and start objects. The ...CreateXML APIs will create
+   the object based on an XML description, while the ...Create APIs will
+   create the object based on existing object pointer, such as:
+
+   -  `virDomainCreate <html/libvirt-libvirt-domain.html#virDomainCreate>`__
+   -  `virDomainCreateXML <html/libvirt-libvirt-domain.html#virDomainCreateXML>`__
+   -  `virNetworkCreate <html/libvirt-libvirt-network.html#virNetworkCreate>`__
+   -  `virNetworkCreateXML <html/libvirt-libvirt-network.html#virNetworkCreateXML>`__
+
+-  **Destruction** [...Destroy]
+
+   Used to shutdown or deactivate and destroy objects, such as:
+
+   -  `virDomainDestroy <html/libvirt-libvirt-domain.html#virDomainDestroy>`__
+   -  `virNetworkDestroy <html/libvirt-libvirt-network.html#virNetworkDestroy>`__
+   -  `virStoragePoolDestroy <html/libvirt-libvirt-storage.html#virStoragePoolDestroy>`__
+
+Note: functions returning vir*Ptr (like the virDomainLookup functions)
+allocate memory which needs to be freed by the caller by the
+corresponding vir*Free function (e.g. virDomainFree for a virDomainPtr
+object).
+
+For more in-depth details of the storage related APIs see `the storage
+management page <storage.html>`__.
+
+The libvirt Drivers
+-------------------
+
+Drivers are the basic building block for libvirt functionality to
+support the capability to handle specific hypervisor driver calls.
+Drivers are discovered and registered during connection processing as
+part of the
+`virInitialize <html/libvirt-libvirt-host.html#virInitialize>`__
+API. Each driver has a registration API which loads up the driver
+specific function references for the libvirt APIs to call. The following
+is a simplistic view of the hypervisor driver mechanism. Consider the
+stacked list of drivers as a series of modules that can be plugged into
+the architecture depending on how libvirt is configured to be built.
+
+|The libvirt driver architecture|
+
+The driver architecture is also used to support other virtualization
+components such as storage, storage pools, host device, networking,
+network interfaces, and network filters.
+
+See the `libvirt drivers <drivers.html>`__ page for more information on
+hypervisor and storage specific drivers.
+
+Not all drivers support every virtualization function possible. The
+`libvirt API support matrix <hvsupport.html>`__ lists the various
+functions and support found in each driver by the version support was
+added into libvirt.
+
+Daemon and Remote Access
+------------------------
+
+Access to libvirt drivers is primarily handled by the libvirtd daemon
+through the `remote <remote.html>`__ driver via an
+`RPC <internals/rpc.html>`__. Some hypervisors do support client-side
+connections and responses, such as Test, OpenVZ, VMware, VirtualBox
+(vbox), ESX, Hyper-V, Xen, and Virtuozzo. The libvirtd daemon service is
+started on the host at system boot time and can also be restarted at any
+time by a properly privileged user, such as root. The libvirtd daemon
+uses the same libvirt API
+`virInitialize <html/libvirt-libvirt-host.html#virInitialize>`__
+sequence as applications for client-side driver registrations, but then
+extends the registered driver list to encompass all known drivers
+supported for all driver types supported on the host.
+
+The libvirt client `applications <apps.html>`__ use a `URI <uri.html>`__
+to obtain the ``virConnectPtr``. The ``virConnectPtr`` keeps track of
+the driver connection plus a variety of other connections (network,
+interface, storage, etc.). The ``virConnectPtr`` is then used as a
+parameter to other virtualization `functions <#Functions>`__. Depending
+upon the driver being used, calls will be routed through the remote
+driver to the libvirtd daemon. The daemon will reference the connection
+specific driver in order to retrieve the requested information and then
+pass back status and/or data through the connection back to the
+application. The application can then decide what to do with that data,
+such as display, write log data, etc. `Migration <migration.html>`__ is
+an example of many facets of the architecture in use.
+
+|The libvirt daemon and remote architecture|
+
+The key takeaway from the above diagram is that there is a remote driver
+which handles transactions for a majority of the drivers. The libvirtd
+daemon running on the host will receive transaction requests from the
+remote driver and will then query the hypervisor driver as specified in
+the ``virConnectPtr`` in order to fetch the data. The data will then be
+returned through the remote driver to the client application for
+processing.
+
+If you are interested in contributing to libvirt, read the
+`FAQ <https://wiki.libvirt.org/page/FAQ>`__ and
+`hacking <hacking.html>`__ guidelines to gain an understanding of basic
+rules and guidelines. In order to add new API functionality follow the
+instructions regarding `implementing a new API in
+libvirt <api_extension.html>`__.
+
+.. |first class objects exposed by the API| image:: images/libvirt-object-model.png
+.. |The libvirt driver architecture| image:: images/libvirt-driver-arch.png
+.. |The libvirt daemon and remote architecture| image:: images/libvirt-daemon-arch.png

docs/api_extension.html.in

@@ -1,376 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Implementing a new API in Libvirt</h1>
-
-    <ul id="toc"></ul>
-
-    <p>
-      This document walks you through the process of implementing a new
-      API in libvirt.  Remember that new API consists of any new public
-      functions, as well as the addition of flags or extensions of XML used by
-      existing functions.
-    </p>
-
-    <p>
-      Before you begin coding, it is critical that you propose your
-      changes on the libvirt mailing list and get feedback on your ideas to
-      make sure what you're proposing fits with the general direction of the
-      project.  Even before doing a proof of concept implementation, send an
-      email giving an overview of the functionality you think should be
-      added to libvirt.  Someone may already be working on the feature you
-      want.  Also, recognize that everything you write is likely to undergo
-      significant rework as you discuss it with the other developers, so
-      don't wait too long before getting feedback.
-    </p>
-
-    <p>
-      Adding a new API to libvirt is not difficult, but there are quite a
-      few steps.  This document assumes that you are familiar with C
-      programming and have checked out the libvirt code from the source code
-      repository and successfully built the existing tree.  Instructions on
-      how to check out and build the code can be found at:
-    </p>
-
-    <p>
-      <a href="https://libvirt.org/downloads.html">https://libvirt.org/downloads.html</a>
-    </p>
-
-    <p>
-      Once you have a working development environment, the steps to create a
-      new API are:
-    </p>
-    <ol>
-      <li>define the public API</li>
-      <li>define the internal driver API</li>
-      <li>implement the public API</li>
-      <li>implement the remote protocol:
-        <ol>
-          <li>define the wire protocol format</li>
-          <li>implement the RPC client</li>
-          <li>implement the server side dispatcher</li>
-        </ol>
-      </li>
-      <li>use new API where appropriate in drivers</li>
-      <li>add virsh support</li>
-      <li>add common handling for new API</li>
-      <li>for each driver that can support the new API:
-        <ol>
-          <li>add prerequisite support</li>
-          <li>fully implement new API</li>
-        </ol>
-      </li>
-    </ol>
-
-    <p>
-      It is, of course, possible to implement the pieces in any order, but
-      if the development tasks are completed in the order listed, the code
-      will compile after each step.  Given the number of changes required,
-      verification after each step is highly recommended.
-    </p>
-
-    <p>
-      Submit new code in the form of one patch per step.  That's not to say
-      submit patches before you have working functionality--get the whole thing
-      working and make sure you're happy with it.  Then use git to break the
-      changes into pieces so you don't drop a big blob of code on the
-      mailing list in one go.  Also, you should follow the upstream tree, and
-      rebase your series to adapt your patches to work with any other changes
-      that were accepted upstream during your development.
-    </p>
-
-    <p>
-      Don't mix anything else into the patches you submit.  The patches
-      should be the minimal changes required to implement the functionality
-      you're adding.  If you notice a bug in unrelated code (i.e., code you
-      don't have to touch to implement your API change) during development,
-      create a patch that just addresses that bug and submit it
-      separately.
-    </p>
-
-    <h2><a id='publicapi'>Defining the public API</a></h2>
-
-    <p>The first task is to define the public API.  If the new API
-      involves an XML extension, you have to enhance the RelaxNG
-      schema and document the new elements or attributes:</p>
-
-    <p><code>
-        docs/schemas/domaincommon.rng<br/>
-        docs/formatdomain.html.in
-    </code></p>
-
-    <p>If the API extension involves a new function, you have to add a
-      declaration in the public header, and arrange to export the
-      function name (symbol) so other programs can link against the
-      libvirt library and call the new function:</p>
-
-    <p><code>
-        include/libvirt/libvirt-$MODULE.h.in
-        src/libvirt_public.syms
-    </code></p>
-
-    <p>
-      Please consult our
-      <a href="coding-style.html#xml-element-and-attribute-naming">coding style</a>
-      guide on elements and attribute names.
-    </p>
-
-    <p>
-      This task is in many ways the most important to get right, since once
-      the API has been committed to the repository, it's libvirt's policy
-      never to change it.  Mistakes in the implementation are bugs that you
-      can fix.  Make a mistake in the API definition and you're stuck with
-      it, so think carefully about the interface and don't be afraid to
-      rework it as you go through the process of implementing it.
-    </p>
-
-    <h2><a id='internalapi'>Defining the internal API</a></h2>
-
-    <p>
-      Each public API call is associated with a driver, such as a host
-      virtualization driver, a network virtualization driver, a storage
-      virtualization driver, a state driver, or a device monitor.  Adding
-      the internal API is ordinarily a matter of adding a new member to the
-      struct representing one of these drivers.
-    </p>
-
-    <p>
-      Of course, it's possible that the new API will involve the creation of
-      an entirely new driver type, in which case the changes will include the
-      creation of a new struct type to represent the new driver type.
-    </p>
-
-    <p>The driver structs are defined in:</p>
-
-    <p><code>src/driver-$MODULE.h</code></p>
-
-    <p>
-      To define the internal API, first typedef the driver function
-      prototype and then add a new field for it to the relevant driver
-      struct.  Then, update all existing instances of the driver to
-      provide a <code>NULL</code> stub for the new function.
-    </p>
-
-    <h2><a id='implpublic'>Implementing the public API</a></h2>
-
-    <p>
-      Implementing the public API is largely a formality in which we wire up
-      public API to the internal driver API.  The public API implementation
-      takes care of some basic validity checks before passing control to the
-      driver implementation.  In RFC 2119 vocabulary, this function:
-    </p>
-
-    <ol class="ordinarylist">
-      <li>SHOULD log a message with VIR_DEBUG() indicating that it is
-        being called and its parameters;</li>
-      <li>MUST call virResetLastError();</li>
-      <li>SHOULD confirm that the connection is valid with
-        virCheckConnectReturn() or virCheckConnectGoto();</li>
-      <li><strong>SECURITY: If the API requires a connection with write
-          privileges, MUST confirm that the connection flags do not
-          indicate that the connection is read-only with
-          virCheckReadOnlyGoto();</strong></li>
-      <li>SHOULD do basic validation of the parameters that are being
-        passed in, using helpers like virCheckNonNullArgGoto();</li>
-      <li>MUST confirm that the driver for this connection exists and that
-        it implements this function;</li>
-      <li>MUST call the internal API;</li>
-      <li>SHOULD log a message with VIR_DEBUG() indicating that it is
-        returning, its return value, and status.</li>
-      <li>MUST return status to the caller.</li>
-    </ol>
-
-    <p>The public API calls are implemented in:</p>
-
-    <p><code>src/libvirt-$MODULE.c</code></p>
-
-    <h2><a id='remoteproto'>Implementing the remote protocol</a></h2>
-
-    <p>
-      Implementing the remote protocol is essentially a
-      straightforward exercise which is probably most easily
-      understood by referring to the existing code.
-    </p>
-
-    <h3><a id='wireproto'>Defining the wire protocol format</a></h3>
-
-    <p>
-      Defining the wire protocol involves making additions to:
-    </p>
-
-    <p><code>src/remote/remote_protocol.x</code></p>
-
-    <p>
-      First, create two new structs for each new function that you're adding
-      to the API.  One struct describes the parameters to be passed to the
-      remote function, and a second struct describes the value returned by
-      the remote function.  The one exception to this rule is that functions
-      that return only 0 or -1 for status do not require a struct for returned
-      data.
-    </p>
-
-    <p>
-      Second, add values to the remote_procedure enum for each new function
-      added to the API.
-    </p>
-
-    <p>
-      Once these changes are in place, it's necessary to run 'make rpcgen'
-      in the src directory to create the .c and .h files required by the
-      remote protocol code. This must be done on a Linux host using the
-      GLibC rpcgen program. Other rpcgen versions may generate code which
-      results in bogus compile time warnings.  This regenerates the
-      following files:
-    </p>
-
-    <p><code>
-        src/remote/remote_daemon_dispatch_stubs.h
-        src/remote/remote_daemon_dispatch.h
-        src/remote/remote_daemon_dispatch.c
-        src/remote/remote_protocol.c
-        src/remote/remote_protocol.h
-    </code></p>
-
-    <h3><a id='rpcclient'>Implement the RPC client</a></h3>
-
-    <p>
-      Implementing the RPC client uses the rpcgen generated .h files.
-      The remote method calls go in:
-    </p>
-
-    <p><code>src/remote/remote_driver.c</code></p>
-
-    <p>Each remote method invocation does the following:</p>
-
-    <ol class="ordinarylist">
-      <li>locks the remote driver;</li>
-      <li>sets up the method arguments;</li>
-      <li>invokes the remote function;</li>
-      <li>checks the return value, if necessary;</li>
-      <li>extracts any returned data;</li>
-      <li>frees any returned data;</li>
-      <li>unlocks the remote driver.</li>
-    </ol>
-
-    <h3><a id="serverdispatch">Implement the server side dispatcher</a></h3>
-
-    <p>
-      Implementing the server side of the remote function call is simply a
-      matter of deserializing the parameters passed in from the remote
-      caller and passing them to the corresponding internal API function.
-      The server side dispatchers are implemented in:
-    </p>
-
-    <p><code>src/remote/remote_daemon_dispatch.c</code></p>
-
-    <p>Again, this step uses the .h files generated by make rpcgen.</p>
-
-    <p>
-      After all three pieces of the remote protocol are complete, and
-      the generated files have been updated, it will be necessary to
-      update the file:</p>
-
-    <p><code>src/remote_protocol-structs</code></p>
-
-    <p>
-      This file should only have new lines added; modifications to
-      existing lines probably imply a backwards-incompatible API change.
-    </p>
-
-    <h2><a id="internaluseapi">Use the new API internally</a></h2>
-
-    <p>
-      Sometimes, a new API serves as a superset of existing API, by
-      adding more granularity in what can be managed.  When this is
-      the case, it makes sense to share a common implementation by
-      making the older API become a trivial wrapper around the new
-      API, rather than duplicating the common code.  This step should
-      not introduce any semantic differences for the old API, and is
-      not necessary if the new API has no relation to existing API.
-    </p>
-
-    <h2><a id="virshuseapi">Expose the new API in virsh</a></h2>
-
-    <p>
-      All new API should be manageable from the virsh command line
-      shell.  This proves that the API is sufficient for the intended
-      purpose, and helps to identify whether the proposed API needs
-      slight changes for easier usage.  However, remember that virsh
-      is used to connect to hosts running older versions of libvirtd,
-      so new commands should have fallbacks to an older API if
-      possible; implementing the virsh hooks at this point makes it
-      very easy to test these fallbacks.  Also remember to document
-      virsh additions.
-    </p>
-
-    <p>
-      A virsh command is composed of a few pieces of code.  You need to
-      define an array of vshCmdInfo structs for each new command that
-      contain the help text and the command description text.  You also need
-      an array of vshCmdOptDef structs to describe the command options.
-      Once you have those pieces in place you can write the function
-      implementing the virsh command.  Finally, you need to add the new
-      command to the commands[] array.  The following files need changes:
-    </p>
-
-    <p><code>
-        tools/virsh-$MODULE.c<br/>
-        tools/virsh.pod
-    </code></p>
-
-    <h2><a id="driverimpl">Implement the driver methods</a></h2>
-
-    <p>
-      So, after all that, we get to the fun part.  All functionality in
-      libvirt is implemented inside a driver.  Thus, here is where you
-      implement whatever functionality you're adding to libvirt.  You'll
-      either need to add additional files to the src directory or extend
-      files that are already there, depending on what functionality you're
-      adding.
-    </p>
-
-    <h3><a id="commonimpl">Implement common handling</a></h3>
-
-    <p>
-      If the new API is applicable to more than one driver, it may
-      make sense to provide some utility routines, or to factor some
-      of the work into the dispatcher, to avoid reimplementing the
-      same code in every driver.  In the example code, this involved
-      adding a member to the virDomainDefPtr struct for mapping
-      between the XML API addition and the in-memory representation of
-      a domain, along with updating all clients to use the new member.
-      Up to this point, there have been no changes to existing
-      semantics, and the new APIs will fail unless they are used in
-      the same way as the older API wrappers.
-    </p>
-
-    <h3><a id="drivercode">Implement driver handling</a></h3>
-
-    <p>
-      The remaining patches should only touch one driver at a time.
-      It is possible to implement all changes for a driver in one
-      patch, but for review purposes it may still make sense to break
-      things into simpler steps.  Here is where the new APIs finally
-      start working.
-    </p>
-
-    <p>
-      It is always a good idea to patch the test driver in addition to the
-      target driver, to prove that the API can be used for more than one
-      driver.
-    </p>
-
-    <p>
-      Any cleanups resulting from the changes should be added as separate
-      patches at the end of the series.
-    </p>
-
-    <p>
-      Once you have working functionality, run ninja test on each patch
-      of the series before submitting patches. It may also be worth
-      writing tests for the libvirt-TCK testsuite to exercise your new API,
-      although those patches are not kept in the libvirt repository.
-    </p>
-  </body>
-</html>

docs/api_extension.rst

@@ -0,0 +1,291 @@
+=================================
+Implementing a new API in Libvirt
+=================================
+
+.. contents::
+
+This document walks you through the process of implementing a new API in
+libvirt. Remember that new API consists of any new public functions, as
+well as the addition of flags or extensions of XML used by existing
+functions.
+
+Before you begin coding, it is critical that you propose your changes on
+the libvirt mailing list and get feedback on your ideas to make sure
+what you're proposing fits with the general direction of the project.
+Even before doing a proof of concept implementation, send an email
+giving an overview of the functionality you think should be added to
+libvirt. Someone may already be working on the feature you want. Also,
+recognize that everything you write is likely to undergo significant
+rework as you discuss it with the other developers, so don't wait too
+long before getting feedback.
+
+Adding a new API to libvirt is not difficult, but there are quite a few
+steps. This document assumes that you are familiar with C programming
+and have checked out the libvirt code from the source code repository
+and successfully built the existing tree. Instructions on how to check
+out and build the code can be found at:
+
+https://libvirt.org/downloads.html
+
+Once you have a working development environment, the steps to create a
+new API are:
+
+#. define the public API
+#. define the internal driver API
+#. implement the public API
+#. implement the remote protocol:
+
+   #. define the wire protocol format
+   #. implement the RPC client
+   #. implement the server side dispatcher
+
+#. use new API where appropriate in drivers
+#. add virsh support
+#. add common handling for new API
+#. for each driver that can support the new API:
+
+   #. add prerequisite support
+   #. fully implement new API
+
+It is, of course, possible to implement the pieces in any order, but if
+the development tasks are completed in the order listed, the code will
+compile after each step. Given the number of changes required,
+verification after each step is highly recommended.
+
+Submit new code in the form of one patch per step. That's not to say
+submit patches before you have working functionality--get the whole
+thing working and make sure you're happy with it. Then use git to break
+the changes into pieces so you don't drop a big blob of code on the
+mailing list in one go. Also, you should follow the upstream tree, and
+rebase your series to adapt your patches to work with any other changes
+that were accepted upstream during your development.
+
+Don't mix anything else into the patches you submit. The patches should
+be the minimal changes required to implement the functionality you're
+adding. If you notice a bug in unrelated code (i.e., code you don't have
+to touch to implement your API change) during development, create a
+patch that just addresses that bug and submit it separately.
+
+Defining the public API
+-----------------------
+
+The first task is to define the public API. If the new API involves an
+XML extension, you have to enhance the RelaxNG schema and document the
+new elements or attributes:
+
+``docs/schemas/domaincommon.rng         docs/formatdomain.html.in``
+
+If the API extension involves a new function, you have to add a
+declaration in the public header, and arrange to export the function
+name (symbol) so other programs can link against the libvirt library and
+call the new function:
+
+``include/libvirt/libvirt-$MODULE.h.in         src/libvirt_public.syms``
+
+Please consult our `coding
+style <coding-style.html#xml-element-and-attribute-naming>`__ guide on
+elements and attribute names.
+
+This task is in many ways the most important to get right, since once
+the API has been committed to the repository, it's libvirt's policy
+never to change it. Mistakes in the implementation are bugs that you can
+fix. Make a mistake in the API definition and you're stuck with it, so
+think carefully about the interface and don't be afraid to rework it as
+you go through the process of implementing it.
+
+Defining the internal API
+-------------------------
+
+Each public API call is associated with a driver, such as a host
+virtualization driver, a network virtualization driver, a storage
+virtualization driver, a state driver, or a device monitor. Adding the
+internal API is ordinarily a matter of adding a new member to the struct
+representing one of these drivers.
+
+Of course, it's possible that the new API will involve the creation of
+an entirely new driver type, in which case the changes will include the
+creation of a new struct type to represent the new driver type.
+
+The driver structs are defined in:
+
+``src/driver-$MODULE.h``
+
+To define the internal API, first typedef the driver function prototype
+and then add a new field for it to the relevant driver struct. Then,
+update all existing instances of the driver to provide a ``NULL`` stub
+for the new function.
+
+Implementing the public API
+---------------------------
+
+Implementing the public API is largely a formality in which we wire up
+public API to the internal driver API. The public API implementation
+takes care of some basic validity checks before passing control to the
+driver implementation. In RFC 2119 vocabulary, this function:
+
+#. SHOULD log a message with VIR_DEBUG() indicating that it is being
+   called and its parameters;
+#. MUST call virResetLastError();
+#. SHOULD confirm that the connection is valid with
+   virCheckConnectReturn() or virCheckConnectGoto();
+#. **SECURITY: If the API requires a connection with write privileges,
+   MUST confirm that the connection flags do not indicate that the
+   connection is read-only with virCheckReadOnlyGoto();**
+#. SHOULD do basic validation of the parameters that are being passed
+   in, using helpers like virCheckNonNullArgGoto();
+#. MUST confirm that the driver for this connection exists and that it
+   implements this function;
+#. MUST call the internal API;
+#. SHOULD log a message with VIR_DEBUG() indicating that it is
+   returning, its return value, and status.
+#. MUST return status to the caller.
+
+The public API calls are implemented in:
+
+``src/libvirt-$MODULE.c``
+
+Implementing the remote protocol
+--------------------------------
+
+Implementing the remote protocol is essentially a straightforward
+exercise which is probably most easily understood by referring to the
+existing code.
+
+Defining the wire protocol format
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Defining the wire protocol involves making additions to:
+
+``src/remote/remote_protocol.x``
+
+First, create two new structs for each new function that you're adding
+to the API. One struct describes the parameters to be passed to the
+remote function, and a second struct describes the value returned by the
+remote function. The one exception to this rule is that functions that
+return only 0 or -1 for status do not require a struct for returned
+data.
+
+Second, add values to the remote_procedure enum for each new function
+added to the API.
+
+Once these changes are in place, it's necessary to run 'make rpcgen' in
+the src directory to create the .c and .h files required by the remote
+protocol code. This must be done on a Linux host using the GLibC rpcgen
+program. Other rpcgen versions may generate code which results in bogus
+compile time warnings. This regenerates the following files:
+
+``src/remote/remote_daemon_dispatch_stubs.h         src/remote/remote_daemon_dispatch.h         src/remote/remote_daemon_dispatch.c         src/remote/remote_protocol.c         src/remote/remote_protocol.h``
+
+Implement the RPC client
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+Implementing the RPC client uses the rpcgen generated .h files. The
+remote method calls go in:
+
+``src/remote/remote_driver.c``
+
+Each remote method invocation does the following:
+
+#. locks the remote driver;
+#. sets up the method arguments;
+#. invokes the remote function;
+#. checks the return value, if necessary;
+#. extracts any returned data;
+#. frees any returned data;
+#. unlocks the remote driver.
+
+Implement the server side dispatcher
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Implementing the server side of the remote function call is simply a
+matter of deserializing the parameters passed in from the remote caller
+and passing them to the corresponding internal API function. The server
+side dispatchers are implemented in:
+
+``src/remote/remote_daemon_dispatch.c``
+
+Again, this step uses the .h files generated by make rpcgen.
+
+After all three pieces of the remote protocol are complete, and the
+generated files have been updated, it will be necessary to update the
+file:
+
+``src/remote_protocol-structs``
+
+This file should only have new lines added; modifications to existing
+lines probably imply a backwards-incompatible API change.
+
+Use the new API internally
+--------------------------
+
+Sometimes, a new API serves as a superset of existing API, by adding
+more granularity in what can be managed. When this is the case, it makes
+sense to share a common implementation by making the older API become a
+trivial wrapper around the new API, rather than duplicating the common
+code. This step should not introduce any semantic differences for the
+old API, and is not necessary if the new API has no relation to existing
+API.
+
+Expose the new API in virsh
+---------------------------
+
+All new API should be manageable from the virsh command line shell. This
+proves that the API is sufficient for the intended purpose, and helps to
+identify whether the proposed API needs slight changes for easier usage.
+However, remember that virsh is used to connect to hosts running older
+versions of libvirtd, so new commands should have fallbacks to an older
+API if possible; implementing the virsh hooks at this point makes it
+very easy to test these fallbacks. Also remember to document virsh
+additions.
+
+A virsh command is composed of a few pieces of code. You need to define
+an array of vshCmdInfo structs for each new command that contain the
+help text and the command description text. You also need an array of
+vshCmdOptDef structs to describe the command options. Once you have
+those pieces in place you can write the function implementing the virsh
+command. Finally, you need to add the new command to the commands[]
+array. The following files need changes:
+
+``tools/virsh-$MODULE.c         tools/virsh.pod``
+
+Implement the driver methods
+----------------------------
+
+So, after all that, we get to the fun part. All functionality in libvirt
+is implemented inside a driver. Thus, here is where you implement
+whatever functionality you're adding to libvirt. You'll either need to
+add additional files to the src directory or extend files that are
+already there, depending on what functionality you're adding.
+
+Implement common handling
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+If the new API is applicable to more than one driver, it may make sense
+to provide some utility routines, or to factor some of the work into the
+dispatcher, to avoid reimplementing the same code in every driver. In
+the example code, this involved adding a member to the virDomainDef
+struct for mapping between the XML API addition and the in-memory
+representation of a domain, along with updating all clients to use the
+new member. Up to this point, there have been no changes to existing
+semantics, and the new APIs will fail unless they are used in the same
+way as the older API wrappers.
+
+Implement driver handling
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The remaining patches should only touch one driver at a time. It is
+possible to implement all changes for a driver in one patch, but for
+review purposes it may still make sense to break things into simpler
+steps. Here is where the new APIs finally start working.
+
+It is always a good idea to patch the test driver in addition to the
+target driver, to prove that the API can be used for more than one
+driver.
+
+Any cleanups resulting from the changes should be added as separate
+patches at the end of the series.
+
+Once you have working functionality, run ninja test on each patch of the
+series before submitting patches. It may also be worth writing tests for
+the libvirt-TCK testsuite to exercise your new API, although those
+patches are not kept in the libvirt repository.

docs/apps.html.in

@@ -1,481 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Applications using libvirt</h1>
-
-    <p>
-      This page provides an illustration of the wide variety of
-      applications using the libvirt management API.
-    </p>
-
-    <ul id="toc"></ul>
-
-    <h2><a id="add">Add an application</a></h2>
-
-    <p>
-      To add an application not listed on this page, send a message
-      to the <a href="contact.html">mailing list</a>, requesting it
-      be added here, or simply send a patch against the documentation
-      in the libvirt.git docs subdirectory.
-      If your application uses libvirt as its API,
-      the following graphics are available for your website to advertise
-      support for libvirt:
-    </p>
-
-    <p class="image">
-      <img src="logos/logo-square-powered-96.png" alt="libvirt powered"/>
-      <img src="logos/logo-square-powered-128.png" alt="libvirt powered"/>
-      <img src="logos/logo-square-powered-192.png" alt="libvirt powered"/>
-      <img src="logos/logo-square-powered-256.png" alt="libvirt powered"/>
-    </p>
-
-    <h2><a id="command">Command line tools</a></h2>
-
-    <dl>
-      <dt><a href="https://libguestfs.org">guestfish</a></dt>
-      <dd>
-        Guestfish is an interactive shell and command-line tool for examining
-        and modifying virtual machine filesystems.  It uses libvirt to find
-        guests and their associated disks.
-      </dd>
-      <dt>virsh</dt>
-      <dd>
-        An interactive shell, and batch scriptable tool for performing
-        management tasks on all libvirt managed domains, networks and
-        storage. This is part of the libvirt core distribution.
-      </dd>
-      <dt><a href="https://virt-manager.org/">virt-clone</a></dt>
-      <dd>
-        Allows the disk image(s) and configuration for an existing
-        virtual machine to be cloned to form a new virtual machine.
-        It automates copying of data across to new disk images, and
-        updates the UUID, MAC address, and name in the configuration.
-      </dd>
-      <dt><a href="https://people.redhat.com/rjones/virt-df/">virt-df</a></dt>
-      <dd>
-        Examine the utilization of each filesystem in a virtual machine
-        from the comfort of the host machine. This tool peeks into the
-        guest disks and determines how much space is used. It can cope
-        with common Linux filesystems and LVM volumes.
-      </dd>
-      <dt><a href="https://virt-manager.org/">virt-image</a></dt>
-      <dd>
-        Provides a way to deploy virtual appliances. It defines a
-        simplified portable XML format describing the pre-requisites
-        of a virtual machine. At time of deployment this is translated
-        into the domain XML format for execution under any libvirt
-        hypervisor meeting the pre-requisites.
-      </dd>
-      <dt><a href="https://virt-manager.org/">virt-install</a></dt>
-      <dd>
-        Provides a way to provision new virtual machines from a
-        OS distribution install tree. It supports provisioning from
-        local CD images, and the network over NFS, HTTP and FTP.
-      </dd>
-      <dt><a href="https://people.redhat.com/rjones/virt-top/">virt-top</a></dt>
-      <dd>
-        Watch the CPU, memory, network and disk utilization of all
-        virtual machines running on a host.
-      </dd>
-      <dt>
-        <a href="https://people.redhat.com/~rjones/virt-what/">virt-what</a>
-      </dt>
-      <dd>
-        virt-what is a shell script for detecting if the program is running
-        in a virtual machine.  It prints out a list of facts about the
-        virtual machine, derived from heuristics.
-      </dd>
-      <dt><a href="https://sourceware.org/systemtap/">stap</a></dt>
-      <dd>
-        SystemTap is a tool used to gather rich information about a running
-        system through the use of scripts. Starting from v2.4, the front-end
-        application stap can use libvirt to gather data within virtual
-        machines.
-      </dd>
-      <dt><a href="https://github.com/pradels/vagrant-libvirt/">vagrant-libvirt</a></dt>
-      <dd>
-        Vagrant-Libvirt is a Vagrant plugin that uses libvirt to manage virtual
-        machines. It is a command line tool for developers that makes it very
-        fast and easy to deploy and re-deploy an environment of vm's.
-      </dd>
-      <dt><a href="https://github.com/virt-lightning/virt-lightning">virt-lightning</a></dt>
-      <dd>
-        Virt-Lightning uses libvirt, cloud-init and libguestfs to allow anyone
-        to quickly start a new VM. Very much like a container CLI, but with a
-        virtual machine.
-      </dd>
-    </dl>
-
-    <h2><a id="configmgmt">Configuration Management</a></h2>
-
-    <dl>
-      <dt><a href="https://wiki.lcfg.org/bin/view/LCFG/LcfgLibvirt">LCFG</a></dt>
-      <dd>
-        LCFG is a system for automatically installing and managing the
-        configuration of large numbers of Unix systems.  It is particularly
-        suitable for sites with very diverse and rapidly changing
-        configurations.
-      </dd>
-      <dd>
-        The lcfg-libvirt package adds support for virtualized systems to
-        LCFG, with both Xen and KVM known to work.  Cloning guests is
-        supported, as are the bridged, routed, and isolated modes for
-        Virtual Networking.
-      </dd>
-    </dl>
-
-    <h2><a id="continuousintegration">Continuous Integration</a></h2>
-
-    <dl>
-      <dt><a href="https://docs.buildbot.net/latest/manual/configuration/workers-libvirt.html">BuildBot</a></dt>
-      <dd>
-        BuildBot is a system to automate the compile/test cycle required
-        by most software projects.  CVS commits trigger new builds, run on
-        a variety of client machines.  Build status (pass/fail/etc) are
-        displayed on a web page or through other protocols.
-      </dd>
-    </dl>
-
-    <dl>
-      <dt><a href="https://plugins.jenkins.io/libvirt-slave/">Jenkins</a></dt>
-      <dd>
-        This plugin for Jenkins adds a way to control guest domains hosted
-        on Xen or QEMU/KVM.  You configure a Jenkins Agent,
-        selecting the guest domain and hypervisor.  When you need to build a
-        job on a specific Agent, its guest domain is started, then the job is
-        run.  When the build process is finished, the guest domain is shut
-        down, ready to be used again as required.
-      </dd>
-    </dl>
-
-    <h2><a id="conversion">Conversion</a></h2>
-
-    <dl>
-      <dt><a href="https://libguestfs.org/virt-p2v.1.html">virt-p2v</a></dt>
-      <dd>
-        Convert a physical machine to run on KVM.  It is a LiveCD
-        which is booted on the machine to be converted.  It collects a
-        little information from the user, then copies the disks over
-        to a remote machine and defines the XML for a domain to run
-        the guest.  (Note this tool is included with libguestfs)
-      </dd>
-      <dt><a href="https://libguestfs.org/virt-v2v.1.html">virt-v2v</a></dt>
-      <dd>
-        virt-v2v converts guests from a foreign hypervisor to run on
-        KVM, managed by libvirt.  It can convert guests from VMware or
-        Xen to run on OpenStack, oVirt (RHEV-M), or local libvirt.  It
-        will enable VirtIO drivers in the converted guest if possible.
-        (Note this tool is included with libguestfs)
-      </dd>
-      <dd>
-        For RHEL customers of Red Hat, conversion of Windows guests is also
-        possible.  This conversion requires some Microsoft signed pieces,
-        that Red Hat can provide.
-      </dd>
-      <dt><a href="https://launchpad.net/virt-goodies">vmware2libvirt</a></dt>
-      <dd>
-        Part of the <i>virt-goodies</i> package, vmware2libvirt is a python
-        script for migrating a vmware image to libvirt.
-      </dd>
-    </dl>
-
-    <h2><a id="desktop">Desktop applications</a></h2>
-
-    <dl>
-      <dt><a href="https://virt-manager.org/">virt-manager</a></dt>
-      <dd>
-        A general purpose desktop management tool, able to manage
-        virtual machines across both local and remotely accessed
-        hypervisors. It is targeted at home and small office usage
-        up to managing 10-20 hosts and their VMs.
-      </dd>
-      <dt><a href="https://virt-manager.org/">virt-viewer</a></dt>
-      <dd>
-        A lightweight tool for accessing the graphical console
-        associated with a virtual machine. It can securely connect
-        to remote consoles supporting the VNC protocol. Also provides
-        an optional mozilla browser plugin.
-      </dd>
-      <dt><a href="https://f1ash.github.io/qt-virt-manager">qt-virt-manager</a></dt>
-      <dd>
-        The Qt GUI for create and control VMs and another virtual entities
-        (aka networks, storages, interfaces, secrets, network filters).
-        Contains integrated LXC/SPICE/VNC viewer for accessing the graphical or
-        text console associated with a virtual machine or container.
-      </dd>
-      <dt><a href="https://f1ash.github.io/qt-virt-manager/#virtual-machines-viewer">qt-remote-viewer</a></dt>
-      <dd>
-        The Qt VNC/SPICE viewer for access to remote desktops or VMs.
-      </dd>
-    </dl>
-
-    <h2><a id="iaas">Infrastructure as a Service (IaaS)</a></h2>
-
-    <dl>
-      <dt><a href="http://cc1.ifj.edu.pl">Cracow Cloud One</a></dt>
-      <dd>The CC1 system provides a complete solution for Private
-        Cloud Computing. An intuitive web access interface with an
-        administration module and simple installation procedure make
-        it easy to benefit from private Cloud Computing technology.
-      </dd>
-
-      <dt><a href="https://github.com/eucalyptus/eucalyptus">Eucalyptus</a></dt>
-      <dd>
-        Eucalyptus is an on-premise Infrastructure as a Service cloud
-        software platform that is open source and
-        AWS-compatible. Eucalyptus uses libvirt virtualization API to
-        directly interact with Xen and KVM hypervisors.
-      </dd>
-
-      <dt><a href="http://www.nimbusproject.org">Nimbus</a></dt>
-      <dd>
-        Nimbus is an open-source toolkit focused on providing
-        Infrastructure-as-a-Service (IaaS) capabilities to the scientific
-        community.  It uses libvirt for communication with all KVM and Xen
-        virtual machines.
-      </dd>
-
-      <dt><a href="http://snooze.inria.fr">Snooze</a></dt>
-      <dd>
-        Snooze is an open-source scalable, autonomic, and energy-efficient
-        virtual machine (VM) management framework for private clouds. It
-        integrates libvirt for VM monitoring, live migration, and life-cycle
-        management.
-      </dd>
-
-      <dt><a href="https://www.openstack.org">OpenStack</a></dt>
-      <dd>
-        OpenStack is a "cloud operating system" usable for both public
-        and private clouds.  Its various parts take care of compute,
-        storage and networking resources and interface with the user
-        using a dashboard.  Compute part uses libvirt to manage VM
-        life-cycle, monitoring and so on.
-      </dd>
-
-      <dt><a href="https://github.com/gustavfranssonnyvell/cherrypop">Cherrypop</a></dt>
-      <dd>
-        A cloud software with no masters or central points. Nodes
-        autodetect other nodes and autodistribute virtual
-        machines and autodivide up the workload. Also there is no
-        minimum limit for hosts, well, one might be nice. It's
-        perfect for setting up low-end servers in a cloud or a
-        cloud where you want the most bang for the bucks.
-      </dd>
-
-      <dt><a href="https://en.zstack.io/">ZStack</a></dt>
-      <dd>
-        ZStack is an open source IaaS software that aims to automate the
-        management of all resources (compute, storage, networking, etc.) in a
-        datacenter by using APIs, thus conforming to the principles of a
-        software-defined datacenter. The key strengths of ZStack in terms of
-        management are scalability, performance, and a fast, user-friendly
-        deployment.
-      </dd>
-    </dl>
-
-    <h2><a id="libraries">Libraries</a></h2>
-
-    <dl>
-      <dt><a href="https://libguestfs.org">libguestfs</a></dt>
-      <dd>
-        A library and set of tools for accessing and modifying virtual
-        machine disk images.  It can be linked with C and C++ management
-        programs, and has bindings for Perl, Python, Ruby, Java, OCaml,
-        PHP, Haskell, and C#.
-      </dd>
-      <dd>
-        Using its FUSE module, you can also mount guest filesystems on the
-        host, and there is a subproject to allow merging changes into the
-        Windows Registry in Windows guests.
-      </dd>
-
-      <dt><a href="https://sandbox.libvirt.org">libvirt-sandbox</a></dt>
-      <dd>
-        A library and command line tools for simplifying the creation of
-        application sandboxes using virtualization technology. It currently
-        supports either KVM, QEMU or LXC as backends. Integration with
-        systemd facilitates sandboxing of system services like apache.
-      </dd>
-      <dt><a href="https://github.com/ohadlevy/virt#readme">Ruby
-          Libvirt Object bindings</a></dt>
-      <dd>
-        Allows using simple ruby objects to manipulate
-        hypervisors, guests, storage, network etc.  It is
-        based on top of
-        the <a href="https://libvirt.org/ruby">native ruby bindings</a>.
-      </dd>
-    </dl>
-
-    <h2><a id="livecd">LiveCD / Appliances</a></h2>
-
-    <dl>
-      <dt><a href="https://libguestfs.org/virt-v2v/">virt-p2v</a></dt>
-      <dd>
-        An older tool for converting a physical machine into a virtual
-        machine.  It is a LiveCD which is booted on the machine to be
-        converted.  It collects a little information from the user, then
-        copies the disks over to a remote machine and defines the XML for a
-        domain to run the guest.
-      </dd>
-    </dl>
-
-    <h2><a id="monitoring">Monitoring</a></h2>
-    <dl>
-      <dt><a href="https://collectd.org/plugins/libvirt.shtml">collectd</a></dt>
-      <dd>
-        The libvirt-plugin is part of <a href="https://collectd.org/">collectd</a>
-        and gathers statistics about virtualized guests on a system. This
-        way, you can collect CPU, network interface and block device usage
-        for each guest without installing collectd on the guest systems.
-        For a full description, please refer to the libvirt section in the
-        collectd.conf(5) manual page.
-      </dd>
-      <dt><a href="https://www.sflow.net/">Host sFlow</a></dt>
-      <dd>
-        Host sFlow is a lightweight agent running on KVM hypervisors that
-        links to libvirt library and exports standardized cpu, memory, network
-        and disk metrics for all virtual machines.
-      </dd>
-      <dt><a href="https://honk.sigxcpu.org/projects/libvirt/#munin">Munin</a></dt>
-      <dd>
-        The plugins provided by Guido Günther allow to monitor various things
-        like network and block I/O with
-        <a href="http://munin.projects.linpro.no/">Munin</a>.
-      </dd>
-      <dt><a href="https://people.redhat.com/rjones/nagios-virt/">Nagios-virt</a></dt>
-      <dd>
-        Nagios-virt is a configuration tool to add monitoring of your
-        virtualised domains to <a href="https://www.nagios.org/">Nagios</a>.
-        You can use this tool to either set up a new Nagios installation for
-        your Xen or QEMU/KVM guests, or to integrate with your existing Nagios
-        installation.
-      </dd>
-      <dt><a href="https://pcp.io/man/man1/pmdalibvirt.1.html">PCP</a></dt>
-      <dd>
-        The PCP libvirt PMDA (plugin) is part of the
-        <a href="https://pcp.io/">PCP</a> toolkit and provides
-        hypervisor and guest information and complete set of guest performance
-        metrics. It supports pCPU, vCPU, memory, block device, network interface,
-        and performance event metrics for each virtual guest.
-      </dd>
-    </dl>
-
-    <h2><a id="provisioning">Provisioning</a></h2>
-
-    <dl>
-      <dt><a href="https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli+Provisioning+Manager">Tivoli Provisioning Manager</a></dt>
-      <dd>
-        Part of the IBM Tivoli family, Tivoli Provisioning Manager (TPM) is
-        an IT lifecycle automation product.  It
-        <a href="http://publib.boulder.ibm.com/infocenter/tivihelp/v38r1/index.jsp?topic=/com.ibm.tivoli.tpm.apk.doc/libvirt_package.html">uses libvirt</a>
-        for communication with virtualization hosts and guest domains.
-      </dd>
-    </dl>
-
-    <dl>
-      <dt><a href="https://theforeman.org">Foreman</a></dt>
-      <dd>
-      Foreman is an open source web based application aimed to be a
-      Single Address For All Machines Life Cycle Management. Foreman:
-
-      <ul>
-          <li>Creates everything you need when adding a new machine to
-          your network, its goal being automatically managing
-          everything you would normally manage manually (DNS, DHCP,
-          TFTP, Virtual Machines,CA, CMDB...)</li>
-          <li>Integrates with Puppet (and acts as web front end to it).</li>
-          <li>Takes care of provisioning until the point puppet is
-          running, allowing Puppet to do what it does best.</li>
-          <li>Shows you Systems Inventory (based on Facter) and
-          provides real time information about hosts status based on
-          Puppet reports.</li>
-      </ul>
-      </dd>
-    </dl>
-
-
-    <h2><a id="web">Web applications</a></h2>
-
-    <dl>
-      <dt><a href="https://www.abiquo.com/">AbiCloud</a></dt>
-      <dd>
-        AbiCloud is an open source cloud platform manager which allows to
-        easily deploy a private cloud in your datacenter. One of the key
-        differences of AbiCloud is the web rich interface for managing the
-        infrastructure. You can deploy a new service just dragging and
-        dropping a VM.
-      </dd>
-      <dt><a href="https://kimchi-project.github.io/kimchi/">Kimchi</a></dt>
-      <dd>
-        Kimchi is an HTML5 based management tool for KVM. It is designed to
-        make it as easy as possible to get started with KVM and create your first guest.
-
-        Kimchi manages KVM guests through libvirt. The management interface is accessed
-        over the web using a browser that supports HTML5.
-      </dd>
-      <dt><a href="https://ovirt.org/">oVirt</a></dt>
-      <dd>
-        oVirt provides the ability to manage large numbers of virtual
-        machines across an entire data center of hosts. It integrates
-        with FreeIPA for Kerberos authentication, and in the future,
-        certificate management.
-      </dd>
-      <dt><a href="https://ispsystem.com/en/software/vmmanager">VMmanager</a></dt>
-      <dd>
-        VMmanager is a software solution for virtualization management
-        that can be used both for hosting virtual machines and
-        building a cloud.  VMmanager can manage not only one server,
-        but a large cluster of hypervisors.  It delivers a number of
-        functions, such as live migration that allows for load
-        balancing between cluster nodes, monitoring CPU, memory.
-      </dd>
-      <dt><a href="https://mist.io/">mist.io</a></dt>
-      <dd>
-        Mist.io is an open source project and a service that can assist you in
-        managing your virtual machines on a unified way, providing a simple
-        interface for all of your infrastructure (multiple public cloud
-        providers, OpenStack based public/private clouds, Docker servers, bare
-        metal servers and now KVM hypervisors).
-      </dd>
-      <dt><a href="https://ravada.upc.edu/">Ravada</a></dt>
-      <dd>
-        Ravada is an open source tool for managing Virtual Desktop
-        Infrastructure (VDI). It is very easy to install and use. Following
-        the documentation, you'll be ready to deploy virtual machines in
-        minutes. The only requirements for the users are a Web browser and
-        a lightweight remote viewer.
-      </dd>
-      <dt><a href="https://github.com/cutelyst/Virtlyst">Virtlyst</a></dt>
-      <dd>
-        Virtlyst is an open source web application built with C++11, Cutelyst and Qt.
-        It features:
-        <ul>
-          <li>Low memory usage (around 5 MiB of RAM)</li>
-          <li>Look and feel easily customized with HTML templates that use the Django syntax</li>
-          <li>VNC/Spice console directly in the browser using websockets on the same HTTP port</li>
-          <li>Host and Domain statistics graphs (CPU, Memory, IO, Network)</li>
-          <li>Connect to multiple libvirtd instances (over local Unix domain socket, SSH, TCP and TLS)</li>
-          <li>Manage Storage Pools, Storage Volumes, Networks, Interfaces, and Secrets</li>
-          <li>Create and launch VMs</li>
-          <li>Configure VMs with easy panels or go pro and edit the VM's XML</li>
-        </ul>
-      </dd>
-    </dl>
-
-    <h2><a id="other">Other</a></h2>
-
-    <dl>
-      <dt><a href="https://cuckoosandbox.org/">Cuckoo Sandbox</a></dt>
-      <dd>
-        Cuckoo Sandbox is a malware analysis system.  You can throw
-        any suspicious file at it and in a matter of seconds Cuckoo
-        will provide you back some detailed results outlining what
-        such file did when executed inside an isolated environment.
-        And libvirt is one of the backends that can be used for the
-        isolated environment.
-      </dd>
-    </dl>
-
-  </body>
-</html>

docs/apps.rst

@@ -0,0 +1,348 @@
+==========================
+Applications using libvirt
+==========================
+
+This page provides an illustration of the wide variety of applications
+using the libvirt management API.
+
+.. contents::
+
+Add an application
+------------------
+
+To add an application not listed on this page, send a message to the
+`mailing list <contact.html>`__, requesting it be added here, or simply
+send a patch against the documentation in the libvirt.git docs
+subdirectory. If your application uses libvirt as its API, the following
+graphics are available for your website to advertise support for
+libvirt:
+
+|libvirt powered 96| |libvirt powered 128| |libvirt powered 192| |libvirt powered 256|
+
+Command line tools
+------------------
+
+`guestfish <https://libguestfs.org>`__
+   Guestfish is an interactive shell and command-line tool for examining
+   and modifying virtual machine filesystems. It uses libvirt to find
+   guests and their associated disks.
+virsh
+   An interactive shell, and batch scriptable tool for performing
+   management tasks on all libvirt managed domains, networks and
+   storage. This is part of the libvirt core distribution.
+`virt-clone <https://virt-manager.org/>`__
+   Allows the disk image(s) and configuration for an existing virtual
+   machine to be cloned to form a new virtual machine. It automates
+   copying of data across to new disk images, and updates the UUID, MAC
+   address, and name in the configuration.
+`virt-df <https://people.redhat.com/rjones/virt-df/>`__
+   Examine the utilization of each filesystem in a virtual machine from
+   the comfort of the host machine. This tool peeks into the guest disks
+   and determines how much space is used. It can cope with common Linux
+   filesystems and LVM volumes.
+`virt-image <https://virt-manager.org/>`__
+   Provides a way to deploy virtual appliances. It defines a simplified
+   portable XML format describing the pre-requisites of a virtual
+   machine. At time of deployment this is translated into the domain XML
+   format for execution under any libvirt hypervisor meeting the
+   pre-requisites.
+`virt-install <https://virt-manager.org/>`__
+   Provides a way to provision new virtual machines from a OS
+   distribution install tree. It supports provisioning from local CD
+   images, and the network over NFS, HTTP and FTP.
+`virt-top <https://people.redhat.com/rjones/virt-top/>`__
+   Watch the CPU, memory, network and disk utilization of all virtual
+   machines running on a host.
+`virt-what <https://people.redhat.com/~rjones/virt-what/>`__
+   virt-what is a shell script for detecting if the program is running
+   in a virtual machine. It prints out a list of facts about the virtual
+   machine, derived from heuristics.
+`stap <https://sourceware.org/systemtap/>`__
+   SystemTap is a tool used to gather rich information about a running
+   system through the use of scripts. Starting from v2.4, the front-end
+   application stap can use libvirt to gather data within virtual
+   machines.
+`vagrant-libvirt <https://github.com/pradels/vagrant-libvirt/>`__
+   Vagrant-Libvirt is a Vagrant plugin that uses libvirt to manage
+   virtual machines. It is a command line tool for developers that makes
+   it very fast and easy to deploy and re-deploy an environment of vm's.
+`virt-lightning <https://github.com/virt-lightning/virt-lightning>`__
+   Virt-Lightning uses libvirt, cloud-init and libguestfs to allow
+   anyone to quickly start a new VM. Very much like a container CLI, but
+   with a virtual machine.
+
+Configuration Management
+------------------------
+
+`LCFG <https://wiki.lcfg.org/bin/view/LCFG/LcfgLibvirt>`__
+   LCFG is a system for automatically installing and managing the
+   configuration of large numbers of Unix systems. It is particularly
+   suitable for sites with very diverse and rapidly changing
+   configurations.
+   The lcfg-libvirt package adds support for virtualized systems to
+   LCFG, with both Xen and KVM known to work. Cloning guests is
+   supported, as are the bridged, routed, and isolated modes for Virtual
+   Networking.
+
+Continuous Integration
+----------------------
+
+`BuildBot <https://docs.buildbot.net/latest/manual/configuration/workers-libvirt.html>`__
+   BuildBot is a system to automate the compile/test cycle required by
+   most software projects. CVS commits trigger new builds, run on a
+   variety of client machines. Build status (pass/fail/etc) are
+   displayed on a web page or through other protocols.
+
+`Jenkins <https://plugins.jenkins.io/libvirt-slave/>`__
+   This plugin for Jenkins adds a way to control guest domains hosted on
+   Xen or QEMU/KVM. You configure a Jenkins Agent, selecting the guest
+   domain and hypervisor. When you need to build a job on a specific
+   Agent, its guest domain is started, then the job is run. When the
+   build process is finished, the guest domain is shut down, ready to be
+   used again as required.
+
+Conversion
+----------
+
+`virt-p2v <https://libguestfs.org/virt-p2v.1.html>`__
+   Convert a physical machine to run on KVM. It is a LiveCD which is
+   booted on the machine to be converted. It collects a little
+   information from the user, then copies the disks over to a remote
+   machine and defines the XML for a domain to run the guest. (Note this
+   tool is included with libguestfs)
+`virt-v2v <https://libguestfs.org/virt-v2v.1.html>`__
+   virt-v2v converts guests from a foreign hypervisor to run on KVM,
+   managed by libvirt. It can convert guests from VMware or Xen to run
+   on OpenStack, oVirt (RHEV-M), or local libvirt. It will enable VirtIO
+   drivers in the converted guest if possible. (Note this tool is
+   included with libguestfs)
+   For RHEL customers of Red Hat, conversion of Windows guests is also
+   possible. This conversion requires some Microsoft signed pieces, that
+   Red Hat can provide.
+`vmware2libvirt <https://launchpad.net/virt-goodies>`__
+   Part of the *virt-goodies* package, vmware2libvirt is a python script
+   for migrating a vmware image to libvirt.
+
+Desktop applications
+--------------------
+
+`virt-manager <https://virt-manager.org/>`__
+   A general purpose desktop management tool, able to manage virtual
+   machines across both local and remotely accessed hypervisors. It is
+   targeted at home and small office usage up to managing 10-20 hosts
+   and their VMs.
+`virt-viewer <https://virt-manager.org/>`__
+   A lightweight tool for accessing the graphical console associated
+   with a virtual machine. It can securely connect to remote consoles
+   supporting the VNC protocol. Also provides an optional mozilla
+   browser plugin.
+`qt-virt-manager <https://f1ash.github.io/qt-virt-manager>`__
+   The Qt GUI for create and control VMs and another virtual entities
+   (aka networks, storages, interfaces, secrets, network filters).
+   Contains integrated LXC/SPICE/VNC viewer for accessing the graphical
+   or text console associated with a virtual machine or container.
+`qt-remote-viewer <https://f1ash.github.io/qt-virt-manager/#virtual-machines-viewer>`__
+   The Qt VNC/SPICE viewer for access to remote desktops or VMs.
+
+Infrastructure as a Service (IaaS)
+----------------------------------
+
+`Cracow Cloud One <http://cc1.ifj.edu.pl>`__
+   The CC1 system provides a complete solution for Private Cloud
+   Computing. An intuitive web access interface with an administration
+   module and simple installation procedure make it easy to benefit from
+   private Cloud Computing technology.
+`Eucalyptus <https://github.com/eucalyptus/eucalyptus>`__
+   Eucalyptus is an on-premise Infrastructure as a Service cloud
+   software platform that is open source and AWS-compatible. Eucalyptus
+   uses libvirt virtualization API to directly interact with Xen and KVM
+   hypervisors.
+`Nimbus <http://www.nimbusproject.org>`__
+   Nimbus is an open-source toolkit focused on providing
+   Infrastructure-as-a-Service (IaaS) capabilities to the scientific
+   community. It uses libvirt for communication with all KVM and Xen
+   virtual machines.
+`Snooze <http://snooze.inria.fr>`__
+   Snooze is an open-source scalable, autonomic, and energy-efficient
+   virtual machine (VM) management framework for private clouds. It
+   integrates libvirt for VM monitoring, live migration, and life-cycle
+   management.
+`OpenStack <https://www.openstack.org>`__
+   OpenStack is a "cloud operating system" usable for both public and
+   private clouds. Its various parts take care of compute, storage and
+   networking resources and interface with the user using a dashboard.
+   Compute part uses libvirt to manage VM life-cycle, monitoring and so
+   on.
+`KubeVirt <https://kubevirt.io/>`__
+   KubeVirt is a virtual machine management add-on for Kubernetes. The
+   aim is to provide a common ground for virtualization solutions on top
+   of Kubernetes.
+`Cherrypop <https://github.com/gustavfranssonnyvell/cherrypop>`__
+   A cloud software with no masters or central points. Nodes autodetect
+   other nodes and autodistribute virtual machines and autodivide up the
+   workload. Also there is no minimum limit for hosts, well, one might
+   be nice. It's perfect for setting up low-end servers in a cloud or a
+   cloud where you want the most bang for the bucks.
+`ZStack <https://en.zstack.io/>`__
+   ZStack is an open source IaaS software that aims to automate the
+   management of all resources (compute, storage, networking, etc.) in a
+   datacenter by using APIs, thus conforming to the principles of a
+   software-defined datacenter. The key strengths of ZStack in terms of
+   management are scalability, performance, and a fast, user-friendly
+   deployment.
+
+Libraries
+---------
+
+`libguestfs <https://libguestfs.org>`__
+   A library and set of tools for accessing and modifying virtual
+   machine disk images. It can be linked with C and C++ management
+   programs, and has bindings for Perl, Python, Ruby, Java, OCaml, PHP,
+   Haskell, and C#.
+   Using its FUSE module, you can also mount guest filesystems on the
+   host, and there is a subproject to allow merging changes into the
+   Windows Registry in Windows guests.
+`libvirt-sandbox <https://sandbox.libvirt.org>`__
+   A library and command line tools for simplifying the creation of
+   application sandboxes using virtualization technology. It currently
+   supports either KVM, QEMU or LXC as backends. Integration with
+   systemd facilitates sandboxing of system services like apache.
+`Ruby Libvirt Object bindings <https://github.com/ohadlevy/virt#readme>`__
+   Allows using simple ruby objects to manipulate hypervisors, guests,
+   storage, network etc. It is based on top of the `native ruby
+   bindings <https://libvirt.org/ruby>`__.
+
+LiveCD / Appliances
+-------------------
+
+`virt-p2v <https://libguestfs.org/virt-v2v/>`__
+   An older tool for converting a physical machine into a virtual
+   machine. It is a LiveCD which is booted on the machine to be
+   converted. It collects a little information from the user, then
+   copies the disks over to a remote machine and defines the XML for a
+   domain to run the guest.
+
+Monitoring
+----------
+
+`collectd <https://collectd.org/plugins/libvirt.shtml>`__
+   The libvirt-plugin is part of `collectd <https://collectd.org/>`__
+   and gathers statistics about virtualized guests on a system. This
+   way, you can collect CPU, network interface and block device usage
+   for each guest without installing collectd on the guest systems. For
+   a full description, please refer to the libvirt section in the
+   collectd.conf(5) manual page.
+`Host sFlow <https://www.sflow.net/>`__
+   Host sFlow is a lightweight agent running on KVM hypervisors that
+   links to libvirt library and exports standardized cpu, memory,
+   network and disk metrics for all virtual machines.
+`Munin <https://honk.sigxcpu.org/projects/libvirt/#munin>`__
+   The plugins provided by Guido Günther allow to monitor various things
+   like network and block I/O with
+   `Munin <http://munin.projects.linpro.no/>`__.
+`Nagios-virt <https://people.redhat.com/rjones/nagios-virt/>`__
+   Nagios-virt is a configuration tool to add monitoring of your
+   virtualised domains to `Nagios <https://www.nagios.org/>`__. You can
+   use this tool to either set up a new Nagios installation for your Xen
+   or QEMU/KVM guests, or to integrate with your existing Nagios
+   installation.
+`PCP <https://pcp.io/man/man1/pmdalibvirt.1.html>`__
+   The PCP libvirt PMDA (plugin) is part of the
+   `PCP <https://pcp.io/>`__ toolkit and provides hypervisor and guest
+   information and complete set of guest performance metrics. It
+   supports pCPU, vCPU, memory, block device, network interface, and
+   performance event metrics for each virtual guest.
+
+Provisioning
+------------
+
+`Tivoli Provisioning Manager <https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli+Provisioning+Manager>`__
+   Part of the IBM Tivoli family, Tivoli Provisioning Manager (TPM) is
+   an IT lifecycle automation product. It `uses
+   libvirt <http://publib.boulder.ibm.com/infocenter/tivihelp/v38r1/index.jsp?topic=/com.ibm.tivoli.tpm.apk.doc/libvirt_package.html>`__
+   for communication with virtualization hosts and guest domains.
+
+`Foreman <https://theforeman.org>`__
+   Foreman is an open source web based application aimed to be a Single
+   Address For All Machines Life Cycle Management. Foreman:
+
+   -  Creates everything you need when adding a new machine to your
+      network, its goal being automatically managing everything you
+      would normally manage manually (DNS, DHCP, TFTP, Virtual
+      Machines,CA, CMDB...)
+   -  Integrates with Puppet (and acts as web front end to it).
+   -  Takes care of provisioning until the point puppet is running,
+      allowing Puppet to do what it does best.
+   -  Shows you Systems Inventory (based on Facter) and provides real
+      time information about hosts status based on Puppet reports.
+
+Web applications
+----------------
+
+`AbiCloud <https://www.abiquo.com/>`__
+   AbiCloud is an open source cloud platform manager which allows to
+   easily deploy a private cloud in your datacenter. One of the key
+   differences of AbiCloud is the web rich interface for managing the
+   infrastructure. You can deploy a new service just dragging and
+   dropping a VM.
+`Kimchi <https://kimchi-project.github.io/kimchi/>`__
+   Kimchi is an HTML5 based management tool for KVM. It is designed to
+   make it as easy as possible to get started with KVM and create your
+   first guest. Kimchi manages KVM guests through libvirt. The
+   management interface is accessed over the web using a browser that
+   supports HTML5.
+`oVirt <https://ovirt.org/>`__
+   oVirt provides the ability to manage large numbers of virtual
+   machines across an entire data center of hosts. It integrates with
+   FreeIPA for Kerberos authentication, and in the future, certificate
+   management.
+`VMmanager <https://ispsystem.com/en/software/vmmanager>`__
+   VMmanager is a software solution for virtualization management that
+   can be used both for hosting virtual machines and building a cloud.
+   VMmanager can manage not only one server, but a large cluster of
+   hypervisors. It delivers a number of functions, such as live
+   migration that allows for load balancing between cluster nodes,
+   monitoring CPU, memory.
+`mist.io <https://mist.io/>`__
+   Mist.io is an open source project and a service that can assist you
+   in managing your virtual machines on a unified way, providing a
+   simple interface for all of your infrastructure (multiple public
+   cloud providers, OpenStack based public/private clouds, Docker
+   servers, bare metal servers and now KVM hypervisors).
+`Ravada <https://ravada.upc.edu/>`__
+   Ravada is an open source tool for managing Virtual Desktop
+   Infrastructure (VDI). It is very easy to install and use. Following
+   the documentation, you'll be ready to deploy virtual machines in
+   minutes. The only requirements for the users are a Web browser and a
+   lightweight remote viewer.
+`Virtlyst <https://github.com/cutelyst/Virtlyst>`__
+   Virtlyst is an open source web application built with C++11, Cutelyst
+   and Qt. It features:
+
+   -  Low memory usage (around 5 MiB of RAM)
+   -  Look and feel easily customized with HTML templates that use the
+      Django syntax
+   -  VNC/Spice console directly in the browser using websockets on the
+      same HTTP port
+   -  Host and Domain statistics graphs (CPU, Memory, IO, Network)
+   -  Connect to multiple libvirtd instances (over local Unix domain
+      socket, SSH, TCP and TLS)
+   -  Manage Storage Pools, Storage Volumes, Networks, Interfaces, and
+      Secrets
+   -  Create and launch VMs
+   -  Configure VMs with easy panels or go pro and edit the VM's XML
+
+Other
+-----
+
+`Cuckoo Sandbox <https://cuckoosandbox.org/>`__
+   Cuckoo Sandbox is a malware analysis system. You can throw any
+   suspicious file at it and in a matter of seconds Cuckoo will provide
+   you back some detailed results outlining what such file did when
+   executed inside an isolated environment. And libvirt is one of the
+   backends that can be used for the isolated environment.
+
+.. |libvirt powered 96| image:: logos/logo-square-powered-96.png
+.. |libvirt powered 128| image:: logos/logo-square-powered-128.png
+.. |libvirt powered 192| image:: logos/logo-square-powered-192.png
+.. |libvirt powered 256| image:: logos/logo-square-powered-256.png

docs/architecture.html.in

@@ -1,82 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1 >libvirt architecture</h1>
-
-    <p>
-      Currently libvirt supports 2 kind of virtualization, and its
-      internal structure is based on a driver model which simplifies
-      adding new
-      engines:
-    </p>
-
-    <ul id="toc"></ul>
-
-    <h2><a id="Xen">Xen support</a></h2>
-
-    <p>When running in a Xen environment, programs using libvirt have to execute
-in "Domain 0", which is the primary Linux OS loaded on the machine. That OS
-kernel provides most if not all of the actual drivers used by the set of
-domains. It also runs the Xen Store, a database of information shared by the
-hypervisor, the backend drivers, any running domains, and libxl (aka libxenlight).
-libxl provides a set of APIs for creating and managing domains, which can be used
-by applications such as the xl tool provided by Xen or libvirt. The hypervisor,
-drivers, kernels and daemons communicate though a shared system bus
-implemented in the hypervisor. The figure below tries to provide a view of
-this environment:</p>
-    <img src="architecture.gif" alt="The Xen architecture" />
-    <p>The library will interact with libxl for all management operations
-on a Xen system.</p>
-    <p>Note that the libvirt libxl driver only supports root access.</p>
-
-    <h2><a id="QEMU">QEMU and KVM support</a></h2>
-
-    <p>The model for QEMU and KVM is completely similar, basically KVM is based
-on QEMU for the process controlling a new domain, only small details differs
-between the two. In both case the libvirt API is provided by a controlling
-process forked by libvirt in the background and which launch and control the
-QEMU or KVM process. That program called libvirt_qemud talks though a specific
-protocol to the library, and connects to the console of the QEMU process in
-order to control and report on its status. Libvirt tries to expose all the
-emulations models of QEMU, the selection is done when creating the new
-domain, by specifying the architecture and machine type targeted.</p>
-    <p>The code controlling the QEMU process is available in the
-<code>qemud/</code> directory.</p>
-
-    <h2><a id="drivers">Driver based architecture</a></h2>
-
-    <p>As the previous section explains, libvirt can communicate using different
-channels with the current hypervisor, and should also be able to use
-different kind of hypervisor. To simplify the internal design, code, ease
-maintenance and simplify the support of other virtualization engine the
-internals have been structured as one core component, the libvirt.c module
-acting as a front-end for the library API and a set of hypervisor drivers
-defining a common set of routines. That way the Xen Daemon access, the Xen
-Store one, the Hypervisor hypercall are all isolated in separate C modules
-implementing at least a subset of the common operations defined by the
-drivers present in driver.h:</p>
-    <ul>
-      <li>xend_internal: implements the driver functions though the Xen
-  Daemon</li>
-      <li>xs_internal: implements the subset of the driver available though the
-    Xen Store</li>
-      <li>xen_internal: provide the implementation of the functions possible via
-    direct hypervisor access</li>
-      <li>proxy_internal: provide read-only Xen access via a proxy, the proxy code
-    is in the <code>proxy/</code> directory.</li>
-      <li>xm_internal: provide support for Xen defined but not running
-    domains.</li>
-      <li>qemu_internal: implement the driver functions for QEMU and
-    KVM virtualization engines. It also uses a qemud/ specific daemon
-    which interacts with the QEMU process to implement libvirt API.</li>
-      <li>test: this is a test driver useful for regression tests of the
-    front-end part of libvirt.</li>
-    </ul>
-    <p>Note that a given driver may only implement a subset of those functions,
-(for example saving a Xen domain state to disk and restoring it is only
-possible though the Xen Daemon), in that case the driver entry points for
-unsupported functions are initialized to NULL.</p>
-    <p></p>
-  </body>
-</html>

docs/architecture.svg

@@ -1,239 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!-- Creator: fig2dev Version 3.2.7b-dev -->
-<!-- CreationDate: 2020-07-10 10:23:50 -->
-<!-- Magnification: 1 -->
-<svg	xmlns="http://www.w3.org/2000/svg"
-	xmlns:xlink="http://www.w3.org/1999/xlink"
-	width="519pt" height="362pt"
-	viewBox="888 3963 8649 6024">
-<g fill="none">
-<!-- Line -->
-<rect x="1050" y="7500" width="8325" height="1200"
-	stroke="#000000" stroke-width="8px"/>
-<!-- Line -->
-<rect x="1050" y="4125" width="2475" height="3150" rx="105"
-	stroke="#000000" stroke-width="8px"/>
-<!-- Line -->
-<polyline points=" 1050,6540 3540,6525"
-	stroke="#000000" stroke-width="15px" stroke-dasharray="60 60"/>
-<!-- Line -->
-<rect x="1140" y="6645" width="450" height="255" rx="105"
-	stroke="#000000" stroke-width="8px"/>
-<!-- Line -->
-<rect x="1140" y="6930" width="450" height="255" rx="105"
-	stroke="#000000" stroke-width="8px"/>
-<!-- Line -->
-<defs>
-<clipPath id="cp0">
-	<path clip-rule="evenodd" d="M 888,3963 H 9537 V 9987 H 888 z
-		M 8353,7665 8353,7785 8651,7751 8651,7700z
-		M 2147,7785 2147,7665 1850,7700 1850,7751z"/>
-</clipPath>
-</defs>
-<polyline points=" 1875,7725 8625,7725" clip-path="url(#cp0)"
-	stroke="#000000" stroke-width="45px"/>
-<!-- Forward arrow to point 8625,7725 -->
-<polygon points=" 8353,7785 8593,7725 8353,7665 8353,7785"
-	stroke="#000000" stroke-width="15px" stroke-miterlimit="8" fill="#000000"/>
-<!-- Backward arrow to point 1875,7725 -->
-<polygon points=" 2147,7665 1907,7725 2147,7785 2147,7665"
-	stroke="#000000" stroke-width="15px" stroke-miterlimit="8" fill="#000000"/>
-<!-- Line -->
-<rect x="1650" y="5625" width="1350" height="750"
-	stroke="#000000" stroke-width="8px"/>
-<!-- Line -->
-<defs>
-<clipPath id="cp1">
-	<path clip-rule="evenodd" d="M 888,3963 H 9537 V 9987 H 888 z
-		M 2790,6647 2910,6647 2876,6350 2825,6350z
-		M 2147,7785 2147,7665 1850,7700 1850,7751z"/>
-</clipPath>
-</defs>
-<polyline points=" 2850,7725 2850,6375" clip-path="url(#cp1)"
-	stroke="#000000" stroke-width="45px"/>
-<!-- Forward arrow to point 2850,6375 -->
-<polygon points=" 2910,6647 2850,6407 2790,6647 2910,6647"
-	stroke="#000000" stroke-width="15px" stroke-miterlimit="8" fill="#000000"/>
-<!-- Line -->
-<rect x="3975" y="4125" width="2475" height="3150" rx="105"
-	stroke="#000000" stroke-width="8px"/>
-<!-- Line -->
-<rect x="6825" y="4125" width="2475" height="3150" rx="105"
-	stroke="#000000" stroke-width="8px"/>
-<!-- Line -->
-<polyline points=" 3975,6540 6465,6525"
-	stroke="#000000" stroke-width="15px" stroke-dasharray="60 60"/>
-<!-- Line -->
-<polyline points=" 6825,6540 9315,6525"
-	stroke="#000000" stroke-width="15px" stroke-dasharray="60 60"/>
-<!-- Line -->
-<defs>
-<clipPath id="cp2">
-	<path clip-rule="evenodd" d="M 888,3963 H 9537 V 9987 H 888 z
-		M 5340,7322 5460,7322 5426,7025 5375,7025z
-		M 2147,7785 2147,7665 1850,7700 1850,7751z"/>
-</clipPath>
-</defs>
-<polyline points=" 5400,7725 5400,7050" clip-path="url(#cp2)"
-	stroke="#000000" stroke-width="45px"/>
-<!-- Forward arrow to point 5400,7050 -->
-<polygon points=" 5460,7322 5400,7082 5340,7322 5460,7322"
-	stroke="#000000" stroke-width="15px" stroke-miterlimit="8" fill="#000000"/>
-<!-- Line -->
-<defs>
-<clipPath id="cp3">
-	<path clip-rule="evenodd" d="M 888,3963 H 9537 V 9987 H 888 z
-		M 7965,7322 8085,7322 8051,7025 8000,7025z
-		M 2147,7785 2147,7665 1850,7700 1850,7751z"/>
-</clipPath>
-</defs>
-<polyline points=" 8025,7725 8025,7050" clip-path="url(#cp3)"
-	stroke="#000000" stroke-width="45px"/>
-<!-- Forward arrow to point 8025,7050 -->
-<polygon points=" 8085,7322 8025,7082 7965,7322 8085,7322"
-	stroke="#000000" stroke-width="15px" stroke-miterlimit="8" fill="#000000"/>
-<!-- Line -->
-<rect x="1050" y="8925" width="8325" height="975"
-	stroke="#000000" stroke-width="8px"/>
-<!-- Line -->
-<rect x="2100" y="4575" width="1350" height="750"
-	stroke="#000000" stroke-width="8px"/>
-<!-- Line -->
-<defs>
-<clipPath id="cp4">
-	<path clip-rule="evenodd" d="M 888,3963 H 9537 V 9987 H 888 z
-		M 3285,8053 3165,8053 3207,8343 3243,8343z
-		M 2147,7785 2147,7665 1850,7700 1850,7751z"/>
-</clipPath>
-</defs>
-<polyline points=" 3225,5325 3225,8325" clip-path="url(#cp4)"
-	stroke="#000000" stroke-width="30px" stroke-dasharray="20 20"/>
-<!-- Forward arrow to point 3225,8325 -->
-<polygon points=" 3165,8053 3225,8293 3285,8053 3165,8053"
-	stroke="#000000" stroke-width="15px" stroke-miterlimit="8" fill="#000000"/>
-<!-- Line -->
-<defs>
-<clipPath id="cp5">
-	<path clip-rule="evenodd" d="M 888,3963 H 9537 V 9987 H 888 z
-		M 6285,7978 6165,7978 6207,8268 6243,8268z
-		M 2147,7785 2147,7665 1850,7700 1850,7751z"/>
-</clipPath>
-</defs>
-<polyline points=" 6225,6900 6225,8250" clip-path="url(#cp5)"
-	stroke="#000000" stroke-width="30px" stroke-dasharray="20 20"/>
-<!-- Forward arrow to point 6225,8250 -->
-<polygon points=" 6165,7978 6225,8218 6285,7978 6165,7978"
-	stroke="#000000" stroke-width="15px" stroke-miterlimit="8" fill="#000000"/>
-<!-- Line -->
-<defs>
-<clipPath id="cp6">
-	<path clip-rule="evenodd" d="M 888,3963 H 9537 V 9987 H 888 z
-		M 8985,7978 8865,7978 8907,8268 8943,8268z
-		M 2147,7785 2147,7665 1850,7700 1850,7751z"/>
-</clipPath>
-</defs>
-<polyline points=" 8925,6900 8925,8250" clip-path="url(#cp6)"
-	stroke="#000000" stroke-width="30px" stroke-dasharray="20 20"/>
-<!-- Forward arrow to point 8925,8250 -->
-<polygon points=" 8865,7978 8925,8218 8985,7978 8865,7978"
-	stroke="#000000" stroke-width="15px" stroke-miterlimit="8" fill="#000000"/>
-<!-- Line -->
-<defs>
-<clipPath id="cp7">
-	<path clip-rule="evenodd" d="M 888,3963 H 9537 V 9987 H 888 z
-		M 1785,8053 1665,8053 1707,8343 1743,8343z
-		M 2147,7785 2147,7665 1850,7700 1850,7751z"/>
-</clipPath>
-</defs>
-<polyline points=" 1725,7125 1725,8325" clip-path="url(#cp7)"
-	stroke="#000000" stroke-width="30px" stroke-dasharray="20 20"/>
-<!-- Forward arrow to point 1725,8325 -->
-<polygon points=" 1665,8053 1725,8293 1785,8053 1665,8053"
-	stroke="#000000" stroke-width="15px" stroke-miterlimit="8" fill="#000000"/>
-<!-- Line -->
-<defs>
-<clipPath id="cp8">
-	<path clip-rule="evenodd" d="M 888,3963 H 9537 V 9987 H 888 z
-		M 2790,5297 2910,5297 2876,5000 2825,5000z
-		M 2910,5578 2790,5578 2825,5876 2876,5876z"/>
-</clipPath>
-</defs>
-<polyline points=" 2850,5850 2850,5025" clip-path="url(#cp8)"
-	stroke="#000000" stroke-width="45px"/>
-<!-- Forward arrow to point 2850,5025 -->
-<polygon points=" 2910,5297 2850,5057 2790,5297 2910,5297"
-	stroke="#000000" stroke-width="15px" stroke-miterlimit="8" fill="#000000"/>
-<!-- Backward arrow to point 2850,5850 -->
-<polygon points=" 2790,5578 2850,5818 2910,5578 2790,5578"
-	stroke="#000000" stroke-width="15px" stroke-miterlimit="8" fill="#000000"/>
-<!-- Line -->
-<defs>
-<clipPath id="cp9">
-	<path clip-rule="evenodd" d="M 888,3963 H 9537 V 9987 H 888 z
-		M 5235,9103 5115,9103 5157,9393 5193,9393z
-		M 2910,5578 2790,5578 2825,5876 2876,5876z"/>
-</clipPath>
-</defs>
-<polyline points=" 5175,8475 5175,9375" clip-path="url(#cp9)"
-	stroke="#000000" stroke-width="30px" stroke-dasharray="20 20"/>
-<!-- Forward arrow to point 5175,9375 -->
-<polygon points=" 5115,9103 5175,9343 5235,9103 5115,9103"
-	stroke="#000000" stroke-width="15px" stroke-miterlimit="8" fill="#000000"/>
-<!-- Line -->
-<defs>
-<clipPath id="cp10">
-	<path clip-rule="evenodd" d="M 888,3963 H 9537 V 9987 H 888 z
-		M 1410,9178 1290,9178 1332,9468 1368,9468z
-		M 2910,5578 2790,5578 2825,5876 2876,5876z"/>
-</clipPath>
-</defs>
-<polyline points=" 1350,7125 1350,9450" clip-path="url(#cp10)"
-	stroke="#000000" stroke-width="30px" stroke-dasharray="20 20"/>
-<!-- Forward arrow to point 1350,9450 -->
-<polygon points=" 1290,9178 1350,9418 1410,9178 1290,9178"
-	stroke="#000000" stroke-width="15px" stroke-miterlimit="8" fill="#000000"/>
-<!-- Line -->
-<defs>
-<clipPath id="cp11">
-	<path clip-rule="evenodd" d="M 888,3963 H 9537 V 9987 H 888 z
-		M 2265,7472 2385,7472 2351,7175 2300,7175z
-		M 2910,5578 2790,5578 2825,5876 2876,5876z"/>
-</clipPath>
-</defs>
-<polyline points=" 2325,7725 2325,7200" clip-path="url(#cp11)"
-	stroke="#000000" stroke-width="45px"/>
-<!-- Forward arrow to point 2325,7200 -->
-<polygon points=" 2385,7472 2325,7232 2265,7472 2385,7472"
-	stroke="#000000" stroke-width="15px" stroke-miterlimit="8" fill="#000000"/>
-<!-- Line -->
-<polyline points=" 900,3975"
-	stroke="#000000" stroke-width="8px" stroke-dasharray="40 40"/>
-<!-- Line -->
-<polyline points=" 9525,9975"
-	stroke="#000000" stroke-width="8px" stroke-dasharray="40 40"/>
-<!-- Text -->
-<text xml:space="preserve" x="4350" y="7980" fill="#000000" font-family="Times" font-style="normal" font-weight="normal" font-size="216" text-anchor="start">XenBus</text>
-<!-- Text -->
-<text xml:space="preserve" x="1680" y="6870" fill="#000000" font-family="Times" font-style="normal" font-weight="normal" font-size="216" text-anchor="start">drivers</text>
-<!-- Text -->
-<text xml:space="preserve" x="1800" y="6075" fill="#000000" font-family="Times" font-style="normal" font-weight="normal" font-size="216" text-anchor="start">XenStore</text>
-<!-- Text -->
-<text xml:space="preserve" x="1875" y="7125" fill="#000000" font-family="Times" font-style="normal" font-weight="normal" font-size="216" text-anchor="start">Kernel0</text>
-<!-- Text -->
-<text xml:space="preserve" x="4875" y="6975" fill="#000000" font-family="Times" font-style="normal" font-weight="normal" font-size="216" text-anchor="start">KernelU</text>
-<!-- Text -->
-<text xml:space="preserve" x="7650" y="6975" fill="#000000" font-family="Times" font-style="normal" font-weight="normal" font-size="216" text-anchor="start">KernelU</text>
-<!-- Text -->
-<text xml:space="preserve" x="4050" y="8400" fill="#000000" font-family="Times" font-style="normal" font-weight="normal" font-size="216" text-anchor="start">Xen Hypervisor</text>
-<!-- Text -->
-<text xml:space="preserve" x="2325" y="4950" fill="#000000" font-family="Times" font-style="normal" font-weight="normal" font-size="216" text-anchor="start">Xend</text>
-<!-- Text -->
-<text xml:space="preserve" x="1200" y="4725" fill="#000000" font-family="Times" font-style="normal" font-weight="normal" font-size="216" text-anchor="start">Dom0</text>
-<!-- Text -->
-<text xml:space="preserve" x="4875" y="5325" fill="#000000" font-family="Times" font-style="normal" font-weight="normal" font-size="216" text-anchor="start">DomU</text>
-<!-- Text -->
-<text xml:space="preserve" x="7650" y="5325" fill="#000000" font-family="Times" font-style="normal" font-weight="normal" font-size="216" text-anchor="start">DomU</text>
-<!-- Text -->
-<text xml:space="preserve" x="3750" y="9450" fill="#000000" font-family="Times" font-style="normal" font-weight="normal" font-size="216" text-anchor="start">Hardware</text>
-</g>
-</svg>

docs/auditlog.html.in

@@ -1,375 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Audit log</h1>
-
-    <ul id="toc"></ul>
-
-    <h2><a id="intro">Introduction</a></h2>
-
-    <p>
-      A number of the libvirt virtualization drivers (QEMU/KVM and LXC) include
-      support for logging details of important operations to the host's audit
-      subsystem. This provides administrators / auditors with a canonical historical
-      record of changes to virtual machines' / containers' lifecycle states and
-      their configuration. On hosts which are running the Linux audit daemon,
-      the logs will usually end up in <code>/var/log/audit/audit.log</code>
-    </p>
-
-    <h2><a id="config">Configuration</a></h2>
-
-    <p>
-      The libvirt audit integration is enabled by default on any host which has
-      the Linux audit subsystem active, and disabled otherwise. It is possible
-      to alter this behaviour in the <code>/etc/libvirt/libvirtd.conf</code>
-      configuration file, via the <code>audit_level</code> parameter
-    </p>
-
-    <ul>
-      <li><code>audit_level=0</code> - libvirt auditing is disabled regardless
-        of host audit subsystem enablement.</li>
-      <li><code>audit_level=1</code> - libvirt auditing is enabled if the host
-        audit subsystem is enabled, otherwise it is disabled. This is the
-        default behaviour.</li>
-      <li><code>audit_level=2</code> - libvirt auditing is enabled regardless
-        of host audit subsystem enablement. If the host audit subsystem is
-        disabled, then libvirtd will refuse to complete startup and exit with
-        an error.</li>
-    </ul>
-
-    <p>
-      In addition to have formal messages sent to the audit subsystem it is
-      possible to tell libvirt to inject messages into its own logging
-      layer. This will result in messages ending up in the systemd journal
-      or <code>/var/log/libvirt/libvirtd.log</code> on non-systemd hosts.
-      This is disabled by default, but can be requested by setting the
-      <code>audit_logging=1</code> configuration parameter in the same file
-      mentioned above.
-    </p>
-
-    <h2><a id="types">Message types</a></h2>
-
-    <p>
-      Libvirt defines three core audit message types each of which will
-      be described below. There are a number of common fields that will
-      be reported for all message types.
-    </p>
-
-    <dl>
-      <dt><code>pid</code></dt>
-      <dd>Process ID of the libvirtd daemon generating the audit record.</dd>
-      <dt><code>uid</code></dt>
-      <dd>User ID of the libvirtd daemon process generating the audit record.</dd>
-      <dt><code>subj</code></dt>
-      <dd>Security context of the libvirtd daemon process generating the audit record.</dd>
-      <dt><code>msg</code></dt>
-      <dd>String containing a list of key=value pairs specific to the type of audit record being reported.</dd>
-    </dl>
-
-    <p>
-      Some fields in the <code>msg</code> string are common to audit records
-    </p>
-
-    <dl>
-      <dt><code>virt</code></dt>
-      <dd>Type of virtualization driver used. One of <code>qemu</code> or <code>lxc</code></dd>
-      <dt><code>vm</code></dt>
-      <dd>Host driver unique name of the guest</dd>
-      <dt><code>uuid</code></dt>
-      <dd>Globally unique identifier for the guest</dd>
-      <dt><code>exe</code></dt>
-      <dd>Path of the libvirtd daemon</dd>
-      <dt><code>hostname</code></dt>
-      <dd>Currently unused</dd>
-      <dt><code>addr</code></dt>
-      <dd>Currently unused</dd>
-      <dt><code>terminal</code></dt>
-      <dd>Currently unused</dd>
-      <dt><code>res</code></dt>
-      <dd>Result of the action, either <code>success</code> or <code>failed</code></dd>
-    </dl>
-
-    <h3><a id="typecontrol">VIRT_CONTROL</a></h3>
-
-    <p>
-      Reports change in the lifecycle state of a virtual machine. The <code>msg</code>
-      field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>op</code></dt>
-      <dd>Type of operation performed. One of <code>start</code>, <code>stop</code> or <code>init</code></dd>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the operation to happen</dd>
-      <dt><code>vm-pid</code></dt>
-      <dd>ID of the primary/leading process associated with the guest</dd>
-      <dt><code>init-pid</code></dt>
-      <dd>ID of the <code>init</code> process in a container. Only if <code>op=init</code> and <code>virt=lxc</code></dd>
-      <dt><code>pid-ns</code></dt>
-      <dd>Namespace ID of the <code>init</code> process in a container. Only if <code>op=init</code> and <code>virt=lxc</code></dd>
-    </dl>
-
-    <h3><a id="typemachine">VIRT_MACHINE_ID</a></h3>
-
-    <p>
-      Reports the association of a security context with a guest. The <code>msg</code>
-      field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>model</code></dt>
-      <dd>The security driver type. One of <code>selinux</code> or <code>apparmor</code></dd>
-      <dt><code>vm-ctx</code></dt>
-      <dd>Security context for the guest process</dd>
-      <dt><code>img-ctx</code></dt>
-      <dd>Security context for the guest disk images and other assigned host resources</dd>
-    </dl>
-
-    <h3><a id="typeresource">VIRT_RESOURCE</a></h3>
-
-    <p>
-      Reports the usage of a host resource by a guest. The fields include will
-      vary according to the type of device being reported. When the guest is
-      initially booted records will be generated for all assigned resources.
-      If any changes are made to the running guest configuration, for example
-      hotplug devices, or adjust resources allocation, further records will
-      be generated.
-    </p>
-
-    <h4><a id="typeresourcevcpu">Virtual CPU</a></h4>
-
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>vcpu</code></dd>
-      <dt><code>old-vcpu</code></dt>
-      <dd>Original vCPU count, or 0</dd>
-      <dt><code>new-vcpu</code></dt>
-      <dd>Updated vCPU count</dd>
-    </dl>
-
-
-    <h4><a id="typeresourcemem">Memory</a></h4>
-
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>mem</code></dd>
-      <dt><code>old-mem</code></dt>
-      <dd>Original memory size in bytes, or 0</dd>
-      <dt><code>new-mem</code></dt>
-      <dd>Updated memory size in bytes</dd>
-    </dl>
-
-    <h4><a id="typeresourcedisk">Disk</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>disk</code></dd>
-      <dt><code>old-disk</code></dt>
-      <dd>Original host file or device path acting as the disk backing file</dd>
-      <dt><code>new-disk</code></dt>
-      <dd>Updated host file or device path acting as the disk backing file</dd>
-    </dl>
-
-    <h4><a id="typeresourcenic">Network interface</a></h4>
-
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>net</code></dd>
-      <dt><code>old-net</code></dt>
-      <dd>Original MAC address of the guest network interface</dd>
-      <dt><code>new-net</code></dt>
-      <dd>Updated MAC address of the guest network interface</dd>
-    </dl>
-
-    <p>
-      If there is a host network interface associated with the guest NIC then
-      further records may be generated
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>net</code></dd>
-      <dt><code>net</code></dt>
-      <dd>MAC address of the host network interface</dd>
-      <dt><code>rdev</code></dt>
-      <dd>Name of the host network interface</dd>
-    </dl>
-
-    <h4><a id="typeresourcefs">Filesystem</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>fs</code></dd>
-      <dt><code>old-fs</code></dt>
-      <dd>Original host directory, file or device path backing the filesystem </dd>
-      <dt><code>new-fs</code></dt>
-      <dd>Updated host directory, file or device path backing the filesystem</dd>
-    </dl>
-
-    <h4><a id="typeresourcehost">Host device</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>hostdev</code> or <code>dev</code></dd>
-      <dt><code>dev</code></dt>
-      <dd>The unique bus identifier of the USB, PCI or SCSI device, if <code>resrc=dev</code></dd>
-      <dt><code>disk</code></dt>
-      <dd>The path of the block device assigned to the guest, if <code>resrc=hostdev</code></dd>
-      <dt><code>chardev</code></dt>
-      <dd>The path of the character device assigned to the guest, if <code>resrc=hostdev</code></dd>
-    </dl>
-
-    <h4><a id="typeresourcetpm">TPM</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>tpm</code> or <code>tpm-emulator</code></dd>
-      <dt><code>device</code></dt>
-      <dd>The path of the host TPM device assigned to the guest</dd>
-    </dl>
-
-    <h4><a id="typeresourcerng">RNG</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>rng</code></dd>
-      <dt><code>old-rng</code></dt>
-      <dd>Original path of the host entropy source for the RNG</dd>
-      <dt><code>new-rng</code></dt>
-      <dd>Updated path of the host entropy source for the RNG</dd>
-    </dl>
-
-    <h4><a id="typeresourcechardev">console/serial/parallel/channel</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>chardev</code></dd>
-      <dt><code>old-chardev</code></dt>
-      <dd>Original path of the backing character device for given emulated device</dd>
-      <dt><code>new-chardev</code></dt>
-      <dd>Updated path of the backing character device for given emulated device</dd>
-    </dl>
-
-    <h4><a id="typeresourcesmartcard">smartcard</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>smartcard</code></dd>
-      <dt><code>old-smartcard</code></dt>
-      <dd>Original path of the backing character device, certificate store or
-          "nss-smartcard-device" for host smartcard passthrough.
-      </dd>
-      <dt><code>new-smartcard</code></dt>
-      <dd>Updated path of the backing character device, certificate store or
-          "nss-smartcard-device" for host smartcard passthrough.
-      </dd>
-    </dl>
-
-    <h4><a id="typeresourceredir">Redirected device</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>redir</code></dd>
-      <dt><code>bus</code></dt>
-      <dd>The bus type, only <code>usb</code> allowed</dd>
-      <dt><code>device</code></dt>
-      <dd>The device type, only <code>USB redir</code> allowed</dd>
-    </dl>
-
-    <h4><a id="typeresourcecgroup">Control group</a></h4>
-
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>cgroup</code></dd>
-      <dt><code>cgroup</code></dt>
-      <dd>The name of the cgroup controller</dd>
-    </dl>
-
-
-    <h4><a id="typeresourceshmem">Shared memory</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>shmem</code></dd>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>size</code></dt>
-      <dd>The size of the shared memory region</dd>
-      <dt><code>shmem</code></dt>
-      <dd>Name of the shared memory region</dd>
-      <dt><code>source</code></dt>
-      <dd>Path of the backing character device for given emulated device</dd>
-    </dl>
-
-  </body>
-</html>

docs/auditlog.rst

@@ -0,0 +1,321 @@
+=========
+Audit log
+=========
+
+.. contents::
+
+Introduction
+------------
+
+A number of the libvirt virtualization drivers (QEMU/KVM and LXC)
+include support for logging details of important operations to the
+host's audit subsystem. This provides administrators / auditors with a
+canonical historical record of changes to virtual machines' /
+containers' lifecycle states and their configuration. On hosts which are
+running the Linux audit daemon, the logs will usually end up in
+``/var/log/audit/audit.log``
+
+Configuration
+-------------
+
+The libvirt audit integration is enabled by default on any host which
+has the Linux audit subsystem active, and disabled otherwise. It is
+possible to alter this behaviour in the ``/etc/libvirt/libvirtd.conf``
+configuration file, via the ``audit_level`` parameter
+
+-  ``audit_level=0`` - libvirt auditing is disabled regardless of host
+   audit subsystem enablement.
+-  ``audit_level=1`` - libvirt auditing is enabled if the host audit
+   subsystem is enabled, otherwise it is disabled. This is the default
+   behaviour.
+-  ``audit_level=2`` - libvirt auditing is enabled regardless of host
+   audit subsystem enablement. If the host audit subsystem is disabled,
+   then libvirtd will refuse to complete startup and exit with an error.
+
+In addition to have formal messages sent to the audit subsystem it is
+possible to tell libvirt to inject messages into its own logging layer.
+This will result in messages ending up in the systemd journal or
+``/var/log/libvirt/libvirtd.log`` on non-systemd hosts. This is disabled
+by default, but can be requested by setting the ``audit_logging=1``
+configuration parameter in the same file mentioned above.
+
+Message types
+-------------
+
+Libvirt defines three core audit message types each of which will be
+described below. There are a number of common fields that will be
+reported for all message types.
+
+``pid``
+   Process ID of the libvirtd daemon generating the audit record.
+``uid``
+   User ID of the libvirtd daemon process generating the audit record.
+``subj``
+   Security context of the libvirtd daemon process generating the audit
+   record.
+``msg``
+   String containing a list of key=value pairs specific to the type of
+   audit record being reported.
+
+Some fields in the ``msg`` string are common to audit records
+
+``virt``
+   Type of virtualization driver used. One of ``qemu`` or ``lxc``
+``vm``
+   Host driver unique name of the guest
+``uuid``
+   Globally unique identifier for the guest
+``exe``
+   Path of the libvirtd daemon
+``hostname``
+   Currently unused
+``addr``
+   Currently unused
+``terminal``
+   Currently unused
+``res``
+   Result of the action, either ``success`` or ``failed``
+
+VIRT_CONTROL
+~~~~~~~~~~~~
+
+Reports change in the lifecycle state of a virtual machine. The ``msg``
+field will include the following sub-fields
+
+``op``
+   Type of operation performed. One of ``start``, ``stop`` or ``init``
+``reason``
+   The reason which caused the operation to happen
+``vm-pid``
+   ID of the primary/leading process associated with the guest
+``init-pid``
+   ID of the ``init`` process in a container. Only if ``op=init`` and
+   ``virt=lxc``
+``pid-ns``
+   Namespace ID of the ``init`` process in a container. Only if
+   ``op=init`` and ``virt=lxc``
+
+VIRT_MACHINE_ID
+~~~~~~~~~~~~~~~
+
+Reports the association of a security context with a guest. The ``msg``
+field will include the following sub-fields
+
+``model``
+   The security driver type. One of ``selinux`` or ``apparmor``
+``vm-ctx``
+   Security context for the guest process
+``img-ctx``
+   Security context for the guest disk images and other assigned host
+   resources
+
+VIRT_RESOURCE
+~~~~~~~~~~~~~
+
+Reports the usage of a host resource by a guest. The fields include will
+vary according to the type of device being reported. When the guest is
+initially booted records will be generated for all assigned resources.
+If any changes are made to the running guest configuration, for example
+hotplug devices, or adjust resources allocation, further records will be
+generated.
+
+Virtual CPU
+^^^^^^^^^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``vcpu``
+``old-vcpu``
+   Original vCPU count, or 0
+``new-vcpu``
+   Updated vCPU count
+
+Memory
+^^^^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``mem``
+``old-mem``
+   Original memory size in bytes, or 0
+``new-mem``
+   Updated memory size in bytes
+
+Disk
+^^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``disk``
+``old-disk``
+   Original host file or device path acting as the disk backing file
+``new-disk``
+   Updated host file or device path acting as the disk backing file
+
+Network interface
+^^^^^^^^^^^^^^^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``net``
+``old-net``
+   Original MAC address of the guest network interface
+``new-net``
+   Updated MAC address of the guest network interface
+
+If there is a host network interface associated with the guest NIC then
+further records may be generated
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``net``
+``net``
+   MAC address of the host network interface
+``rdev``
+   Name of the host network interface
+
+Filesystem
+^^^^^^^^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``fs``
+``old-fs``
+   Original host directory, file or device path backing the filesystem
+``new-fs``
+   Updated host directory, file or device path backing the filesystem
+
+Host device
+^^^^^^^^^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``hostdev`` or ``dev``
+``dev``
+   The unique bus identifier of the USB, PCI or SCSI device, if
+   ``resrc=dev``
+``disk``
+   The path of the block device assigned to the guest, if
+   ``resrc=hostdev``
+``chardev``
+   The path of the character device assigned to the guest, if
+   ``resrc=hostdev``
+
+TPM
+^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``tpm`` or ``tpm-emulator``
+``device``
+   The path of the host TPM device assigned to the guest
+
+RNG
+^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``rng``
+``old-rng``
+   Original path of the host entropy source for the RNG
+``new-rng``
+   Updated path of the host entropy source for the RNG
+
+console/serial/parallel/channel
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``chardev``
+``old-chardev``
+   Original path of the backing character device for given emulated
+   device
+``new-chardev``
+   Updated path of the backing character device for given emulated
+   device
+
+smartcard
+^^^^^^^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``smartcard``
+``old-smartcard``
+   Original path of the backing character device, certificate store or
+   "nss-smartcard-device" for host smartcard passthrough.
+``new-smartcard``
+   Updated path of the backing character device, certificate store or
+   "nss-smartcard-device" for host smartcard passthrough.
+
+Redirected device
+^^^^^^^^^^^^^^^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``redir``
+``bus``
+   The bus type, only ``usb`` allowed
+``device``
+   The device type, only ``USB redir`` allowed
+
+Control group
+^^^^^^^^^^^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``cgroup``
+``cgroup``
+   The name of the cgroup controller
+
+Shared memory
+^^^^^^^^^^^^^
+
+The ``msg`` field will include the following sub-fields
+
+``resrc``
+   The type of resource assigned. Set to ``shmem``
+``reason``
+   The reason which caused the resource to be assigned to happen
+``size``
+   The size of the shared memory region
+``shmem``
+   Name of the shared memory region
+``source``
+   Path of the backing character device for given emulated device

docs/auth.html.in

@@ -1,368 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Connection authentication</h1>
-    <p>
-      When connecting to libvirt, some connections may require client
-      authentication before allowing use of the APIs. The set of possible
-      authentication mechanisms is administrator controlled, independent
-      of applications using libvirt. Once authenticated, libvirt can apply
-      fine grained <a href="acl.html">access control</a> to the operations
-      performed by a client.
-    </p>
-
-    <ul id="toc"></ul>
-
-    <h2><a id="Auth_client_config">Client configuration</a></h2>
-
-    <p>
-      When connecting to a remote hypervisor which requires authentication,
-most libvirt applications will prompt the user for the credentials. It is
-also possible to provide a client configuration file containing all the
-authentication credentials, avoiding any interaction. Libvirt will look
-for the authentication file using the following sequence:
-    </p>
-    <ol>
-      <li>The file path specified by the $LIBVIRT_AUTH_FILE environment
-        variable.</li>
-      <li>The file path specified by the "authfile=/some/file" URI
-        query parameter</li>
-      <li>The file $XDG_CONFIG_HOME/libvirt/auth.conf</li>
-      <li>The file /etc/libvirt/auth.conf</li>
-    </ol>
-
-    <p>
-      The auth configuration file uses the traditional <code>".ini"</code>
-      style syntax. There are two types of groups that can be present in
-      the config. First there are one or more <strong>credential</strong>
-      sets, which provide the actual authentication credentials. The keys
-      within the group may be:
-    </p>
-
-    <ul>
-      <li><code>username</code>: the user login name to act as. This
-        is relevant for ESX, Xen, HyperV and SSH, but probably not
-        the one you want to libvirtd with SASL.</li>
-      <li><code>authname</code>: the name to authorize as. This is
-        what is commonly required for libvirtd with SASL.</li>
-      <li><code>password</code>: the secret password</li>
-      <li><code>realm</code>: the domain realm for SASL, mostly
-        unused</li>
-    </ul>
-
-    <p>
-      Each set of credentials has a name, which is part of the group
-      entry name. Overall the syntax is
-    </p>
-
-    <pre>
-[credentials-$NAME]
-credname1=value1
-credname2=value2</pre>
-
-    <p>
-      For example, to define two sets of credentials used for production
-      and test machines, using libvirtd, and a further ESX server for dev:
-    </p>
-<pre>
-[credentials-test]
-authname=fred
-password=123456
-
-[credentials-prod]
-authname=bar
-password=letmein
-
-[credentials-dev]
-username=joe
-password=hello
-
-[credentials-defgrp]
-username=defuser
-password=defpw</pre>
-
-    <p>
-      The second set of groups provide mappings of credentials to
-      specific machine services. The config file group names compromise
-      the service type and host:
-    </p>
-
-    <pre>
-[auth-$SERVICE-$HOSTNAME]
-credentials=$CREDENTIALS</pre>
-
-    <p>
-      For example, following the previous example, here is how to
-      map some machines. For convenience libvirt supports a default
-      mapping of credentials to machines:
-    </p>
-
-    <pre>
-[auth-libvirt-test1.example.com]
-credentials=test
-
-[auth-libvirt-test2.example.com]
-credentials=test
-
-[auth-libvirt-demo3.example.com]
-credentials=test
-
-[auth-libvirt-prod1.example.com]
-credentials=prod
-
-[auth-libvirt-default]
-credentials=defgrp
-
-[auth-esx-dev1.example.com]
-credentials=dev
-
-[auth-esx-default]
-credentials=defgrp</pre>
-
-
-    <p>
-      The following service types are known to libvirt:
-    </p>
-
-    <ul>
-      <li><code>esx</code> - used for connections to an ESX or
-        VirtualCenter server</li>
-      <li><code>hyperv</code> - used for connections to an HyperV
-        server</li>
-      <li><code>libvirt</code> - used for connections to a libvirtd
-        server, which is configured with SASL auth</li>
-      <li><code>ssh</code> - used for connections to a remote QEMU driver
-        over SSH</li>
-    </ul>
-
-    <p>
-      Applications using libvirt are free to use this same configuration
-      file for storing other credentials. For example, it can be used
-      to storage VNC or SPICE login credentials
-    </p>
-
-    <h2><a id="ACL_server_config">Server configuration</a></h2>
-    <p>
-The libvirt daemon allows the administrator to choose the authentication
-mechanisms used for client connections on each network socket independently.
-This is primarily controlled via the libvirt daemon master config file in
-<code>/etc/libvirt/libvirtd.conf</code>. Each of the libvirt sockets can
-have its authentication mechanism configured independently. There is
-currently a choice of <code>none</code>, <code>polkit</code>, and <code>sasl</code>.
-The SASL scheme can be further configured to choose between a large
-number of different mechanisms.
-</p>
-    <h2><a id="ACL_server_unix_perms">UNIX socket permissions/group</a></h2>
-    <p>
-If libvirt does not contain support for PolicyKit, then access control for
-the UNIX domain socket is done using traditional file user/group ownership
-and permissions. There are 2 sockets, one for full read-write access, the
-other for read-only access. The RW socket will be restricted (mode 0700) to
-only allow the <code>root</code> user to connect. The read-only socket will
-be open access (mode 0777) to allow any user to connect.
-</p>
-    <p>
-To allow non-root users greater access, the <code>libvirtd.conf</code> file
-can be edited to change the permissions via the <code>unix_sock_rw_perms</code>,
-config parameter and to set a user group via the <code>unix_sock_group</code>
-parameter. For example, setting the former to mode <code>0770</code> and the
-latter <code>wheel</code> would let any user in the wheel group connect to
-the libvirt daemon.
-</p>
-    <h2><a id="ACL_server_polkit">UNIX socket PolicyKit auth</a></h2>
-    <p>
-If libvirt contains support for PolicyKit, then access control options are
-more advanced. The <code>auth_unix_rw</code> parameter will default to
-<code>polkit</code>, and the file permissions will default to <code>0777</code>
-even on the RW socket. Upon connecting to the socket, the client application
-will be required to identify itself with PolicyKit. The default policy for the
-RW daemon socket will require any application running in the current desktop
-session to authenticate using the user's password. This is akin to <code>sudo</code>
-auth, but does not require that the client application ultimately run as root.
-Default policy will still allow any application to connect to the RO socket.
-</p>
-    <p>
-The default policy can be overridden by creating a new policy file in the
-<code>/etc/polkit-1/rules.d</code> directory. Information on the options
-available can be found by reading the <code>polkit(8)</code> man page. The
-two libvirt actions are named <code>org.libvirt.unix.manage</code> for full
-management access, and <code>org.libvirt.unix.monitor</code> for read-only
-access.
-</p>
-    <p>
-As an example, creating <code>/etc/polkit-1/rules.d/80-libvirt-manage.rules</code>
-with the following gives the user <code>fred</code> full management access
-when accessing from an active local session:
-    </p>
-<pre>polkit.addRule(function(action, subject) {
-  if (action.id == "org.libvirt.unix.manage" &amp;&amp;
-      subject.local &amp;&amp; subject.active &amp;&amp; subject.user == "fred") {
-      return polkit.Result.YES;
-  }
-});</pre>
-    <p>
-Older versions of PolicyKit used policy files ending with .pkla in the
-local override directory <code>/etc/polkit-1/localauthority/50-local.d/</code>.
-Compatibility with this older format is provided by <a
-href="https://pagure.io/polkit-pkla-compat">polkit-pkla-compat</a>. As an
-example, this gives the user <code>fred</code> full management access:
-    </p>
-<pre>[Allow fred libvirt management permissions]
-Identity=unix-user:fred
-Action=org.libvirt.unix.manage
-ResultAny=yes
-ResultInactive=yes
-ResultActive=yes</pre>
-    <h2><a id="ACL_server_sasl">SASL pluggable authentication</a></h2>
-
-    <p>
-Libvirt integrates with the cyrus-sasl library to provide a pluggable authentication
-system using the SASL protocol. SASL can be used in combination with libvirtd's TLS
-or TCP socket listeners. When used with the TCP listener, the SASL mechanism is
-rqeuired to provide session encryption in addition to authentication. Only a very
-few SASL mechanisms are able to do this, and of those that can do it, only the
-GSSAPI plugin is considered acceptably secure by modern standards:
-    </p>
-
-    <dl>
-      <dt>GSSAPI</dt>
-      <dd><strong>This is the current default mechanism to use with libvirtd</strong>.
-        It uses the Kerberos v5 authentication protocol underneath, and assuming
-        the Kerberos client/server are configured with modern ciphers (AES),
-        it provides strong session encryption capabilities.</dd>
-
-      <dt>DIGEST-MD5</dt>
-      <dd>This was previously set as the default mechanism to use with libvirtd.
-        It provides a simple username/password based authentication mechanism
-        that includes session encryption.
-        <a href="https://tools.ietf.org/html/rfc6331">RFC 6331</a>, however,
-        documents a number of serious security flaws with DIGEST-MD5 and as a
-        result marks it as <code>OBSOLETE</code>. Specific concerns are that
-        it is vulnerable to MITM attacks and the MD5 hash can be brute-forced
-        to reveal the password. A replacement is provided via the SCRAM mechanism,
-        however, note that this does not provide encryption, so the SCRAM
-        mechanism can only be used on the libvirtd TLS listener.
-      </dd>
-
-      <dt>PASSDSS-3DES-1</dt>
-      <dd>This provides a simple username/password based authentication
-        mechanism that includes session encryption. The current cyrus-sasl
-        implementation does not provide a way to validate the server's
-        public key identity, thus it is susceptible to a MITM attacker
-        impersonating the server. It is also not enabled in many OS
-        distros when building SASL libraries.</dd>
-
-      <dt>KERBEROS_V4</dt>
-      <dd>This uses the obsolete Kerberos v4 protocol to provide both authentication
-        and session encryption. Kerberos v4 protocol has been obsolete since the
-        early 1990's and has known security vulnerabilities so this will never be
-        used in practice.</dd>
-    </dl>
-
-    <p>
-      Other SASL mechanisms, not listed above, can only be used when the libvirtd
-      TLS or UNIX socket listeners.
-    </p>
-
-    <h3><a id="ACL_server_username">Username/password auth</a></h3>
-    <p>
-As noted above, the DIGEST-MD5 mechanism is considered obsolete and should
-not be used anymore. To provide a simple username/password auth scheme on
-the libvirt UNIX socket or TLS listeners, however, it is possible to use
-the SCRAM mechanism. The <code>auth_unix_ro</code>, <code>auth_unix_rw</code>,
-<code>auth_tls</code> config params in <code>libvirt.conf</code> can be used
-to turn on SASL auth in these listeners.
-    </p>
-    <p>
-Since the libvirt SASL config file defaults to using GSSAPI (Kerberos), a
-config change is required to enable plain password auth. This is done by
-editing <code>/etc/sasl2/libvirt.conf</code> to set the <code>mech_list</code>
-parameter to <code>scram-sha-1</code>.
-    </p>
-    <p>
-Out of the box, no user accounts are defined, so no clients will be able to authenticate
-on the TCP socket. Adding users and setting their passwords is done with the <code>saslpasswd2</code>
-command. When running this command it is important to tell it that the appname is <code>libvirt</code>.
-As an example, to add a user <code>fred</code>, run
-</p>
-    <pre>
-# saslpasswd2 -a libvirt fred
-Password: xxxxxx
-Again (for verification): xxxxxx
-</pre>
-    <p>
-To see a list of all accounts the <code>sasldblistusers2</code> command can be used.
-This command expects to be given the path to the libvirt user database, which is kept
-in <code>/etc/libvirt/passwd.db</code>
-</p>
-    <pre>
-# sasldblistusers2 -f /etc/libvirt/passwd.db
-fred@t60wlan.home.berrange.com: userPassword
-</pre>
-    <p>
-Finally, to disable a user's access, the <code>saslpasswd2</code> command can be used
-again:
-</p>
-    <pre>
-# saslpasswd2 -a libvirt -d fred
-</pre>
-    <h3><a id="ACL_server_kerberos">GSSAPI/Kerberos auth</a></h3>
-    <p>
-The plain TCP listener of the libvirt daemon defaults to using SASL for authentication.
-The libvirt SASL config also defaults to GSSAPI, so there is no need to edit the
-SASL config when using GSSAPI. If the libvirtd TLS or UNIX listeners are used,
-then the Kerberos session encryption will be disabled since it is not required
-in these scenarios - only the plain TCP listener needs encryption
-</p>
-    <p>
-Some operating systems do not install the SASL kerberos plugin by default. It
-may be necessary to install a sub-package such as <code>cyrus-sasl-gssapi</code>.
-To check whether the Kerberos plugin is installed run the <code>pluginviewer</code>
-program and verify that <code>gssapi</code> is listed, e.g.:
-</p>
-    <pre>
-# pluginviewer
-...snip...
-Plugin "gssapiv2" [loaded],     API version: 4
-        SASL mechanism: GSSAPI, best SSF: 56
-        security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
-        features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|NEED_SERVER_FQDN
-</pre>
-    <p>
-Next it is necessary for the administrator of the Kerberos realm to
-issue a principal for the libvirt server. There needs to be one
-principal per host running the libvirt daemon. The principal should be
-named <code>libvirt/full.hostname@KERBEROS.REALM</code>.  This is
-typically done by running the <code>kadmin.local</code> command on the
-Kerberos server, though some Kerberos servers have alternate ways of
-setting up service principals.  Once created, the principal should be
-exported to a keytab, copied to the host running the libvirt daemon
-and placed in <code>/etc/libvirt/krb5.tab</code>
-</p>
-    <pre>
-# kadmin.local
-kadmin.local: add_principal libvirt/foo.example.com
-Enter password for principal "libvirt/foo.example.com@EXAMPLE.COM":
-Re-enter password for principal "libvirt/foo.example.com@EXAMPLE.COM":
-Principal "libvirt/foo.example.com@EXAMPLE.COM" created.
-
-kadmin.local:  ktadd -k /root/libvirt-foo-example.tab libvirt/foo.example.com@EXAMPLE.COM
-Entry for principal libvirt/foo.example.com@EXAMPLE.COM with kvno 4, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/root/libvirt-foo-example.tab.
-Entry for principal libvirt/foo.example.com@EXAMPLE.COM with kvno 4, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/root/libvirt-foo-example.tab.
-Entry for principal libvirt/foo.example.com@EXAMPLE.COM with kvno 4, encryption type DES with HMAC/sha1 added to keytab WRFILE:/root/libvirt-foo-example.tab.
-Entry for principal libvirt/foo.example.com@EXAMPLE.COM with kvno 4, encryption type DES cbc mode with RSA-MD5 added to keytab WRFILE:/root/libvirt-foo-example.tab.
-
-kadmin.local: quit
-
-# scp /root/libvirt-foo-example.tab root@foo.example.com:/etc/libvirt/krb5.tab
-# rm /root/libvirt-foo-example.tab
-</pre>
-    <p>
-Any client application wishing to connect to a Kerberos enabled libvirt server
-merely needs to run <code>kinit</code> to gain a user principal. This may well
-be done automatically when a user logs into a desktop session, if PAM is set up
-to authenticate against Kerberos.
-</p>
-  </body>
-</html>

docs/auth.rst

@@ -0,0 +1,324 @@
+=========================
+Connection authentication
+=========================
+
+.. contents::
+
+When connecting to libvirt, some connections may require client
+authentication before allowing use of the APIs. The set of possible
+authentication mechanisms is administrator controlled, independent
+of applications using libvirt. Once authenticated, libvirt can apply
+fine grained `access control <acl.html>`_ to the operations
+performed by a client.
+
+Client configuration
+====================
+
+When connecting to a remote hypervisor which requires authentication,
+most libvirt applications will prompt the user for the credentials. It is
+also possible to provide a client configuration file containing all the
+authentication credentials, avoiding any interaction. Libvirt will look
+for the authentication file using the following sequence:
+
+* The file path specified by the ``$LIBVIRT_AUTH_FILE`` environment
+  variable.
+* The file path specified by the ``authfile=/some/file`` URI
+  query parameter
+* The file ``$XDG_CONFIG_HOME/libvirt/auth.conf``
+* The file ``/etc/libvirt/auth.conf``
+
+The auth configuration file uses the traditional ``.ini``
+style syntax. There are two types of groups that can be present in
+the config. First there are one or more ``credential``
+sets, which provide the actual authentication credentials. The keys
+within the group may be:
+
+* ``username``: the user login name to act as. This
+  is relevant for ESX, Xen, HyperV and SSH, but probably not
+  the one you want for libvirtd with SASL.
+* ``authname``: the name to authorize as. This is
+  what is commonly required for libvirtd with SASL.
+* ``password``: the secret password.
+* ``realm``: the domain realm for SASL, mostly unused.
+
+Each set of credentials has a name, which is part of the group
+entry name. Overall the syntax is
+
+::
+
+   [credentials-$NAME]
+   credname1=value1
+   credname2=value2
+
+
+For example, to define two sets of credentials used for production
+and test machines, using libvirtd, and a further ESX server for
+development:
+
+::
+
+   [credentials-test]
+   authname=fred
+   password=123456
+
+   [credentials-prod]
+   authname=bar
+   password=letmein
+
+   [credentials-dev]
+   username=joe
+   password=hello
+
+   [credentials-defgrp]
+   username=defuser
+   password=defpw
+
+The second set of groups provide mappings of credentials to
+specific machine services. The config file group names compromise
+the service type and host:
+
+::
+
+   [auth-$SERVICE-$HOSTNAME]
+   credentials=$CREDENTIALS
+
+For example, following the previous example, here is how to
+map some machines. For convenience libvirt supports a default
+mapping of credentials to machines:
+
+::
+
+   [auth-libvirt-test1.example.com]
+   credentials=test
+
+   [auth-libvirt-test2.example.com]
+   credentials=test
+
+   [auth-libvirt-demo3.example.com]
+   credentials=test
+
+   [auth-libvirt-prod1.example.com]
+   credentials=prod
+
+   [auth-libvirt-default]
+   credentials=defgrp
+
+   [auth-esx-dev1.example.com]
+   credentials=dev
+
+   [auth-esx-default]
+   credentials=defgrp
+
+The following service types are known to libvirt:
+
+* ``esx`` - used for connections to an ESX or VirtualCenter server
+* ``hyperv`` - used for connections to an HyperV server
+* ``libvirt`` - used for connections to a libvirtd
+  server, which is configured with SASL auth
+* ``ssh`` - used for connections to a remote QEMU driver over SSH
+
+
+Applications using libvirt are free to use this same configuration
+file for storing other credentials. For example, it can be used
+to storage VNC or SPICE login credentials
+
+Server configuration
+====================
+
+The libvirt daemon allows the administrator to choose the authentication
+mechanisms used for client connections on each network socket independently.
+This is primarily controlled via the libvirt daemon master config file in
+``/etc/libvirt/libvirtd.conf``. Each of the libvirt sockets can
+have its authentication mechanism configured independently. There is
+currently a choice of ``none``, ``polkit``, and ``sasl``.
+The SASL scheme can be further configured to choose between a large
+number of different mechanisms.
+
+UNIX socket permissions/group
+-----------------------------
+
+If libvirt does not contain support for PolicyKit, then access control for
+the UNIX domain socket is done using traditional file user/group ownership
+and permissions. There are 2 sockets, one for full read-write access, the
+other for read-only access. The RW socket will be restricted (mode 0700) to
+only allow the ``root`` user to connect. The read-only socket will
+be open access (mode 0777) to allow any user to connect.
+
+To allow non-root users greater access, the ``libvirtd.conf`` file
+can be edited to change the permissions via the ``unix_sock_rw_perms``,
+config parameter and to set a user group via the ``unix_sock_group``
+parameter. For example, setting the former to mode ``0770`` and the
+latter ``wheel`` would let any user in the wheel group connect to
+the libvirt daemon.
+
+UNIX socket PolicyKit auth
+--------------------------
+
+If libvirt contains support for PolicyKit, then access control options are
+more advanced. The ``auth_unix_rw`` parameter will default to
+``polkit``, and the file permissions will default to ``0777``
+even on the RW socket. Upon connecting to the socket, the client application
+will be required to identify itself with PolicyKit. The default policy for the
+RW daemon socket will require any application running in the current desktop
+session to authenticate using the user's password. This is akin to ``sudo``
+auth, but does not require that the client application ultimately run as root.
+Default policy will still allow any application to connect to the RO socket.
+
+The default policy can be overridden by creating a new policy file in the
+``/etc/polkit-1/rules.d`` directory. Information on the options
+available can be found by reading the ``polkit(8)`` man page. The
+two libvirt actions are named ``org.libvirt.unix.manage`` for full
+management access, and ``org.libvirt.unix.monitor`` for read-only
+access.
+
+As an example, creating ``/etc/polkit-1/rules.d/80-libvirt-manage.rules``
+with the following gives the user ``fred`` full management access
+when accessing from an active local session:
+
+::
+
+   polkit.addRule(function(action, subject) {
+     if (action.id == "org.libvirt.unix.manage" &&
+         subject.local && subject.active && subject.user == "fred") {
+       return polkit.Result.YES;
+     }
+   });
+
+Older versions of PolicyKit used policy files ending with .pkla in the
+local override directory ``/etc/polkit-1/localauthority/50-local.d/``.
+Compatibility with this older format is provided by
+`polkit-pkla-compat <https://pagure.io/polkit-pkla-compat>`_. As an
+example, this gives the user ``fred`` full management access:
+
+::
+
+   [Allow fred libvirt management permissions]
+   Identity=unix-user:fred
+   Action=org.libvirt.unix.manage
+   ResultAny=yes
+   ResultInactive=yes
+   ResultActive=yes
+
+SASL pluggable authentication
+-----------------------------
+
+Libvirt integrates with the ``cyrus-sasl`` library to provide a pluggable
+authentication system using the SASL protocol. SASL can be used in combination
+with libvirtd's TLS or TCP socket listeners. When used with the TCP listener,
+the SASL mechanism is required to provide session encryption in addition to
+authentication. Only a very few SASL mechanisms are able to do this, and of
+those that can do it, only the ``GSSAPI`` plugin is considered acceptably secure
+by modern standards. ``GSSAPI`` is the default mechanism enabled in the libvirt
+SASL configuration. It uses the Kerberos v5 authentication protocol underneath,
+and assuming the Kerberos client/server are configured with modern ciphers
+(AES), it provides strong session encryption capabilities. All other SASL
+mechanisms should only be used with the libvirtd TLS or UNIX socket listeners.
+
+Username/password auth
+~~~~~~~~~~~~~~~~~~~~~~
+
+To provide a simple username/password auth scheme on the libvirt UNIX socket
+or TLS listeners, however, it is possible to use the ``SCRAM`` mechanism, in its
+``SCRAM-SHA-256`` variant. The ``auth_unix_ro``, ``auth_unix_rw``, ``auth_tls``
+config params in ``libvirtd.conf`` can be used to turn on SASL auth in these
+listeners.
+
+Since the libvirt SASL config file defaults to using ``GSSAPI`` (Kerberos), a
+config change is required to enable plain password auth. This is done by
+editing ``/etc/sasl2/libvirt.conf`` to set the ``mech_list``
+parameter to ``scram-sha-256``.
+
+**Note:** previous versions of libvirt suggested ``DIGEST-MD5`` and
+``SCRAM-SHA-1`` mechanisms. **Use of these is strongly discouraged as they are
+not considered secure by modern standards.** It is possible to replace them with
+use of ``SCRAM-SHA-256``, while still using the same password database.
+
+Out of the box, no user accounts are defined, so no clients will be able to
+authenticate on the TCP socket. Adding users and setting their passwords is
+done with the ``saslpasswd2`` command. When running this command it is
+important to tell it that the appname is ``libvirt``. As an example, to add
+a user ``fred``, run
+
+::
+
+   # saslpasswd2 -a libvirt fred
+   Password: xxxxxx
+   Again (for verification): xxxxxx
+
+To see a list of all accounts the ``sasldblistusers2`` command can be used.
+This command expects to be given the path to the libvirt user database, which
+is kept in ``/etc/libvirt/passwd.db``
+
+::
+
+   # sasldblistusers2 -f /etc/libvirt/passwd.db
+   fred@t60wlan.home.berrange.com: userPassword
+
+Finally, to disable a user's access, the ``saslpasswd2`` command can be used
+again:
+
+::
+
+   # saslpasswd2 -a libvirt -d fred
+
+**Note: the SASL ``passwd.db`` file stores passwords in clear text, so
+care should be taken not to let its contents be disclosed to unauthorized
+users.**
+
+GSSAPI/Kerberos auth
+~~~~~~~~~~~~~~~~~~~~
+
+The plain TCP listener of the libvirt daemon defaults to using SASL for
+authentication. The libvirt SASL config also defaults to ``GSSAPI``, so there
+is no need to edit the SASL config when using ``GSSAPI``. If the libvirtd TLS
+or UNIX listeners are used, then the Kerberos session encryption will be
+disabled since it is not required in these scenarios - only the plain TCP
+listener needs encryption.
+
+Some operating systems do not install the SASL kerberos plugin by default. It
+may be necessary to install a sub-package such as ``cyrus-sasl-gssapi``.
+To check whether the Kerberos plugin is installed run the ``pluginviewer``
+program and verify that ``gssapi`` is listed, e.g.:
+
+::
+
+   # pluginviewer
+   ...snip...
+   Plugin "gssapiv2" [loaded],     API version: 4
+   SASL mechanism: GSSAPI, best SSF: 56
+   security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
+   features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|NEED_SERVER_FQDN
+
+Next it is necessary for the administrator of the Kerberos realm to
+issue a principal for the libvirt server. There needs to be one
+principal per host running the libvirt daemon. The principal should be
+named ``libvirt/full.hostname@KERBEROS.REALM``.  This is
+typically done by running the ``kadmin.local`` command on the
+Kerberos server, though some Kerberos servers have alternate ways of
+setting up service principals.  Once created, the principal should be
+exported to a keytab, copied to the host running the libvirt daemon
+and placed in ``/etc/libvirt/krb5.tab``
+
+::
+
+   # kadmin.local
+   kadmin.local: add_principal libvirt/foo.example.com
+   Enter password for principal "libvirt/foo.example.com@EXAMPLE.COM":
+   Re-enter password for principal "libvirt/foo.example.com@EXAMPLE.COM":
+   Principal "libvirt/foo.example.com@EXAMPLE.COM" created.
+
+   kadmin.local:  ktadd -k /root/libvirt-foo-example.tab libvirt/foo.example.com@EXAMPLE.COM
+   Entry for principal libvirt/foo.example.com@EXAMPLE.COM with kvno 4, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/root/libvirt-foo-example.tab.
+   Entry for principal libvirt/foo.example.com@EXAMPLE.COM with kvno 4, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/root/libvirt-foo-example.tab.
+   Entry for principal libvirt/foo.example.com@EXAMPLE.COM with kvno 4, encryption type DES with HMAC/sha1 added to keytab WRFILE:/root/libvirt-foo-example.tab.
+   Entry for principal libvirt/foo.example.com@EXAMPLE.COM with kvno 4, encryption type DES cbc mode with RSA-MD5 added to keytab WRFILE:/root/libvirt-foo-example.tab.
+
+   kadmin.local: quit
+
+   # scp /root/libvirt-foo-example.tab root@foo.example.com:/etc/libvirt/krb5.tab
+   # rm /root/libvirt-foo-example.tab
+
+Any client application wishing to connect to a Kerberos enabled libvirt server
+merely needs to run ``kinit`` to gain a user principal. This may well
+be done automatically when a user logs into a desktop session, if PAM is set up
+to authenticate against Kerberos.

docs/bindings.html.in

@@ -1,101 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1 >Bindings for other languages and integration API modules</h1>
-
-    <p>
-      Libvirt supports C and C++ directly, and has bindings available
-      for other languages:
-    </p>
-
-    <ul>
-      <li>
-        <strong>C#</strong>: Arnaud Champion develops
-        <a href="csharp.html">C# bindings</a>.
-      </li>
-     <li>
-        <strong>Go</strong>: Daniel Berrange develops
-        <a href="https://pkg.go.dev/libvirt.org/libvirt-go">Go bindings</a>.
-      </li>
-      <li>
-        <strong>Java</strong>: Daniel Veillard develops
-        <a href="java.html">Java bindings</a>.
-      </li>
-      <li>
-        <strong>OCaml</strong>: Richard Jones develops
-        <a href="https://libvirt.org/ocaml/">OCaml bindings</a>.
-      </li>
-      <li>
-        <strong>Perl</strong>: Daniel Berrange develops
-        <a href="https://search.cpan.org/dist/Sys-Virt/">Perl bindings</a>.
-      </li>
-      <li>
-        <p>
-          <strong>PHP</strong>: Radek Hladik started developing
-          <a href="https://libvirt.org/php">PHP bindings</a> in 2010.
-        </p>
-        <p>
-          In February 2011 the binding development has been moved to the libvirt.org website as
-          libvirt-php project.
-        </p>
-        <p>
-          The project is now maintained by Michal Novotny and it's heavily based
-          on Radek's version. For more information, including
-          information on posting patches to libvirt-php, please refer
-          to the <a href="https://libvirt.org/php">PHP bindings</a> site.
-        </p>
-      </li>
-      <li>
-        <p>
-          <strong>Python</strong>: Libvirt's python bindings are split to a
-          separate <a href="https://gitlab.com/libvirt/libvirt-python">package</a>
-          since version 1.2.0, older versions came with direct support for the
-          Python language.
-        </p>
-        <p>
-          If your libvirt is installed as packages, rather than compiled
-          by you from source code, ensure you have the appropriate
-          package installed.
-        </p>
-        <p>
-          This is named <b>libvirt-python</b> on RHEL/Fedora,
-          <a href="https://packages.ubuntu.com/search?keywords=python-libvirt"><b>python-libvirt</b></a>
-          on Ubuntu, and may be named differently on others.
-        </p>
-        <p>
-          For usage information, see the
-          <a href="python.html">Python API bindings</a> page.
-        </p>
-      </li>
-      <li>
-        <strong>Ruby</strong>: Chris Lalancette develops
-        <a href="https://libvirt.org/ruby/">Ruby bindings</a>.
-      </li>
-    </ul>
-
-    <p>
-      Integration API modules:
-    </p>
-
-    <ul>
-      <li>
-        <strong>D-Bus</strong>: Pavel Hrdina develops
-        <a href="dbus.html">D-Bus API</a>.
-      </li>
-    </ul>
-
-    <p>
-      For information on using libvirt on <strong>Windows</strong>
-      <a href="windows.html">please see the Windows support page</a>.
-    </p>
-
-    <p>
-      Support, requests or help for libvirt bindings are welcome on the
-      <a href="https://www.redhat.com/mailman/listinfo/libvir-list/">mailing list</a>,
-      as usual try to provide enough background information and make sure
-      you use recent version, see the <a href="bugs.html">help page</a>.
-    </p>
-
-  </body>
-</html>

docs/bindings.rst

@@ -0,0 +1,62 @@
+========================================================
+Bindings for other languages and integration API modules
+========================================================
+
+.. contents::
+
+Libvirt supports C and C++ directly, and has bindings available for
+other languages:
+
+-  **C#**: Arnaud Champion develops `C# bindings <csharp.html>`__.
+
+-  **Go**: Daniel Berrange develops `Go
+   bindings <https://pkg.go.dev/libvirt.org/go/libvirt>`__.
+
+-  **Java**: Daniel Veillard develops `Java bindings <java.html>`__.
+
+-  **OCaml**: Richard Jones develops `OCaml
+   bindings <https://libvirt.org/ocaml/>`__.
+
+-  **Perl**: Daniel Berrange develops `Perl
+   bindings <https://search.cpan.org/dist/Sys-Virt/>`__.
+
+-  **PHP**: Radek Hladik started developing `PHP
+   bindings <https://libvirt.org/php>`__ in 2010.
+
+   In February 2011 the binding development has been moved to the
+   libvirt.org website as libvirt-php project.
+
+   The project is now maintained by Michal Novotny and it's heavily
+   based on Radek's version. For more information, including information
+   on posting patches to libvirt-php, please refer to the `PHP
+   bindings <https://libvirt.org/php>`__ site.
+
+-  **Python**: Libvirt's python bindings are split to a separate
+   `package <https://gitlab.com/libvirt/libvirt-python>`__ since version
+   1.2.0, older versions came with direct support for the Python
+   language.
+
+   If your libvirt is installed as packages, rather than compiled by you
+   from source code, ensure you have the appropriate package installed.
+
+   This is named **libvirt-python** on RHEL/Fedora,
+   `python-libvirt <https://packages.ubuntu.com/search?keywords=python-libvirt>`__
+   on Ubuntu, and may be named differently on others.
+
+   For usage information, see the `Python API bindings <python.html>`__
+   page.
+
+-  **Ruby**: Chris Lalancette develops `Ruby
+   bindings <https://libvirt.org/ruby/>`__.
+
+Integration API modules:
+
+-  **D-Bus**: Pavel Hrdina develops `D-Bus API <dbus.html>`__.
+
+For information on using libvirt on **Windows** `please see the Windows
+support page <windows.html>`__.
+
+Support, requests or help for libvirt bindings are welcome on the
+`mailing list <https://www.redhat.com/mailman/listinfo/libvir-list/>`__,
+as usual try to provide enough background information and make sure you
+use recent version, see the `help page <bugs.html>`__.

docs/cgroups.html.in

@@ -117,21 +117,27 @@ $ROOT
       |
       +- machine-qemu\x2d1\x2dvm1.scope
       |   |
-      |   +- emulator
-      |   +- vcpu0
-      |   +- vcpu1
+      |   +- libvirt
+      |       |
+      |       +- emulator
+      |       +- vcpu0
+      |       +- vcpu1
       |
       +- machine-qemu\x2d2\x2dvm2.scope
       |   |
-      |   +- emulator
-      |   +- vcpu0
-      |   +- vcpu1
+      |   +- libvirt
+      |       |
+      |       +- emulator
+      |       +- vcpu0
+      |       +- vcpu1
       |
       +- machine-qemu\x2d3\x2dvm3.scope
       |   |
-      |   +- emulator
-      |   +- vcpu0
-      |   +- vcpu1
+      |   +- libvirt
+      |       |
+      |       +- emulator
+      |       +- vcpu0
+      |       +- vcpu1
       |
       +- machine-engineering.slice
       |   |
@@ -148,6 +154,11 @@ $ROOT
           +- machine-lxc\x2d33333\x2dcontainer3.scope
     </pre>
 
+    <p>
+      Prior libvirt 7.1.0 the topology doesn't have extra
+      <code>libvirt</code> directory.
+    </p>
+
     <h3><a id="currentLayoutGeneric">Non-systemd cgroups layout</a></h3>
 
     <p>

docs/ci.rst

@@ -50,10 +50,10 @@ Language bindings
           :target: https://gitlab.com/libvirt/libvirt-csharp/pipelines
           :alt: libvirt-csharp pipeline status
 
-   * - libvirt-go
-     - .. image:: https://gitlab.com/libvirt/libvirt-go/badges/master/pipeline.svg
-          :target: https://gitlab.com/libvirt/libvirt-go/pipelines
-          :alt: libvirt-go pipeline status
+   * - libvirt-go-module
+     - .. image:: https://gitlab.com/libvirt/libvirt-go-module/badges/master/pipeline.svg
+          :target: https://gitlab.com/libvirt/libvirt-go-module/pipelines
+          :alt: libvirt-go-module pipeline status
 
    * - libvirt-java
      - .. image:: https://gitlab.com/libvirt/libvirt-java/badges/master/pipeline.svg
@@ -116,10 +116,10 @@ Object mappings
           :target: https://gitlab.com/libvirt/libvirt-glib/pipelines
           :alt: libvirt-glib pipeline status
 
-   * - libvirt-go-xml
-     - .. image:: https://gitlab.com/libvirt/libvirt-go-xml/badges/master/pipeline.svg
-          :target: https://gitlab.com/libvirt/libvirt-go-xml/pipelines
-          :alt: libvirt-go-xml pipeline status
+   * - libvirt-go-xml-module
+     - .. image:: https://gitlab.com/libvirt/libvirt-go-xml-module/badges/master/pipeline.svg
+          :target: https://gitlab.com/libvirt/libvirt-go-xml-module/pipelines
+          :alt: libvirt-go-xml-module pipeline status
 
    * - libvirt-snmp
      - .. image:: https://gitlab.com/libvirt/libvirt-snmp/badges/master/pipeline.svg

docs/coding-style.rst

@@ -53,13 +53,10 @@ Struct type names
    All structs should have a 'vir' prefix in their typedef name,
    and each following word should have its first letter in
    uppercase. The struct name should be the same as the typedef
-   name with a leading underscore. A second typedef should be
-   given for a pointer to the struct with a 'Ptr' suffix.
-
+   name with a leading underscore.
    ::
 
      typedef struct _virHashTable virHashTable;
-     typedef virHashTable *virHashTablePtr;
      struct _virHashTable {
          ...
      };
@@ -131,7 +128,7 @@ around operators and keywords:
 
   indent-libvirt()
   {
-    indent -bad -bap -bbb -bli4 -br -ce -brs -cs -i4 -l75 -lc75 \
+    indent -bad -bap -bbb -bli4 -br -ce -brs -cs -i4 -l100 -lc100 \
            -sbi4 -psl -saf -sai -saw -sbi4 -ss -sc -cdw -cli4 -npcs -nbc \
            --no-tabs "$@"
   }
@@ -141,6 +138,9 @@ further, by piping it through ``expand -i``, since some leading
 TABs can get through. Usually they're in macro definitions or
 strings, and should be converted anyhow.
 
+The maximum permitted line length is 100 characters, but lines
+should aim to be approximately 80 characters.
+
 Libvirt requires a C99 compiler for various reasons. However, most
 of the code base prefers to stick to C89 syntax unless there is a
 compelling reason otherwise. For example, it is preferable to use
@@ -423,11 +423,11 @@ Conditional expressions
 
 For readability reasons new code should avoid shortening
 comparisons to 0 for numeric types. Boolean and pointer
-comparisions may be shortened. All long forms are okay:
+comparisons may be shortened. All long forms are okay:
 
 ::
 
-  virFooPtr foos = NULL;
+  virFoo *foos = NULL;
   size nfoos = 0;
   bool hasFoos = false;
 
@@ -711,19 +711,6 @@ does **not** guarantee a NULL-terminated buffer, which makes it
 extremely dangerous to use. Instead, use one of the replacement
 functions provided by libvirt:
 
-::
-
-  virStrncpy(char *dest, const char *src, size_t n, size_t destbytes)
-
-The first two arguments have the same meaning as for strncpy,
-namely the destination and source of the copy operation. Unlike
-strncpy, the function will always copy exactly the number of bytes
-requested and make sure the destination is NULL-terminated, as the
-source is required to be; sanity checks are performed to ensure
-the size of the destination, as specified by the last argument, is
-sufficient for the operation to succeed. On success, 0 is
-returned; on failure, a value <0 is returned instead.
-
 ::
 
   virStrcpy(char *dest, const char *src, size_t destbytes)
@@ -849,7 +836,7 @@ vircommand.h:
 
 ::
 
-  void virCommandAddEnvFormat(virCommandPtr cmd, const char *format, ...)
+  void virCommandAddEnvFormat(virCommand *cmd, const char *format, ...)
       G_GNUC_PRINTF(2, 3);
 
 This makes it so gcc's -Wformat and -Wformat-security options can
@@ -936,7 +923,7 @@ ok:
 Although libvirt does not encourage the Linux kernel wind/unwind
 style of multiple labels, there's a good general discussion of the
 issue archived at
-`KernelTrap <http://kerneltrap.org/node/553/2131>`__
+`KernelTrap <https://web.archive.org/web/20130521051957/http://kerneltrap.org/node/553/2131>`__
 
 When using goto, please use one of these standard labels if it
 makes sense:

docs/compiling.html.in

@@ -1,113 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1><a id="installation">libvirt Installation</a></h1>
-
-    <ul id="toc"></ul>
-
-    <h2><a id="compiling">Compiling a release tarball</a></h2>
-
-    <p>
-      libvirt uses the standard setup/build/install steps and mandates
-      that the build directory is different from the source directory:
-    </p>
-
-    <pre>
-$ xz -dc libvirt-x.x.x.tar.xz | tar xvf -
-$ cd libvirt-x.x.x
-$ meson build</pre>
-
-    <p>
-      The <i>meson</i> script can be given options to change its default
-      behaviour.
-    </p>
-
-    <p>
-      To get the complete list of the options run the following command:
-    </p>
-
-    <pre>
-$ meson configure</pre>
-
-    <p>
-      When you have determined which options you want to use (if any),
-      continue the process.
-    </p>
-
-    <p>
-      Note the use of <b>sudo</b> with the <i>ninja install</i> command
-      below.  Using sudo is only required when installing to a location your
-      user does not have write access to.  Installing to a system location
-      is a good example of this.
-    </p>
-
-    <p>
-      If you are installing to a location that your user <i>does</i> have write
-      access to, then you can instead run the <i>ninja install</i> command
-      without putting <b>sudo</b> before it.
-    </p>
-
-    <pre>
-$ meson build <i>[possible options]</i>
-$ ninja -C build
-$ <b>sudo</b> <i>ninja -C build install</i></pre>
-
-    <p>
-      At this point you <b>may</b> have to run ldconfig or a similar utility
-      to update your list of installed shared libs.
-    </p>
-
-    <h2><a id="building">Building from a GIT checkout</a></h2>
-
-    <p>
-      The libvirt build process uses Meson build system. By default when
-      the <code>meson</code> is run from within a GIT checkout, it
-      will turn on -Werror for builds. This can be disabled with
-      --werror=false, but this is not recommended.
-    </p>
-
-    <p>To build &amp; install libvirt to your home
-      directory the following commands can be run:
-    </p>
-
-    <pre>
-$ meson build --prefix=$HOME/usr
-$ ninja -C build
-$ <b>sudo</b> ninja -C build install</pre>
-
-    <p>
-      Be aware though, that binaries built with a custom prefix will not
-      interoperate with OS vendor provided binaries, since the UNIX socket
-      paths will all be different. To produce a build that is compatible
-      with normal OS vendor prefixes, use
-    </p>
-
-    <pre>
-$ meson build -Dsystem=true
-$ ninja -C build
-    </pre>
-
-    <p>
-      When doing this for day-to-day development purposes, it is recommended
-      not to install over the OS vendor provided binaries. Instead simply
-      run libvirt directly from the source tree. For example to run
-      a privileged libvirtd instance
-    </p>
-
-    <pre>
-$ su -
-# service libvirtd stop  (or systemctl stop libvirtd.service)
-# /home/to/your/checkout/src/libvirtd
-    </pre>
-
-    <p>
-      It is also possible to run virsh directly from the source tree
-      using the ./run script (which sets some environment variables):
-    </p>
-
-    <pre>
-$ ./run ./tools/virsh ....
-    </pre>
-  </body>
-</html>

docs/compiling.rst

@@ -0,0 +1,100 @@
+====================
+libvirt Installation
+====================
+
+.. contents::
+
+Compiling a release tarball
+---------------------------
+
+libvirt uses the standard setup/build/install steps and mandates that
+the build directory is different from the source directory:
+
+::
+
+   $ xz -dc libvirt-x.x.x.tar.xz | tar xvf -
+   $ cd libvirt-x.x.x
+   $ meson build
+
+The *meson* script can be given options to change its default behaviour.
+
+**Note:** Please ensure that you have the appropriate minimal ``meson`` version
+installed in your build environment. The minimal version for a specific package
+can be checked in the top level ``meson.build`` file in the ``meson_version``
+field.
+
+To get the complete list of the options run the following command:
+
+::
+
+   $ meson configure
+
+When you have determined which options you want to use (if any),
+continue the process.
+
+Note the use of **sudo** with the *ninja install* command below. Using
+sudo is only required when installing to a location your user does not
+have write access to. Installing to a system location is a good example
+of this.
+
+If you are installing to a location that your user *does* have write
+access to, then you can instead run the *ninja install* command without
+putting **sudo** before it.
+
+::
+
+   $ meson build [possible options]
+   $ ninja -C build
+   $ sudo ninja -C build install
+
+At this point you **may** have to run ldconfig or a similar utility to
+update your list of installed shared libs.
+
+Building from a GIT checkout
+----------------------------
+
+The libvirt build process uses Meson build system. By default when the
+``meson`` is run from within a GIT checkout, it will turn on -Werror for
+builds. This can be disabled with --werror=false, but this is not
+recommended.
+
+To build & install libvirt to your home directory the following commands
+can be run:
+
+::
+
+   $ meson build --prefix=$HOME/usr
+   $ ninja -C build
+   $ sudo ninja -C build install
+
+Be aware though, that binaries built with a custom prefix will not
+interoperate with OS vendor provided binaries, since the UNIX socket
+paths will all be different. To produce a build that is compatible with
+normal OS vendor prefixes, use
+
+::
+
+   $ meson build -Dsystem=true
+   $ ninja -C build
+
+
+When doing this for day-to-day development purposes, it is recommended
+not to install over the OS vendor provided binaries. Instead simply run
+libvirt directly from the source tree. For example to run a privileged
+libvirtd instance
+
+::
+
+   $ su -
+   # service libvirtd stop  (or systemctl stop libvirtd.service)
+   # /home/to/your/checkout/build/src/libvirtd
+
+
+It is also possible to run virsh directly from the build tree using the
+./run script (which sets some environment variables):
+
+::
+
+   $ pwd
+   /home/to/your/checkout/build
+   $ ./run ./tools/virsh ....