NEWS: Update with description of changes to lifecycle action handling

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>

.github/lockdown.yml

@@ -0,0 +1,38 @@
+# Configuration for Repo Lockdown - https://github.com/dessant/repo-lockdown
+
+skipCreatedBefore: 2020-01-01
+
+# Close issues and pull requests
+close: true
+
+# Lock issues and pull requests
+lock: true
+
+# Optionally, specify configuration settings just for `issues` or `pulls`
+issues:
+  comment: |
+    Thank you for your interest in the libvirt project.
+
+    Since this repository is a read-only mirror of the project's master repostory hosted on GitLab, issues opened here are not processed.
+
+    We kindly request that new issues are reported to
+
+      https://gitlab.com/libvirt/libvirt/-/issues/new
+
+    Thank you for your time and understanding.
+
+pulls:
+  comment: |
+    Thank you for your interest in the libvirt project.
+
+    Since this repository is a read-only mirror of the project's master repostory hosted on GitLab, merge requests opened here are not processed.
+
+    We kindly request that contributors fork the project at
+
+      https://gitlab.com/libvirt/libvirt/
+
+    push changes to the fork, and then open a new merge request at
+
+      https://gitlab.com/libvirt/libvirt/-/merge_requests/new
+
+    Thank you for your time and understanding.

.gitignore

@@ -8,33 +8,19 @@
 .#*
 *~
 
-# autotools related ignores
-!/m4/virt-*.m4
-*.cov
-/AUTHORS
-/INSTALL
-/aclocal.m4
-/autom4te.cache
-/build-aux/compile
-/build-aux/config.guess
-/build-aux/config.sub
-/build-aux/depcomp
-/build-aux/install-sh
-/build-aux/ltmain.sh
-/build-aux/missing
-/build-aux/test-driver
-/config.h.in
-/config.log
-/configure
-/m4/*
-Makefile.in
-
 # git related ignores
 *.rej
 *.orig
 .git-module-status
 
+# python related ignores
+__pycache__/
+
 # libvirt related ignores
 /build/
 /ci/scratch/
 tags
+
+# clangd related ignores
+.clangd
+compile_commands.json

.gitlab-ci.yml

@@ -1,183 +1,580 @@
 variables:
-  MAKE: make
   GIT_DEPTH: 100
 
 stages:
-  - prebuild
-  - native_build
-  - cross_build
+  - containers
+  - builds
+  - sanity_checks
 
 .script_variables: &script_variables |
-  export MAKEFLAGS="-j$(getconf _NPROCESSORS_ONLN)"
+  export CCACHE_BASEDIR="$(pwd)"
+  export CCACHE_DIR="$CCACHE_BASEDIR/ccache"
+  export CCACHE_MAXSIZE="500M"
+  export PATH="$CCACHE_WRAPPERSDIR:$PATH"
+  export VIR_TEST_VERBOSE="1"
+  export VIR_TEST_DEBUG="1"
 
 # Common templates
 
-# Default native build jobs that are always run
-.native_build_default_job_template: &native_build_default_job_definition
-  stage: native_build
+.container_job:
+  image: docker:stable
+  stage: containers
+  needs: []
+  services:
+    - name: registry.gitlab.com/libvirt/libvirt-ci/docker-dind:master
+      alias: docker
+  rules:
+    - if: "$TEMPORARILY_DISABLED"
+      allow_failure: true
+    - when: on_success
+  before_script:
+    - export TAG="$CI_REGISTRY_IMAGE/ci-$NAME:latest"
+    - export COMMON_TAG="$CI_REGISTRY/libvirt/libvirt/ci-$NAME:latest"
+    - docker info
+    - docker login registry.gitlab.com -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD"
+  script:
+    - docker pull "$TAG" || docker pull "$COMMON_TAG" || true
+    - docker build --cache-from "$TAG" --cache-from "$COMMON_TAG" --tag "$TAG" -f "ci/containers/$NAME.Dockerfile" ci/containers
+    - docker push "$TAG"
+  after_script:
+    - docker logout
+
+# We build many containers which can be useful to debug problems but are not
+# needed for the pipeline itself to complete: those sometimes fail, and when
+# that happens it's mostly because of temporary issues with Debian sid. We
+# don't want those failures to affect the overall pipeline status
+.container_optional_job:
+  extends: .container_job
+  allow_failure: true
+
+.native_build_job:
+  stage: builds
+  image: $CI_REGISTRY_IMAGE/ci-$NAME:latest
+  rules:
+    - if: "$TEMPORARILY_DISABLED"
+      allow_failure: true
+    - when: on_success
   cache:
     paths:
       - ccache/
     key: "$CI_JOB_NAME"
   before_script:
     - *script_variables
-    - mkdir -p ccache
-    - export CC="ccache gcc"
-    - export CCACHE_BASEDIR=${PWD}
-    - export CCACHE_DIR=${PWD}/ccache
   script:
-    - mkdir build
-    - cd build
-    - ../autogen.sh || (cat config.log && exit 1)
-    - $MAKE distcheck
+    - meson setup build --werror || (cat build/meson-logs/meson-log.txt && exit 1)
+    - meson dist -C build --no-tests
+    - if test -x /usr/bin/rpmbuild && test "$RPM" != "skip";
+      then
+        rpmbuild --nodeps -ta build/meson-dist/libvirt-*.tar.xz;
+      else
+        meson compile -C build;
+        meson test -C build --no-suite syntax-check --print-errorlogs;
+      fi
 
-# Extra native build jobs that are only run post-merge, or
-# when code is pushed to a branch with "ci-full-" name prefix
-.native_build_extra_job_template: &native_build_extra_job_definition
-  <<: *native_build_default_job_definition
-  only:
-    - master
-    - /^ci-full-.*$/
-
-
-# Default cross build jobs that are always run
-.cross_build_default_job_template: &cross_build_default_job_definition
-  stage: cross_build
+.sanitizer_build_job:
+  stage: builds
+  image: $CI_REGISTRY_IMAGE/ci-ubuntu-2004:latest
+  needs:
+    - x64-ubuntu-2004-container
+  rules:
+    - if: "$TEMPORARILY_DISABLED"
+      allow_failure: true
+    - when: on_success
   cache:
     paths:
       - ccache/
     key: "$CI_JOB_NAME"
   before_script:
     - *script_variables
-    - mkdir -p ccache
-    - export CC="ccache ${ABI}-gcc"
-    - export CCACHE_BASEDIR=${PWD}
-    - export CCACHE_DIR=${PWD}/ccache
   script:
-    - mkdir build
-    - cd build
-    - ../autogen.sh $CONFIGURE_OPTS || (cat config.log && exit 1)
-    - $MAKE
+    - meson build --werror -Ddocs=disabled -Db_lundef=false -Db_sanitize="$SANITIZER"
+    - ninja -C build;
+    - ninja -C build test;
+  variables:
+    UBSAN_OPTIONS: print_stacktrace=1:halt_on_error=1
 
-# Extra cross build jobs that are only run post-merge, or
-# when code is pushed to a branch with "ci-full-" name prefix
-.cross_build_extra_job_template: &cross_build_extra_job_definition
-  <<: *cross_build_default_job_definition
-  only:
-    - master
-    - /^ci-full-.*$/
+# Jobs that we delegate to Cirrus CI because they require an operating
+# system other than Linux. These jobs will only run if the required
+# setup has been performed on the GitLab account (see ci/README.rst).
+#
+# The Cirrus CI configuration is generated by replacing target-specific
+# variables in a generic template: some of these variables are provided
+# when the GitLab CI job is defined, others are taken from a shell
+# snippet generated using lcitool.
+#
+# Note that the $PATH environment variable has to be treated with
+# special care, because we can't just override it at the GitLab CI job
+# definition level or we risk breaking it completely.
+.cirrus_build_job:
+  stage: builds
+  image: registry.gitlab.com/libvirt/libvirt-ci/cirrus-run:master
+  needs: []
+  script:
+    - source ci/cirrus/$NAME.vars
+    - sed -e "s|[@]CI_REPOSITORY_URL@|$CI_REPOSITORY_URL|g"
+          -e "s|[@]CI_COMMIT_REF_NAME@|$CI_COMMIT_REF_NAME|g"
+          -e "s|[@]CI_COMMIT_SHA@|$CI_COMMIT_SHA|g"
+          -e "s|[@]CIRRUS_VM_INSTANCE_TYPE@|$CIRRUS_VM_INSTANCE_TYPE|g"
+          -e "s|[@]CIRRUS_VM_IMAGE_SELECTOR@|$CIRRUS_VM_IMAGE_SELECTOR|g"
+          -e "s|[@]CIRRUS_VM_IMAGE_NAME@|$CIRRUS_VM_IMAGE_NAME|g"
+          -e "s|[@]UPDATE_COMMAND@|$UPDATE_COMMAND|g"
+          -e "s|[@]UPGRADE_COMMAND@|$UPGRADE_COMMAND|g"
+          -e "s|[@]INSTALL_COMMAND@|$INSTALL_COMMAND|g"
+          -e "s|[@]PATH@|$PATH_EXTRA${PATH_EXTRA:+:}\$PATH|g"
+          -e "s|[@]PKG_CONFIG_PATH@|$PKG_CONFIG_PATH|g"
+          -e "s|[@]PKGS@|$PKGS|g"
+          -e "s|[@]MAKE@|$MAKE|g"
+          -e "s|[@]PYTHON@|$PYTHON|g"
+          -e "s|[@]PIP3@|$PIP3|g"
+          -e "s|[@]PYPI_PKGS@|$PYPI_PKGS|g"
+      <ci/cirrus/build.yml >ci/cirrus/$NAME.yml
+    - cat ci/cirrus/$NAME.yml
+    - cirrus-run -v --show-build-log always ci/cirrus/$NAME.yml
+  rules:
+    - if: "$TEMPORARILY_DISABLED"
+      allow_failure: true
+    - if: "$CIRRUS_GITHUB_REPO && $CIRRUS_API_TOKEN"
+
+.cross_build_job:
+  stage: builds
+  image: $CI_REGISTRY_IMAGE/ci-$NAME-cross-$CROSS:latest
+  cache:
+    paths:
+      - ccache/
+    key: "$CI_JOB_NAME"
+  rules:
+    - if: "$TEMPORARILY_DISABLED"
+      allow_failure: true
+    - when: on_success
+  before_script:
+    - *script_variables
+  script:
+    - meson setup build --werror $MESON_OPTS || (cat build/meson-logs/meson-log.txt && exit 1)
+    - meson compile -C build
+    - if test "$CROSS" = "i686" ; then meson test -C build --no-suite syntax-check --print-errorlogs ; fi
+
+
+# Native container build jobs
+
+x64-centos-8-container:
+  extends: .container_job
+  variables:
+    NAME: centos-8
+
+x64-centos-stream-8-container:
+  extends: .container_job
+  variables:
+    NAME: centos-stream-8
+
+x64-debian-10-container:
+  extends: .container_job
+  variables:
+    NAME: debian-10
+
+x64-debian-sid-container:
+  extends: .container_job
+  variables:
+    NAME: debian-sid
+
+x64-fedora-33-container:
+  extends: .container_job
+  variables:
+    NAME: fedora-33
+
+x64-fedora-34-container:
+  extends: .container_job
+  variables:
+    NAME: fedora-34
+
+x64-fedora-rawhide-container:
+  extends: .container_optional_job
+  variables:
+    NAME: fedora-rawhide
+
+x64-opensuse-leap-152-container:
+  extends: .container_job
+  variables:
+    NAME: opensuse-leap-152
+
+x64-opensuse-tumbleweed-container:
+  extends: .container_job
+  variables:
+    NAME: opensuse-tumbleweed
+
+x64-ubuntu-1804-container:
+  extends: .container_job
+  variables:
+    NAME: ubuntu-1804
+
+x64-ubuntu-2004-container:
+  extends: .container_job
+  variables:
+    NAME: ubuntu-2004
+
+
+# Cross-build containers build jobs
+
+aarch64-debian-10-container:
+  extends: .container_optional_job
+  variables:
+    NAME: debian-10-cross-aarch64
+
+armv6l-debian-10-container:
+  extends: .container_job
+  variables:
+    NAME: debian-10-cross-armv6l
+
+armv7l-debian-10-container:
+  extends: .container_job
+  variables:
+    NAME: debian-10-cross-armv7l
+
+i686-debian-10-container:
+  extends: .container_optional_job
+  variables:
+    NAME: debian-10-cross-i686
+
+mips-debian-10-container:
+  extends: .container_job
+  variables:
+    NAME: debian-10-cross-mips
+
+mips64el-debian-10-container:
+  extends: .container_optional_job
+  variables:
+    NAME: debian-10-cross-mips64el
+
+mipsel-debian-10-container:
+  extends: .container_job
+  variables:
+    NAME: debian-10-cross-mipsel
+
+ppc64le-debian-10-container:
+  extends: .container_job
+  variables:
+    NAME: debian-10-cross-ppc64le
+
+s390x-debian-10-container:
+  extends: .container_optional_job
+  variables:
+    NAME: debian-10-cross-s390x
+
+aarch64-debian-sid-container:
+  extends: .container_job
+  variables:
+    NAME: debian-sid-cross-aarch64
+
+armv6l-debian-sid-container:
+  extends: .container_optional_job
+  variables:
+    NAME: debian-sid-cross-armv6l
+
+armv7l-debian-sid-container:
+  extends: .container_optional_job
+  variables:
+    NAME: debian-sid-cross-armv7l
+
+i686-debian-sid-container:
+  extends: .container_job
+  variables:
+    NAME: debian-sid-cross-i686
+
+mips64el-debian-sid-container:
+  extends: .container_job
+  variables:
+    NAME: debian-sid-cross-mips64el
+
+mipsel-debian-sid-container:
+  extends: .container_optional_job
+  variables:
+    NAME: debian-sid-cross-mipsel
+
+ppc64le-debian-sid-container:
+  extends: .container_optional_job
+  variables:
+    NAME: debian-sid-cross-ppc64le
+
+s390x-debian-sid-container:
+  extends: .container_job
+  variables:
+    NAME: debian-sid-cross-s390x
+
+mingw32-fedora-rawhide-container:
+  extends: .container_optional_job
+  variables:
+    NAME: fedora-rawhide-cross-mingw32
+
+mingw64-fedora-rawhide-container:
+  extends: .container_optional_job
+  variables:
+    NAME: fedora-rawhide-cross-mingw64
 
 
 # Native architecture build + test jobs
 
-x64-debian-9:
-  <<: *native_build_extra_job_definition
-  image: quay.io/libvirt/buildenv-libvirt-debian-9:latest
-
 x64-debian-10:
-  <<: *native_build_default_job_definition
-  image: quay.io/libvirt/buildenv-libvirt-debian-10:latest
+  extends: .native_build_job
+  needs:
+    - x64-debian-10-container
+  variables:
+    NAME: debian-10
+
+x64-debian-10-clang:
+  extends: .native_build_job
+  needs:
+    - x64-debian-10-container
+  variables:
+    NAME: debian-10
+    CC: clang
 
 x64-debian-sid:
-  <<: *native_build_extra_job_definition
-  image: quay.io/libvirt/buildenv-libvirt-debian-sid:latest
-
-x64-centos-7:
-  <<: *native_build_default_job_definition
-  image: quay.io/libvirt/buildenv-libvirt-centos-7:latest
+  extends: .native_build_job
+  needs:
+    - x64-debian-sid-container
+  variables:
+    NAME: debian-sid
 
 x64-centos-8:
-  <<: *native_build_extra_job_definition
-  image: quay.io/libvirt/buildenv-libvirt-centos-8:latest
+  extends: .native_build_job
+  needs:
+    - x64-centos-8-container
+  variables:
+    NAME: centos-8
+    RPM: skip
 
-x64-fedora-30:
-  <<: *native_build_default_job_definition
-  image: quay.io/libvirt/buildenv-libvirt-fedora-30:latest
+x64-centos-8-clang:
+  extends: .native_build_job
+  needs:
+    - x64-centos-8-container
+  variables:
+    NAME: centos-8
+    CC: clang
+    RPM: skip
 
-x64-fedora-31:
-  <<: *native_build_extra_job_definition
-  image: quay.io/libvirt/buildenv-libvirt-fedora-31:latest
+x64-centos-stream-8:
+  extends: .native_build_job
+  needs:
+    - x64-centos-stream-8-container
+  variables:
+    NAME: centos-stream-8
+    RPM: skip
+
+x64-fedora-33:
+  extends: .native_build_job
+  needs:
+    - x64-fedora-33-container
+  variables:
+    NAME: fedora-33
+
+x64-fedora-34:
+  extends: .native_build_job
+  needs:
+    - x64-fedora-34-container
+  variables:
+    NAME: fedora-34
 
 x64-fedora-rawhide:
-  <<: *native_build_default_job_definition
-  image: quay.io/libvirt/buildenv-libvirt-fedora-rawhide:latest
+  extends: .native_build_job
+  needs:
+    - x64-fedora-rawhide-container
+  variables:
+    NAME: fedora-rawhide
 
-x64-opensuse-151:
-  <<: *native_build_default_job_definition
-  image: quay.io/libvirt/buildenv-libvirt-opensuse-151:latest
+x64-fedora-rawhide-clang:
+  extends: .native_build_job
+  needs:
+    - x64-fedora-rawhide-container
+  variables:
+    NAME: fedora-rawhide
+    CC: clang
+    RPM: skip
 
-x64-ubuntu-1604:
-  <<: *native_build_default_job_definition
-  image: quay.io/libvirt/buildenv-libvirt-ubuntu-1604:latest
+x64-opensuse-leap-152:
+  extends: .native_build_job
+  needs:
+    - x64-opensuse-leap-152-container
+  variables:
+    NAME: opensuse-leap-152
+    RPM: skip
+
+x64-opensuse-tumbleweed:
+  extends: .native_build_job
+  needs:
+    - x64-opensuse-tumbleweed-container
+  variables:
+    NAME: opensuse-tumbleweed
+    RPM: skip
 
 x64-ubuntu-1804:
-  <<: *native_build_extra_job_definition
-  image: quay.io/libvirt/buildenv-libvirt-ubuntu-1804:latest
+  extends: .native_build_job
+  needs:
+    - x64-ubuntu-1804-container
+  variables:
+    NAME: ubuntu-1804
+
+x64-ubuntu-2004:
+  extends: .native_build_job
+  needs:
+    - x64-ubuntu-2004-container
+  variables:
+    NAME: ubuntu-2004
+
+x64-freebsd-12-build:
+  extends: .cirrus_build_job
+  variables:
+    NAME: freebsd-12
+    CIRRUS_VM_INSTANCE_TYPE: freebsd_instance
+    CIRRUS_VM_IMAGE_SELECTOR: image_family
+    CIRRUS_VM_IMAGE_NAME: freebsd-12-2
+    UPDATE_COMMAND: pkg update
+    UPGRADE_COMMAND: pkg upgrade -y
+    INSTALL_COMMAND: pkg install -y
+
+x64-freebsd-13-build:
+  extends: .cirrus_build_job
+  variables:
+    NAME: freebsd-13
+    CIRRUS_VM_INSTANCE_TYPE: freebsd_instance
+    CIRRUS_VM_IMAGE_SELECTOR: image_family
+    CIRRUS_VM_IMAGE_NAME: freebsd-13-0
+    UPDATE_COMMAND: pkg update
+    UPGRADE_COMMAND: pkg upgrade -y
+    INSTALL_COMMAND: pkg install -y
+
+x64-macos-11-build:
+  extends: .cirrus_build_job
+  variables:
+    NAME: macos-11
+    CIRRUS_VM_INSTANCE_TYPE: osx_instance
+    CIRRUS_VM_IMAGE_SELECTOR: image
+    CIRRUS_VM_IMAGE_NAME: big-sur-base
+    UPDATE_COMMAND: brew update
+    UPGRADE_COMMAND: brew upgrade
+    INSTALL_COMMAND: brew install
+    PATH_EXTRA: /usr/local/opt/ccache/libexec:/usr/local/opt/gettext/bin:/usr/local/opt/libpcap/bin:/usr/local/opt/libxslt/bin:/usr/local/opt/rpcgen/bin
+    PKG_CONFIG_PATH: /usr/local/opt/curl/lib/pkgconfig:/usr/local/opt/libpcap/lib/pkgconfig:/usr/local/opt/libxml2/lib/pkgconfig:/usr/local/opt/ncurses/lib/pkgconfig:/usr/local/opt/readline/lib/pkgconfig
 
 
 # Cross compiled build jobs
 
-armv6l-debian-9:
-  <<: *cross_build_extra_job_definition
-  image: quay.io/libvirt/buildenv-libvirt-debian-9-cross-armv6l:latest
+aarch64-debian-sid:
+  extends: .cross_build_job
+  needs:
+    - aarch64-debian-sid-container
+  variables:
+    NAME: debian-sid
+    CROSS: aarch64
 
-mips64el-debian-9:
-  <<: *cross_build_extra_job_definition
-  image: quay.io/libvirt/buildenv-libvirt-debian-9-cross-mips64el:latest
+armv6l-debian-10:
+  extends: .cross_build_job
+  needs:
+    - armv6l-debian-10-container
+  variables:
+    NAME: debian-10
+    CROSS: armv6l
 
-mips-debian-9:
-  <<: *cross_build_extra_job_definition
-  image: quay.io/libvirt/buildenv-libvirt-debian-9-cross-mips:latest
-
-aarch64-debian-10:
-  <<: *cross_build_extra_job_definition
-  image: quay.io/libvirt/buildenv-libvirt-debian-10-cross-aarch64:latest
-
-ppc64le-debian-10:
-  <<: *cross_build_extra_job_definition
-  image: quay.io/libvirt/buildenv-libvirt-debian-10-cross-ppc64le:latest
-
-s390x-debian-10:
-  <<: *cross_build_default_job_definition
-  image: quay.io/libvirt/buildenv-libvirt-debian-10-cross-s390x:latest
-
-armv7l-debian-sid:
-  <<: *cross_build_default_job_definition
-  image: quay.io/libvirt/buildenv-libvirt-debian-sid-cross-armv7l:latest
+armv7l-debian-10:
+  extends: .cross_build_job
+  needs:
+    - armv7l-debian-10-container
+  variables:
+    NAME: debian-10
+    CROSS: armv7l
 
 i686-debian-sid:
-  <<: *cross_build_extra_job_definition
-  image: quay.io/libvirt/buildenv-libvirt-debian-sid-cross-i686:latest
+  extends: .cross_build_job
+  needs:
+    - i686-debian-sid-container
+  variables:
+    NAME: debian-sid
+    CROSS: i686
 
-mipsel-debian-sid:
-  <<: *cross_build_extra_job_definition
-  image: quay.io/libvirt/buildenv-libvirt-debian-sid-cross-mipsel:latest
+mips-debian-10:
+  extends: .cross_build_job
+  needs:
+    - mips-debian-10-container
+  variables:
+    NAME: debian-10
+    CROSS: mips
 
-mingw32-fedora-30:
-  <<: *cross_build_default_job_definition
-  image: quay.io/libvirt/buildenv-libvirt-fedora-30-cross-mingw32:latest
+mips64el-debian-sid:
+  extends: .cross_build_job
+  needs:
+    - mips64el-debian-sid-container
+  variables:
+    NAME: debian-sid
+    CROSS: mips64el
 
-mingw64-fedora-30:
-  <<: *cross_build_default_job_definition
-  image: quay.io/libvirt/buildenv-libvirt-fedora-30-cross-mingw64:latest
+mipsel-debian-10:
+  extends: .cross_build_job
+  needs:
+    - mipsel-debian-10-container
+  variables:
+    NAME: debian-10
+    CROSS: mipsel
+
+ppc64le-debian-10:
+  extends: .cross_build_job
+  needs:
+    - ppc64le-debian-10-container
+  variables:
+    NAME: debian-10
+    CROSS: ppc64le
+
+s390x-debian-sid:
+  extends: .cross_build_job
+  needs:
+    - s390x-debian-sid-container
+  variables:
+    NAME: debian-sid
+    CROSS: s390x
+
+mingw32-fedora-rawhide:
+  extends: .cross_build_job
+  needs:
+    - mingw32-fedora-rawhide-container
+  variables:
+    NAME: fedora-rawhide
+    CROSS: mingw32
+
+mingw64-fedora-rawhide:
+  extends: .cross_build_job
+  needs:
+    - mingw64-fedora-rawhide-container
+  variables:
+    NAME: fedora-rawhide
+    CROSS: mingw64
+
+# Sanitizers
+
+sanitize-gcc:
+  extends: .sanitizer_build_job
+  variables:
+    ASAN_OPTIONS: verify_asan_link_order=0
+    CC: gcc
+    SANITIZER: address,undefined
+
+sanitize-clang:
+  extends: .sanitizer_build_job
+  variables:
+    CC: clang
+    SANITIZER: address,undefined
 
 
 # This artifact published by this job is downloaded by libvirt.org to
 # be deployed to the web root:
 #    https://gitlab.com/libvirt/libvirt/-/jobs/artifacts/master/download?job=website
 website:
-  stage: prebuild
+  stage: builds
+  image: $CI_REGISTRY_IMAGE/ci-centos-8:latest
+  needs:
+    - x64-centos-8-container
   before_script:
     - *script_variables
   script:
-    - mkdir build
-    - cd build
-    - ../autogen.sh --prefix=$(pwd)/../vroot || (cat config.log && exit 1)
-    - $MAKE -C docs
-    - $MAKE -C docs install
-    - cd ..
+    - meson setup build --werror --prefix=$(pwd)/vroot || (cat build/meson-logs/meson-log.txt && exit 1)
+    - ninja -C build install-web
     - mv vroot/share/doc/libvirt/html/ website
-  image: quay.io/libvirt/buildenv-libvirt-fedora-31:latest
   artifacts:
     expose_as: 'Website'
     name: 'website'
@@ -188,35 +585,35 @@ website:
 
 
 codestyle:
-  stage: prebuild
+  stage: builds
+  image: $CI_REGISTRY_IMAGE/ci-opensuse-leap-152:latest
+  needs:
+    - x64-opensuse-leap-152-container
   before_script:
     - *script_variables
   script:
-    - mkdir build
-    - cd build
-    - ../autogen.sh || (cat config.log && exit 1)
-    - $MAKE syntax-check
-  image: quay.io/libvirt/buildenv-libvirt-fedora-31:latest
+    - meson setup build --werror || (cat build/meson-logs/meson-log.txt && exit 1)
+    - ninja -C build libvirt-pot-dep
+    - meson test -C build --suite syntax-check --no-rebuild --print-errorlogs
 
 
 # This artifact published by this job is downloaded to push to Weblate
 # for translation usage:
 #    https://gitlab.com/libvirt/libvirt/-/jobs/artifacts/master/download?job=potfile
 potfile:
-  stage: prebuild
-  only:
-    - master
+  stage: builds
+  image: $CI_REGISTRY_IMAGE/ci-centos-8:latest
+  needs:
+    - x64-centos-8-container
+  rules:
+    - if: "$CI_COMMIT_BRANCH == 'master'"
   before_script:
     - *script_variables
   script:
-    - mkdir build
-    - cd build
-    - ../autogen.sh || (cat config.log && exit 1)
-    - $MAKE -C src generated-sources
-    - $MAKE -C po libvirt.pot
-    - cd ..
-    - mv build/po/libvirt.pot libvirt.pot
-  image: quay.io/libvirt/buildenv-libvirt-fedora-31:latest
+    - meson setup build --werror || (cat build/meson-logs/meson-log.txt && exit 1)
+    - ninja -C build libvirt-pot-dep
+    - ninja -C build libvirt-pot
+    - cp po/libvirt.pot libvirt.pot
   artifacts:
     expose_as: 'Potfile'
     name: 'potfile'
@@ -226,18 +623,34 @@ potfile:
       - libvirt.pot
 
 
-# Check that all commits are signed-off for the DCO. Skip
-# on master branch and -maint branches, since we only need
-# to test developer's personal branches.
-dco:
-  stage: prebuild
-  image: quay.io/libvirt/buildenv-libvirt-fedora-31:latest
-  before_script:
-    - *script_variables
+# Check that all commits are signed-off for the DCO.
+# Skip on "libvirt" namespace, since we only need to run
+# this test on developer's personal forks from which
+# merge requests are submitted
+check-dco:
+  stage: sanity_checks
+  needs: []
+  image: registry.gitlab.com/libvirt/libvirt-ci/check-dco:master
   script:
-    - ./scripts/require-dco.py
-  only:
-    - branches
-  except:
-    - /^v.*-maint$/
-    - master
+    - /check-dco
+  rules:
+    - if: "$CI_PROJECT_NAMESPACE != 'libvirt'"
+  variables:
+    GIT_DEPTH: 1000
+
+
+# Coverity job that is run only by schedules
+coverity:
+  image: $CI_REGISTRY_IMAGE/ci-centos-8:latest
+  needs:
+    - x64-centos-8-container
+  stage: builds
+  script:
+    - curl https://scan.coverity.com/download/linux64 --form project=$COVERITY_SCAN_PROJECT_NAME --form token=$COVERITY_SCAN_TOKEN -o /tmp/cov-analysis-linux64.tgz
+    - tar xfz /tmp/cov-analysis-linux64.tgz
+    - meson setup build --werror || (cat build/meson-logs/meson-log.txt && exit 1)
+    - cov-analysis-linux64-*/bin/cov-build --dir cov-int meson compile -C build
+    - tar cfz cov-int.tar.gz cov-int
+    - curl https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME --form token=$COVERITY_SCAN_TOKEN --form email=$GITLAB_USER_EMAIL --form file=@cov-int.tar.gz --form version="$(git describe --tags)" --form description="$(git describe --tags) / $CI_COMMIT_TITLE / $CI_COMMIT_REF_NAME:$CI_PIPELINE_ID"
+  rules:
+    - if: "$CI_PIPELINE_SOURCE == 'schedule' && $COVERITY_SCAN_PROJECT_NAME && $COVERITY_SCAN_TOKEN"

.gitlab/issue_templates/bug.md

@@ -0,0 +1,24 @@
+<!-- See https://libvirt.org/bugs.html#quality for guidance -->
+
+## Software environment
+ - Operating system:
+ - Architecture:
+ - kernel version:
+ - libvirt version:
+ - Hypervisor and version:
+
+## Description of problem
+
+## Steps to reproduce
+1.
+2.
+3.
+
+## Additional information
+<!-- Attach XML configs, logs, stack traces, etc. Compress the files if necessary -->
+<!-- See https://libvirt.org/kbase/debuglogs.html on how to configure logging -->
+
+
+
+<!-- The line below ensures that proper tags are added to the issue. -- >
+/label ~bug

.gitlab/issue_templates/feature.md

@@ -0,0 +1,30 @@
+<!--
+This is the upstream libvirt issue tracker.
+
+Please note that libvirt, like most open source projects, relies on
+contributors who have motivation, skills and available time to work on
+implementing particular features.
+
+Feature requests can be helpful for determining demand and interest, but
+they are not a guarantee that a contributor will volunteer to implement
+it. We welcome and encourage even draft patches to implement a feature
+be sent to the mailing list where it can be discussed and developed
+further by the community.
+
+Thank you for your interest in helping us to make libvirt better!
+-->
+
+## Goal
+<!-- Describe the final result you want to achieve. Avoid design specifics. -->
+
+
+## Technical details
+<!-- Describe technical details, design specifics, suggestions, versions, etc. -->
+
+
+## Additional information
+
+
+
+<!-- The line below ensures that proper tags are added to the issue. -- >
+/label ~enhancement

.mailmap

@@ -47,6 +47,7 @@
 <fidencio@redhat.com> <fabiano@fidencio.org>
 <shi_lei@massclouds.com> <shilei.massclouds@gmx.com>
 <adrian.brzezinski@eo.pl> <redhat@adrb.pl>
+<matt@datto.com> <mcoleman@datto.com>
 
 # Name consolidation:
 # Preferred author spelling <preferred email>

.travis.yml

@@ -1,116 +0,0 @@
-sudo: required
-language: generic
-
-branches:
-  except:
-    - /^.*-maint$/
-
-addons:
-  homebrew:
-    update: true
-    packages:
-      - ccache
-      - rpcgen
-      - xz
-      - yajl
-      - glib
-      - docutils
-
-matrix:
-  include:
-    - services:
-        - docker
-      env:
-        - IMAGE="ubuntu-1804"
-        - MAKE_ARGS="syntax-check distcheck"
-      script:
-        - make -C ci/ ci-build@$IMAGE CI_MAKE_ARGS="$MAKE_ARGS"
-    - services:
-        - docker
-      env:
-        - IMAGE="centos-7"
-        - MAKE_ARGS="syntax-check distcheck"
-      script:
-        - make -C ci/ ci-build@$IMAGE CI_MAKE_ARGS="$MAKE_ARGS"
-    - services:
-        - docker
-      env:
-        - IMAGE="debian-9"
-        - MAKE_ARGS="syntax-check distcheck"
-      script:
-        - make -C ci/ ci-build@$IMAGE CI_MAKE_ARGS="$MAKE_ARGS"
-    - services:
-        - docker
-      env:
-        - IMAGE="fedora-31"
-        - MAKE_ARGS="syntax-check distcheck"
-      script:
-        - make -C ci/ ci-build@$IMAGE CI_MAKE_ARGS="$MAKE_ARGS"
-    - services:
-        - docker
-      env:
-        - IMAGE="fedora-rawhide"
-        - MAKE_ARGS="syntax-check distcheck"
-      script:
-        - make -C ci/ ci-build@$IMAGE CI_MAKE_ARGS="$MAKE_ARGS"
-    - services:
-        - docker
-      env:
-        - IMAGE="fedora-30-cross-mingw32"
-      script:
-        - make -C ci/ ci-build@$IMAGE
-    - services:
-        - docker
-      env:
-        - IMAGE="fedora-30-cross-mingw64"
-      script:
-        - make -C ci/ ci-build@$IMAGE
-    - compiler: clang
-      language: c
-      os: osx
-      osx_image: xcode10.3
-      env:
-        - PATH="/usr/local/opt/gettext/bin:/usr/local/opt/ccache/libexec:/usr/local/opt/rpcgen/bin:$PATH"
-        - PKG_CONFIG_PATH="/usr/local/opt/libxml2/lib/pkgconfig"
-      before_script:
-        # Hack to blow away py2
-        - brew link --overwrite python
-      script:
-        # We can't run 'distcheck' or 'syntax-check' because they fail on
-        # macOS, but doing 'install' and 'dist' gives us some useful coverage
-        - mkdir build && cd build
-        - ../autogen.sh --prefix=$(pwd)/install-root && make -j3 && make -j3 install && make -j3 dist
-    - compiler: clang
-      language: c
-      os: osx
-      osx_image: xcode11.3
-      env:
-        - PATH="/usr/local/opt/gettext/bin:/usr/local/opt/ccache/libexec:/usr/local/opt/rpcgen/bin:$PATH"
-        - PKG_CONFIG_PATH="/usr/local/opt/libxml2/lib/pkgconfig"
-      before_script:
-        # Hack to blow away py2
-        - brew link --overwrite python
-      script:
-        # We can't run 'distcheck' or 'syntax-check' because they fail on
-        # macOS, but doing 'install' and 'dist' gives us some useful coverage
-        - mkdir build && cd build
-        - ../autogen.sh --prefix=$(pwd)/install-root && make -j3 && make -j3 install && make -j3 dist
-
-git:
-  submodules: true
-
-notifications:
-  irc:
-    # The channel name "irc.oftc.net#virt" is encrypted against libvirt/libvirt
-    # to prevent IRC notifications from github forks. This was created using:
-    # $ travis encrypt -r "libvirt/libvirt" "irc.oftc.net#virt"
-    channels:
-      - secure: "hUPdkLxX7nh75+clpnk4U0XLExLfV9DFKSvQSAUtf5JtDNMslj7AeOCf2wcbkNsEhkiF557odTAnov1s5m1w/yaa56zbjFAh5agzqRKya3QjqsrvlBKw/WuN+l82iMNLLeebTgCPAXrbAbGWH8YmYssp/7+eMsnKaVh84EQQNbMCHlLg6ovE26Fs18mZ6J5RC3OPa1vbv+xkdCHvGg/Oyp4K8bpU7RYyimA56jdxI/OfdTH9HxntHYSzykR7hDbyzZhdIlAUyRKReQVjcV5+R8fdDL/1imyGA/88KTztMeKXpZ5Rf+Ss3vYLZb6qsLLegCZ4AU/q0vvbWxjpZGJZoeyrVpfBTZdYGIzmLTMl9GYXXa/gDwFlbvRDiPDG4TIy6GlMUROinj7KRKEHu1fWRYu012ife5OjidxcwrTnz21vYaCv3AKWPpMPxwIzQPkY1hex9uLLX6z+TrAxxDLF+7UzRT9w2RLFBkLYlj2aDVrLAVb/ynRsxDz5CGzC61FSQVft2e308SkGjdn8YxvguCuXv+N70Fu1cvFyh5XYeHb4fbBRo0Ctzaec78leHlQvRGWKJxXDXRkE2lvvBc7YbBNSAYh7Fs8Y+zY7l7rMxvXdrt3nuaNQhe74V3yhxPDAld66qmAn9TYMmaZW2f5/KKKILLbCa0t2MxiAc6L2OI8="
-    on_success: change
-    on_failure: always
-  email:
-    # The list name 'libvirt-ci@redhat.com" is encrypted against libvirt/libvirt
-    # to prevent IRC notifications from github forks. This was created using:
-    # $ travis encrypt -r "libvirt/libvirt" "libvirt-ci@redhat.com"
-    recipients:
-      - secure: "QcU9eP96P0RlDNzVRZl/4sxyydPStGzECrpgJhr2IPB/7pHk23yaBrmUsq9S830tB+jwLGma1IscNB8uf7Sf7WY+cYIpfR8v030OffWnaipo/Gcs0dpnlfURWHjOFQI3RJzGEihsqvbwUFOwsM+3IDyO3qdWaiT6cN2Tj9ROlwYCySSX5YWzLyX7arBZ4lp8ESs7ohQaEwp2cegnMP2oGPJJe4SebvlCDjHZbjkU5aEradwUWnRQDJZWTKknpNLArVFxN2/ixp6f/MGY4DmkHoDweio6mHIPN5zTs5Jt32aiX6wDBa+bBa4v8TCRqzhYkQ63ZZhNV8bY5Uf9ufTdyvt96yIANyakd85b1QpMdAX76IyJi1l0/Uub6DTQZAcq3vK7iPjGeTVSpyoXrqTfGy4JxMjqDoocpWvv8ALX1wrYI/HfN2R2Aepw9jModTimOsebYhJ1yMhSt8qnh5AQNftGKL2JBKoA1LWdU2YJ5fO1bGjKNiVEkGFQTPYFWrYCUY5JcT+s5WCzNeMNm8s9na8liYhGl3WtS3rPr5M8bof+BMsBhG2hQ0loduc94x2GkvyhQZUgRbqrwNR+y4hn+rWFC3hBzzyiAULs43vY/PJ+eBdKEf3VAc0MkhQ8GgXGSA61fR6aXYonroI/WnBVItwDmUnnMfSziZXxk09GLl4="

ABOUT-NLS

@@ -1 +0,0 @@
-po/README.md

AUTHORS.in

@@ -1,102 +0,0 @@
-   libvirt Authors
-   ===============
-
-The libvirt project was initiated by:
-
-Daniel Veillard <veillard@redhat.com> or <daniel@veillard.com>
-
-The primary maintainers and people with commit access rights:
-
-Alex Jia <ajia@redhat.com>
-Andrea Bolognani <abologna@redhat.com>
-Cédric Bosdonnat <cbosdonnat@suse.com>
-Christian Ehrhardt <christian.ehrhardt@canonical.com>
-Christophe Fergeau <cfergeau@redhat.com>
-Claudio Bley <claudio.bley@gmail.com>
-Cole Robinson <crobinso@redhat.com>
-Daniel P. Berrangé <berrange@redhat.com>
-Daniel Veillard <veillard@redhat.com>
-Doug Goldstein <cardoe@gentoo.org>
-Eric Blake <eblake@redhat.com>
-Erik Skultety <eskultet@redhat.com>
-Fabiano Fidêncio <fidencio@redhat.com>
-Gao Feng <gaofeng@cn.fujitsu.com>
-Guido Günther <agx@sigxcpu.org>
-Ján Tomko <jtomko@redhat.com>
-Jim Fehlig <jfehlig@suse.com>
-Jiří Denemark <jdenemar@redhat.com>
-John Ferlan <jferlan@redhat.com>
-Katerina Koukiou <kkoukiou@redhat.com>
-Laine Stump <laine@redhat.com>
-Mark McLoughlin <markmc@redhat.com>
-Martin Kletzander <mkletzan@redhat.com>
-Matthias Bolte <matthias.bolte@googlemail.com>
-Maxim Nestratov <mnestratov@virtuozzo.com>
-Michal Prívozník <mprivozn@redhat.com>
-Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
-Pavel Hrdina <phrdina@redhat.com>
-Peter Krempa <pkrempa@redhat.com>
-Richard W.M. Jones <rjones@redhat.com>
-Roman Bogorodskiy <bogorodskiy@gmail.com>
-Stefan Berger <stefanb@us.ibm.com>
-Wen Congyang <wency@cn.fujitsu.com>
-
-Previous maintainers:
-
-Anthony Liguori <aliguori@us.ibm.com>
-Atsushi SAKAI <sakaia@jp.fujitsu.com>
-Chris Lalancette <clalance@redhat.com>
-Dan Smith <danms@us.ibm.com>
-Dave Allan <dallan@redhat.com>
-Dave Leskovec <dlesko@linux.vnet.ibm.com>
-Dmitry Guryanov <dguryanov@parallels.com>
-Guannan Ren <gren@redhat.com>
-Jim Meyering <meyering@redhat.com>
-John Levon <john.levon@sun.com>
-Justin Clift <jclift@redhat.com>
-Karel Zak <kzak@redhat.com>
-Osier Yang <jyang@redhat.com>
-
-Patches have also been contributed by:
-
-Abel Míguez Rodríguez <amiguezr@pdi.ucm.es>
-Amit Shah <amit.shah@redhat.com>
-Andrew Puch <apuch@redhat.com>
-Anton Protopopov <aspsk2@gmail.com>
-Ben Guthro <ben.guthro@gmail.com>
-Daniel Hokka Zakrisson <daniel@hozac.com>
-Dan Wendlandt <dan@nicira.com>
-David Lively <dlively@virtualiron.com>
-David Lutterkort <dlutter@redhat.com>
-Evgeniy Sokolov <evg@openvz.org>
-Hugh Brock <hbrock@redhat.com>
-Itamar Heim <iheim@redhat.com>
-James Morris <jmorris@namei.org>
-Javier Fontan <jfontan@gmail.com>
-Jeremy Katz <katzj@redhat.com>
-Kaitlin Rupert <kaitlin@linux.vnet.ibm.com>
-Kazuki Mizushima <mizushima.kazuk@jp.fujitsu.com>
-Mads Chr. Olesen <shiyee@shiyee.dk>
-Mark Johnson <johnson.nh@gmail.com>
-Markus Armbruster <armbru@redhat.com>
-Masayuki Sunou <fj1826dm@aa.jp.fujitsu.com>
-Matthias Witte <witte@netzquadrat.de>
-Michel Ponceau <michel.ponceau@bull.net>
-Nobuhiro Itou <fj0873gn@aa.jp.fujitsu.com>
-Pete Vetere <pvetere@redhat.com>
-Philippe Berthault <philippe.berthault@Bull.net>
-Saori Fukuta <fukuta.saori@jp.fujitsu.com>
-Shigeki Sakamoto <fj0588di@aa.jp.fujitsu.com>
-Shuveb Hussain <shuveb@binarykarma.com>
-Stefan de Konink <dekonink@kinkrsoftware.nl>
-Takahashi Tomohiro <takatom@jp.fujitsu.com>
-Tatsuro Enokura <fj7716hz@aa.jp.fujitsu.com>
-
-#contributorslist#
-
-The libvirt logo was designed by Diana Fong
-
--- End
-;; Local Variables:
-;; coding: utf-8
-;; End:

AUTHORS.rst.in

@@ -0,0 +1,100 @@
+===============
+libvirt Authors
+===============
+
+The libvirt project was initiated by:
+
+* Daniel Veillard <veillard@redhat.com> or <daniel@veillard.com>
+
+The primary maintainers and people with commit access rights:
+
+* Andrea Bolognani <abologna@redhat.com>
+* Cédric Bosdonnat <cbosdonnat@suse.com>
+* Christian Ehrhardt <christian.ehrhardt@canonical.com>
+* Christophe Fergeau <cfergeau@redhat.com>
+* Cole Robinson <crobinso@redhat.com>
+* Daniel P. Berrangé <berrange@redhat.com>
+* Daniel Veillard <veillard@redhat.com>
+* Eric Blake <eblake@redhat.com>
+* Erik Skultety <eskultet@redhat.com>
+* Fabiano Fidêncio <fidencio@redhat.com>
+* Guido Günther <agx@sigxcpu.org>
+* Ján Tomko <jtomko@redhat.com>
+* Jim Fehlig <jfehlig@suse.com>
+* Jiří Denemark <jdenemar@redhat.com>
+* Laine Stump <laine@redhat.com>
+* Martin Kletzander <mkletzan@redhat.com>
+* Michal Prívozník <mprivozn@redhat.com>
+* Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
+* Pavel Hrdina <phrdina@redhat.com>
+* Peter Krempa <pkrempa@redhat.com>
+* Pino Toscano <ptoscano@redhat.com>
+* Richard W.M. Jones <rjones@redhat.com>
+* Roman Bogorodskiy <bogorodskiy@gmail.com>
+* Tim Wiederhake <twiederh@redhat.com>
+
+Previous maintainers:
+
+* Alex Jia <ajia@redhat.com>
+* Anthony Liguori <aliguori@us.ibm.com>
+* Atsushi SAKAI <sakaia@jp.fujitsu.com>
+* Chris Lalancette <clalance@redhat.com>
+* Claudio Bley <claudio.bley@gmail.com>
+* Dan Smith <danms@us.ibm.com>
+* Dave Allan <dallan@redhat.com>
+* Dave Leskovec <dlesko@linux.vnet.ibm.com>
+* Dmitry Guryanov <dguryanov@parallels.com>
+* Doug Goldstein <cardoe@gentoo.org>
+* Gao Feng <gaofeng@cn.fujitsu.com>
+* Guannan Ren <gren@redhat.com>
+* Jim Meyering <meyering@redhat.com>
+* John Ferlan <jferlan@redhat.com>
+* John Levon <john.levon@sun.com>
+* Justin Clift <jclift@redhat.com>
+* Karel Zak <kzak@redhat.com>
+* Katerina Koukiou <kkoukiou@redhat.com>
+* Mark McLoughlin <markmc@redhat.com>
+* Matthias Bolte <matthias.bolte@googlemail.com>
+* Maxim Nestratov <mnestratov@virtuozzo.com>
+* Osier Yang <jyang@redhat.com>
+* Stefan Berger <stefanb@us.ibm.com>
+* Wen Congyang <wency@cn.fujitsu.com>
+
+Patches have also been contributed by:
+
+* Abel Míguez Rodríguez <amiguezr@pdi.ucm.es>
+* Amit Shah <amit.shah@redhat.com>
+* Andrew Puch <apuch@redhat.com>
+* Anton Protopopov <aspsk2@gmail.com>
+* Ben Guthro <ben.guthro@gmail.com>
+* Daniel Hokka Zakrisson <daniel@hozac.com>
+* Dan Wendlandt <dan@nicira.com>
+* David Lively <dlively@virtualiron.com>
+* David Lutterkort <dlutter@redhat.com>
+* Evgeniy Sokolov <evg@openvz.org>
+* Hugh Brock <hbrock@redhat.com>
+* Itamar Heim <iheim@redhat.com>
+* James Morris <jmorris@namei.org>
+* Javier Fontan <jfontan@gmail.com>
+* Jeremy Katz <katzj@redhat.com>
+* Kaitlin Rupert <kaitlin@linux.vnet.ibm.com>
+* Kazuki Mizushima <mizushima.kazuk@jp.fujitsu.com>
+* Mads Chr. Olesen <shiyee@shiyee.dk>
+* Mark Johnson <johnson.nh@gmail.com>
+* Markus Armbruster <armbru@redhat.com>
+* Masayuki Sunou <fj1826dm@aa.jp.fujitsu.com>
+* Matthias Witte <witte@netzquadrat.de>
+* Michel Ponceau <michel.ponceau@bull.net>
+* Nobuhiro Itou <fj0873gn@aa.jp.fujitsu.com>
+* Pete Vetere <pvetere@redhat.com>
+* Philippe Berthault <philippe.berthault@Bull.net>
+* Saori Fukuta <fukuta.saori@jp.fujitsu.com>
+* Shigeki Sakamoto <fj0588di@aa.jp.fujitsu.com>
+* Shuveb Hussain <shuveb@binarykarma.com>
+* Stefan de Konink <dekonink@kinkrsoftware.nl>
+* Takahashi Tomohiro <takatom@jp.fujitsu.com>
+* Tatsuro Enokura <fj7716hz@aa.jp.fujitsu.com>
+
+@contributorslist@
+
+The libvirt logo was designed by Diana Fong

CONTRIBUTING.rst

@@ -0,0 +1,45 @@
+=======================
+Contributing to libvirt
+=======================
+
+Full, up to date information on how to contribute to libvirt can be
+found on the libvirt website:
+
+https://libvirt.org/contribute.html
+
+To build the same document locally, from the top level directory of
+your git clone run:
+
+::
+
+   $ meson build
+   $ ninja -C build
+
+You'll find the freshly-built document in ``docs/contribute.html``.
+
+If ``meson setup`` fails because of missing dependencies, you can set
+up your system by calling
+
+::
+
+   $ sudo dnf builddep libvirt
+
+if you're on a RHEL-based distribution or
+
+::
+
+   $ sudo apt-get build-dep libvirt
+
+if you're on a Debian-based one.
+
+Note that, for the RHEL-based case, if you're on a machine where you
+haven't done any C development before, you will probably also need
+to run
+
+::
+
+   $ sudo dnf install gcc make ninja-build rpm-build
+
+You might still be missing some dependencies if your distribution is
+shipping an old libvirt version, but that will get you much closer to
+where you need to be to build successfully from source.

ChangeLog

@@ -1,15 +0,0 @@
-libvirt ChangeLog
-=================
-
-The libvirt project doesn't include a detailed ChangeLog in its release
-archives.
-
-If you're interested in the full list of changes made to libvirt since
-the project was started, you can clone the git repository from
-
-  https://libvirt.org/git/libvirt.git
-
-and browse them locally using your favorite git history viewer or,
-alternatively, browse them online at
-
-  https://libvirt.org/git/?p=libvirt.git;a=log

GNUmakefile

@@ -1,74 +0,0 @@
-# Having a separate GNUmakefile lets me 'include' the dynamically
-# generated rules created via cfg.mk (package-local configuration)
-# as well as maint.mk (generic maintainer rules).
-# This makefile is used only if you run GNU Make.
-# It is necessary if you want to build targets usually of interest
-# only to the maintainer.
-
-# Copyright (C) 2001, 2003, 2006-2019 Free Software Foundation, Inc.
-
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-_build-aux ?= build-aux
-_autoreconf ?= autoreconf -v
-
-# If the user runs GNU make but has not yet run ./configure,
-# give them a diagnostic.
-_gl-Makefile := $(wildcard [M]akefile)
-ifneq ($(_gl-Makefile),)
-
-# Make tar archive easier to reproduce.
-export TAR_OPTIONS = --owner=0 --group=0 --numeric-owner
-
-# Allow the user to add to this in the Makefile.
-ALL_RECURSIVE_TARGETS =
-
-include Makefile
-include $(srcdir)/$(_build-aux)/syntax-check.mk
-
-else
-
-.DEFAULT_GOAL := abort-due-to-no-makefile
-srcdir = .
-
-# The package can override .DEFAULT_GOAL to run actions like autoreconf.
-include $(srcdir)/$(_build-aux)/syntax-check.mk
-
-ifeq ($(.DEFAULT_GOAL),abort-due-to-no-makefile)
-$(MAKECMDGOALS): abort-due-to-no-makefile
-endif
-
-abort-due-to-no-makefile:
-	@echo There seems to be no Makefile in this directory.   1>&2
-	@echo "You must run ./configure before running 'make'." 1>&2
-	@exit 1
-
-endif
-
-# Tell version 3.79 and up of GNU make to not build goals in this
-# directory in parallel, in case someone tries to build multiple
-# targets, and one of them can cause a recursive target to be invoked.
-
-# Only set this if Automake doesn't provide it.
-AM_RECURSIVE_TARGETS ?= $(RECURSIVE_TARGETS:-recursive=) \
-  $(RECURSIVE_CLEAN_TARGETS:-recursive=) \
-  dist distcheck tags ctags
-
-ALL_RECURSIVE_TARGETS += $(AM_RECURSIVE_TARGETS)
-
-ifneq ($(word 2, $(MAKECMDGOALS)), )
-ifneq ($(filter $(ALL_RECURSIVE_TARGETS), $(MAKECMDGOALS)), )
-.NOTPARALLEL:
-endif
-endif

Makefile.am

@@ -1,200 +0,0 @@
-## Process this file with automake to produce Makefile.in
-
-## Copyright (C) 2005-2013 Red Hat, Inc.
-##
-## This library is free software; you can redistribute it and/or
-## modify it under the terms of the GNU Lesser General Public
-## License as published by the Free Software Foundation; either
-## version 2.1 of the License, or (at your option) any later version.
-##
-## This library is distributed in the hope that it will be useful,
-## but WITHOUT ANY WARRANTY; without even the implied warranty of
-## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-## Lesser General Public License for more details.
-##
-## You should have received a copy of the GNU Lesser General Public
-## License along with this library.  If not, see
-## <http://www.gnu.org/licenses/>.
-
-LCOV = lcov
-GENHTML = genhtml
-
-# when building from tarball -Werror isn't auto enabled
-# so force it explicitly
-DISTCHECK_CONFIGURE_FLAGS = --enable-werror
-
-SUBDIRS = . include/libvirt src tools docs \
-  tests po examples
-
-XZ_OPT ?= -v -T0
-export XZ_OPT
-
-ACLOCAL_AMFLAGS = -I m4
-
-EXTRA_DIST = \
-  config-post.h \
-  libvirt.spec libvirt.spec.in \
-  mingw-libvirt.spec.in \
-  libvirt.pc.in \
-  libvirt-qemu.pc.in \
-  libvirt-lxc.pc.in \
-  libvirt-admin.pc.in \
-  Makefile.nonreentrant \
-  autogen.sh \
-  GNUmakefile \
-  run.in \
-  README.md \
-  AUTHORS.in \
-  scripts/apibuild.py \
-  scripts/augeas-gentest.py \
-  build-aux/check-spacing.pl \
-  scripts/check-aclperms.py \
-  scripts/check-aclrules.py \
-  scripts/check-drivername.py \
-  scripts/check-driverimpls.py \
-  scripts/check-file-access.py \
-  scripts/check-remote-protocol.py \
-  scripts/check-symfile.py \
-  scripts/check-symsorting.py \
-  scripts/dtrace2systemtap.py \
-  scripts/esx_vi_generator.py \
-  scripts/genaclperms.py \
-  scripts/genpolkit.py \
-  scripts/gensystemtap.py \
-  scripts/group-qemu-caps.py \
-  scripts/header-ifdef.py \
-  scripts/hvsupport.py \
-  scripts/hyperv_wmi_generator.py \
-  scripts/minimize-po.py \
-  scripts/mock-noinline.py \
-  scripts/prohibit-duplicate-header.py \
-  scripts/reformat-news.py \
-  scripts/test-wrap-argv.py \
-  build-aux/syntax-check.mk \
-  build-aux/useless-if-before-free \
-  build-aux/vc-list-files \
-  ci/Makefile \
-  ci/build.sh \
-  ci/list-images.sh \
-  ci/prepare.sh \
-  $(NULL)
-
-pkgconfigdir = $(libdir)/pkgconfig
-pkgconfig_DATA = libvirt.pc libvirt-qemu.pc libvirt-lxc.pc libvirt-admin.pc
-
-NEWS: \
-	  $(srcdir)/docs/news.xml \
-	  $(srcdir)/docs/news-ascii.xsl \
-	  $(top_srcdir)/scripts/reformat-news.py
-	$(AM_V_GEN) \
-	if [ -x $(XSLTPROC) ]; then \
-	  $(XSLTPROC) --nonet \
-	    $(srcdir)/docs/news-ascii.xsl \
-	    $(srcdir)/docs/news.xml \
-	  >$@-tmp \
-	    || { rm -f $@-tmp; exit 1; }; \
-	  $(RUNUTF8) $(PYTHON) $(top_srcdir)/scripts/reformat-news.py $@-tmp >$@ \
-	    || { rm -f $@-tmp; exit 1; }; \
-	  rm -f $@-tmp; \
-	fi
-EXTRA_DIST += \
-	$(srcdir)/docs/news.xml \
-	$(srcdir)/docs/news-ascii.xsl \
-	$(NULL)
-
-rpm: clean
-	@(unset CDPATH ; $(MAKE) dist && rpmbuild -ta $(distdir).tar.xz)
-
-srpm: clean
-	@(unset CDPATH ; $(MAKE) dist && rpmbuild -ts $(distdir).tar.xz)
-
-check-local: all tests
-
-check-access: all
-	@($(MAKE) $(AM_MAKEFLAGS) -C tests check-access)
-
-cov: clean-cov
-	$(MKDIR_P) $(top_builddir)/coverage
-	$(LCOV) -c -o $(top_builddir)/coverage/libvirt.info.tmp \
-	  -d $(top_builddir)/src \
-	  -d $(top_builddir)/tests
-	$(LCOV) -r $(top_builddir)/coverage/libvirt.info.tmp \
-	  -o $(top_builddir)/coverage/libvirt.info
-	rm $(top_builddir)/coverage/libvirt.info.tmp
-	$(GENHTML) --show-details -t "libvirt" -o $(top_builddir)/coverage \
-	  --legend $(top_builddir)/coverage/libvirt.info
-
-clean-cov:
-	rm -rf $(top_builddir)/coverage
-
-MAINTAINERCLEANFILES = .git-module-status
-
-BUILT_SOURCES = configmake.h
-CLEANFILES = configmake.h
-
-distclean-local: clean-GNUmakefile
-clean-GNUmakefile:
-	test '$(srcdir)' = . || rm -f $(top_builddir)/GNUmakefile
-
-dist-hook: gen-AUTHORS
-
-.PHONY: gen-AUTHORS
-gen-AUTHORS:
-	$(AM_V_GEN)\
-	if test -d $(srcdir)/.git; then \
-	  ( \
-	    cd $(srcdir) && \
-	    git log --pretty=format:'%aN <%aE>' | sort -u \
-	  ) > all.list && \
-	  sort -u $(srcdir)/AUTHORS.in > maint.list && \
-	  comm -23 all.list maint.list > contrib.list && \
-	  contrib="`cat contrib.list`" && \
-	  perl -p -e "s/#contributorslist#// and print '$$contrib'" \
-	    < $(srcdir)/AUTHORS.in > $(distdir)/AUTHORS-tmp && \
-	  mv -f $(distdir)/AUTHORS-tmp $(distdir)/AUTHORS && \
-	  rm -f all.list maint.list contrib.list; \
-	fi
-
-ci-%:
-	$(MAKE) -C $(srcdir)/ci/ $@
-
-# Listed in the same order as the GNU makefile conventions, and
-# provided by autoconf 2.59c+ or 2.70.
-# The Automake-defined pkg* macros are appended, in the order
-# listed in the Automake 1.10a+ documentation.
-configmake.h: Makefile
-	$(AM_V_GEN)rm -f $@-t && \
-	{ echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \
-	  echo '#if WIN32'; \
-	  echo '# include <winsock2.h> /* avoid mingw pollution on DATADIR */'; \
-	  echo '#endif'; \
-	  echo '#define PREFIX "$(prefix)"'; \
-	  echo '#define EXEC_PREFIX "$(exec_prefix)"'; \
-	  echo '#define BINDIR "$(bindir)"'; \
-	  echo '#define SBINDIR "$(sbindir)"'; \
-	  echo '#define LIBEXECDIR "$(libexecdir)"'; \
-	  echo '#define DATAROOTDIR "$(datarootdir)"'; \
-	  echo '#define DATADIR "$(datadir)"'; \
-	  echo '#define SYSCONFDIR "$(sysconfdir)"'; \
-	  echo '#define SHAREDSTATEDIR "$(sharedstatedir)"'; \
-	  echo '#define LOCALSTATEDIR "$(localstatedir)"'; \
-	  echo '#define RUNSTATEDIR "$(runstatedir)"'; \
-	  echo '#define INCLUDEDIR "$(includedir)"'; \
-	  echo '#define OLDINCLUDEDIR "$(oldincludedir)"'; \
-	  echo '#define DOCDIR "$(docdir)"'; \
-	  echo '#define INFODIR "$(infodir)"'; \
-	  echo '#define HTMLDIR "$(htmldir)"'; \
-	  echo '#define DVIDIR "$(dvidir)"'; \
-	  echo '#define PDFDIR "$(pdfdir)"'; \
-	  echo '#define PSDIR "$(psdir)"'; \
-	  echo '#define LIBDIR "$(libdir)"'; \
-	  echo '#define LISPDIR "$(lispdir)"'; \
-	  echo '#define LOCALEDIR "$(localedir)"'; \
-	  echo '#define MANDIR "$(mandir)"'; \
-	  echo '#define MANEXT "$(manext)"'; \
-	  echo '#define PKGDATADIR "$(pkgdatadir)"'; \
-	  echo '#define PKGINCLUDEDIR "$(pkgincludedir)"'; \
-	  echo '#define PKGLIBDIR "$(pkglibdir)"'; \
-	  echo '#define PKGLIBEXECDIR "$(pkglibexecdir)"'; \
-	} | sed '/""/d' > $@-t && \
-	mv -f $@-t $@

README

@@ -1 +0,0 @@
-README.md

README-hacking

@@ -1,56 +0,0 @@
--*- outline -*-
-
-These notes intend to help people working on the checked-out sources.
-These requirements do not apply when building from a distribution tarball.
-See also docs/hacking.html (after building libvirt using the information
-included in this file) for more detailed contribution guidelines.
-
-* Requirements
-
-We've opted to keep only the highest-level sources in the GIT repository.
-This eases our maintenance burden, (fewer merges etc.), but imposes more
-requirements on anyone wishing to build from the just-checked-out sources.
-Note the requirements to build the released archive are much less and
-are just the requirements of the standard configure && make procedure.
-Specific development tools and versions will be checked for and listed by
-the bootstrap script.
-
-Valgrind <http://valgrind.org/> is also highly recommended, if
-Valgrind supports your architecture.
-
-While building from a just-cloned source tree may require installing a
-few prerequisites, later, a plain `git pull && make' should be sufficient.
-
-* First GIT checkout
-
-You can get a copy of the source repository like this:
-
-        $ git clone https://libvirt.org/git/libvirt.git
-        $ cd libvirt
-
-We require to have the build directory different than the source directory:
-
-        $ mkdir build && cd build
-
-The next step is to invoke ../autogen.sh:
-
-        $ ../autogen.sh
-
-And there you are!  Just
-
-        $ make
-        $ make check
-
-At this point, there should be no difference between your local copy,
-and the GIT master copy:
-
-        $ cd ..
-        $ git diff
-
-should output no difference.
-
-Enjoy!
-
-Local Variables:
-indent-tabs-mode: nil
-End:

README.md

@@ -1,86 +0,0 @@
-[![Build Status](https://travis-ci.org/libvirt/libvirt.svg)](https://travis-ci.org/libvirt/libvirt)
- [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/355/badge)](https://bestpractices.coreinfrastructure.org/projects/355)
-
-Libvirt API for virtualization
-==============================
-
-Libvirt provides a portable, long term stable C API for managing the
-virtualization technologies provided by many operating systems. It
-includes support for QEMU, KVM, Xen, LXC, bhyve, Virtuozzo, VMware
-vCenter and ESX, VMware Desktop, Hyper-V, VirtualBox and the POWER
-Hypervisor.
-
-For some of these hypervisors, it provides a stateful management
-daemon which runs on the virtualization host allowing access to the
-API both by non-privileged local users and remote users.
-
-Layered packages provide bindings of the libvirt C API into other
-languages including Python, Perl, PHP, Go, Java, OCaml, as well as
-mappings into object systems such as GObject, CIM and SNMP.
-
-Further information about the libvirt project can be found on the
-website:
-
-[https://libvirt.org](https://libvirt.org)
-
-
-License
--------
-
-The libvirt C API is distributed under the terms of GNU Lesser General
-Public License, version 2.1 (or later). Some parts of the code that are
-not part of the C library may have the more restrictive GNU General
-Public License, version 2.0 (or later). See the files `COPYING.LESSER`
-and `COPYING` for full license terms & conditions.
-
-
-Installation
-------------
-
-Libvirt uses the GNU Autotools build system, so in general can be built
-and installed with the usual commands, however, we mandate to have the
-build directory different than the source directory. For example, to build
-in a manner that is suitable for installing as root, use:
-
-```
-$ mkdir build && cd build
-$ ../configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
-$ make
-$ sudo make install
-```
-
-While to build & install as an unprivileged user
-
-```
-$ mkdir build && cd build
-$ ../configure --prefix=$HOME/usr
-$ make
-$ make install
-```
-
-The libvirt code relies on a large number of 3rd party libraries. These will
-be detected during execution of the `configure` script and a summary printed
-which lists any missing (optional) dependencies.
-
-
-Contributing
-------------
-
-The libvirt project welcomes contributions in many ways. For most components
-the best way to contribute is to send patches to the primary development
-mailing list. Further guidance on this can be found on the website:
-
-[https://libvirt.org/contribute.html](https://libvirt.org/contribute.html)
-
-
-Contact
--------
-
-The libvirt project has two primary mailing lists:
-
-  * libvirt-users@redhat.com (**for user discussions**)
-  * libvir-list@redhat.com (**for development only**)
-
-Further details on contacting the project are available on the website:
-
-[https://libvirt.org/contact.html](https://libvirt.org/contact.html)

README.rst

@@ -0,0 +1,72 @@
+.. image:: https://gitlab.com/libvirt/libvirt/badges/master/pipeline.svg
+     :target: https://gitlab.com/libvirt/libvirt/pipelines
+     :alt: GitLab CI Build Status
+.. image:: https://bestpractices.coreinfrastructure.org/projects/355/badge
+     :target: https://bestpractices.coreinfrastructure.org/projects/355
+     :alt: CII Best Practices
+.. image:: https://translate.fedoraproject.org/widgets/libvirt/-/libvirt/svg-badge.svg
+     :target: https://translate.fedoraproject.org/engage/libvirt/
+     :alt: Translation status
+
+==============================
+Libvirt API for virtualization
+==============================
+
+Libvirt provides a portable, long term stable C API for managing the
+virtualization technologies provided by many operating systems. It
+includes support for QEMU, KVM, Xen, LXC, bhyve, Virtuozzo, VMware
+vCenter and ESX, VMware Desktop, Hyper-V, VirtualBox and the POWER
+Hypervisor.
+
+For some of these hypervisors, it provides a stateful management
+daemon which runs on the virtualization host allowing access to the
+API both by non-privileged local users and remote users.
+
+Layered packages provide bindings of the libvirt C API into other
+languages including Python, Perl, PHP, Go, Java, OCaml, as well as
+mappings into object systems such as GObject, CIM and SNMP.
+
+Further information about the libvirt project can be found on the
+website:
+
+https://libvirt.org
+
+
+License
+=======
+
+The libvirt C API is distributed under the terms of GNU Lesser General
+Public License, version 2.1 (or later). Some parts of the code that are
+not part of the C library may have the more restrictive GNU General
+Public License, version 2.0 (or later). See the files ``COPYING.LESSER``
+and ``COPYING`` for full license terms & conditions.
+
+
+Installation
+============
+
+Instructions on building and installing libvirt can be found on the website:
+
+https://libvirt.org/compiling.html
+
+Contributing
+============
+
+The libvirt project welcomes contributions in many ways. For most components
+the best way to contribute is to send patches to the primary development
+mailing list. Further guidance on this can be found on the website:
+
+https://libvirt.org/contribute.html
+
+
+Contact
+=======
+
+The libvirt project has two primary mailing lists:
+
+* libvirt-users@redhat.com (**for user discussions**)
+* libvir-list@redhat.com (**for development only**)
+
+Further details on contacting the project are available on the website:
+
+https://libvirt.org/contact.html

autogen.sh

@@ -1,44 +0,0 @@
-#!/bin/sh
-# Run this to generate all the initial makefiles, etc.
-test -n "$srcdir" || srcdir=$(dirname "$0")
-test -n "$srcdir" || srcdir=.
-
-olddir=$(pwd)
-
-cd "$srcdir"
-
-(test -f src/libvirt.c) || {
-    echo -n "**Error**: Directory "\`$srcdir\'" does not look like the"
-    echo " top-level libvirt directory"
-    exit 1
-}
-
-git submodule update --init || exit 1
-
-autoreconf --verbose --force --install || exit 1
-
-if test "x$1" = "x--system"; then
-    shift
-    prefix=/usr
-    libdir=$prefix/lib
-    sysconfdir=/etc
-    localstatedir=/var
-    if [ -d /usr/lib64 ]; then
-      libdir=$prefix/lib64
-    fi
-    EXTRA_ARGS="--prefix=$prefix --sysconfdir=$sysconfdir --localstatedir=$localstatedir --libdir=$libdir"
-fi
-
-cd "$olddir"
-
-if [ "$NOCONFIGURE" = "" ]; then
-        $srcdir/configure $EXTRA_ARGS "$@" || exit 1
-
-        if [ "$1" = "--help" ]; then
-                exit 0
-        else
-                echo "Now type 'make' to compile libvirt" || exit 1
-        fi
-else
-        echo "Skipping configure process."
-fi

build-aux/Makefile.in

@@ -0,0 +1,12 @@
+# define variables
+
+top_srcdir = @top_srcdir@
+top_builddir = @top_builddir@
+FLAKE8 = @flake8_path@
+RUNUTF8 = @runutf8@
+PYTHON = @PYTHON3@
+GREP = @GREP@
+SED = @SED@
+
+# include syntax-check.mk file
+include $(top_srcdir)/build-aux/syntax-check.mk

build-aux/check-spacing.pl

@@ -24,11 +24,6 @@ my $ret = 0;
 my $incomment = 0;
 
 foreach my $file (@ARGV) {
-    # Per-file variables for multiline Curly Bracket (cb_) check
-    my $cb_linenum = 0;
-    my $cb_code = "";
-    my $cb_scolon = 0;
-
     open FILE, $file;
 
     while (defined (my $line = <FILE>)) {
@@ -160,37 +155,6 @@ foreach my $file (@ARGV) {
             print "$file:$.: $line";
             $ret = 1;
         }
-
-        # One line conditional statements with one line bodies should
-        # not use curly brackets.
-        if ($data =~ /^\s*(if|while|for)\b.*\{$/) {
-            $cb_linenum = $.;
-            $cb_code = $line;
-            $cb_scolon = 0;
-        }
-
-        # We need to check for exactly one semicolon inside the body,
-        # because empty statements (e.g. with comment only) are
-        # allowed
-        if ($cb_linenum == $. - 1 && $data =~ /^[^;]*;[^;]*$/) {
-            $cb_code .= $line;
-            $cb_scolon = 1;
-        }
-
-        if ($data =~ /^\s*}\s*$/ &&
-            $cb_linenum == $. - 2 &&
-            $cb_scolon) {
-
-            print "Curly brackets around single-line body:\n";
-            print "$file:$cb_linenum-$.:\n$cb_code$line";
-            $ret = 1;
-
-            # There _should_ be no need to reset the values; but to
-            # keep my inner peace...
-            $cb_linenum = 0;
-            $cb_scolon = 0;
-            $cb_code = "";
-        }
     }
     close FILE;
 }

build-aux/meson.build

@@ -0,0 +1,69 @@
+syntax_check_conf = configuration_data()
+syntax_check_conf.set('top_srcdir', meson.source_root())
+syntax_check_conf.set('top_builddir', meson.build_root())
+
+flake8_path = ''
+if flake8_prog.found()
+  flake8_path = flake8_prog.path()
+endif
+syntax_check_conf.set('flake8_path', flake8_path)
+syntax_check_conf.set('runutf8', ' '.join(runutf8))
+syntax_check_conf.set('PYTHON3', python3_prog.path())
+
+if host_machine.system() == 'freebsd' or host_machine.system() == 'darwin'
+  make_prog = find_program('gmake')
+  sed_prog = find_program('gsed')
+else
+  make_prog = find_program('make')
+  sed_prog = find_program('sed')
+endif
+
+if host_machine.system() == 'freebsd'
+  grep_prog = find_program('grep')
+  grep_cmd = run_command(grep_prog, '--version')
+  if grep_cmd.stdout().startswith('grep (BSD grep')
+    grep_prog = find_program('/usr/local/bin/grep', required: false)
+    if not grep_prog.found()
+      error('GNU grep not found')
+    endif
+  endif
+elif host_machine.system() == 'darwin'
+  grep_prog = find_program('ggrep')
+else
+  grep_prog = find_program('grep')
+endif
+
+syntax_check_conf.set('GREP', grep_prog.path())
+syntax_check_conf.set('SED', sed_prog.path())
+
+configure_file(
+  input: 'Makefile.in',
+  output: '@BASENAME@',
+  configuration: syntax_check_conf,
+)
+
+rc = run_command(
+  'sed', '-n',
+  's/^\\(sc_[a-zA-Z0-9_-]*\\):.*/\\1/p',
+  meson.current_source_dir() / 'syntax-check.mk',
+  check: true,
+)
+
+sc_tests = rc.stdout().strip().split()
+
+
+# Skip syntax-check if not building from git because we get the list of files
+# to check using git commands and it fails if we are not in git repository.
+if git
+  foreach target : sc_tests
+    test(
+      target,
+      make_prog,
+      args: [ '-C', meson.current_build_dir(), target ],
+      depends: [
+        potfiles_dep,
+      ],
+      suite: 'syntax-check',
+    )
+  endforeach
+endif

build-aux/syntax-check.mk

@@ -21,14 +21,12 @@
 
 # This is reported not to work with make-3.79.1
 # ME := $(word $(words $(MAKEFILE_LIST)),$(MAKEFILE_LIST))
-ME := $(_build-aux)/syntax-check.mk
+ME := build-aux/syntax-check.mk
 
 # These variables ought to be defined through the configure.ac section
 # of the module description. But some packages import this file directly,
 # ignoring the module description.
 AWK ?= awk
-GREP ?= grep
-SED ?= sed
 
 # Helper variables.
 _empty =
@@ -39,43 +37,36 @@ _sp = $(_empty) $(_empty)
 # If S1 == S2, return S1, otherwise the empty string.
 _equal = $(and $(findstring $(1),$(2)),$(findstring $(2),$(1)))
 
-GIT = git
-VC = $(GIT)
-
-VC_LIST = $(srcdir)/$(_build-aux)/vc-list-files -C $(srcdir)
+VC_LIST = cd $(top_srcdir); git ls-tree -r 'HEAD:' | \
+          sed -n "s|^100[^	]*.||p"
 
 # You can override this variable in syntax-check.mk to set your own regexp
 # matching files to ignore.
 VC_LIST_ALWAYS_EXCLUDE_REGEX ?= ^$$
 
 # This is to preprocess robustly the output of $(VC_LIST), so that even
-# when $(srcdir) is a pathological name like "....", the leading sed command
+# when $(top_srcdir) is a pathological name like "....", the leading sed command
 # removes only the intended prefix.
-_dot_escaped_srcdir = $(subst .,\.,$(srcdir))
-_dot_escaped_builddir = $(subst .,\.,$(builddir))
+_dot_escaped_srcdir = $(subst .,\.,$(top_srcdir))
+_dot_escaped_builddir = $(subst .,\.,$(top_builddir))
 
-# Post-process $(VC_LIST) output, prepending $(srcdir)/, but only
-# when $(srcdir) is not ".".
-ifeq ($(srcdir),.)
+# Post-process $(VC_LIST) output, prepending $(top_srcdir)/, but only
+# when $(top_srcdir) is not ".".
+ifeq ($(top_srcdir),.)
   _prepend_srcdir_prefix =
 else
-  _prepend_srcdir_prefix = | $(SED) 's|^|$(srcdir)/|'
+  _prepend_srcdir_prefix = | $(SED) 's|^|$(top_srcdir)/|'
 endif
 
 # In order to be able to consistently filter "."-relative names,
-# (i.e., with no $(srcdir) prefix), this definition is careful to
-# remove any $(srcdir) prefix, and to restore what it removes.
+# (i.e., with no $(top_srcdir) prefix), this definition is careful to
+# remove any $(top_srcdir) prefix, and to restore what it removes.
 _sc_excl = \
   $(or $(exclude_file_name_regexp--$@),^$$)
 VC_LIST_EXCEPT = \
-  $(VC_LIST) | $(SED) 's|^$(_dot_escaped_srcdir)/||' \
-	| $(GREP) -Ev -e '($(VC_LIST_ALWAYS_EXCLUDE_REGEX)|$(_sc_excl))' \
+  $(VC_LIST) | $(GREP) -Ev -e '($(VC_LIST_ALWAYS_EXCLUDE_REGEX)|$(_sc_excl))' \
 	$(_prepend_srcdir_prefix)
 
-# Override this in syntax-check.mk if you are using a different format in your
-# NEWS file.
-today = $(shell date +%Y-%m-%d)
-
 # Prevent programs like 'sort' from considering distinct strings to be equal.
 # Doing it here saves us from having to set LC_ALL elsewhere in this file.
 export LC_ALL = C
@@ -84,22 +75,13 @@ export LC_ALL = C
 ## Sanity checks.  ##
 ## --------------- ##
 
-_cfg_mk := $(wildcard $(srcdir)/$(_build-aux)/syntax-check.mk)
+_cfg_mk := $(wildcard $(top_srcdir)/build-aux/syntax-check.mk)
 
 # Collect the names of rules starting with 'sc_'.
 syntax-check-rules := $(sort $(shell $(SED) -n \
-   's/^\(sc_[a-zA-Z0-9_-]*\):.*/\1/p' $(srcdir)/$(ME) $(_cfg_mk)))
+   's/^\(sc_[a-zA-Z0-9_-]*\):.*/\1/p' $(top_srcdir)/$(ME) $(_cfg_mk)))
 .PHONY: $(syntax-check-rules)
 
-ifeq ($(shell $(VC_LIST) >/dev/null 2>&1; echo $$?),0)
-  local-checks-available += $(syntax-check-rules)
-else
-  local-checks-available += no-vc-detected
-no-vc-detected:
-	@echo "No version control files detected; skipping syntax check"
-endif
-.PHONY: $(local-checks-available)
-
 # Arrange to print the name of each syntax-checking rule just before running it.
 $(syntax-check-rules): %: %.m
 sc_m_rules_ = $(patsubst %, %.m, $(syntax-check-rules))
@@ -122,191 +104,14 @@ $(sc_z_rules_): %.z: %
 # that computes and prints elapsed time.
 local-check :=								\
   $(patsubst sc_%, sc_%.z,						\
-    $(filter-out $(local-checks-to-skip), $(local-checks-available)))
+    $(filter-out $(local-checks-to-skip), $(syntax-check-rules)))
 
 syntax-check: $(local-check)
 
-_test_script_regex = \<test-lib\.sh\>
-
 # Files that should never cause syntax check failures.
 VC_LIST_ALWAYS_EXCLUDE_REGEX = \
   (^(docs/(news(-[0-9]*)?\.html\.in|.*\.patch))|\.(po|fig|gif|ico|png))$$
 
-# Functions like free() that are no-ops on NULL arguments.
-useless_free_options = \
-  --name=VBOX_UTF16_FREE \
-  --name=VBOX_UTF8_FREE \
-  --name=VBOX_COM_UNALLOC_MEM \
-  --name=VIR_FREE \
-  --name=qemuCapsFree \
-  --name=qemuMigrationCookieFree \
-  --name=qemuMigrationCookieGraphicsFree \
-  --name=sexpr_free \
-  --name=usbFreeDevice \
-  --name=virBandwidthDefFree \
-  --name=virBitmapFree \
-  --name=virCPUDefFree \
-  --name=virCapabilitiesFree \
-  --name=virCapabilitiesFreeGuest \
-  --name=virCapabilitiesFreeGuestDomain \
-  --name=virCapabilitiesFreeGuestFeature \
-  --name=virCapabilitiesFreeGuestMachine \
-  --name=virCapabilitiesFreeHostNUMACell \
-  --name=virCapabilitiesFreeMachines \
-  --name=virCgroupFree \
-  --name=virCommandFree \
-  --name=virConfFreeList \
-  --name=virConfFreeValue \
-  --name=virDomainActualNetDefFree \
-  --name=virDomainChrDefFree \
-  --name=virDomainControllerDefFree \
-  --name=virDomainDefFree \
-  --name=virDomainDeviceDefFree \
-  --name=virDomainDiskDefFree \
-  --name=virDomainEventCallbackListFree \
-  --name=virObjectEventQueueFree \
-  --name=virDomainFSDefFree \
-  --name=virDomainGraphicsDefFree \
-  --name=virDomainHostdevDefFree \
-  --name=virDomainInputDefFree \
-  --name=virDomainNetDefFree \
-  --name=virDomainObjFree \
-  --name=virDomainSmartcardDefFree \
-  --name=virDomainSnapshotObjFree \
-  --name=virDomainSoundDefFree \
-  --name=virDomainVideoDefFree \
-  --name=virDomainWatchdogDefFree \
-  --name=virFileDirectFdFree \
-  --name=virHashFree \
-  --name=virInterfaceDefFree \
-  --name=virInterfaceIpDefFree \
-  --name=virInterfaceObjFree \
-  --name=virInterfaceProtocolDefFree \
-  --name=virJSONValueFree \
-  --name=virLastErrFreeData \
-  --name=virNetMessageFree \
-  --name=virNWFilterDefFree \
-  --name=virNWFilterEntryFree \
-  --name=virNWFilterHashTableFree \
-  --name=virNWFilterIPAddrLearnReqFree \
-  --name=virNWFilterIncludeDefFree \
-  --name=virNWFilterObjFree \
-  --name=virNWFilterRuleDefFree \
-  --name=virNWFilterRuleInstFree \
-  --name=virNetworkDefFree \
-  --name=virNodeDeviceDefFree \
-  --name=virNodeDeviceObjFree \
-  --name=virObjectUnref \
-  --name=virObjectFreeCallback \
-  --name=virPCIDeviceFree \
-  --name=virSecretDefFree \
-  --name=virStorageEncryptionFree \
-  --name=virStorageEncryptionSecretFree \
-  --name=virStorageFileFreeMetadata \
-  --name=virStoragePoolDefFree \
-  --name=virStoragePoolObjFree \
-  --name=virStoragePoolSourceFree \
-  --name=virStorageVolDefFree \
-  --name=virThreadPoolFree \
-  --name=xmlBufferFree \
-  --name=xmlFree \
-  --name=xmlFreeDoc \
-  --name=xmlFreeNode \
-  --name=xmlXPathFreeContext \
-  --name=xmlXPathFreeObject
-
-# The following template was generated by this command:
-# make ID && aid free|grep '^vi'|sed 's/ .*//;s/^/#   /'
-# N virBufferFreeAndReset
-# y virCPUDefFree
-# y virCapabilitiesFree
-# y virCapabilitiesFreeGuest
-# y virCapabilitiesFreeGuestDomain
-# y virCapabilitiesFreeGuestFeature
-# y virCapabilitiesFreeGuestMachine
-# y virCapabilitiesFreeHostNUMACell
-# y virCapabilitiesFreeMachines
-# N virCapabilitiesFreeNUMAInfo FIXME
-# y virCgroupFree
-# N virConfFree               (diagnoses the "error")
-# y virConfFreeList
-# y virConfFreeValue
-# y virDomainChrDefFree
-# y virDomainControllerDefFree
-# y virDomainDefFree
-# y virDomainDeviceDefFree
-# y virDomainDiskDefFree
-# y virDomainEventCallbackListFree
-# y virDomainEventQueueFree
-# y virDomainFSDefFree
-# n virDomainFree
-# n virDomainFreeName (can't fix -- returns int)
-# y virDomainGraphicsDefFree
-# y virDomainHostdevDefFree
-# y virDomainInputDefFree
-# y virDomainNetDefFree
-# y virDomainObjFree
-# n virDomainSnapshotFree (returns int)
-# n virDomainSnapshotFreeName (returns int)
-# y virDomainSnapshotObjFree
-# y virDomainSoundDefFree
-# y virDomainVideoDefFree
-# y virDomainWatchdogDefFree
-# n virDrvNodeGetCellsFreeMemory (returns int)
-# n virDrvNodeGetFreeMemory (returns long long)
-# n virFree - dereferences param
-# n virFreeError
-# n virHashFree (takes 2 args)
-# y virInterfaceDefFree
-# n virInterfaceFree (returns int)
-# n virInterfaceFreeName
-# y virInterfaceIpDefFree
-# y virInterfaceObjFree
-# n virInterfaceObjListFree
-# y virInterfaceProtocolDefFree
-# y virJSONValueFree
-# y virLastErrFreeData
-# y virNWFilterDefFree
-# y virNWFilterEntryFree
-# n virNWFilterFree (returns int)
-# y virNWFilterHashTableFree
-# y virNWFilterIPAddrLearnReqFree
-# y virNWFilterIncludeDefFree
-# n virNWFilterFreeName (returns int)
-# y virNWFilterObjFree
-# n virNWFilterObjListFree FIXME
-# y virNWFilterRuleDefFree
-# n virNWFilterRuleFreeInstanceData (typedef)
-# y virNWFilterRuleInstFree
-# y virNetworkDefFree
-# n virNetworkFree (returns int)
-# n virNetworkFreeName (returns int)
-# n virNodeDevCapsDefFree FIXME
-# y virNodeDeviceDefFree
-# n virNodeDeviceFree (returns int)
-# y virNodeDeviceObjFree
-# n virNodeDeviceObjListFree FIXME
-# n virNodeGetCellsFreeMemory (returns int)
-# n virNodeGetFreeMemory (returns non-void)
-# y virSecretDefFree
-# n virSecretFree (returns non-void)
-# n virSecretFreeName (2 args)
-# n virSecurityLabelDefFree FIXME
-# n virStorageBackendDiskMakeFreeExtent (returns non-void)
-# y virStorageEncryptionFree
-# y virStorageEncryptionSecretFree
-# n virStorageFreeType (enum)
-# y virStoragePoolDefFree
-# n virStoragePoolFree (returns non-void)
-# n virStoragePoolFreeName (returns non-void)
-# y virStoragePoolObjFree
-# n virStoragePoolObjListFree FIXME
-# y virStoragePoolSourceFree
-# y virStorageVolDefFree
-# n virStorageVolFree (returns non-void)
-# n virStorageVolFreeName (returns non-void)
-# n virStreamFree
-
 # Avoid uses of write(2).  Either switch to streams (fwrite), or use
 # the safewrite wrapper.
 sc_avoid_write:
@@ -333,11 +138,11 @@ sc_flags_debug:
 # than d).  The existence of long long, and of documentation about
 # flags, makes the regex in the third test slightly harder.
 sc_flags_usage:
-	@test "$$(cat $(srcdir)/include/libvirt/libvirt-domain.h \
-	    $(srcdir)/include/libvirt/virterror.h \
-	    $(srcdir)/include/libvirt/libvirt-qemu.h \
-	    $(srcdir)/include/libvirt/libvirt-lxc.h \
-	    $(srcdir)/include/libvirt/libvirt-admin.h \
+	@test "$$(cat $(top_srcdir)/include/libvirt/libvirt-domain.h \
+	    $(top_srcdir)/include/libvirt/virterror.h \
+	    $(top_srcdir)/include/libvirt/libvirt-qemu.h \
+	    $(top_srcdir)/include/libvirt/libvirt-lxc.h \
+	    $(top_srcdir)/include/libvirt/libvirt-admin.h \
 	  | $(GREP) -c '\(long\|unsigned\) flags')" != 4 && \
 	  { echo '$(ME): new API should use "unsigned int flags"' 1>&2; \
 	    exit 1; } || :
@@ -478,7 +283,7 @@ sc_prohibit_gethostname:
 sc_prohibit_readdir:
 	@prohibit='\b(read|close|open)dir *\(' \
 	exclude='exempt from syntax-check' \
-	halt='use virDirOpen, virDirRead and VIR_DIR_CLOSE' \
+	halt='use virDirOpen, virDirRead and g_autoptr(DIR)' \
 	  $(_sc_search_regexp)
 
 sc_prohibit_gettext_noop:
@@ -486,19 +291,15 @@ sc_prohibit_gettext_noop:
 	halt='use N_, not gettext_noop' \
 	  $(_sc_search_regexp)
 
-sc_prohibit_VIR_ERR_NO_MEMORY:
-	@prohibit='\<VIR_ERR_NO_MEMORY\>' \
-	halt='use virReportOOMError, not VIR_ERR_NO_MEMORY' \
-	  $(_sc_search_regexp)
-
 sc_prohibit_PATH_MAX:
 	@prohibit='\<PATH_MAX\>' \
 	halt='dynamically allocate paths, do not use PATH_MAX' \
 	  $(_sc_search_regexp)
 
-include $(srcdir)/Makefile.nonreentrant
+include $(top_srcdir)/build-aux/Makefile.nonreentrant
 sc_prohibit_nonreentrant:
 	@prohibit="\\<(${NON_REENTRANT_RE}) *\\(" \
+	exclude='exempt from syntax-check' \
 	halt="use re-entrant functions (usually ending with _r)" \
 	  $(_sc_search_regexp)
 
@@ -679,7 +480,7 @@ msg_gen_function += virReportErrorHelper
 msg_gen_function += virReportSystemError
 msg_gen_function += virLastErrorPrefixMessage
 
-# Uncomment the following and run "make syntax-check" to see diagnostics
+# Uncomment the following and run "ninja test" to see diagnostics
 # that are not yet marked for translation, but that need to be rewritten
 # so that they are translatable.
 # msg_gen_function += fprintf
@@ -785,38 +586,6 @@ sc_spec_indentation:
 	  echo '$(ME): skipping test $@: cppi not installed' 1>&2; \
 	fi
 
-# Nested conditionals are easier to understand if we enforce that endifs
-# can be paired back to the if
-sc_makefile_conditionals:
-	@prohibit='(else|endif)($$| *#)' \
-	in_vc_files='Makefile\.am' \
-	halt='match "if FOO" with "endif FOO" in Makefiles' \
-	  $(_sc_search_regexp)
-
-# Long lines can be harder to diff; too long, and git send-email chokes.
-# For now, only enforce line length on files where we have intentionally
-# fixed things and don't want to regress.
-sc_prohibit_long_lines:
-	@prohibit='.{90}' \
-	in_vc_files='\.arg[sv]' \
-	halt='Wrap long lines in expected output files' \
-	  $(_sc_search_regexp)
-	@prohibit='.{80}' \
-	in_vc_files='Makefile(\.inc)?\.am' \
-	halt='Wrap long lines in Makefiles' \
-	  $(_sc_search_regexp)
-
-sc_copyright_format:
-	@require='Copyright .*Red 'Hat', Inc\.' \
-	containing='Copyright .*Red 'Hat \
-	halt='Red Hat copyright is missing Inc.' \
-	  $(_sc_search_regexp)
-	@prohibit='Copyright [^(].*Red 'Hat \
-	halt='consistently use (C) in Red Hat copyright' \
-	  $(_sc_search_regexp)
-	@prohibit='\<RedHat\>' \
-	halt='spell Red Hat as two words' \
-	  $(_sc_search_regexp)
 
 # Prefer the new URL listing over the old street address listing when
 # calling out where to get a copy of the [L]GPL.  Also, while we have
@@ -845,7 +614,7 @@ sc_prohibit_gettext_markup:
 
 # Our code is divided into modular subdirectories for a reason, and
 # lower-level code must not include higher-level headers.
-cross_dirs=$(patsubst $(srcdir)/src/%.,%,$(wildcard $(srcdir)/src/*/.))
+cross_dirs=$(patsubst $(top_srcdir)/src/%.,%,$(wildcard $(top_srcdir)/src/*/.))
 cross_dirs_re=($(subst / ,/|,$(cross_dirs)))
 mid_dirs=access|admin|conf|cpu|locking|logging|rpc|security
 sc_prohibit_cross_inclusion:
@@ -890,8 +659,10 @@ FLAKE8_IGNORE = E501,W504
 
 sc_flake8:
 	@if [ -n "$(FLAKE8)" ]; then \
-		$(VC_LIST_EXCEPT) | $(GREP) '\.py$$' | xargs \
-			$(FLAKE8) --ignore $(FLAKE8_IGNORE) --show-source; \
+		DOT_PY=$$($(VC_LIST_EXCEPT) | $(GREP) '\.py$$'); \
+		BANG_PY=$$($(VC_LIST_EXCEPT) | xargs grep -l '^#!/usr/bin/env python3$$'); \
+		ALL_PY=$$(printf "%s\n%s" "$$DOT_PY" "$$BANG_PY" | sort -u); \
+		echo "$$ALL_PY" | xargs $(FLAKE8) --ignore $(FLAKE8_IGNORE) --show-source; \
 	else \
 		echo '$(ME): skipping test $@: flake8 not installed' 1>&2; \
 	fi
@@ -900,6 +671,7 @@ sc_flake8:
 sc_prohibit_exit_in_tests:
 	@prohibit='\<exit *\(' \
 	in_vc_files='tests/.*\.c$$' \
+	exclude='exempt from syntax-check' \
 	halt='use return, not exit(), in tests' \
 	  $(_sc_search_regexp)
 
@@ -1017,7 +789,8 @@ sc_require_locale_h:
 
 sc_prohibit_empty_first_line:
 	@$(VC_LIST_EXCEPT) | xargs awk 'BEGIN { fail=0; } \
-	FNR == 1 { if ($$0 == "") { print FILENAME ":1:"; fail=1; } } \
+	FNR == 1 { maybe_fail = $$0 == ""; } \
+	FNR == 2 { if (maybe_fail == 1) { print FILENAME ":1:"; fail=1; } } \
 	END { if (fail == 1) { \
 	  print "$(ME): Prohibited empty first line" > "/dev/stderr"; \
 	} exit fail; }'
@@ -1062,10 +835,10 @@ sc_prohibit_sysconf_pagesize:
 	halt='use virGetSystemPageSize[KB] instead of sysconf(_SC_PAGESIZE)' \
 	  $(_sc_search_regexp)
 
-sc_prohibit_virSecurity:
+sc_prohibit_virSecurityManager:
 	@$(VC_LIST_EXCEPT) | $(GREP) 'src/qemu/' | \
 		$(GREP) -v 'src/qemu/qemu_security' | \
-		xargs $(GREP) -Pn 'virSecurityManager(?!Ptr)' /dev/null && \
+		xargs $(GREP) -Pn 'virSecurityManager\S*\(' /dev/null && \
 		{ echo '$(ME): prefer qemuSecurity wrappers' 1>&2; exit 1; } || :
 
 sc_prohibit_pthread_create:
@@ -1137,7 +910,7 @@ sc_prohibit_backslash_alignment:
 # Rule to ensure that variables declared using a cleanup macro are
 # always initialized.
 sc_require_attribute_cleanup_initialization:
-	@prohibit='((g_auto(ptr|free)?)|(VIR_AUTO((FREE|PTR|UNREF|CLEAN)\(.+\)|CLOSE|STRINGLIST))) *[^=]+;' \
+	@prohibit='((g_auto(ptr|free|slist)?)|VIR_AUTOCLOSE)) *[^=]+;' \
 	in_vc_files='\.[chx]$$' \
 	halt='variable declared with a cleanup macro must be initialized' \
 	  $(_sc_search_regexp)
@@ -1188,7 +961,7 @@ sc_prohibit_dirent_d_type:
 #     grep-E-style regexp selecting the files to check.  For in_vc_files,
 #     the regexp is used to select matching files from the list of all
 #     version-controlled files; for in_files, it's from the names printed
-#     by "find $(srcdir)".  When neither is specified, use all files that
+#     by "find $(top_srcdir)".  When neither is specified, use all files that
 #     are under version control.
 #
 #  containing | non_containing
@@ -1260,7 +1033,7 @@ define _sc_search_regexp
 									\
    : Filter by file name;						\
    if test -n "$$in_files"; then					\
-     files=$$(find $(srcdir) | $(GREP) -E "$$in_files"			\
+     files=$$(find $(top_srcdir) | $(GREP) -E "$$in_files"			\
               | $(GREP) -Ev '$(_sc_excl)');				\
    else									\
      files=$$($(VC_LIST_EXCEPT));					\
@@ -1300,17 +1073,6 @@ define _sc_search_regexp
    fi || :;
 endef
 
-sc_avoid_if_before_free:
-	@$(VC_LIST_EXCEPT)						\
-	  | $(GREP) -v useless-if-before-free				\
-	  | xargs							\
-	      $(srcdir)/$(_build-aux)/useless-if-before-free		\
-	      $(useless_free_options)					\
-	  && { printf '$(ME): found useless "if"'			\
-		      ' before "free" above\n' 1>&2;			\
-	       exit 1; }						\
-	  || :
-
 sc_cast_of_argument_to_free:
 	@prohibit='\<free *\( *\(' halt="don't cast free argument"	\
 	  $(_sc_search_regexp)
@@ -1412,11 +1174,6 @@ sc_require_config_h_first:
 	else :;								\
 	fi
 
-sc_prohibit_HAVE_MBRTOWC:
-	@prohibit='\bHAVE_MBRTOWC\b'					\
-	halt="do not use $$prohibit; it is always defined"		\
-	  $(_sc_search_regexp)
-
 # To use this "command" macro, you must first define two shell variables:
 # h: the header name, with no enclosing <> or ""
 # re: a regular expression that matches IFF something provided by $h is used.
@@ -1437,97 +1194,10 @@ endef
 sc_prohibit_assert_without_use:
 	@h='assert.h' re='\<assert *\(' $(_sc_header_without_use)
 
-# Prohibit the inclusion of close-stream.h without an actual use.
-sc_prohibit_close_stream_without_use:
-	@h='close-stream.h' re='\<close_stream *\(' $(_sc_header_without_use)
-
 # Prohibit the inclusion of getopt.h without an actual use.
 sc_prohibit_getopt_without_use:
 	@h='getopt.h' re='\<getopt(_long)? *\(' $(_sc_header_without_use)
 
-# Don't include this header unless you use one of its functions.
-sc_prohibit_long_options_without_use:
-	@h='long-options.h' re='\<parse_(long_options|gnu_standard_options_only) *\(' \
-	  $(_sc_header_without_use)
-
-# Don't include this header unless you use one of its functions.
-sc_prohibit_inttostr_without_use:
-	@h='inttostr.h' re='\<(off|[iu]max|uint)tostr *\(' \
-	  $(_sc_header_without_use)
-
-# Don't include this header unless you use one of its functions.
-sc_prohibit_ignore_value_without_use:
-	@h='ignore-value.h' re='\<ignore_(value|ptr) *\(' \
-	  $(_sc_header_without_use)
-
-# Don't include this header unless you use one of its functions.
-sc_prohibit_error_without_use:
-	@h='error.h' \
-	re='\<error(_at_line|_print_progname|_one_per_line|_message_count)? *\('\
-	  $(_sc_header_without_use)
-
-# Don't include xalloc.h unless you use one of its functions.
-# Consider these symbols:
-# perl -lne '/^# *define (\w+)\(/ and print $1' lib/xalloc.h|grep -v '^__';
-# perl -lne '/^(?:extern )?(?:void|char) \*?(\w+) *\(/ and print $1' lib/xalloc.h
-# Divide into two sets on case, and filter each through this:
-# | sort | perl -MRegexp::Assemble -le \
-#  'print Regexp::Assemble->new(file => "/dev/stdin")->as_string'|sed 's/\?://g'
-# Note this was produced by the above:
-# _xa1 = \
-#x(((2n?)?re|c(har)?|n(re|m)|z)alloc|alloc_(oversized|die)|m(alloc|emdup)|strdup)
-# But we can do better, in at least two ways:
-# 1) take advantage of two "dup"-suffixed strings:
-# x(((2n?)?re|c(har)?|n(re|m)|[mz])alloc|alloc_(oversized|die)|(mem|str)dup)
-# 2) notice that "c(har)?|[mz]" is equivalent to the shorter and more readable
-# "char|[cmz]"
-# x(((2n?)?re|char|n(re|m)|[cmz])alloc|alloc_(oversized|die)|(mem|str)dup)
-_xa1 = x(((2n?)?re|char|n(re|m)|[cmz])alloc|alloc_(oversized|die)|(mem|str)dup)
-_xa2 = X([CZ]|N?M)ALLOC
-sc_prohibit_xalloc_without_use:
-	@h='xalloc.h' \
-	re='\<($(_xa1)|$(_xa2)) *\('\
-	  $(_sc_header_without_use)
-
-sc_prohibit_cloexec_without_use:
-	@h='cloexec.h' re='\<(set_cloexec_flag|dup_cloexec) *\(' \
-	  $(_sc_header_without_use)
-
-sc_prohibit_posixver_without_use:
-	@h='posixver.h' re='\<posix2_version *\(' $(_sc_header_without_use)
-
-sc_prohibit_same_without_use:
-	@h='same.h' re='\<same_name(at)? *\(' $(_sc_header_without_use)
-
-sc_prohibit_hash_pjw_without_use:
-	@h='hash-pjw.h' \
-	re='\<hash_pjw\>' \
-	  $(_sc_header_without_use)
-
-sc_prohibit_safe_read_without_use:
-	@h='safe-read.h' re='(\<SAFE_READ_ERROR\>|\<safe_read *\()' \
-	  $(_sc_header_without_use)
-
-sc_prohibit_argmatch_without_use:
-	@h='argmatch.h' \
-	re='(\<(ARRAY_CARDINALITY|X?ARGMATCH(|_TO_ARGUMENT|_VERIFY))\>|\<(invalid_arg|argmatch(_exit_fn|_(in)?valid)?) *\()' \
-	  $(_sc_header_without_use)
-
-sc_prohibit_canonicalize_without_use:
-	@h='canonicalize.h' \
-	re='CAN_(EXISTING|ALL_BUT_LAST|MISSING)|canonicalize_(mode_t|filename_mode|file_name)' \
-	  $(_sc_header_without_use)
-
-sc_prohibit_root_dev_ino_without_use:
-	@h='root-dev-ino.h' \
-	re='(\<ROOT_DEV_INO_(CHECK|WARN)\>|\<get_root_dev_ino *\()' \
-	  $(_sc_header_without_use)
-
-sc_prohibit_openat_without_use:
-	@h='openat.h' \
-	re='\<(openat_(permissive|needs_fchdir|(save|restore)_fail)|l?(stat|ch(own|mod))at|(euid)?accessat|(FCHMOD|FCHOWN|STAT)AT_INLINE)\>' \
-	  $(_sc_header_without_use)
-
 # The following list was generated by running:
 # man signal.h|col -b|perl -ne '/bsd_signal.*;/.../sigwaitinfo.*;/ and print' \
 #   | perl -lne '/^\s+(?:int|void).*?(\w+).*/ and print $1' | fmt
@@ -1568,19 +1238,6 @@ sc_prohibit_stdio--_without_use:
 	@h='stdio--.h' re='\<((f(re)?|p)open|tmpfile) *\('		\
 	  $(_sc_header_without_use)
 
-# Don't include stdio-safer.h unless you use one of its functions.
-sc_prohibit_stdio-safer_without_use:
-	@h='stdio-safer.h' re='\<((f(re)?|p)open|tmpfile)_safer *\('	\
-	  $(_sc_header_without_use)
-
-# Prohibit the inclusion of strings.h without a sensible use.
-# Using the likes of bcmp, bcopy, bzero, index or rindex is not sensible.
-sc_prohibit_strings_without_use:
-	@h='strings.h'							\
-	re='\<(strn?casecmp|ffs(ll)?)\>'				\
-	  $(_sc_header_without_use)
-
-
 _stddef_syms_re = NULL|offsetof|ptrdiff_t|size_t|wchar_t
 # Prohibit the inclusion of stddef.h without an actual use.
 sc_prohibit_stddef_without_use:
@@ -1598,10 +1255,6 @@ sc_prohibit_dirent_without_use:
 	re='\<($(_dirent_syms_re))\>'					\
 	  $(_sc_header_without_use)
 
-# Don't include xfreopen.h unless you use one of its functions.
-sc_prohibit_xfreopen_without_use:
-	@h='xfreopen.h' re='\<xfreopen *\(' $(_sc_header_without_use)
-
 # Ensure that each .c file containing a "main" function also
 # calls bindtextdomain.
 sc_bindtextdomain:
@@ -1632,8 +1285,8 @@ sc_unmarked_diagnostics:
 
 
 sc_prohibit_defined_have_decl_tests:
-	@prohibit='(#[	 ]*ifn?def|\<defined)\>[	 (]+HAVE_DECL_'	\
-	halt='HAVE_DECL macros are always defined'			\
+	@prohibit='(#[	 ]*ifn?def|\<defined)\>[	 (]+WITH_DECL_'	\
+	halt='WITH_DECL macros are always defined'			\
 	  $(_sc_search_regexp)
 
 # ==================================================================
@@ -1644,14 +1297,6 @@ sc_prohibit_backup_files:
 	  { echo '$(ME): found version controlled backup file' 1>&2;	\
 	    exit 1; } || :
 
-# Require the latest GFDL.  Two regexp, since some .texi files end up
-# line wrapping between 'Free Documentation License,' and 'Version'.
-_GFDL_regexp = (Free ''Documentation.*Version 1\.[^3]|Version 1\.[^3] or any)
-sc_GFDL_version:
-	@prohibit='$(_GFDL_regexp)'					\
-	halt='GFDL vN, N!=3'						\
-	  $(_sc_search_regexp)
-
 # This Perl code is slightly obfuscated.  Not only is each "$" doubled
 # because it's in a Makefile, but the $$c's are comments;  we cannot
 # use "#" due to the way the script ends up concatenated onto one line.
@@ -1755,29 +1400,6 @@ sc_prohibit_test_double_equal:
 	halt='use "test x = x", not "test x =''= x"'			\
 	  $(_sc_search_regexp)
 
-# Each program that uses proper_name_utf8 must link with one of the
-# ICONV libraries.  Otherwise, some ICONV library must appear in LDADD.
-# The perl -0777 invocation below extracts the possibly-multi-line
-# definition of LDADD from the appropriate Makefile.am and exits 0
-# when it contains "ICONV".
-sc_proper_name_utf8_requires_ICONV:
-	@progs=$$($(VC_LIST_EXCEPT)					\
-		    | xargs $(GREP) -l 'proper_name_utf8 ''("');	\
-	if test "x$$progs" != x; then					\
-	  fail=0;							\
-	  for p in $$progs; do						\
-	    dir=$$(dirname "$$p");					\
-	    perl -0777							\
-	      -ne 'exit !(/^LDADD =(.+?[^\\]\n)/ms && $$1 =~ /ICONV/)'	\
-	      $$dir/Makefile.am && continue;				\
-	    base=$$(basename "$$p" .c);					\
-	    $(GREP) "$${base}_LDADD.*ICONV)" $$dir/Makefile.am > /dev/null	\
-	      || { fail=1; echo 1>&2 "$(ME): $$p uses proper_name_utf8"; }; \
-	  done;								\
-	  test $$fail = 1 &&						\
-	    { echo 1>&2 '$(ME): the above do not link with any ICONV library'; \
-	      exit 1; } || :;						\
-	fi
 
 # Warn about "c0nst struct Foo const foo[]",
 # but not about "char const *const foo" or "#define const const".
@@ -1792,43 +1414,6 @@ sc_const_long_option:
 	halt='add "const" to the above declarations'			\
 	  $(_sc_search_regexp)
 
-# Ensure that we use only the standard $(VAR) notation,
-# not @...@ in Makefile.am, now that we can rely on automake
-# to emit a definition for each substituted variable.
-# However, there is still one case in which @VAR@ use is not just
-# legitimate, but actually required: when augmenting an automake-defined
-# variable with a prefix.  For example, gettext uses this:
-# MAKEINFO = env LANG= LC_MESSAGES= LC_ALL= LANGUAGE= @MAKEINFO@
-# otherwise, makeinfo would put German or French (current locale)
-# navigation hints in the otherwise-English documentation.
-#
-# Allow the package to add exceptions via a hook in syntax-check.mk;
-# for example, @PRAGMA_SYSTEM_HEADER@ can be permitted by
-# setting this to ' && !/PRAGMA_SYSTEM_HEADER/'.
-_makefile_at_at_check_exceptions ?=
-sc_makefile_at_at_check:
-	@perl -ne '/\@\w+\@/'						\
-          -e ' && !/(\w+)\s+=.*\@\1\@$$/'				\
-          -e ''$(_makefile_at_at_check_exceptions)			\
-	  -e 'and (print "$$ARGV:$$.: $$_"), $$m=1; END {exit !$$m}'	\
-	    $$($(VC_LIST_EXCEPT) | $(GREP) -E '(^|/)(Makefile\.am|[^/]+\.mk)$$') \
-	  && { echo '$(ME): use $$(...), not @...@' 1>&2; exit 1; } || :
-
-sc_makefile_TAB_only_indentation:
-	@prohibit='^	[ ]{8}'						\
-	in_vc_files='akefile|\.mk$$'					\
-	halt='found TAB-8-space indentation'				\
-	  $(_sc_search_regexp)
-
-sc_m4_quote_check:
-	@prohibit='(AC_DEFINE(_UNQUOTED)?|AC_DEFUN)\([^[]'		\
-	in_vc_files='(^configure\.ac|\.m4)$$'				\
-	halt='quote the first arg to AC_DEF*'				\
-	  $(_sc_search_regexp)
-
-gen_source_files:
-	$(MAKE) -C src generated-sources
-
 fix_po_file_diag = \
 'you have changed the set of files with translatable diagnostics;\n\
 apply the above patch\n'
@@ -1838,8 +1423,8 @@ perl_translatable_files_list_ =						\
   -e 'foreach $$file (@ARGV) {'						\
   -e '	\# Consider only file extensions with one or two letters'	\
   -e '	$$file =~ /\...?$$/ or next;'					\
-  -e '	\# Ignore m4 and mk files'					\
-  -e '	$$file =~ /\.m[4k]$$/ and next;'				\
+  -e '	\# Ignore mk files'						\
+  -e '	$$file =~ /\.mk$$/ and next;'					\
   -e '	\# Ignore a .c or .h file with a corresponding .l or .y file'	\
   -e '	$$file =~ /(.+)\.[ch]$$/ && (-e "$${1}.l" || -e "$${1}.y")'	\
   -e '	  and next;'							\
@@ -1850,60 +1435,33 @@ perl_translatable_files_list_ =						\
 
 # Verify that all source files using _() (more specifically, files that
 # match $(_gl_translatable_string_re)) are listed in po/POTFILES.in.
-po_file ?= $(srcdir)/po/POTFILES.in
+po_file ?= $(top_srcdir)/po/POTFILES.in
 
 # List of additional files that we want to pick up in our POTFILES.in
 # This is all generated files for RPC code.
 generated_files = \
-  $(builddir)/src/*.[ch] \
-  $(builddir)/src/*/*.[ch]
+  $(top_builddir)/src/*.[ch] \
+  $(top_builddir)/src/*/*.[ch]
 
 _gl_translatable_string_re ?= \b(N?_|gettext *)\([^)"]*("|$$)
 
 # sc_po_check can fail if generated files are not built first
-sc_po_check: gen_source_files
+sc_po_check:
 	@if test -f $(po_file); then					\
 	  $(GREP) -E -v '^(#|$$)' $(po_file)				\
 	    | $(GREP) -v '^src/false\.c$$' | sort > $@-1;		\
 	  { $(VC_LIST_EXCEPT); echo $(generated_files); }		\
 	    | xargs perl $(perl_translatable_files_list_)		\
 	    | xargs $(GREP) -E -l '$(_gl_translatable_string_re)'	\
-	    | $(SED) 's|^$(_dot_escaped_srcdir)|@SRCDIR@|'		\
-	    | $(SED) 's|^$(_dot_escaped_builddir)|@BUILDDIR@|'		\
+	    | $(SED) 's|^$(_dot_escaped_builddir)/|@BUILDDIR@|'		\
+	    | $(SED) 's|^$(_dot_escaped_srcdir)/|@SRCDIR@|'		\
 	    | sort -u > $@-2;						\
 	  diff -u -L $(po_file) -L $(po_file) $@-1 $@-2			\
 	    || { printf '$(ME): '$(fix_po_file_diag) 1>&2; exit 1; };	\
 	  rm -f $@-1 $@-2;						\
 	fi
 
-# Check that 'make alpha' will not fail at the end of the process,
-# i.e., when pkg-M.N.tar.xz already exists (either in "." or in ../release)
-# and is read-only.
-writable-files:
-	$(AM_V_GEN)if test -d $(release_archive_dir); then		\
-	  for file in $(DIST_ARCHIVES); do				\
-	    for p in ./ $(release_archive_dir)/; do			\
-	      test -e $$p$$file || continue;				\
-	      test -w $$p$$file						\
-		|| { echo ERROR: $$p$$file is not writable; fail=1; };	\
-	    done;							\
-	  done;								\
-	  test "$$fail" && exit 1 || : ;				\
-	else :;								\
-	fi
-
-
-# BRE regex of file contents to identify a test script.
-_test_script_regex ?= \<init\.sh\>
-
-# In tests, use "compare expected actual", not the reverse.
-sc_prohibit_reversed_compare_failure:
-	@prohibit='\<compare [^ ]+ ([^ ]*exp|/dev/null)'		\
-	containing='$(_test_script_regex)'				\
-	halt='reversed compare arguments'				\
-	  $(_sc_search_regexp)
-
-# #if HAVE_... will evaluate to false for any non numeric string.
+# #if WITH_... will evaluate to false for any non numeric string.
 # That would be flagged by using -Wundef, however gnulib currently
 # tests many undefined macros, and so we can't enable that option.
 # So at least preclude common boolean strings as macro values.
@@ -1922,9 +1480,9 @@ sc_prohibit_path_max_allocation:
 	  $(_sc_search_regexp)
 
 ifneq ($(_gl-Makefile),)
-syntax-check: spacing-check test-wrap-argv \
-	prohibit-duplicate-header mock-noinline group-qemu-caps \
-        header-ifdef
+syntax-check: sc_spacing-check \
+	sc_prohibit-duplicate-header sc_mock-noinline sc_group-qemu-caps \
+        sc_header-ifdef
 	@if ! cppi --version >/dev/null 2>&1; then \
 		echo "*****************************************************" >&2; \
 		echo "* cppi not installed, some checks have been skipped *" >&2; \
@@ -1938,35 +1496,38 @@ syntax-check: spacing-check test-wrap-argv \
 endif
 
 # Don't include duplicate header in the source (either *.c or *.h)
-prohibit-duplicate-header:
+sc_prohibit-duplicate-header:
 	$(AM_V_GEN)$(VC_LIST_EXCEPT) | $(GREP) '\.[chx]$$' | $(RUNUTF8) xargs \
 	$(PYTHON) $(top_srcdir)/scripts/prohibit-duplicate-header.py
 
-spacing-check:
-	$(AM_V_GEN)$(VC_LIST) | $(GREP) '\.c$$' | xargs \
+sc_spacing-check:
+	$(AM_V_GEN)$(VC_LIST_EXCEPT) | $(GREP) '\.c$$' | xargs \
 	$(PERL) $(top_srcdir)/build-aux/check-spacing.pl || \
 	  { echo '$(ME): incorrect formatting' 1>&2; exit 1; }
 
-mock-noinline:
-	$(AM_V_GEN)$(VC_LIST) | $(GREP) '\.[ch]$$' | $(RUNUTF8) xargs \
+sc_mock-noinline:
+	$(AM_V_GEN)$(VC_LIST_EXCEPT) | $(GREP) '\.[ch]$$' | $(RUNUTF8) xargs \
 	$(PYTHON) $(top_srcdir)/scripts/mock-noinline.py
 
-header-ifdef:
-	$(AM_V_GEN)$(VC_LIST) | $(GREP) '\.[h]$$' | $(RUNUTF8) xargs \
+sc_header-ifdef:
+	$(AM_V_GEN)$(VC_LIST_EXCEPT) | $(GREP) '\.[h]$$' | $(RUNUTF8) xargs \
 	$(PYTHON) $(top_srcdir)/scripts/header-ifdef.py
 
-test-wrap-argv:
-	$(AM_V_GEN)$(VC_LIST) | $(GREP) -E '\.(ldargs|args)' | $(RUNUTF8) xargs \
-	$(PYTHON) $(top_srcdir)/scripts/test-wrap-argv.py --check
-
-group-qemu-caps:
+sc_group-qemu-caps:
 	$(AM_V_GEN)$(RUNUTF8) $(PYTHON) $(top_srcdir)/scripts/group-qemu-caps.py \
 		--check --prefix $(top_srcdir)/
 
+sc_prohibit_enum_impl_with_vir_prefix_in_virsh:
+	@prohibit='VIR_ENUM_(IMPL|DECL)\(vir[^s]'			\
+	in_vc_files='tools/virsh.*\.[ch]$$'					\
+	halt='avoid "vir" prefix for enums in virsh'				\
+	  $(_sc_search_regexp)
+
+
 # List all syntax-check exemptions:
 exclude_file_name_regexp--sc_avoid_strcase = ^tools/vsh\.h$$
 
-_src1=libvirt-stream|qemu/qemu_monitor|util/vir(command|file|fdstream)|rpc/virnetsocket|lxc/lxc_controller|locking/lock_daemon|logging/log_daemon
+_src1=libvirt-stream|qemu/qemu_monitor|util/vir(command|file|fdstream)|rpc/virnetsocket|lxc/lxc_controller|locking/lock_daemon|logging/log_daemon|remote/remote_ssh_helper
 _test1=shunloadtest|virnettlscontexttest|virnettlssessiontest|vircgroupmock|commandhelper
 exclude_file_name_regexp--sc_avoid_write = \
   ^(src/($(_src1))|tools/virsh-console|tests/($(_test1)))\.c$$
@@ -1975,9 +1536,6 @@ exclude_file_name_regexp--sc_bindtextdomain = .*
 
 exclude_file_name_regexp--sc_gettext_init = ^((tests|examples)/|tools/virt-login-shell.c|src/util/vireventglib\.c)
 
-exclude_file_name_regexp--sc_copyright_format = \
-	^build-aux/syntax-check\.mk$$
-
 exclude_file_name_regexp--sc_copyright_usage = \
   ^COPYING(|\.LESSER)|build-aux/syntax-check.mk$$
 
@@ -1989,17 +1547,8 @@ exclude_file_name_regexp--sc_libvirt_unmarked_diagnostics = \
 
 exclude_file_name_regexp--sc_po_check = ^(docs/|src/rpc/gendispatch\.pl$$|tests/commandtest.c$$)
 
-exclude_file_name_regexp--sc_prohibit_VIR_ERR_NO_MEMORY = \
-  ^(build-aux/syntax-check\.mk|include/libvirt/virterror\.h|src/remote/remote_daemon_dispatch\.c|src/util/virerror\.c|docs/internals/oomtesting\.html\.in)$$
-
-exclude_file_name_regexp--sc_makefile_TAB_only_indentation = \
-  ^build-aux/syntax-check\.mk$$
-
-exclude_file_name_regexp--sc_makefile_at_at_check = \
-  ^build-aux/syntax-check\.mk$$
-
 exclude_file_name_regexp--sc_prohibit_PATH_MAX = \
-	^build-aux/syntax-check\.mk$$
+	^(build-aux/syntax-check\.mk|tests/virfilemock.c)$$
 
 exclude_file_name_regexp--sc_prohibit_access_xok = \
 	^(src/util/virutil\.c)$$
@@ -2014,12 +1563,12 @@ exclude_file_name_regexp--sc_prohibit_close = \
   (\.p[yl]$$|\.spec\.in$$|^docs/|^(src/util/vir(file|event)\.c|src/libvirt-stream\.c|tests/(vir.+mock\.c|commandhelper\.c|qemusecuritymock\.c)|tools/nss/libvirt_nss_(leases|macs)\.c)$$)
 
 exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF = \
-  (^tests/(virhostcpu|virpcitest)data/|docs/js/.*\.js|docs/fonts/.*\.woff|\.diff|tests/virconfdata/no-newline\.conf$$)
+  (^tests/(nodedevmdevctl|virhostcpu|virpcitest)data/|docs/js/.*\.js|docs/fonts/.*\.woff|\.diff|tests/virconfdata/no-newline\.conf$$)
 
 exclude_file_name_regexp--sc_prohibit_fork_wrappers = \
   (^(src/(util/(vircommand|virdaemon)|lxc/lxc_controller)|tests/testutils)\.c$$)
 
-exclude_file_name_regexp--sc_prohibit_gethostname = ^src/util/vir(util|log)\.c$$
+exclude_file_name_regexp--sc_prohibit_gethostname = ^src/util/virutil\.c$$
 
 exclude_file_name_regexp--sc_prohibit_internal_functions = \
   ^src/(util/(viralloc|virutil|virfile)\.[hc]|esx/esx_vi\.c)$$
@@ -2040,7 +1589,7 @@ exclude_file_name_regexp--sc_prohibit_canonicalize_file_name = \
   ^(build-aux/syntax-check\.mk|tests/virfilemock\.c)$$
 
 exclude_file_name_regexp--sc_prohibit_raw_allocation = \
-  ^(docs/hacking\.html\.in|src/util/viralloc\.[ch]|examples/.*|tests/(securityselinuxhelper|(vircgroup|nss)mock|commandhelper)\.c|tools/wireshark/src/packet-libvirt\.c|tools/nss/libvirt_nss(_leases|_macs)?\.c|build-aux/useless-if-before-free)$$
+  ^(docs/advanced-tests\.rst|src/util/viralloc\.[ch]|examples/.*|tests/(securityselinuxhelper|(vircgroup|nss)mock|commandhelper)\.c|tools/wireshark/src/packet-libvirt\.c|tools/nss/libvirt_nss(_leases|_macs)?\.c)$$
 
 exclude_file_name_regexp--sc_prohibit_readlink = \
   ^src/(util/virutil|lxc/lxc_container)\.c$$
@@ -2048,7 +1597,7 @@ exclude_file_name_regexp--sc_prohibit_readlink = \
 exclude_file_name_regexp--sc_prohibit_setuid = ^src/util/virutil\.c|tools/virt-login-shell\.c$$
 
 exclude_file_name_regexp--sc_prohibit_snprintf = \
-  ^(build-aux/syntax-check\.mk|docs/hacking\.html\.in|tools/virt-login-shell\.c)$$
+  ^(build-aux/syntax-check\.mk|docs/coding-style\.rst|tools/virt-login-shell\.c)$$
 
 exclude_file_name_regexp--sc_prohibit_strtol = ^examples/.*$$
 
@@ -2056,7 +1605,7 @@ exclude_file_name_regexp--sc_prohibit_xmlGetProp = ^src/util/virxml\.c$$
 
 exclude_file_name_regexp--sc_prohibit_xmlURI = ^src/util/viruri\.c$$
 
-exclude_file_name_regexp--sc_prohibit_return_as_function = \.py|build-aux/useless-if-before-free$$
+exclude_file_name_regexp--sc_prohibit_return_as_function = \.py$$
 
 exclude_file_name_regexp--sc_require_config_h = \
 	^(examples/|tools/virsh-edit\.c$$|tests/virmockstathelpers.c)
@@ -2075,8 +1624,6 @@ exclude_file_name_regexp--sc_size_of_brackets = build-aux/syntax-check\.mk
 exclude_file_name_regexp--sc_correct_id_types = \
   (^src/locking/lock_protocol.x$$)
 
-exclude_file_name_regexp--sc_m4_quote_check = m4/virt-lib.m4
-
 exclude_file_name_regexp--sc_prohibit_include_public_headers_quote = \
   ^(src/internal\.h$$|tools/wireshark/src/packet-libvirt.c$$)
 
@@ -2096,13 +1643,13 @@ exclude_file_name_regexp--sc_prohibit_mixed_case_abbreviations = \
   ^src/(vbox/vbox_CAPI.*.h|esx/esx_vi.(c|h)|esx/esx_storage_backend_iscsi.c)$$
 
 exclude_file_name_regexp--sc_prohibit_empty_first_line = \
-  ^(src/esx/README|tests/(vmwarever|virhostcpu)data/.*)$$
+  ^tests/vmwareverdata/fusion-5.0.3.txt$$
 
 exclude_file_name_regexp--sc_prohibit_useless_translation = \
   ^tests/virpolkittest.c
 
 exclude_file_name_regexp--sc_prohibit_devname = \
-  ^(tools/virsh.pod|build-aux/syntax-check\.mk|docs/.*)$$
+  ^(tools/virsh.pod|build-aux/syntax-check\.mk|docs/.*|tests/qemucapabilitiesdata/.*)$$
 
 exclude_file_name_regexp--sc_prohibit_virXXXFree = \
   ^(docs/|tests/|examples/|tools/|build-aux/syntax-check\.mk|src/test/test_driver.c|src/libvirt_public.syms|include/libvirt/libvirt-(domain|network|nodedev|storage|stream|secret|nwfilter|interface|domain-snapshot).h|src/libvirt-(domain|qemu|network|nodedev|storage|stream|secret|nwfilter|interface|domain-snapshot).c|src/qemu/qemu_shim.c$$)
@@ -2127,3 +1674,6 @@ exclude_file_name_regexp--sc_prohibit_backslash_alignment = \
 
 exclude_file_name_regexp--sc_prohibit_select = \
   ^build-aux/syntax-check\.mk|src/util/vireventglibwatch\.c$$
+
+exclude_file_name_regexp--sc_prohibit_config_h_in_headers = \
+  ^config\.h$$

build-aux/useless-if-before-free

@@ -1,226 +0,0 @@
-#!/bin/sh
-#! -*-perl-*-
-
-# Detect instances of "if (p) free (p);".
-# Likewise "if (p != 0)", "if (0 != p)", or with NULL; and with braces.
-
-# Copyright (C) 2008-2019 Free Software Foundation, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <https://www.gnu.org/licenses/>.
-#
-# Written by Jim Meyering
-
-# This is a prologue that allows to run a perl script as an executable
-# on systems that are compliant to a POSIX version before POSIX:2017.
-# On such systems, the usual invocation of an executable through execlp()
-# or execvp() fails with ENOEXEC if it is a script that does not start
-# with a #! line.  The script interpreter mentioned in the #! line has
-# to be /bin/sh, because on GuixSD systems that is the only program that
-# has a fixed file name.  The second line is essential for perl and is
-# also useful for editing this file in Emacs.  The next two lines below
-# are valid code in both sh and perl.  When executed by sh, they re-execute
-# the script through the perl program found in $PATH.  The '-x' option
-# is essential as well; without it, perl would re-execute the script
-# through /bin/sh.  When executed by  perl, the next two lines are a no-op.
-eval 'exec perl -wSx "$0" "$@"'
-     if 0;
-
-my $VERSION = '2018-03-07 03:47'; # UTC
-# The definition above must lie within the first 8 lines in order
-# for the Emacs time-stamp write hook (at end) to update it.
-# If you change this file with Emacs, please let the write hook
-# do its job.  Otherwise, update this string manually.
-
-use strict;
-use warnings;
-use Getopt::Long;
-
-(my $ME = $0) =~ s|.*/||;
-
-# use File::Coda; # https://meyering.net/code/Coda/
-END {
-  defined fileno STDOUT or return;
-  close STDOUT and return;
-  warn "$ME: failed to close standard output: $!\n";
-  $? ||= 1;
-}
-
-sub usage ($)
-{
-  my ($exit_code) = @_;
-  my $STREAM = ($exit_code == 0 ? *STDOUT : *STDERR);
-  if ($exit_code != 0)
-    {
-      print $STREAM "Try '$ME --help' for more information.\n";
-    }
-  else
-    {
-      print $STREAM <<EOF;
-Usage: $ME [OPTIONS] FILE...
-
-Detect any instance in FILE of a useless "if" test before a free call, e.g.,
-"if (p) free (p);".  Any such test may be safely removed without affecting
-the semantics of the C code in FILE.  Use --name=FOO --name=BAR to also
-detect free-like functions named FOO and BAR.
-
-OPTIONS:
-
-   --list       print only the name of each matching FILE (\\0-terminated)
-   --name=N     add name N to the list of \'free\'-like functions to detect;
-                  may be repeated
-
-   --help       display this help and exit
-   --version    output version information and exit
-
-Exit status:
-
-  0   one or more matches
-  1   no match
-  2   an error
-
-EXAMPLE:
-
-For example, this command prints all removable "if" tests before "free"
-and "kfree" calls in the linux kernel sources:
-
-    git ls-files -z |xargs -0 $ME --name=kfree
-
-EOF
-    }
-  exit $exit_code;
-}
-
-sub is_NULL ($)
-{
-  my ($expr) = @_;
-  return ($expr eq 'NULL' || $expr eq '0');
-}
-
-{
-  sub EXIT_MATCH {0}
-  sub EXIT_NO_MATCH {1}
-  sub EXIT_ERROR {2}
-  my $err = EXIT_NO_MATCH;
-
-  my $list;
-  my @name = qw(free);
-  GetOptions
-    (
-     help => sub { usage 0 },
-     version => sub { print "$ME version $VERSION\n"; exit },
-     list => \$list,
-     'name=s@' => \@name,
-    ) or usage 1;
-
-  # Make sure we have the right number of non-option arguments.
-  # Always tell the user why we fail.
-  @ARGV < 1
-    and (warn "$ME: missing FILE argument\n"), usage EXIT_ERROR;
-
-  my $or = join '|', @name;
-  my $regexp = qr/(?:$or)/;
-
-  # Set the input record separator.
-  # Note: this makes it impractical to print line numbers.
-  $/ = '"';
-
-  my $found_match = 0;
- FILE:
-  foreach my $file (@ARGV)
-    {
-      open FH, '<', $file
-        or (warn "$ME: can't open '$file' for reading: $!\n"),
-          $err = EXIT_ERROR, next;
-      while (defined (my $line = <FH>))
-        {
-          # Skip non-matching lines early to save time
-          $line =~ /\bif\b/
-            or next;
-          while ($line =~
-              /\b(if\s*\(\s*([^)]+?)(?:\s*!=\s*([^)]+?))?\s*\)
-              #  1          2                  3
-               (?:   \s*$regexp\s*\((?:\s*\([^)]+\))?\s*([^)]+)\)\s*;|
-                \s*\{\s*$regexp\s*\((?:\s*\([^)]+\))?\s*([^)]+)\)\s*;\s*\}))/sxg)
-            {
-              my $all = $1;
-              my ($lhs, $rhs) = ($2, $3);
-              my ($free_opnd, $braced_free_opnd) = ($4, $5);
-              my $non_NULL;
-              if (!defined $rhs) { $non_NULL = $lhs }
-              elsif (is_NULL $rhs) { $non_NULL = $lhs }
-              elsif (is_NULL $lhs) { $non_NULL = $rhs }
-              else { next }
-
-              # Compare the non-NULL part of the "if" expression and the
-              # free'd expression, without regard to white space.
-              $non_NULL =~ tr/ \t//d;
-              my $e2 = defined $free_opnd ? $free_opnd : $braced_free_opnd;
-              $e2 =~ tr/ \t//d;
-              if ($non_NULL eq $e2)
-                {
-                  $found_match = 1;
-                  $list
-                    and (print "$file\0"), next FILE;
-                  print "$file: $all\n";
-                }
-            }
-        }
-    }
-  continue
-    {
-      close FH;
-    }
-
-  $found_match && $err == EXIT_NO_MATCH
-    and $err = EXIT_MATCH;
-
-  exit $err;
-}
-
-my $foo = <<'EOF';
-# The above is to *find* them.
-# This adjusts them, removing the unnecessary "if (p)" part.
-
-# FIXME: do something like this as an option (doesn't do braces):
-free=xfree
-git grep -l -z "$free *(" \
-  | xargs -0 useless-if-before-free -l --name="$free" \
-  | xargs -0 perl -0x3b -pi -e \
-   's/\bif\s*\(\s*(\S+?)(?:\s*!=\s*(?:0|NULL))?\s*\)\s+('"$free"'\s*\((?:\s*\([^)]+\))?\s*\1\s*\)\s*;)/$2/s'
-
-# Use the following to remove redundant uses of kfree inside braces.
-# Note that -0777 puts perl in slurp-whole-file mode;
-# but we have plenty of memory, these days...
-free=kfree
-git grep -l -z "$free *(" \
-  | xargs -0 useless-if-before-free -l --name="$free" \
-  | xargs -0 perl -0777 -pi -e \
-     's/\bif\s*\(\s*(\S+?)(?:\s*!=\s*(?:0|NULL))?\s*\)\s*\{\s*('"$free"'\s*\((?:\s*\([^)]+\))?\s*\1\s*\);)\s*\}[^\n]*$/$2/gms'
-
-Be careful that the result of the above transformation is valid.
-If the matched string is followed by "else", then obviously, it won't be.
-
-When modifying files, refuse to process anything other than a regular file.
-EOF
-
-## Local Variables:
-## mode: perl
-## indent-tabs-mode: nil
-## eval: (add-hook 'before-save-hook 'time-stamp)
-## time-stamp-line-limit: 50
-## time-stamp-start: "my $VERSION = '"
-## time-stamp-format: "%:y-%02m-%02d %02H:%02M"
-## time-stamp-time-zone: "UTC0"
-## time-stamp-end: "'; # UTC"
-## End:

build-aux/vc-list-files

@@ -1,113 +0,0 @@
-#!/bin/sh
-# List version-controlled file names.
-
-# Print a version string.
-scriptversion=2018-03-07.03; # UTC
-
-# Copyright (C) 2006-2019 Free Software Foundation, Inc.
-
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-
-# List the specified version-controlled files.
-# With no argument, list them all.  With a single DIRECTORY argument,
-# list the version-controlled files in that directory.
-
-# If there's an argument, it must be a single, "."-relative directory name.
-# cvsu is part of the cvsutils package: http://www.red-bean.com/cvsutils/
-
-postprocess=
-case $1 in
-  --help) cat <<EOF
-Usage: $0 [-C SRCDIR] [DIR...]
-
-Output a list of version-controlled files in DIR (default .), relative to
-SRCDIR (default .).  SRCDIR must be the top directory of a checkout.
-
-Options:
-  --help     print this help, then exit
-  --version  print version number, then exit
-  -C SRCDIR  change directory to SRCDIR before generating list
-
-Report bugs and patches to <bug-gnulib@gnu.org>.
-EOF
-    exit ;;
-
-  --version)
-    year=`echo "$scriptversion" | sed 's/[^0-9].*//'`
-    cat <<EOF
-vc-list-files $scriptversion
-Copyright (C) $year Free Software Foundation, Inc,
-License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
-This is free software: you are free to change and redistribute it.
-There is NO WARRANTY, to the extent permitted by law.
-EOF
-    exit ;;
-
-  -C)
-    test "$2" = . || postprocess="| sed 's|^|$2/|'"
-    cd "$2" || exit 1
-    shift; shift ;;
-esac
-
-test $# = 0 && set .
-
-for dir
-do
-  if test -d .git || test -f .git; then
-    test "x$dir" = x. \
-      && dir= sed_esc= \
-      || { dir="$dir/"; sed_esc=`echo "$dir"|env sed 's,\([\\/]\),\\\\\1,g'`; }
-    # Ignore git symlinks - either they point into the tree, in which case
-    # we don't need to visit the target twice, or they point somewhere
-    # else (often into a submodule), in which case the content does not
-    # belong to this package.
-    eval exec git ls-tree -r 'HEAD:"$dir"' \
-      \| sed -n '"s/^100[^	]*./$sed_esc/p"' $postprocess
-  elif test -d .hg; then
-    eval exec hg locate '"$dir/*"' $postprocess
-  elif test -d .bzr; then
-    test "$postprocess" = '' && postprocess="| sed 's|^\./||'"
-    eval exec bzr ls -R --versioned '"$dir"' $postprocess
-  elif test -d CVS; then
-    test "$postprocess" = '' && postprocess="| sed 's|^\./||'"
-    if test -x build-aux/cvsu; then
-      eval build-aux/cvsu --find --types=AFGM '"$dir"' $postprocess
-    elif (cvsu --help) >/dev/null 2>&1; then
-      eval cvsu --find --types=AFGM '"$dir"' $postprocess
-    else
-      eval awk -F/ \''{			\
-          if (!$1 && $3 !~ /^-/) {	\
-            f=FILENAME;			\
-            if (f ~ /CVS\/Entries$/)	\
-              f = substr(f, 1, length(f)-11); \
-            print f $2;			\
-          }}'\''				\
-        `find "$dir" -name Entries -print` /dev/null' $postprocess
-    fi
-  elif test -d .svn; then
-    eval exec svn list -R '"$dir"' $postprocess
-  else
-    echo "$0: Failed to determine type of version control used in `pwd`" 1>&2
-    exit 1
-  fi
-done
-
-# Local variables:
-# eval: (add-hook 'before-save-hook 'time-stamp)
-# time-stamp-start: "scriptversion="
-# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC0"
-# time-stamp-end: "; # UTC"
-# End:

ci/Makefile

@@ -20,37 +20,13 @@ CI_HOST_SRCDIR = $(CI_SCRATCHDIR)/src
 # the $(CI_HOST_SRCDIR) directory from the host
 CI_CONT_SRCDIR = $(CI_USER_HOME)/libvirt
 
-# Relative directory to perform the build in. This
-# defaults to using a separate build dir, but can be
-# set to empty string for an in-source tree build.
-CI_VPATH = build
-
-# The directory holding the build output inside the
-# container.
-CI_CONT_BUILDDIR = $(CI_CONT_SRCDIR)/$(CI_VPATH)
-
-# Can be overridden with mingw{32,64}-configure if desired
-CI_CONFIGURE = $(CI_CONT_SRCDIR)/configure
-
-# Default to using all possible CPUs
-CI_SMP = $(shell getconf _NPROCESSORS_ONLN)
-
-# Any extra arguments to pass to make
-CI_MAKE_ARGS =
-
-# Any extra arguments to pass to configure
-CI_CONFIGURE_ARGS =
-
-# Script containing environment preparation steps
-CI_PREPARE_SCRIPT = $(CI_ROOTDIR)/prepare.sh
-
 # Script containing build instructions
 CI_BUILD_SCRIPT = $(CI_ROOTDIR)/build.sh
 
 # Location of the container images we're going to pull
-# Can be useful to overridde to use a locally built
+# Can be useful to override to use a locally built
 # image instead
-CI_IMAGE_PREFIX = quay.io/libvirt/buildenv-libvirt-
+CI_IMAGE_PREFIX = registry.gitlab.com/libvirt/libvirt/ci-
 
 # The default tag is ':latest' but if the container
 # repo above uses different conventions this can override it
@@ -66,15 +42,15 @@ CI_CLEAN = 1
 # preserved env
 CI_REUSE = 0
 
-# We need the container process to run with current host IDs
-# so that it can access the passed in build directory
-CI_UID = $(shell id -u)
-CI_GID = $(shell id -g)
-
-# We also need the user's login and home directory to prepare the
+# We need the user's login and home directory to prepare the
 # environment the way some programs expect it
-CI_USER_LOGIN = $(shell echo "$$USER")
-CI_USER_HOME = $(shell echo "$$HOME")
+CI_USER_LOGIN = $(shell whoami)
+CI_USER_HOME = $(shell eval echo "~$(CI_USER_LOGIN)")
+
+# We also need the container process to run with current host IDs
+# so that it can access the passed in build directory
+CI_UID = $(shell id -u "$(CI_USER_LOGIN)")
+CI_GID = $(shell id -g "$(CI_USER_LOGIN)")
 
 CI_ENGINE = auto
 # Container engine we are going to use, can be overridden per make
@@ -85,7 +61,7 @@ endif
 
 # IDs you run as do not need to exist in
 # the container's /etc/passwd & /etc/group files, but
-# if they do not, then libvirt's 'make check' will fail
+# if they do not, then libvirt's 'ninja test' will fail
 # many tests.
 
 # We do not directly mount /etc/{passwd,group} as Docker
@@ -103,7 +79,6 @@ CI_HOME_MOUNTS = \
 	$(NULL)
 
 CI_SCRIPT_MOUNTS = \
-	--volume $(CI_SCRATCHDIR)/prepare:$(CI_USER_HOME)/prepare:z \
 	--volume $(CI_SCRATCHDIR)/build:$(CI_USER_HOME)/build:z \
 	$(NULL)
 
@@ -146,14 +121,16 @@ ifeq ($(CI_ENGINE),podman)
 	CI_UID_OTHER_RANGE = $(shell echo $$(($(CI_MAX_UID)-$(CI_UID))))
 	CI_GID_OTHER_RANGE = $(shell echo $$(($(CI_MAX_GID)-$(CI_GID))))
 
-	CI_PODMAN_ARGS = \
-		--uidmap 0:1:$(CI_UID) \
-		--uidmap $(CI_UID):0:1 \
-		--uidmap $(CI_UID_OTHER):$(CI_UID_OTHER):$(CI_UID_OTHER_RANGE) \
-		--gidmap 0:1:$(CI_GID) \
-		--gidmap $(CI_GID):0:1 \
-		--gidmap $(CI_GID_OTHER):$(CI_GID_OTHER):$(CI_GID_OTHER_RANGE) \
-		$(NULL)
+	ifneq ($(CI_UID), 0)
+		CI_PODMAN_ARGS = \
+			--uidmap 0:1:$(CI_UID) \
+			--uidmap $(CI_UID):0:1 \
+			--uidmap $(CI_UID_OTHER):$(CI_UID_OTHER):$(CI_UID_OTHER_RANGE) \
+			--gidmap 0:1:$(CI_GID) \
+			--gidmap $(CI_GID):0:1 \
+			--gidmap $(CI_GID_OTHER):$(CI_GID_OTHER):$(CI_GID_OTHER_RANGE) \
+			$(NULL)
+	endif
 endif
 
 # Args to use when cloning a git repo.
@@ -171,6 +148,8 @@ CI_GIT_ARGS = \
 #   --user    we execute as the same user & group account
 #             as dev so that file ownership matches host
 #             instead of root:root
+#   --workdir we change to user's home dir in the container
+#             before running the workload
 #   --volume  to pass in the cloned git repo & config
 #   --ulimit  lower files limit for performance reasons
 #   --interactive
@@ -179,6 +158,11 @@ CI_ENGINE_ARGS = \
 	--rm \
 	--interactive \
 	--tty \
+	--user "$(CI_UID)":"$(CI_GID)" \
+	--workdir "$(CI_USER_HOME)" \
+	--env CI_CONT_SRCDIR="$(CI_CONT_SRCDIR)" \
+	--env CI_MESON_ARGS="$(CI_MESON_ARGS)" \
+	--env CI_NINJA_ARGS="$(CI_NINJA_ARGS)" \
 	$(CI_PODMAN_ARGS) \
 	$(CI_PWDB_MOUNTS) \
 	$(CI_HOME_MOUNTS) \
@@ -199,9 +183,8 @@ ci-prepare-tree: ci-check-engine
 		cp /etc/passwd $(CI_SCRATCHDIR); \
 		cp /etc/group $(CI_SCRATCHDIR); \
 		mkdir -p $(CI_SCRATCHDIR)/home; \
-		cp "$(CI_PREPARE_SCRIPT)" $(CI_SCRATCHDIR)/prepare; \
 		cp "$(CI_BUILD_SCRIPT)" $(CI_SCRATCHDIR)/build; \
-		chmod +x "$(CI_SCRATCHDIR)/prepare" "$(CI_SCRATCHDIR)/build"; \
+		chmod +x "$(CI_SCRATCHDIR)/build"; \
 		echo "Cloning $(CI_GIT_ROOT) to $(CI_HOST_SRCDIR)"; \
 		git clone $(CI_GIT_ARGS) $(CI_GIT_ROOT) $(CI_HOST_SRCDIR) || exit 1; \
 		for mod in $$(git submodule | awk '{ print $$2 }' | sed -E 's,^../,,g') ; \
@@ -213,21 +196,10 @@ ci-prepare-tree: ci-check-engine
 	fi
 
 ci-run-command@%: ci-prepare-tree
-	$(CI_ENGINE) run $(CI_ENGINE_ARGS) $(CI_IMAGE_PREFIX)$*$(CI_IMAGE_TAG) \
-		/bin/bash -c ' \
-		$(CI_USER_HOME)/prepare || exit 1; \
-		sudo \
-		  --login \
-		  --user="#$(CI_UID)" \
-		  --group="#$(CI_GID)" \
-		  CONFIGURE_OPTS="$$CONFIGURE_OPTS" \
-		  CI_CONT_SRCDIR="$(CI_CONT_SRCDIR)" \
-		  CI_CONT_BUILDDIR="$(CI_CONT_BUILDDIR)" \
-		  CI_SMP="$(CI_SMP)" \
-		  CI_CONFIGURE="$(CI_CONFIGURE)" \
-		  CI_CONFIGURE_ARGS="$(CI_CONFIGURE_ARGS)" \
-		  CI_MAKE_ARGS="$(CI_MAKE_ARGS)" \
-		  $(CI_COMMAND) || exit 1'
+	$(CI_ENGINE) run \
+		$(CI_ENGINE_ARGS) \
+		$(CI_IMAGE_PREFIX)$*$(CI_IMAGE_TAG) \
+		$(CI_COMMAND)
 	@test "$(CI_CLEAN)" = "1" && rm -rf $(CI_SCRATCHDIR) || :
 
 ci-shell@%:
@@ -236,34 +208,38 @@ ci-shell@%:
 ci-build@%:
 	$(MAKE) -C $(CI_ROOTDIR) ci-run-command@$* CI_COMMAND="$(CI_USER_HOME)/build"
 
-ci-check@%:
-	$(MAKE) -C $(CI_ROOTDIR) ci-build@$* CI_MAKE_ARGS="check"
-
-ci-list-images:
-	@echo
-	@echo "Available x86 container images:"
-	@echo
-	@sh list-images.sh "$(CI_ENGINE)" "$(CI_IMAGE_PREFIX)" | grep -v cross
-	@echo
-	@echo "Available cross-compiler container images:"
-	@echo
-	@sh list-images.sh "$(CI_ENGINE)" "$(CI_IMAGE_PREFIX)" | grep cross
-	@echo
+ci-test@%:
+	$(MAKE) -C $(CI_ROOTDIR) ci-build@$* CI_NINJA_ARGS=test
 
 ci-help:
+	@echo
+	@echo
+	@echo
+	@echo "      !!!  PLEASE DON'T USE THIS DIRECTLY  !!!"
+	@echo
+	@echo "          Use the ci/helper script instead"
+	@echo
+	@echo "      !!!  PLEASE DON'T USE THIS DIRECTLY  !!!"
+	@echo
+	@echo
+	@echo
 	@echo "Build libvirt inside containers used for CI"
 	@echo
 	@echo "Available targets:"
 	@echo
-	@echo "    ci-build@\$$IMAGE - run a default 'make'"
-	@echo "    ci-check@\$$IMAGE - run a 'make check'"
+	@echo "    ci-build@\$$IMAGE - run a default 'ninja' build"
+	@echo "    ci-test@\$$IMAGE  - run a 'ninja test'"
 	@echo "    ci-shell@\$$IMAGE - run an interactive shell"
-	@echo "    ci-list-images  - list available images"
 	@echo "    ci-help         - show this help message"
 	@echo
 	@echo "Available make variables:"
 	@echo
-	@echo "    CI_CLEAN=0     - do not delete '$(CI_SCRATCHDIR)' after completion"
-	@echo "    CI_REUSE=1     - re-use existing '$(CI_SCRATCHDIR)' content"
-	@echo "    CI_ENGINE=auto - container engine to use (podman, docker)"
+	@echo "    CI_CLEAN=0              - do not delete '$(CI_SCRATCHDIR)' after completion"
+	@echo "    CI_REUSE=1              - re-use existing '$(CI_SCRATCHDIR)' content"
+	@echo "    CI_ENGINE=auto          - container engine to use (podman, docker)"
+	@echo "    CI_USER_LOGIN=          - which user should run in the container (default is $$USER)"
+	@echo "    CI_IMAGE_PREFIX=        - override to prefer a locally built image, (default is $(CI_IMAGE_PREFIX))"
+	@echo "    CI_IMAGE_TAG=:latest    - optionally use in conjunction with 'CI_IMAGE_PREFIX'"
+	@echo "    CI_MESON_ARGS=          - extra arguments passed to meson"
+	@echo "    CI_NINJA_ARGS=          - extra arguments passed to ninja"
 	@echo

ci/README.rst

@@ -0,0 +1,65 @@
+==============
+CI for libvirt
+==============
+
+This document provides some information related to the CI capabilities for the
+libvirt project.
+
+
+Cirrus CI integration
+=====================
+
+libvirt currently supports three non-Linux operating systems: Windows, FreeBSD
+and macOS. Windows cross-builds can be prepared on Linux by using `MinGW`_, but
+for both FreeBSD and macOS we need to use the actual operating system, and
+unfortunately GitLab shared runners are currently not available for either.
+
+To work around this limitation, we take advantage of `Cirrus CI`_'s free
+offering: more specifically, we use the `cirrus-run`_ script to trigger Cirrus
+CI jobs from GitLab CI jobs so that the workaround is almost entirely
+transparent to users and there's no need to constantly check two separate CI
+dashboards.
+
+There is, however, some one-time setup required. If you want FreeBSD and macOS
+builds to happen when you push to your GitLab repository, you need to
+
+* set up a GitHub repository for the project, eg. ``yourusername/libvirt``.
+  This repository needs to exist for cirrus-run to work, but it doesn't need to
+  be kept up to date, so you can create it and then forget about it;
+
+* enable the `Cirrus CI GitHub app`_  for your GitHub account;
+
+* sign up for Cirrus CI. It's enough to log into the website using your GitHub
+  account;
+
+* grab an API token from the `Cirrus CI settings`_ page;
+
+* it may be necessary to push an empty ``.cirrus.yml`` file to your github fork
+  for Cirrus CI to properly recognize the project. You can check whether
+  Cirrus CI knows about your project by navigating to:
+
+  ``https://cirrus-ci.com/yourusername/libvirt``
+
+* in the *CI/CD / Variables* section of the settings page for your GitLab
+  repository, create two new variables:
+
+  * ``CIRRUS_GITHUB_REPO``, containing the name of the GitHub repository
+    created earlier, eg. ``yourusername/libvirt``;
+
+  * ``CIRRUS_API_TOKEN``, containing the Cirrus CI API token generated earlier.
+    This variable **must** be marked as *Masked*, because anyone with knowledge
+    of it can impersonate you as far as Cirrus CI is concerned.
+
+  Neither of these variables should be marked as *Protected*, because in
+  general you'll want to be able to trigger Cirrus CI builds from non-protected
+  branches.
+
+Once this one-time setup is complete, you can just keep pushing to your GitLab
+repository as usual and you'll automatically get the additional CI coverage.
+
+
+.. _Cirrus CI GitHub app: https://github.com/marketplace/cirrus-ci
+.. _Cirrus CI settings: https://cirrus-ci.com/settings/profile/
+.. _Cirrus CI: https://cirrus-ci.com/
+.. _MinGW: http://mingw.org/
+.. _cirrus-run: https://github.com/sio/cirrus-run/

ci/build.sh

@@ -1,3 +1,5 @@
+#!/bin/sh
+
 # This script is used to build libvirt inside the container.
 #
 # You can customize it to your liking, or alternatively use a
@@ -7,32 +9,15 @@
 #
 # to make.
 
-mkdir -p "$CI_CONT_BUILDDIR" || exit 1
-cd "$CI_CONT_BUILDDIR"
+cd "$CI_CONT_SRCDIR"
 
 export VIR_TEST_DEBUG=1
-NOCONFIGURE=1 "$CI_CONT_SRCDIR/autogen.sh" || exit 1
 
-# $CONFIGURE_OPTS is a env that can optionally be set in the container,
+# $MESON_OPTS is an env that can optionally be set in the container,
 # populated at build time from the Dockerfile. A typical use case would
-# be to pass --host/--target args to trigger cross-compilation
-#
-# This can be augmented by make local args in $CI_CONFIGURE_ARGS
-"$CI_CONFIGURE" $CONFIGURE_OPTS $CI_CONFIGURE_ARGS
-if test $? != 0; then
-    test -f config.log && cat config.log
-    exit 1
-fi
-find -name test-suite.log -delete
+# be to pass options to trigger cross-compilation
 
-make -j"$CI_SMP" $CI_MAKE_ARGS
+meson build --werror $MESON_OPTS $CI_MESON_ARGS || \
+(cat build/meson-logs/meson-log.txt && exit 1)
 
-if test $? != 0; then \
-    LOGS=$(find -name test-suite.log)
-    if test "$LOGS"; then
-        echo "=== LOG FILE(S) START ==="
-        cat $LOGS
-        echo "=== LOG FILE(S) END ==="
-    fi
-    exit 1
-fi
+ninja -C build $CI_NINJA_ARGS

ci/cirrus/build.yml

@@ -0,0 +1,29 @@
+@CIRRUS_VM_INSTANCE_TYPE@:
+  @CIRRUS_VM_IMAGE_SELECTOR@: @CIRRUS_VM_IMAGE_NAME@
+
+env:
+  CI_REPOSITORY_URL: "@CI_REPOSITORY_URL@"
+  CI_COMMIT_REF_NAME: "@CI_COMMIT_REF_NAME@"
+  CI_COMMIT_SHA: "@CI_COMMIT_SHA@"
+  PATH: "@PATH@"
+  PKG_CONFIG_PATH: "@PKG_CONFIG_PATH@"
+  PYTHON: "@PYTHON@"
+  MAKE: "@MAKE@"
+  VIR_TEST_VERBOSE: "1"
+  VIR_TEST_DEBUG: "1"
+
+build_task:
+  install_script:
+    - @UPDATE_COMMAND@
+    - @UPGRADE_COMMAND@
+    - @INSTALL_COMMAND@ @PKGS@
+    - if test -n "@PYPI_PKGS@" ; then @PIP3@ install @PYPI_PKGS@ ; fi
+  clone_script:
+    - git clone --depth 100 "$CI_REPOSITORY_URL" .
+    - git fetch origin "$CI_COMMIT_REF_NAME"
+    - git reset --hard "$CI_COMMIT_SHA"
+  build_script:
+    - meson setup build
+    - meson dist -C build --no-tests
+    - meson compile -C build
+    - meson test -C build --no-suite syntax-check

ci/cirrus/freebsd-12.vars

@@ -0,0 +1,13 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool variables freebsd-12 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/a47008f1a77f92176b30729480347bdf0f372068
+
+PACKAGING_COMMAND='pkg'
+CCACHE='/usr/local/bin/ccache'
+MAKE='/usr/local/bin/gmake'
+NINJA='/usr/local/bin/ninja'
+PYTHON='/usr/local/bin/python3'
+PIP3='/usr/local/bin/pip-3.7'
+PKGS='augeas avahi bash-completion ca_root_nss ccache cppi curl cyrus-sasl dbus diffutils diskscrub dnsmasq fusefs-libs gettext git glib gmake gnugrep gnutls gsed libpcap libpciaccess libssh libssh2 libxml2 libxslt meson ninja perl5 pkgconf polkit py38-docutils py38-flake8 python3 qemu radvd readline yajl'

ci/cirrus/freebsd-13.vars

@@ -0,0 +1,13 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool variables freebsd-13 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/a47008f1a77f92176b30729480347bdf0f372068
+
+PACKAGING_COMMAND='pkg'
+CCACHE='/usr/local/bin/ccache'
+MAKE='/usr/local/bin/gmake'
+NINJA='/usr/local/bin/ninja'
+PYTHON='/usr/local/bin/python3'
+PIP3='/usr/local/bin/pip-3.7'
+PKGS='augeas avahi bash-completion ca_root_nss ccache cppi curl cyrus-sasl dbus diffutils diskscrub dnsmasq fusefs-libs gettext git glib gmake gnugrep gnutls gsed libpcap libpciaccess libssh libssh2 libxml2 libxslt meson ninja perl5 pkgconf polkit py38-docutils py38-flake8 python3 qemu radvd readline yajl'

ci/cirrus/freebsd-current.vars

@@ -0,0 +1,13 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool variables freebsd-current libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/a47008f1a77f92176b30729480347bdf0f372068
+
+PACKAGING_COMMAND='pkg'
+CCACHE='/usr/local/bin/ccache'
+MAKE='/usr/local/bin/gmake'
+NINJA='/usr/local/bin/ninja'
+PYTHON='/usr/local/bin/python3'
+PIP3='/usr/local/bin/pip-3.7'
+PKGS='augeas avahi bash-completion ca_root_nss ccache cppi curl cyrus-sasl dbus diffutils diskscrub dnsmasq fusefs-libs gettext git glib gmake gnugrep gnutls gsed libpcap libpciaccess libssh libssh2 libxml2 libxslt meson ninja perl5 pkgconf polkit py38-docutils py38-flake8 python3 qemu radvd readline yajl'

ci/cirrus/macos-11.vars

@@ -0,0 +1,13 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool variables macos-11 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/a47008f1a77f92176b30729480347bdf0f372068
+
+PACKAGING_COMMAND='brew'
+CCACHE='/usr/local/bin/ccache'
+MAKE='/usr/local/bin/gmake'
+NINJA='/usr/local/bin/ninja'
+PYTHON='/usr/local/bin/python3'
+PIP3='/usr/local/bin/pip3'
+PKGS='augeas bash-completion ccache cppi curl dbus diffutils dnsmasq docutils flake8 gettext git glib gnu-sed gnutls grep libiscsi libpcap libssh libssh2 libxml2 libxslt make meson ninja perl pkg-config python3 qemu readline rpcgen scrub yajl'

ci/containers/README.rst

@@ -0,0 +1,36 @@
+CI job assets
+=============
+
+This directory contains assets used in the automated CI jobs, most
+notably the Dockerfiles used to build container images in which the
+CI jobs then run.
+
+The ``refresh`` script is used to re-create the Dockerfiles using the
+``lcitool`` command that is provided by repo
+https://gitlab.com/libvirt/libvirt-ci
+
+The containers are built during the CI process and cached in the GitLab
+container registry of the project doing the build. The cached containers
+can be deleted at any time and will be correctly rebuilt.
+
+
+Coverity scan integration
+=========================
+
+This will be used only by the main repository for master branch by running
+scheduled pipeline in GitLab.
+
+The service is proved by `Coverity Scan`_ and requires that the project is
+registered there to get free coverity analysis which we already have for
+`libvirt project`_.
+
+To run the coverity job it requires two new variables:
+
+  * ``COVERITY_SCAN_PROJECT_NAME``, containing the `libvirt project`_
+    name.
+
+  * ``COVERITY_SCAN_TOKEN``, token visible to admins of `libvirt project`_
+
+
+.. _Coverity Scan: https://scan.coverity.com/
+.. _libvirt project: https://scan.coverity.com/projects/libvirt

ci/containers/centos-8.Dockerfile

@@ -0,0 +1,110 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile centos-8 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/1d4e10a04c6a0d29302003244a9dc4dc3c9d06f0
+
+FROM docker.io/library/centos:8
+
+RUN dnf update -y && \
+    dnf install 'dnf-command(config-manager)' -y && \
+    dnf config-manager --set-enabled -y powertools && \
+    dnf install -y centos-release-advanced-virtualization && \
+    dnf install -y epel-release && \
+    dnf install -y \
+        audit-libs-devel \
+        augeas \
+        avahi-devel \
+        bash-completion \
+        ca-certificates \
+        ccache \
+        clang \
+        cpp \
+        cyrus-sasl-devel \
+        dbus-devel \
+        device-mapper-devel \
+        diffutils \
+        dnsmasq \
+        dwarves \
+        ebtables \
+        firewalld-filesystem \
+        fuse-devel \
+        gcc \
+        gettext \
+        git \
+        glib2-devel \
+        glibc-devel \
+        glibc-langpack-en \
+        glusterfs-api-devel \
+        gnutls-devel \
+        grep \
+        iproute \
+        iproute-tc \
+        iptables \
+        iscsi-initiator-utils \
+        kmod \
+        libacl-devel \
+        libattr-devel \
+        libblkid-devel \
+        libcap-ng-devel \
+        libcurl-devel \
+        libiscsi-devel \
+        libnl3-devel \
+        libpcap-devel \
+        libpciaccess-devel \
+        librbd-devel \
+        libselinux-devel \
+        libssh-devel \
+        libssh2-devel \
+        libtirpc-devel \
+        libudev-devel \
+        libwsman-devel \
+        libxml2 \
+        libxml2-devel \
+        libxslt \
+        lvm2 \
+        make \
+        netcf-devel \
+        nfs-utils \
+        ninja-build \
+        numactl-devel \
+        numad \
+        parted \
+        parted-devel \
+        perl \
+        pkgconfig \
+        polkit \
+        python3 \
+        python3-docutils \
+        python3-flake8 \
+        python3-pip \
+        python3-setuptools \
+        python3-wheel \
+        qemu-img \
+        radvd \
+        readline-devel \
+        rpcgen \
+        rpm-build \
+        sanlock-devel \
+        scrub \
+        sed \
+        systemtap-sdt-devel \
+        wireshark-devel \
+        xfsprogs-devel \
+        yajl-devel && \
+    dnf autoremove -y && \
+    dnf clean all -y && \
+    rpm -qa | sort > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/clang && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/gcc
+
+RUN pip3 install \
+         meson==0.56.0
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

ci/containers/centos-stream-8.Dockerfile

@@ -0,0 +1,110 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile centos-stream-8 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/1d4e10a04c6a0d29302003244a9dc4dc3c9d06f0
+
+FROM quay.io/centos/centos:stream8
+
+RUN dnf update -y && \
+    dnf install 'dnf-command(config-manager)' -y && \
+    dnf config-manager --set-enabled -y powertools && \
+    dnf install -y centos-release-advanced-virtualization && \
+    dnf install -y epel-release && \
+    dnf install -y \
+        audit-libs-devel \
+        augeas \
+        avahi-devel \
+        bash-completion \
+        ca-certificates \
+        ccache \
+        clang \
+        cpp \
+        cyrus-sasl-devel \
+        dbus-devel \
+        device-mapper-devel \
+        diffutils \
+        dnsmasq \
+        dwarves \
+        ebtables \
+        firewalld-filesystem \
+        fuse-devel \
+        gcc \
+        gettext \
+        git \
+        glib2-devel \
+        glibc-devel \
+        glibc-langpack-en \
+        glusterfs-api-devel \
+        gnutls-devel \
+        grep \
+        iproute \
+        iproute-tc \
+        iptables \
+        iscsi-initiator-utils \
+        kmod \
+        libacl-devel \
+        libattr-devel \
+        libblkid-devel \
+        libcap-ng-devel \
+        libcurl-devel \
+        libiscsi-devel \
+        libnl3-devel \
+        libpcap-devel \
+        libpciaccess-devel \
+        librbd-devel \
+        libselinux-devel \
+        libssh-devel \
+        libssh2-devel \
+        libtirpc-devel \
+        libudev-devel \
+        libwsman-devel \
+        libxml2 \
+        libxml2-devel \
+        libxslt \
+        lvm2 \
+        make \
+        netcf-devel \
+        nfs-utils \
+        ninja-build \
+        numactl-devel \
+        numad \
+        parted \
+        parted-devel \
+        perl \
+        pkgconfig \
+        polkit \
+        python3 \
+        python3-docutils \
+        python3-flake8 \
+        python3-pip \
+        python3-setuptools \
+        python3-wheel \
+        qemu-img \
+        radvd \
+        readline-devel \
+        rpcgen \
+        rpm-build \
+        sanlock-devel \
+        scrub \
+        sed \
+        systemtap-sdt-devel \
+        wireshark-devel \
+        xfsprogs-devel \
+        yajl-devel && \
+    dnf autoremove -y && \
+    dnf clean all -y && \
+    rpm -qa | sort > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/clang && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/gcc
+
+RUN pip3 install \
+         meson==0.56.0
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

ci/containers/debian-10-cross-aarch64.Dockerfile

@@ -0,0 +1,132 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross aarch64 debian-10 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/1d4e10a04c6a0d29302003244a9dc4dc3c9d06f0
+
+FROM docker.io/library/debian:10-slim
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    apt-get update && \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
+            augeas-lenses \
+            augeas-tools \
+            bash-completion \
+            ca-certificates \
+            ccache \
+            cpp \
+            diffutils \
+            dnsmasq-base \
+            dwarves \
+            ebtables \
+            flake8 \
+            gettext \
+            git \
+            grep \
+            iproute2 \
+            iptables \
+            kmod \
+            libc-dev-bin \
+            libxml2-utils \
+            locales \
+            lvm2 \
+            make \
+            nfs-common \
+            ninja-build \
+            numad \
+            open-iscsi \
+            parted \
+            perl-base \
+            pkgconf \
+            policykit-1 \
+            python3 \
+            python3-docutils \
+            python3-pip \
+            python3-setuptools \
+            python3-wheel \
+            qemu-utils \
+            radvd \
+            scrub \
+            sed \
+            xsltproc \
+            zfs-fuse && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
+    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/aarch64-linux-gnu-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/aarch64-linux-gnu-gcc
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    dpkg --add-architecture arm64 && \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
+            gcc-aarch64-linux-gnu \
+            libacl1-dev:arm64 \
+            libapparmor-dev:arm64 \
+            libattr1-dev:arm64 \
+            libaudit-dev:arm64 \
+            libavahi-client-dev:arm64 \
+            libblkid-dev:arm64 \
+            libc6-dev:arm64 \
+            libcap-ng-dev:arm64 \
+            libcurl4-gnutls-dev:arm64 \
+            libdbus-1-dev:arm64 \
+            libdevmapper-dev:arm64 \
+            libfuse-dev:arm64 \
+            libglib2.0-dev:arm64 \
+            libglusterfs-dev:arm64 \
+            libgnutls28-dev:arm64 \
+            libiscsi-dev:arm64 \
+            libnl-3-dev:arm64 \
+            libnl-route-3-dev:arm64 \
+            libnuma-dev:arm64 \
+            libparted-dev:arm64 \
+            libpcap0.8-dev:arm64 \
+            libpciaccess-dev:arm64 \
+            librbd-dev:arm64 \
+            libreadline-dev:arm64 \
+            libsanlock-dev:arm64 \
+            libsasl2-dev:arm64 \
+            libselinux1-dev:arm64 \
+            libssh-gcrypt-dev:arm64 \
+            libssh2-1-dev:arm64 \
+            libtirpc-dev:arm64 \
+            libudev-dev:arm64 \
+            libxen-dev:arm64 \
+            libxml2-dev:arm64 \
+            libyajl-dev:arm64 \
+            systemtap-sdt-dev:arm64 \
+            xfslibs-dev:arm64 && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    mkdir -p /usr/local/share/meson/cross && \
+    echo "[binaries]\n\
+c = '/usr/bin/aarch64-linux-gnu-gcc'\n\
+ar = '/usr/bin/aarch64-linux-gnu-gcc-ar'\n\
+strip = '/usr/bin/aarch64-linux-gnu-strip'\n\
+pkgconfig = '/usr/bin/aarch64-linux-gnu-pkg-config'\n\
+\n\
+[host_machine]\n\
+system = 'linux'\n\
+cpu_family = 'aarch64'\n\
+cpu = 'aarch64'\n\
+endian = 'little'" > /usr/local/share/meson/cross/aarch64-linux-gnu
+
+RUN pip3 install \
+         meson==0.56.0
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+
+ENV ABI "aarch64-linux-gnu"
+ENV MESON_OPTS "--cross-file=aarch64-linux-gnu"

ci/containers/debian-10-cross-armv6l.Dockerfile

@@ -0,0 +1,131 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross armv6l debian-10 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/1d4e10a04c6a0d29302003244a9dc4dc3c9d06f0
+
+FROM docker.io/library/debian:10-slim
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    apt-get update && \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
+            augeas-lenses \
+            augeas-tools \
+            bash-completion \
+            ca-certificates \
+            ccache \
+            cpp \
+            diffutils \
+            dnsmasq-base \
+            dwarves \
+            ebtables \
+            flake8 \
+            gettext \
+            git \
+            grep \
+            iproute2 \
+            iptables \
+            kmod \
+            libc-dev-bin \
+            libxml2-utils \
+            locales \
+            lvm2 \
+            make \
+            nfs-common \
+            ninja-build \
+            numad \
+            open-iscsi \
+            parted \
+            perl-base \
+            pkgconf \
+            policykit-1 \
+            python3 \
+            python3-docutils \
+            python3-pip \
+            python3-setuptools \
+            python3-wheel \
+            qemu-utils \
+            radvd \
+            scrub \
+            sed \
+            xsltproc \
+            zfs-fuse && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
+    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabi-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabi-gcc
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    dpkg --add-architecture armel && \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
+            gcc-arm-linux-gnueabi \
+            libacl1-dev:armel \
+            libapparmor-dev:armel \
+            libattr1-dev:armel \
+            libaudit-dev:armel \
+            libavahi-client-dev:armel \
+            libblkid-dev:armel \
+            libc6-dev:armel \
+            libcap-ng-dev:armel \
+            libcurl4-gnutls-dev:armel \
+            libdbus-1-dev:armel \
+            libdevmapper-dev:armel \
+            libfuse-dev:armel \
+            libglib2.0-dev:armel \
+            libglusterfs-dev:armel \
+            libgnutls28-dev:armel \
+            libiscsi-dev:armel \
+            libnl-3-dev:armel \
+            libnl-route-3-dev:armel \
+            libnuma-dev:armel \
+            libparted-dev:armel \
+            libpcap0.8-dev:armel \
+            libpciaccess-dev:armel \
+            librbd-dev:armel \
+            libreadline-dev:armel \
+            libsanlock-dev:armel \
+            libsasl2-dev:armel \
+            libselinux1-dev:armel \
+            libssh-gcrypt-dev:armel \
+            libssh2-1-dev:armel \
+            libtirpc-dev:armel \
+            libudev-dev:armel \
+            libxml2-dev:armel \
+            libyajl-dev:armel \
+            systemtap-sdt-dev:armel \
+            xfslibs-dev:armel && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    mkdir -p /usr/local/share/meson/cross && \
+    echo "[binaries]\n\
+c = '/usr/bin/arm-linux-gnueabi-gcc'\n\
+ar = '/usr/bin/arm-linux-gnueabi-gcc-ar'\n\
+strip = '/usr/bin/arm-linux-gnueabi-strip'\n\
+pkgconfig = '/usr/bin/arm-linux-gnueabi-pkg-config'\n\
+\n\
+[host_machine]\n\
+system = 'linux'\n\
+cpu_family = 'arm'\n\
+cpu = 'arm'\n\
+endian = 'little'" > /usr/local/share/meson/cross/arm-linux-gnueabi
+
+RUN pip3 install \
+         meson==0.56.0
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+
+ENV ABI "arm-linux-gnueabi"
+ENV MESON_OPTS "--cross-file=arm-linux-gnueabi"

ci/containers/debian-10-cross-armv7l.Dockerfile

@@ -0,0 +1,132 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross armv7l debian-10 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/1d4e10a04c6a0d29302003244a9dc4dc3c9d06f0
+
+FROM docker.io/library/debian:10-slim
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    apt-get update && \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
+            augeas-lenses \
+            augeas-tools \
+            bash-completion \
+            ca-certificates \
+            ccache \
+            cpp \
+            diffutils \
+            dnsmasq-base \
+            dwarves \
+            ebtables \
+            flake8 \
+            gettext \
+            git \
+            grep \
+            iproute2 \
+            iptables \
+            kmod \
+            libc-dev-bin \
+            libxml2-utils \
+            locales \
+            lvm2 \
+            make \
+            nfs-common \
+            ninja-build \
+            numad \
+            open-iscsi \
+            parted \
+            perl-base \
+            pkgconf \
+            policykit-1 \
+            python3 \
+            python3-docutils \
+            python3-pip \
+            python3-setuptools \
+            python3-wheel \
+            qemu-utils \
+            radvd \
+            scrub \
+            sed \
+            xsltproc \
+            zfs-fuse && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
+    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabihf-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabihf-gcc
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    dpkg --add-architecture armhf && \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
+            gcc-arm-linux-gnueabihf \
+            libacl1-dev:armhf \
+            libapparmor-dev:armhf \
+            libattr1-dev:armhf \
+            libaudit-dev:armhf \
+            libavahi-client-dev:armhf \
+            libblkid-dev:armhf \
+            libc6-dev:armhf \
+            libcap-ng-dev:armhf \
+            libcurl4-gnutls-dev:armhf \
+            libdbus-1-dev:armhf \
+            libdevmapper-dev:armhf \
+            libfuse-dev:armhf \
+            libglib2.0-dev:armhf \
+            libglusterfs-dev:armhf \
+            libgnutls28-dev:armhf \
+            libiscsi-dev:armhf \
+            libnl-3-dev:armhf \
+            libnl-route-3-dev:armhf \
+            libnuma-dev:armhf \
+            libparted-dev:armhf \
+            libpcap0.8-dev:armhf \
+            libpciaccess-dev:armhf \
+            librbd-dev:armhf \
+            libreadline-dev:armhf \
+            libsanlock-dev:armhf \
+            libsasl2-dev:armhf \
+            libselinux1-dev:armhf \
+            libssh-gcrypt-dev:armhf \
+            libssh2-1-dev:armhf \
+            libtirpc-dev:armhf \
+            libudev-dev:armhf \
+            libxen-dev:armhf \
+            libxml2-dev:armhf \
+            libyajl-dev:armhf \
+            systemtap-sdt-dev:armhf \
+            xfslibs-dev:armhf && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    mkdir -p /usr/local/share/meson/cross && \
+    echo "[binaries]\n\
+c = '/usr/bin/arm-linux-gnueabihf-gcc'\n\
+ar = '/usr/bin/arm-linux-gnueabihf-gcc-ar'\n\
+strip = '/usr/bin/arm-linux-gnueabihf-strip'\n\
+pkgconfig = '/usr/bin/arm-linux-gnueabihf-pkg-config'\n\
+\n\
+[host_machine]\n\
+system = 'linux'\n\
+cpu_family = 'arm'\n\
+cpu = 'armhf'\n\
+endian = 'little'" > /usr/local/share/meson/cross/arm-linux-gnueabihf
+
+RUN pip3 install \
+         meson==0.56.0
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+
+ENV ABI "arm-linux-gnueabihf"
+ENV MESON_OPTS "--cross-file=arm-linux-gnueabihf"

ci/containers/debian-10-cross-i686.Dockerfile

@@ -0,0 +1,131 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross i686 debian-10 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/1d4e10a04c6a0d29302003244a9dc4dc3c9d06f0
+
+FROM docker.io/library/debian:10-slim
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    apt-get update && \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
+            augeas-lenses \
+            augeas-tools \
+            bash-completion \
+            ca-certificates \
+            ccache \
+            cpp \
+            diffutils \
+            dnsmasq-base \
+            dwarves \
+            ebtables \
+            flake8 \
+            gettext \
+            git \
+            grep \
+            iproute2 \
+            iptables \
+            kmod \
+            libc-dev-bin \
+            libxml2-utils \
+            locales \
+            lvm2 \
+            make \
+            nfs-common \
+            ninja-build \
+            numad \
+            open-iscsi \
+            parted \
+            perl-base \
+            pkgconf \
+            policykit-1 \
+            python3 \
+            python3-docutils \
+            python3-pip \
+            python3-setuptools \
+            python3-wheel \
+            qemu-utils \
+            radvd \
+            scrub \
+            sed \
+            xsltproc \
+            zfs-fuse && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
+    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-linux-gnu-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-linux-gnu-gcc
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    dpkg --add-architecture i386 && \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
+            gcc-i686-linux-gnu \
+            libacl1-dev:i386 \
+            libapparmor-dev:i386 \
+            libattr1-dev:i386 \
+            libaudit-dev:i386 \
+            libavahi-client-dev:i386 \
+            libblkid-dev:i386 \
+            libc6-dev:i386 \
+            libcap-ng-dev:i386 \
+            libcurl4-gnutls-dev:i386 \
+            libdbus-1-dev:i386 \
+            libdevmapper-dev:i386 \
+            libfuse-dev:i386 \
+            libglib2.0-dev:i386 \
+            libglusterfs-dev:i386 \
+            libgnutls28-dev:i386 \
+            libiscsi-dev:i386 \
+            libnl-3-dev:i386 \
+            libnl-route-3-dev:i386 \
+            libnuma-dev:i386 \
+            libparted-dev:i386 \
+            libpcap0.8-dev:i386 \
+            libpciaccess-dev:i386 \
+            librbd-dev:i386 \
+            libreadline-dev:i386 \
+            libsanlock-dev:i386 \
+            libsasl2-dev:i386 \
+            libselinux1-dev:i386 \
+            libssh-gcrypt-dev:i386 \
+            libssh2-1-dev:i386 \
+            libtirpc-dev:i386 \
+            libudev-dev:i386 \
+            libxml2-dev:i386 \
+            libyajl-dev:i386 \
+            systemtap-sdt-dev:i386 \
+            xfslibs-dev:i386 && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    mkdir -p /usr/local/share/meson/cross && \
+    echo "[binaries]\n\
+c = '/usr/bin/i686-linux-gnu-gcc'\n\
+ar = '/usr/bin/i686-linux-gnu-gcc-ar'\n\
+strip = '/usr/bin/i686-linux-gnu-strip'\n\
+pkgconfig = '/usr/bin/i686-linux-gnu-pkg-config'\n\
+\n\
+[host_machine]\n\
+system = 'linux'\n\
+cpu_family = 'x86'\n\
+cpu = 'i686'\n\
+endian = 'little'" > /usr/local/share/meson/cross/i686-linux-gnu
+
+RUN pip3 install \
+         meson==0.56.0
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+
+ENV ABI "i686-linux-gnu"
+ENV MESON_OPTS "--cross-file=i686-linux-gnu"

ci/containers/debian-10-cross-mips.Dockerfile

@@ -0,0 +1,131 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross mips debian-10 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/1d4e10a04c6a0d29302003244a9dc4dc3c9d06f0
+
+FROM docker.io/library/debian:10-slim
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    apt-get update && \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
+            augeas-lenses \
+            augeas-tools \
+            bash-completion \
+            ca-certificates \
+            ccache \
+            cpp \
+            diffutils \
+            dnsmasq-base \
+            dwarves \
+            ebtables \
+            flake8 \
+            gettext \
+            git \
+            grep \
+            iproute2 \
+            iptables \
+            kmod \
+            libc-dev-bin \
+            libxml2-utils \
+            locales \
+            lvm2 \
+            make \
+            nfs-common \
+            ninja-build \
+            numad \
+            open-iscsi \
+            parted \
+            perl-base \
+            pkgconf \
+            policykit-1 \
+            python3 \
+            python3-docutils \
+            python3-pip \
+            python3-setuptools \
+            python3-wheel \
+            qemu-utils \
+            radvd \
+            scrub \
+            sed \
+            xsltproc \
+            zfs-fuse && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
+    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mips-linux-gnu-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mips-linux-gnu-gcc
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    dpkg --add-architecture mips && \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
+            gcc-mips-linux-gnu \
+            libacl1-dev:mips \
+            libapparmor-dev:mips \
+            libattr1-dev:mips \
+            libaudit-dev:mips \
+            libavahi-client-dev:mips \
+            libblkid-dev:mips \
+            libc6-dev:mips \
+            libcap-ng-dev:mips \
+            libcurl4-gnutls-dev:mips \
+            libdbus-1-dev:mips \
+            libdevmapper-dev:mips \
+            libfuse-dev:mips \
+            libglib2.0-dev:mips \
+            libglusterfs-dev:mips \
+            libgnutls28-dev:mips \
+            libiscsi-dev:mips \
+            libnl-3-dev:mips \
+            libnl-route-3-dev:mips \
+            libnuma-dev:mips \
+            libparted-dev:mips \
+            libpcap0.8-dev:mips \
+            libpciaccess-dev:mips \
+            librbd-dev:mips \
+            libreadline-dev:mips \
+            libsanlock-dev:mips \
+            libsasl2-dev:mips \
+            libselinux1-dev:mips \
+            libssh-gcrypt-dev:mips \
+            libssh2-1-dev:mips \
+            libtirpc-dev:mips \
+            libudev-dev:mips \
+            libxml2-dev:mips \
+            libyajl-dev:mips \
+            systemtap-sdt-dev:mips \
+            xfslibs-dev:mips && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    mkdir -p /usr/local/share/meson/cross && \
+    echo "[binaries]\n\
+c = '/usr/bin/mips-linux-gnu-gcc'\n\
+ar = '/usr/bin/mips-linux-gnu-gcc-ar'\n\
+strip = '/usr/bin/mips-linux-gnu-strip'\n\
+pkgconfig = '/usr/bin/mips-linux-gnu-pkg-config'\n\
+\n\
+[host_machine]\n\
+system = 'linux'\n\
+cpu_family = 'mips'\n\
+cpu = 'mips'\n\
+endian = 'big'" > /usr/local/share/meson/cross/mips-linux-gnu
+
+RUN pip3 install \
+         meson==0.56.0
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+
+ENV ABI "mips-linux-gnu"
+ENV MESON_OPTS "--cross-file=mips-linux-gnu"

ci/containers/debian-10-cross-mips64el.Dockerfile

@@ -0,0 +1,131 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross mips64el debian-10 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/1d4e10a04c6a0d29302003244a9dc4dc3c9d06f0
+
+FROM docker.io/library/debian:10-slim
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    apt-get update && \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
+            augeas-lenses \
+            augeas-tools \
+            bash-completion \
+            ca-certificates \
+            ccache \
+            cpp \
+            diffutils \
+            dnsmasq-base \
+            dwarves \
+            ebtables \
+            flake8 \
+            gettext \
+            git \
+            grep \
+            iproute2 \
+            iptables \
+            kmod \
+            libc-dev-bin \
+            libxml2-utils \
+            locales \
+            lvm2 \
+            make \
+            nfs-common \
+            ninja-build \
+            numad \
+            open-iscsi \
+            parted \
+            perl-base \
+            pkgconf \
+            policykit-1 \
+            python3 \
+            python3-docutils \
+            python3-pip \
+            python3-setuptools \
+            python3-wheel \
+            qemu-utils \
+            radvd \
+            scrub \
+            sed \
+            xsltproc \
+            zfs-fuse && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
+    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mips64el-linux-gnuabi64-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mips64el-linux-gnuabi64-gcc
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    dpkg --add-architecture mips64el && \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
+            gcc-mips64el-linux-gnuabi64 \
+            libacl1-dev:mips64el \
+            libapparmor-dev:mips64el \
+            libattr1-dev:mips64el \
+            libaudit-dev:mips64el \
+            libavahi-client-dev:mips64el \
+            libblkid-dev:mips64el \
+            libc6-dev:mips64el \
+            libcap-ng-dev:mips64el \
+            libcurl4-gnutls-dev:mips64el \
+            libdbus-1-dev:mips64el \
+            libdevmapper-dev:mips64el \
+            libfuse-dev:mips64el \
+            libglib2.0-dev:mips64el \
+            libglusterfs-dev:mips64el \
+            libgnutls28-dev:mips64el \
+            libiscsi-dev:mips64el \
+            libnl-3-dev:mips64el \
+            libnl-route-3-dev:mips64el \
+            libnuma-dev:mips64el \
+            libparted-dev:mips64el \
+            libpcap0.8-dev:mips64el \
+            libpciaccess-dev:mips64el \
+            librbd-dev:mips64el \
+            libreadline-dev:mips64el \
+            libsanlock-dev:mips64el \
+            libsasl2-dev:mips64el \
+            libselinux1-dev:mips64el \
+            libssh-gcrypt-dev:mips64el \
+            libssh2-1-dev:mips64el \
+            libtirpc-dev:mips64el \
+            libudev-dev:mips64el \
+            libxml2-dev:mips64el \
+            libyajl-dev:mips64el \
+            systemtap-sdt-dev:mips64el \
+            xfslibs-dev:mips64el && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    mkdir -p /usr/local/share/meson/cross && \
+    echo "[binaries]\n\
+c = '/usr/bin/mips64el-linux-gnuabi64-gcc'\n\
+ar = '/usr/bin/mips64el-linux-gnuabi64-gcc-ar'\n\
+strip = '/usr/bin/mips64el-linux-gnuabi64-strip'\n\
+pkgconfig = '/usr/bin/mips64el-linux-gnuabi64-pkg-config'\n\
+\n\
+[host_machine]\n\
+system = 'linux'\n\
+cpu_family = 'mips64'\n\
+cpu = 'mips64el'\n\
+endian = 'little'" > /usr/local/share/meson/cross/mips64el-linux-gnuabi64
+
+RUN pip3 install \
+         meson==0.56.0
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+
+ENV ABI "mips64el-linux-gnuabi64"
+ENV MESON_OPTS "--cross-file=mips64el-linux-gnuabi64"

ci/containers/debian-10-cross-mipsel.Dockerfile

@@ -0,0 +1,131 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross mipsel debian-10 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/1d4e10a04c6a0d29302003244a9dc4dc3c9d06f0
+
+FROM docker.io/library/debian:10-slim
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    apt-get update && \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
+            augeas-lenses \
+            augeas-tools \
+            bash-completion \
+            ca-certificates \
+            ccache \
+            cpp \
+            diffutils \
+            dnsmasq-base \
+            dwarves \
+            ebtables \
+            flake8 \
+            gettext \
+            git \
+            grep \
+            iproute2 \
+            iptables \
+            kmod \
+            libc-dev-bin \
+            libxml2-utils \
+            locales \
+            lvm2 \
+            make \
+            nfs-common \
+            ninja-build \
+            numad \
+            open-iscsi \
+            parted \
+            perl-base \
+            pkgconf \
+            policykit-1 \
+            python3 \
+            python3-docutils \
+            python3-pip \
+            python3-setuptools \
+            python3-wheel \
+            qemu-utils \
+            radvd \
+            scrub \
+            sed \
+            xsltproc \
+            zfs-fuse && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
+    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mipsel-linux-gnu-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mipsel-linux-gnu-gcc
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    dpkg --add-architecture mipsel && \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
+            gcc-mipsel-linux-gnu \
+            libacl1-dev:mipsel \
+            libapparmor-dev:mipsel \
+            libattr1-dev:mipsel \
+            libaudit-dev:mipsel \
+            libavahi-client-dev:mipsel \
+            libblkid-dev:mipsel \
+            libc6-dev:mipsel \
+            libcap-ng-dev:mipsel \
+            libcurl4-gnutls-dev:mipsel \
+            libdbus-1-dev:mipsel \
+            libdevmapper-dev:mipsel \
+            libfuse-dev:mipsel \
+            libglib2.0-dev:mipsel \
+            libglusterfs-dev:mipsel \
+            libgnutls28-dev:mipsel \
+            libiscsi-dev:mipsel \
+            libnl-3-dev:mipsel \
+            libnl-route-3-dev:mipsel \
+            libnuma-dev:mipsel \
+            libparted-dev:mipsel \
+            libpcap0.8-dev:mipsel \
+            libpciaccess-dev:mipsel \
+            librbd-dev:mipsel \
+            libreadline-dev:mipsel \
+            libsanlock-dev:mipsel \
+            libsasl2-dev:mipsel \
+            libselinux1-dev:mipsel \
+            libssh-gcrypt-dev:mipsel \
+            libssh2-1-dev:mipsel \
+            libtirpc-dev:mipsel \
+            libudev-dev:mipsel \
+            libxml2-dev:mipsel \
+            libyajl-dev:mipsel \
+            systemtap-sdt-dev:mipsel \
+            xfslibs-dev:mipsel && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    mkdir -p /usr/local/share/meson/cross && \
+    echo "[binaries]\n\
+c = '/usr/bin/mipsel-linux-gnu-gcc'\n\
+ar = '/usr/bin/mipsel-linux-gnu-gcc-ar'\n\
+strip = '/usr/bin/mipsel-linux-gnu-strip'\n\
+pkgconfig = '/usr/bin/mipsel-linux-gnu-pkg-config'\n\
+\n\
+[host_machine]\n\
+system = 'linux'\n\
+cpu_family = 'mips'\n\
+cpu = 'mipsel'\n\
+endian = 'little'" > /usr/local/share/meson/cross/mipsel-linux-gnu
+
+RUN pip3 install \
+         meson==0.56.0
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+
+ENV ABI "mipsel-linux-gnu"
+ENV MESON_OPTS "--cross-file=mipsel-linux-gnu"

ci/containers/debian-10-cross-ppc64le.Dockerfile

@@ -0,0 +1,131 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross ppc64le debian-10 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/1d4e10a04c6a0d29302003244a9dc4dc3c9d06f0
+
+FROM docker.io/library/debian:10-slim
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    apt-get update && \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
+            augeas-lenses \
+            augeas-tools \
+            bash-completion \
+            ca-certificates \
+            ccache \
+            cpp \
+            diffutils \
+            dnsmasq-base \
+            dwarves \
+            ebtables \
+            flake8 \
+            gettext \
+            git \
+            grep \
+            iproute2 \
+            iptables \
+            kmod \
+            libc-dev-bin \
+            libxml2-utils \
+            locales \
+            lvm2 \
+            make \
+            nfs-common \
+            ninja-build \
+            numad \
+            open-iscsi \
+            parted \
+            perl-base \
+            pkgconf \
+            policykit-1 \
+            python3 \
+            python3-docutils \
+            python3-pip \
+            python3-setuptools \
+            python3-wheel \
+            qemu-utils \
+            radvd \
+            scrub \
+            sed \
+            xsltproc \
+            zfs-fuse && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
+    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/powerpc64le-linux-gnu-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/powerpc64le-linux-gnu-gcc
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    dpkg --add-architecture ppc64el && \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
+            gcc-powerpc64le-linux-gnu \
+            libacl1-dev:ppc64el \
+            libapparmor-dev:ppc64el \
+            libattr1-dev:ppc64el \
+            libaudit-dev:ppc64el \
+            libavahi-client-dev:ppc64el \
+            libblkid-dev:ppc64el \
+            libc6-dev:ppc64el \
+            libcap-ng-dev:ppc64el \
+            libcurl4-gnutls-dev:ppc64el \
+            libdbus-1-dev:ppc64el \
+            libdevmapper-dev:ppc64el \
+            libfuse-dev:ppc64el \
+            libglib2.0-dev:ppc64el \
+            libglusterfs-dev:ppc64el \
+            libgnutls28-dev:ppc64el \
+            libiscsi-dev:ppc64el \
+            libnl-3-dev:ppc64el \
+            libnl-route-3-dev:ppc64el \
+            libnuma-dev:ppc64el \
+            libparted-dev:ppc64el \
+            libpcap0.8-dev:ppc64el \
+            libpciaccess-dev:ppc64el \
+            librbd-dev:ppc64el \
+            libreadline-dev:ppc64el \
+            libsanlock-dev:ppc64el \
+            libsasl2-dev:ppc64el \
+            libselinux1-dev:ppc64el \
+            libssh-gcrypt-dev:ppc64el \
+            libssh2-1-dev:ppc64el \
+            libtirpc-dev:ppc64el \
+            libudev-dev:ppc64el \
+            libxml2-dev:ppc64el \
+            libyajl-dev:ppc64el \
+            systemtap-sdt-dev:ppc64el \
+            xfslibs-dev:ppc64el && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    mkdir -p /usr/local/share/meson/cross && \
+    echo "[binaries]\n\
+c = '/usr/bin/powerpc64le-linux-gnu-gcc'\n\
+ar = '/usr/bin/powerpc64le-linux-gnu-gcc-ar'\n\
+strip = '/usr/bin/powerpc64le-linux-gnu-strip'\n\
+pkgconfig = '/usr/bin/powerpc64le-linux-gnu-pkg-config'\n\
+\n\
+[host_machine]\n\
+system = 'linux'\n\
+cpu_family = 'ppc64'\n\
+cpu = 'powerpc64le'\n\
+endian = 'little'" > /usr/local/share/meson/cross/powerpc64le-linux-gnu
+
+RUN pip3 install \
+         meson==0.56.0
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+
+ENV ABI "powerpc64le-linux-gnu"
+ENV MESON_OPTS "--cross-file=powerpc64le-linux-gnu"

ci/containers/debian-10-cross-s390x.Dockerfile

@@ -0,0 +1,131 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross s390x debian-10 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/1d4e10a04c6a0d29302003244a9dc4dc3c9d06f0
+
+FROM docker.io/library/debian:10-slim
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    apt-get update && \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
+            augeas-lenses \
+            augeas-tools \
+            bash-completion \
+            ca-certificates \
+            ccache \
+            cpp \
+            diffutils \
+            dnsmasq-base \
+            dwarves \
+            ebtables \
+            flake8 \
+            gettext \
+            git \
+            grep \
+            iproute2 \
+            iptables \
+            kmod \
+            libc-dev-bin \
+            libxml2-utils \
+            locales \
+            lvm2 \
+            make \
+            nfs-common \
+            ninja-build \
+            numad \
+            open-iscsi \
+            parted \
+            perl-base \
+            pkgconf \
+            policykit-1 \
+            python3 \
+            python3-docutils \
+            python3-pip \
+            python3-setuptools \
+            python3-wheel \
+            qemu-utils \
+            radvd \
+            scrub \
+            sed \
+            xsltproc \
+            zfs-fuse && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
+    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/s390x-linux-gnu-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/s390x-linux-gnu-gcc
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    dpkg --add-architecture s390x && \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
+            gcc-s390x-linux-gnu \
+            libacl1-dev:s390x \
+            libapparmor-dev:s390x \
+            libattr1-dev:s390x \
+            libaudit-dev:s390x \
+            libavahi-client-dev:s390x \
+            libblkid-dev:s390x \
+            libc6-dev:s390x \
+            libcap-ng-dev:s390x \
+            libcurl4-gnutls-dev:s390x \
+            libdbus-1-dev:s390x \
+            libdevmapper-dev:s390x \
+            libfuse-dev:s390x \
+            libglib2.0-dev:s390x \
+            libglusterfs-dev:s390x \
+            libgnutls28-dev:s390x \
+            libiscsi-dev:s390x \
+            libnl-3-dev:s390x \
+            libnl-route-3-dev:s390x \
+            libnuma-dev:s390x \
+            libparted-dev:s390x \
+            libpcap0.8-dev:s390x \
+            libpciaccess-dev:s390x \
+            librbd-dev:s390x \
+            libreadline-dev:s390x \
+            libsanlock-dev:s390x \
+            libsasl2-dev:s390x \
+            libselinux1-dev:s390x \
+            libssh-gcrypt-dev:s390x \
+            libssh2-1-dev:s390x \
+            libtirpc-dev:s390x \
+            libudev-dev:s390x \
+            libxml2-dev:s390x \
+            libyajl-dev:s390x \
+            systemtap-sdt-dev:s390x \
+            xfslibs-dev:s390x && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    mkdir -p /usr/local/share/meson/cross && \
+    echo "[binaries]\n\
+c = '/usr/bin/s390x-linux-gnu-gcc'\n\
+ar = '/usr/bin/s390x-linux-gnu-gcc-ar'\n\
+strip = '/usr/bin/s390x-linux-gnu-strip'\n\
+pkgconfig = '/usr/bin/s390x-linux-gnu-pkg-config'\n\
+\n\
+[host_machine]\n\
+system = 'linux'\n\
+cpu_family = 's390x'\n\
+cpu = 's390x'\n\
+endian = 'big'" > /usr/local/share/meson/cross/s390x-linux-gnu
+
+RUN pip3 install \
+         meson==0.56.0
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+
+ENV ABI "s390x-linux-gnu"
+ENV MESON_OPTS "--cross-file=s390x-linux-gnu"

ci/containers/debian-10.Dockerfile

@@ -0,0 +1,112 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile debian-10 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/1d4e10a04c6a0d29302003244a9dc4dc3c9d06f0
+
+FROM docker.io/library/debian:10-slim
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    apt-get update && \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
+            augeas-lenses \
+            augeas-tools \
+            bash-completion \
+            ca-certificates \
+            ccache \
+            clang \
+            cpp \
+            diffutils \
+            dnsmasq-base \
+            dwarves \
+            ebtables \
+            flake8 \
+            gcc \
+            gettext \
+            git \
+            grep \
+            iproute2 \
+            iptables \
+            kmod \
+            libacl1-dev \
+            libapparmor-dev \
+            libattr1-dev \
+            libaudit-dev \
+            libavahi-client-dev \
+            libblkid-dev \
+            libc-dev-bin \
+            libc6-dev \
+            libcap-ng-dev \
+            libcurl4-gnutls-dev \
+            libdbus-1-dev \
+            libdevmapper-dev \
+            libfuse-dev \
+            libglib2.0-dev \
+            libglusterfs-dev \
+            libgnutls28-dev \
+            libiscsi-dev \
+            libnetcf-dev \
+            libnl-3-dev \
+            libnl-route-3-dev \
+            libnuma-dev \
+            libparted-dev \
+            libpcap0.8-dev \
+            libpciaccess-dev \
+            librbd-dev \
+            libreadline-dev \
+            libsanlock-dev \
+            libsasl2-dev \
+            libselinux1-dev \
+            libssh-gcrypt-dev \
+            libssh2-1-dev \
+            libtirpc-dev \
+            libudev-dev \
+            libxen-dev \
+            libxml2-dev \
+            libxml2-utils \
+            libyajl-dev \
+            locales \
+            lvm2 \
+            make \
+            nfs-common \
+            ninja-build \
+            numad \
+            open-iscsi \
+            parted \
+            perl-base \
+            pkgconf \
+            policykit-1 \
+            python3 \
+            python3-docutils \
+            python3-pip \
+            python3-setuptools \
+            python3-wheel \
+            qemu-utils \
+            radvd \
+            scrub \
+            sed \
+            systemtap-sdt-dev \
+            wireshark-dev \
+            xfslibs-dev \
+            xsltproc \
+            zfs-fuse && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
+    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/clang && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/gcc
+
+RUN pip3 install \
+         meson==0.56.0
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

ci/containers/debian-sid-cross-aarch64.Dockerfile

@@ -0,0 +1,127 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross aarch64 debian-sid libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/1d4e10a04c6a0d29302003244a9dc4dc3c9d06f0
+
+FROM docker.io/library/debian:sid-slim
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    apt-get update && \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
+            augeas-lenses \
+            augeas-tools \
+            bash-completion \
+            ca-certificates \
+            ccache \
+            cpp \
+            diffutils \
+            dnsmasq-base \
+            dwarves \
+            ebtables \
+            flake8 \
+            gettext \
+            git \
+            grep \
+            iproute2 \
+            iptables \
+            kmod \
+            libc-dev-bin \
+            libxml2-utils \
+            locales \
+            lvm2 \
+            make \
+            meson \
+            nfs-common \
+            ninja-build \
+            numad \
+            open-iscsi \
+            parted \
+            perl-base \
+            pkgconf \
+            policykit-1 \
+            python3 \
+            python3-docutils \
+            qemu-utils \
+            radvd \
+            scrub \
+            sed \
+            xsltproc \
+            zfs-fuse && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
+    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/aarch64-linux-gnu-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/aarch64-linux-gnu-gcc
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    dpkg --add-architecture arm64 && \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
+            gcc-aarch64-linux-gnu \
+            libacl1-dev:arm64 \
+            libapparmor-dev:arm64 \
+            libattr1-dev:arm64 \
+            libaudit-dev:arm64 \
+            libavahi-client-dev:arm64 \
+            libblkid-dev:arm64 \
+            libc6-dev:arm64 \
+            libcap-ng-dev:arm64 \
+            libcurl4-gnutls-dev:arm64 \
+            libdbus-1-dev:arm64 \
+            libdevmapper-dev:arm64 \
+            libfuse-dev:arm64 \
+            libglib2.0-dev:arm64 \
+            libglusterfs-dev:arm64 \
+            libgnutls28-dev:arm64 \
+            libiscsi-dev:arm64 \
+            libnl-3-dev:arm64 \
+            libnl-route-3-dev:arm64 \
+            libnuma-dev:arm64 \
+            libparted-dev:arm64 \
+            libpcap0.8-dev:arm64 \
+            libpciaccess-dev:arm64 \
+            librbd-dev:arm64 \
+            libreadline-dev:arm64 \
+            libsanlock-dev:arm64 \
+            libsasl2-dev:arm64 \
+            libselinux1-dev:arm64 \
+            libssh-gcrypt-dev:arm64 \
+            libssh2-1-dev:arm64 \
+            libtirpc-dev:arm64 \
+            libudev-dev:arm64 \
+            libxen-dev:arm64 \
+            libxml2-dev:arm64 \
+            libyajl-dev:arm64 \
+            systemtap-sdt-dev:arm64 \
+            xfslibs-dev:arm64 && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    mkdir -p /usr/local/share/meson/cross && \
+    echo "[binaries]\n\
+c = '/usr/bin/aarch64-linux-gnu-gcc'\n\
+ar = '/usr/bin/aarch64-linux-gnu-gcc-ar'\n\
+strip = '/usr/bin/aarch64-linux-gnu-strip'\n\
+pkgconfig = '/usr/bin/aarch64-linux-gnu-pkg-config'\n\
+\n\
+[host_machine]\n\
+system = 'linux'\n\
+cpu_family = 'aarch64'\n\
+cpu = 'aarch64'\n\
+endian = 'little'" > /usr/local/share/meson/cross/aarch64-linux-gnu
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+
+ENV ABI "aarch64-linux-gnu"
+ENV MESON_OPTS "--cross-file=aarch64-linux-gnu"

ci/containers/debian-sid-cross-armv6l.Dockerfile

@@ -0,0 +1,126 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross armv6l debian-sid libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/1d4e10a04c6a0d29302003244a9dc4dc3c9d06f0
+
+FROM docker.io/library/debian:sid-slim
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    apt-get update && \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
+            augeas-lenses \
+            augeas-tools \
+            bash-completion \
+            ca-certificates \
+            ccache \
+            cpp \
+            diffutils \
+            dnsmasq-base \
+            dwarves \
+            ebtables \
+            flake8 \
+            gettext \
+            git \
+            grep \
+            iproute2 \
+            iptables \
+            kmod \
+            libc-dev-bin \
+            libxml2-utils \
+            locales \
+            lvm2 \
+            make \
+            meson \
+            nfs-common \
+            ninja-build \
+            numad \
+            open-iscsi \
+            parted \
+            perl-base \
+            pkgconf \
+            policykit-1 \
+            python3 \
+            python3-docutils \
+            qemu-utils \
+            radvd \
+            scrub \
+            sed \
+            xsltproc \
+            zfs-fuse && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
+    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabi-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabi-gcc
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    dpkg --add-architecture armel && \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
+            gcc-arm-linux-gnueabi \
+            libacl1-dev:armel \
+            libapparmor-dev:armel \
+            libattr1-dev:armel \
+            libaudit-dev:armel \
+            libavahi-client-dev:armel \
+            libblkid-dev:armel \
+            libc6-dev:armel \
+            libcap-ng-dev:armel \
+            libcurl4-gnutls-dev:armel \
+            libdbus-1-dev:armel \
+            libdevmapper-dev:armel \
+            libfuse-dev:armel \
+            libglib2.0-dev:armel \
+            libglusterfs-dev:armel \
+            libgnutls28-dev:armel \
+            libiscsi-dev:armel \
+            libnl-3-dev:armel \
+            libnl-route-3-dev:armel \
+            libnuma-dev:armel \
+            libparted-dev:armel \
+            libpcap0.8-dev:armel \
+            libpciaccess-dev:armel \
+            librbd-dev:armel \
+            libreadline-dev:armel \
+            libsanlock-dev:armel \
+            libsasl2-dev:armel \
+            libselinux1-dev:armel \
+            libssh-gcrypt-dev:armel \
+            libssh2-1-dev:armel \
+            libtirpc-dev:armel \
+            libudev-dev:armel \
+            libxml2-dev:armel \
+            libyajl-dev:armel \
+            systemtap-sdt-dev:armel \
+            xfslibs-dev:armel && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    mkdir -p /usr/local/share/meson/cross && \
+    echo "[binaries]\n\
+c = '/usr/bin/arm-linux-gnueabi-gcc'\n\
+ar = '/usr/bin/arm-linux-gnueabi-gcc-ar'\n\
+strip = '/usr/bin/arm-linux-gnueabi-strip'\n\
+pkgconfig = '/usr/bin/arm-linux-gnueabi-pkg-config'\n\
+\n\
+[host_machine]\n\
+system = 'linux'\n\
+cpu_family = 'arm'\n\
+cpu = 'arm'\n\
+endian = 'little'" > /usr/local/share/meson/cross/arm-linux-gnueabi
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+
+ENV ABI "arm-linux-gnueabi"
+ENV MESON_OPTS "--cross-file=arm-linux-gnueabi"

ci/containers/debian-sid-cross-armv7l.Dockerfile

@@ -0,0 +1,127 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross armv7l debian-sid libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/1d4e10a04c6a0d29302003244a9dc4dc3c9d06f0
+
+FROM docker.io/library/debian:sid-slim
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    apt-get update && \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
+            augeas-lenses \
+            augeas-tools \
+            bash-completion \
+            ca-certificates \
+            ccache \
+            cpp \
+            diffutils \
+            dnsmasq-base \
+            dwarves \
+            ebtables \
+            flake8 \
+            gettext \
+            git \
+            grep \
+            iproute2 \
+            iptables \
+            kmod \
+            libc-dev-bin \
+            libxml2-utils \
+            locales \
+            lvm2 \
+            make \
+            meson \
+            nfs-common \
+            ninja-build \
+            numad \
+            open-iscsi \
+            parted \
+            perl-base \
+            pkgconf \
+            policykit-1 \
+            python3 \
+            python3-docutils \
+            qemu-utils \
+            radvd \
+            scrub \
+            sed \
+            xsltproc \
+            zfs-fuse && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
+    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabihf-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/arm-linux-gnueabihf-gcc
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    dpkg --add-architecture armhf && \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
+            gcc-arm-linux-gnueabihf \
+            libacl1-dev:armhf \
+            libapparmor-dev:armhf \
+            libattr1-dev:armhf \
+            libaudit-dev:armhf \
+            libavahi-client-dev:armhf \
+            libblkid-dev:armhf \
+            libc6-dev:armhf \
+            libcap-ng-dev:armhf \
+            libcurl4-gnutls-dev:armhf \
+            libdbus-1-dev:armhf \
+            libdevmapper-dev:armhf \
+            libfuse-dev:armhf \
+            libglib2.0-dev:armhf \
+            libglusterfs-dev:armhf \
+            libgnutls28-dev:armhf \
+            libiscsi-dev:armhf \
+            libnl-3-dev:armhf \
+            libnl-route-3-dev:armhf \
+            libnuma-dev:armhf \
+            libparted-dev:armhf \
+            libpcap0.8-dev:armhf \
+            libpciaccess-dev:armhf \
+            librbd-dev:armhf \
+            libreadline-dev:armhf \
+            libsanlock-dev:armhf \
+            libsasl2-dev:armhf \
+            libselinux1-dev:armhf \
+            libssh-gcrypt-dev:armhf \
+            libssh2-1-dev:armhf \
+            libtirpc-dev:armhf \
+            libudev-dev:armhf \
+            libxen-dev:armhf \
+            libxml2-dev:armhf \
+            libyajl-dev:armhf \
+            systemtap-sdt-dev:armhf \
+            xfslibs-dev:armhf && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    mkdir -p /usr/local/share/meson/cross && \
+    echo "[binaries]\n\
+c = '/usr/bin/arm-linux-gnueabihf-gcc'\n\
+ar = '/usr/bin/arm-linux-gnueabihf-gcc-ar'\n\
+strip = '/usr/bin/arm-linux-gnueabihf-strip'\n\
+pkgconfig = '/usr/bin/arm-linux-gnueabihf-pkg-config'\n\
+\n\
+[host_machine]\n\
+system = 'linux'\n\
+cpu_family = 'arm'\n\
+cpu = 'armhf'\n\
+endian = 'little'" > /usr/local/share/meson/cross/arm-linux-gnueabihf
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+
+ENV ABI "arm-linux-gnueabihf"
+ENV MESON_OPTS "--cross-file=arm-linux-gnueabihf"

ci/containers/debian-sid-cross-i686.Dockerfile

@@ -0,0 +1,126 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross i686 debian-sid libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/1d4e10a04c6a0d29302003244a9dc4dc3c9d06f0
+
+FROM docker.io/library/debian:sid-slim
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    apt-get update && \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
+            augeas-lenses \
+            augeas-tools \
+            bash-completion \
+            ca-certificates \
+            ccache \
+            cpp \
+            diffutils \
+            dnsmasq-base \
+            dwarves \
+            ebtables \
+            flake8 \
+            gettext \
+            git \
+            grep \
+            iproute2 \
+            iptables \
+            kmod \
+            libc-dev-bin \
+            libxml2-utils \
+            locales \
+            lvm2 \
+            make \
+            meson \
+            nfs-common \
+            ninja-build \
+            numad \
+            open-iscsi \
+            parted \
+            perl-base \
+            pkgconf \
+            policykit-1 \
+            python3 \
+            python3-docutils \
+            qemu-utils \
+            radvd \
+            scrub \
+            sed \
+            xsltproc \
+            zfs-fuse && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
+    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-linux-gnu-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-linux-gnu-gcc
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    dpkg --add-architecture i386 && \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
+            gcc-i686-linux-gnu \
+            libacl1-dev:i386 \
+            libapparmor-dev:i386 \
+            libattr1-dev:i386 \
+            libaudit-dev:i386 \
+            libavahi-client-dev:i386 \
+            libblkid-dev:i386 \
+            libc6-dev:i386 \
+            libcap-ng-dev:i386 \
+            libcurl4-gnutls-dev:i386 \
+            libdbus-1-dev:i386 \
+            libdevmapper-dev:i386 \
+            libfuse-dev:i386 \
+            libglib2.0-dev:i386 \
+            libglusterfs-dev:i386 \
+            libgnutls28-dev:i386 \
+            libiscsi-dev:i386 \
+            libnl-3-dev:i386 \
+            libnl-route-3-dev:i386 \
+            libnuma-dev:i386 \
+            libparted-dev:i386 \
+            libpcap0.8-dev:i386 \
+            libpciaccess-dev:i386 \
+            librbd-dev:i386 \
+            libreadline-dev:i386 \
+            libsanlock-dev:i386 \
+            libsasl2-dev:i386 \
+            libselinux1-dev:i386 \
+            libssh-gcrypt-dev:i386 \
+            libssh2-1-dev:i386 \
+            libtirpc-dev:i386 \
+            libudev-dev:i386 \
+            libxml2-dev:i386 \
+            libyajl-dev:i386 \
+            systemtap-sdt-dev:i386 \
+            xfslibs-dev:i386 && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    mkdir -p /usr/local/share/meson/cross && \
+    echo "[binaries]\n\
+c = '/usr/bin/i686-linux-gnu-gcc'\n\
+ar = '/usr/bin/i686-linux-gnu-gcc-ar'\n\
+strip = '/usr/bin/i686-linux-gnu-strip'\n\
+pkgconfig = '/usr/bin/i686-linux-gnu-pkg-config'\n\
+\n\
+[host_machine]\n\
+system = 'linux'\n\
+cpu_family = 'x86'\n\
+cpu = 'i686'\n\
+endian = 'little'" > /usr/local/share/meson/cross/i686-linux-gnu
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+
+ENV ABI "i686-linux-gnu"
+ENV MESON_OPTS "--cross-file=i686-linux-gnu"

ci/containers/debian-sid-cross-mips64el.Dockerfile

@@ -0,0 +1,126 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross mips64el debian-sid libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/1d4e10a04c6a0d29302003244a9dc4dc3c9d06f0
+
+FROM docker.io/library/debian:sid-slim
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    apt-get update && \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
+            augeas-lenses \
+            augeas-tools \
+            bash-completion \
+            ca-certificates \
+            ccache \
+            cpp \
+            diffutils \
+            dnsmasq-base \
+            dwarves \
+            ebtables \
+            flake8 \
+            gettext \
+            git \
+            grep \
+            iproute2 \
+            iptables \
+            kmod \
+            libc-dev-bin \
+            libxml2-utils \
+            locales \
+            lvm2 \
+            make \
+            meson \
+            nfs-common \
+            ninja-build \
+            numad \
+            open-iscsi \
+            parted \
+            perl-base \
+            pkgconf \
+            policykit-1 \
+            python3 \
+            python3-docutils \
+            qemu-utils \
+            radvd \
+            scrub \
+            sed \
+            xsltproc \
+            zfs-fuse && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
+    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mips64el-linux-gnuabi64-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mips64el-linux-gnuabi64-gcc
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    dpkg --add-architecture mips64el && \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
+            gcc-mips64el-linux-gnuabi64 \
+            libacl1-dev:mips64el \
+            libapparmor-dev:mips64el \
+            libattr1-dev:mips64el \
+            libaudit-dev:mips64el \
+            libavahi-client-dev:mips64el \
+            libblkid-dev:mips64el \
+            libc6-dev:mips64el \
+            libcap-ng-dev:mips64el \
+            libcurl4-gnutls-dev:mips64el \
+            libdbus-1-dev:mips64el \
+            libdevmapper-dev:mips64el \
+            libfuse-dev:mips64el \
+            libglib2.0-dev:mips64el \
+            libglusterfs-dev:mips64el \
+            libgnutls28-dev:mips64el \
+            libiscsi-dev:mips64el \
+            libnl-3-dev:mips64el \
+            libnl-route-3-dev:mips64el \
+            libnuma-dev:mips64el \
+            libparted-dev:mips64el \
+            libpcap0.8-dev:mips64el \
+            libpciaccess-dev:mips64el \
+            librbd-dev:mips64el \
+            libreadline-dev:mips64el \
+            libsanlock-dev:mips64el \
+            libsasl2-dev:mips64el \
+            libselinux1-dev:mips64el \
+            libssh-gcrypt-dev:mips64el \
+            libssh2-1-dev:mips64el \
+            libtirpc-dev:mips64el \
+            libudev-dev:mips64el \
+            libxml2-dev:mips64el \
+            libyajl-dev:mips64el \
+            systemtap-sdt-dev:mips64el \
+            xfslibs-dev:mips64el && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    mkdir -p /usr/local/share/meson/cross && \
+    echo "[binaries]\n\
+c = '/usr/bin/mips64el-linux-gnuabi64-gcc'\n\
+ar = '/usr/bin/mips64el-linux-gnuabi64-gcc-ar'\n\
+strip = '/usr/bin/mips64el-linux-gnuabi64-strip'\n\
+pkgconfig = '/usr/bin/mips64el-linux-gnuabi64-pkg-config'\n\
+\n\
+[host_machine]\n\
+system = 'linux'\n\
+cpu_family = 'mips64'\n\
+cpu = 'mips64el'\n\
+endian = 'little'" > /usr/local/share/meson/cross/mips64el-linux-gnuabi64
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+
+ENV ABI "mips64el-linux-gnuabi64"
+ENV MESON_OPTS "--cross-file=mips64el-linux-gnuabi64"

ci/containers/debian-sid-cross-mipsel.Dockerfile

@@ -0,0 +1,126 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross mipsel debian-sid libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/1d4e10a04c6a0d29302003244a9dc4dc3c9d06f0
+
+FROM docker.io/library/debian:sid-slim
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    apt-get update && \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
+            augeas-lenses \
+            augeas-tools \
+            bash-completion \
+            ca-certificates \
+            ccache \
+            cpp \
+            diffutils \
+            dnsmasq-base \
+            dwarves \
+            ebtables \
+            flake8 \
+            gettext \
+            git \
+            grep \
+            iproute2 \
+            iptables \
+            kmod \
+            libc-dev-bin \
+            libxml2-utils \
+            locales \
+            lvm2 \
+            make \
+            meson \
+            nfs-common \
+            ninja-build \
+            numad \
+            open-iscsi \
+            parted \
+            perl-base \
+            pkgconf \
+            policykit-1 \
+            python3 \
+            python3-docutils \
+            qemu-utils \
+            radvd \
+            scrub \
+            sed \
+            xsltproc \
+            zfs-fuse && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
+    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mipsel-linux-gnu-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/mipsel-linux-gnu-gcc
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    dpkg --add-architecture mipsel && \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
+            gcc-mipsel-linux-gnu \
+            libacl1-dev:mipsel \
+            libapparmor-dev:mipsel \
+            libattr1-dev:mipsel \
+            libaudit-dev:mipsel \
+            libavahi-client-dev:mipsel \
+            libblkid-dev:mipsel \
+            libc6-dev:mipsel \
+            libcap-ng-dev:mipsel \
+            libcurl4-gnutls-dev:mipsel \
+            libdbus-1-dev:mipsel \
+            libdevmapper-dev:mipsel \
+            libfuse-dev:mipsel \
+            libglib2.0-dev:mipsel \
+            libglusterfs-dev:mipsel \
+            libgnutls28-dev:mipsel \
+            libiscsi-dev:mipsel \
+            libnl-3-dev:mipsel \
+            libnl-route-3-dev:mipsel \
+            libnuma-dev:mipsel \
+            libparted-dev:mipsel \
+            libpcap0.8-dev:mipsel \
+            libpciaccess-dev:mipsel \
+            librbd-dev:mipsel \
+            libreadline-dev:mipsel \
+            libsanlock-dev:mipsel \
+            libsasl2-dev:mipsel \
+            libselinux1-dev:mipsel \
+            libssh-gcrypt-dev:mipsel \
+            libssh2-1-dev:mipsel \
+            libtirpc-dev:mipsel \
+            libudev-dev:mipsel \
+            libxml2-dev:mipsel \
+            libyajl-dev:mipsel \
+            systemtap-sdt-dev:mipsel \
+            xfslibs-dev:mipsel && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    mkdir -p /usr/local/share/meson/cross && \
+    echo "[binaries]\n\
+c = '/usr/bin/mipsel-linux-gnu-gcc'\n\
+ar = '/usr/bin/mipsel-linux-gnu-gcc-ar'\n\
+strip = '/usr/bin/mipsel-linux-gnu-strip'\n\
+pkgconfig = '/usr/bin/mipsel-linux-gnu-pkg-config'\n\
+\n\
+[host_machine]\n\
+system = 'linux'\n\
+cpu_family = 'mips'\n\
+cpu = 'mipsel'\n\
+endian = 'little'" > /usr/local/share/meson/cross/mipsel-linux-gnu
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+
+ENV ABI "mipsel-linux-gnu"
+ENV MESON_OPTS "--cross-file=mipsel-linux-gnu"

ci/containers/debian-sid-cross-ppc64le.Dockerfile

@@ -0,0 +1,126 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross ppc64le debian-sid libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/1d4e10a04c6a0d29302003244a9dc4dc3c9d06f0
+
+FROM docker.io/library/debian:sid-slim
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    apt-get update && \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
+            augeas-lenses \
+            augeas-tools \
+            bash-completion \
+            ca-certificates \
+            ccache \
+            cpp \
+            diffutils \
+            dnsmasq-base \
+            dwarves \
+            ebtables \
+            flake8 \
+            gettext \
+            git \
+            grep \
+            iproute2 \
+            iptables \
+            kmod \
+            libc-dev-bin \
+            libxml2-utils \
+            locales \
+            lvm2 \
+            make \
+            meson \
+            nfs-common \
+            ninja-build \
+            numad \
+            open-iscsi \
+            parted \
+            perl-base \
+            pkgconf \
+            policykit-1 \
+            python3 \
+            python3-docutils \
+            qemu-utils \
+            radvd \
+            scrub \
+            sed \
+            xsltproc \
+            zfs-fuse && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
+    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/powerpc64le-linux-gnu-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/powerpc64le-linux-gnu-gcc
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    dpkg --add-architecture ppc64el && \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
+            gcc-powerpc64le-linux-gnu \
+            libacl1-dev:ppc64el \
+            libapparmor-dev:ppc64el \
+            libattr1-dev:ppc64el \
+            libaudit-dev:ppc64el \
+            libavahi-client-dev:ppc64el \
+            libblkid-dev:ppc64el \
+            libc6-dev:ppc64el \
+            libcap-ng-dev:ppc64el \
+            libcurl4-gnutls-dev:ppc64el \
+            libdbus-1-dev:ppc64el \
+            libdevmapper-dev:ppc64el \
+            libfuse-dev:ppc64el \
+            libglib2.0-dev:ppc64el \
+            libglusterfs-dev:ppc64el \
+            libgnutls28-dev:ppc64el \
+            libiscsi-dev:ppc64el \
+            libnl-3-dev:ppc64el \
+            libnl-route-3-dev:ppc64el \
+            libnuma-dev:ppc64el \
+            libparted-dev:ppc64el \
+            libpcap0.8-dev:ppc64el \
+            libpciaccess-dev:ppc64el \
+            librbd-dev:ppc64el \
+            libreadline-dev:ppc64el \
+            libsanlock-dev:ppc64el \
+            libsasl2-dev:ppc64el \
+            libselinux1-dev:ppc64el \
+            libssh-gcrypt-dev:ppc64el \
+            libssh2-1-dev:ppc64el \
+            libtirpc-dev:ppc64el \
+            libudev-dev:ppc64el \
+            libxml2-dev:ppc64el \
+            libyajl-dev:ppc64el \
+            systemtap-sdt-dev:ppc64el \
+            xfslibs-dev:ppc64el && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    mkdir -p /usr/local/share/meson/cross && \
+    echo "[binaries]\n\
+c = '/usr/bin/powerpc64le-linux-gnu-gcc'\n\
+ar = '/usr/bin/powerpc64le-linux-gnu-gcc-ar'\n\
+strip = '/usr/bin/powerpc64le-linux-gnu-strip'\n\
+pkgconfig = '/usr/bin/powerpc64le-linux-gnu-pkg-config'\n\
+\n\
+[host_machine]\n\
+system = 'linux'\n\
+cpu_family = 'ppc64'\n\
+cpu = 'powerpc64le'\n\
+endian = 'little'" > /usr/local/share/meson/cross/powerpc64le-linux-gnu
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+
+ENV ABI "powerpc64le-linux-gnu"
+ENV MESON_OPTS "--cross-file=powerpc64le-linux-gnu"

ci/containers/debian-sid-cross-s390x.Dockerfile

@@ -0,0 +1,126 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross s390x debian-sid libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/1d4e10a04c6a0d29302003244a9dc4dc3c9d06f0
+
+FROM docker.io/library/debian:sid-slim
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    apt-get update && \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
+            augeas-lenses \
+            augeas-tools \
+            bash-completion \
+            ca-certificates \
+            ccache \
+            cpp \
+            diffutils \
+            dnsmasq-base \
+            dwarves \
+            ebtables \
+            flake8 \
+            gettext \
+            git \
+            grep \
+            iproute2 \
+            iptables \
+            kmod \
+            libc-dev-bin \
+            libxml2-utils \
+            locales \
+            lvm2 \
+            make \
+            meson \
+            nfs-common \
+            ninja-build \
+            numad \
+            open-iscsi \
+            parted \
+            perl-base \
+            pkgconf \
+            policykit-1 \
+            python3 \
+            python3-docutils \
+            qemu-utils \
+            radvd \
+            scrub \
+            sed \
+            xsltproc \
+            zfs-fuse && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
+    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/s390x-linux-gnu-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/s390x-linux-gnu-gcc
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    dpkg --add-architecture s390x && \
+    eatmydata apt-get update && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+    eatmydata apt-get install --no-install-recommends -y \
+            gcc-s390x-linux-gnu \
+            libacl1-dev:s390x \
+            libapparmor-dev:s390x \
+            libattr1-dev:s390x \
+            libaudit-dev:s390x \
+            libavahi-client-dev:s390x \
+            libblkid-dev:s390x \
+            libc6-dev:s390x \
+            libcap-ng-dev:s390x \
+            libcurl4-gnutls-dev:s390x \
+            libdbus-1-dev:s390x \
+            libdevmapper-dev:s390x \
+            libfuse-dev:s390x \
+            libglib2.0-dev:s390x \
+            libglusterfs-dev:s390x \
+            libgnutls28-dev:s390x \
+            libiscsi-dev:s390x \
+            libnl-3-dev:s390x \
+            libnl-route-3-dev:s390x \
+            libnuma-dev:s390x \
+            libparted-dev:s390x \
+            libpcap0.8-dev:s390x \
+            libpciaccess-dev:s390x \
+            librbd-dev:s390x \
+            libreadline-dev:s390x \
+            libsanlock-dev:s390x \
+            libsasl2-dev:s390x \
+            libselinux1-dev:s390x \
+            libssh-gcrypt-dev:s390x \
+            libssh2-1-dev:s390x \
+            libtirpc-dev:s390x \
+            libudev-dev:s390x \
+            libxml2-dev:s390x \
+            libyajl-dev:s390x \
+            systemtap-sdt-dev:s390x \
+            xfslibs-dev:s390x && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    mkdir -p /usr/local/share/meson/cross && \
+    echo "[binaries]\n\
+c = '/usr/bin/s390x-linux-gnu-gcc'\n\
+ar = '/usr/bin/s390x-linux-gnu-gcc-ar'\n\
+strip = '/usr/bin/s390x-linux-gnu-strip'\n\
+pkgconfig = '/usr/bin/s390x-linux-gnu-pkg-config'\n\
+\n\
+[host_machine]\n\
+system = 'linux'\n\
+cpu_family = 's390x'\n\
+cpu = 's390x'\n\
+endian = 'big'" > /usr/local/share/meson/cross/s390x-linux-gnu
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+
+ENV ABI "s390x-linux-gnu"
+ENV MESON_OPTS "--cross-file=s390x-linux-gnu"

ci/containers/debian-sid.Dockerfile

@@ -0,0 +1,107 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile debian-sid libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/1d4e10a04c6a0d29302003244a9dc4dc3c9d06f0
+
+FROM docker.io/library/debian:sid-slim
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    apt-get update && \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
+            augeas-lenses \
+            augeas-tools \
+            bash-completion \
+            ca-certificates \
+            ccache \
+            clang \
+            cpp \
+            diffutils \
+            dnsmasq-base \
+            dwarves \
+            ebtables \
+            flake8 \
+            gcc \
+            gettext \
+            git \
+            grep \
+            iproute2 \
+            iptables \
+            kmod \
+            libacl1-dev \
+            libapparmor-dev \
+            libattr1-dev \
+            libaudit-dev \
+            libavahi-client-dev \
+            libblkid-dev \
+            libc-dev-bin \
+            libc6-dev \
+            libcap-ng-dev \
+            libcurl4-gnutls-dev \
+            libdbus-1-dev \
+            libdevmapper-dev \
+            libfuse-dev \
+            libglib2.0-dev \
+            libglusterfs-dev \
+            libgnutls28-dev \
+            libiscsi-dev \
+            libnetcf-dev \
+            libnl-3-dev \
+            libnl-route-3-dev \
+            libnuma-dev \
+            libparted-dev \
+            libpcap0.8-dev \
+            libpciaccess-dev \
+            librbd-dev \
+            libreadline-dev \
+            libsanlock-dev \
+            libsasl2-dev \
+            libselinux1-dev \
+            libssh-gcrypt-dev \
+            libssh2-1-dev \
+            libtirpc-dev \
+            libudev-dev \
+            libxen-dev \
+            libxml2-dev \
+            libxml2-utils \
+            libyajl-dev \
+            locales \
+            lvm2 \
+            make \
+            meson \
+            nfs-common \
+            ninja-build \
+            numad \
+            open-iscsi \
+            parted \
+            perl-base \
+            pkgconf \
+            policykit-1 \
+            python3 \
+            python3-docutils \
+            qemu-utils \
+            radvd \
+            scrub \
+            sed \
+            systemtap-sdt-dev \
+            wireshark-dev \
+            xfslibs-dev \
+            xsltproc \
+            zfs-fuse && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
+    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/clang && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/gcc
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

ci/containers/fedora-33.Dockerfile

@@ -0,0 +1,115 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile fedora-33 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/1d4e10a04c6a0d29302003244a9dc4dc3c9d06f0
+
+FROM registry.fedoraproject.org/fedora:33
+
+RUN dnf install -y nosync && \
+    echo -e '#!/bin/sh\n\
+if test -d /usr/lib64\n\
+then\n\
+    export LD_PRELOAD=/usr/lib64/nosync/nosync.so\n\
+else\n\
+    export LD_PRELOAD=/usr/lib/nosync/nosync.so\n\
+fi\n\
+exec "$@"' > /usr/bin/nosync && \
+    chmod +x /usr/bin/nosync && \
+    nosync dnf update -y && \
+    nosync dnf install -y \
+        audit-libs-devel \
+        augeas \
+        avahi-devel \
+        bash-completion \
+        ca-certificates \
+        ccache \
+        clang \
+        cpp \
+        cppi \
+        cyrus-sasl-devel \
+        dbus-devel \
+        device-mapper-devel \
+        diffutils \
+        dnsmasq \
+        dwarves \
+        ebtables \
+        firewalld-filesystem \
+        fuse-devel \
+        gcc \
+        gettext \
+        git \
+        glib2-devel \
+        glibc-devel \
+        glibc-langpack-en \
+        glusterfs-api-devel \
+        gnutls-devel \
+        grep \
+        iproute \
+        iproute-tc \
+        iptables \
+        iscsi-initiator-utils \
+        kmod \
+        libacl-devel \
+        libattr-devel \
+        libblkid-devel \
+        libcap-ng-devel \
+        libcurl-devel \
+        libiscsi-devel \
+        libnl3-devel \
+        libpcap-devel \
+        libpciaccess-devel \
+        librbd-devel \
+        libselinux-devel \
+        libssh-devel \
+        libssh2-devel \
+        libtirpc-devel \
+        libudev-devel \
+        libwsman-devel \
+        libxml2 \
+        libxml2-devel \
+        libxslt \
+        lvm2 \
+        make \
+        meson \
+        netcf-devel \
+        nfs-utils \
+        ninja-build \
+        numactl-devel \
+        numad \
+        parted \
+        parted-devel \
+        perl-base \
+        pkgconfig \
+        polkit \
+        python3 \
+        python3-docutils \
+        python3-flake8 \
+        qemu-img \
+        radvd \
+        readline-devel \
+        rpcgen \
+        rpm-build \
+        sanlock-devel \
+        scrub \
+        sed \
+        sheepdog \
+        systemtap-sdt-devel \
+        wireshark-devel \
+        xen-devel \
+        xfsprogs-devel \
+        yajl-devel \
+        zfs-fuse && \
+    nosync dnf autoremove -y && \
+    nosync dnf clean all -y && \
+    rpm -qa | sort > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/clang && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/gcc
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

ci/containers/fedora-34.Dockerfile

@@ -0,0 +1,115 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile fedora-34 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/1d4e10a04c6a0d29302003244a9dc4dc3c9d06f0
+
+FROM registry.fedoraproject.org/fedora:34
+
+RUN dnf install -y nosync && \
+    echo -e '#!/bin/sh\n\
+if test -d /usr/lib64\n\
+then\n\
+    export LD_PRELOAD=/usr/lib64/nosync/nosync.so\n\
+else\n\
+    export LD_PRELOAD=/usr/lib/nosync/nosync.so\n\
+fi\n\
+exec "$@"' > /usr/bin/nosync && \
+    chmod +x /usr/bin/nosync && \
+    nosync dnf update -y && \
+    nosync dnf install -y \
+        audit-libs-devel \
+        augeas \
+        avahi-devel \
+        bash-completion \
+        ca-certificates \
+        ccache \
+        clang \
+        cpp \
+        cppi \
+        cyrus-sasl-devel \
+        dbus-devel \
+        device-mapper-devel \
+        diffutils \
+        dnsmasq \
+        dwarves \
+        ebtables \
+        firewalld-filesystem \
+        fuse-devel \
+        gcc \
+        gettext \
+        git \
+        glib2-devel \
+        glibc-devel \
+        glibc-langpack-en \
+        glusterfs-api-devel \
+        gnutls-devel \
+        grep \
+        iproute \
+        iproute-tc \
+        iptables \
+        iscsi-initiator-utils \
+        kmod \
+        libacl-devel \
+        libattr-devel \
+        libblkid-devel \
+        libcap-ng-devel \
+        libcurl-devel \
+        libiscsi-devel \
+        libnl3-devel \
+        libpcap-devel \
+        libpciaccess-devel \
+        librbd-devel \
+        libselinux-devel \
+        libssh-devel \
+        libssh2-devel \
+        libtirpc-devel \
+        libudev-devel \
+        libwsman-devel \
+        libxml2 \
+        libxml2-devel \
+        libxslt \
+        lvm2 \
+        make \
+        meson \
+        netcf-devel \
+        nfs-utils \
+        ninja-build \
+        numactl-devel \
+        numad \
+        parted \
+        parted-devel \
+        perl-base \
+        pkgconfig \
+        polkit \
+        python3 \
+        python3-docutils \
+        python3-flake8 \
+        qemu-img \
+        radvd \
+        readline-devel \
+        rpcgen \
+        rpm-build \
+        sanlock-devel \
+        scrub \
+        sed \
+        sheepdog \
+        systemtap-sdt-devel \
+        wireshark-devel \
+        xen-devel \
+        xfsprogs-devel \
+        yajl-devel \
+        zfs-fuse && \
+    nosync dnf autoremove -y && \
+    nosync dnf clean all -y && \
+    rpm -qa | sort > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/clang && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/gcc
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

ci/containers/fedora-rawhide-cross-mingw32.Dockerfile

@@ -0,0 +1,93 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross mingw32 fedora-rawhide libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/1d4e10a04c6a0d29302003244a9dc4dc3c9d06f0
+
+FROM registry.fedoraproject.org/fedora:rawhide
+
+RUN dnf update -y --nogpgcheck fedora-gpg-keys && \
+    dnf install -y nosync && \
+    echo -e '#!/bin/sh\n\
+if test -d /usr/lib64\n\
+then\n\
+    export LD_PRELOAD=/usr/lib64/nosync/nosync.so\n\
+else\n\
+    export LD_PRELOAD=/usr/lib/nosync/nosync.so\n\
+fi\n\
+exec "$@"' > /usr/bin/nosync && \
+    chmod +x /usr/bin/nosync && \
+    nosync dnf update -y && \
+    nosync dnf install -y \
+        augeas \
+        bash-completion \
+        ca-certificates \
+        ccache \
+        cpp \
+        cppi \
+        diffutils \
+        dnsmasq \
+        dwarves \
+        ebtables \
+        firewalld-filesystem \
+        git \
+        glibc-langpack-en \
+        grep \
+        iproute \
+        iproute-tc \
+        iptables \
+        iscsi-initiator-utils \
+        kmod \
+        libxml2 \
+        libxslt \
+        lvm2 \
+        make \
+        meson \
+        nfs-utils \
+        ninja-build \
+        numad \
+        parted \
+        perl-base \
+        polkit \
+        python3 \
+        python3-docutils \
+        python3-flake8 \
+        qemu-img \
+        radvd \
+        rpcgen \
+        rpm-build \
+        scrub \
+        sed \
+        sheepdog \
+        zfs-fuse && \
+    nosync dnf autoremove -y && \
+    nosync dnf clean all -y && \
+    rpm -qa | sort > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-w64-mingw32-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/i686-w64-mingw32-gcc
+
+RUN nosync dnf install -y \
+        mingw32-curl \
+        mingw32-dbus \
+        mingw32-dlfcn \
+        mingw32-gcc \
+        mingw32-gettext \
+        mingw32-glib2 \
+        mingw32-gnutls \
+        mingw32-headers \
+        mingw32-libssh2 \
+        mingw32-libxml2 \
+        mingw32-pkg-config \
+        mingw32-portablexdr \
+        mingw32-readline && \
+    nosync dnf clean all -y
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+
+ENV ABI "i686-w64-mingw32"
+ENV MESON_OPTS "--cross-file=/usr/share/mingw/toolchain-mingw32.meson"

ci/containers/fedora-rawhide-cross-mingw64.Dockerfile

@@ -0,0 +1,93 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile --cross mingw64 fedora-rawhide libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/1d4e10a04c6a0d29302003244a9dc4dc3c9d06f0
+
+FROM registry.fedoraproject.org/fedora:rawhide
+
+RUN dnf update -y --nogpgcheck fedora-gpg-keys && \
+    dnf install -y nosync && \
+    echo -e '#!/bin/sh\n\
+if test -d /usr/lib64\n\
+then\n\
+    export LD_PRELOAD=/usr/lib64/nosync/nosync.so\n\
+else\n\
+    export LD_PRELOAD=/usr/lib/nosync/nosync.so\n\
+fi\n\
+exec "$@"' > /usr/bin/nosync && \
+    chmod +x /usr/bin/nosync && \
+    nosync dnf update -y && \
+    nosync dnf install -y \
+        augeas \
+        bash-completion \
+        ca-certificates \
+        ccache \
+        cpp \
+        cppi \
+        diffutils \
+        dnsmasq \
+        dwarves \
+        ebtables \
+        firewalld-filesystem \
+        git \
+        glibc-langpack-en \
+        grep \
+        iproute \
+        iproute-tc \
+        iptables \
+        iscsi-initiator-utils \
+        kmod \
+        libxml2 \
+        libxslt \
+        lvm2 \
+        make \
+        meson \
+        nfs-utils \
+        ninja-build \
+        numad \
+        parted \
+        perl-base \
+        polkit \
+        python3 \
+        python3-docutils \
+        python3-flake8 \
+        qemu-img \
+        radvd \
+        rpcgen \
+        rpm-build \
+        scrub \
+        sed \
+        sheepdog \
+        zfs-fuse && \
+    nosync dnf autoremove -y && \
+    nosync dnf clean all -y && \
+    rpm -qa | sort > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/x86_64-w64-mingw32-cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/x86_64-w64-mingw32-gcc
+
+RUN nosync dnf install -y \
+        mingw64-curl \
+        mingw64-dbus \
+        mingw64-dlfcn \
+        mingw64-gcc \
+        mingw64-gettext \
+        mingw64-glib2 \
+        mingw64-gnutls \
+        mingw64-headers \
+        mingw64-libssh2 \
+        mingw64-libxml2 \
+        mingw64-pkg-config \
+        mingw64-portablexdr \
+        mingw64-readline && \
+    nosync dnf clean all -y
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
+
+ENV ABI "x86_64-w64-mingw32"
+ENV MESON_OPTS "--cross-file=/usr/share/mingw/toolchain-mingw64.meson"

ci/containers/fedora-rawhide.Dockerfile

@@ -0,0 +1,116 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile fedora-rawhide libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/1d4e10a04c6a0d29302003244a9dc4dc3c9d06f0
+
+FROM registry.fedoraproject.org/fedora:rawhide
+
+RUN dnf update -y --nogpgcheck fedora-gpg-keys && \
+    dnf install -y nosync && \
+    echo -e '#!/bin/sh\n\
+if test -d /usr/lib64\n\
+then\n\
+    export LD_PRELOAD=/usr/lib64/nosync/nosync.so\n\
+else\n\
+    export LD_PRELOAD=/usr/lib/nosync/nosync.so\n\
+fi\n\
+exec "$@"' > /usr/bin/nosync && \
+    chmod +x /usr/bin/nosync && \
+    nosync dnf update -y && \
+    nosync dnf install -y \
+        audit-libs-devel \
+        augeas \
+        avahi-devel \
+        bash-completion \
+        ca-certificates \
+        ccache \
+        clang \
+        cpp \
+        cppi \
+        cyrus-sasl-devel \
+        dbus-devel \
+        device-mapper-devel \
+        diffutils \
+        dnsmasq \
+        dwarves \
+        ebtables \
+        firewalld-filesystem \
+        fuse-devel \
+        gcc \
+        gettext \
+        git \
+        glib2-devel \
+        glibc-devel \
+        glibc-langpack-en \
+        glusterfs-api-devel \
+        gnutls-devel \
+        grep \
+        iproute \
+        iproute-tc \
+        iptables \
+        iscsi-initiator-utils \
+        kmod \
+        libacl-devel \
+        libattr-devel \
+        libblkid-devel \
+        libcap-ng-devel \
+        libcurl-devel \
+        libiscsi-devel \
+        libnl3-devel \
+        libpcap-devel \
+        libpciaccess-devel \
+        librbd-devel \
+        libselinux-devel \
+        libssh-devel \
+        libssh2-devel \
+        libtirpc-devel \
+        libudev-devel \
+        libwsman-devel \
+        libxml2 \
+        libxml2-devel \
+        libxslt \
+        lvm2 \
+        make \
+        meson \
+        netcf-devel \
+        nfs-utils \
+        ninja-build \
+        numactl-devel \
+        numad \
+        parted \
+        parted-devel \
+        perl-base \
+        pkgconfig \
+        polkit \
+        python3 \
+        python3-docutils \
+        python3-flake8 \
+        qemu-img \
+        radvd \
+        readline-devel \
+        rpcgen \
+        rpm-build \
+        sanlock-devel \
+        scrub \
+        sed \
+        sheepdog \
+        systemtap-sdt-devel \
+        wireshark-devel \
+        xen-devel \
+        xfsprogs-devel \
+        yajl-devel \
+        zfs-fuse && \
+    nosync dnf autoremove -y && \
+    nosync dnf clean all -y && \
+    rpm -qa | sort > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/clang && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/gcc
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

ci/containers/opensuse-leap-152.Dockerfile

@@ -0,0 +1,106 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile opensuse-leap-152 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/1d4e10a04c6a0d29302003244a9dc4dc3c9d06f0
+
+FROM registry.opensuse.org/opensuse/leap:15.2
+
+RUN zypper update -y && \
+    zypper install -y \
+           audit-devel \
+           augeas \
+           augeas-lenses \
+           avahi-devel \
+           bash-completion \
+           ca-certificates \
+           ccache \
+           clang \
+           cpp \
+           cppi \
+           cyrus-sasl-devel \
+           dbus-1-devel \
+           device-mapper-devel \
+           diffutils \
+           dnsmasq \
+           dwarves \
+           ebtables \
+           fuse-devel \
+           gcc \
+           gettext-runtime \
+           git \
+           glib2-devel \
+           glibc-devel \
+           glibc-locale \
+           glusterfs-devel \
+           grep \
+           iproute2 \
+           iptables \
+           kmod \
+           libacl-devel \
+           libapparmor-devel \
+           libattr-devel \
+           libblkid-devel \
+           libcap-ng-devel \
+           libcurl-devel \
+           libgnutls-devel \
+           libiscsi-devel \
+           libnl3-devel \
+           libnuma-devel \
+           libpcap-devel \
+           libpciaccess-devel \
+           librbd-devel \
+           libselinux-devel \
+           libssh-devel \
+           libssh2-devel \
+           libtirpc-devel \
+           libudev-devel \
+           libwsman-devel \
+           libxml2 \
+           libxml2-devel \
+           libxslt \
+           libyajl-devel \
+           lvm2 \
+           make \
+           nfs-utils \
+           ninja \
+           numad \
+           open-iscsi \
+           parted \
+           parted-devel \
+           perl-base \
+           pkgconfig \
+           polkit \
+           python3-base \
+           python3-docutils \
+           python3-flake8 \
+           python3-pip \
+           python3-setuptools \
+           python3-wheel \
+           qemu-tools \
+           radvd \
+           readline-devel \
+           rpcgen \
+           rpm-build \
+           sanlock-devel \
+           scrub \
+           sed \
+           systemtap-sdt-devel \
+           wireshark-devel \
+           xen-devel \
+           xfsprogs-devel && \
+    zypper clean --all && \
+    rpm -qa | sort > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/clang && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/gcc
+
+RUN pip3 install \
+         meson==0.56.0
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

ci/containers/opensuse-tumbleweed.Dockerfile

@@ -0,0 +1,101 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile opensuse-tumbleweed libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/1d4e10a04c6a0d29302003244a9dc4dc3c9d06f0
+
+FROM registry.opensuse.org/opensuse/tumbleweed:latest
+
+RUN zypper update -y && \
+    zypper install -y \
+           audit-devel \
+           augeas \
+           augeas-lenses \
+           avahi-devel \
+           bash-completion \
+           ca-certificates \
+           ccache \
+           clang \
+           cpp \
+           cppi \
+           cyrus-sasl-devel \
+           dbus-1-devel \
+           device-mapper-devel \
+           diffutils \
+           dnsmasq \
+           dwarves \
+           ebtables \
+           fuse-devel \
+           gcc \
+           gettext-runtime \
+           git \
+           glib2-devel \
+           glibc-devel \
+           glibc-locale \
+           glusterfs-devel \
+           grep \
+           iproute2 \
+           iptables \
+           kmod \
+           libacl-devel \
+           libapparmor-devel \
+           libattr-devel \
+           libblkid-devel \
+           libcap-ng-devel \
+           libcurl-devel \
+           libgnutls-devel \
+           libiscsi-devel \
+           libnl3-devel \
+           libnuma-devel \
+           libpcap-devel \
+           libpciaccess-devel \
+           librbd-devel \
+           libselinux-devel \
+           libssh-devel \
+           libssh2-devel \
+           libtirpc-devel \
+           libudev-devel \
+           libwsman-devel \
+           libxml2 \
+           libxml2-devel \
+           libxslt \
+           libyajl-devel \
+           lvm2 \
+           make \
+           meson \
+           nfs-utils \
+           ninja \
+           numad \
+           open-iscsi \
+           parted \
+           parted-devel \
+           perl-base \
+           pkgconfig \
+           polkit \
+           python3-base \
+           python3-docutils \
+           python3-flake8 \
+           qemu-tools \
+           radvd \
+           readline-devel \
+           rpcgen \
+           rpm-build \
+           sanlock-devel \
+           scrub \
+           sed \
+           systemtap-sdt-devel \
+           wireshark-devel \
+           xen-devel \
+           xfsprogs-devel && \
+    zypper clean --all && \
+    rpm -qa | sort > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/clang && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/gcc
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

ci/containers/ubuntu-1804.Dockerfile

@@ -0,0 +1,114 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile ubuntu-1804 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/1d4e10a04c6a0d29302003244a9dc4dc3c9d06f0
+
+FROM docker.io/library/ubuntu:18.04
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    apt-get update && \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
+            augeas-lenses \
+            augeas-tools \
+            bash-completion \
+            ca-certificates \
+            ccache \
+            clang \
+            cpp \
+            diffutils \
+            dnsmasq-base \
+            dwarves \
+            ebtables \
+            flake8 \
+            gcc \
+            gettext \
+            git \
+            glusterfs-common \
+            grep \
+            iproute2 \
+            iptables \
+            kmod \
+            libacl1-dev \
+            libapparmor-dev \
+            libattr1-dev \
+            libaudit-dev \
+            libavahi-client-dev \
+            libblkid-dev \
+            libc-dev-bin \
+            libc6-dev \
+            libcap-ng-dev \
+            libcurl4-gnutls-dev \
+            libdbus-1-dev \
+            libdevmapper-dev \
+            libfuse-dev \
+            libglib2.0-dev \
+            libgnutls28-dev \
+            libiscsi-dev \
+            libnetcf-dev \
+            libnl-3-dev \
+            libnl-route-3-dev \
+            libnuma-dev \
+            libopenwsman-dev \
+            libparted-dev \
+            libpcap0.8-dev \
+            libpciaccess-dev \
+            librbd-dev \
+            libreadline-dev \
+            libsanlock-dev \
+            libsasl2-dev \
+            libselinux1-dev \
+            libssh-dev \
+            libssh2-1-dev \
+            libtirpc-dev \
+            libudev-dev \
+            libxen-dev \
+            libxml2-dev \
+            libxml2-utils \
+            libyajl-dev \
+            locales \
+            lvm2 \
+            make \
+            nfs-common \
+            ninja-build \
+            numad \
+            open-iscsi \
+            parted \
+            perl-base \
+            pkgconf \
+            policykit-1 \
+            python3 \
+            python3-docutils \
+            python3-pip \
+            python3-setuptools \
+            python3-wheel \
+            qemu-utils \
+            radvd \
+            scrub \
+            sed \
+            sheepdog \
+            systemtap-sdt-dev \
+            wireshark-dev \
+            xfslibs-dev \
+            xsltproc \
+            zfs-fuse && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
+    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/clang && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/gcc
+
+RUN pip3 install \
+         meson==0.56.0
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

ci/containers/ubuntu-2004.Dockerfile

@@ -0,0 +1,113 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool dockerfile ubuntu-2004 libvirt
+#
+# https://gitlab.com/libvirt/libvirt-ci/-/commit/1d4e10a04c6a0d29302003244a9dc4dc3c9d06f0
+
+FROM docker.io/library/ubuntu:20.04
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    apt-get update && \
+    apt-get install -y eatmydata && \
+    eatmydata apt-get dist-upgrade -y && \
+    eatmydata apt-get install --no-install-recommends -y \
+            augeas-lenses \
+            augeas-tools \
+            bash-completion \
+            ca-certificates \
+            ccache \
+            clang \
+            cpp \
+            diffutils \
+            dnsmasq-base \
+            dwarves \
+            ebtables \
+            flake8 \
+            gcc \
+            gettext \
+            git \
+            grep \
+            iproute2 \
+            iptables \
+            kmod \
+            libacl1-dev \
+            libapparmor-dev \
+            libattr1-dev \
+            libaudit-dev \
+            libavahi-client-dev \
+            libblkid-dev \
+            libc-dev-bin \
+            libc6-dev \
+            libcap-ng-dev \
+            libcurl4-gnutls-dev \
+            libdbus-1-dev \
+            libdevmapper-dev \
+            libfuse-dev \
+            libglib2.0-dev \
+            libglusterfs-dev \
+            libgnutls28-dev \
+            libiscsi-dev \
+            libnetcf-dev \
+            libnl-3-dev \
+            libnl-route-3-dev \
+            libnuma-dev \
+            libopenwsman-dev \
+            libparted-dev \
+            libpcap0.8-dev \
+            libpciaccess-dev \
+            librbd-dev \
+            libreadline-dev \
+            libsanlock-dev \
+            libsasl2-dev \
+            libselinux1-dev \
+            libssh-dev \
+            libssh2-1-dev \
+            libtirpc-dev \
+            libudev-dev \
+            libxen-dev \
+            libxml2-dev \
+            libxml2-utils \
+            libyajl-dev \
+            locales \
+            lvm2 \
+            make \
+            nfs-common \
+            ninja-build \
+            numad \
+            open-iscsi \
+            parted \
+            perl-base \
+            pkgconf \
+            policykit-1 \
+            python3 \
+            python3-docutils \
+            python3-pip \
+            python3-setuptools \
+            python3-wheel \
+            qemu-utils \
+            radvd \
+            scrub \
+            sed \
+            systemtap-sdt-dev \
+            wireshark-dev \
+            xfslibs-dev \
+            xsltproc \
+            zfs-fuse && \
+    eatmydata apt-get autoremove -y && \
+    eatmydata apt-get autoclean -y && \
+    sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
+    dpkg-reconfigure locales && \
+    dpkg-query --showformat '${Package}_${Version}_${Architecture}\n' --show > /packages.txt && \
+    mkdir -p /usr/libexec/ccache-wrappers && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/cc && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/clang && \
+    ln -s /usr/bin/ccache /usr/libexec/ccache-wrappers/gcc
+
+RUN pip3 install \
+         meson==0.56.0
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"

ci/helper

@@ -0,0 +1,343 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2021 Red Hat, Inc.
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+import argparse
+import os
+import pathlib
+import pty
+import shutil
+import subprocess
+import sys
+import textwrap
+
+import util
+
+
+class Parser:
+    def __init__(self):
+        # Options that are common to all actions that use containers
+        containerparser = argparse.ArgumentParser(add_help=False)
+        containerparser.add_argument(
+            "target",
+            help="perform action on target OS",
+        )
+        containerparser.add_argument(
+            "--engine",
+            choices=["auto", "podman", "docker"],
+            default="auto",
+            help="container engine to use",
+        )
+        containerparser.add_argument(
+            "--login",
+            default=os.getlogin(),  # exempt from syntax-check
+            help="login to use inside the container",
+        )
+        containerparser.add_argument(
+            "--image-prefix",
+            default="registry.gitlab.com/libvirt/libvirt/ci-",
+            help="use container images from non-default location",
+        )
+        containerparser.add_argument(
+            "--image-tag",
+            default=":latest",
+            help="use container images with non-default tags",
+        )
+
+        # Options that are common to all actions that call the
+        # project's build system
+        mesonparser = argparse.ArgumentParser(add_help=False)
+        mesonparser.add_argument(
+            "--meson-args",
+            default="",
+            help="additional arguments passed to meson "
+                 "(eg --meson-args='-Dopt1=enabled -Dopt2=disabled')",
+        )
+        mesonparser.add_argument(
+            "--ninja-args",
+            default="",
+            help="additional arguments passed to ninja",
+        )
+
+        # Options that are common to all actions that use lcitool
+        lcitoolparser = argparse.ArgumentParser(add_help=False)
+        lcitoolparser.add_argument(
+            "--lcitool",
+            metavar="PATH",
+            default="lcitool",
+            help="path to lcitool binary",
+        )
+
+        # Options that are common to actions communicating with a GitLab
+        # instance
+        gitlabparser = argparse.ArgumentParser(add_help=False)
+        gitlabparser.add_argument(
+            "--namespace",
+            default="libvirt/libvirt",
+            help="GitLab project namespace"
+        )
+        gitlabparser.add_argument(
+            "--gitlab-uri",
+            default="https://gitlab.com",
+            help="base GitLab URI"
+        )
+
+        # Main parser
+        self._parser = argparse.ArgumentParser()
+        subparsers = self._parser.add_subparsers(
+            dest="action",
+            metavar="ACTION",
+        )
+        subparsers.required = True
+
+        # build action
+        buildparser = subparsers.add_parser(
+            "build",
+            help="run a build in a container",
+            parents=[containerparser, mesonparser],
+            formatter_class=argparse.ArgumentDefaultsHelpFormatter,
+        )
+        buildparser.set_defaults(func=Application._action_build)
+
+        # test action
+        testparser = subparsers.add_parser(
+            "test",
+            help="run a build in a container (including tests)",
+            parents=[containerparser, mesonparser],
+            formatter_class=argparse.ArgumentDefaultsHelpFormatter,
+        )
+        testparser.set_defaults(func=Application._action_test)
+
+        # shell action
+        shellparser = subparsers.add_parser(
+            "shell",
+            help="start a shell in a container",
+            parents=[containerparser],
+            formatter_class=argparse.ArgumentDefaultsHelpFormatter,
+        )
+        shellparser.set_defaults(func=Application._action_shell)
+
+        # list-images action
+        listimagesparser = subparsers.add_parser(
+            "list-images",
+            help="list known container images",
+            parents=[gitlabparser],
+            formatter_class=argparse.ArgumentDefaultsHelpFormatter,
+        )
+        listimagesparser.set_defaults(func=Application._action_list_images)
+
+        # refresh action
+        refreshparser = subparsers.add_parser(
+            "refresh",
+            help="refresh data generated with lcitool",
+            parents=[lcitoolparser, gitlabparser],
+            formatter_class=argparse.ArgumentDefaultsHelpFormatter,
+        )
+        refreshparser.add_argument(
+            "--quiet",
+            action="store_true",
+            default=False,
+            help="refresh data silently"
+        )
+        refreshparser.add_argument(
+            "--check-stale",
+            action="store",
+            choices=["yes", "no"],
+            default="yes",
+            help="check for existence of stale images on the GitLab instance"
+        )
+        refreshparser.set_defaults(func=Application._action_refresh)
+
+    def parse(self):
+        return self._parser.parse_args()
+
+
+class Application:
+    def __init__(self):
+        self._basedir = pathlib.Path(__file__).resolve().parent
+        self._args = Parser().parse()
+
+        if self._args.action == "refresh":
+            if not shutil.which(self._args.lcitool):
+                sys.exit("error: 'lcitool' not installed")
+
+    def _make_run(self, target):
+        args = [
+            "-C",
+            self._basedir,
+            target,
+        ]
+
+        if self._args.action in ["build", "test", "shell"]:
+            args.extend([
+                f"CI_ENGINE={self._args.engine}",
+                f"CI_USER_LOGIN={self._args.login}",
+                f"CI_IMAGE_PREFIX={self._args.image_prefix}",
+                f"CI_IMAGE_TAG={self._args.image_tag}",
+            ])
+
+        if self._args.action in ["build", "test"]:
+            args.extend([
+                f"CI_MESON_ARGS={self._args.meson_args}",
+                f"CI_NINJA_ARGS={self._args.ninja_args}",
+            ])
+
+        if pty.spawn(["make"] + args) != 0:
+            sys.exit("error: 'make' failed")
+
+    def _lcitool_run(self, args):
+        output = subprocess.check_output([self._args.lcitool] + args)
+        return output.decode("utf-8")
+
+    def _lcitool_get_targets(self):
+        output = self._lcitool_run(["targets"])
+        return output.splitlines()
+
+    def _generate_dockerfile(self, target, cross=None):
+        args = ["dockerfile", target, "libvirt"]
+        outdir = self._basedir.joinpath("containers")
+        outfile = f"{target}.Dockerfile"
+
+        if cross:
+            args.extend(["--cross", cross])
+            outfile = f"{target}-cross-{cross}.Dockerfile"
+
+        outpath = outdir.joinpath(outfile)
+        if not self._args.quiet:
+            print(outpath)
+
+        output = self._lcitool_run(args)
+        with open(outpath, "w") as f:
+            f.write(output)
+
+    def _generate_vars(self, target):
+        args = ["variables", target, "libvirt"]
+        outdir = self._basedir.joinpath("cirrus")
+        outfile = f"{target}.vars"
+
+        outpath = outdir.joinpath(outfile)
+        if not self._args.quiet:
+            print(outpath)
+
+        output = self._lcitool_run(args)
+        with open(outpath, "w") as f:
+            f.write(output)
+
+    def _refresh_containers(self):
+        debian_cross = [
+            "aarch64",
+            "armv6l",
+            "armv7l",
+            "i686",
+            "mips",
+            "mips64el",
+            "mipsel",
+            "ppc64le",
+            "s390x",
+        ]
+        fedora_cross = [
+            "mingw32",
+            "mingw64",
+        ]
+
+        for target in self._lcitool_get_targets():
+            if target.startswith("freebsd-") or target.startswith("macos-"):
+                continue
+
+            self._generate_dockerfile(target)
+
+            if target == "fedora-rawhide":
+                for cross in fedora_cross:
+                    self._generate_dockerfile(target, cross)
+
+            if target.startswith("debian-"):
+                for cross in debian_cross:
+                    if target == "debian-sid" and cross == "mips":
+                        continue
+                    self._generate_dockerfile(target, cross)
+
+    def _refresh_cirrus(self):
+        for target in self._lcitool_get_targets():
+            if not (target.startswith("freebsd-") or target.startswith("macos-")):
+                continue
+
+            self._generate_vars(target)
+
+    def _check_stale_images(self):
+        namespace = self._args.namespace
+        gitlab_uri = self._args.gitlab_uri
+        registry_uri = util.get_registry_uri(namespace, gitlab_uri)
+        lcitool_targets = self._lcitool_get_targets()
+
+        stale_images = util.get_registry_stale_images(registry_uri,
+                                                      lcitool_targets)
+        if stale_images:
+            spacing = "\n" + 4 * " "
+            stale_fmt = [f"{k} (ID: {v})" for k, v in stale_images.items()]
+            stale_details = spacing.join(stale_fmt)
+            stale_ids = ' '.join([str(id) for id in stale_images.values()])
+            registry_uri = util.get_registry_uri(namespace, gitlab_uri)
+
+            msg = textwrap.dedent(f"""
+                The following images are stale and can be purged from the registry:
+
+                    STALE_DETAILS
+
+                You can delete the images listed above using this shell snippet:
+
+                    $ for image_id in {stale_ids}; do
+                          curl --request DELETE --header "PRIVATE-TOKEN: <access_token>" \\
+                               {registry_uri}/$image_id;
+                      done
+
+                You can generate a personal access token here:
+
+                    {gitlab_uri}/-/profile/personal_access_tokens
+            """)
+            print(msg.replace("STALE_DETAILS", stale_details))
+
+    def _action_build(self):
+        self._make_run(f"ci-build@{self._args.target}")
+
+    def _action_test(self):
+        self._make_run(f"ci-test@{self._args.target}")
+
+    def _action_shell(self):
+        self._make_run(f"ci-shell@{self._args.target}")
+
+    def _action_list_images(self):
+        registry_uri = util.get_registry_uri(self._args.namespace,
+                                             self._args.gitlab_uri)
+        images = util.get_registry_images(registry_uri)
+
+        # skip the "ci-" prefix each of our container images' name has
+        name_prefix = "ci-"
+        names = [i["name"][len(name_prefix):] for i in images]
+        names.sort()
+
+        native = [name for name in names if "-cross-" not in name]
+        cross = [name for name in names if "-cross-" in name]
+
+        spacing = 4 * " "
+        print("Available x86 container images:\n")
+        print(spacing + ("\n" + spacing).join(native))
+
+        if cross:
+            print()
+            print("Available cross-compiler container images:\n")
+            print(spacing + ("\n" + spacing).join(cross))
+
+    def _action_refresh(self):
+        self._refresh_containers()
+        self._refresh_cirrus()
+
+        if self._args.check_stale == "yes" and not self._args.quiet:
+            self._check_stale_images()
+
+    def run(self):
+        self._args.func(self)
+
+
+if __name__ == "__main__":
+    Application().run()

ci/list-images.sh

@@ -1,26 +0,0 @@
-#!/bin/sh
-
-engine="$1"
-prefix="$2"
-
-do_podman() {
-    # Podman freaks out if the search term ends with a dash, which ours
-    # by default does, so let's strip it. The repository name is the
-    # second field in the output, and it already starts with the registry
-    podman search --limit 100 "${prefix%-}" | while read _ repo _; do
-        echo "$repo"
-    done
-}
-
-do_docker() {
-    # Docker doesn't include the registry name in the output, so we have
-    # to add it. The repository name is the first field in the output
-    registry="${prefix%%/*}"
-    docker search --limit 100 "$prefix" | while read repo _; do
-        echo "$registry/$repo"
-    done
-}
-
-"do_$engine" | grep "^$prefix" | sed "s,^$prefix,,g" | while read repo; do
-    echo "    $repo"
-done | sort -u

ci/prepare.sh

@@ -1,13 +0,0 @@
-# This script is used to prepare the environment that will be used
-# to build libvirt inside the container.
-#
-# You can customize it to your liking, or alternatively use a
-# completely different script by passing
-#
-#  CI_PREPARE_SCRIPT=/path/to/your/prepare/script
-#
-# to make.
-#
-# Note that this script will have root privileges inside the
-# container, so it can be used for things like installing additional
-# packages.

ci/util.py

@@ -0,0 +1,81 @@
+import json
+import urllib.request
+import urllib.parse
+
+from typing import Dict, List
+
+
+def get_registry_uri(namespace: str,
+                     gitlab_uri: str = "https://gitlab.com") -> str:
+    """
+    Construct a v4 API URI pointing the namespaced project's image registry.
+
+    :param namespace: GitLab project namespace, e.g. "libvirt/libvirt"
+    :param gitlab_uri: GitLab base URI, can be a private deployment
+    :param api_version: GitLab REST API version number
+    :return: URI pointing to a namespaced project's image registry
+    """
+
+    # this converts something like "libvirt/libvirt" to "libvirt%2Flibvirt"
+    namespace_urlenc = urllib.parse.quote_plus(namespace)
+
+    project_uri = f"{gitlab_uri}/api/v4/projects/{namespace_urlenc}"
+
+    uri = project_uri + "/registry/repositories"
+    return uri
+
+
+def get_registry_images(uri: str) -> List[Dict]:
+    """
+    List all container images that are currently available in the given GitLab
+    project.
+
+    :param uri: URI pointing to a GitLab instance's image registry
+    :return: list of container image names
+    """
+
+    r = urllib.request.urlopen(uri + "?per_page=100")
+
+    # read the HTTP response and load the JSON part of it
+    return json.loads(r.read().decode())
+
+
+def get_image_distro(image_name: str) -> str:
+    """
+    Extract the name of the distro in the GitLab image registry name, e.g.
+        ci-debian-9-cross-mipsel --> debian-9
+
+    :param image_name: name of the GitLab registry image
+    :return: distro name as a string
+    """
+    name_prefix = "ci-"
+    name_suffix = "-cross-"
+
+    distro = image_name[len(name_prefix):]
+
+    index = distro.find(name_suffix)
+    if index > 0:
+        distro = distro[:index]
+
+    return distro
+
+
+def get_registry_stale_images(registry_uri: str,
+                              supported_distros: List[str]) -> Dict[str, int]:
+    """
+    Check the GitLab image registry for images that we no longer support and
+    which should be deleted.
+
+    :param uri: URI pointing to a GitLab instance's image registry
+    :param supported_distros: list of hosts supported by lcitool
+    :return: dictionary formatted as: {<gitlab_image_name>: <gitlab_image_id>}
+    """
+
+    images = get_registry_images(registry_uri)
+
+    stale_images = {}
+    for img in images:
+        if get_image_distro(img["name"]) not in supported_distros:
+            stale_images[img["name"]] = img["id"]
+
+    return stale_images

config-post.h

@@ -1,58 +0,0 @@
-/*
- * Copyright (C) 2013 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library.  If not, see
- * <http://www.gnu.org/licenses/>.
- */
-
-#ifndef __GNUC__
-# error "Libvirt requires GCC >= 4.8, or CLang"
-#endif
-
-/*
- * Define __GNUC_PREREQ to a sane default if it isn't yet defined.
- * This is done here so that it's included as early as possible;
- */
-#ifndef __GNUC_PREREQ
-# define __GNUC_PREREQ(maj, min) \
-    ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
-#endif
-
-#if defined(__clang_major__) && defined(__clang_minor__)
-# ifdef __apple_build_version__
-#  if __clang_major__ < 5 || (__clang_major__ == 5 && __clang_minor__ < 1)
-#   error You need at least XCode Clang v5.1 to compile QEMU
-#  endif
-# else
-#  if __clang_major__ < 3 || (__clang_major__ == 3 && __clang_minor__ < 4)
-#   error You need at least Clang v3.4 to compile QEMU
-#  endif
-# endif
-#elif defined(__GNUC__) && defined(__GNUC_MINOR__)
-# if __GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ < 8)
-#  error You need at least GCC v4.8 to compile QEMU
-# endif
-#else
-# error You either need at least GCC 4.8 or Clang 3.4 or XCode Clang 5.1 to compile libvirt
-#endif
-
-/* Ask for warnings for anything that was marked deprecated in
- * the defined version, or before. It is a candidate for rewrite.
- */
-#define GLIB_VERSION_MIN_REQUIRED GLIB_VERSION_2_48
-
-/* Ask for warnings if code tries to use function that did not
- * exist in the defined version. These risk breaking builds
- */
-#define GLIB_VERSION_MAX_ALLOWED GLIB_VERSION_2_48

config.h

@@ -0,0 +1,53 @@
+/*
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#pragma once
+
+#include <meson-config.h>
+
+/* Enable compile-time and run-time bounds-checking, and some warnings,
+ * without upsetting newer glibc. */
+
+#if !defined _FORTIFY_SOURCE && defined __OPTIMIZE__ && __OPTIMIZE__
+# define _FORTIFY_SOURCE 2
+#endif
+
+/*
+ * Define __GNUC_PREREQ to a sane default if it isn't yet defined.
+ * This is done here so that it's included as early as possible;
+ */
+#ifndef __GNUC_PREREQ
+# define __GNUC_PREREQ(maj, min) \
+    ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
+#endif
+
+#if defined(__clang_major__) && defined(__clang_minor__)
+# ifdef __apple_build_version__
+#  if __clang_major__ < 5 || (__clang_major__ == 5 && __clang_minor__ < 1)
+#   error You need at least XCode Clang v5.1 to compile libvirt
+#  endif
+# else
+#  if __clang_major__ < 3 || (__clang_major__ == 3 && __clang_minor__ < 4)
+#   error You need at least Clang v3.4 to compile libvirt
+#  endif
+# endif
+#elif defined(__GNUC__) && defined(__GNUC_MINOR__)
+# if __GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ < 8)
+#  error You need at least GCC v4.8 to compile libvirt
+# endif
+#else
+# error You either need at least GCC 4.8 or Clang 3.4 or XCode Clang 5.1 to compile libvirt
+#endif

configmake.h.in

@@ -0,0 +1,16 @@
+/* DO NOT EDIT! GENERATED AUTOMATICALLY! */
+#if WIN32
+# include <winsock2.h> /* avoid mingw pollution on DATADIR */
+#endif
+#mesondefine BINDIR
+#mesondefine DATADIR
+#mesondefine LIBDIR
+#mesondefine LIBEXECDIR
+#mesondefine LOCALEDIR
+#mesondefine LOCALSTATEDIR
+#mesondefine MANDIR
+#mesondefine PKGDATADIR
+#mesondefine PREFIX
+#mesondefine RUNSTATEDIR
+#mesondefine SBINDIR
+#mesondefine SYSCONFDIR

docs/Makefile.am

@@ -1,526 +0,0 @@
-## Process this file with automake to produce Makefile.in
-
-## Copyright (C) 2005-2016 Red Hat, Inc.
-##
-## This library is free software; you can redistribute it and/or
-## modify it under the terms of the GNU Lesser General Public
-## License as published by the Free Software Foundation; either
-## version 2.1 of the License, or (at your option) any later version.
-##
-## This library is distributed in the hope that it will be useful,
-## but WITHOUT ANY WARRANTY; without even the implied warranty of
-## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-## Lesser General Public License for more details.
-##
-## You should have received a copy of the GNU Lesser General Public
-## License along with this library.  If not, see
-## <http://www.gnu.org/licenses/>.
-
-HTML_DIR = $(docdir)/html
-
-modules = \
-	libvirt-common \
-	libvirt-domain \
-	libvirt-domain-checkpoint \
-	libvirt-domain-snapshot \
-	libvirt-event \
-	libvirt-host \
-	libvirt-interface \
-	libvirt-network \
-	libvirt-nodedev \
-	libvirt-nwfilter \
-	libvirt-secret \
-	libvirt-storage \
-	libvirt-stream \
-	virterror \
-	$(NULL)
-
-modules_admin = libvirt-admin
-modules_qemu = libvirt-qemu
-modules_lxc = libvirt-lxc
-
-all: vpathhack
-
-# This hack enables us to view the web pages
-# from within the uninstalled build tree
-vpathhack:
-	@for dir in fonts js logos; \
-	do \
-	  test -e $$dir || ln -s $(srcdir)/$$dir $$dir ; \
-	done
-	@for file in $(css); \
-	do \
-	  test -e $$file || ln -s $(srcdir)/$$file $$file ; \
-	done
-
-clean-local:
-	for dir in fonts js logos; \
-	do \
-	  rm -f $$dir ; \
-	done
-	for file in $(css); \
-	do \
-	  rm -f $$file ; \
-	done
-
-apihtml = \
-  html/index.html \
-  $(apihtml_generated)
-
-apihtml_generated = \
-	$(addprefix html/libvirt-,$(addsuffix .html,$(modules))) \
-	$(NULL)
-
-apiadminhtml = \
-  html/index-admin.html \
-  $(apiadminhtml_generated)
-
-apiadminhtml_generated = \
-	$(addprefix html/libvirt-,$(addsuffix .html,$(modules_admin))) \
-	$(NULL)
-
-apiqemuhtml = \
-  html/index-qemu.html \
-  $(apiqemuhtml_generated)
-
-apiqemuhtml_generated = \
-	$(addprefix html/libvirt-,$(addsuffix .html,$(modules_qemu))) \
-	$(NULL)
-
-apilxchtml = \
-  html/index-lxc.html \
-  $(apilxchtml_generated)
-
-apilxchtml_generated = \
-	$(addprefix html/libvirt-,$(addsuffix .html,$(modules_lxc))) \
-	$(NULL)
-
-apipng = \
-  html/left.png \
-  html/up.png \
-  html/home.png \
-  html/right.png
-
-apirefdir = $(HTML_DIR)/html
-apiref_DATA = $(apihtml) $(apiadminhtml) $(apiqemuhtml) $(apilxchtml) $(apipng)
-
-css = \
-  generic.css \
-  libvirt.css \
-  mobile.css \
-  main.css
-
-javascript = \
-  js/main.js \
-  $(NULL)
-
-javascriptdir = $(HTML_DIR)/js
-javascript_DATA = $(javascript)
-
-fonts = \
-  fonts/LICENSE.md \
-  fonts/stylesheet.css \
-  fonts/overpass-bold-italic.woff \
-  fonts/overpass-bold.woff \
-  fonts/overpass-italic.woff \
-  fonts/overpass-light-italic.woff \
-  fonts/overpass-light.woff \
-  fonts/overpass-mono-bold.woff \
-  fonts/overpass-mono-light.woff \
-  fonts/overpass-mono-regular.woff \
-  fonts/overpass-mono-semibold.woff \
-  fonts/overpass-regular.woff
-
-fontsdir = $(HTML_DIR)/fonts
-fonts_DATA = $(fonts)
-
-logofiles = \
-  logos/logo-base.svg \
-  logos/logo-square.svg \
-  logos/logo-square-powered.svg \
-  logos/logo-banner-dark.svg \
-  logos/logo-banner-light.svg \
-  logos/logo-square-96.png \
-  logos/logo-square-128.png \
-  logos/logo-square-192.png \
-  logos/logo-square-256.png \
-  logos/logo-square-powered-96.png \
-  logos/logo-square-powered-128.png \
-  logos/logo-square-powered-192.png \
-  logos/logo-square-powered-256.png \
-  logos/logo-banner-dark-256.png \
-  logos/logo-banner-dark-800.png \
-  logos/logo-banner-light-256.png \
-  logos/logo-banner-light-800.png
-
-logofilesdir = $(HTML_DIR)/logos
-logofiles_DATA = $(logofiles)
-
-png = \
-  32favicon.png \
-  libvirt-daemon-arch.png \
-  libvirt-driver-arch.png \
-  libvirt-object-model.png \
-  migration-managed-direct.png \
-  migration-managed-p2p.png \
-  migration-native.png \
-  migration-tunnel.png \
-  migration-unmanaged-direct.png
-
-gif = \
-  architecture.gif \
-  node.gif
-
-internals_html_in = \
-  $(patsubst $(srcdir)/%,%,$(wildcard $(srcdir)/internals/*.html.in))
-internals_rst = \
-  $(patsubst $(srcdir)/%,%,$(wildcard $(srcdir)/internals/*.rst))
-internals_rst_html_in = \
-  $(internals_rst:%.rst=%.html.in)
-internals_html = \
-  $(internals_html_in:%.html.in=%.html) \
-  $(internals_rst_html_in:%.html.in=%.html)
-
-internalsdir = $(HTML_DIR)/internals
-internals_DATA = $(internals_html)
-
-kbase_html_in = \
-  $(patsubst $(srcdir)/%,%,$(wildcard $(srcdir)/kbase/*.html.in))
-kbase_rst = \
-  $(patsubst $(srcdir)/%,%,$(wildcard $(srcdir)/kbase/*.rst))
-kbase_rst_html_in = \
-  $(kbase_rst:%.rst=%.html.in)
-kbase_html = \
-  $(kbase_html_in:%.html.in=%.html) \
-  $(kbase_rst_html_in:%.html.in=%.html)
-
-kbasedir = $(HTML_DIR)/kbase
-kbase_DATA = $(kbase_html)
-
-# Sync with src/util/
-KEYCODES = linux osx atset1 atset2 atset3 xtkbd usb win32 qnum
-KEYNAMES = linux osx win32
-
-manpages_rst = \
-  manpages/index.rst \
-  $(NULL)
-manpages1_rst = \
-  manpages/virt-pki-validate.rst \
-  manpages/virt-xml-validate.rst \
-  manpages/virt-admin.rst \
-  manpages/virsh.rst \
-  $(NULL)
-manpages7_rst = \
-  $(KEYCODES:%=manpages/virkeycode-%.rst) \
-  $(KEYNAMES:%=manpages/virkeyname-%.rst) \
-  $(NULL)
-manpages8_rst = $(NULL)
-manpages_rst += \
-  $(manpages1_rst) \
-  $(manpages7_rst) \
-  $(manpages8_rst) \
-  $(NULL)
-if WITH_LIBVIRTD
-manpages8_rst += \
-  manpages/libvirtd.rst \
-  manpages/virtlockd.rst \
-  manpages/virtlogd.rst \
-  $(NULL)
-else ! WITH_LIBVIRTD
-manpages_rst += \
-  manpages/libvirtd.rst \
-  manpages/virtlockd.rst \
-  manpages/virtlogd.rst \
-  $(NULL)
-endif ! WITH_LIBVIRTD
-if WITH_HOST_VALIDATE
-  manpages1_rst += manpages/virt-host-validate.rst
-else ! WITH_HOST_VALIDATE
-  manpages_rst += manpages/virt-host-validate.rst
-endif ! WITH_HOST_VALIDATE
-if WITH_LOGIN_SHELL
-  manpages1_rst += manpages/virt-login-shell.rst
-else ! WITH_LOGIN_SHELL
-  manpages_rst += manpages/virt-login-shell.rst
-endif ! WITH_LOGIN_SHELL
-if WITH_SANLOCK
-  manpages8_rst += manpages/virt-sanlock-cleanup.rst
-else ! WITH_SANLOCK
-  manpages_rst += manpages/virt-sanlock-cleanup.rst
-endif ! WITH_SANLOCK
-if WITH_QEMU
-  manpages1_rst += manpages/virt-qemu-run.rst
-else ! WITH_QEMU
-  manpages_rst += manpages/virt-qemu-run.rst
-endif ! WITH_QEMU
-manpages_rst_html_in = \
-  $(manpages_rst:%.rst=%.html.in)
-manpages_html = \
-  $(manpages_rst_html_in:%.html.in=%.html)
-
-man1_MANS = $(manpages1_rst:%.rst=%.1)
-man7_MANS = $(manpages7_rst:%.rst=%.7)
-man8_MANS = $(manpages8_rst:%.rst=%.8)
-
-%.1: %.rst
-	$(AM_V_GEN)$(MKDIR_P) `dirname $@` && \
-	   grep -v '^\.\. contents::' < $< | \
-	   sed -e 's|SYSCONFDIR|$(sysconfdir)|g' \
-	       -e 's|RUNSTATEDIR|$(runstatedir)|g' | \
-	   $(RST2MAN) --strict > $@ || { rm $@ && exit 1; }
-
-%.7: %.rst
-	$(AM_V_GEN)$(MKDIR_P) `dirname $@` && \
-	   grep -v '^\.\. contents::' < $< | \
-	   sed -e 's|SYSCONFDIR|$(sysconfdir)|g' \
-	       -e 's|RUNSTATEDIR|$(runstatedir)|g' | \
-	   $(RST2MAN) --strict > $@ || { rm $@ && exit 1; }
-
-%.8: %.rst
-	$(AM_V_GEN)$(MKDIR_P) `dirname $@` && \
-	   grep -v '^\.\. contents::' < $< | \
-	   sed -e 's|SYSCONFDIR|$(sysconfdir)|g' \
-	       -e 's|RUNSTATEDIR|$(runstatedir)|g' | \
-	   $(RST2MAN) --strict > $@ || { rm $@ && exit 1; }
-
-manpages/virkeycode-%.rst: $(top_srcdir)/src/keycodemapdb/data/keymaps.csv \
-		$(top_srcdir)/src/keycodemapdb/tools/keymap-gen Makefile.am
-	$(AM_V_GEN)export NAME=`echo $@ | \
-		sed -e 's,manpages/virkeycode-,,' -e 's,\.rst,,'` && \
-		$(MKDIR_P) manpages/ && \
-		$(RUNUTF8) $(PYTHON) $(top_srcdir)/src/keycodemapdb/tools/keymap-gen \
-		code-docs \
-		--lang rst \
-		--title "virkeycode-$$NAME" \
-		--subtitle "Key code values for $$NAME" \
-		$(top_srcdir)/src/keycodemapdb/data/keymaps.csv $$NAME > $@
-
-manpages/virkeyname-%.rst: $(top_srcdir)/src/keycodemapdb/data/keymaps.csv \
-		$(top_srcdir)/src/keycodemapdb/tools/keymap-gen Makefile.am
-	$(AM_V_GEN)export NAME=`echo $@ | \
-		sed -e 's,manpages/virkeyname-,,' -e 's,\.rst,,'` && \
-		$(MKDIR_P) manpages/ && \
-		$(RUNUTF8) $(PYTHON) $(top_srcdir)/src/keycodemapdb/tools/keymap-gen \
-		name-docs \
-		--lang rst \
-		--title "virkeyname-$$NAME" \
-		--subtitle "Key name values for $$NAME" \
-		$(top_srcdir)/src/keycodemapdb/data/keymaps.csv $$NAME > $@
-
-manpagesdir = $(HTML_DIR)/manpages
-manpages_DATA = $(manpages_html)
-
-# Generate hvsupport.html and news.html first, since they take one extra step.
-dot_html_generated_in = \
-  hvsupport.html.in \
-  news.html.in
-dot_html_in = \
-  $(notdir $(wildcard $(srcdir)/*.html.in))
-dot_rst = \
-  $(notdir $(wildcard $(srcdir)/*.rst))
-dot_rst_html_in = \
-  $(dot_rst:%.rst=%.html)
-dot_html = \
-  $(dot_html_generated_in:%.html.in=%.html) \
-  $(dot_html_in:%.html.in=%.html) \
-  $(dot_rst_html_in:%.html.in=%.html)
-
-htmldir = $(HTML_DIR)
-html_DATA = $(css) $(png) $(gif) $(dot_html)
-
-apidir = $(pkgdatadir)/api
-api_DATA = \
-       libvirt-api.xml \
-       libvirt-qemu-api.xml \
-       libvirt-lxc-api.xml \
-       libvirt-admin-api.xml
-
-fig = \
-  libvirt-daemon-arch.fig \
-  libvirt-driver-arch.fig \
-  libvirt-object-model.fig \
-  migration-managed-direct.fig \
-  migration-managed-p2p.fig \
-  migration-native.fig \
-  migration-tunnel.fig \
-  migration-unmanaged-direct.fig
-
-schemadir = $(pkgdatadir)/schemas
-schema_DATA = $(wildcard $(srcdir)/schemas/*.rng)
-
-EXTRA_DIST= \
-  site.xsl subsite.xsl newapi.xsl page.xsl \
-  wrapstring.xsl \
-  $(dot_html_in) $(dot_rst) $(gif) $(apipng) \
-  $(fig) $(png) $(css) \
-  $(javascript) $(logofiles) \
-  $(internals_html_in) $(internals_rst) $(fonts) \
-  $(kbase_html_in) $(kbase_rst) \
-  $(manpages_rst) \
-  aclperms.htmlinc \
-  $(schema_DATA)
-
-acl_generated = aclperms.htmlinc
-
-aclperms.htmlinc: $(top_srcdir)/src/access/viraccessperm.h \
-        $(top_srcdir)/scripts/genaclperms.py Makefile.am
-	$(AM_V_GEN)$(RUNUTF8) $(PYTHON) $(top_srcdir)/scripts/genaclperms.py $< > $@
-
-CLEANFILES = \
-  $(dot_html) \
-  $(apihtml) \
-  $(apiadminhtml) \
-  $(apiqemuhtml) \
-  $(apilxchtml) \
-  $(internals_html) \
-  $(kbase_html) \
-  $(manpages_html) \
-  $(man1_MANS) \
-  $(man7_MANS) \
-  $(manpages7_rst) \
-  $(man8_MANS) \
-  $(api_DATA) \
-  $(dot_html_generated_in) \
-  aclperms.htmlinc
-
-timestamp="$(shell if test -n "$$SOURCE_DATE_EPOCH"; \
-		   then \
-		     date -u --date="@$$SOURCE_DATE_EPOCH"; \
-		   else \
-		     date -u; \
-		   fi)"
-
-hvsupport.html: hvsupport.html.in
-
-hvsupport.html.in: $(top_srcdir)/scripts/hvsupport.py $(api_DATA) \
-		$(top_srcdir)/src/libvirt_public.syms \
-	$(top_srcdir)/src/libvirt_qemu.syms $(top_srcdir)/src/libvirt_lxc.syms \
-	$(top_srcdir)/src/driver.h
-	$(AM_V_GEN)$(RUNUTF8) $(PYTHON) $(top_srcdir)/scripts/hvsupport.py \
-		$(top_srcdir) $(top_builddir) > $@ || { rm $@ && exit 1; }
-
-news.html.in: \
-	  $(srcdir)/news.xml \
-	  $(srcdir)/news-html.xsl
-	$(AM_V_GEN)$(XSLTPROC) --nonet \
-	    $(srcdir)/news-html.xsl \
-	    $(srcdir)/news.xml \
-	  >$@ \
-	    || { rm -f $@; exit 1; };
-EXTRA_DIST += \
-	$(srcdir)/news.xml \
-	$(srcdir)/news.rng \
-	$(srcdir)/news-html.xsl
-
-%.png: %.fig
-	convert -rotate 90 $< $@
-
-manpages/%.html.in: manpages/%.rst
-	$(AM_V_GEN)$(MKDIR_P) `dirname $@` && \
-	 grep -v '^:Manual ' < $< | \
-	  sed -e 's|SYSCONFDIR|$(sysconfdir)|g' \
-	     -e 's|RUNSTATEDIR|$(runstatedir)|g' | \
-	  $(RST2HTML) --strict > $@ || { rm $@ && exit 1; }
-
-%.html.in: %.rst
-	$(AM_V_GEN)$(MKDIR_P) `dirname $@` && \
-	  $(RST2HTML) --strict $< > $@ || { rm $@ && exit 1; }
-
-%.html.tmp: %.html.in site.xsl subsite.xsl page.xsl \
-		$(acl_generated)
-	$(AM_V_GEN)name=`echo $@ | sed -e 's/.tmp//'`; \
-	  dir=`dirname $@` ; \
-	  if test "$$dir" = "."; \
-	  then \
-	    style=site.xsl; \
-	  else \
-	    $(MKDIR_P) $$dir; \
-	    style=subsite.xsl; \
-	  fi; \
-	  $(XSLTPROC) --stringparam pagename $$name \
-	    --stringparam builddir '$(abs_top_builddir)' \
-	    --stringparam timestamp $(timestamp) --nonet \
-	    $(top_srcdir)/docs/$$style $< > $@ \
-	    || { rm $@ && exit 1; }
-
-%.html: %.html.tmp
-	$(AM_V_GEN)$(XMLLINT) --nonet --format $< > $@ \
-	  || { rm $@ && exit 1; }
-
-$(apihtml_generated): html/index.html
-$(apiadminhtml_generated): html/index-admin.html
-$(apiqemuhtml_generated): html/index-qemu.html
-$(apilxchtml_generated): html/index-lxc.html
-
-html/index.html: libvirt-api.xml newapi.xsl page.xsl $(APIBUILD_STAMP)
-	$(AM_V_GEN)$(XSLTPROC) --nonet -o ./ \
-	  --stringparam builddir '$(abs_top_builddir)' \
-	  --stringparam timestamp $(timestamp) \
-	  $(srcdir)/newapi.xsl libvirt-api.xml
-
-html/index-%.html: libvirt-%-api.xml newapi.xsl page.xsl $(APIBUILD_STAMP)
-	$(AM_V_GEN)$(XSLTPROC) --nonet -o ./ \
-	  --stringparam builddir '$(abs_top_builddir)' \
-	  --stringparam timestamp $(timestamp) \
-	  --stringparam indexfile $(@:html/%=%) \
-	  $(srcdir)/newapi.xsl $<
-
-check-html:
-	$(XMLLINT) --nonet --noout html/*.html
-
-check-local: check-html
-
-python_generated_files = \
-		html/libvirt-libvirt-lxc.html \
-		html/libvirt-libvirt-qemu.html \
-		html/libvirt-libvirt-admin.html \
-		html/libvirt-virterror.html \
-		$(api_DATA) \
-		$(NULL)
-
-APIBUILD=$(top_srcdir)/scripts/apibuild.py
-APIBUILD_STAMP=apibuild.py.stamp
-CLEANFILES += $(APIBUILD_STAMP)
-
-$(python_generated_files): $(APIBUILD_STAMP)
-
-$(APIBUILD_STAMP): $(top_srcdir)/scripts/apibuild.py \
-		$(top_srcdir)/include/libvirt/libvirt.h \
-		$(top_srcdir)/include/libvirt/libvirt-common.h.in \
-		$(top_srcdir)/include/libvirt/libvirt-domain-checkpoint.h \
-		$(top_srcdir)/include/libvirt/libvirt-domain-snapshot.h \
-		$(top_srcdir)/include/libvirt/libvirt-domain.h \
-		$(top_srcdir)/include/libvirt/libvirt-event.h \
-		$(top_srcdir)/include/libvirt/libvirt-host.h \
-		$(top_srcdir)/include/libvirt/libvirt-interface.h \
-		$(top_srcdir)/include/libvirt/libvirt-network.h \
-		$(top_srcdir)/include/libvirt/libvirt-nodedev.h \
-		$(top_srcdir)/include/libvirt/libvirt-nwfilter.h \
-		$(top_srcdir)/include/libvirt/libvirt-secret.h \
-		$(top_srcdir)/include/libvirt/libvirt-storage.h \
-		$(top_srcdir)/include/libvirt/libvirt-stream.h \
-		$(top_srcdir)/include/libvirt/libvirt-lxc.h \
-		$(top_srcdir)/include/libvirt/libvirt-qemu.h \
-		$(top_srcdir)/include/libvirt/libvirt-admin.h \
-		$(top_srcdir)/include/libvirt/virterror.h \
-		$(top_srcdir)/src/libvirt.c \
-		$(top_srcdir)/src/libvirt-domain-checkpoint.c \
-		$(top_srcdir)/src/libvirt-domain-snapshot.c \
-		$(top_srcdir)/src/libvirt-domain.c \
-		$(top_srcdir)/src/libvirt-host.c \
-		$(top_srcdir)/src/libvirt-interface.c \
-		$(top_srcdir)/src/libvirt-network.c \
-		$(top_srcdir)/src/libvirt-nodedev.c \
-		$(top_srcdir)/src/libvirt-nwfilter.c \
-		$(top_srcdir)/src/libvirt-secret.c \
-		$(top_srcdir)/src/libvirt-storage.c \
-		$(top_srcdir)/src/libvirt-stream.c \
-		$(top_srcdir)/src/libvirt-lxc.c \
-		$(top_srcdir)/src/libvirt-qemu.c \
-		$(top_srcdir)/src/admin/libvirt-admin.c \
-		$(top_srcdir)/src/util/virerror.c \
-		$(top_srcdir)/src/util/virevent.c \
-		$(top_srcdir)/src/util/virtypedparam-public.c
-	$(AM_V_GEN)srcdir=$(srcdir) builddir=$(builddir) \
-		$(RUNUTF8) $(PYTHON) $(APIBUILD)
-	touch $@

docs/acl.html.in

@@ -50,7 +50,7 @@
       control technologies. By default, the <code>none</code>
       driver is used, which does no access control checks at
       all. At this time, libvirt ships with support for using
-      <a href="http://www.freedesktop.org/wiki/Software/polkit/">polkit</a> as a real access
+      <a href="https://www.freedesktop.org/wiki/Software/polkit/">polkit</a> as a real access
       control driver. To learn how to use the polkit access
       driver consult <a href="aclpolkit.html">the configuration
       docs</a>.

docs/aclpolkit.html.in

@@ -1,523 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Polkit access control</h1>
-
-    <p>
-      Libvirt's client <a href="acl.html">access control framework</a> allows
-      administrators to setup fine grained permission rules across client users,
-      managed objects and API operations. This allows client connections
-      to be locked down to a minimal set of privileges. The polkit driver
-      provides a simple implementation of the access control framework.
-    </p>
-
-    <ul id="toc"></ul>
-
-    <h2><a id="intro">Introduction</a></h2>
-
-    <p>
-      A default install of libvirt will typically use
-      <a href="http://www.freedesktop.org/wiki/Software/polkit/">polkit</a>
-      to authenticate the initial user connection to libvirtd. This is a
-      very coarse grained check though, either allowing full read-write
-      access to all APIs, or just read-only access. The polkit access
-      control driver in libvirt builds on this capability to allow for
-      fine grained control over the operations a user may perform on an
-      object.
-    </p>
-
-    <h2><a id="perms">Permission names</a></h2>
-
-    <p>
-      The libvirt <a href="acl.html#perms">object names and permission names</a>
-      are mapped onto polkit action names using the simple pattern:
-    </p>
-
-    <pre>org.libvirt.api.$object.$permission
-</pre>
-
-    <p>
-      The only caveat is that any underscore characters in the
-      object or permission names are converted to hyphens. So,
-      for example, the <code>search_storage_vols</code> permission
-      on the <code>storage_pool</code> object maps to the polkit
-      action:
-    </p>
-    <pre>org.libvirt.api.storage-pool.search-storage-vols
-</pre>
-
-    <p>
-      The default policy for any permission which corresponds to
-      a "read only" operation, is to allow access. All other
-      permissions default to deny access.
-    </p>
-
-    <h2><a id="attrs">Object identity attributes</a></h2>
-
-    <p>
-      To allow polkit authorization rules to be written to match
-      against individual object instances, libvirt provides a number
-      of authorization detail attributes when performing a permission
-      check. The set of attributes varies according to the type
-      of object being checked
-    </p>
-
-    <h3><a id="object_connect">virConnectPtr</a></h3>
-    <table>
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a id="object_domain">virDomainPtr</a></h3>
-    <table>
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>domain_name</td>
-          <td>Name of the domain, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>domain_uuid</td>
-          <td>UUID of the domain, globally unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a id="object_interface">virInterfacePtr</a></h3>
-    <table>
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>interface_name</td>
-          <td>Name of the network interface, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>interface_macaddr</td>
-          <td>MAC address of the network interface, not unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a id="object_network">virNetworkPtr</a></h3>
-    <table>
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>network_name</td>
-          <td>Name of the network, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>network_uuid</td>
-          <td>UUID of the network, globally unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a id="object_node_device">virNodeDevicePtr</a></h3>
-    <table>
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>node_device_name</td>
-          <td>Name of the node device, unique to the local host</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a id="object_nwfilter">virNWFilterPtr</a></h3>
-    <table>
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>nwfilter_name</td>
-          <td>Name of the network filter, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>nwfilter_uuid</td>
-          <td>UUID of the network filter, globally unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a id="object_secret">virSecretPtr</a></h3>
-    <table>
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>secret_uuid</td>
-          <td>UUID of the secret, globally unique</td>
-        </tr>
-        <tr>
-          <td>secret_usage_volume</td>
-          <td>Name of the associated volume, if any</td>
-        </tr>
-        <tr>
-          <td>secret_usage_ceph</td>
-          <td>Name of the associated Ceph server, if any</td>
-        </tr>
-        <tr>
-          <td>secret_usage_target</td>
-          <td>Name of the associated iSCSI target, if any</td>
-        </tr>
-        <tr>
-          <td>secret_usage_name</td>
-          <td>Name of the associated TLS secret, if any</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a id="object_storage_pool">virStoragePoolPtr</a></h3>
-    <table>
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>pool_name</td>
-          <td>Name of the storage pool, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>pool_uuid</td>
-          <td>UUID of the storage pool, globally unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h3><a id="object_storage_vol">virStorageVolPtr</a></h3>
-    <table>
-      <thead>
-        <tr>
-          <th>Attribute</th>
-          <th>Description</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>connect_driver</td>
-          <td>Name of the libvirt connection driver</td>
-        </tr>
-        <tr>
-          <td>pool_name</td>
-          <td>Name of the storage pool, unique to the local host</td>
-        </tr>
-        <tr>
-          <td>pool_uuid</td>
-          <td>UUID of the storage pool, globally unique</td>
-        </tr>
-        <tr>
-          <td>vol_name</td>
-          <td>Name of the storage volume, unique to the pool</td>
-        </tr>
-        <tr>
-          <td>vol_key</td>
-          <td>Key of the storage volume, globally unique</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h2><a id="connect_driver">Hypervisor Driver connect_driver</a></h2>
-    <p>
-      The <code>connect_driver</code> parameter describes the
-      client's <a href="remote.html">remote Connection Driver</a>
-      name based on the <a href="uri.html">URI</a> used for the
-      connection.
-    </p>
-    <p>
-      <span class="since">Since 4.1.0</span>, when calling an API
-      outside the scope of the primary connection driver, the
-      primary driver will attempt to open a secondary connection
-      to the specific API driver in order to process the API. For
-      example, when hypervisor domain processing needs to make an
-      API call within the storage driver or the network filter driver
-      an attempt to open a connection to the "storage" or "nwfilter"
-      driver will be made. Similarly, a "storage" primary connection
-      may need to create a connection to the "secret" driver in order
-      to process secrets for the API. If successful, then calls to
-      those API's will occur in the <code>connect_driver</code> context
-      of the secondary connection driver rather than in the context of
-      the primary driver. This affects the <code>connect_driver</code>
-      returned from rule generation from the <code>action.loookup</code>
-      function. The following table provides a list of the various
-      connection drivers and the <code>connect_driver</code> name
-      used by each regardless of primary or secondary connection.
-      The access denied error message from libvirt will list the
-      connection driver by name that denied the access.
-    </p>
-
-    <h3><a id="object_connect_driver">Connection Driver Name</a></h3>
-    <table>
-      <thead>
-        <tr>
-          <th>Connection Driver</th>
-          <th><code>connect_driver</code> name</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>bhyve</td>
-          <td>bhyve</td>
-        </tr>
-        <tr>
-          <td>esx</td>
-          <td>ESX</td>
-        </tr>
-        <tr>
-          <td>hyperv</td>
-          <td>Hyper-V</td>
-        </tr>
-        <tr>
-          <td>interface</td>
-          <td>interface</td>
-        </tr>
-        <tr>
-          <td>libxl</td>
-          <td>xenlight</td>
-        </tr>
-        <tr>
-          <td>lxc</td>
-          <td>LXC</td>
-        </tr>
-        <tr>
-          <td>network</td>
-          <td>network</td>
-        </tr>
-        <tr>
-          <td>nodedev</td>
-          <td>nodedev</td>
-        </tr>
-        <tr>
-          <td>nwfilter</td>
-          <td>NWFilter</td>
-        </tr>
-        <tr>
-          <td>openvz</td>
-          <td>OPENVZ</td>
-        </tr>
-        <tr>
-          <td>qemu</td>
-          <td>QEMU</td>
-        </tr>
-        <tr>
-          <td>secret</td>
-          <td>secret</td>
-        </tr>
-        <tr>
-          <td>storage</td>
-          <td>storage</td>
-        </tr>
-        <tr>
-          <td>vbox</td>
-          <td>VBOX</td>
-        </tr>
-        <tr>
-          <td>vmware</td>
-          <td>VMWARE</td>
-        </tr>
-        <tr>
-          <td>vz</td>
-          <td>vz</td>
-        </tr>
-      </tbody>
-    </table>
-
-
-    <h2><a id="user">User identity attributes</a></h2>
-
-    <p>
-      At this point in time, the only attribute provided by
-      libvirt to identify the user invoking the operation
-      is the PID of the client program. This means that the
-      polkit access control driver is only useful if connections
-      to libvirt are restricted to its UNIX domain socket. If
-      connections are being made to a TCP socket, no identifying
-      information is available and access will be denied.
-      Also note that if the client is connecting via an SSH
-      tunnel, it is the local SSH user that will be identified.
-      In future versions, it is expected that more information
-      about the client user will be provided, including the
-      SASL / Kerberos username and/or x509 distinguished
-      name obtained from the authentication provider in use.
-    </p>
-
-
-    <h2><a id="checks">Writing access control policies</a></h2>
-
-    <p>
-      If using versions of polkit prior to 0.106 then it is only
-      possible to validate (user, permission) pairs via the <code>.pkla</code>
-      files. Fully validation of the (user, permission, object) triple
-      requires the new JavaScript <code>.rules</code> support that
-      was introduced in version 0.106. The latter is what will be
-      described here.
-    </p>
-
-    <p>
-      Libvirt does not ship any rules files by default. It merely
-      provides a definition of the default behaviour for each
-      action (permission). As noted earlier, permissions which
-      correspond to read-only operations in libvirt will be allowed
-      to all users by default; everything else is denied by default.
-      Defining custom rules requires creation of a file in the
-      <code>/etc/polkit-1/rules.d</code> directory with a name
-      chosen by the administrator (<code>100-libvirt-acl.rules</code>
-      would be a reasonable choice). See the <code>polkit(8)</code>
-      manual page for a description of how to write these files
-      in general. The key idea is to create a file containing
-      something like
-    </p>
-
-    <pre>
-polkit.addRule(function(action, subject) {
-  ....logic to check 'action' and 'subject'...
-});
-    </pre>
-
-    <p>
-      In this code snippet above, the <code>action</code> object
-      instance will represent the libvirt permission being checked
-      along with identifying attributes for the object it is being
-      applied to. The <code>subject</code> meanwhile will identify
-      the libvirt client app (with the caveat above about it only
-      dealing with local clients connected via the UNIX socket).
-      On the <code>action</code> object, the permission name is
-      accessible via the <code>id</code> attribute, while the
-      object identifying attributes are exposed via the
-      <code>lookup</code> method.
-    </p>
-
-    <p>
-    See
-    <a href="https://libvirt.org/git/?p=libvirt.git;a=tree;f=examples/polkit;hb=HEAD">source code</a>
-    for a more complex example.
-    </p>
-
-    <h3><a id="exconnect">Example: restricting ability to connect to drivers</a></h3>
-
-    <p>
-      Consider a local user <code>berrange</code>
-      who has been granted permission to connect to libvirt in
-      full read-write mode. The goal is to only allow them to
-      use the <code>QEMU</code> driver and not the Xen or LXC
-      drivers which are also available in libvirtd.
-      To achieve this we need to write a rule which checks
-      whether the <code>connect_driver</code> attribute
-      is <code>QEMU</code>, and match on an action
-      name of <code>org.libvirt.api.connect.getattr</code>. Using
-      the javascript rules format, this ends up written as
-    </p>
-
-    <pre>
-polkit.addRule(function(action, subject) {
-    if (action.id == "org.libvirt.api.connect.getattr" &amp;&amp;
-        subject.user == "berrange") {
-          if (action.lookup("connect_driver") == 'QEMU') {
-            return polkit.Result.YES;
-          } else {
-            return polkit.Result.NO;
-          }
-    }
-});
-    </pre>
-
-    <h3><a id="exdomain">Example: restricting access to a single domain</a></h3>
-
-    <p>
-      Consider a local user <code>berrange</code>
-      who has been granted permission to connect to libvirt in
-      full read-write mode. The goal is to only allow them to
-      see the domain called <code>demo</code> on the LXC driver.
-      To achieve this we need to write a rule which checks
-      whether the <code>connect_driver</code> attribute
-      is <code>LXC</code> and the <code>domain_name</code>
-      attribute is <code>demo</code>, and match on an action
-      name of <code>org.libvirt.api.domain.getattr</code>. Using
-      the javascript rules format, this ends up written as
-    </p>
-
-    <pre>
-polkit.addRule(function(action, subject) {
-    if (action.id == "org.libvirt.api.domain.getattr" &amp;&amp;
-        subject.user == "berrange") {
-          if (action.lookup("connect_driver") == 'LXC' &amp;&amp;
-              action.lookup("domain_name") == 'demo') {
-            return polkit.Result.YES;
-          } else {
-            return polkit.Result.NO;
-          }
-    }
-});
-    </pre>
-  </body>
-</html>

docs/aclpolkit.rst

@@ -0,0 +1,310 @@
+.. role:: since
+
+=====================
+Polkit access control
+=====================
+
+Libvirt's client `access control framework <acl.html>`__ allows
+administrators to setup fine grained permission rules across client
+users, managed objects and API operations. This allows client
+connections to be locked down to a minimal set of privileges. The polkit
+driver provides a simple implementation of the access control framework.
+
+.. contents::
+
+Introduction
+------------
+
+A default install of libvirt will typically use
+`polkit <https://www.freedesktop.org/wiki/Software/polkit/>`__ to
+authenticate the initial user connection to libvirtd. This is a very
+coarse grained check though, either allowing full read-write access to
+all APIs, or just read-only access. The polkit access control driver in
+libvirt builds on this capability to allow for fine grained control over
+the operations a user may perform on an object.
+
+Permission names
+----------------
+
+The libvirt `object names and permission names <acl.html#perms>`__ are
+mapped onto polkit action names using the simple pattern:
+
+::
+
+   org.libvirt.api.$object.$permission
+
+The only caveat is that any underscore characters in the object or
+permission names are converted to hyphens. So, for example, the
+``search_storage_vols`` permission on the ``storage_pool`` object maps
+to the polkit action:
+
+::
+
+   org.libvirt.api.storage-pool.search-storage-vols
+
+The default policy for any permission which corresponds to a "read only"
+operation, is to allow access. All other permissions default to deny
+access.
+
+Object identity attributes
+--------------------------
+
+To allow polkit authorization rules to be written to match against
+individual object instances, libvirt provides a number of authorization
+detail attributes when performing a permission check. The set of
+attributes varies according to the type of object being checked
+
+virConnectPtr
+~~~~~~~~~~~~~
+
+============== =====================================
+Attribute      Description
+============== =====================================
+connect_driver Name of the libvirt connection driver
+============== =====================================
+
+virDomainPtr
+~~~~~~~~~~~~
+
+============== ============================================
+Attribute      Description
+============== ============================================
+connect_driver Name of the libvirt connection driver
+domain_name    Name of the domain, unique to the local host
+domain_uuid    UUID of the domain, globally unique
+============== ============================================
+
+virInterfacePtr
+~~~~~~~~~~~~~~~
+
++-------------------+---------------------------------------------------------+
+| Attribute         | Description                                             |
++===================+=========================================================+
+| connect_driver    | Name of the libvirt connection driver                   |
++-------------------+---------------------------------------------------------+
+| interface_name    | Name of the network interface, unique to the local host |
++-------------------+---------------------------------------------------------+
+| interface_macaddr | MAC address of the network interface, not unique        |
++-------------------+---------------------------------------------------------+
+
+virNetworkPtr
+~~~~~~~~~~~~~
+
+============== =============================================
+Attribute      Description
+============== =============================================
+connect_driver Name of the libvirt connection driver
+network_name   Name of the network, unique to the local host
+network_uuid   UUID of the network, globally unique
+============== =============================================
+
+virNodeDevicePtr
+~~~~~~~~~~~~~~~~
+
+================ =================================================
+Attribute        Description
+================ =================================================
+connect_driver   Name of the libvirt connection driver
+node_device_name Name of the node device, unique to the local host
+================ =================================================
+
+virNWFilterPtr
+~~~~~~~~~~~~~~
+
+============== ====================================================
+Attribute      Description
+============== ====================================================
+connect_driver Name of the libvirt connection driver
+nwfilter_name  Name of the network filter, unique to the local host
+nwfilter_uuid  UUID of the network filter, globally unique
+============== ====================================================
+
+virSecretPtr
+~~~~~~~~~~~~
+
+=================== ===========================================
+Attribute           Description
+=================== ===========================================
+connect_driver      Name of the libvirt connection driver
+secret_uuid         UUID of the secret, globally unique
+secret_usage_volume Name of the associated volume, if any
+secret_usage_ceph   Name of the associated Ceph server, if any
+secret_usage_target Name of the associated iSCSI target, if any
+secret_usage_name   Name of the associated TLS secret, if any
+=================== ===========================================
+
+virStoragePoolPtr
+~~~~~~~~~~~~~~~~~
+
+============== ==================================================
+Attribute      Description
+============== ==================================================
+connect_driver Name of the libvirt connection driver
+pool_name      Name of the storage pool, unique to the local host
+pool_uuid      UUID of the storage pool, globally unique
+============== ==================================================
+
+virStorageVolPtr
+~~~~~~~~~~~~~~~~
+
+============== ==================================================
+Attribute      Description
+============== ==================================================
+connect_driver Name of the libvirt connection driver
+pool_name      Name of the storage pool, unique to the local host
+pool_uuid      UUID of the storage pool, globally unique
+vol_name       Name of the storage volume, unique to the pool
+vol_key        Key of the storage volume, globally unique
+============== ==================================================
+
+Hypervisor Driver connect_driver
+--------------------------------
+
+The ``connect_driver`` parameter describes the client's `remote
+Connection Driver <remote.html>`__ name based on the `URI <uri.html>`__
+used for the connection.
+
+:since:`Since 4.1.0`, when calling an API outside the scope of the primary
+connection driver, the primary driver will attempt to open a secondary
+connection to the specific API driver in order to process the API. For
+example, when hypervisor domain processing needs to make an API call
+within the storage driver or the network filter driver an attempt to
+open a connection to the "storage" or "nwfilter" driver will be made.
+Similarly, a "storage" primary connection may need to create a
+connection to the "secret" driver in order to process secrets for the
+API. If successful, then calls to those API's will occur in the
+``connect_driver`` context of the secondary connection driver rather
+than in the context of the primary driver. This affects the
+``connect_driver`` returned from rule generation from the
+``action.loookup`` function. The following table provides a list of the
+various connection drivers and the ``connect_driver`` name used by each
+regardless of primary or secondary connection. The access denied error
+message from libvirt will list the connection driver by name that denied
+the access.
+
+Connection Driver Name
+~~~~~~~~~~~~~~~~~~~~~~
+
+================= =======================
+Connection Driver ``connect_driver`` name
+================= =======================
+bhyve             bhyve
+esx               ESX
+hyperv            Hyper-V
+interface         interface
+xen               Xen
+lxc               LXC
+network           network
+nodedev           nodedev
+nwfilter          NWFilter
+openvz            OPENVZ
+qemu              QEMU
+secret            secret
+storage           storage
+vbox              VBOX
+vmware            VMWARE
+vz                vz
+================= =======================
+
+User identity attributes
+------------------------
+
+At this point in time, the only attribute provided by libvirt to
+identify the user invoking the operation is the PID of the client
+program. This means that the polkit access control driver is only useful
+if connections to libvirt are restricted to its UNIX domain socket. If
+connections are being made to a TCP socket, no identifying information
+is available and access will be denied. Also note that if the client is
+connecting via an SSH tunnel, it is the local SSH user that will be
+identified. In future versions, it is expected that more information
+about the client user will be provided, including the SASL / Kerberos
+username and/or x509 distinguished name obtained from the authentication
+provider in use.
+
+Writing access control policies
+-------------------------------
+
+If using versions of polkit prior to 0.106 then it is only possible to
+validate (user, permission) pairs via the ``.pkla`` files. Fully
+validation of the (user, permission, object) triple requires the new
+JavaScript ``.rules`` support that was introduced in version 0.106. The
+latter is what will be described here.
+
+Libvirt does not ship any rules files by default. It merely provides a
+definition of the default behaviour for each action (permission). As
+noted earlier, permissions which correspond to read-only operations in
+libvirt will be allowed to all users by default; everything else is
+denied by default. Defining custom rules requires creation of a file in
+the ``/etc/polkit-1/rules.d`` directory with a name chosen by the
+administrator (``100-libvirt-acl.rules`` would be a reasonable choice).
+See the ``polkit(8)`` manual page for a description of how to write
+these files in general. The key idea is to create a file containing
+something like
+
+::
+
+   polkit.addRule(function(action, subject) {
+     ....logic to check 'action' and 'subject'...
+   });
+
+In this code snippet above, the ``action`` object instance will
+represent the libvirt permission being checked along with identifying
+attributes for the object it is being applied to. The ``subject``
+meanwhile will identify the libvirt client app (with the caveat above
+about it only dealing with local clients connected via the UNIX socket).
+On the ``action`` object, the permission name is accessible via the
+``id`` attribute, while the object identifying attributes are exposed
+via the ``lookup`` method.
+
+See `source
+code <https://gitlab.com/libvirt/libvirt/-/tree/master/examples/polkit>`__
+for a more complex example.
+
+Example: restricting ability to connect to drivers
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Consider a local user ``berrange`` who has been granted permission to
+connect to libvirt in full read-write mode. The goal is to only allow
+them to use the ``QEMU`` driver and not the Xen or LXC drivers which are
+also available in libvirtd. To achieve this we need to write a rule
+which checks whether the ``connect_driver`` attribute is ``QEMU``, and
+match on an action name of ``org.libvirt.api.connect.getattr``. Using
+the javascript rules format, this ends up written as
+
+::
+
+   polkit.addRule(function(action, subject) {
+       if (action.id == "org.libvirt.api.connect.getattr" &&
+           subject.user == "berrange") {
+             if (action.lookup("connect_driver") == 'QEMU') {
+               return polkit.Result.YES;
+             } else {
+               return polkit.Result.NO;
+             }
+       }
+   });
+
+Example: restricting access to a single domain
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Consider a local user ``berrange`` who has been granted permission to
+connect to libvirt in full read-write mode. The goal is to only allow
+them to see the domain called ``demo`` on the LXC driver. To achieve
+this we need to write a rule which checks whether the ``connect_driver``
+attribute is ``LXC`` and the ``domain_name`` attribute is ``demo``, and
+match on an action name of ``org.libvirt.api.domain.getattr``. Using the
+javascript rules format, this ends up written as
+
+::
+
+   polkit.addRule(function(action, subject) {
+       if (action.id == "org.libvirt.api.domain.getattr" &&
+           subject.user == "berrange") {
+             if (action.lookup("connect_driver") == 'LXC' &&
+                 action.lookup("domain_name") == 'demo') {
+               return polkit.Result.YES;
+             } else {
+               return polkit.Result.NO;
+             }
+       }
+   });

docs/advanced-tests.rst

@@ -0,0 +1,171 @@
+=========================
+Advanced test suite usage
+=========================
+
+The basic requirement before submitting changes to libvirt is that
+
+::
+
+  $ ninja test
+
+succeed after each commit.
+
+The libvirt test suite, however, support additional features: for
+example, it's possible to look for memory leaks and similar issues
+by running
+
+::
+
+  $ meson test --setup valgrind
+
+`Valgrind <https://valgrind.org/>`__ is a test that checks for
+memory management issues, such as leaks or use of uninitialized
+variables.
+
+Some tests are skipped by default in a development environment,
+based on the time they take in comparison to the likelihood
+that those tests will turn up problems during incremental
+builds. These tests default to being run when building from a
+tarball or with the configure option -Dexpensive_tests=enabled.
+
+If you encounter any failing tests, the VIR_TEST_DEBUG
+environment variable may provide extra information to debug the
+failures. Larger values of VIR_TEST_DEBUG may provide larger
+amounts of information:
+
+::
+
+  $ VIR_TEST_DEBUG=1 ninja test    (or)
+  $ VIR_TEST_DEBUG=2 ninja test
+
+When debugging failures during development, it is possible to
+focus in on just the failing subtests by using VIR_TEST_RANGE.
+I.e. to run all tests from 3 to 20 with the exception of tests
+6 and 16, use:
+
+::
+
+  $ VIR_TEST_DEBUG=1 VIR_TEST_RANGE=3-5,7-20,^16 ./run tests/qemuxml2argvtest
+
+Also, individual tests can be run from inside the ``tests/``
+directory, like:
+
+::
+
+  $ ./qemuxml2xmltest
+
+If you are adding new test cases, or making changes that alter
+existing test output, you can use the environment variable
+VIR_TEST_REGENERATE_OUTPUT to quickly update the saved test
+data. Of course you still need to review the changes VERY
+CAREFULLY to ensure they are correct.
+
+::
+
+  $ VIR_TEST_REGENERATE_OUTPUT=1 ./qemuxml2argvtest
+
+There is also a ``./run`` script at the top level, to make it
+easier to run programs that have not yet been installed, as
+well as to wrap invocations of various tests under gdb or
+Valgrind.
+
+When running our test suite it may happen that the test result
+is nondeterministic because of the test suite relying on a
+particular file in the system being accessible or having some
+specific value. To catch this kind of errors, the test suite
+has a module for that prints any path touched that fulfils
+constraints described above into a file. To enable it just set
+``VIR_TEST_FILE_ACCESS`` environment variable. Then
+``VIR_TEST_FILE_ACCESS_OUTPUT`` environment variable can alter
+location where the file is stored.
+
+::
+
+  $ VIR_TEST_FILE_ACCESS=1 VIR_TEST_FILE_ACCESS_OUTPUT="/tmp/file_access.txt" ./qemuxml2argvtest
+
+#. The Valgrind test should produce similar output to
+``ninja test``. If the output has traces within libvirt API's,
+then investigation is required in order to determine the cause
+of the issue. Output such as the following indicates some sort
+of leak:
+
+::
+
+  ==5414== 4 bytes in 1 blocks are definitely lost in loss record 3 of 89
+  ==5414==    at 0x4A0881C: malloc (vg_replace_malloc.c:270)
+  ==5414==    by 0x34DE0AAB85: xmlStrndup (in /usr/lib64/libxml2.so.2.7.8)
+  ==5414==    by 0x4CC97A6: virDomainVideoDefParseXML (domain_conf.c:7410)
+  ==5414==    by 0x4CD581D: virDomainDefParseXML (domain_conf.c:10188)
+  ==5414==    by 0x4CD8C73: virDomainDefParseNode (domain_conf.c:10640)
+  ==5414==    by 0x4CD8DDB: virDomainDefParse (domain_conf.c:10590)
+  ==5414==    by 0x41CB1D: testCompareXMLToArgvHelper (qemuxml2argvtest.c:100)
+  ==5414==    by 0x41E20F: virtTestRun (testutils.c:161)
+  ==5414==    by 0x41C7CB: mymain (qemuxml2argvtest.c:866)
+  ==5414==    by 0x41E84A: virtTestMain (testutils.c:723)
+  ==5414==    by 0x34D9021734: (below main) (in /usr/lib64/libc-2.15.so)
+
+In this example, the ``virDomainDefParseXML()`` had an error
+path where the ``virDomainVideoDef *video`` pointer was not
+properly disposed. By simply adding a
+``virDomainVideoDefFree(video);`` in the error path, the issue
+was resolved.
+
+Another common mistake is calling a printing function, such as
+``VIR_DEBUG()`` without initializing a variable to be printed.
+The following example involved a call which could return an
+error, but not set variables passed by reference to the call.
+The solution was to initialize the variables prior to the call.
+
+::
+
+  ==4749== Use of uninitialised value of size 8
+  ==4749==    at 0x34D904650B: _itoa_word (in /usr/lib64/libc-2.15.so)
+  ==4749==    by 0x34D9049118: vfprintf (in /usr/lib64/libc-2.15.so)
+  ==4749==    by 0x34D9108F60: __vasprintf_chk (in /usr/lib64/libc-2.15.so)
+  ==4749==    by 0x4CAEEF7: virVasprintf (stdio2.h:199)
+  ==4749==    by 0x4C8A55E: virLogVMessage (virlog.c:814)
+  ==4749==    by 0x4C8AA96: virLogMessage (virlog.c:751)
+  ==4749==    by 0x4DA0056: virNetTLSContextCheckCertKeyUsage (virnettlscontext.c:225)
+  ==4749==    by 0x4DA06DB: virNetTLSContextCheckCert (virnettlscontext.c:439)
+  ==4749==    by 0x4DA1620: virNetTLSContextNew (virnettlscontext.c:562)
+  ==4749==    by 0x4DA26FC: virNetTLSContextNewServer (virnettlscontext.c:927)
+  ==4749==    by 0x409C39: testTLSContextInit (virnettlscontexttest.c:467)
+  ==4749==    by 0x40AB8F: virtTestRun (testutils.c:161)
+
+Valgrind will also find some false positives or code paths
+which cannot be resolved by making changes to the libvirt code.
+For these paths, it is possible to add a filter to avoid the
+errors. For example:
+
+::
+
+  ==4643== 7 bytes in 1 blocks are possibly lost in loss record 4 of 20
+  ==4643==    at 0x4A0881C: malloc (vg_replace_malloc.c:270)
+  ==4643==    by 0x34D90853F1: strdup (in /usr/lib64/libc-2.15.so)
+  ==4643==    by 0x34EEC2C08A: ??? (in /usr/lib64/libnl.so.1.1)
+  ==4643==    by 0x34EEC15B81: ??? (in /usr/lib64/libnl.so.1.1)
+  ==4643==    by 0x34D8C0EE15: call_init.part.0 (in /usr/lib64/ld-2.15.so)
+  ==4643==    by 0x34D8C0EECF: _dl_init (in /usr/lib64/ld-2.15.so)
+  ==4643==    by 0x34D8C01569: ??? (in /usr/lib64/ld-2.15.so)
+
+In this instance, it is acceptable to modify the
+``tests/.valgrind.supp`` file in order to add a suppression
+filter. The filter should be unique enough to not suppress real
+leaks, but it should be generic enough to cover multiple code
+paths. The format of the entry can be found in the
+documentation found at the `Valgrind home
+page <https://valgrind.org/>`__. The following trace was added
+to ``tests/.valgrind.supp`` in order to suppress the warning:
+
+::
+
+  {
+      dlInitMemoryLeak1
+      Memcheck:Leak
+      fun:?alloc
+      ...
+      fun:call_init.part.0
+      fun:_dl_init
+      ...
+      obj:*/lib*/ld-2.*so*
+  }

docs/api.html.in

@@ -1,380 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>The libvirt API concepts</h1>
-
-    <p> This page describes the main principles and architecture choices
-    behind the definition of the libvirt API:</p>
-
-    <ul id="toc"></ul>
-
-    <h2><a id="Objects">Objects Exposed</a></h2>
-    <p> As defined in the <a href="goals.html">goals section</a>, the libvirt
-    API is designed to expose all the resources needed to manage the
-    virtualization support of recent operating systems. The first object
-    manipulated through the API is the <code>virConnectPtr</code>, which
-    represents the connection to a hypervisor. Any application using libvirt
-    is likely to start using the
-    API by calling one of <a href="html/libvirt-libvirt-host.html#virConnectOpen"
-    >the virConnectOpen functions</a>. You will note that those functions take
-    a name argument which is actually a <a href="uri.html">connection URI</a>
-    to select the right hypervisor to open.
-    A URI is needed to allow remote connections and also select between
-    different possible hypervisors. For example, on a Linux system it may be
-    possible to use both KVM and LinuxContainers on the same node. A NULL
-    name will default to a preselected hypervisor, but it's probably not a
-    wise thing to do in most cases. See the <a href="uri.html">connection
-    URI</a> page for a full descriptions of the values allowed.</p>
-    <p> OnDevice the application obtains a
-      <a href="/html/libvirt-libvirt-host.html#virConnectPtr">
-        <code>virConnectPtr</code>
-      </a>
-    connection to the hypervisor it can then use it to manage the hypervisor's
-    available domains and related virtualization
-    resources, such as storage and networking. All those are
-    exposed as first class objects and connected to the hypervisor connection
-    (and the node or cluster where it is available).</p>
-    <p class="image">
-      <img alt="first class objects exposed by the API"
-           src="libvirt-object-model.png"/>
-    </p>
-    <p> The figure above shows the five main objects exported by the API:</p>
-    <ul>
-      <li>
-        <a href="html/libvirt-libvirt-host.html#virConnectPtr">
-          <code>virConnectPtr</code>
-        </a>
-      <p>Represents the connection to a hypervisor. Use one of the
-      <a href="html/libvirt-libvirt-host.html#virConnectOpen">virConnectOpen</a>
-      functions to obtain connection to the hypervisor which is then used
-      as a parameter to other connection API's.</p></li>
-      <li>
-        <a href="html/libvirt-libvirt-domain.html#virDomainPtr">
-          <code>virDomainPtr</code>
-        </a>
-      <p>Represents one domain either active or defined (i.e. existing as
-      permanent config file and storage but not currently running on that
-      node). The function
-        <a href="html/libvirt-libvirt-domain.html#virConnectListAllDomains">
-          <code>virConnectListAllDomains</code>
-        </a>
-      lists all the domains for the hypervisor.</p></li>
-      <li>
-        <a href="html/libvirt-libvirt-network.html#virNetworkPtr">
-          <code>virNetworkPtr</code>
-        </a>
-      <p>Represents one network either active or defined (i.e. existing
-      as permanent config file and storage but not currently activated).
-      The function
-        <a href="html/libvirt-libvirt-network.html#virConnectListAllNetworks">
-          <code>virConnectListAllNetworks</code>
-        </a>
-      lists all the virtualization networks for the hypervisor.</p></li>
-      <li>
-        <a href="html/libvirt-libvirt-storage.html#virStorageVolPtr">
-          <code>virStorageVolPtr</code>
-        </a>
-      <p>Represents one storage volume generally used
-      as a block device available to one of the domains. The function
-        <a href="html/libvirt-libvirt-storage.html#virStorageVolLookupByPath">
-          <code>virStorageVolLookupByPath</code>
-        </a>
-      finds the storage volume object based on its path on the node.</p></li>
-      <li>
-        <a href="html/libvirt-libvirt-storage.html#virStoragePoolPtr">
-          <code>virStoragePoolPtr</code>
-        </a>
-      <p>Represents a storage pool, which is a logical area
-      used to allocate and store storage volumes. The function
-        <a href="html/libvirt-libvirt-storage.html#virConnectListAllStoragePools">
-          <code>virConnectListAllStoragePools</code>
-        </a>
-      lists all of the virtualization storage pools on the hypervisor.
-      The function
-        <a href="html/libvirt-libvirt-storage.html#virStoragePoolLookupByVolume">
-          <code>virStoragePoolLookupByVolume</code>
-        </a>
-      finds the storage pool containing a given storage volume.</p></li>
-    </ul>
-    <p> Most objects manipulated by the library can also be represented using
-      XML descriptions. This is used primarily to create those object, but is
-      also helpful to modify or save their description back.</p>
-    <p> Domains, networks, and storage pools can be either <code>active</code>
-      i.e. either running or available for immediate use, or
-      <code>defined</code> in which case they are inactive but there is
-      a permanent definition available in the system for them. Based on this
-      they can be activated dynamically in order to be used.</p>
-    <p> Most objects can also be named in various ways:</p>
-    <ul>
-      <li><code>name</code>
-      <p>A user friendly identifier but whose uniqueness
-      cannot be guaranteed between two nodes.</p></li>
-      <li><code>ID</code>
-      <p>A runtime unique identifier
-      provided by the hypervisor for one given activation of the object;
-      however, it becomes invalid once the resource is deactivated.</p></li >
-      <li><code>UUID</code>
-      <p> A 16 byte unique identifier
-      as defined in <a href="http://www.ietf.org/rfc/rfc4122.txt">RFC 4122</a>,
-      which is guaranteed to be unique for long term usage and across a
-      set of nodes.</p></li>
-    </ul>
-
-    <h2><a id="Functions">Functions and Naming Conventions</a></h2>
-    <p> The naming of the functions present in the library is usually
-      composed by a prefix describing the object associated to the function
-      and a verb describing the action on that object.</p>
-    <p> For each first class object you will find APIs
-      for the following actions:</p>
-    <ul>
-      <li><b>Lookup</b> [...LookupBy...]
-      <p>Used to perform lookups on objects by some type of identifier,
-      such as:</p>
-          <ul>
-            <li>
-              <a href="html/libvirt-libvirt-domain.html#virDomainLookupByID">
-                <code>virDomainLookupByID</code>
-              </a>
-            </li>
-            <li>
-              <a href="html/libvirt-libvirt-domain.html#virDomainLookupByName">
-                <code>virDomainLookupByName</code>
-              </a>
-            </li>
-            <li>
-              <a href="html/libvirt-libvirt-domain.html#virDomainLookupByUUID">
-                <code>virDomainLookupByUUID</code>
-              </a>
-            </li>
-            <li>
-              <a href="html/libvirt-libvirt-domain.html#virDomainLookupByUUIDString">
-                <code>virDomainLookupByUUIDString</code>
-              </a>
-            </li>
-          </ul>
-      </li>
-      <li><b>Enumeration</b> [virConnectList..., virConnectNumOf...]
-      <p>Used to enumerate a set of object available to a given
-      hypervisor connection such as:</p>
-          <ul>
-            <li>
-              <a href="html/libvirt-libvirt-domain.html#virConnectListDomains">
-                <code>virConnectListDomains</code>
-              </a>
-            </li>
-            <li>
-              <a href="html/libvirt-libvirt-domain.html#virConnectNumOfDomains">
-                <code>virConnectNumOfDomains</code>
-              </a>
-            </li>
-            <li>
-              <a href="html/libvirt-libvirt-network.html#virConnectListNetworks">
-                <code>virConnectListNetworks</code>
-              </a>
-            </li>
-            <li>
-              <a href="html/libvirt-libvirt-storage.html#virConnectListStoragePools">
-                <code>virConnectListStoragePools</code>
-              </a>
-            </li>
-          </ul>
-      </li>
-      <li><b>Description</b> [...GetInfo]
-      <p>Generic accessor providing a set of generic information about an
-      object, such as: </p>
-        <ul>
-          <li>
-            <a href="html/libvirt-libvirt-host.html#virNodeGetInfo">
-              <code>virNodeGetInfo</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-domain.html#virDomainGetInfo">
-              <code>virDomainGetInfo</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-storage.html#virStoragePoolGetInfo">
-              <code>virStoragePoolGetInfo</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-storage.html#virStorageVolGetInfo">
-              <code>virStorageVolGetInfo</code>
-            </a>
-          </li>
-        </ul>
-      </li>
-      <li><b>Accessors</b> [...Get..., ...Set...]
-      <p>Specific accessors used to query or modify data for the given object,
-      such as: </p>
-        <ul>
-          <li>
-            <a href="html/libvirt-libvirt-host.html#virConnectGetType">
-              <code>virConnectGetType</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-domain.html#virDomainGetMaxMemory">
-              <code>virDomainGetMaxMemory</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-domain.html#virDomainSetMemory">
-              <code>virDomainSetMemory</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-domain.html#virDomainGetVcpus">
-              <code>virDomainGetVcpus</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-storage.html#virStoragePoolSetAutostart">
-              <code>virStoragePoolSetAutostart</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-network.html#virNetworkGetBridgeName">
-              <code>virNetworkGetBridgeName</code>
-            </a>
-          </li>
-        </ul>
-      </li>
-      <li><b>Creation</b> [...Create, ...CreateXML]
-      <p>Used to create and start objects.  The ...CreateXML APIs will create
-      the object based on an XML description, while the ...Create APIs will
-      create the object based on existing object pointer, such as: </p>
-        <ul>
-          <li>
-            <a href="html/libvirt-libvirt-domain.html#virDomainCreate">
-              <code>virDomainCreate</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-domain.html#virDomainCreateXML">
-              <code>virDomainCreateXML</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-network.html#virNetworkCreate">
-              <code>virNetworkCreate</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-network.html#virNetworkCreateXML">
-              <code>virNetworkCreateXML</code>
-            </a>
-          </li>
-        </ul>
-      </li>
-      <li><b>Destruction</b> [...Destroy]
-      <p>Used to shutdown or deactivate and destroy objects, such as: </p>
-        <ul>
-          <li>
-            <a href="html/libvirt-libvirt-domain.html#virDomainDestroy">
-              <code>virDomainDestroy</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-network.html#virNetworkDestroy">
-              <code>virNetworkDestroy</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-storage.html#virStoragePoolDestroy">
-              <code>virStoragePoolDestroy</code>
-            </a>
-          </li>
-        </ul>
-      </li>
-    </ul>
-    <p>Note: functions returning vir*Ptr (like the virDomainLookup functions)
-    allocate memory which needs to be freed by the caller by the corresponding
-    vir*Free function (e.g. virDomainFree for a virDomainPtr object).
-    </p>
-    <p> For more in-depth details of the storage related APIs see
-      <a href="storage.html">the storage management page</a>.
-    </p>
-    <h2><a id="Drivers">The libvirt Drivers</a></h2>
-    <p>Drivers are the basic building block for libvirt functionality
-    to support the capability to handle specific hypervisor driver calls.
-    Drivers are discovered and registered during connection processing as
-    part of the
-      <a href="html/libvirt-libvirt-host.html#virInitialize">
-        <code>virInitialize</code>
-      </a>
-    API. Each driver
-    has a registration API which loads up the driver specific function
-    references for the libvirt APIs to call. The following is a simplistic
-    view of the hypervisor driver mechanism. Consider the stacked list of
-    drivers as a series of modules that can be plugged into the architecture
-    depending on how libvirt is configured to be built.</p>
-    <p class="image">
-      <img alt="The libvirt driver architecture"
-           src="libvirt-driver-arch.png"/>
-    </p>
-    <p>The driver architecture is also used to support other virtualization
-    components such as storage, storage pools, host device, networking,
-    network interfaces, and network filters.</p>
-    <p>See the <a href="drivers.html">libvirt drivers</a> page for more
-    information on hypervisor and storage specific drivers.</p>
-    <p>Not all drivers support every virtualization function possible.
-    The <a href="hvsupport.html">libvirt API support matrix</a> lists
-    the various functions and support found in each driver by the version
-    support was added into libvirt.
-    </p>
-    <h2><a id="Remote">Daemon and Remote Access</a></h2>
-    <p>Access to libvirt drivers is primarily handled by the libvirtd
-    daemon through the <a href="remote.html">remote</a> driver via an
-    <a href="internals/rpc.html">RPC</a>. Some hypervisors do support
-    client-side connections and responses, such as Test, OpenVZ, VMware,
-    VirtualBox (vbox), ESX, Hyper-V, Xen, and Virtuozzo.
-    The libvirtd daemon service is started on the host at system boot
-    time and can also be restarted at any time by a properly privileged
-    user, such as root. The libvirtd daemon uses the same libvirt API
-    <a href="html/libvirt-libvirt-host.html#virInitialize">
-      <code>virInitialize</code>
-    </a>
-    sequence as applications
-    for client-side driver registrations, but then extends the registered
-    driver list to encompass all known drivers supported for all driver
-    types supported on the host. </p>
-    <p>The libvirt client <a href="apps.html">applications</a> use a
-    <a href="uri.html">URI</a> to obtain the <code>virConnectPtr</code>.
-    The <code>virConnectPtr</code> keeps track of the driver connection
-    plus a variety of other connections (network, interface, storage, etc.).
-    The <code>virConnectPtr</code> is then used as a parameter to other
-    virtualization <a href="#Functions">functions</a>. Depending upon the
-    driver being used, calls will be routed through the remote driver to
-    the libvirtd daemon. The daemon will reference the connection specific
-    driver in order to retrieve the requested information and then pass
-    back status and/or data through the connection back to the application.
-    The application can then decide what to do with that data, such as
-    display, write log data, etc. <a href="migration.html">Migration</a>
-    is an example of many facets of the architecture in use.</p>
-
-    <p class="image">
-      <img alt="The libvirt daemon and remote architecture"
-           src="libvirt-daemon-arch.png"/>
-    </p>
-    <p>
-    The key takeaway from the above diagram is that there is a remote driver
-    which handles transactions for a majority of the drivers. The libvirtd
-    daemon running on the host will receive transaction requests from the
-    remote driver and will then query the hypervisor driver as specified in
-    the <code>virConnectPtr</code> in order to fetch the data. The data will
-    then be returned through the remote driver to the client application
-    for processing.
-    </p>
-    <p>If you are interested in contributing to libvirt, read the
-    <a href="http://wiki.libvirt.org/page/FAQ">FAQ</a> and
-    <a href="hacking.html">hacking</a> guidelines to gain an understanding
-    of basic rules and guidelines.  In order to add new API functionality
-    follow the instructions regarding
-    <a href="api_extension.html">implementing a new API in libvirt</a>.
-    </p>
-
-  </body>
-</html>

docs/api.rst

@@ -0,0 +1,265 @@
+========================
+The libvirt API concepts
+========================
+
+This page describes the main principles and architecture choices behind
+the definition of the libvirt API:
+
+.. contents::
+
+Objects Exposed
+---------------
+
+As defined in the `goals section <goals.html>`__, the libvirt API is
+designed to expose all the resources needed to manage the virtualization
+support of recent operating systems. The first object manipulated
+through the API is the ``virConnectPtr``, which represents the
+connection to a hypervisor. Any application using libvirt is likely to
+start using the API by calling one of `the virConnectOpen
+functions <html/libvirt-libvirt-host.html#virConnectOpen>`__. You will
+note that those functions take a name argument which is actually a
+`connection URI <uri.html>`__ to select the right hypervisor to open. A
+URI is needed to allow remote connections and also select between
+different possible hypervisors. For example, on a Linux system it may be
+possible to use both KVM and LinuxContainers on the same node. A NULL
+name will default to a preselected hypervisor, but it's probably not a
+wise thing to do in most cases. See the `connection URI <uri.html>`__
+page for a full descriptions of the values allowed.
+
+OnDevice the application obtains a
+`virConnectPtr </html/libvirt-libvirt-host.html#virConnectPtr>`__
+connection to the hypervisor it can then use it to manage the
+hypervisor's available domains and related virtualization resources,
+such as storage and networking. All those are exposed as first class
+objects and connected to the hypervisor connection (and the node or
+cluster where it is available).
+
+|first class objects exposed by the API|
+
+The figure above shows the five main objects exported by the API:
+
+-  `virConnectPtr <html/libvirt-libvirt-host.html#virConnectPtr>`__
+
+   Represents the connection to a hypervisor. Use one of the
+   `virConnectOpen <html/libvirt-libvirt-host.html#virConnectOpen>`__
+   functions to obtain connection to the hypervisor which is then used
+   as a parameter to other connection API's.
+
+-  `virDomainPtr <html/libvirt-libvirt-domain.html#virDomainPtr>`__
+
+   Represents one domain either active or defined (i.e. existing as
+   permanent config file and storage but not currently running on that
+   node). The function
+   `virConnectListAllDomains <html/libvirt-libvirt-domain.html#virConnectListAllDomains>`__
+   lists all the domains for the hypervisor.
+
+-  `virNetworkPtr <html/libvirt-libvirt-network.html#virNetworkPtr>`__
+
+   Represents one network either active or defined (i.e. existing as
+   permanent config file and storage but not currently activated). The
+   function
+   `virConnectListAllNetworks <html/libvirt-libvirt-network.html#virConnectListAllNetworks>`__
+   lists all the virtualization networks for the hypervisor.
+
+-  `virStorageVolPtr <html/libvirt-libvirt-storage.html#virStorageVolPtr>`__
+
+   Represents one storage volume generally used as a block device
+   available to one of the domains. The function
+   `virStorageVolLookupByPath <html/libvirt-libvirt-storage.html#virStorageVolLookupByPath>`__
+   finds the storage volume object based on its path on the node.
+
+-  `virStoragePoolPtr <html/libvirt-libvirt-storage.html#virStoragePoolPtr>`__
+
+   Represents a storage pool, which is a logical area used to allocate
+   and store storage volumes. The function
+   `virConnectListAllStoragePools <html/libvirt-libvirt-storage.html#virConnectListAllStoragePools>`__
+   lists all of the virtualization storage pools on the hypervisor. The
+   function
+   `virStoragePoolLookupByVolume <html/libvirt-libvirt-storage.html#virStoragePoolLookupByVolume>`__
+   finds the storage pool containing a given storage volume.
+
+Most objects manipulated by the library can also be represented using
+XML descriptions. This is used primarily to create those object, but is
+also helpful to modify or save their description back.
+
+Domains, networks, and storage pools can be either ``active`` i.e.
+either running or available for immediate use, or ``defined`` in which
+case they are inactive but there is a permanent definition available in
+the system for them. Based on this they can be activated dynamically in
+order to be used.
+
+Most objects can also be named in various ways:
+
+-  ``name``
+
+   A user friendly identifier but whose uniqueness cannot be guaranteed
+   between two nodes.
+
+-  ``ID``
+
+   A runtime unique identifier provided by the hypervisor for one given
+   activation of the object; however, it becomes invalid once the
+   resource is deactivated.
+
+-  ``UUID``
+
+   A 16 byte unique identifier as defined in `RFC
+   4122 <https://www.ietf.org/rfc/rfc4122.txt>`__, which is guaranteed
+   to be unique for long term usage and across a set of nodes.
+
+Functions and Naming Conventions
+--------------------------------
+
+The naming of the functions present in the library is usually composed
+by a prefix describing the object associated to the function and a verb
+describing the action on that object.
+
+For each first class object you will find APIs for the following
+actions:
+
+-  **Lookup** [...LookupBy...]
+
+   Used to perform lookups on objects by some type of identifier, such
+   as:
+
+   -  `virDomainLookupByID <html/libvirt-libvirt-domain.html#virDomainLookupByID>`__
+   -  `virDomainLookupByName <html/libvirt-libvirt-domain.html#virDomainLookupByName>`__
+   -  `virDomainLookupByUUID <html/libvirt-libvirt-domain.html#virDomainLookupByUUID>`__
+   -  `virDomainLookupByUUIDString <html/libvirt-libvirt-domain.html#virDomainLookupByUUIDString>`__
+
+-  **Enumeration** [virConnectList..., virConnectNumOf...]
+
+   Used to enumerate a set of object available to a given hypervisor
+   connection such as:
+
+   -  `virConnectListDomains <html/libvirt-libvirt-domain.html#virConnectListDomains>`__
+   -  `virConnectNumOfDomains <html/libvirt-libvirt-domain.html#virConnectNumOfDomains>`__
+   -  `virConnectListNetworks <html/libvirt-libvirt-network.html#virConnectListNetworks>`__
+   -  `virConnectListStoragePools <html/libvirt-libvirt-storage.html#virConnectListStoragePools>`__
+
+-  **Description** [...GetInfo]
+
+   Generic accessor providing a set of generic information about an
+   object, such as:
+
+   -  `virNodeGetInfo <html/libvirt-libvirt-host.html#virNodeGetInfo>`__
+   -  `virDomainGetInfo <html/libvirt-libvirt-domain.html#virDomainGetInfo>`__
+   -  `virStoragePoolGetInfo <html/libvirt-libvirt-storage.html#virStoragePoolGetInfo>`__
+   -  `virStorageVolGetInfo <html/libvirt-libvirt-storage.html#virStorageVolGetInfo>`__
+
+-  **Accessors** [...Get..., ...Set...]
+
+   Specific accessors used to query or modify data for the given object,
+   such as:
+
+   -  `virConnectGetType <html/libvirt-libvirt-host.html#virConnectGetType>`__
+   -  `virDomainGetMaxMemory <html/libvirt-libvirt-domain.html#virDomainGetMaxMemory>`__
+   -  `virDomainSetMemory <html/libvirt-libvirt-domain.html#virDomainSetMemory>`__
+   -  `virDomainGetVcpus <html/libvirt-libvirt-domain.html#virDomainGetVcpus>`__
+   -  `virStoragePoolSetAutostart <html/libvirt-libvirt-storage.html#virStoragePoolSetAutostart>`__
+   -  `virNetworkGetBridgeName <html/libvirt-libvirt-network.html#virNetworkGetBridgeName>`__
+
+-  **Creation** [...Create, ...CreateXML]
+
+   Used to create and start objects. The ...CreateXML APIs will create
+   the object based on an XML description, while the ...Create APIs will
+   create the object based on existing object pointer, such as:
+
+   -  `virDomainCreate <html/libvirt-libvirt-domain.html#virDomainCreate>`__
+   -  `virDomainCreateXML <html/libvirt-libvirt-domain.html#virDomainCreateXML>`__
+   -  `virNetworkCreate <html/libvirt-libvirt-network.html#virNetworkCreate>`__
+   -  `virNetworkCreateXML <html/libvirt-libvirt-network.html#virNetworkCreateXML>`__
+
+-  **Destruction** [...Destroy]
+
+   Used to shutdown or deactivate and destroy objects, such as:
+
+   -  `virDomainDestroy <html/libvirt-libvirt-domain.html#virDomainDestroy>`__
+   -  `virNetworkDestroy <html/libvirt-libvirt-network.html#virNetworkDestroy>`__
+   -  `virStoragePoolDestroy <html/libvirt-libvirt-storage.html#virStoragePoolDestroy>`__
+
+Note: functions returning vir*Ptr (like the virDomainLookup functions)
+allocate memory which needs to be freed by the caller by the
+corresponding vir*Free function (e.g. virDomainFree for a virDomainPtr
+object).
+
+For more in-depth details of the storage related APIs see `the storage
+management page <storage.html>`__.
+
+The libvirt Drivers
+-------------------
+
+Drivers are the basic building block for libvirt functionality to
+support the capability to handle specific hypervisor driver calls.
+Drivers are discovered and registered during connection processing as
+part of the
+`virInitialize <html/libvirt-libvirt-host.html#virInitialize>`__
+API. Each driver has a registration API which loads up the driver
+specific function references for the libvirt APIs to call. The following
+is a simplistic view of the hypervisor driver mechanism. Consider the
+stacked list of drivers as a series of modules that can be plugged into
+the architecture depending on how libvirt is configured to be built.
+
+|The libvirt driver architecture|
+
+The driver architecture is also used to support other virtualization
+components such as storage, storage pools, host device, networking,
+network interfaces, and network filters.
+
+See the `libvirt drivers <drivers.html>`__ page for more information on
+hypervisor and storage specific drivers.
+
+Not all drivers support every virtualization function possible. The
+`libvirt API support matrix <hvsupport.html>`__ lists the various
+functions and support found in each driver by the version support was
+added into libvirt.
+
+Daemon and Remote Access
+------------------------
+
+Access to libvirt drivers is primarily handled by the libvirtd daemon
+through the `remote <remote.html>`__ driver via an
+`RPC <internals/rpc.html>`__. Some hypervisors do support client-side
+connections and responses, such as Test, OpenVZ, VMware, VirtualBox
+(vbox), ESX, Hyper-V, Xen, and Virtuozzo. The libvirtd daemon service is
+started on the host at system boot time and can also be restarted at any
+time by a properly privileged user, such as root. The libvirtd daemon
+uses the same libvirt API
+`virInitialize <html/libvirt-libvirt-host.html#virInitialize>`__
+sequence as applications for client-side driver registrations, but then
+extends the registered driver list to encompass all known drivers
+supported for all driver types supported on the host.
+
+The libvirt client `applications <apps.html>`__ use a `URI <uri.html>`__
+to obtain the ``virConnectPtr``. The ``virConnectPtr`` keeps track of
+the driver connection plus a variety of other connections (network,
+interface, storage, etc.). The ``virConnectPtr`` is then used as a
+parameter to other virtualization `functions <#Functions>`__. Depending
+upon the driver being used, calls will be routed through the remote
+driver to the libvirtd daemon. The daemon will reference the connection
+specific driver in order to retrieve the requested information and then
+pass back status and/or data through the connection back to the
+application. The application can then decide what to do with that data,
+such as display, write log data, etc. `Migration <migration.html>`__ is
+an example of many facets of the architecture in use.
+
+|The libvirt daemon and remote architecture|
+
+The key takeaway from the above diagram is that there is a remote driver
+which handles transactions for a majority of the drivers. The libvirtd
+daemon running on the host will receive transaction requests from the
+remote driver and will then query the hypervisor driver as specified in
+the ``virConnectPtr`` in order to fetch the data. The data will then be
+returned through the remote driver to the client application for
+processing.
+
+If you are interested in contributing to libvirt, read the
+`FAQ <https://wiki.libvirt.org/page/FAQ>`__ and
+`hacking <hacking.html>`__ guidelines to gain an understanding of basic
+rules and guidelines. In order to add new API functionality follow the
+instructions regarding `implementing a new API in
+libvirt <api_extension.html>`__.
+
+.. |first class objects exposed by the API| image:: libvirt-object-model.png
+.. |The libvirt driver architecture| image:: libvirt-driver-arch.png
+.. |The libvirt daemon and remote architecture| image:: libvirt-daemon-arch.png

docs/api_extension.html.in

@@ -1,371 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Implementing a new API in Libvirt</h1>
-
-    <ul id="toc"></ul>
-
-    <p>
-      This document walks you through the process of implementing a new
-      API in libvirt.  Remember that new API consists of any new public
-      functions, as well as the addition of flags or extensions of XML used by
-      existing functions.
-    </p>
-
-    <p>
-      Before you begin coding, it is critical that you propose your
-      changes on the libvirt mailing list and get feedback on your ideas to
-      make sure what you're proposing fits with the general direction of the
-      project.  Even before doing a proof of concept implementation, send an
-      email giving an overview of the functionality you think should be
-      added to libvirt.  Someone may already be working on the feature you
-      want.  Also, recognize that everything you write is likely to undergo
-      significant rework as you discuss it with the other developers, so
-      don't wait too long before getting feedback.
-    </p>
-
-    <p>
-      Adding a new API to libvirt is not difficult, but there are quite a
-      few steps.  This document assumes that you are familiar with C
-      programming and have checked out the libvirt code from the source code
-      repository and successfully built the existing tree.  Instructions on
-      how to check out and build the code can be found at:
-    </p>
-
-    <p>
-      <a href="https://libvirt.org/downloads.html">https://libvirt.org/downloads.html</a>
-    </p>
-
-    <p>
-      Once you have a working development environment, the steps to create a
-      new API are:
-    </p>
-    <ol>
-      <li>define the public API</li>
-      <li>define the internal driver API</li>
-      <li>implement the public API</li>
-      <li>implement the remote protocol:
-        <ol>
-          <li>define the wire protocol format</li>
-          <li>implement the RPC client</li>
-          <li>implement the server side dispatcher</li>
-        </ol>
-      </li>
-      <li>use new API where appropriate in drivers</li>
-      <li>add virsh support</li>
-      <li>add common handling for new API</li>
-      <li>for each driver that can support the new API:
-        <ol>
-          <li>add prerequisite support</li>
-          <li>fully implement new API</li>
-        </ol>
-      </li>
-    </ol>
-
-    <p>
-      It is, of course, possible to implement the pieces in any order, but
-      if the development tasks are completed in the order listed, the code
-      will compile after each step.  Given the number of changes required,
-      verification after each step is highly recommended.
-    </p>
-
-    <p>
-      Submit new code in the form of one patch per step.  That's not to say
-      submit patches before you have working functionality--get the whole thing
-      working and make sure you're happy with it.  Then use git to break the
-      changes into pieces so you don't drop a big blob of code on the
-      mailing list in one go.  Also, you should follow the upstream tree, and
-      rebase your series to adapt your patches to work with any other changes
-      that were accepted upstream during your development.
-    </p>
-
-    <p>
-      Don't mix anything else into the patches you submit.  The patches
-      should be the minimal changes required to implement the functionality
-      you're adding.  If you notice a bug in unrelated code (i.e., code you
-      don't have to touch to implement your API change) during development,
-      create a patch that just addresses that bug and submit it
-      separately.
-    </p>
-
-    <h2><a id='publicapi'>Defining the public API</a></h2>
-
-    <p>The first task is to define the public API.  If the new API
-      involves an XML extension, you have to enhance the RelaxNG
-      schema and document the new elements or attributes:</p>
-
-    <p><code>
-        docs/schemas/domaincommon.rng<br/>
-        docs/formatdomain.html.in
-    </code></p>
-
-    <p>If the API extension involves a new function, you have to add a
-      declaration in the public header, and arrange to export the
-      function name (symbol) so other programs can link against the
-      libvirt library and call the new function:</p>
-
-    <p><code>
-        include/libvirt/libvirt-$MODULE.h.in
-        src/libvirt_public.syms
-    </code></p>
-
-    <p>
-      This task is in many ways the most important to get right, since once
-      the API has been committed to the repository, it's libvirt's policy
-      never to change it.  Mistakes in the implementation are bugs that you
-      can fix.  Make a mistake in the API definition and you're stuck with
-      it, so think carefully about the interface and don't be afraid to
-      rework it as you go through the process of implementing it.
-    </p>
-
-    <h2><a id='internalapi'>Defining the internal API</a></h2>
-
-    <p>
-      Each public API call is associated with a driver, such as a host
-      virtualization driver, a network virtualization driver, a storage
-      virtualization driver, a state driver, or a device monitor.  Adding
-      the internal API is ordinarily a matter of adding a new member to the
-      struct representing one of these drivers.
-    </p>
-
-    <p>
-      Of course, it's possible that the new API will involve the creation of
-      an entirely new driver type, in which case the changes will include the
-      creation of a new struct type to represent the new driver type.
-    </p>
-
-    <p>The driver structs are defined in:</p>
-
-    <p><code>src/driver-$MODULE.h</code></p>
-
-    <p>
-      To define the internal API, first typedef the driver function
-      prototype and then add a new field for it to the relevant driver
-      struct.  Then, update all existing instances of the driver to
-      provide a <code>NULL</code> stub for the new function.
-    </p>
-
-    <h2><a id='implpublic'>Implementing the public API</a></h2>
-
-    <p>
-      Implementing the public API is largely a formality in which we wire up
-      public API to the internal driver API.  The public API implementation
-      takes care of some basic validity checks before passing control to the
-      driver implementation.  In RFC 2119 vocabulary, this function:
-    </p>
-
-    <ol class="ordinarylist">
-      <li>SHOULD log a message with VIR_DEBUG() indicating that it is
-        being called and its parameters;</li>
-      <li>MUST call virResetLastError();</li>
-      <li>SHOULD confirm that the connection is valid with
-        virCheckConnectReturn() or virCheckConnectGoto();</li>
-      <li><strong>SECURITY: If the API requires a connection with write
-          privileges, MUST confirm that the connection flags do not
-          indicate that the connection is read-only with
-          virCheckReadOnlyGoto();</strong></li>
-      <li>SHOULD do basic validation of the parameters that are being
-        passed in, using helpers like virCheckNonNullArgGoto();</li>
-      <li>MUST confirm that the driver for this connection exists and that
-        it implements this function;</li>
-      <li>MUST call the internal API;</li>
-      <li>SHOULD log a message with VIR_DEBUG() indicating that it is
-        returning, its return value, and status.</li>
-      <li>MUST return status to the caller.</li>
-    </ol>
-
-    <p>The public API calls are implemented in:</p>
-
-    <p><code>src/libvirt-$MODULE.c</code></p>
-
-    <h2><a id='remoteproto'>Implementing the remote protocol</a></h2>
-
-    <p>
-      Implementing the remote protocol is essentially a
-      straightforward exercise which is probably most easily
-      understood by referring to the existing code.
-    </p>
-
-    <h3><a id='wireproto'>Defining the wire protocol format</a></h3>
-
-    <p>
-      Defining the wire protocol involves making additions to:
-    </p>
-
-    <p><code>src/remote/remote_protocol.x</code></p>
-
-    <p>
-      First, create two new structs for each new function that you're adding
-      to the API.  One struct describes the parameters to be passed to the
-      remote function, and a second struct describes the value returned by
-      the remote function.  The one exception to this rule is that functions
-      that return only 0 or -1 for status do not require a struct for returned
-      data.
-    </p>
-
-    <p>
-      Second, add values to the remote_procedure enum for each new function
-      added to the API.
-    </p>
-
-    <p>
-      Once these changes are in place, it's necessary to run 'make rpcgen'
-      in the src directory to create the .c and .h files required by the
-      remote protocol code. This must be done on a Linux host using the
-      GLibC rpcgen program. Other rpcgen versions may generate code which
-      results in bogus compile time warnings.  This regenerates the
-      following files:
-    </p>
-
-    <p><code>
-        src/remote/remote_daemon_dispatch_stubs.h
-        src/remote/remote_daemon_dispatch.h
-        src/remote/remote_daemon_dispatch.c
-        src/remote/remote_protocol.c
-        src/remote/remote_protocol.h
-    </code></p>
-
-    <h3><a id='rpcclient'>Implement the RPC client</a></h3>
-
-    <p>
-      Implementing the RPC client uses the rpcgen generated .h files.
-      The remote method calls go in:
-    </p>
-
-    <p><code>src/remote/remote_driver.c</code></p>
-
-    <p>Each remote method invocation does the following:</p>
-
-    <ol class="ordinarylist">
-      <li>locks the remote driver;</li>
-      <li>sets up the method arguments;</li>
-      <li>invokes the remote function;</li>
-      <li>checks the return value, if necessary;</li>
-      <li>extracts any returned data;</li>
-      <li>frees any returned data;</li>
-      <li>unlocks the remote driver.</li>
-    </ol>
-
-    <h3><a id="serverdispatch">Implement the server side dispatcher</a></h3>
-
-    <p>
-      Implementing the server side of the remote function call is simply a
-      matter of deserializing the parameters passed in from the remote
-      caller and passing them to the corresponding internal API function.
-      The server side dispatchers are implemented in:
-    </p>
-
-    <p><code>src/remote/remote_daemon_dispatch.c</code></p>
-
-    <p>Again, this step uses the .h files generated by make rpcgen.</p>
-
-    <p>
-      After all three pieces of the remote protocol are complete, and
-      the generated files have been updated, it will be necessary to
-      update the file:</p>
-
-    <p><code>src/remote_protocol-structs</code></p>
-
-    <p>
-      This file should only have new lines added; modifications to
-      existing lines probably imply a backwards-incompatible API change.
-    </p>
-
-    <h2><a id="internaluseapi">Use the new API internally</a></h2>
-
-    <p>
-      Sometimes, a new API serves as a superset of existing API, by
-      adding more granularity in what can be managed.  When this is
-      the case, it makes sense to share a common implementation by
-      making the older API become a trivial wrapper around the new
-      API, rather than duplicating the common code.  This step should
-      not introduce any semantic differences for the old API, and is
-      not necessary if the new API has no relation to existing API.
-    </p>
-
-    <h2><a id="virshuseapi">Expose the new API in virsh</a></h2>
-
-    <p>
-      All new API should be manageable from the virsh command line
-      shell.  This proves that the API is sufficient for the intended
-      purpose, and helps to identify whether the proposed API needs
-      slight changes for easier usage.  However, remember that virsh
-      is used to connect to hosts running older versions of libvirtd,
-      so new commands should have fallbacks to an older API if
-      possible; implementing the virsh hooks at this point makes it
-      very easy to test these fallbacks.  Also remember to document
-      virsh additions.
-    </p>
-
-    <p>
-      A virsh command is composed of a few pieces of code.  You need to
-      define an array of vshCmdInfo structs for each new command that
-      contain the help text and the command description text.  You also need
-      an array of vshCmdOptDef structs to describe the command options.
-      Once you have those pieces in place you can write the function
-      implementing the virsh command.  Finally, you need to add the new
-      command to the commands[] array.  The following files need changes:
-    </p>
-
-    <p><code>
-        tools/virsh-$MODULE.c<br/>
-        tools/virsh.pod
-    </code></p>
-
-    <h2><a id="driverimpl">Implement the driver methods</a></h2>
-
-    <p>
-      So, after all that, we get to the fun part.  All functionality in
-      libvirt is implemented inside a driver.  Thus, here is where you
-      implement whatever functionality you're adding to libvirt.  You'll
-      either need to add additional files to the src directory or extend
-      files that are already there, depending on what functionality you're
-      adding.
-    </p>
-
-    <h3><a id="commonimpl">Implement common handling</a></h3>
-
-    <p>
-      If the new API is applicable to more than one driver, it may
-      make sense to provide some utility routines, or to factor some
-      of the work into the dispatcher, to avoid reimplementing the
-      same code in every driver.  In the example code, this involved
-      adding a member to the virDomainDefPtr struct for mapping
-      between the XML API addition and the in-memory representation of
-      a domain, along with updating all clients to use the new member.
-      Up to this point, there have been no changes to existing
-      semantics, and the new APIs will fail unless they are used in
-      the same way as the older API wrappers.
-    </p>
-
-    <h3><a id="drivercode">Implement driver handling</a></h3>
-
-    <p>
-      The remaining patches should only touch one driver at a time.
-      It is possible to implement all changes for a driver in one
-      patch, but for review purposes it may still make sense to break
-      things into simpler steps.  Here is where the new APIs finally
-      start working.
-    </p>
-
-    <p>
-      It is always a good idea to patch the test driver in addition to the
-      target driver, to prove that the API can be used for more than one
-      driver.
-    </p>
-
-    <p>
-      Any cleanups resulting from the changes should be added as separate
-      patches at the end of the series.
-    </p>
-
-    <p>
-      Once you have working functionality, run make check and make
-      syntax-check on each patch of the series before submitting
-      patches.  It may also be worth writing tests for the libvirt-TCK
-      testsuite to exercise your new API, although those patches are
-      not kept in the libvirt repository.
-    </p>
-  </body>
-</html>

docs/api_extension.rst

@@ -0,0 +1,291 @@
+=================================
+Implementing a new API in Libvirt
+=================================
+
+.. contents::
+
+This document walks you through the process of implementing a new API in
+libvirt. Remember that new API consists of any new public functions, as
+well as the addition of flags or extensions of XML used by existing
+functions.
+
+Before you begin coding, it is critical that you propose your changes on
+the libvirt mailing list and get feedback on your ideas to make sure
+what you're proposing fits with the general direction of the project.
+Even before doing a proof of concept implementation, send an email
+giving an overview of the functionality you think should be added to
+libvirt. Someone may already be working on the feature you want. Also,
+recognize that everything you write is likely to undergo significant
+rework as you discuss it with the other developers, so don't wait too
+long before getting feedback.
+
+Adding a new API to libvirt is not difficult, but there are quite a few
+steps. This document assumes that you are familiar with C programming
+and have checked out the libvirt code from the source code repository
+and successfully built the existing tree. Instructions on how to check
+out and build the code can be found at:
+
+https://libvirt.org/downloads.html
+
+Once you have a working development environment, the steps to create a
+new API are:
+
+#. define the public API
+#. define the internal driver API
+#. implement the public API
+#. implement the remote protocol:
+
+   #. define the wire protocol format
+   #. implement the RPC client
+   #. implement the server side dispatcher
+
+#. use new API where appropriate in drivers
+#. add virsh support
+#. add common handling for new API
+#. for each driver that can support the new API:
+
+   #. add prerequisite support
+   #. fully implement new API
+
+It is, of course, possible to implement the pieces in any order, but if
+the development tasks are completed in the order listed, the code will
+compile after each step. Given the number of changes required,
+verification after each step is highly recommended.
+
+Submit new code in the form of one patch per step. That's not to say
+submit patches before you have working functionality--get the whole
+thing working and make sure you're happy with it. Then use git to break
+the changes into pieces so you don't drop a big blob of code on the
+mailing list in one go. Also, you should follow the upstream tree, and
+rebase your series to adapt your patches to work with any other changes
+that were accepted upstream during your development.
+
+Don't mix anything else into the patches you submit. The patches should
+be the minimal changes required to implement the functionality you're
+adding. If you notice a bug in unrelated code (i.e., code you don't have
+to touch to implement your API change) during development, create a
+patch that just addresses that bug and submit it separately.
+
+Defining the public API
+-----------------------
+
+The first task is to define the public API. If the new API involves an
+XML extension, you have to enhance the RelaxNG schema and document the
+new elements or attributes:
+
+``docs/schemas/domaincommon.rng         docs/formatdomain.html.in``
+
+If the API extension involves a new function, you have to add a
+declaration in the public header, and arrange to export the function
+name (symbol) so other programs can link against the libvirt library and
+call the new function:
+
+``include/libvirt/libvirt-$MODULE.h.in         src/libvirt_public.syms``
+
+Please consult our `coding
+style <coding-style.html#xml-element-and-attribute-naming>`__ guide on
+elements and attribute names.
+
+This task is in many ways the most important to get right, since once
+the API has been committed to the repository, it's libvirt's policy
+never to change it. Mistakes in the implementation are bugs that you can
+fix. Make a mistake in the API definition and you're stuck with it, so
+think carefully about the interface and don't be afraid to rework it as
+you go through the process of implementing it.
+
+Defining the internal API
+-------------------------
+
+Each public API call is associated with a driver, such as a host
+virtualization driver, a network virtualization driver, a storage
+virtualization driver, a state driver, or a device monitor. Adding the
+internal API is ordinarily a matter of adding a new member to the struct
+representing one of these drivers.
+
+Of course, it's possible that the new API will involve the creation of
+an entirely new driver type, in which case the changes will include the
+creation of a new struct type to represent the new driver type.
+
+The driver structs are defined in:
+
+``src/driver-$MODULE.h``
+
+To define the internal API, first typedef the driver function prototype
+and then add a new field for it to the relevant driver struct. Then,
+update all existing instances of the driver to provide a ``NULL`` stub
+for the new function.
+
+Implementing the public API
+---------------------------
+
+Implementing the public API is largely a formality in which we wire up
+public API to the internal driver API. The public API implementation
+takes care of some basic validity checks before passing control to the
+driver implementation. In RFC 2119 vocabulary, this function:
+
+#. SHOULD log a message with VIR_DEBUG() indicating that it is being
+   called and its parameters;
+#. MUST call virResetLastError();
+#. SHOULD confirm that the connection is valid with
+   virCheckConnectReturn() or virCheckConnectGoto();
+#. **SECURITY: If the API requires a connection with write privileges,
+   MUST confirm that the connection flags do not indicate that the
+   connection is read-only with virCheckReadOnlyGoto();**
+#. SHOULD do basic validation of the parameters that are being passed
+   in, using helpers like virCheckNonNullArgGoto();
+#. MUST confirm that the driver for this connection exists and that it
+   implements this function;
+#. MUST call the internal API;
+#. SHOULD log a message with VIR_DEBUG() indicating that it is
+   returning, its return value, and status.
+#. MUST return status to the caller.
+
+The public API calls are implemented in:
+
+``src/libvirt-$MODULE.c``
+
+Implementing the remote protocol
+--------------------------------
+
+Implementing the remote protocol is essentially a straightforward
+exercise which is probably most easily understood by referring to the
+existing code.
+
+Defining the wire protocol format
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Defining the wire protocol involves making additions to:
+
+``src/remote/remote_protocol.x``
+
+First, create two new structs for each new function that you're adding
+to the API. One struct describes the parameters to be passed to the
+remote function, and a second struct describes the value returned by the
+remote function. The one exception to this rule is that functions that
+return only 0 or -1 for status do not require a struct for returned
+data.
+
+Second, add values to the remote_procedure enum for each new function
+added to the API.
+
+Once these changes are in place, it's necessary to run 'make rpcgen' in
+the src directory to create the .c and .h files required by the remote
+protocol code. This must be done on a Linux host using the GLibC rpcgen
+program. Other rpcgen versions may generate code which results in bogus
+compile time warnings. This regenerates the following files:
+
+``src/remote/remote_daemon_dispatch_stubs.h         src/remote/remote_daemon_dispatch.h         src/remote/remote_daemon_dispatch.c         src/remote/remote_protocol.c         src/remote/remote_protocol.h``
+
+Implement the RPC client
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+Implementing the RPC client uses the rpcgen generated .h files. The
+remote method calls go in:
+
+``src/remote/remote_driver.c``
+
+Each remote method invocation does the following:
+
+#. locks the remote driver;
+#. sets up the method arguments;
+#. invokes the remote function;
+#. checks the return value, if necessary;
+#. extracts any returned data;
+#. frees any returned data;
+#. unlocks the remote driver.
+
+Implement the server side dispatcher
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Implementing the server side of the remote function call is simply a
+matter of deserializing the parameters passed in from the remote caller
+and passing them to the corresponding internal API function. The server
+side dispatchers are implemented in:
+
+``src/remote/remote_daemon_dispatch.c``
+
+Again, this step uses the .h files generated by make rpcgen.
+
+After all three pieces of the remote protocol are complete, and the
+generated files have been updated, it will be necessary to update the
+file:
+
+``src/remote_protocol-structs``
+
+This file should only have new lines added; modifications to existing
+lines probably imply a backwards-incompatible API change.
+
+Use the new API internally
+--------------------------
+
+Sometimes, a new API serves as a superset of existing API, by adding
+more granularity in what can be managed. When this is the case, it makes
+sense to share a common implementation by making the older API become a
+trivial wrapper around the new API, rather than duplicating the common
+code. This step should not introduce any semantic differences for the
+old API, and is not necessary if the new API has no relation to existing
+API.
+
+Expose the new API in virsh
+---------------------------
+
+All new API should be manageable from the virsh command line shell. This
+proves that the API is sufficient for the intended purpose, and helps to
+identify whether the proposed API needs slight changes for easier usage.
+However, remember that virsh is used to connect to hosts running older
+versions of libvirtd, so new commands should have fallbacks to an older
+API if possible; implementing the virsh hooks at this point makes it
+very easy to test these fallbacks. Also remember to document virsh
+additions.
+
+A virsh command is composed of a few pieces of code. You need to define
+an array of vshCmdInfo structs for each new command that contain the
+help text and the command description text. You also need an array of
+vshCmdOptDef structs to describe the command options. Once you have
+those pieces in place you can write the function implementing the virsh
+command. Finally, you need to add the new command to the commands[]
+array. The following files need changes:
+
+``tools/virsh-$MODULE.c         tools/virsh.pod``
+
+Implement the driver methods
+----------------------------
+
+So, after all that, we get to the fun part. All functionality in libvirt
+is implemented inside a driver. Thus, here is where you implement
+whatever functionality you're adding to libvirt. You'll either need to
+add additional files to the src directory or extend files that are
+already there, depending on what functionality you're adding.
+
+Implement common handling
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+If the new API is applicable to more than one driver, it may make sense
+to provide some utility routines, or to factor some of the work into the
+dispatcher, to avoid reimplementing the same code in every driver. In
+the example code, this involved adding a member to the virDomainDef
+struct for mapping between the XML API addition and the in-memory
+representation of a domain, along with updating all clients to use the
+new member. Up to this point, there have been no changes to existing
+semantics, and the new APIs will fail unless they are used in the same
+way as the older API wrappers.
+
+Implement driver handling
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The remaining patches should only touch one driver at a time. It is
+possible to implement all changes for a driver in one patch, but for
+review purposes it may still make sense to break things into simpler
+steps. Here is where the new APIs finally start working.
+
+It is always a good idea to patch the test driver in addition to the
+target driver, to prove that the API can be used for more than one
+driver.
+
+Any cleanups resulting from the changes should be added as separate
+patches at the end of the series.
+
+Once you have working functionality, run ninja test on each patch of the
+series before submitting patches. It may also be worth writing tests for
+the libvirt-TCK testsuite to exercise your new API, although those
+patches are not kept in the libvirt repository.

docs/apps.html.in

@@ -1,481 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Applications using libvirt</h1>
-
-    <p>
-      This page provides an illustration of the wide variety of
-      applications using the libvirt management API.
-    </p>
-
-    <ul id="toc"></ul>
-
-    <h2><a id="add">Add an application</a></h2>
-
-    <p>
-      To add an application not listed on this page, send a message
-      to the <a href="contact.html">mailing list</a>, requesting it
-      be added here, or simply send a patch against the documentation
-      in the libvirt.git docs subdirectory.
-      If your application uses libvirt as its API,
-      the following graphics are available for your website to advertise
-      support for libvirt:
-    </p>
-
-    <p class="image">
-      <img src="logos/logo-square-powered-96.png" alt="libvirt powered"/>
-      <img src="logos/logo-square-powered-128.png" alt="libvirt powered"/>
-      <img src="logos/logo-square-powered-192.png" alt="libvirt powered"/>
-      <img src="logos/logo-square-powered-256.png" alt="libvirt powered"/>
-    </p>
-
-    <h2><a id="command">Command line tools</a></h2>
-
-    <dl>
-      <dt><a href="http://libguestfs.org">guestfish</a></dt>
-      <dd>
-        Guestfish is an interactive shell and command-line tool for examining
-        and modifying virtual machine filesystems.  It uses libvirt to find
-        guests and their associated disks.
-      </dd>
-      <dt>virsh</dt>
-      <dd>
-        An interactive shell, and batch scriptable tool for performing
-        management tasks on all libvirt managed domains, networks and
-        storage. This is part of the libvirt core distribution.
-      </dd>
-      <dt><a href="https://virt-manager.org/">virt-clone</a></dt>
-      <dd>
-        Allows the disk image(s) and configuration for an existing
-        virtual machine to be cloned to form a new virtual machine.
-        It automates copying of data across to new disk images, and
-        updates the UUID, MAC address, and name in the configuration.
-      </dd>
-      <dt><a href="https://people.redhat.com/rjones/virt-df/">virt-df</a></dt>
-      <dd>
-        Examine the utilization of each filesystem in a virtual machine
-        from the comfort of the host machine. This tool peeks into the
-        guest disks and determines how much space is used. It can cope
-        with common Linux filesystems and LVM volumes.
-      </dd>
-      <dt><a href="https://virt-manager.org/">virt-image</a></dt>
-      <dd>
-        Provides a way to deploy virtual appliances. It defines a
-        simplified portable XML format describing the pre-requisites
-        of a virtual machine. At time of deployment this is translated
-        into the domain XML format for execution under any libvirt
-        hypervisor meeting the pre-requisites.
-      </dd>
-      <dt><a href="https://virt-manager.org/">virt-install</a></dt>
-      <dd>
-        Provides a way to provision new virtual machines from a
-        OS distribution install tree. It supports provisioning from
-        local CD images, and the network over NFS, HTTP and FTP.
-      </dd>
-      <dt><a href="https://people.redhat.com/rjones/virt-top/">virt-top</a></dt>
-      <dd>
-        Watch the CPU, memory, network and disk utilization of all
-        virtual machines running on a host.
-      </dd>
-      <dt>
-        <a href="https://people.redhat.com/~rjones/virt-what/">virt-what</a>
-      </dt>
-      <dd>
-        virt-what is a shell script for detecting if the program is running
-        in a virtual machine.  It prints out a list of facts about the
-        virtual machine, derived from heuristics.
-      </dd>
-      <dt><a href="https://sourceware.org/systemtap/">stap</a></dt>
-      <dd>
-        SystemTap is a tool used to gather rich information about a running
-        system through the use of scripts. Starting from v2.4, the front-end
-        application stap can use libvirt to gather data within virtual
-        machines.
-      </dd>
-      <dt><a href="https://github.com/pradels/vagrant-libvirt/">vagrant-libvirt</a></dt>
-      <dd>
-        Vagrant-Libvirt is a Vagrant plugin that uses libvirt to manage virtual
-        machines. It is a command line tool for developers that makes it very
-        fast and easy to deploy and re-deploy an environment of vm's.
-      </dd>
-      <dt><a href="https://github.com/virt-lightning/virt-lightning">virt-lightning</a></dt>
-      <dd>
-        Virt-Lightning uses libvirt, cloud-init and libguestfs to allow anyone
-        to quickly start a new VM. Very much like a container CLI, but with a
-        virtual machine.
-      </dd>
-    </dl>
-
-    <h2><a id="configmgmt">Configuration Management</a></h2>
-
-    <dl>
-      <dt><a href="https://wiki.lcfg.org/bin/view/LCFG/LcfgLibvirt">LCFG</a></dt>
-      <dd>
-        LCFG is a system for automatically installing and managing the
-        configuration of large numbers of Unix systems.  It is particularly
-        suitable for sites with very diverse and rapidly changing
-        configurations.
-      </dd>
-      <dd>
-        The lcfg-libvirt package adds support for virtualized systems to
-        LCFG, with both Xen and KVM known to work.  Cloning guests is
-        supported, as are the bridged, routed, and isolated modes for
-        Virtual Networking.
-      </dd>
-    </dl>
-
-    <h2><a id="continuousintegration">Continuous Integration</a></h2>
-
-    <dl>
-      <dt><a href="http://docs.buildbot.net/latest/manual/configuration/workers-libvirt.html">BuildBot</a></dt>
-      <dd>
-        BuildBot is a system to automate the compile/test cycle required
-        by most software projects.  CVS commits trigger new builds, run on
-        a variety of client machines.  Build status (pass/fail/etc) are
-        displayed on a web page or through other protocols.
-      </dd>
-    </dl>
-
-    <dl>
-      <dt><a href="https://wiki.jenkins-ci.org/display/JENKINS/Libvirt+Slaves+Plugin">Jenkins</a></dt>
-      <dd>
-        This plugin for Jenkins adds a way to control guest domains hosted
-        on Xen or QEMU/KVM.  You configure a Jenkins Slave,
-        selecting the guest domain and hypervisor.  When you need to build a
-        job on a specific Slave, its guest domain is started, then the job is
-        run.  When the build process is finished, the guest domain is shut
-        down, ready to be used again as required.
-      </dd>
-    </dl>
-
-    <h2><a id="conversion">Conversion</a></h2>
-
-    <dl>
-      <dt><a href="http://libguestfs.org/virt-p2v.1.html">virt-p2v</a></dt>
-      <dd>
-        Convert a physical machine to run on KVM.  It is a LiveCD
-        which is booted on the machine to be converted.  It collects a
-        little information from the user, then copies the disks over
-        to a remote machine and defines the XML for a domain to run
-        the guest.  (Note this tool is included with libguestfs)
-      </dd>
-      <dt><a href="http://libguestfs.org/virt-v2v.1.html">virt-v2v</a></dt>
-      <dd>
-        virt-v2v converts guests from a foreign hypervisor to run on
-        KVM, managed by libvirt.  It can convert guests from VMware or
-        Xen to run on OpenStack, oVirt (RHEV-M), or local libvirt.  It
-        will enable VirtIO drivers in the converted guest if possible.
-        (Note this tool is included with libguestfs)
-      </dd>
-      <dd>
-        For RHEL customers of Red Hat, conversion of Windows guests is also
-        possible.  This conversion requires some Microsoft signed pieces,
-        that Red Hat can provide.
-      </dd>
-      <dt><a href="https://launchpad.net/virt-goodies">vmware2libvirt</a></dt>
-      <dd>
-        Part of the <i>virt-goodies</i> package, vmware2libvirt is a python
-        script for migrating a vmware image to libvirt.
-      </dd>
-    </dl>
-
-    <h2><a id="desktop">Desktop applications</a></h2>
-
-    <dl>
-      <dt><a href="https://virt-manager.org/">virt-manager</a></dt>
-      <dd>
-        A general purpose desktop management tool, able to manage
-        virtual machines across both local and remotely accessed
-        hypervisors. It is targeted at home and small office usage
-        up to managing 10-20 hosts and their VMs.
-      </dd>
-      <dt><a href="https://virt-manager.org/">virt-viewer</a></dt>
-      <dd>
-        A lightweight tool for accessing the graphical console
-        associated with a virtual machine. It can securely connect
-        to remote consoles supporting the VNC protocol. Also provides
-        an optional mozilla browser plugin.
-      </dd>
-      <dt><a href="https://f1ash.github.io/qt-virt-manager">qt-virt-manager</a></dt>
-      <dd>
-        The Qt GUI for create and control VMs and another virtual entities
-        (aka networks, storages, interfaces, secrets, network filters).
-        Contains integrated LXC/SPICE/VNC viewer for accessing the graphical or
-        text console associated with a virtual machine or container.
-      </dd>
-      <dt><a href="https://f1ash.github.io/qt-virt-manager/#virtual-machines-viewer">qt-remote-viewer</a></dt>
-      <dd>
-        The Qt VNC/SPICE viewer for access to remote desktops or VMs.
-      </dd>
-    </dl>
-
-    <h2><a id="iaas">Infrastructure as a Service (IaaS)</a></h2>
-
-    <dl>
-      <dt><a href="http://cc1.ifj.edu.pl">Cracow Cloud One</a></dt>
-      <dd>The CC1 system provides a complete solution for Private
-        Cloud Computing. An intuitive web access interface with an
-        administration module and simple installation procedure make
-        it easy to benefit from private Cloud Computing technology.
-      </dd>
-
-      <dt><a href="https://github.com/eucalyptus/eucalyptus">Eucalyptus</a></dt>
-      <dd>
-        Eucalyptus is an on-premise Infrastructure as a Service cloud
-        software platform that is open source and
-        AWS-compatible. Eucalyptus uses libvirt virtualization API to
-        directly interact with Xen and KVM hypervisors.
-      </dd>
-
-      <dt><a href="http://www.nimbusproject.org">Nimbus</a></dt>
-      <dd>
-        Nimbus is an open-source toolkit focused on providing
-        Infrastructure-as-a-Service (IaaS) capabilities to the scientific
-        community.  It uses libvirt for communication with all KVM and Xen
-        virtual machines.
-      </dd>
-
-      <dt><a href="http://snooze.inria.fr">Snooze</a></dt>
-      <dd>
-        Snooze is an open-source scalable, autonomic, and energy-efficient
-        virtual machine (VM) management framework for private clouds. It
-        integrates libvirt for VM monitoring, live migration, and life-cycle
-        management.
-      </dd>
-
-      <dt><a href="https://www.openstack.org">OpenStack</a></dt>
-      <dd>
-        OpenStack is a "cloud operating system" usable for both public
-        and private clouds.  Its various parts take care of compute,
-        storage and networking resources and interface with the user
-        using a dashboard.  Compute part uses libvirt to manage VM
-        life-cycle, monitoring and so on.
-      </dd>
-
-      <dt><a href="https://github.com/gustavfranssonnyvell/cherrypop">Cherrypop</a></dt>
-      <dd>
-        A cloud software with no masters or central points. Nodes
-        autodetect other nodes and autodistribute virtual
-        machines and autodivide up the workload. Also there is no
-        minimum limit for hosts, well, one might be nice. It's
-        perfect for setting up low-end servers in a cloud or a
-        cloud where you want the most bang for the bucks.
-      </dd>
-
-      <dt><a href="http://en.zstack.io/">ZStack</a></dt>
-      <dd>
-        ZStack is an open source IaaS software that aims to automate the
-        management of all resources (compute, storage, networking, etc.) in a
-        datacenter by using APIs, thus conforming to the principles of a
-        software-defined datacenter. The key strengths of ZStack in terms of
-        management are scalability, performance, and a fast, user-friendly
-        deployment.
-      </dd>
-    </dl>
-
-    <h2><a id="libraries">Libraries</a></h2>
-
-    <dl>
-      <dt><a href="http://libguestfs.org">libguestfs</a></dt>
-      <dd>
-        A library and set of tools for accessing and modifying virtual
-        machine disk images.  It can be linked with C and C++ management
-        programs, and has bindings for Perl, Python, Ruby, Java, OCaml,
-        PHP, Haskell, and C#.
-      </dd>
-      <dd>
-        Using its FUSE module, you can also mount guest filesystems on the
-        host, and there is a subproject to allow merging changes into the
-        Windows Registry in Windows guests.
-      </dd>
-
-      <dt><a href="https://sandbox.libvirt.org">libvirt-sandbox</a></dt>
-      <dd>
-        A library and command line tools for simplifying the creation of
-        application sandboxes using virtualization technology. It currently
-        supports either KVM, QEMU or LXC as backends. Integration with
-        systemd facilitates sandboxing of system services like apache.
-      </dd>
-      <dt><a href="https://github.com/ohadlevy/virt#readme">Ruby
-          Libvirt Object bindings</a></dt>
-      <dd>
-        Allows using simple ruby objects to manipulate
-        hypervisors, guests, storage, network etc.  It is
-        based on top of
-        the <a href="https://libvirt.org/ruby">native ruby bindings</a>.
-      </dd>
-    </dl>
-
-    <h2><a id="livecd">LiveCD / Appliances</a></h2>
-
-    <dl>
-      <dt><a href="http://libguestfs.org/virt-v2v/">virt-p2v</a></dt>
-      <dd>
-        An older tool for converting a physical machine into a virtual
-        machine.  It is a LiveCD which is booted on the machine to be
-        converted.  It collects a little information from the user, then
-        copies the disks over to a remote machine and defines the XML for a
-        domain to run the guest.
-      </dd>
-    </dl>
-
-    <h2><a id="monitoring">Monitoring</a></h2>
-    <dl>
-      <dt><a href="https://collectd.org/plugins/libvirt.shtml">collectd</a></dt>
-      <dd>
-        The libvirt-plugin is part of <a href="http://collectd.org/">collectd</a>
-        and gathers statistics about virtualized guests on a system. This
-        way, you can collect CPU, network interface and block device usage
-        for each guest without installing collectd on the guest systems.
-        For a full description, please refer to the libvirt section in the
-        collectd.conf(5) manual page.
-      </dd>
-      <dt><a href="http://www.sflow.net/">Host sFlow</a></dt>
-      <dd>
-        Host sFlow is a lightweight agent running on KVM hypervisors that
-        links to libvirt library and exports standardized cpu, memory, network
-        and disk metrics for all virtual machines.
-      </dd>
-      <dt><a href="https://honk.sigxcpu.org/projects/libvirt/#munin">Munin</a></dt>
-      <dd>
-        The plugins provided by Guido Günther allow to monitor various things
-        like network and block I/O with
-        <a href="http://munin.projects.linpro.no/">Munin</a>.
-      </dd>
-      <dt><a href="http://people.redhat.com/rjones/nagios-virt/">Nagios-virt</a></dt>
-      <dd>
-        Nagios-virt is a configuration tool to add monitoring of your
-        virtualised domains to <a href="http://www.nagios.org/">Nagios</a>.
-        You can use this tool to either set up a new Nagios installation for
-        your Xen or QEMU/KVM guests, or to integrate with your existing Nagios
-        installation.
-      </dd>
-      <dt><a href="http://www.pcp.io/man/man1/pmdalibvirt.1.html">PCP</a></dt>
-      <dd>
-        The PCP libvirt PMDA (plugin) is part of the
-        <a href="http://pcp.io/">PCP</a> toolkit and provides
-        hypervisor and guest information and complete set of guest performance
-        metrics. It supports pCPU, vCPU, memory, block device, network interface,
-        and performance event metrics for each virtual guest.
-      </dd>
-    </dl>
-
-    <h2><a id="provisioning">Provisioning</a></h2>
-
-    <dl>
-      <dt><a href="https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli+Provisioning+Manager">Tivoli Provisioning Manager</a></dt>
-      <dd>
-        Part of the IBM Tivoli family, Tivoli Provisioning Manager (TPM) is
-        an IT lifecycle automation product.  It
-        <a href="http://publib.boulder.ibm.com/infocenter/tivihelp/v38r1/index.jsp?topic=/com.ibm.tivoli.tpm.apk.doc/libvirt_package.html">uses libvirt</a>
-        for communication with virtualization hosts and guest domains.
-      </dd>
-    </dl>
-
-    <dl>
-      <dt><a href="https://theforeman.org">Foreman</a></dt>
-      <dd>
-      Foreman is an open source web based application aimed to be a
-      Single Address For All Machines Life Cycle Management. Foreman:
-
-      <ul>
-          <li>Creates everything you need when adding a new machine to
-          your network, its goal being automatically managing
-          everything you would normally manage manually (DNS, DHCP,
-          TFTP, Virtual Machines,CA, CMDB...)</li>
-          <li>Integrates with Puppet (and acts as web front end to it).</li>
-          <li>Takes care of provisioning until the point puppet is
-          running, allowing Puppet to do what it does best.</li>
-          <li>Shows you Systems Inventory (based on Facter) and
-          provides real time information about hosts status based on
-          Puppet reports.</li>
-      </ul>
-      </dd>
-    </dl>
-
-
-    <h2><a id="web">Web applications</a></h2>
-
-    <dl>
-      <dt><a href="http://www.abiquo.com/">AbiCloud</a></dt>
-      <dd>
-        AbiCloud is an open source cloud platform manager which allows to
-        easily deploy a private cloud in your datacenter. One of the key
-        differences of AbiCloud is the web rich interface for managing the
-        infrastructure. You can deploy a new service just dragging and
-        dropping a VM.
-      </dd>
-      <dt><a href="https://kimchi-project.github.io/kimchi/">Kimchi</a></dt>
-      <dd>
-        Kimchi is an HTML5 based management tool for KVM. It is designed to
-        make it as easy as possible to get started with KVM and create your first guest.
-
-        Kimchi manages KVM guests through libvirt. The management interface is accessed
-        over the web using a browser that supports HTML5.
-      </dd>
-      <dt><a href="https://ovirt.org/">oVirt</a></dt>
-      <dd>
-        oVirt provides the ability to manage large numbers of virtual
-        machines across an entire data center of hosts. It integrates
-        with FreeIPA for Kerberos authentication, and in the future,
-        certificate management.
-      </dd>
-      <dt><a href="https://ispsystem.com/en/software/vmmanager">VMmanager</a></dt>
-      <dd>
-        VMmanager is a software solution for virtualization management
-        that can be used both for hosting virtual machines and
-        building a cloud.  VMmanager can manage not only one server,
-        but a large cluster of hypervisors.  It delivers a number of
-        functions, such as live migration that allows for load
-        balancing between cluster nodes, monitoring CPU, memory.
-      </dd>
-      <dt><a href="https://mist.io/">mist.io</a></dt>
-      <dd>
-        Mist.io is an open source project and a service that can assist you in
-        managing your virtual machines on a unified way, providing a simple
-        interface for all of your infrastructure (multiple public cloud
-        providers, OpenStack based public/private clouds, Docker servers, bare
-        metal servers and now KVM hypervisors).
-      </dd>
-      <dt><a href="https://ravada.upc.edu/">Ravada</a></dt>
-      <dd>
-        Ravada is an open source tool for managing Virtual Desktop
-        Infrastructure (VDI). It is very easy to install and use. Following
-        the documentation, you'll be ready to deploy virtual machines in
-        minutes. The only requirements for the users are a Web browser and
-        a lightweight remote viewer.
-      </dd>
-      <dt><a href="https://github.com/cutelyst/Virtlyst">Virtlyst</a></dt>
-      <dd>
-        Virtlyst is an open source web application built with C++11, Cutelyst and Qt.
-        It features:
-        <ul>
-          <li>Low memory usage (around 5 MiB of RAM)</li>
-          <li>Look and feel easily customized with HTML templates that use the Django syntax</li>
-          <li>VNC/Spice console directly in the browser using websockets on the same HTTP port</li>
-          <li>Host and Domain statistics graphs (CPU, Memory, IO, Network)</li>
-          <li>Connect to multiple libvirtd instances (over local Unix domain socket, SSH, TCP and TLS)</li>
-          <li>Manage Storage Pools, Storage Volumes, Networks, Interfaces, and Secrets</li>
-          <li>Create and launch VMs</li>
-          <li>Configure VMs with easy panels or go pro and edit the VM's XML</li>
-        </ul>
-      </dd>
-    </dl>
-
-    <h2><a id="other">Other</a></h2>
-
-    <dl>
-      <dt><a href="https://cuckoosandbox.org/">Cuckoo Sandbox</a></dt>
-      <dd>
-        Cuckoo Sandbox is a malware analysis system.  You can throw
-        any suspicious file at it and in a matter of seconds Cuckoo
-        will provide you back some detailed results outlining what
-        such file did when executed inside an isolated environment.
-        And libvirt is one of the backends that can be used for the
-        isolated environment.
-      </dd>
-    </dl>
-
-  </body>
-</html>

docs/apps.rst

@@ -0,0 +1,348 @@
+==========================
+Applications using libvirt
+==========================
+
+This page provides an illustration of the wide variety of applications
+using the libvirt management API.
+
+.. contents::
+
+Add an application
+------------------
+
+To add an application not listed on this page, send a message to the
+`mailing list <contact.html>`__, requesting it be added here, or simply
+send a patch against the documentation in the libvirt.git docs
+subdirectory. If your application uses libvirt as its API, the following
+graphics are available for your website to advertise support for
+libvirt:
+
+|libvirt powered 96| |libvirt powered 128| |libvirt powered 192| |libvirt powered 256|
+
+Command line tools
+------------------
+
+`guestfish <https://libguestfs.org>`__
+   Guestfish is an interactive shell and command-line tool for examining
+   and modifying virtual machine filesystems. It uses libvirt to find
+   guests and their associated disks.
+virsh
+   An interactive shell, and batch scriptable tool for performing
+   management tasks on all libvirt managed domains, networks and
+   storage. This is part of the libvirt core distribution.
+`virt-clone <https://virt-manager.org/>`__
+   Allows the disk image(s) and configuration for an existing virtual
+   machine to be cloned to form a new virtual machine. It automates
+   copying of data across to new disk images, and updates the UUID, MAC
+   address, and name in the configuration.
+`virt-df <https://people.redhat.com/rjones/virt-df/>`__
+   Examine the utilization of each filesystem in a virtual machine from
+   the comfort of the host machine. This tool peeks into the guest disks
+   and determines how much space is used. It can cope with common Linux
+   filesystems and LVM volumes.
+`virt-image <https://virt-manager.org/>`__
+   Provides a way to deploy virtual appliances. It defines a simplified
+   portable XML format describing the pre-requisites of a virtual
+   machine. At time of deployment this is translated into the domain XML
+   format for execution under any libvirt hypervisor meeting the
+   pre-requisites.
+`virt-install <https://virt-manager.org/>`__
+   Provides a way to provision new virtual machines from a OS
+   distribution install tree. It supports provisioning from local CD
+   images, and the network over NFS, HTTP and FTP.
+`virt-top <https://people.redhat.com/rjones/virt-top/>`__
+   Watch the CPU, memory, network and disk utilization of all virtual
+   machines running on a host.
+`virt-what <https://people.redhat.com/~rjones/virt-what/>`__
+   virt-what is a shell script for detecting if the program is running
+   in a virtual machine. It prints out a list of facts about the virtual
+   machine, derived from heuristics.
+`stap <https://sourceware.org/systemtap/>`__
+   SystemTap is a tool used to gather rich information about a running
+   system through the use of scripts. Starting from v2.4, the front-end
+   application stap can use libvirt to gather data within virtual
+   machines.
+`vagrant-libvirt <https://github.com/pradels/vagrant-libvirt/>`__
+   Vagrant-Libvirt is a Vagrant plugin that uses libvirt to manage
+   virtual machines. It is a command line tool for developers that makes
+   it very fast and easy to deploy and re-deploy an environment of vm's.
+`virt-lightning <https://github.com/virt-lightning/virt-lightning>`__
+   Virt-Lightning uses libvirt, cloud-init and libguestfs to allow
+   anyone to quickly start a new VM. Very much like a container CLI, but
+   with a virtual machine.
+
+Configuration Management
+------------------------
+
+`LCFG <https://wiki.lcfg.org/bin/view/LCFG/LcfgLibvirt>`__
+   LCFG is a system for automatically installing and managing the
+   configuration of large numbers of Unix systems. It is particularly
+   suitable for sites with very diverse and rapidly changing
+   configurations.
+   The lcfg-libvirt package adds support for virtualized systems to
+   LCFG, with both Xen and KVM known to work. Cloning guests is
+   supported, as are the bridged, routed, and isolated modes for Virtual
+   Networking.
+
+Continuous Integration
+----------------------
+
+`BuildBot <https://docs.buildbot.net/latest/manual/configuration/workers-libvirt.html>`__
+   BuildBot is a system to automate the compile/test cycle required by
+   most software projects. CVS commits trigger new builds, run on a
+   variety of client machines. Build status (pass/fail/etc) are
+   displayed on a web page or through other protocols.
+
+`Jenkins <https://plugins.jenkins.io/libvirt-slave/>`__
+   This plugin for Jenkins adds a way to control guest domains hosted on
+   Xen or QEMU/KVM. You configure a Jenkins Agent, selecting the guest
+   domain and hypervisor. When you need to build a job on a specific
+   Agent, its guest domain is started, then the job is run. When the
+   build process is finished, the guest domain is shut down, ready to be
+   used again as required.
+
+Conversion
+----------
+
+`virt-p2v <https://libguestfs.org/virt-p2v.1.html>`__
+   Convert a physical machine to run on KVM. It is a LiveCD which is
+   booted on the machine to be converted. It collects a little
+   information from the user, then copies the disks over to a remote
+   machine and defines the XML for a domain to run the guest. (Note this
+   tool is included with libguestfs)
+`virt-v2v <https://libguestfs.org/virt-v2v.1.html>`__
+   virt-v2v converts guests from a foreign hypervisor to run on KVM,
+   managed by libvirt. It can convert guests from VMware or Xen to run
+   on OpenStack, oVirt (RHEV-M), or local libvirt. It will enable VirtIO
+   drivers in the converted guest if possible. (Note this tool is
+   included with libguestfs)
+   For RHEL customers of Red Hat, conversion of Windows guests is also
+   possible. This conversion requires some Microsoft signed pieces, that
+   Red Hat can provide.
+`vmware2libvirt <https://launchpad.net/virt-goodies>`__
+   Part of the *virt-goodies* package, vmware2libvirt is a python script
+   for migrating a vmware image to libvirt.
+
+Desktop applications
+--------------------
+
+`virt-manager <https://virt-manager.org/>`__
+   A general purpose desktop management tool, able to manage virtual
+   machines across both local and remotely accessed hypervisors. It is
+   targeted at home and small office usage up to managing 10-20 hosts
+   and their VMs.
+`virt-viewer <https://virt-manager.org/>`__
+   A lightweight tool for accessing the graphical console associated
+   with a virtual machine. It can securely connect to remote consoles
+   supporting the VNC protocol. Also provides an optional mozilla
+   browser plugin.
+`qt-virt-manager <https://f1ash.github.io/qt-virt-manager>`__
+   The Qt GUI for create and control VMs and another virtual entities
+   (aka networks, storages, interfaces, secrets, network filters).
+   Contains integrated LXC/SPICE/VNC viewer for accessing the graphical
+   or text console associated with a virtual machine or container.
+`qt-remote-viewer <https://f1ash.github.io/qt-virt-manager/#virtual-machines-viewer>`__
+   The Qt VNC/SPICE viewer for access to remote desktops or VMs.
+
+Infrastructure as a Service (IaaS)
+----------------------------------
+
+`Cracow Cloud One <http://cc1.ifj.edu.pl>`__
+   The CC1 system provides a complete solution for Private Cloud
+   Computing. An intuitive web access interface with an administration
+   module and simple installation procedure make it easy to benefit from
+   private Cloud Computing technology.
+`Eucalyptus <https://github.com/eucalyptus/eucalyptus>`__
+   Eucalyptus is an on-premise Infrastructure as a Service cloud
+   software platform that is open source and AWS-compatible. Eucalyptus
+   uses libvirt virtualization API to directly interact with Xen and KVM
+   hypervisors.
+`Nimbus <http://www.nimbusproject.org>`__
+   Nimbus is an open-source toolkit focused on providing
+   Infrastructure-as-a-Service (IaaS) capabilities to the scientific
+   community. It uses libvirt for communication with all KVM and Xen
+   virtual machines.
+`Snooze <http://snooze.inria.fr>`__
+   Snooze is an open-source scalable, autonomic, and energy-efficient
+   virtual machine (VM) management framework for private clouds. It
+   integrates libvirt for VM monitoring, live migration, and life-cycle
+   management.
+`OpenStack <https://www.openstack.org>`__
+   OpenStack is a "cloud operating system" usable for both public and
+   private clouds. Its various parts take care of compute, storage and
+   networking resources and interface with the user using a dashboard.
+   Compute part uses libvirt to manage VM life-cycle, monitoring and so
+   on.
+`KubeVirt <https://kubevirt.io/>`__
+   KubeVirt is a virtual machine management add-on for Kubernetes. The
+   aim is to provide a common ground for virtualization solutions on top
+   of Kubernetes.
+`Cherrypop <https://github.com/gustavfranssonnyvell/cherrypop>`__
+   A cloud software with no masters or central points. Nodes autodetect
+   other nodes and autodistribute virtual machines and autodivide up the
+   workload. Also there is no minimum limit for hosts, well, one might
+   be nice. It's perfect for setting up low-end servers in a cloud or a
+   cloud where you want the most bang for the bucks.
+`ZStack <https://en.zstack.io/>`__
+   ZStack is an open source IaaS software that aims to automate the
+   management of all resources (compute, storage, networking, etc.) in a
+   datacenter by using APIs, thus conforming to the principles of a
+   software-defined datacenter. The key strengths of ZStack in terms of
+   management are scalability, performance, and a fast, user-friendly
+   deployment.
+
+Libraries
+---------
+
+`libguestfs <https://libguestfs.org>`__
+   A library and set of tools for accessing and modifying virtual
+   machine disk images. It can be linked with C and C++ management
+   programs, and has bindings for Perl, Python, Ruby, Java, OCaml, PHP,
+   Haskell, and C#.
+   Using its FUSE module, you can also mount guest filesystems on the
+   host, and there is a subproject to allow merging changes into the
+   Windows Registry in Windows guests.
+`libvirt-sandbox <https://sandbox.libvirt.org>`__
+   A library and command line tools for simplifying the creation of
+   application sandboxes using virtualization technology. It currently
+   supports either KVM, QEMU or LXC as backends. Integration with
+   systemd facilitates sandboxing of system services like apache.
+`Ruby Libvirt Object bindings <https://github.com/ohadlevy/virt#readme>`__
+   Allows using simple ruby objects to manipulate hypervisors, guests,
+   storage, network etc. It is based on top of the `native ruby
+   bindings <https://libvirt.org/ruby>`__.
+
+LiveCD / Appliances
+-------------------
+
+`virt-p2v <https://libguestfs.org/virt-v2v/>`__
+   An older tool for converting a physical machine into a virtual
+   machine. It is a LiveCD which is booted on the machine to be
+   converted. It collects a little information from the user, then
+   copies the disks over to a remote machine and defines the XML for a
+   domain to run the guest.
+
+Monitoring
+----------
+
+`collectd <https://collectd.org/plugins/libvirt.shtml>`__
+   The libvirt-plugin is part of `collectd <https://collectd.org/>`__
+   and gathers statistics about virtualized guests on a system. This
+   way, you can collect CPU, network interface and block device usage
+   for each guest without installing collectd on the guest systems. For
+   a full description, please refer to the libvirt section in the
+   collectd.conf(5) manual page.
+`Host sFlow <https://www.sflow.net/>`__
+   Host sFlow is a lightweight agent running on KVM hypervisors that
+   links to libvirt library and exports standardized cpu, memory,
+   network and disk metrics for all virtual machines.
+`Munin <https://honk.sigxcpu.org/projects/libvirt/#munin>`__
+   The plugins provided by Guido Günther allow to monitor various things
+   like network and block I/O with
+   `Munin <http://munin.projects.linpro.no/>`__.
+`Nagios-virt <https://people.redhat.com/rjones/nagios-virt/>`__
+   Nagios-virt is a configuration tool to add monitoring of your
+   virtualised domains to `Nagios <https://www.nagios.org/>`__. You can
+   use this tool to either set up a new Nagios installation for your Xen
+   or QEMU/KVM guests, or to integrate with your existing Nagios
+   installation.
+`PCP <https://pcp.io/man/man1/pmdalibvirt.1.html>`__
+   The PCP libvirt PMDA (plugin) is part of the
+   `PCP <https://pcp.io/>`__ toolkit and provides hypervisor and guest
+   information and complete set of guest performance metrics. It
+   supports pCPU, vCPU, memory, block device, network interface, and
+   performance event metrics for each virtual guest.
+
+Provisioning
+------------
+
+`Tivoli Provisioning Manager <https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli+Provisioning+Manager>`__
+   Part of the IBM Tivoli family, Tivoli Provisioning Manager (TPM) is
+   an IT lifecycle automation product. It `uses
+   libvirt <http://publib.boulder.ibm.com/infocenter/tivihelp/v38r1/index.jsp?topic=/com.ibm.tivoli.tpm.apk.doc/libvirt_package.html>`__
+   for communication with virtualization hosts and guest domains.
+
+`Foreman <https://theforeman.org>`__
+   Foreman is an open source web based application aimed to be a Single
+   Address For All Machines Life Cycle Management. Foreman:
+
+   -  Creates everything you need when adding a new machine to your
+      network, its goal being automatically managing everything you
+      would normally manage manually (DNS, DHCP, TFTP, Virtual
+      Machines,CA, CMDB...)
+   -  Integrates with Puppet (and acts as web front end to it).
+   -  Takes care of provisioning until the point puppet is running,
+      allowing Puppet to do what it does best.
+   -  Shows you Systems Inventory (based on Facter) and provides real
+      time information about hosts status based on Puppet reports.
+
+Web applications
+----------------
+
+`AbiCloud <https://www.abiquo.com/>`__
+   AbiCloud is an open source cloud platform manager which allows to
+   easily deploy a private cloud in your datacenter. One of the key
+   differences of AbiCloud is the web rich interface for managing the
+   infrastructure. You can deploy a new service just dragging and
+   dropping a VM.
+`Kimchi <https://kimchi-project.github.io/kimchi/>`__
+   Kimchi is an HTML5 based management tool for KVM. It is designed to
+   make it as easy as possible to get started with KVM and create your
+   first guest. Kimchi manages KVM guests through libvirt. The
+   management interface is accessed over the web using a browser that
+   supports HTML5.
+`oVirt <https://ovirt.org/>`__
+   oVirt provides the ability to manage large numbers of virtual
+   machines across an entire data center of hosts. It integrates with
+   FreeIPA for Kerberos authentication, and in the future, certificate
+   management.
+`VMmanager <https://ispsystem.com/en/software/vmmanager>`__
+   VMmanager is a software solution for virtualization management that
+   can be used both for hosting virtual machines and building a cloud.
+   VMmanager can manage not only one server, but a large cluster of
+   hypervisors. It delivers a number of functions, such as live
+   migration that allows for load balancing between cluster nodes,
+   monitoring CPU, memory.
+`mist.io <https://mist.io/>`__
+   Mist.io is an open source project and a service that can assist you
+   in managing your virtual machines on a unified way, providing a
+   simple interface for all of your infrastructure (multiple public
+   cloud providers, OpenStack based public/private clouds, Docker
+   servers, bare metal servers and now KVM hypervisors).
+`Ravada <https://ravada.upc.edu/>`__
+   Ravada is an open source tool for managing Virtual Desktop
+   Infrastructure (VDI). It is very easy to install and use. Following
+   the documentation, you'll be ready to deploy virtual machines in
+   minutes. The only requirements for the users are a Web browser and a
+   lightweight remote viewer.
+`Virtlyst <https://github.com/cutelyst/Virtlyst>`__
+   Virtlyst is an open source web application built with C++11, Cutelyst
+   and Qt. It features:
+
+   -  Low memory usage (around 5 MiB of RAM)
+   -  Look and feel easily customized with HTML templates that use the
+      Django syntax
+   -  VNC/Spice console directly in the browser using websockets on the
+      same HTTP port
+   -  Host and Domain statistics graphs (CPU, Memory, IO, Network)
+   -  Connect to multiple libvirtd instances (over local Unix domain
+      socket, SSH, TCP and TLS)
+   -  Manage Storage Pools, Storage Volumes, Networks, Interfaces, and
+      Secrets
+   -  Create and launch VMs
+   -  Configure VMs with easy panels or go pro and edit the VM's XML
+
+Other
+-----
+
+`Cuckoo Sandbox <https://cuckoosandbox.org/>`__
+   Cuckoo Sandbox is a malware analysis system. You can throw any
+   suspicious file at it and in a matter of seconds Cuckoo will provide
+   you back some detailed results outlining what such file did when
+   executed inside an isolated environment. And libvirt is one of the
+   backends that can be used for the isolated environment.
+
+.. |libvirt powered 96| image:: logos/logo-square-powered-96.png
+.. |libvirt powered 128| image:: logos/logo-square-powered-128.png
+.. |libvirt powered 192| image:: logos/logo-square-powered-192.png
+.. |libvirt powered 256| image:: logos/logo-square-powered-256.png

docs/architecture.fig

@@ -1,87 +0,0 @@
-#FIG 3.2
-Landscape
-Center
-Inches
-Letter
-100.00
-Single
--2
-1200 2
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 1050 7500 9375 7500 9375 8700 1050 8700 1050 7500
-2 4 0 1 0 7 50 -1 -1 0.000 0 0 7 0 0 5
-	 3525 7275 3525 4125 1050 4125 1050 7275 3525 7275
-2 1 1 2 0 7 50 -1 -1 6.000 0 0 -1 0 0 2
-	 1050 6540 3540 6525
-2 4 0 1 0 7 50 -1 -1 4.000 0 0 7 0 0 5
-	 1590 6900 1590 6645 1140 6645 1140 6900 1590 6900
-2 4 0 1 0 7 50 -1 -1 4.000 0 0 7 0 0 5
-	 1590 7185 1590 6930 1140 6930 1140 7185 1590 7185
-2 1 0 4 0 7 50 -1 -1 0.000 0 0 -1 1 1 2
-	1 1 2.00 120.00 240.00
-	1 1 2.00 120.00 240.00
-	 1875 7725 8625 7725
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 1650 5625 3000 5625 3000 6375 1650 6375 1650 5625
-2 1 0 4 0 7 50 -1 -1 0.000 0 0 -1 1 0 2
-	1 1 2.00 120.00 240.00
-	 2850 7725 2850 6375
-2 4 0 1 0 7 50 -1 -1 0.000 0 0 7 0 0 5
-	 6450 7275 6450 4125 3975 4125 3975 7275 6450 7275
-2 4 0 1 0 7 50 -1 -1 0.000 0 0 7 0 0 5
-	 9300 7275 9300 4125 6825 4125 6825 7275 9300 7275
-2 1 1 2 0 7 50 -1 -1 6.000 0 0 -1 0 0 2
-	 3975 6540 6465 6525
-2 1 1 2 0 7 50 -1 -1 6.000 0 0 -1 0 0 2
-	 6825 6540 9315 6525
-2 1 0 4 0 7 50 -1 -1 0.000 0 0 -1 1 0 2
-	1 1 2.00 120.00 240.00
-	 5400 7725 5400 7050
-2 1 0 4 0 7 50 -1 -1 0.000 0 0 -1 1 0 2
-	1 1 2.00 120.00 240.00
-	 8025 7725 8025 7050
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 1050 8925 9375 8925 9375 9900 1050 9900 1050 8925
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 2100 4575 3450 4575 3450 5325 2100 5325 2100 4575
-2 1 1 3 0 7 50 -1 -1 2.000 0 0 -1 1 0 2
-	1 1 2.00 120.00 240.00
-	 3225 5325 3225 8325
-2 1 1 3 0 7 50 -1 -1 2.000 0 0 -1 1 0 2
-	1 1 2.00 120.00 240.00
-	 6225 6900 6225 8250
-2 1 1 3 0 7 50 -1 -1 2.000 0 0 -1 1 0 2
-	1 1 2.00 120.00 240.00
-	 8925 6900 8925 8250
-2 1 1 3 0 7 50 -1 -1 2.000 0 0 -1 1 0 2
-	1 1 2.00 120.00 240.00
-	 1725 7125 1725 8325
-2 1 0 4 0 7 50 -1 -1 0.000 0 0 -1 1 1 2
-	1 1 2.00 120.00 240.00
-	1 1 2.00 120.00 240.00
-	 2850 5850 2850 5025
-2 1 1 3 0 7 50 -1 -1 2.000 0 0 -1 1 0 2
-	1 1 2.00 120.00 240.00
-	 5175 8475 5175 9375
-2 1 1 3 0 7 50 -1 -1 2.000 0 0 -1 1 0 2
-	1 1 2.00 120.00 240.00
-	 1350 7125 1350 9450
-2 1 0 4 0 7 50 -1 -1 0.000 0 0 -1 1 0 2
-	1 1 2.00 120.00 240.00
-	 2325 7725 2325 7200
-2 1 1 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 1
-	 900 3975
-2 1 1 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 1
-	 9525 9975
-4 0 0 50 -1 0 18 0.0000 4 195 870 4350 7980 XenBus\001
-4 0 0 50 -1 0 18 0.0000 4 195 780 1680 6870 drivers\001
-4 0 0 50 -1 0 18 0.0000 4 195 1050 1800 6075 XenStore\001
-4 0 0 50 -1 0 18 0.0000 4 195 900 1875 7125 Kernel0\001
-4 0 0 50 -1 0 18 0.0000 4 195 960 4875 6975 KernelU\001
-4 0 0 50 -1 0 18 0.0000 4 195 960 7650 6975 KernelU\001
-4 0 0 50 -1 0 18 0.0000 4 255 1740 4050 8400 Xen Hypervisor\001
-4 0 0 50 -1 0 18 0.0000 4 195 585 2325 4950 Xend\001
-4 0 0 50 -1 0 18 0.0000 4 195 690 1200 4725 Dom0\001
-4 0 0 50 -1 0 18 0.0000 4 195 750 4875 5325 DomU\001
-4 0 0 50 -1 0 18 0.0000 4 195 750 7650 5325 DomU\001
-4 0 0 50 -1 0 18 0.0000 4 195 1080 3750 9450 Hardware\001

docs/architecture.html.in

@@ -1,82 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1 >libvirt architecture</h1>
-
-    <p>
-      Currently libvirt supports 2 kind of virtualization, and its
-      internal structure is based on a driver model which simplifies
-      adding new
-      engines:
-    </p>
-
-    <ul id="toc"></ul>
-
-    <h2><a id="Xen">Xen support</a></h2>
-
-    <p>When running in a Xen environment, programs using libvirt have to execute
-in "Domain 0", which is the primary Linux OS loaded on the machine. That OS
-kernel provides most if not all of the actual drivers used by the set of
-domains. It also runs the Xen Store, a database of information shared by the
-hypervisor, the backend drivers, any running domains, and libxl (aka libxenlight).
-libxl provides a set of APIs for creating and managing domains, which can be used
-by applications such as the xl tool provided by Xen or libvirt. The hypervisor,
-drivers, kernels and daemons communicate though a shared system bus
-implemented in the hypervisor. The figure below tries to provide a view of
-this environment:</p>
-    <img src="architecture.gif" alt="The Xen architecture" />
-    <p>The library will interact with libxl for all management operations
-on a Xen system.</p>
-    <p>Note that the libvirt libxl driver only supports root access.</p>
-
-    <h2><a id="QEMU">QEMU and KVM support</a></h2>
-
-    <p>The model for QEMU and KVM is completely similar, basically KVM is based
-on QEMU for the process controlling a new domain, only small details differs
-between the two. In both case the libvirt API is provided by a controlling
-process forked by libvirt in the background and which launch and control the
-QEMU or KVM process. That program called libvirt_qemud talks though a specific
-protocol to the library, and connects to the console of the QEMU process in
-order to control and report on its status. Libvirt tries to expose all the
-emulations models of QEMU, the selection is done when creating the new
-domain, by specifying the architecture and machine type targeted.</p>
-    <p>The code controlling the QEMU process is available in the
-<code>qemud/</code> directory.</p>
-
-    <h2><a id="drivers">Driver based architecture</a></h2>
-
-    <p>As the previous section explains, libvirt can communicate using different
-channels with the current hypervisor, and should also be able to use
-different kind of hypervisor. To simplify the internal design, code, ease
-maintenance and simplify the support of other virtualization engine the
-internals have been structured as one core component, the libvirt.c module
-acting as a front-end for the library API and a set of hypervisor drivers
-defining a common set of routines. That way the Xen Daemon access, the Xen
-Store one, the Hypervisor hypercall are all isolated in separate C modules
-implementing at least a subset of the common operations defined by the
-drivers present in driver.h:</p>
-    <ul>
-      <li>xend_internal: implements the driver functions though the Xen
-  Daemon</li>
-      <li>xs_internal: implements the subset of the driver available though the
-    Xen Store</li>
-      <li>xen_internal: provide the implementation of the functions possible via
-    direct hypervisor access</li>
-      <li>proxy_internal: provide read-only Xen access via a proxy, the proxy code
-    is in the <code>proxy/</code> directory.</li>
-      <li>xm_internal: provide support for Xen defined but not running
-    domains.</li>
-      <li>qemu_internal: implement the driver functions for QEMU and
-    KVM virtualization engines. It also uses a qemud/ specific daemon
-    which interacts with the QEMU process to implement libvirt API.</li>
-      <li>test: this is a test driver useful for regression tests of the
-    front-end part of libvirt.</li>
-    </ul>
-    <p>Note that a given driver may only implement a subset of those functions,
-(for example saving a Xen domain state to disk and restoring it is only
-possible though the Xen Daemon), in that case the driver entry points for
-unsupported functions are initialized to NULL.</p>
-    <p></p>
-  </body>
-</html>

docs/auditlog.html.in

@@ -1,375 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Audit log</h1>
-
-    <ul id="toc"></ul>
-
-    <h2><a id="intro">Introduction</a></h2>
-
-    <p>
-      A number of the libvirt virtualization drivers (QEMU/KVM and LXC) include
-      support for logging details of important operations to the host's audit
-      subsystem. This provides administrators / auditors with a canonical historical
-      record of changes to virtual machines' / containers' lifecycle states and
-      their configuration. On hosts which are running the Linux audit daemon,
-      the logs will usually end up in <code>/var/log/audit/audit.log</code>
-    </p>
-
-    <h2><a id="config">Configuration</a></h2>
-
-    <p>
-      The libvirt audit integration is enabled by default on any host which has
-      the Linux audit subsystem active, and disabled otherwise. It is possible
-      to alter this behaviour in the <code>/etc/libvirt/libvirtd.conf</code>
-      configuration file, via the <code>audit_level</code> parameter
-    </p>
-
-    <ul>
-      <li><code>audit_level=0</code> - libvirt auditing is disabled regardless
-        of host audit subsystem enablement.</li>
-      <li><code>audit_level=1</code> - libvirt auditing is enabled if the host
-        audit subsystem is enabled, otherwise it is disabled. This is the
-        default behaviour.</li>
-      <li><code>audit_level=2</code> - libvirt auditing is enabled regardless
-        of host audit subsystem enablement. If the host audit subsystem is
-        disabled, then libvirtd will refuse to complete startup and exit with
-        an error.</li>
-    </ul>
-
-    <p>
-      In addition to have formal messages sent to the audit subsystem it is
-      possible to tell libvirt to inject messages into its own logging
-      layer. This will result in messages ending up in the systemd journal
-      or <code>/var/log/libvirt/libvirtd.log</code> on non-systemd hosts.
-      This is disabled by default, but can be requested by setting the
-      <code>audit_logging=1</code> configuration parameter in the same file
-      mentioned above.
-    </p>
-
-    <h2><a id="types">Message types</a></h2>
-
-    <p>
-      Libvirt defines three core audit message types each of which will
-      be described below. There are a number of common fields that will
-      be reported for all message types.
-    </p>
-
-    <dl>
-      <dt><code>pid</code></dt>
-      <dd>Process ID of the libvirtd daemon generating the audit record.</dd>
-      <dt><code>uid</code></dt>
-      <dd>User ID of the libvirtd daemon process generating the audit record.</dd>
-      <dt><code>subj</code></dt>
-      <dd>Security context of the libvirtd daemon process generating the audit record.</dd>
-      <dt><code>msg</code></dt>
-      <dd>String containing a list of key=value pairs specific to the type of audit record being reported.</dd>
-    </dl>
-
-    <p>
-      Some fields in the <code>msg</code> string are common to audit records
-    </p>
-
-    <dl>
-      <dt><code>virt</code></dt>
-      <dd>Type of virtualization driver used. One of <code>qemu</code> or <code>lxc</code></dd>
-      <dt><code>vm</code></dt>
-      <dd>Host driver unique name of the guest</dd>
-      <dt><code>uuid</code></dt>
-      <dd>Globally unique identifier for the guest</dd>
-      <dt><code>exe</code></dt>
-      <dd>Path of the libvirtd daemon</dd>
-      <dt><code>hostname</code></dt>
-      <dd>Currently unused</dd>
-      <dt><code>addr</code></dt>
-      <dd>Currently unused</dd>
-      <dt><code>terminal</code></dt>
-      <dd>Currently unused</dd>
-      <dt><code>res</code></dt>
-      <dd>Result of the action, either <code>success</code> or <code>failed</code></dd>
-    </dl>
-
-    <h3><a id="typecontrol">VIRT_CONTROL</a></h3>
-
-    <p>
-      Reports change in the lifecycle state of a virtual machine. The <code>msg</code>
-      field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>op</code></dt>
-      <dd>Type of operation performed. One of <code>start</code>, <code>stop</code> or <code>init</code></dd>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the operation to happen</dd>
-      <dt><code>vm-pid</code></dt>
-      <dd>ID of the primary/leading process associated with the guest</dd>
-      <dt><code>init-pid</code></dt>
-      <dd>ID of the <code>init</code> process in a container. Only if <code>op=init</code> and <code>virt=lxc</code></dd>
-      <dt><code>pid-ns</code></dt>
-      <dd>Namespace ID of the <code>init</code> process in a container. Only if <code>op=init</code> and <code>virt=lxc</code></dd>
-    </dl>
-
-    <h3><a id="typemachine">VIRT_MACHINE_ID</a></h3>
-
-    <p>
-      Reports the association of a security context with a guest. The <code>msg</code>
-      field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>model</code></dt>
-      <dd>The security driver type. One of <code>selinux</code> or <code>apparmor</code></dd>
-      <dt><code>vm-ctx</code></dt>
-      <dd>Security context for the guest process</dd>
-      <dt><code>img-ctx</code></dt>
-      <dd>Security context for the guest disk images and other assigned host resources</dd>
-    </dl>
-
-    <h3><a id="typeresource">VIRT_RESOURCE</a></h3>
-
-    <p>
-      Reports the usage of a host resource by a guest. The fields include will
-      vary according to the type of device being reported. When the guest is
-      initially booted records will be generated for all assigned resources.
-      If any changes are made to the running guest configuration, for example
-      hotplug devices, or adjust resources allocation, further records will
-      be generated.
-    </p>
-
-    <h4><a id="typeresourcevcpu">Virtual CPU</a></h4>
-
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>vcpu</code></dd>
-      <dt><code>old-vcpu</code></dt>
-      <dd>Original vCPU count, or 0</dd>
-      <dt><code>new-vcpu</code></dt>
-      <dd>Updated vCPU count</dd>
-    </dl>
-
-
-    <h4><a id="typeresourcemem">Memory</a></h4>
-
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>mem</code></dd>
-      <dt><code>old-mem</code></dt>
-      <dd>Original memory size in bytes, or 0</dd>
-      <dt><code>new-mem</code></dt>
-      <dd>Updated memory size in bytes</dd>
-    </dl>
-
-    <h4><a id="typeresourcedisk">Disk</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>disk</code></dd>
-      <dt><code>old-disk</code></dt>
-      <dd>Original host file or device path acting as the disk backing file</dd>
-      <dt><code>new-disk</code></dt>
-      <dd>Updated host file or device path acting as the disk backing file</dd>
-    </dl>
-
-    <h4><a id="typeresourcenic">Network interface</a></h4>
-
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>net</code></dd>
-      <dt><code>old-net</code></dt>
-      <dd>Original MAC address of the guest network interface</dd>
-      <dt><code>new-net</code></dt>
-      <dd>Updated MAC address of the guest network interface</dd>
-    </dl>
-
-    <p>
-      If there is a host network interface associated with the guest NIC then
-      further records may be generated
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>net</code></dd>
-      <dt><code>net</code></dt>
-      <dd>MAC address of the host network interface</dd>
-      <dt><code>rdev</code></dt>
-      <dd>Name of the host network interface</dd>
-    </dl>
-
-    <h4><a id="typeresourcefs">Filesystem</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>fs</code></dd>
-      <dt><code>old-fs</code></dt>
-      <dd>Original host directory, file or device path backing the filesystem </dd>
-      <dt><code>new-fs</code></dt>
-      <dd>Updated host directory, file or device path backing the filesystem</dd>
-    </dl>
-
-    <h4><a id="typeresourcehost">Host device</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>hostdev</code> or <code>dev</code></dd>
-      <dt><code>dev</code></dt>
-      <dd>The unique bus identifier of the USB, PCI or SCSI device, if <code>resrc=dev</code></dd>
-      <dt><code>disk</code></dt>
-      <dd>The path of the block device assigned to the guest, if <code>resrc=hostdev</code></dd>
-      <dt><code>chardev</code></dt>
-      <dd>The path of the character device assigned to the guest, if <code>resrc=hostdev</code></dd>
-    </dl>
-
-    <h4><a id="typeresourcetpm">TPM</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>tpm</code> or <code>tpm-emulator</code></dd>
-      <dt><code>device</code></dt>
-      <dd>The path of the host TPM device assigned to the guest</dd>
-    </dl>
-
-    <h4><a id="typeresourcerng">RNG</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>rng</code></dd>
-      <dt><code>old-rng</code></dt>
-      <dd>Original path of the host entropy source for the RNG</dd>
-      <dt><code>new-rng</code></dt>
-      <dd>Updated path of the host entropy source for the RNG</dd>
-    </dl>
-
-    <h4><a id="typeresourcechardev">console/serial/parallel/channel</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>chardev</code></dd>
-      <dt><code>old-chardev</code></dt>
-      <dd>Original path of the backing character device for given emulated device</dd>
-      <dt><code>new-chardev</code></dt>
-      <dd>Updated path of the backing character device for given emulated device</dd>
-    </dl>
-
-    <h4><a id="typeresourcesmartcard">smartcard</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>smartcard</code></dd>
-      <dt><code>old-smartcard</code></dt>
-      <dd>Original path of the backing character device, certificate store or
-          "nss-smartcard-device" for host smartcard passthrough.
-      </dd>
-      <dt><code>new-smartcard</code></dt>
-      <dd>Updated path of the backing character device, certificate store or
-          "nss-smartcard-device" for host smartcard passthrough.
-      </dd>
-    </dl>
-
-    <h4><a id="typeresourceredir">Redirected device</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>redir</code></dd>
-      <dt><code>bus</code></dt>
-      <dd>The bus type, only <code>usb</code> allowed</dd>
-      <dt><code>device</code></dt>
-      <dd>The device type, only <code>USB redir</code> allowed</dd>
-    </dl>
-
-    <h4><a id="typeresourcecgroup">Control group</a></h4>
-
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>cgroup</code></dd>
-      <dt><code>cgroup</code></dt>
-      <dd>The name of the cgroup controller</dd>
-    </dl>
-
-
-    <h4><a id="typeresourceshmem">Shared memory</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>shmem</code></dd>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>size</code></dt>
-      <dd>The size of the shared memory region</dd>
-      <dt><code>shmem</code></dt>
-      <dd>Name of the shared memory region</dd>
-      <dt><code>source</code></dt>
-      <dd>Path of the backing character device for given emulated device</dd>
-    </dl>
-
-  </body>
-</html>

docs/auditlog.rst

@@ -0,0 +1,321 @@
+=========
+Audit log
+=========
+
+.. contents::
+
+Introduction
+------------
+
+A number of the libvirt virtualization drivers (QEMU/KVM and LXC)
+include support for logging details of important operations to the
+host's audit subsystem. This provides administrators / auditors with a
+canonical historical record of changes to virtual machines' /
+containers' lifecycle states and their configuration. On hosts which are
+running the Linux audit daemon, the logs will usually end up in
+``/var/log/audit/audit.log``
+
+Configuration
+-------------
+
+The libvirt audit integration is enabled by default on any host which
+has the Linux audit subsystem active, and disabled otherwise. It is
+possible to alter this behaviour in the ``/etc/libvirt/libvirtd.conf``
+configuration file, via the ``audit_level`` parameter
+
+-  ``audit_level=0`` - libvirt auditing is disabled regardless of host
+   audit subsystem enablement.
+-  ``audit_level=1`` - libvirt auditing is enabled if the host audit
+   subsystem is enabled, otherwise it is disabled. This is the default
+   behaviour.
+-  ``audit_level=2`` - libvirt auditing is enabled regardless of host
+   audit subsystem enablement. If the host audit subsystem is disabled,
+   then libvirtd will refuse to complete startup and exit with an error.
+
+In addition to have formal messages sent to the audit subsystem it is
+possible to tell libvirt to inject messages into its own logging layer.
+This will result in messages ending up in the systemd journal or
+``/var/log/libvirt/libvirtd.log`` on non-systemd hosts. This is disabled
+by default, but can be requested by setting the ``audit_logging=1``
+configuration parameter in the same file mentioned above.
+
+Message types
+-------------
+
+Libvirt defines three core audit message types each of which will be
+described below. There are a number of common fields that will be
+reported for all message types.
+
+``pid``
+   Process ID of the libvirtd daemon generating the audit record.
+``uid``
+   User ID of the libvirtd daemon process generating the audit record.
+``subj``
+   Security context of the libvirtd daemon process generating the audit
+   record.
+``msg``
+   String containing a list of key=value pairs specific to the type of
+   audit record being reported.
+
+Some fields in the ``msg`` string are common to audit records
+
+``virt``
+   Type of virtualization driver used. One of ``qemu`` or ``lxc``
+``vm``
+   Host driver unique name of the guest
+``uuid``
+   Globally unique identifier for the guest
+``exe``
+   Path of the libvirtd daemon
+``hostname``
+   Currently unused
+``addr``
+   Currently unused
+``terminal``
+   Currently unused
+``res``
+   Result of the action, either ``success`` or ``failed``
+
+VIRT_CONTROL
+~~~~~~~~~~~~
+
+Reports change in the lifecycle state of a virtual machine. The ``msg``
+field will include the following sub-fields
+
+``op``
+   Type of operation performed. One of ``start``, ``stop`` or ``init``
+``reason``
+   The reason which caused the operation to happen
+``vm-pid``
+   ID of the primary/leading process associated with the guest
+``init-pid``
+   ID of the ``init`` process in a container. Only if ``op=init`` and
+   ``virt=lxc``
+``pid-ns``
+   Namespace ID of the ``init`` process in a container. Only if
+   ``op=init`` and ``virt=lxc``
+
+VIRT_MACHINE_ID
+~~~~~~~~~~~~~~~
+
+Reports the association of a security context with a guest. The ``msg``
+field will include the following sub-fields
+
+``model``
+   The security driver type. One of ``selinux`` or ``apparmor``
+``vm-ctx``
+   Security context for the guest process
+``img-ctx``
+   Security context for the guest disk images and other assigned host
+   resources
+
+VIRT_RESOURCE
+~~~~~~~~~~~~~
+
+Reports the usage of a host resource by a guest. The fields include will
+vary according to the type of device being reported. When the guest is
+initially booted records will be generated for all assigned resources.
+If any changes are made to the running guest configuration, for example
+hotplug devices, or adjust resources allocation, further records will be
+generated.
+
+Virtual CPU
+^^^^^^^^^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``vcpu``
+``old-vcpu``
+   Original vCPU count, or 0
+``new-vcpu``
+   Updated vCPU count
+
+Memory
+^^^^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``mem``
+``old-mem``
+   Original memory size in bytes, or 0
+``new-mem``
+   Updated memory size in bytes
+
+Disk
+^^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``disk``
+``old-disk``
+   Original host file or device path acting as the disk backing file
+``new-disk``
+   Updated host file or device path acting as the disk backing file
+
+Network interface
+^^^^^^^^^^^^^^^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``net``
+``old-net``
+   Original MAC address of the guest network interface
+``new-net``
+   Updated MAC address of the guest network interface
+
+If there is a host network interface associated with the guest NIC then
+further records may be generated
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``net``
+``net``
+   MAC address of the host network interface
+``rdev``
+   Name of the host network interface
+
+Filesystem
+^^^^^^^^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``fs``
+``old-fs``
+   Original host directory, file or device path backing the filesystem
+``new-fs``
+   Updated host directory, file or device path backing the filesystem
+
+Host device
+^^^^^^^^^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``hostdev`` or ``dev``
+``dev``
+   The unique bus identifier of the USB, PCI or SCSI device, if
+   ``resrc=dev``
+``disk``
+   The path of the block device assigned to the guest, if
+   ``resrc=hostdev``
+``chardev``
+   The path of the character device assigned to the guest, if
+   ``resrc=hostdev``
+
+TPM
+^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``tpm`` or ``tpm-emulator``
+``device``
+   The path of the host TPM device assigned to the guest
+
+RNG
+^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``rng``
+``old-rng``
+   Original path of the host entropy source for the RNG
+``new-rng``
+   Updated path of the host entropy source for the RNG
+
+console/serial/parallel/channel
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``chardev``
+``old-chardev``
+   Original path of the backing character device for given emulated
+   device
+``new-chardev``
+   Updated path of the backing character device for given emulated
+   device
+
+smartcard
+^^^^^^^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``smartcard``
+``old-smartcard``
+   Original path of the backing character device, certificate store or
+   "nss-smartcard-device" for host smartcard passthrough.
+``new-smartcard``
+   Updated path of the backing character device, certificate store or
+   "nss-smartcard-device" for host smartcard passthrough.
+
+Redirected device
+^^^^^^^^^^^^^^^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``redir``
+``bus``
+   The bus type, only ``usb`` allowed
+``device``
+   The device type, only ``USB redir`` allowed
+
+Control group
+^^^^^^^^^^^^^
+
+The ``msg`` field will include the following sub-fields
+
+``reason``
+   The reason which caused the resource to be assigned to happen
+``resrc``
+   The type of resource assigned. Set to ``cgroup``
+``cgroup``
+   The name of the cgroup controller
+
+Shared memory
+^^^^^^^^^^^^^
+
+The ``msg`` field will include the following sub-fields
+
+``resrc``
+   The type of resource assigned. Set to ``shmem``
+``reason``
+   The reason which caused the resource to be assigned to happen
+``size``
+   The size of the shared memory region
+``shmem``
+   Name of the shared memory region
+``source``
+   Path of the backing character device for given emulated device

docs/auth.html.in

@@ -1,366 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Connection authentication</h1>
-    <p>
-      When connecting to libvirt, some connections may require client
-      authentication before allowing use of the APIs. The set of possible
-      authentication mechanisms is administrator controlled, independent
-      of applications using libvirt. Once authenticated, libvirt can apply
-      fine grained <a href="acl.html">access control</a> to the operations
-      performed by a client.
-    </p>
-
-    <ul id="toc"></ul>
-
-    <h2><a id="Auth_client_config">Client configuration</a></h2>
-
-    <p>
-      When connecting to a remote hypervisor which requires authentication,
-most libvirt applications will prompt the user for the credentials. It is
-also possible to provide a client configuration file containing all the
-authentication credentials, avoiding any interaction. Libvirt will look
-for the authentication file using the following sequence:
-    </p>
-    <ol>
-      <li>The file path specified by the $LIBVIRT_AUTH_FILE environment
-        variable.</li>
-      <li>The file path specified by the "authfile=/some/file" URI
-        query parameter</li>
-      <li>The file $XDG_CONFIG_HOME/libvirt/auth.conf</li>
-      <li>The file /etc/libvirt/auth.conf</li>
-    </ol>
-
-    <p>
-      The auth configuration file uses the traditional <code>".ini"</code>
-      style syntax. There are two types of groups that can be present in
-      the config. First there are one or more <strong>credential</strong>
-      sets, which provide the actual authentication credentials. The keys
-      within the group may be:
-    </p>
-
-    <ul>
-      <li><code>username</code>: the user login name to act as. This
-        is relevant for ESX, Xen, HyperV and SSH, but probably not
-        the one you want to libvirtd with SASL.</li>
-      <li><code>authname</code>: the name to authorize as. This is
-        what is commonly required for libvirtd with SASL.</li>
-      <li><code>password</code>: the secret password</li>
-      <li><code>realm</code>: the domain realm for SASL, mostly
-        unused</li>
-    </ul>
-
-    <p>
-      Each set of credentials has a name, which is part of the group
-      entry name. Overall the syntax is
-    </p>
-
-    <pre>
-[credentials-$NAME]
-credname1=value1
-credname2=value2</pre>
-
-    <p>
-      For example, to define two sets of credentials used for production
-      and test machines, using libvirtd, and a further ESX server for dev:
-    </p>
-<pre>
-[credentials-test]
-authname=fred
-password=123456
-
-[credentials-prod]
-authname=bar
-password=letmein
-
-[credentials-dev]
-username=joe
-password=hello
-
-[credentials-defgrp]
-username=defuser
-password=defpw</pre>
-
-    <p>
-      The second set of groups provide mappings of credentials to
-      specific machine services. The config file group names compromise
-      the service type and host:
-    </p>
-
-    <pre>
-[auth-$SERVICE-$HOSTNAME]
-credentials=$CREDENTIALS</pre>
-
-    <p>
-      For example, following the previous example, here is how to
-      map some machines. For convenience libvirt supports a default
-      mapping of credentials to machines:
-    </p>
-
-    <pre>
-[auth-libvirt-test1.example.com]
-credentials=test
-
-[auth-libvirt-test2.example.com]
-credentials=test
-
-[auth-libvirt-demo3.example.com]
-credentials=test
-
-[auth-libvirt-prod1.example.com]
-credentials=prod
-
-[auth-libvirt-default]
-credentials=defgrp
-
-[auth-esx-dev1.example.com]
-credentials=dev
-
-[auth-esx-default]
-credentials=defgrp</pre>
-
-
-    <p>
-      The following service types are known to libvirt
-    </p>
-
-    <ol>
-      <li><code>libvirt</code> - used for connections to a libvirtd
-        server, which is configured with SASL auth</li>
-      <li><code>ssh</code> - used for connections to a Phyp server
-        over SSH, but the Phyp driver has been removed</li>
-      <li><code>esx</code> - used for connections to an ESX or
-        VirtualCenter server</li>
-    </ol>
-
-    <p>
-      Applications using libvirt are free to use this same configuration
-      file for storing other credentials. For example, it can be used
-      to storage VNC or SPICE login credentials
-    </p>
-
-    <h2><a id="ACL_server_config">Server configuration</a></h2>
-    <p>
-The libvirt daemon allows the administrator to choose the authentication
-mechanisms used for client connections on each network socket independently.
-This is primarily controlled via the libvirt daemon master config file in
-<code>/etc/libvirt/libvirtd.conf</code>. Each of the libvirt sockets can
-have its authentication mechanism configured independently. There is
-currently a choice of <code>none</code>, <code>polkit</code>, and <code>sasl</code>.
-The SASL scheme can be further configured to choose between a large
-number of different mechanisms.
-</p>
-    <h2><a id="ACL_server_unix_perms">UNIX socket permissions/group</a></h2>
-    <p>
-If libvirt does not contain support for PolicyKit, then access control for
-the UNIX domain socket is done using traditional file user/group ownership
-and permissions. There are 2 sockets, one for full read-write access, the
-other for read-only access. The RW socket will be restricted (mode 0700) to
-only allow the <code>root</code> user to connect. The read-only socket will
-be open access (mode 0777) to allow any user to connect.
-</p>
-    <p>
-To allow non-root users greater access, the <code>libvirtd.conf</code> file
-can be edited to change the permissions via the <code>unix_sock_rw_perms</code>,
-config parameter and to set a user group via the <code>unix_sock_group</code>
-parameter. For example, setting the former to mode <code>0770</code> and the
-latter <code>wheel</code> would let any user in the wheel group connect to
-the libvirt daemon.
-</p>
-    <h2><a id="ACL_server_polkit">UNIX socket PolicyKit auth</a></h2>
-    <p>
-If libvirt contains support for PolicyKit, then access control options are
-more advanced. The <code>auth_unix_rw</code> parameter will default to
-<code>polkit</code>, and the file permissions will default to <code>0777</code>
-even on the RW socket. Upon connecting to the socket, the client application
-will be required to identify itself with PolicyKit. The default policy for the
-RW daemon socket will require any application running in the current desktop
-session to authenticate using the user's password. This is akin to <code>sudo</code>
-auth, but does not require that the client application ultimately run as root.
-Default policy will still allow any application to connect to the RO socket.
-</p>
-    <p>
-The default policy can be overridden by creating a new policy file in the
-<code>/etc/polkit-1/rules.d</code> directory. Information on the options
-available can be found by reading the <code>polkit(8)</code> man page. The
-two libvirt actions are named <code>org.libvirt.unix.manage</code> for full
-management access, and <code>org.libvirt.unix.monitor</code> for read-only
-access.
-</p>
-    <p>
-As an example, creating <code>/etc/polkit-1/rules.d/80-libvirt-manage.rules</code>
-with the following gives the user <code>fred</code> full management access
-when accessing from an active local session:
-    </p>
-<pre>polkit.addRule(function(action, subject) {
-  if (action.id == "org.libvirt.unix.manage" &amp;&amp;
-      subject.local &amp;&amp; subject.active &amp;&amp; subject.user == "fred") {
-      return polkit.Result.YES;
-  }
-});</pre>
-    <p>
-Older versions of PolicyKit used policy files ending with .pkla in the
-local override directory <code>/etc/polkit-1/localauthority/50-local.d/</code>.
-Compatibility with this older format is provided by <a
-href="https://pagure.io/polkit-pkla-compat">polkit-pkla-compat</a>. As an
-example, this gives the user <code>fred</code> full management access:
-    </p>
-<pre>[Allow fred libvirt management permissions]
-Identity=unix-user:fred
-Action=org.libvirt.unix.manage
-ResultAny=yes
-ResultInactive=yes
-ResultActive=yes</pre>
-    <h2><a id="ACL_server_sasl">SASL pluggable authentication</a></h2>
-
-    <p>
-Libvirt integrates with the cyrus-sasl library to provide a pluggable authentication
-system using the SASL protocol. SASL can be used in combination with libvirtd's TLS
-or TCP socket listeners. When used with the TCP listener, the SASL mechanism is
-rqeuired to provide session encryption in addition to authentication. Only a very
-few SASL mechanisms are able to do this, and of those that can do it, only the
-GSSAPI plugin is considered acceptably secure by modern standards:
-    </p>
-
-    <dl>
-      <dt>GSSAPI</dt>
-      <dd><strong>This is the current default mechanism to use with libvirtd</strong>.
-        It uses the Kerberos v5 authentication protocol underneath, and assuming
-        the Kerberos client/server are configured with modern ciphers (AES),
-        it provides strong session encryption capabilities.</dd>
-
-      <dt>DIGEST-MD5</dt>
-      <dd>This was previously set as the default mechanism to use with libvirtd.
-        It provides a simple username/password based authentication mechanism
-        that includes session encryption.
-        <a href="https://tools.ietf.org/html/rfc6331">RFC 6331</a>, however,
-        documents a number of serious security flaws with DIGEST-MD5 and as a
-        result marks it as <code>OBSOLETE</code>. Specific concerns are that
-        it is vulnerable to MITM attacks and the MD5 hash can be brute-forced
-        to reveal the password. A replacement is provided via the SCRAM mechanism,
-        however, note that this does not provide encryption, so the SCRAM
-        mechanism can only be used on the libvirtd TLS listener.
-      </dd>
-
-      <dt>PASSDSS-3DES-1</dt>
-      <dd>This provides a simple username/password based authentication
-        mechanism that includes session encryption. The current cyrus-sasl
-        implementation does not provide a way to validate the server's
-        public key identity, thus it is susceptible to a MITM attacker
-        impersonating the server. It is also not enabled in many OS
-        distros when building SASL libraries.</dd>
-
-      <dt>KERBEROS_V4</dt>
-      <dd>This uses the obsolete Kerberos v4 protocol to provide both authentication
-        and session encryption. Kerberos v4 protocol has been obsolete since the
-        early 1990's and has known security vulnerabilities so this will never be
-        used in practice.</dd>
-    </dl>
-
-    <p>
-      Other SASL mechanisms, not listed above, can only be used when the libvirtd
-      TLS or UNIX socket listeners.
-    </p>
-
-    <h3><a id="ACL_server_username">Username/password auth</a></h3>
-    <p>
-As noted above, the DIGEST-MD5 mechanism is considered obsolete and should
-not be used anymore. To provide a simple username/password auth scheme on
-the libvirt UNIX socket or TLS listeners, however, it is possible to use
-the SCRAM mechanism. The <code>auth_unix_ro</code>, <code>auth_unix_rw</code>,
-<code>auth_tls</code> config params in <code>libvirt.conf</code> can be used
-to turn on SASL auth in these listeners.
-    </p>
-    <p>
-Since the libvirt SASL config file defaults to using GSSAPI (Kerberos), a
-config change is required to enable plain password auth. This is done by
-editting <code>/etc/sasl2/libvirt.conf</code> to set the <code>mech_list</code>
-parameter to <code>scram-sha-1</code>.
-    </p>
-    <p>
-Out of the box, no user accounts are defined, so no clients will be able to authenticate
-on the TCP socket. Adding users and setting their passwords is done with the <code>saslpasswd2</code>
-command. When running this command it is important to tell it that the appname is <code>libvirt</code>.
-As an example, to add a user <code>fred</code>, run
-</p>
-    <pre>
-# saslpasswd2 -a libvirt fred
-Password: xxxxxx
-Again (for verification): xxxxxx
-</pre>
-    <p>
-To see a list of all accounts the <code>sasldblistusers2</code> command can be used.
-This command expects to be given the path to the libvirt user database, which is kept
-in <code>/etc/libvirt/passwd.db</code>
-</p>
-    <pre>
-# sasldblistusers2 -f /etc/libvirt/passwd.db
-fred@t60wlan.home.berrange.com: userPassword
-</pre>
-    <p>
-Finally, to disable a user's access, the <code>saslpasswd2</code> command can be used
-again:
-</p>
-    <pre>
-# saslpasswd2 -a libvirt -d fred
-</pre>
-    <h3><a id="ACL_server_kerberos">GSSAPI/Kerberos auth</a></h3>
-    <p>
-The plain TCP listener of the libvirt daemon defaults to using SASL for authentication.
-The libvirt SASL config also defaults to GSSAPI, so there is no need to edit the
-SASL config when using GSSAPI. If the libvirtd TLS or UNIX listeners are used,
-then the Kerberos session encryption will be disabled since it is not required
-in these scenarios - only the plain TCP listener needs encryption
-</p>
-    <p>
-Some operating systems do not install the SASL kerberos plugin by default. It
-may be necessary to install a sub-package such as <code>cyrus-sasl-gssapi</code>.
-To check whether the Kerberos plugin is installed run the <code>pluginviewer</code>
-program and verify that <code>gssapi</code> is listed, e.g.:
-</p>
-    <pre>
-# pluginviewer
-...snip...
-Plugin "gssapiv2" [loaded],     API version: 4
-        SASL mechanism: GSSAPI, best SSF: 56
-        security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
-        features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|NEED_SERVER_FQDN
-</pre>
-    <p>
-Next it is necessary for the administrator of the Kerberos realm to
-issue a principal for the libvirt server. There needs to be one
-principal per host running the libvirt daemon. The principal should be
-named <code>libvirt/full.hostname@KERBEROS.REALM</code>.  This is
-typically done by running the <code>kadmin.local</code> command on the
-Kerberos server, though some Kerberos servers have alternate ways of
-setting up service principals.  Once created, the principal should be
-exported to a keytab, copied to the host running the libvirt daemon
-and placed in <code>/etc/libvirt/krb5.tab</code>
-</p>
-    <pre>
-# kadmin.local
-kadmin.local: add_principal libvirt/foo.example.com
-Enter password for principal "libvirt/foo.example.com@EXAMPLE.COM":
-Re-enter password for principal "libvirt/foo.example.com@EXAMPLE.COM":
-Principal "libvirt/foo.example.com@EXAMPLE.COM" created.
-
-kadmin.local:  ktadd -k /root/libvirt-foo-example.tab libvirt/foo.example.com@EXAMPLE.COM
-Entry for principal libvirt/foo.example.com@EXAMPLE.COM with kvno 4, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/root/libvirt-foo-example.tab.
-Entry for principal libvirt/foo.example.com@EXAMPLE.COM with kvno 4, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/root/libvirt-foo-example.tab.
-Entry for principal libvirt/foo.example.com@EXAMPLE.COM with kvno 4, encryption type DES with HMAC/sha1 added to keytab WRFILE:/root/libvirt-foo-example.tab.
-Entry for principal libvirt/foo.example.com@EXAMPLE.COM with kvno 4, encryption type DES cbc mode with RSA-MD5 added to keytab WRFILE:/root/libvirt-foo-example.tab.
-
-kadmin.local: quit
-
-# scp /root/libvirt-foo-example.tab root@foo.example.com:/etc/libvirt/krb5.tab
-# rm /root/libvirt-foo-example.tab
-</pre>
-    <p>
-Any client application wishing to connect to a Kerberos enabled libvirt server
-merely needs to run <code>kinit</code> to gain a user principal. This may well
-be done automatically when a user logs into a desktop session, if PAM is set up
-to authenticate against Kerberos.
-</p>
-  </body>
-</html>

docs/auth.rst

@@ -0,0 +1,324 @@
+=========================
+Connection authentication
+=========================
+
+.. contents::
+
+When connecting to libvirt, some connections may require client
+authentication before allowing use of the APIs. The set of possible
+authentication mechanisms is administrator controlled, independent
+of applications using libvirt. Once authenticated, libvirt can apply
+fine grained `access control <acl.html>`_ to the operations
+performed by a client.
+
+Client configuration
+====================
+
+When connecting to a remote hypervisor which requires authentication,
+most libvirt applications will prompt the user for the credentials. It is
+also possible to provide a client configuration file containing all the
+authentication credentials, avoiding any interaction. Libvirt will look
+for the authentication file using the following sequence:
+
+* The file path specified by the ``$LIBVIRT_AUTH_FILE`` environment
+  variable.
+* The file path specified by the ``authfile=/some/file`` URI
+  query parameter
+* The file ``$XDG_CONFIG_HOME/libvirt/auth.conf``
+* The file ``/etc/libvirt/auth.conf``
+
+The auth configuration file uses the traditional ``.ini``
+style syntax. There are two types of groups that can be present in
+the config. First there are one or more ``credential``
+sets, which provide the actual authentication credentials. The keys
+within the group may be:
+
+* ``username``: the user login name to act as. This
+  is relevant for ESX, Xen, HyperV and SSH, but probably not
+  the one you want for libvirtd with SASL.
+* ``authname``: the name to authorize as. This is
+  what is commonly required for libvirtd with SASL.
+* ``password``: the secret password.
+* ``realm``: the domain realm for SASL, mostly unused.
+
+Each set of credentials has a name, which is part of the group
+entry name. Overall the syntax is
+
+::
+
+   [credentials-$NAME]
+   credname1=value1
+   credname2=value2
+
+
+For example, to define two sets of credentials used for production
+and test machines, using libvirtd, and a further ESX server for
+development:
+
+::
+
+   [credentials-test]
+   authname=fred
+   password=123456
+
+   [credentials-prod]
+   authname=bar
+   password=letmein
+
+   [credentials-dev]
+   username=joe
+   password=hello
+
+   [credentials-defgrp]
+   username=defuser
+   password=defpw
+
+The second set of groups provide mappings of credentials to
+specific machine services. The config file group names compromise
+the service type and host:
+
+::
+
+   [auth-$SERVICE-$HOSTNAME]
+   credentials=$CREDENTIALS
+
+For example, following the previous example, here is how to
+map some machines. For convenience libvirt supports a default
+mapping of credentials to machines:
+
+::
+
+   [auth-libvirt-test1.example.com]
+   credentials=test
+
+   [auth-libvirt-test2.example.com]
+   credentials=test
+
+   [auth-libvirt-demo3.example.com]
+   credentials=test
+
+   [auth-libvirt-prod1.example.com]
+   credentials=prod
+
+   [auth-libvirt-default]
+   credentials=defgrp
+
+   [auth-esx-dev1.example.com]
+   credentials=dev
+
+   [auth-esx-default]
+   credentials=defgrp
+
+The following service types are known to libvirt:
+
+* ``esx`` - used for connections to an ESX or VirtualCenter server
+* ``hyperv`` - used for connections to an HyperV server
+* ``libvirt`` - used for connections to a libvirtd
+  server, which is configured with SASL auth
+* ``ssh`` - used for connections to a remote QEMU driver over SSH
+
+
+Applications using libvirt are free to use this same configuration
+file for storing other credentials. For example, it can be used
+to storage VNC or SPICE login credentials
+
+Server configuration
+====================
+
+The libvirt daemon allows the administrator to choose the authentication
+mechanisms used for client connections on each network socket independently.
+This is primarily controlled via the libvirt daemon master config file in
+``/etc/libvirt/libvirtd.conf``. Each of the libvirt sockets can
+have its authentication mechanism configured independently. There is
+currently a choice of ``none``, ``polkit``, and ``sasl``.
+The SASL scheme can be further configured to choose between a large
+number of different mechanisms.
+
+UNIX socket permissions/group
+-----------------------------
+
+If libvirt does not contain support for PolicyKit, then access control for
+the UNIX domain socket is done using traditional file user/group ownership
+and permissions. There are 2 sockets, one for full read-write access, the
+other for read-only access. The RW socket will be restricted (mode 0700) to
+only allow the ``root`` user to connect. The read-only socket will
+be open access (mode 0777) to allow any user to connect.
+
+To allow non-root users greater access, the ``libvirtd.conf`` file
+can be edited to change the permissions via the ``unix_sock_rw_perms``,
+config parameter and to set a user group via the ``unix_sock_group``
+parameter. For example, setting the former to mode ``0770`` and the
+latter ``wheel`` would let any user in the wheel group connect to
+the libvirt daemon.
+
+UNIX socket PolicyKit auth
+--------------------------
+
+If libvirt contains support for PolicyKit, then access control options are
+more advanced. The ``auth_unix_rw`` parameter will default to
+``polkit``, and the file permissions will default to ``0777``
+even on the RW socket. Upon connecting to the socket, the client application
+will be required to identify itself with PolicyKit. The default policy for the
+RW daemon socket will require any application running in the current desktop
+session to authenticate using the user's password. This is akin to ``sudo``
+auth, but does not require that the client application ultimately run as root.
+Default policy will still allow any application to connect to the RO socket.
+
+The default policy can be overridden by creating a new policy file in the
+``/etc/polkit-1/rules.d`` directory. Information on the options
+available can be found by reading the ``polkit(8)`` man page. The
+two libvirt actions are named ``org.libvirt.unix.manage`` for full
+management access, and ``org.libvirt.unix.monitor`` for read-only
+access.
+
+As an example, creating ``/etc/polkit-1/rules.d/80-libvirt-manage.rules``
+with the following gives the user ``fred`` full management access
+when accessing from an active local session:
+
+::
+
+   polkit.addRule(function(action, subject) {
+     if (action.id == "org.libvirt.unix.manage" &&
+         subject.local && subject.active && subject.user == "fred") {
+       return polkit.Result.YES;
+     }
+   });
+
+Older versions of PolicyKit used policy files ending with .pkla in the
+local override directory ``/etc/polkit-1/localauthority/50-local.d/``.
+Compatibility with this older format is provided by
+`polkit-pkla-compat <https://pagure.io/polkit-pkla-compat>`_. As an
+example, this gives the user ``fred`` full management access:
+
+::
+
+   [Allow fred libvirt management permissions]
+   Identity=unix-user:fred
+   Action=org.libvirt.unix.manage
+   ResultAny=yes
+   ResultInactive=yes
+   ResultActive=yes
+
+SASL pluggable authentication
+-----------------------------
+
+Libvirt integrates with the ``cyrus-sasl`` library to provide a pluggable
+authentication system using the SASL protocol. SASL can be used in combination
+with libvirtd's TLS or TCP socket listeners. When used with the TCP listener,
+the SASL mechanism is required to provide session encryption in addition to
+authentication. Only a very few SASL mechanisms are able to do this, and of
+those that can do it, only the ``GSSAPI`` plugin is considered acceptably secure
+by modern standards. ``GSSAPI`` is the default mechanism enabled in the libvirt
+SASL configuration. It uses the Kerberos v5 authentication protocol underneath,
+and assuming the Kerberos client/server are configured with modern ciphers
+(AES), it provides strong session encryption capabilities. All other SASL
+mechanisms should only be used with the libvirtd TLS or UNIX socket listeners.
+
+Username/password auth
+~~~~~~~~~~~~~~~~~~~~~~
+
+To provide a simple username/password auth scheme on the libvirt UNIX socket
+or TLS listeners, however, it is possible to use the ``SCRAM`` mechanism, in its
+``SCRAM-SHA-256`` variant. The ``auth_unix_ro``, ``auth_unix_rw``, ``auth_tls``
+config params in ``libvirtd.conf`` can be used to turn on SASL auth in these
+listeners.
+
+Since the libvirt SASL config file defaults to using ``GSSAPI`` (Kerberos), a
+config change is required to enable plain password auth. This is done by
+editing ``/etc/sasl2/libvirt.conf`` to set the ``mech_list``
+parameter to ``scram-sha-256``.
+
+**Note:** previous versions of libvirt suggested ``DIGEST-MD5`` and
+``SCRAM-SHA-1`` mechanisms. **Use of these is strongly discouraged as they are
+not considered secure by modern standards.** It is possible to replace them with
+use of ``SCRAM-SHA-256``, while still using the same password database.
+
+Out of the box, no user accounts are defined, so no clients will be able to
+authenticate on the TCP socket. Adding users and setting their passwords is
+done with the ``saslpasswd2`` command. When running this command it is
+important to tell it that the appname is ``libvirt``. As an example, to add
+a user ``fred``, run
+
+::
+
+   # saslpasswd2 -a libvirt fred
+   Password: xxxxxx
+   Again (for verification): xxxxxx
+
+To see a list of all accounts the ``sasldblistusers2`` command can be used.
+This command expects to be given the path to the libvirt user database, which
+is kept in ``/etc/libvirt/passwd.db``
+
+::
+
+   # sasldblistusers2 -f /etc/libvirt/passwd.db
+   fred@t60wlan.home.berrange.com: userPassword
+
+Finally, to disable a user's access, the ``saslpasswd2`` command can be used
+again:
+
+::
+
+   # saslpasswd2 -a libvirt -d fred
+
+**Note: the SASL ``passwd.db`` file stores passwords in clear text, so
+care should be taken not to let its contents be disclosed to unauthorized
+users.**
+
+GSSAPI/Kerberos auth
+~~~~~~~~~~~~~~~~~~~~
+
+The plain TCP listener of the libvirt daemon defaults to using SASL for
+authentication. The libvirt SASL config also defaults to ``GSSAPI``, so there
+is no need to edit the SASL config when using ``GSSAPI``. If the libvirtd TLS
+or UNIX listeners are used, then the Kerberos session encryption will be
+disabled since it is not required in these scenarios - only the plain TCP
+listener needs encryption.
+
+Some operating systems do not install the SASL kerberos plugin by default. It
+may be necessary to install a sub-package such as ``cyrus-sasl-gssapi``.
+To check whether the Kerberos plugin is installed run the ``pluginviewer``
+program and verify that ``gssapi`` is listed, e.g.:
+
+::
+
+   # pluginviewer
+   ...snip...
+   Plugin "gssapiv2" [loaded],     API version: 4
+   SASL mechanism: GSSAPI, best SSF: 56
+   security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
+   features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|NEED_SERVER_FQDN
+
+Next it is necessary for the administrator of the Kerberos realm to
+issue a principal for the libvirt server. There needs to be one
+principal per host running the libvirt daemon. The principal should be
+named ``libvirt/full.hostname@KERBEROS.REALM``.  This is
+typically done by running the ``kadmin.local`` command on the
+Kerberos server, though some Kerberos servers have alternate ways of
+setting up service principals.  Once created, the principal should be
+exported to a keytab, copied to the host running the libvirt daemon
+and placed in ``/etc/libvirt/krb5.tab``
+
+::
+
+   # kadmin.local
+   kadmin.local: add_principal libvirt/foo.example.com
+   Enter password for principal "libvirt/foo.example.com@EXAMPLE.COM":
+   Re-enter password for principal "libvirt/foo.example.com@EXAMPLE.COM":
+   Principal "libvirt/foo.example.com@EXAMPLE.COM" created.
+
+   kadmin.local:  ktadd -k /root/libvirt-foo-example.tab libvirt/foo.example.com@EXAMPLE.COM
+   Entry for principal libvirt/foo.example.com@EXAMPLE.COM with kvno 4, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/root/libvirt-foo-example.tab.
+   Entry for principal libvirt/foo.example.com@EXAMPLE.COM with kvno 4, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/root/libvirt-foo-example.tab.
+   Entry for principal libvirt/foo.example.com@EXAMPLE.COM with kvno 4, encryption type DES with HMAC/sha1 added to keytab WRFILE:/root/libvirt-foo-example.tab.
+   Entry for principal libvirt/foo.example.com@EXAMPLE.COM with kvno 4, encryption type DES cbc mode with RSA-MD5 added to keytab WRFILE:/root/libvirt-foo-example.tab.
+
+   kadmin.local: quit
+
+   # scp /root/libvirt-foo-example.tab root@foo.example.com:/etc/libvirt/krb5.tab
+   # rm /root/libvirt-foo-example.tab
+
+Any client application wishing to connect to a Kerberos enabled libvirt server
+merely needs to run ``kinit`` to gain a user principal. This may well
+be done automatically when a user logs into a desktop session, if PAM is set up
+to authenticate against Kerberos.

docs/best-practices.rst

@@ -0,0 +1,37 @@
+==============
+Best practices
+==============
+
+These are a few guidelines to keep in mind when submitting patches
+to libvirt: following them will maximise the chance of your patches
+being reviewed in a timely manner and being accepted into libvirt
+with minimal back-and-forth.
+
+-  Discuss any large changes on the mailing list first. Post
+   patches early and listen to feedback.
+
+-  In your commit message, make the summary line reasonably short
+   (60 characters is typical), followed by a blank line, followed
+   by any longer description of why your patch makes sense. If the
+   patch fixes a regression, and you know what commit introduced
+   the problem, mentioning that is useful. If the patch resolves a
+   upstream bug reported in GitLab, put "Fixes: #NNN" in the commit
+   message. For a downstream bug, mention the URL of the bug instead.
+   In both cases also summarize the issue rather than making all
+   readers follow the link. You can use 'git shortlog -30' to get
+   an idea of typical summary lines.
+
+-  Split large changes into a series of smaller patches,
+   self-contained if possible, with an explanation of each patch
+   and an explanation of how the sequence of patches fits
+   together. Moreover, please keep in mind that it's required to
+   be able to compile cleanly (**including** ``ninja test``) after
+   each patch. A feature does not have to work until the end of a
+   series, but intermediate patches must compile and not cause
+   test-suite failures (this is to preserve the usefulness of
+   ``git bisect``, among other things).
+
+There is more on this subject, including lots of links to
+background reading on the subject, on `Richard Jones' guide to
+working with open source
+projects <https://people.redhat.com/rjones/how-to-supply-code-to-open-source-projects/>`__.

docs/bindings.html.in

@@ -1,101 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1 >Bindings for other languages and integration API modules</h1>
-
-    <p>
-      Libvirt supports C and C++ directly, and has bindings available
-      for other languages:
-    </p>
-
-    <ul>
-      <li>
-        <strong>C#</strong>: Arnaud Champion develops
-        <a href="csharp.html">C# bindings</a>.
-      </li>
-     <li>
-        <strong>Go</strong>: Daniel Berrange develops
-        <a href="https://godoc.org/github.com/libvirt/libvirt-go">Go bindings</a>.
-      </li>
-      <li>
-        <strong>Java</strong>: Daniel Veillard develops
-        <a href="java.html">Java bindings</a>.
-      </li>
-      <li>
-        <strong>OCaml</strong>: Richard Jones develops
-        <a href="https://libvirt.org/ocaml/">OCaml bindings</a>.
-      </li>
-      <li>
-        <strong>Perl</strong>: Daniel Berrange develops
-        <a href="http://search.cpan.org/dist/Sys-Virt/">Perl bindings</a>.
-      </li>
-      <li>
-        <p>
-          <strong>PHP</strong>: Radek Hladik started developing
-          <a href="https://libvirt.org/php">PHP bindings</a> in 2010.
-        </p>
-        <p>
-          In February 2011 the binding development has been moved to the libvirt.org website as
-          libvirt-php project.
-        </p>
-        <p>
-          The project is now maintained by Michal Novotny and it's heavily based
-          on Radek's version. For more information, including
-          information on posting patches to libvirt-php, please refer
-          to the <a href="https://libvirt.org/php">PHP bindings</a> site.
-        </p>
-      </li>
-      <li>
-        <p>
-          <strong>Python</strong>: Libvirt's python bindings are split to a
-          separate <a href="https://libvirt.org/git/?p=libvirt-python.git">package</a>
-          since version 1.2.0, older versions came with direct support for the
-          Python language.
-        </p>
-        <p>
-          If your libvirt is installed as packages, rather than compiled
-          by you from source code, ensure you have the appropriate
-          package installed.
-        </p>
-        <p>
-          This is named <b>libvirt-python</b> on RHEL/Fedora,
-          <a href="http://packages.ubuntu.com/search?keywords=python-libvirt"><b>python-libvirt</b></a>
-          on Ubuntu, and may be named differently on others.
-        </p>
-        <p>
-          For usage information, see the
-          <a href="python.html">Python API bindings</a> page.
-        </p>
-      </li>
-      <li>
-        <strong>Ruby</strong>: Chris Lalancette develops
-        <a href="https://libvirt.org/ruby/">Ruby bindings</a>.
-      </li>
-    </ul>
-
-    <p>
-      Integration API modules:
-    </p>
-
-    <ul>
-      <li>
-        <strong>D-Bus</strong>: Pavel Hrdina develops
-        <a href="dbus.html">D-Bus API</a>.
-      </li>
-    </ul>
-
-    <p>
-      For information on using libvirt on <strong>Windows</strong>
-      <a href="windows.html">please see the Windows support page</a>.
-    </p>
-
-    <p>
-      Support, requests or help for libvirt bindings are welcome on the
-      <a href="https://www.redhat.com/mailman/listinfo/libvir-list/">mailing list</a>,
-      as usual try to provide enough background information and make sure
-      you use recent version, see the <a href="bugs.html">help page</a>.
-    </p>
-
-  </body>
-</html>

docs/bindings.rst

@@ -0,0 +1,62 @@
+========================================================
+Bindings for other languages and integration API modules
+========================================================
+
+.. contents::
+
+Libvirt supports C and C++ directly, and has bindings available for
+other languages:
+
+-  **C#**: Arnaud Champion develops `C# bindings <csharp.html>`__.
+
+-  **Go**: Daniel Berrange develops `Go
+   bindings <https://pkg.go.dev/libvirt.org/libvirt-go>`__.
+
+-  **Java**: Daniel Veillard develops `Java bindings <java.html>`__.
+
+-  **OCaml**: Richard Jones develops `OCaml
+   bindings <https://libvirt.org/ocaml/>`__.
+
+-  **Perl**: Daniel Berrange develops `Perl
+   bindings <https://search.cpan.org/dist/Sys-Virt/>`__.
+
+-  **PHP**: Radek Hladik started developing `PHP
+   bindings <https://libvirt.org/php>`__ in 2010.
+
+   In February 2011 the binding development has been moved to the
+   libvirt.org website as libvirt-php project.
+
+   The project is now maintained by Michal Novotny and it's heavily
+   based on Radek's version. For more information, including information
+   on posting patches to libvirt-php, please refer to the `PHP
+   bindings <https://libvirt.org/php>`__ site.
+
+-  **Python**: Libvirt's python bindings are split to a separate
+   `package <https://gitlab.com/libvirt/libvirt-python>`__ since version
+   1.2.0, older versions came with direct support for the Python
+   language.
+
+   If your libvirt is installed as packages, rather than compiled by you
+   from source code, ensure you have the appropriate package installed.
+
+   This is named **libvirt-python** on RHEL/Fedora,
+   `python-libvirt <https://packages.ubuntu.com/search?keywords=python-libvirt>`__
+   on Ubuntu, and may be named differently on others.
+
+   For usage information, see the `Python API bindings <python.html>`__
+   page.
+
+-  **Ruby**: Chris Lalancette develops `Ruby
+   bindings <https://libvirt.org/ruby/>`__.
+
+Integration API modules:
+
+-  **D-Bus**: Pavel Hrdina develops `D-Bus API <dbus.html>`__.
+
+For information on using libvirt on **Windows** `please see the Windows
+support page <windows.html>`__.
+
+Support, requests or help for libvirt bindings are welcome on the
+`mailing list <https://www.redhat.com/mailman/listinfo/libvir-list/>`__,
+as usual try to provide enough background information and make sure you
+use recent version, see the `help page <bugs.html>`__.

docs/bugs.html.in

@@ -19,7 +19,7 @@
       <a href="securityprocess.html">security process</a> instead.
     </p>
 
-    <h2><a id="bugzilla">Bug Tracking</a></h2>
+    <h2><a id="bugtracking">Bug Tracking</a></h2>
 
     <p>
       If you are using libvirt binaries from a Linux distribution
@@ -30,22 +30,17 @@
     <h2><a id="general">General libvirt bug reports</a></h2>
 
     <p>
-      The <a href="http://bugzilla.redhat.com">Red Hat Bugzilla Server</a>
-      should be used to report bugs and request features in libvirt.
+      Bugs in upstream libvirt code should be reported as issues in the
+      appropriate <a href="https://gitlab.com/libvirt">project on GitLab.</a>
       Before submitting a ticket, check the existing tickets to see if
       the bug/feature is already tracked.
-
-      For general libvirt bug reports, from self-built releases, GIT snapshots
-      and any other non-distribution supported builds, enter tickets under
-      the <code>Virtualization Tools</code> product and the <code>libvirt</code>
-      component.
     </p>
     <p>
       It's always a good idea to file bug reports, as the process of
       filing the report always makes it easier to describe the
       problem, and the bug number provides a quick way of referring to
-      the problem.  However, not everybody in the community pays
-      attention to bugzilla, so after you file a bug, asking questions
+      the problem.  However, not everybody in the community pays frequent
+      attention to issues, so after you file a bug, asking questions
       and submitting patches on <a href="contact.html">the libvirt
       mailing lists</a> will increase your bug's visibility and
       encourage people to think about your problem.  Don't hesitate to
@@ -65,10 +60,16 @@
     </p>
 
     <ul>
-      <li><a href="http://bugzilla.redhat.com/buglist.cgi?component=libvirt&amp;product=Virtualization%20Tools">View libvirt tickets</a></li>
-      <li><a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi?product=Virtualization%20Tools&amp;component=libvirt">New libvirt ticket</a></li>
+      <li><a href="https://gitlab.com/libvirt/libvirt/-/issues">View libvirt.git tickets</a></li>
+      <li><a href="https://gitlab.com/libvirt/libvirt/-/issues/new">New libvirt.git ticket</a></li>
     </ul>
 
+    <p>
+      Note bugs in language bindings and other sub-projects should be
+      reported to their corresponding git repository rather than the
+      main libvirt.git linked above.
+    </p>
+
     <h2><a id="distribution">Linux Distribution specific bug reports</a></h2>
     <ul>
       <li>
@@ -76,8 +77,8 @@
         tickets against the <code>Fedora</code> product and
         the <code>libvirt</code> component.
         <ul>
-          <li><a href="http://bugzilla.redhat.com/buglist.cgi?component=libvirt&amp;product=Fedora">View Fedora libvirt tickets</a></li>
-          <li><a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi?product=Fedora&amp;component=libvirt">New Fedora libvirt ticket</a></li>
+          <li><a href="https://bugzilla.redhat.com/buglist.cgi?component=libvirt&amp;product=Fedora">View Fedora libvirt tickets</a></li>
+          <li><a href="https://bugzilla.redhat.com/bugzilla/enter_bug.cgi?product=Fedora&amp;component=libvirt">New Fedora libvirt ticket</a></li>
         </ul>
       </li>
       <li>
@@ -86,7 +87,7 @@
           Linux</strong>, enter tickets against the Red Hat Enterprise
           Linux product that you're using (e.g., Red Hat Enterprise
           Linux 6) and the <code>libvirt</code> component.  Red Hat
-          bugzilla has <a href="http://bugzilla.redhat.com">additional guidance</a> about getting support if
+          bugzilla has <a href="https://bugzilla.redhat.com">additional guidance</a> about getting support if
           you are a Red Hat customer.
         </p>
       </li>

docs/cgroups.html.in

@@ -117,21 +117,27 @@ $ROOT
       |
       +- machine-qemu\x2d1\x2dvm1.scope
       |   |
-      |   +- emulator
-      |   +- vcpu0
-      |   +- vcpu1
+      |   +- libvirt
+      |       |
+      |       +- emulator
+      |       +- vcpu0
+      |       +- vcpu1
       |
       +- machine-qemu\x2d2\x2dvm2.scope
       |   |
-      |   +- emulator
-      |   +- vcpu0
-      |   +- vcpu1
+      |   +- libvirt
+      |       |
+      |       +- emulator
+      |       +- vcpu0
+      |       +- vcpu1
       |
       +- machine-qemu\x2d3\x2dvm3.scope
       |   |
-      |   +- emulator
-      |   +- vcpu0
-      |   +- vcpu1
+      |   +- libvirt
+      |       |
+      |       +- emulator
+      |       +- vcpu0
+      |       +- vcpu1
       |
       +- machine-engineering.slice
       |   |
@@ -148,6 +154,11 @@ $ROOT
           +- machine-lxc\x2d33333\x2dcontainer3.scope
     </pre>
 
+    <p>
+      Prior libvirt 7.1.0 the topology doesn't have extra
+      <code>libvirt</code> directory.
+    </p>
+
     <h3><a id="currentLayoutGeneric">Non-systemd cgroups layout</a></h3>
 
     <p>

docs/ci.rst

@@ -0,0 +1,229 @@
+==============================
+Libvirt Continuous Integration
+==============================
+
+.. contents::
+
+The libvirt project uses GitLab CI for automated testing.
+
+Linux builds and cross-compiled Windows builds happen on GitLab CI's shared
+runners, while FreeBSD and macOS coverage is achieved by triggering `Cirrus CI
+<https://cirrus-ci.com/>`_ jobs behind the scenes.
+
+Most of the tooling used to build CI pipelines is maintained as part of the
+`libvirt-ci <https://gitlab.com/libvirt/libvirt-ci>`_ subproject.
+
+GitLab CI Dashboard
+===================
+
+The dashboard below shows the current status of the GitLab CI jobs for each
+repository:
+
+Core project
+------------
+
+.. list-table::
+   :widths: 80 20
+   :header-rows: 1
+
+   * - Project
+     - Pipeline
+
+   * - libvirt
+     - .. image:: https://gitlab.com/libvirt/libvirt/badges/master/pipeline.svg
+          :target: https://gitlab.com/libvirt/libvirt/pipelines
+          :alt: libvirt pipeline status
+
+
+Language bindings
+-----------------
+
+.. list-table::
+   :widths: 80 20
+   :header-rows: 1
+
+   * - Project
+     - Pipeline
+
+   * - libvirt-csharp
+     - .. image:: https://gitlab.com/libvirt/libvirt-csharp/badges/master/pipeline.svg
+          :target: https://gitlab.com/libvirt/libvirt-csharp/pipelines
+          :alt: libvirt-csharp pipeline status
+
+   * - libvirt-go-module
+     - .. image:: https://gitlab.com/libvirt/libvirt-go-module/badges/master/pipeline.svg
+          :target: https://gitlab.com/libvirt/libvirt-go-module/pipelines
+          :alt: libvirt-go-module pipeline status
+
+   * - libvirt-java
+     - .. image:: https://gitlab.com/libvirt/libvirt-java/badges/master/pipeline.svg
+          :target: https://gitlab.com/libvirt/libvirt-java/pipelines
+          :alt: libvirt-java pipeline status
+
+   * - libvirt-ocaml
+     - .. image:: https://gitlab.com/libvirt/libvirt-ocaml/badges/master/pipeline.svg
+          :target: https://gitlab.com/libvirt/libvirt-ocaml/pipelines
+          :alt: libvirt-ocaml pipeline status
+
+   * - libvirt-perl
+     - .. image:: https://gitlab.com/libvirt/libvirt-perl/badges/master/pipeline.svg
+          :target: https://gitlab.com/libvirt/libvirt-perl/pipelines
+          :alt: libvirt-perl pipeline status
+
+   * - libvirt-php
+     - .. image:: https://gitlab.com/libvirt/libvirt-php/badges/master/pipeline.svg
+          :target: https://gitlab.com/libvirt/libvirt-php/pipelines
+          :alt: libvirt-php pipeline status
+
+   * - libvirt-python
+     - .. image:: https://gitlab.com/libvirt/libvirt-python/badges/master/pipeline.svg
+          :target: https://gitlab.com/libvirt/libvirt-python/pipelines
+          :alt: libvirt-python pipeline status
+
+   * - libvirt-ruby
+     - .. image:: https://gitlab.com/libvirt/libvirt-ruby/badges/master/pipeline.svg
+          :target: https://gitlab.com/libvirt/libvirt-ruby/pipelines
+          :alt: libvirt-ruby pipeline status
+
+   * - libvirt-rust
+     - .. image:: https://gitlab.com/libvirt/libvirt-rust/badges/master/pipeline.svg
+          :target: https://gitlab.com/libvirt/libvirt-rust/pipelines
+          :alt: libvirt-rust pipeline status
+
+
+Object mappings
+---------------
+
+.. list-table::
+   :widths: 80 20
+   :header-rows: 1
+
+   * - Project
+     - Pipeline
+
+   * - libvirt-cim
+     - .. image:: https://gitlab.com/libvirt/libvirt-cim/badges/master/pipeline.svg
+          :target: https://gitlab.com/libvirt/libvirt-cim/pipelines
+          :alt: libvirt-cim pipeline status
+
+   * - libvirt-dbus
+     - .. image:: https://gitlab.com/libvirt/libvirt-dbus/badges/master/pipeline.svg
+          :target: https://gitlab.com/libvirt/libvirt-dbus/pipelines
+          :alt: libvirt-dbus pipeline status
+
+   * - libvirt-glib
+     - .. image:: https://gitlab.com/libvirt/libvirt-glib/badges/master/pipeline.svg
+          :target: https://gitlab.com/libvirt/libvirt-glib/pipelines
+          :alt: libvirt-glib pipeline status
+
+   * - libvirt-go-xml-module
+     - .. image:: https://gitlab.com/libvirt/libvirt-go-xml-module/badges/master/pipeline.svg
+          :target: https://gitlab.com/libvirt/libvirt-go-xml-module/pipelines
+          :alt: libvirt-go-xml-module pipeline status
+
+   * - libvirt-snmp
+     - .. image:: https://gitlab.com/libvirt/libvirt-snmp/badges/master/pipeline.svg
+          :target: https://gitlab.com/libvirt/libvirt-snmp/pipelines
+          :alt: libvirt-snmp pipeline status
+
+
+Testing
+-------
+
+.. list-table::
+   :widths: 80 20
+   :header-rows: 1
+
+   * - Project
+     - Pipeline
+
+   * - libvirt-ci
+     - .. image:: https://gitlab.com/libvirt/libvirt-ci/badges/master/pipeline.svg
+          :target: https://gitlab.com/libvirt/libvirt-ci/pipelines
+          :alt: libvirt-ci pipeline status
+
+   * - libvirt-test-API
+     - .. image:: https://gitlab.com/libvirt/libvirt-test-API/badges/master/pipeline.svg
+          :target: https://gitlab.com/libvirt/libvirt-test-API/pipelines
+          :alt: libvirt-test-API pipeline status
+
+   * - libvirt-tck
+     - .. image:: https://gitlab.com/libvirt/libvirt-tck/badges/master/pipeline.svg
+          :target: https://gitlab.com/libvirt/libvirt-tck/pipelines
+          :alt: libvirt-tck pipeline status
+
+
+Documentation / websites
+------------------------
+
+.. list-table::
+   :widths: 80 20
+   :header-rows: 1
+
+   * - Project
+     - Pipeline
+   * - libvirt-publican
+     - .. image:: https://gitlab.com/libvirt/libvirt-publican/badges/master/pipeline.svg
+          :target: https://gitlab.com/libvirt/libvirt-publican/pipelines
+          :alt: libvirt-publican pipeline status
+
+   * - libvirt-appdev-guide-python
+     - .. image:: https://gitlab.com/libvirt/libvirt-appdev-guide-python/badges/master/pipeline.svg
+          :target: https://gitlab.com/libvirt/libvirt-appdev-guide-python/pipelines
+          :alt: libvirt-appdev-guide-python pipeline status
+
+   * - libvirt-wiki
+     - .. image:: https://gitlab.com/libvirt/libvirt-wiki/badges/master/pipeline.svg
+          :target: https://gitlab.com/libvirt/libvirt-wiki/pipelines
+          :alt: libvirt-wiki pipeline status
+
+   * - virttools-planet
+     - .. image:: https://gitlab.com/libvirt/virttools-planet/badges/master/pipeline.svg
+          :target: https://gitlab.com/libvirt/virttools-planet/pipelines
+          :alt: virttools-planet pipeline status
+
+   * - virttools-web
+     - .. image:: https://gitlab.com/libvirt/virttools-web/badges/master/pipeline.svg
+          :target: https://gitlab.com/libvirt/virttools-web/pipelines
+          :alt: virttools-web pipeline status
+
+
+Miscellaneous
+-------------
+
+.. list-table::
+   :widths: 80 20
+   :header-rows: 1
+
+   * - Project
+     - Pipeline
+
+   * - libvirt-console-proxy
+     - .. image:: https://gitlab.com/libvirt/libvirt-console-proxy/badges/master/pipeline.svg
+          :target: https://gitlab.com/libvirt/libvirt-console-proxy/pipelines
+          :alt: libvirt-console-proxy pipeline status
+
+   * - libvirt-designer
+     - .. image:: https://gitlab.com/libvirt/libvirt-designer/badges/master/pipeline.svg
+          :target: https://gitlab.com/libvirt/libvirt-designer/pipelines
+          :alt: libvirt-designer pipeline status
+
+   * - libvirt-devaddr
+     - .. image:: https://gitlab.com/libvirt/libvirt-devaddr/badges/master/pipeline.svg
+          :target: https://gitlab.com/libvirt/libvirt-devaddr/pipelines
+          :alt: libvirt-devaddr pipeline status
+
+   * - libvirt-sandbox
+     - .. image:: https://gitlab.com/libvirt/libvirt-sandbox/badges/master/pipeline.svg
+          :target: https://gitlab.com/libvirt/libvirt-sandbox/pipelines
+          :alt: libvirt-sandbox pipeline status
+
+   * - libvirt-sandbox-image
+     - .. image:: https://gitlab.com/libvirt/libvirt-sandbox-image/badges/master/pipeline.svg
+          :target: https://gitlab.com/libvirt/libvirt-sandbox-image/pipelines
+          :alt: libvirt-sandbox-image pipeline status
+
+   * - libvirt-security-notice
+     - .. image:: https://gitlab.com/libvirt/libvirt-security-notice/badges/master/pipeline.svg
+          :target: https://gitlab.com/libvirt/libvirt-security-notice/pipelines
+          :alt: libvirt-security-notice pipeline status

docs/coding-style.rst

@@ -0,0 +1,964 @@
+============
+Coding style
+============
+
+.. contents::
+
+Naming conventions
+==================
+
+When reading libvirt code, a number of different naming
+conventions will be evident due to various changes in thinking
+over the course of the project's lifetime. The conventions
+documented below should be followed when creating any entirely new
+files in libvirt. When working on existing files, while it is
+desirable to apply these conventions, keeping a consistent style
+with existing code in that particular file is generally more
+important. The overall guiding principal is that every file, enum,
+struct, function, macro and typedef name must have a 'vir' or
+'VIR' prefix. All local scope variable names are exempt, and
+global variables are exempt, unless exported in a header file.
+
+File names
+   File naming varies depending on the subdirectory. The preferred
+   style is to have a 'vir' prefix, followed by a name which
+   matches the name of the functions / objects inside the file.
+   For example, a file containing an object 'virHashtable' is
+   stored in files 'virhashtable.c' and 'virhashtable.h'.
+   Sometimes, methods which would otherwise be declared 'static'
+   need to be exported for use by a test suite. For this purpose a
+   second header file should be added with a suffix of 'priv',
+   e.g. 'virhashtablepriv.h'. Use of underscores in file names is
+   discouraged when using the 'vir' prefix style. The 'vir' prefix
+   naming applies to src/util, src/rpc and tests/ directories.
+   Most other directories do not follow this convention.
+
+Enum type & field names
+   All enums should have a 'vir' prefix in their typedef name, and
+   each following word should have its first letter in uppercase.
+   The enum name should match the typedef name with a leading
+   underscore. The enum member names should be in all uppercase,
+   and use an underscore to separate each word. The enum member
+   name prefix should match the enum typedef name.
+
+   ::
+
+     typedef enum _virSocketType virSocketType;
+     enum _virSocketType {
+         VIR_SOCKET_TYPE_IPV4,
+         VIR_SOCKET_TYPE_IPV6,
+     };
+
+Struct type names
+   All structs should have a 'vir' prefix in their typedef name,
+   and each following word should have its first letter in
+   uppercase. The struct name should be the same as the typedef
+   name with a leading underscore.
+   ::
+
+     typedef struct _virHashTable virHashTable;
+     struct _virHashTable {
+         ...
+     };
+
+Function names
+   All functions should have a 'vir' prefix in their name,
+   followed by one or more words with first letter of each word
+   capitalized. Underscores should not be used in function names.
+   If the function is operating on an object, then the function
+   name prefix should match the object typedef name, otherwise it
+   should match the filename. Following this comes the verb /
+   action name, and finally an optional subject name. For example,
+   given an object 'virHashTable', all functions should have a
+   name 'virHashTable$VERB' or 'virHashTable$VERB$SUBJECT", e.g.
+   'virHashTableLookup' or 'virHashTableGetValue'.
+
+Macro names
+   All macros should have a "VIR" prefix in their name, followed
+   by one or more uppercase words separated by underscores. The
+   macro argument names should be in lowercase. Aside from having
+   a "VIR" prefix there are no common practices for the rest of
+   the macro name.
+
+Code indentation
+================
+
+Libvirt's C source code generally adheres to some basic
+code-formatting conventions. The existing code base is not totally
+consistent on this front, but we do prefer that contributed code
+be formatted similarly. In short, use spaces-not-TABs for
+indentation, use 4 spaces for each indentation level, and other
+than that, follow the K&R style.
+
+If you use Emacs, the project includes a file .dir-locals.el that
+sets up the preferred indentation. If you use vim, append the
+following to your ~/.vimrc file:
+
+::
+
+  set nocompatible
+  filetype on
+  set autoindent
+  set smartindent
+  set cindent
+  set tabstop=8
+  set shiftwidth=4
+  set expandtab
+  set cinoptions=(0,:0,l1,t0,L3
+  filetype plugin indent on
+  au FileType make setlocal noexpandtab
+  au BufRead,BufNewFile *.am setlocal noexpandtab
+  match ErrorMsg /\s\+$\| \+\ze\t/
+
+Or if you don't want to mess your ~/.vimrc up, you can save the
+above into a file called .lvimrc (not .vimrc) located at the root
+of libvirt source, then install a vim script from
+https://www.vim.org/scripts/script.php?script_id=1408, which will
+load the .lvimrc only when you edit libvirt code.
+
+Code formatting (especially for new code)
+=========================================
+
+With new code, we can be even more strict. Please apply the
+following function (using GNU indent) to any new code. Note that
+this also gives you an idea of the type of spacing we prefer
+around operators and keywords:
+
+::
+
+  indent-libvirt()
+  {
+    indent -bad -bap -bbb -bli4 -br -ce -brs -cs -i4 -l100 -lc100 \
+           -sbi4 -psl -saf -sai -saw -sbi4 -ss -sc -cdw -cli4 -npcs -nbc \
+           --no-tabs "$@"
+  }
+
+Note that sometimes you'll have to post-process that output
+further, by piping it through ``expand -i``, since some leading
+TABs can get through. Usually they're in macro definitions or
+strings, and should be converted anyhow.
+
+The maximum permitted line length is 100 characters, but lines
+should aim to be approximately 80 characters.
+
+Libvirt requires a C99 compiler for various reasons. However, most
+of the code base prefers to stick to C89 syntax unless there is a
+compelling reason otherwise. For example, it is preferable to use
+``/* */`` comments rather than ``//``. Also, when declaring local
+variables, the prevailing style has been to declare them at the
+beginning of a scope, rather than immediately before use.
+
+Bracket spacing
+---------------
+
+The keywords ``if``, ``for``, ``while``, and ``switch`` must have
+a single space following them before the opening bracket. E.g.
+
+::
+
+  if(foo)   // Bad
+  if (foo)  // Good
+
+Function implementations must **not** have any whitespace between
+the function name and the opening bracket. E.g.
+
+::
+
+  int foo (int wizz)  // Bad
+  int foo(int wizz)   // Good
+
+Function calls must **not** have any whitespace between the
+function name and the opening bracket. E.g.
+
+::
+
+  bar = foo (wizz);  // Bad
+  bar = foo(wizz);   // Good
+
+Function typedefs must **not** have any whitespace between the
+closing bracket of the function name and opening bracket of the
+arg list. E.g.
+
+::
+
+  typedef int (*foo) (int wizz);  // Bad
+  typedef int (*foo)(int wizz);   // Good
+
+There must not be any whitespace immediately following any opening
+bracket, or immediately prior to any closing bracket. E.g.
+
+::
+
+  int foo( int wizz );  // Bad
+  int foo(int wizz);    // Good
+
+Commas
+------
+
+Commas should always be followed by a space or end of line, and
+never have leading space; this is enforced during 'make
+syntax-check'.
+
+::
+
+  call(a,b ,c);// Bad
+  call(a, b, c); // Good
+
+When declaring an enum or using a struct initializer that occupies
+more than one line, use a trailing comma. That way, future edits
+to extend the list only have to add a line, rather than modify an
+existing line to add the intermediate comma. Any sentinel
+enumerator value with a name ending in \_LAST is exempt, since you
+would extend such an enum before the \_LAST element. Another
+reason to favor trailing commas is that it requires less effort to
+produce via code generators. Note that the syntax checker is
+unable to enforce a style of trailing commas, so there are
+counterexamples in existing code which do not use it; also, while
+C99 allows trailing commas, remember that JSON and XDR do not.
+
+::
+
+  enum {
+      VALUE_ONE,
+      VALUE_TWO // Bad
+  };
+  enum {
+      VALUE_THREE,
+      VALUE_FOUR, // Good
+  };
+
+Semicolons
+----------
+
+Semicolons should never have a space beforehand. Inside the
+condition of a ``for`` loop, there should always be a space or
+line break after each semicolon, except for the special case of an
+infinite loop (although more infinite loops use ``while``). While
+not enforced, loop counters generally use post-increment.
+
+::
+
+  for (i = 0 ;i < limit ; ++i) { // Bad
+  for (i = 0; i < limit; i++) { // Good
+  for (;;) { // ok
+  while (1) { // Better
+
+Empty loop bodies are better represented with curly braces and a
+comment, although use of a semicolon is not currently rejected.
+
+::
+
+  while ((rc = waitpid(pid, &st, 0) == -1) &&
+         errno == EINTR); // ok
+  while ((rc = waitpid(pid, &st, 0) == -1) &&
+         errno == EINTR) { // Better
+      /* nothing */
+  }
+
+Curly braces
+------------
+
+Curly braces around an ``if``, ``while``, ``for`` etc. can be omitted if the
+body and the condition itself occupy only a single line.
+In every other case we require the braces. This
+ensures that it is trivially easy to identify a
+single-\ *statement* loop: each has only one *line* in its body.
+
+::
+
+  while (expr)             // single line body; {} is optional
+      single_line_stmt();
+
+::
+
+  while (expr(arg1,
+              arg2))      // indentation makes it obvious it is single line,
+      single_line_stmt(); // {} is optional (not enforced either way)
+
+::
+
+  while (expr1 &&
+         expr2) {         // multi-line, at same indentation, {} required
+      single_line_stmt();
+  }
+
+However, the moment your loop/if/else body extends on to a second
+line, for whatever reason (even if it's just an added comment),
+then you should add braces. Otherwise, it would be too easy to
+insert a statement just before that comment (without adding
+braces), thinking it is already a multi-statement loop:
+
+::
+
+  while (true) // BAD! multi-line body with no braces
+      /* comment... */
+      single_line_stmt();
+
+Do this instead:
+
+::
+
+  while (true) { // Always put braces around a multi-line body.
+      /* comment... */
+      single_line_stmt();
+  }
+
+There is one exception: when the second body line is not at the
+same indentation level as the first body line:
+
+::
+
+  if (expr)
+      die("a diagnostic that would make this line"
+          " extend past the 80-column limit"));
+
+It is safe to omit the braces in the code above, since the
+further-indented second body line makes it obvious that this is
+still a single-statement body.
+
+To reiterate, don't do this:
+
+::
+
+  if (expr)            // BAD: no braces around...
+      while (expr_2) { // ... a multi-line body
+          ...
+      }
+
+Do this, instead:
+
+::
+
+  if (expr) {
+      while (expr_2) {
+          ...
+      }
+  }
+
+However, there is one exception in the other direction, when even
+a one-line block should have braces. That occurs when that
+one-line, brace-less block is an ``if`` or ``else`` block, and the
+counterpart block **does** use braces. In that case, put braces
+around both blocks. Also, if the ``else`` block is much shorter
+than the ``if`` block, consider negating the ``if``-condition and
+swapping the bodies, putting the short block first and making the
+longer, multi-line block be the ``else`` block.
+
+::
+
+  if (expr) {
+      ...
+      ...
+  }
+  else
+      x = y;    // BAD: braceless "else" with braced "then",
+                // and short block last
+
+  if (expr)
+      x = y;    // BAD: braceless "if" with braced "else"
+  else {
+      ...
+      ...
+  }
+
+Keeping braces consistent and putting the short block first is
+preferred, especially when the multi-line body is more than a few
+lines long, because it is easier to read and grasp the semantics
+of an if-then-else block when the simpler block occurs first,
+rather than after the more involved block:
+
+::
+
+  if (!expr) {
+    x = y; // putting the smaller block first is more readable
+  } else {
+      ...
+      ...
+  }
+
+But if negating a complex condition is too ugly, then at least add
+braces:
+
+::
+
+  if (complex expr not worth negating) {
+      ...
+      ...
+  } else {
+      x = y;
+  }
+
+Use hanging braces for compound statements: the opening brace of a
+compound statement should be on the same line as the condition
+being tested. Only top-level function bodies, nested scopes, and
+compound structure declarations should ever have { on a line by
+itself.
+
+::
+
+  void
+  foo(int a, int b)
+  {                          // correct - function body
+      int 2d[][] = {
+        {                    // correct - complex initialization
+          1, 2,
+        },
+      };
+      if (a)
+      {                      // BAD: compound brace on its own line
+          do_stuff();
+      }
+      {                      // correct - nested scope
+          int tmp;
+          if (a < b) {       // correct - hanging brace
+              tmp = b;
+              b = a;
+              a = tmp;
+          }
+      }
+  }
+
+Conditional expressions
+-----------------------
+
+For readability reasons new code should avoid shortening
+comparisons to 0 for numeric types. Boolean and pointer
+comparisons may be shortened. All long forms are okay:
+
+::
+
+  virFoo *foos = NULL;
+  size nfoos = 0;
+  bool hasFoos = false;
+
+  GOOD:
+    if (!foos)
+    if (!hasFoos)
+    if (nfoos == 0)
+    if (foos == NULL)
+    if (hasFoos == true)
+
+  BAD:
+    if (!nfoos)
+    if (nfoos)
+
+New code should avoid the ternary operator as much as possible.
+Specifically it must never span more than one line or nest:
+
+::
+
+  BAD:
+    char *foo = baz ?
+                virDoSomethingReallyComplex(driver, vm, something, baz->foo) :
+                NULL;
+
+    char *foo = bar ? bar->baz ? bar->baz->foo : "nobaz" : "nobar";
+
+Preprocessor
+------------
+
+Macros defined with an ALL_CAPS name should generally be assumed
+to be unsafe with regards to arguments with side-effects (that is,
+MAX(a++, b--) might increment a or decrement b too many or too few
+times). Exceptions to this rule are explicitly documented for
+macros in viralloc.h and virstring.h.
+
+For variadic macros, stick with C99 syntax:
+
+::
+
+  #define vshPrint(_ctl, ...) fprintf(stdout, __VA_ARGS__)
+
+Use parenthesis when checking if a macro is defined, and use
+indentation to track nesting:
+
+::
+
+  #if defined(WITH_POSIX_FALLOCATE) && !defined(WITH_FALLOCATE)
+  # define fallocate(a, ignored, b, c) posix_fallocate(a, b, c)
+  #endif
+
+C types
+-------
+
+Use the right type.
+
+Scalars
+~~~~~~~
+
+-  If you're using ``int`` or ``long``, odds are good that there's
+   a better type.
+-  If a variable is counting something, be sure to declare it with
+   an unsigned type.
+-  If it's memory-size-related, use ``size_t`` (use ``ssize_t``
+   only if required).
+-  If it's file-size related, use uintmax_t, or maybe ``off_t``.
+-  If it's file-offset related (i.e., signed), use ``off_t``.
+-  If it's just counting small numbers use ``unsigned int``; (on
+   all but oddball embedded systems, you can assume that that type
+   is at least four bytes wide).
+-  If a variable has boolean semantics, give it the ``bool`` type
+   and use the corresponding ``true`` and ``false`` macros.
+-  In the unusual event that you require a specific width, use a
+   standard type like ``int32_t``, ``uint32_t``, ``uint64_t``,
+   etc.
+-  While using ``bool`` is good for readability, it comes with
+   minor caveats:
+
+   -  Don't use ``bool`` in places where the type size must be
+      constant across all systems, like public interfaces and
+      on-the-wire protocols. Note that it would be possible
+      (albeit wasteful) to use ``bool`` in libvirt's logical wire
+      protocol, since XDR maps that to its lower-level ``bool_t``
+      type, which **is** fixed-size.
+   -  Don't compare a bool variable against the literal, ``true``,
+      since a value with a logical non-false value need not be
+      ``1``. I.e., don't write ``if (seen == true) ...``. Rather,
+      write ``if (seen)...``.
+
+Of course, take all of the above with a grain of salt. If you're
+about to use some system interface that requires a type like
+``size_t``, ``pid_t`` or ``off_t``, use matching types for any
+corresponding variables.
+
+Also, if you try to use e.g., ``unsigned int`` as a type, and that
+conflicts with the signedness of a related variable, sometimes
+it's best just to use the **wrong** type, if *pulling the thread*
+and fixing all related variables would be too invasive.
+
+Finally, while using descriptive types is important, be careful
+not to go overboard. If whatever you're doing causes warnings, or
+requires casts, then reconsider or ask for help.
+
+Pointers
+~~~~~~~~
+
+Ensure that all of your pointers are *const-correct*. Unless a
+pointer is used to modify the pointed-to storage, give it the
+``const`` attribute. That way, the reader knows up-front that this
+is a read-only pointer. Perhaps more importantly, if we're
+diligent about this, when you see a non-const pointer, you're
+guaranteed that it is used to modify the storage it points to, or
+it is aliased to another pointer that is.
+
+Defining Local Variables
+------------------------
+
+Always define local variables at the top of the block in which they
+are used (before any pure code). Although modern C compilers allow
+defining a local variable in the middle of a block of code, this
+practice can lead to bugs, and must be avoided in all libvirt
+code. As indicated in these examples, it is okay to initialize
+variables where they are defined, even if the initialization involves
+calling another function.
+
+::
+
+  GOOD:
+    int
+    bob(char *loblaw)
+    {
+        int x;
+        int y = lawBlog();
+        char *z = NULL;
+
+        x = y + 20;
+        ...
+    }
+
+  BAD:
+    int
+    bob(char *loblaw)
+    {
+        int x;
+        int y = lawBlog();
+
+        x = y + 20;
+
+        char *z = NULL; // <===
+        ...
+    }
+
+Attribute annotations
+---------------------
+
+Use the following annotations to help the compiler and/or static
+analysis tools understand the code better:
+
+``ATTRIBUTE_NONNULL``
+   passing NULL for this parameter is not allowed
+
+``ATTRIBUTE_PACKED``
+   force a structure to be packed
+
+``G_GNUC_FALLTHROUGH``
+   allow code reuse by multiple switch cases
+
+``G_GNUC_NO_INLINE``
+   the function is mocked in the test suite
+
+``G_GNUC_NORETURN``
+   the function never returns
+
+``G_GNUC_NULL_TERMINATED``
+   last parameter must be NULL
+
+``G_GNUC_PRINTF``
+   validate that the formatting string matches parameters
+
+``G_GNUC_UNUSED``
+   parameter is unused in this implementation of the function
+
+``G_GNUC_WARN_UNUSED_RESULT``
+   the return value must be checked
+
+File handling
+-------------
+
+Usage of the ``fdopen()``, ``close()``, ``fclose()`` APIs is
+deprecated in libvirt code base to help avoiding double-closing of
+files or file descriptors, which is particularly dangerous in a
+multi-threaded application. Instead of these APIs, use the macros
+from virfile.h
+
+-  Open a file from a file descriptor:
+
+   ::
+
+     if ((file = VIR_FDOPEN(fd, "r")) == NULL) {
+         virReportSystemError(errno, "%s",
+                              _("failed to open file from file descriptor"));
+         return -1;
+     }
+     /* fd is now invalid; only access the file using file variable */
+
+-  Close a file descriptor:
+
+   ::
+
+     if (VIR_CLOSE(fd) < 0) {
+         virReportSystemError(errno, "%s", _("failed to close file"));
+     }
+
+-  Close a file:
+
+   ::
+
+     if (VIR_FCLOSE(file) < 0) {
+         virReportSystemError(errno, "%s", _("failed to close file"));
+     }
+
+-  Close a file or file descriptor in an error path, without
+   losing the previous ``errno`` value:
+
+   ::
+
+     VIR_FORCE_CLOSE(fd);
+     VIR_FORCE_FCLOSE(file);
+
+String comparisons
+------------------
+
+Do not use the strcmp, strncmp, etc functions directly. Instead
+use one of the following semantically named macros
+
+-  For strict equality:
+
+   ::
+
+     STREQ(a,b)
+     STRNEQ(a,b)
+
+-  For case insensitive equality:
+
+   ::
+
+     STRCASEEQ(a,b)
+     STRCASENEQ(a,b)
+
+-  For strict equality of a substring:
+
+   ::
+
+     STREQLEN(a,b,n)
+     STRNEQLEN(a,b,n)
+
+-  For case insensitive equality of a substring:
+
+   ::
+
+     STRCASEEQLEN(a,b,n)
+     STRCASENEQLEN(a,b,n)
+
+-  For strict equality of a prefix:
+
+   ::
+
+     STRPREFIX(a,b)
+
+-  To avoid having to check if a or b are NULL:
+
+   ::
+
+     STREQ_NULLABLE(a, b)
+     STRNEQ_NULLABLE(a, b)
+
+String copying
+--------------
+
+Do not use the strncpy function. According to the man page, it
+does **not** guarantee a NULL-terminated buffer, which makes it
+extremely dangerous to use. Instead, use one of the replacement
+functions provided by libvirt:
+
+::
+
+  virStrcpy(char *dest, const char *src, size_t destbytes)
+
+Use this variant if you know you want to copy the entire src
+string into dest.
+
+::
+
+  virStrcpyStatic(char *dest, const char *src)
+
+Use this variant if you know you want to copy the entire src
+string into dest **and** you know that your destination string is
+a static string (i.e. that sizeof(dest) returns something
+meaningful). Note that this is a macro, so arguments could be
+evaluated more than once.
+
+::
+
+  dst = g_strdup(src);
+  dst = g_strndup(src, n);
+
+You should avoid using strdup or strndup directly as they do not
+handle out-of-memory errors, and do not allow a NULL source. Use
+``g_strdup`` and ``g_strndup`` from GLib which abort on OOM and
+handle NULL source by returning NULL.
+
+Variable length string buffer
+-----------------------------
+
+If there is a need for complex string concatenations, avoid using
+the usual sequence of malloc/strcpy/strcat/snprintf functions and
+make use of either the
+`GString <https://developer.gnome.org/glib/stable/glib-Strings.html>`__
+type from GLib or the virBuffer API. If formatting XML or QEMU
+command line is needed, use the virBuffer API described in
+virbuffer.h, since it has helper functions for those.
+
+Typical usage is as follows:
+
+::
+
+  char *
+  somefunction(...)
+  {
+     g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
+
+     ...
+
+     virBufferAddLit(&buf, "<domain>\n");
+
+     ...
+
+     if (some_error)
+         return NULL; /* g_auto will free the memory used so far */
+
+     ...
+
+     virBufferAddLit(&buf, "</domain>\n");
+
+     ...
+
+     if (virBufferCheckError(&buf) < 0)
+         return NULL;
+
+     return virBufferContentAndReset(&buf);
+  }
+
+Include files
+-------------
+
+There are now quite a large number of include files, both libvirt
+internal and external, and system includes. To manage all this
+complexity it's best to stick to the following general plan for
+all \*.c source files:
+
+::
+
+  /*
+   * Copyright notice
+   * ....
+   * ....
+   * ....
+   *
+   */
+
+  #include <config.h>             Must come first in every file.
+
+  #include <stdio.h>              Any system includes you need.
+  #include <string.h>
+  #include <limits.h>
+
+  #if WITH_NUMACTL                Some system includes aren't supported
+  # include <numa.h>              everywhere so need these #if guards.
+  #endif
+
+  #include "internal.h"           Include this first, after system includes.
+
+  #include "util.h"               Any libvirt internal header files.
+  #include "buf.h"
+
+  static int
+  myInternalFunc()                The actual code.
+  {
+      ...
+
+Of particular note: **Do not** include libvirt/libvirt.h,
+libvirt/virterror.h, libvirt/libvirt-qemu.h, or
+libvirt/libvirt-lxc.h. They are included by "internal.h" already
+and there are some special reasons why you cannot include these
+files explicitly. One of the special cases, "libvirt/libvirt.h" is
+included prior to "internal.h" in "remote_protocol.x", to avoid
+exposing \*_LAST enum elements.
+
+Printf-style functions
+----------------------
+
+Whenever you add a new printf-style function, i.e., one with a
+format string argument and following "..." in its prototype, be
+sure to use gcc's printf attribute directive in the prototype. For
+example, here's the one for virCommandAddEnvFormat in
+vircommand.h:
+
+::
+
+  void virCommandAddEnvFormat(virCommand *cmd, const char *format, ...)
+      G_GNUC_PRINTF(2, 3);
+
+This makes it so gcc's -Wformat and -Wformat-security options can
+do their jobs and cross-check format strings with the number and
+types of arguments.
+
+When printing to a string, consider using GString or virBuffer for
+incremental allocations, g_strdup_printf for a one-shot
+allocation, and g_snprintf for fixed-width buffers. Only use
+g_sprintf, if you can prove the buffer won't overflow.
+
+Error message format
+--------------------
+
+Error messages visible to the user should be short and
+descriptive. All error messages are translated using gettext and
+thus must be wrapped in ``_()`` macro. To simplify the translation
+work, the error message must not be concatenated from various
+parts. To simplify searching for the error message in the code the
+strings should not be broken even if they result into a line
+longer than 80 columns and any formatting modifier should be
+enclosed by quotes or other obvious separator. If a string used
+with ``%s`` can be NULL the NULLSTR macro must be used.
+
+::
+
+  GOOD: virReportError(VIR_ERR_INTERNAL_ERROR,
+                       _("Failed to connect to remote host '%s'"), hostname)
+
+  BAD: virReportError(VIR_ERR_INTERNAL_ERROR,
+                      _("Failed to %s to remote host '%s'"),
+                      "connect", hostname);
+
+  BAD: virReportError(VIR_ERR_INTERNAL_ERROR,
+                      _("Failed to connect "
+                      "to remote host '%s'),
+                      hostname);
+
+Use of goto
+-----------
+
+The use of goto is not forbidden, and goto is widely used
+throughout libvirt. While the uncontrolled use of goto will
+quickly lead to unmaintainable code, there is a place for it in
+well structured code where its use increases readability and
+maintainability. In general, if goto is used for error recovery,
+it's likely to be ok, otherwise, be cautious or avoid it all
+together.
+
+The typical use of goto is to jump to cleanup code in the case of
+a long list of actions, any of which may fail and cause the entire
+operation to fail. In this case, a function will have a single
+label at the end of the function. It's almost always ok to use
+this style. In particular, if the cleanup code only involves
+free'ing memory, then having multiple labels is overkill. g_free()
+and most of the functions named XXXFree() in libvirt is required
+to handle NULL as its arg. This does not apply to libvirt's public
+APIs. Thus you can safely call free on all the variables even if
+they were not yet allocated (yes they have to have been
+initialized to NULL). This is much simpler and clearer than having
+multiple labels. Note that most of libvirt's type declarations can
+be marked with either ``g_autofree`` or ``g_autoptr`` which uses
+the compiler's ``__attribute__((cleanup))`` that calls the
+appropriate free function when the variable goes out of scope.
+
+There are a couple of signs that a particular use of goto is not
+ok:
+
+-  You're using multiple labels. If you find yourself using
+   multiple labels, you're strongly encouraged to rework your code
+   to eliminate all but one of them.
+-  The goto jumps back up to a point above the current line of
+   code being executed. Please use some combination of looping
+   constructs to re-execute code instead; it's almost certainly
+   going to be more understandable by others. One well-known
+   exception to this rule is restarting an i/o operation following
+   EINTR.
+-  The goto jumps down to an arbitrary place in the middle of a
+   function followed by further potentially failing calls. You
+   should almost certainly be using a conditional and a block
+   instead of a goto. Perhaps some of your function's logic would
+   be better pulled out into a helper function.
+
+Although libvirt does not encourage the Linux kernel wind/unwind
+style of multiple labels, there's a good general discussion of the
+issue archived at
+`KernelTrap <https://web.archive.org/web/20130521051957/http://kerneltrap.org/node/553/2131>`__
+
+When using goto, please use one of these standard labels if it
+makes sense:
+
+::
+
+  error:     A path only taken upon return with an error code
+  cleanup:   A path taken upon return with success code + optional error
+  no_memory: A path only taken upon return with an OOM error code
+  retry:     If needing to jump upwards (e.g., retry on EINTR)
+
+Top-level labels should be indented by one space (putting them on
+the beginning of the line confuses function context detection in
+git):
+
+::
+
+  int foo()
+  {
+      /* ... do stuff ... */
+   cleanup:
+      /* ... do other stuff ... */
+  }
+
+
+XML element and attribute naming
+--------------------------------
+
+New elements and/or attributes should be short and descriptive.
+In general, they should reflect what the feature does instead of
+how exactly it is named in given hypervisor because this creates
+an abstraction that other drivers can benefit from (for instance
+if the same feature is named differently in two hypervisors).
+That is not to say an element or attribute can't have the same
+name as in a hypervisor, but proceed with caution.
+
+Single worded names are preferred, but if more words must be
+used then they shall be joined in camelCase style.